68d663cf85
[bpo-30916] Pre-build OpenSSL and Tcl/Tk for Windows ( #2688 )
...
Updates ssl and tkinter projects to use pre-built externals
2017-07-17 11:15:48 +02:00
5f31d5cf6e
Regenerate Argument Clinic code for bpo-19180. ( #2073 )
2017-06-10 13:13:51 +03:00
63c2c8ac17
bpo-19180: Updated references for RFC 1750, RFC 3280 & RFC 4366 (GH-148)
...
* RFC 1750 has been been obsoleted by RFC 4086.
* RFC 3280 has been obsoleted by RFC 5280.
* RFC 4366 has been obsoleted by RFC 6066.
2017-06-09 19:43:58 +10:00
65ece7ca23
bpo-30594: Fixed refcounting in newPySSLSocket ( #1992 )
...
If pass a server_hostname= that fails IDNA decoding to SSLContext.wrap_socket or SSLContext.wrap_bio, then the SSLContext object had a spurious Py_DECREF called on it, eventually leading to segfaults.
2017-06-08 09:30:43 +03:00
b87c0dfe90
Simplify X.509 extension handling code ( #1855 )
...
* Simplify X.509 extension handling code
The previous implementation had grown organically over time, as OpenSSL's API evolved.
* Delete even more code
2017-06-06 07:53:11 -04:00
66dc33b682
bpo-29334: Fix ssl.getpeercert for auto-handshake ( #1769 )
...
Drop handshake_done and peer_cert members from PySSLSocket struct. The
peer certificate can be acquired from *SSL directly.
SSL_get_peer_certificate() does not trigger any network activity.
Instead of manually tracking the handshake state, simply use
SSL_is_init_finished().
In combination these changes fix auto-handshake for non-blocking
MemoryBIO connections.
Signed-off-by: Christian Heimes <christian@python.org>
2017-05-23 16:02:02 -07:00
55fe1ae970
bpo-30022: Get rid of using EnvironmentError and IOError (except test… ( #1051 )
2017-04-16 10:46:38 +03:00
2849cc34a8
bpo-29738: Fix memory leak in _get_crl_dp (GH-526)
...
* Remove conditional on free of `dps`, since `dps` is now allocated for
all versions of OpenSSL
* Remove call to `x509_check_ca` since it was only used to cache
the `crldp` field of the certificate
CRL_DIST_POINTS_free is available in all supported versions of OpenSSL
(recent 0.9.8+) and LibreSSL.
2017-04-14 18:06:07 -07:00
aefa7ebf0f
bpo-6532: Make the thread id an unsigned integer. ( #781 )
...
* bpo-6532: Make the thread id an unsigned integer.
From C API side the type of results of PyThread_start_new_thread() and
PyThread_get_thread_ident(), the id parameter of
PyThreadState_SetAsyncExc(), and the thread_id field of PyThreadState
changed from "long" to "unsigned long".
* Restore a check in thread_get_ident().
2017-03-23 14:48:39 +01:00
8ae264ce6d
bpo-29697: Don't use OpenSSL <1.0.2 fallback on 1.1+ (GH-395)
2017-03-02 11:45:29 -05:00
228b12edcc
Issue #28999 : Use Py_RETURN_NONE, Py_RETURN_TRUE and Py_RETURN_FALSE wherever
...
possible. Patch is writen with Coccinelle.
2017-01-23 09:47:21 +02:00
f17c3de263
Use _PyObject_CallNoArg()
...
Replace:
PyObject_CallFunctionObjArgs(callable, NULL)
with:
_PyObject_CallNoArg(callable)
2016-12-06 18:46:19 +01:00
de4ae3d486
Backed out changeset b9c9691c72c5
...
Issue #28858 : The change b9c9691c72c5 introduced a regression. It seems like
_PyObject_CallArg1() uses more stack memory than
PyObject_CallFunctionObjArgs().
2016-12-04 22:59:09 +01:00
27580c1fb5
Replace PyObject_CallFunctionObjArgs() with fastcall
...
* PyObject_CallFunctionObjArgs(func, NULL) => _PyObject_CallNoArg(func)
* PyObject_CallFunctionObjArgs(func, arg, NULL) => _PyObject_CallArg1(func, arg)
PyObject_CallFunctionObjArgs() allocates 40 bytes on the C stack and requires
extra work to "parse" C arguments to build a C array of PyObject*.
_PyObject_CallNoArg() and _PyObject_CallArg1() are simpler and don't allocate
memory on the C stack.
This change is part of the fastcall project. The change on listsort() is
related to the issue #23507 .
2016-12-01 14:43:22 +01:00
1a63b9f288
Typo
2016-09-24 12:07:21 +02:00
a5d0765990
Finish GC code for SSLSession and increase test coverage
2016-09-24 10:48:05 +02:00
f6365e3816
Issue #28188 : Use PyMem_Calloc() to get rid of a type-limits warning and an extra memset() call in _ssl.c.
