Commit Graph

50 Commits

Author SHA1 Message Date
Antoine Pitrou eee91cda80 Issue #8222: Enable the SSL_MODE_AUTO_RETRY flag on SSL sockets, so that blocking
reads and writes are always retried by OpenSSL itself.

(this is a followup to issue #3890)
2010-03-26 19:27:16 +00:00
Victor Stinner 3f75cc5cb5 Issue #2973: Fix gcc warning on the 2nd argument of ASN1_item_d2i() and
method->d2i(): OpenSSL API changed in OpenSSL 0.9.6m. Patch written by Daniel
Black.
2010-03-02 22:44:42 +00:00
Antoine Pitrou 5ba84910ae Issue #7133: SSL objects now support the new buffer API.
This fixes the test_ssl failure.
2009-10-19 17:59:07 +00:00
Jeffrey Yasskin 7937d939b1 Fix nearly all compilation warnings under Apple gcc-4.0. Tested with OPT="-g
-Wall -Wstrict-prototypes -Werror" in both --with-pydebug mode and --without.
There's still a batch of non-prototype warnings in Xlib.h that I don't know how
to fix.
2009-05-29 03:44:31 +00:00
Raymond Hettinger 354cfc1330 Fix signed/unsigned mismatch. 2009-01-26 16:52:22 +00:00
Bill Janssen 934b16d0c2 various SSL fixes; issues 1251, 3162, 3212 2008-06-28 22:19:33 +00:00
Gregory P. Smith dd96db63f6 This reverts r63675 based on the discussion in this thread:
http://mail.python.org/pipermail/python-dev/2008-June/079988.html

Python 2.6 should stick with PyString_* in its codebase.  The PyBytes_* names
in the spirit of 3.0 are available via a #define only.  See the email thread.
2008-06-09 04:58:54 +00:00
Christian Heimes 593daf545b Renamed PyString to PyBytes 2008-05-26 12:51:38 +00:00
Neal Norwitz 5802bb2319 Fix compiler warnings 2008-03-27 05:03:11 +00:00
Neal Norwitz e9057ff1a9 Initialize variable to prevent warning on some platform/config. 2008-01-27 17:10:35 +00:00
Christian Heimes e93237dfcc #1629: Renamed Py_Size, Py_Type and Py_Refcnt to Py_SIZE, Py_TYPE and Py_REFCNT. Macros for b/w compatibility are available. 2007-12-19 02:37:44 +00:00
Christian Heimes a63f268351 Fixed warning in ssl module 2007-12-14 04:38:13 +00:00
Bill Janssen 296a59d3be Add support for asyncore server-side SSL support. This requires
adding the 'makefile' method to ssl.SSLSocket, and importing the
requisite fakefile class from socket.py, and making the appropriate
changes to it to make it use the SSL connection.

Added sample HTTPS server to test_ssl.py, and test that uses it.

Change SSL tests to use https://svn.python.org/, instead of
www.sf.net and pop.gmail.com.

Added utility function to ssl module, get_server_certificate,
to wrap up the several things to be done to pull a certificate
from a remote server.
2007-09-16 22:06:00 +00:00
Bill Janssen 98d19dafd9 More work on SSL support.
* Much expanded test suite:

  All protocols tested against all other protocols.
  All protocols tested with all certificate options.
  Tests for bad key and bad cert.
  Test of STARTTLS functionality.
  Test of RAND_* functions.

* Fixes for threading/malloc bug.

* Issue 1065 fixed:

  sslsocket class renamed to SSLSocket.
  sslerror class renamed to SSLError.
  Function "wrap_socket" now used to wrap an existing socket.

* Issue 1583946 finally fixed:

  Support for subjectAltName added.
  Subject name now returned as proper DN list of RDNs.

* SSLError exported from socket as "sslerror".

* RAND_* functions properly exported from ssl.py.

* Documentation improved:

  Example of how to create a self-signed certificate.
  Better indexing.
2007-09-10 21:51:02 +00:00
Bill Janssen ffe576dc78 SSL certificate distinguished names should be represented by tuples 2007-09-05 00:46:27 +00:00
Guido van Rossum 780b80dc08 > Some of the code sets the error string in this directly before
> returning NULL, and other pieces of the code call PySSL_SetError,
> which creates the error string.  I think some of the places which set
> the string directly probably shouldn't; instead, they should call
> PySSL_SetError to cons up the error name directly from the err code.
> However, PySSL_SetError only works after the construction of an ssl
> object, which means it can't be used there...  I'll take a longer look
> at it and see if there's a reasonable fix.

