traverseda
/
cpython
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
79,216 Commits 9 Branches 456 Tags 1.7 GiB
Commit Graph

131 Commits

Author SHA1 Message Date
Benjamin Peterson 93ed946dd9 rm trailing ws 2015-11-14 15:12:38 -08:00
Benjamin Peterson c591936789 fix possible memory lea k in _get_aia_uri (closes #25578) 2015-11-14 15:12:18 -08:00
Benjamin Peterson b1c1e673cb fix build with older openssl (#25569) 2015-11-14 00:09:22 -08:00
Benjamin Peterson 10aaca9941 always set OP_NO_SSLv3 by default (closes #25530) 2015-11-11 22:38:41 -08:00
Benjamin Peterson 59d451d68f fix memory leak in _get_crl_dp (closes #25569) 
Patch started by Stéphane Wirtel.
 2015-11-11 22:07:38 -08:00
Serhiy Storchaka c72e66a048 Issue #25523: Backported a-to-an corrections. 2015-11-02 15:06:09 +02:00
Benjamin Peterson 65192c1756 improve style of the convert macro (#24655) 
Patch by Brian Cain.
 2015-07-18 10:59:13 -07:00
Benjamin Peterson 9c5a8d4e23 remove extra arguments in arg parsing format codes (closes #23875) 2015-04-06 13:05:22 -04:00
Benjamin Peterson 72ef961059 expose X509_V_FLAG_TRUSTED_FIRST 2015-03-04 22:49:41 -05:00
Benjamin Peterson b1ebba5bd5 enable X509_V_FLAG_TRUSTED_FIRST when possible (closes #23476) 2015-03-04 22:11:12 -05:00
Antoine Pitrou 34c8d98306 Issue #23576: Avoid stalling in SSL reads when EOF has been reached in the SSL layer but the underlying connection hasn't been closed. 2015-03-04 20:51:55 +01:00
Serhiy Storchaka a2269d074b Issue #23446: Use PyMem_New instead of PyMem_Malloc to avoid possible integer 
overflows.  Added few missed PyErr_NoMemory().
 2015-02-16 13:16:07 +02:00
Benjamin Peterson a99e48c2b2 ifdef our way to compatibility with old openssl (closes #23335) 2015-01-28 12:06:39 -05:00
Benjamin Peterson f4bb2311b1 disable ALPN on LibreSSL, which has a large version number, but not ALPN support (closes #23329) 2015-01-27 11:10:18 -05:00
Benjamin Peterson aa7075845c prefer server alpn ordering over the client's 2015-01-23 17:30:26 -05:00
Benjamin Peterson b10bfbe036 pep 466 backport of alpn (#20188) 2015-01-23 16:35:37 -05:00
Victor Stinner 7c90667f74 Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The 
availability of the function is checked during the compilation. Patch written
by Bernard Spil.
 2015-01-06 13:53:37 +01:00
Benjamin Peterson 60766c47e7 allow ssl module to compile if openssl doesn't support SSL 3 (closes #22935) 
Patch by Kurt Roeckx.
 2014-12-05 21:59:35 -05:00
Benjamin Peterson 31aa69ead5 allow hostname to be passed to SSLContext even if OpenSSL doesn't support SNI (closes #22921) 
Patch from Donald Stufft.
 2014-11-23 20:13:31 -06:00
Benjamin Peterson 93c41335ab allow keyfile argument to be None (closes #22787) 2014-11-03 21:12:05 -05:00
Benjamin Peterson 2f33456e41 fix sslwrap_simple (closes #22523) 
Thanks Alex Gaynor.
 2014-10-01 23:53:01 -04:00
Alex Gaynor e98205d798 Issue #20421: Add a .version() method to SSL sockets exposing the actual protocol version in use. 
Backport from default.
 2014-09-04 13:33:22 -07:00
Benjamin Peterson 876473eba3 fix load_verify_locations on unicode paths (closes #22244) 2014-08-28 09:33:21 -04:00
Benjamin Peterson 7ed3e29723 fix error message for invalid curve name 2014-08-20 21:37:01 -05:00
Benjamin Peterson cbb144afc0 PyUnicode -> PyString and PyLong -> PyInt 2014-08-20 14:25:32 -05:00
Benjamin Peterson daeb925cc8 backport many ssl features from Python 3 (closes #21308) 
A contribution of Alex Gaynor and David Reid with the generous support of
Rackspace. May God have mercy on their souls.
 2014-08-20 14:14:50 -05:00
Antoine Pitrou 3b2afbbf88 Issue #20207: Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly asked for. 2014-01-09 19:52:12 +01:00
Christian Heimes 41a7d5ee17 Issue #19227 / Issue #18747: Remove pthread_atfork() handler to remove OpenSSL re-seeding 
It is causing trouble like e.g. hanging processes.