2016-09-13 20:48:13 +02:00
410b9887e1
Issue #27866 : Fix refleak in cipher_to_dict()
2016-09-12 12:00:23 +02:00
5fe668c672
Issue #28085 : Add PROTOCOL_TLS_CLIENT and PROTOCOL_TLS_SERVER for SSLContext
2016-09-12 00:01:11 +02:00
99a6570295
Issue #19500 : Add client-side SSL session resumption to the ssl module.
2016-09-10 23:44:53 +02:00
358cfd426c
Issue 28043: SSLContext has improved default settings
...
The options OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE, OP_SINGLE_ECDH_USE, OP_NO_SSLv2 (except for PROTOCOL_SSLv2), and OP_NO_SSLv3 (except for PROTOCOL_SSLv3) are set by default. The initial cipher suite list contains only HIGH ciphers, no NULL ciphers and MD5 ciphers (except for PROTOCOL_SSLv2).
2016-09-10 22:43:48 +02:00
fe3c9c1ee9
Issue #27691 : Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs.
2016-09-06 23:27:06 +02:00
1c03abd026
Issue #27691 : Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs.
2016-09-06 23:25:35 +02:00
0061bf5892
Issue #26470 : Use short name rather than name for compression name to fix #27958 .
2016-09-06 01:14:34 +02:00
281e5f8839
Issue #26470 : Use short name rather than name for compression name to fix #27958 .
2016-09-06 01:10:39 +02:00
25bfcd5d9e
Issue #27866 : Add SSLContext.get_ciphers() method to get a list of all enabled ciphers.
2016-09-06 00:04:45 +02:00
01113faef9
Issue #26470 : Port ssl and hashlib module to OpenSSL 1.1.0.
2016-09-05 23:23:24 +02:00
598894ff48
Issue #26470 : Port ssl and hashlib module to OpenSSL 1.1.0.
2016-09-05 23:19:05 +02:00
a853c479ee
merge 3.5 ( #27773 )
2016-08-15 21:56:11 -07:00
81b9ecd2a3
fix corner cases in the management of server_hostname ( closes #27773 )
2016-08-15 21:55:37 -07:00
d3afb62b8f
Merge 3.5 (INVALID_SOCKET)
2016-07-22 17:47:09 +02:00
524714eeda
socket: use INVALID_SOCKET
...
* Replace "fd = -1" with "fd = INVALID_SOCKET"
* Replace "fd < 0" with "fd == INVALID_SOCKET": SOCKET_T is unsigned on Windows
Bug found by Pavel Belikov ("Fragment N1"):
http://www.viva64.com/en/b/0414/#ID0ECDAE
2016-07-22 17:43:59 +02:00
7386268ffd
Issue #23804 : Merge SSL recv() fix from 3.5
2016-07-11 01:32:09 +00:00
bed7f1a512
Issue #23804 : Fix SSL zero-length recv() calls to not block and raise EOF
2016-07-11 00:17:13 +00:00
2954f83999
- Issue #27332 : Fixed the type of the first argument of module-level functions
...
generated by Argument Clinic. Patch by Petr Viktorin.
2016-07-07 18:20:03 +03:00
1a2b24f02d
Issue #27332 : Fixed the type of the first argument of module-level functions
...
generated by Argument Clinic. Patch by Petr Viktorin.
2016-07-07 17:35:15 +03:00
50600a78cb
merge 3.5 ( #24557 )
2016-07-06 23:58:16 -07:00
b8a2f51ceb
assume egd unless OPENSSL_NO_EGD is defined—remove configure check ( closes #24557 )
2016-07-06 23:55:15 -07:00
2c164b738d
Fix unused variable 'libver' warning in Modules/_ssl.c
...
It can be seen on various buildbots like 3.x.cea-indiana-amd64
and 3.x.murray-snowleopard:
/export/home/buildbot/64bits/3.x.cea-indiana-amd64/build/Modules/_ssl.c:2227: warning: unused variable 'libver'
/Users/buildbot/buildarea/3.x.murray-snowleopard/build/Modules/_ssl.c:2227: warning: unused variable ‘libver’
2016-04-14 16:49:21 +03:00
dfcb041195
Fix unused variable 'libver' warning in Modules/_ssl.c
...
It can be seen on various buildbots like 3.x.cea-indiana-amd64
and 3.x.murray-snowleopard:
/export/home/buildbot/64bits/3.x.cea-indiana-amd64/build/Modules/_ssl.c:2227: warning: unused variable 'libver'
/Users/buildbot/buildarea/3.x.murray-snowleopard/build/Modules/_ssl.c:2227: warning: unused variable ‘libver’
2016-04-14 16:48:48 +03:00
f01e408c16
Issue #26200 : Added Py_SETREF and replaced Py_XSETREF with Py_SETREF
...
in places where Py_DECREF was used.