Here's a patch which addresses this.  It also fixes the indentation in
PySSL_SetError, bringing it into line with PEP 7, fixes a compile warning
about one of the OpenSSL macros, and makes the namespace a bit more
consistent.  I've tested it on FC 7 and OS X 10.4.

% ./python ./Lib/test/regrtest.py -R :1: -u all test_ssl
test_ssl
beginning 6 repetitions
123456
......
1 test OK.
[29244 refs]
%

[GvR: slightly edited to enforce 79-char line length, even if it required
 violating the style guide.]
2007-08-27 18:42:23 +00:00
Neal Norwitz dc988119b5 Fix a few more variables to try to get this to compile with Visual Studio. 2007-08-25 16:58:09 +00:00
Neal Norwitz 049da9e1cf Try to get this to build with Visual Studio by moving all the variable
declarations to the beginning of a scope.
2007-08-25 16:41:36 +00:00
Guido van Rossum 4f2c3ddca4 Server-side SSL and certificate validation, by Bill Janssen.
While cleaning up Bill's C style, I may have cleaned up some code
he didn't touch as well (in _ssl.c).
2007-08-25 15:08:43 +00:00
Martin v. Löwis 6819210b9e PEP 3123: Provide forward compatibility with Python 3.0, while keeping
backwards compatibility. Add Py_Refcnt, Py_Type, Py_Size, and
PyVarObject_HEAD_INIT.
2007-07-21 06:55:02 +00:00
Martin v. Löwis a811c38d8e Fix various minor errors in passing arguments to
PyArg_ParseTuple.
2006-10-19 11:00:37 +00:00
Anthony Baxter 93ab5fa191 #1494314: Fix a regression with high-numbered sockets in 2.4.3. This
means that select() on sockets > FD_SETSIZE (typically 1024) work again.
The patch makes sockets use poll() internally where available.
2006-07-11 02:04:09 +00:00
Neal Norwitz 38e3b7d2d3 Don't mask a no memory error with a less meaningful one as discussed on python-checkins 2006-05-11 07:51:59 +00:00
Neal Norwitz c6a989ac3a Fix problems found by Coverity.
longobject.c: also fix an ssize_t problem
  <a> could have been NULL, so hoist the size calc to not use <a>.

_ssl.c: under fail: self is DECREF'd, but it would have been NULL.

_elementtree.c: delete self if there was an error.

_csv.c: I'm not sure if lineterminator could have been anything other than
a string.  However, other string method calls are checked, so check this
one too.
2006-05-10 06:57:58 +00:00
Neal Norwitz c859b5c04e Remove unused field 2006-04-17 01:49:28 +00:00
Georg Brandl 43f08a85e4 Patch #1380952: fix SSL objects timing out on consecutive read()s 2006-03-31 18:01:16 +00:00
Neal Norwitz 389cea8efc Try to improve name based on discussion on python-checkins with Jim Jewett 2006-02-13 00:35:21 +00:00
Martin v. Löwis f84d1b9375 Introduce Py_SOCKET_FD_CAN_BE_GE_FD_SETSIZE.
Proposed by Tim Peters.
2006-02-11 09:27:05 +00:00
Neal Norwitz 082b2df33f Bug #876637, prevent stack corruption when socket descriptor
is larger than FD_SETSIZE.

This can only be acheived with ulimit -n SOME_NUMBER_BIGGER_THAN_FD_SETSIZE
which is typically only available to root.  Since this wouldn't normally
be run in a test (ie, run as root), it doesn't seem too worthwhile to
add a normal test.  The bug report has one version of a test.  I've
written another.  Not sure what the best thing to do is.

Do the check before calling internal_select() because we can't set
an error in between Py_BEGIN_ALLOW_THREADS and Py_END_ALLOW_THREADS.
This seemed the clearest solution, ie handle before calling internal_select()
rather than inside.  Plus there is at least one place outside
of internal_select() that needed to be handled.