 2013-10-29 20:50:01 +01:00
Antoine Pitrou 87c99a0d37 Properly initialize all fields of a SSL object after allocation. 2013-09-29 19:52:45 +02:00
Christian Heimes 5eb6e3b40d Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in GEN_EMAIL/GEN_URI/GEN_DNS case 2013-09-05 16:05:50 +02:00
Christian Heimes ed9884b2d0 Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in GEN_EMAIL/GEN_URI/GEN_DNS case 2013-09-05 16:04:35 +02:00
Christian Heimes 8ee5ffddf5 Issue #18747: Fix spelling errors in my commit message and comments, 
thanks to Vajrasky Kok for proof-reading.
 2013-08-25 14:19:16 +02:00
Barry Warsaw 82f8828317 - Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes 
inside subjectAltName correctly. Formerly the module has used OpenSSL's
  GENERAL_NAME_print() function to get the string represention of ASN.1
  strings for `rfc822Name` (email), `dNSName` (DNS) and
  `uniformResourceIdentifier` (URI).
 2013-08-23 13:26:49 -04:00
Christian Heimes 1d0f73d20f Issue #18747: Use a parent atfork handler instead of a child atfork handler. 
fork() is suppose to be async-signal safe but the handler calls unsafe functions. A parent handler mitigates the issue.
 2013-08-22 13:19:48 +02:00
Christian Heimes 0d604cf65e Issue #18747: Re-seed OpenSSL's pseudo-random number generator after fork. 
A pthread_atfork() child handler is used to seeded the PRNG with pid, time
and some stack data.
 2013-08-21 13:26:05 +02:00
Christian Heimes 10107813ac Issue #18777: The ssl module now uses the new CRYPTO_THREADID API of 
OpenSSL 1.0.0+ instead of the deprecated CRYPTO id callback function.
 2013-08-19 17:36:29 +02:00
Christian Heimes b4ec842f39 Issue 18768: Correct doc string of RAND_edg(). Patch by Vajrasky Kok. 2013-08-17 17:25:18 +02:00
Christian Heimes f1bd47ae14 Issue #18768: coding style nitpick. Thanks to Vajrasky Kok 2013-08-17 17:18:56 +02:00
Ezio Melotti 419e23cbb0 #18466: fix more typos. Patch by Févry Thibault. 2013-08-17 16:56:09 +03:00
Christian Heimes 88b174c977 Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes 
inside subjectAltName correctly. Formerly the module has used OpenSSL's
GENERAL_NAME_print() function to get the string represention of ASN.1
strings for rfc822Name (email), dNSName (DNS) and
uniformResourceIdentifier (URI).
 2013-08-17 00:54:47 +02:00
Victor Stinner c1a44269da Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if the input 
string in longer than 2 gigabytes. The ssl module does not support partial
write.
 2013-06-25 00:48:02 +02:00
Victor Stinner 4807df41ad Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write() 
for strings longer than 2 gigabytes.
 2013-06-23 15:15:10 +02:00
Antoine Pitrou c5bef75c77 Issue #15604: Update uses of PyObject_IsTrue() to check for and handle errors correctly. 
Patch by Serhiy Storchaka.
 2012-08-15 23:16:51 +02:00
Antoine Pitrou d358e0554b Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:42:45 +01:00
Antoine Pitrou dd7e071b23 Issue #13014: Fix a possible reference leak in SSLSocket.getpeercert(). 2012-02-15 22:25:27 +01:00
Antoine Pitrou 374b4ea9da Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:44:08 +01:00
Antoine Pitrou aa1c967f93 Issue #13458: Fix a memory leak in the ssl module when decoding a certificate with a subjectAltName. 
Patch by Robert Xiao.
 2011-11-23 01:39:19 +01:00
Antoine Pitrou f06eb46918 Issue #13034: When decoding some SSL certificates, the subjectAltName extension could be unreported. 2011-10-01 19:30:58 +02:00
Charles-François Natali fda7b379ac Issue #12287: Fix a stack corruption in ossaudiodev module when the FD is 
greater than FD_SETSIZE.
 2011-08-28 16:22:33 +02:00
Victor Stinner b1241f9619 (Merge 3.1) Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional 
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.

Optimize also ssl.get_protocol_name(): speed does matter!
 2011-05-10 01:52:03 +02:00