2016-04-10 18:12:01 +03:00
57a01d3a0e
Issue #26200 : Added Py_SETREF and replaced Py_XSETREF with Py_SETREF
...
in places where Py_DECREF was used.
2016-04-10 18:05:40 +03:00
ec39756960
Issue #22570 : Renamed Py_SETREF to Py_XSETREF.
2016-04-06 09:50:03 +03:00
48842714b9
Issue #22570 : Renamed Py_SETREF to Py_XSETREF.
2016-04-06 09:45:48 +03:00
afd465d497
Issue #26644 : Merge SSL negative read fix from 3.5
2016-03-27 10:40:22 +00:00
5503d4731e
Issue #26644 : Raise ValueError for negative SSLSocket.recv() and read()
2016-03-27 05:35:19 +00:00
4a180a693f
merge 3.5 ( closes #25939 )
2016-02-17 22:18:35 -08:00
1378f7ca68
merge 3.4 ( closes #25939 )
2016-02-17 22:18:20 -08:00
9491272751
open the cert store readonly
...
Patch from Chi Hsuan Yen.
2016-02-17 22:13:19 -08:00
5db60aa84e
merge 3.5 ( closes #25672 )
2016-01-07 21:38:51 -08:00
3b1a8b3bbe
enable SSL_MODE_RELEASE_BUFFERS
...
Patch by Cory Benfield.
2016-01-07 21:37:37 -08:00
ef1585eb9a
Issue #25923 : Added more const qualifiers to signatures of static and private functions.
2015-12-25 20:01:53 +02:00
5a57ade58e
Issue #20440 : Massive replacing unsafe attribute setting code with special
...
macro Py_SETREF.
2015-12-24 10:35:59 +02:00
fcc2e71e99
merge 3.4 ( #25578 )
2015-11-14 15:14:42 -08:00
025a1fd990
rm trailing ws
2015-11-14 15:12:38 -08:00
f0c9038a36
fix possible memory lea k in _get_aia_uri ( closes #25578 )
2015-11-14 15:12:18 -08:00
2463001a15
merge 3.4 ( #25569 )
2015-11-14 00:11:09 -08:00
806fb25405
fix build with older openssl ( #25569 )
2015-11-14 00:09:22 -08:00
45bde5d2ee
merge 3.4 ( #25530 )
2015-11-11 22:45:22 -08:00
a9dcdabccb
always set OP_NO_SSLv3 by default ( closes #25530 )
2015-11-11 22:38:41 -08:00
86429bd174
merge 3.5 ( #25569 )
2015-11-11 22:14:08 -08:00
eda06c8f5e
fix memory leak in _get_crl_dp ( closes #25569 )
...
Patch started by Stéphane Wirtel.
2015-11-11 22:07:38 -08:00
f51d715845
Issue #25523 : Further a-to-an corrections new in 3.5.
2015-11-02 14:40:41 +02:00
a84f6c3dd3
Issue #25523 : Merge a-to-an corrections from 3.4.
2015-11-02 14:39:05 +02:00
d65c9496da
Issue #25523 : Further a-to-an corrections.
2015-11-02 14:10:23 +02:00
d330822c12
detect alpn by feature flag not openssl version ( closes #23329 )
2015-09-27 00:09:02 -07:00
d113c967b4
improve style of the convert macro ( #24655 )
...
Patch by Brian Cain.
2015-07-18 10:59:13 -07:00
0544cf0eb9
merge 3.4 ( #24655 )
2015-07-18 11:00:00 -07:00
dbfdc380df
Issue #24001 : Argument Clinic converters now use accept={type}
...
instead of types={'type'} to specify the types the converter accepts.
2015-05-04 06:59:46 -07:00
4b7b82f133
Issue #20179 : Converted the _ssl module to Argument Clinic.
2015-05-03 16:14:08 +03:00
146907081c
Issue #23853 : Methods of SSL socket don't reset the socket timeout anymore each
...
time bytes are received or sent. The socket timeout is now the maximum total
duration of the method.
This change fixes a denial of service if the application is regulary
interrupted by a signal and the signal handler does not raise an exception.
2015-04-06 22:46:13 +02:00
7d71c97ec3
merge 3.4 ( #23875 )
2015-04-06 13:06:21 -04:00
43b842775f
remove extra arguments in arg parsing format codes ( closes #23875 )
2015-04-06 13:05:22 -04:00
4e3cfa46dc
Issue #23853 : Cleanup _ssl.c
...
* Rename check_socket_and_wait_for_timeout() to PySSL_select()
* PySSL_select() is now clearly splitted betwen poll() and select()
* Add empty lines for readability
2015-04-02 21:28:28 +02:00
869e1778c0
Issue #22117 : Replace usage of _PyTime_ROUND_UP with _PyTime_ROUND_CEILING
...