Will backport.
2006-02-07 07:04:46 +00:00
Neal Norwitz 19cbcad20e Fix indentation (whitespace only). 2006-02-07 06:59:20 +00:00
Neal Norwitz 1ac754fa10 Check return result from Py_InitModule*(). This API can fail.
Probably should be backported.
2006-01-19 06:09:39 +00:00
Michael W. Hudson 5910d81c97 Add a missing decref -- PyErr_SetObject increfs the 'object'! 2004-08-04 14:59:00 +00:00
Andrew M. Kuchling 27d3dda7f1 [Patch #909007] Enable a bunch of safe bug workarounds in OpenSSL, for compatibility with various broken SSL implementations out there. 2004-07-10 21:36:55 +00:00
Andrew M. Kuchling 9c3efe3ec6 [Patch #945642] Fix non-blocking SSL sockets, which blocked on reads/writes in Python 2.3.
(It turns out that the Debian unstable packaging of Python 2.3.4 includes this patch.)
Patch by Tino Lange.
2004-07-10 21:15:17 +00:00
Brett Cannon 06c34798df Make socket.sslerror a subclass of socket.error .
Added socket.error to the socket module's C API.
2004-03-23 23:16:54 +00:00
Martin v. Löwis 405a7952fd Patch #803998: Correctly check for error in SSL_write. 2003-10-27 14:24:37 +00:00
Walter Dörwald f0dfc7ac5c Fix a bunch of typos in documentation, docstrings and comments.
(From SF patch #810751)
2003-10-20 14:01:56 +00:00
Neal Norwitz a9002f824b Fix SF #754870, SSL crash interpreter when remote side closes during connect
Also fix a memory leak.
2003-06-30 03:25:20 +00:00
Martin v. Löwis afec8e3bde Patch #751916: Check for signals, fix some refcounting errors. 2003-06-28 07:40:23 +00:00
Neal Norwitz 529baf2b57 Fix compiler warning 2003-02-02 17:08:33 +00:00
Guido van Rossum 4f707ac8b1 SF patch 676472 by Geoff Talvola, reviewed by Ben Laurie.
Geoff writes:
  This is yet another patch to _ssl.c that sets the
  underlying BIO to non-blocking if the socket being
  wrapped is non-blocking. It also correctly loops when
  SSL_connect, SSL_write, or SSL_read indicates that it
  needs to read or write more bytes.

  This seems to fix bug #673797 which was not fixed by my
  previous patch.
2003-01-31 18:13:18 +00:00
Guido van Rossum 99d4abf8a2 Support socket timeout in SSL, by Geoff Talvola.
(SF patch #675750, to fix SF bug #675552.)
2003-01-27 22:22:50 +00:00
Mark Hammond fe51c6d66e Excise DL_EXPORT/DL_IMPORT from Modules/*. Required adding a prototype
for Py_Main().

Thanks to Kalle Svensson and Skip Montanaro for the patches.
2002-08-02 02:27:13 +00:00
Martin v. Löwis 09c35f78fe Patch #575827: allow threads inside SSL creation. 2002-07-28 09:57:45 +00:00
Jeremy Hylton 938ace69a0 staticforward bites the dust.
The staticforward define was needed to support certain broken C
compilers (notably SCO ODT 3.0, perhaps early AIX as well) botched the
static keyword when it was used with a forward declaration of a static
initialized structure.  Standard C allows the forward declaration with
static, and we've decided to stop catering to broken C compilers.  (In
fact, we expect that the compilers are all fixed eight years later.)

I'm leaving staticforward and statichere defined in object.h as
static.  This is only for backwards compatibility with C extensions
that might still use it.

XXX I haven't updated the documentation.
2002-07-17 16:30:39 +00:00
Jeremy Hylton 4e54730ed5 Repair badly formatted code. 2002-07-02 18:25:00 +00:00
Martin v. Löwis 14f8b4cfcb Patch #568124: Add doc string macros. 2002-06-13 20:33:02 +00:00
Tim Peters 5de9842b34 Repair widespread misuse of _PyString_Resize. Since it's clear people
don't understand how this function works, also beefed up the docs.  The
most common usage error is of this form (often spread out across gotos):

	if (_PyString_Resize(&s, n) < 0) {
		Py_DECREF(s);
		s = NULL;
		goto outtahere;
	}

The error is that if _PyString_Resize runs out of memory, it automatically
decrefs the input string object s (which also deallocates it, since its
refcount must be 1 upon entry), and sets s to NULL.  So if the "if"
branch ever triggers, it's an error to call Py_DECREF(s):  s is already
NULL!  A correct way to write the above is the simpler (and intended)

	if (_PyString_Resize(&s, n) < 0)
		goto outtahere;

Bugfix candidate.
2002-04-27 18:44:32 +00:00
Martin v. Löwis 6af3e2dc31 Forward port of patch # 500311: Work around for buggy https servers.
Fixes #494762.
2002-04-20 07:47:40 +00:00
Marc-André Lemburg a5d2b4cb18 Break SSL support out of _socket module and place it into a new
helper module _ssl.

The support for the RAND_* APIs in _ssl is now only enabled
for OpenSSL 0.9.5 and up since they were added in that
release.

Note that socketmodule.* should really be renamed to _socket.* --
unfortunately, this seems to lose the CVS history of the file.

Please review and test... I was only able to test the header file
chaos in socketmodule.c/h on Linux. The test run through fine
and compiles don't give errors or warnings.

WARNING: This patch does *not* include changes to the various
non-Unix build process files.
2002-02-16 18:23:30 +00:00