All these functions only accept positive timeouts, so this change has no effect
in practice.
2015-03-30 03:49:14 +02:00
ea9c0dd2c2
Issue #22117 : Fix usage of _PyTime_AsTimeval()
...
Add _PyTime_AsTimeval_noraise() function. Call it when it's not possible (or
not useful) to raise a Python exception on overflow.
2015-03-30 02:51:13 +02:00
e245231fab
Issue #22117 : Fix ssl to use _PyTime_t API on sock_timeout
...
I didn't notice that the ssl module uses private attributes of socket objects.
2015-03-28 03:00:46 +01:00
8490f5acfe
Issue #23001 : Few functions in modules mmap, ossaudiodev, socket, ssl, and
...
codecs, that accepted only read-only bytes-like object now accept writable
bytes-like object too.
2015-03-20 09:00:36 +02:00
e42ccd2bfd
Issue #23694 : Enhance _Py_fopen(), it now raises an exception on error
...
* If fopen() fails, OSError is raised with the original filename object.
* The GIL is now released while calling fopen()
2015-03-18 01:39:23 +01:00
de8eca4638
merge 3.4
2015-03-04 22:50:25 -05:00
990fcaac3c
expose X509_V_FLAG_TRUSTED_FIRST
2015-03-04 22:49:41 -05:00
b64ae7bf2d
merge 3.4 ( #23476 )
2015-03-04 22:11:48 -05:00
fdb1971587
enable X509_V_FLAG_TRUSTED_FIRST when possible ( closes #23476 )
2015-03-04 22:11:12 -05:00
0bfd0a4048
Issue #23576 : Avoid stalling in SSL reads when EOF has been reached in the SSL layer but the underlying connection hasn't been closed.
2015-03-04 20:54:57 +01:00
f7f3b0a14a
Issue #23576 : Avoid stalling in SSL reads when EOF has been reached in the SSL layer but the underlying connection hasn't been closed.
2015-03-04 20:51:55 +01:00
4d0d982985
Issue #23446 : Use PyMem_New instead of PyMem_Malloc to avoid possible integer
...
overflows. Added few missed PyErr_NoMemory().
2015-02-16 13:33:32 +02:00
1a1ff29659
Issue #23446 : Use PyMem_New instead of PyMem_Malloc to avoid possible integer
...
overflows. Added few missed PyErr_NoMemory().
2015-02-16 13:28:22 +02:00
c54de47759
ifdef our way to compatibility with old openssl ( closes #23335 )
2015-01-28 12:06:39 -05:00
07f0515667
disable ALPN on LibreSSL, which has a large version number, but not ALPN support ( closes #23329 )
2015-01-27 11:10:18 -05:00
8861502e07
prefer server alpn ordering over the client's
2015-01-23 17:30:26 -05:00
cca2732a82
add support for ALPN ( closes #20188 )
2015-01-23 16:35:37 -05:00
baf7c1e546
use SSL_get_session
2015-01-07 11:32:00 -06:00
4cb17812d9
expose the client's cipher suites from the handshake ( closes #23186 )
2015-01-07 11:14:26 -06:00
fcfed19913
Issue #21356 : Make ssl.RAND_egd() optional to support LibreSSL. The
...
availability of the function is checked during the compilation. Patch written
by Bernard Spil.
2015-01-06 13:54:58 +01:00
5e8430d02c
Issue #23143 : Remove compatibility with OpenSSLs older than 0.9.8.
...
(the last 0.9.7 release was in 2007)
2015-01-03 23:17:23 +01:00
e32467cf6a
allow ssl module to compile if openssl doesn't support SSL 3 ( closes #22935 )
...
Patch by Kurt Roeckx.
2014-12-05 21:59:35 -05:00
7243b574e5
don't require OpenSSL SNI to pass hostname to ssl functions ( #22921 )
...
Patch by Donald Stufft.
2014-11-23 17:04:34 -06:00
22293df016
merge 3.4 ( #22935 )
2014-12-05 22:11:33 -05:00
beeb512fe1
Issue #21356 : Make ssl.RAND_egd() optional to support LibreSSL. The
...
availability of the function is checked during the compilation.
Patch written by Bernard Spil.
2014-11-28 13:28:25 +01:00
f9284ae8ed
merge 3.4 ( #22921 )
2014-11-23 17:06:39 -06:00
Steve Dower
Serhiy Storchaka
Chandan Kumar
Nathaniel J. Smith
Alex Gaynor
Christian Heimes
Olivier Vielpeau
Donald Stufft
Victor Stinner
Benjamin Peterson
Martin Panter
Berker Peksag
Larry Hastings
Antoine Pitrou