Commit Graph

299 Commits

Author SHA1 Message Date
Antoine Pitrou 20b85557f2 Issue #19095: SSLSocket.getpeercert() now raises ValueError when the SSL handshake hasn't been done. 2013-09-29 19:50:53 +02:00
Christian Heimes 2d7aba3db1 Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in GEN_EMAIL/GEN_URI/GEN_DNS case 2013-09-05 16:04:50 +02:00
Christian Heimes 60bf2fc25b Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in GEN_EMAIL/GEN_URI/GEN_DNS case 2013-09-05 16:04:35 +02:00
Victor Stinner daf455554b Issue #18571: Implementation of the PEP 446: file descriptors and file handles
are now created non-inheritable; add functions os.get/set_inheritable(),
os.get/set_handle_inheritable() and socket.socket.get/set_inheritable().
2013-08-28 00:53:59 +02:00
Christian Heimes cfa47962c2 Issue #18747: Fix spelling errors in my commit message and comments,
thanks to Vajrasky Kok for proof-reading.
2013-08-25 14:19:29 +02:00
Christian Heimes 61636e7105 Issue #18747: Fix spelling errors in my commit message and comments,
thanks to Vajrasky Kok for proof-reading.
2013-08-25 14:19:16 +02:00
Richard Oudkerk cabbde9e1e Fix compiler warning on Windows. 2013-08-24 23:46:27 +01:00
Christian Heimes f54c24628b Issue #18747: Use a parent atfork handler instead of a child atfork handler.
fork() is suppose to be async-signal safe but the handler calls unsafe functions. A parent handler mitigates the issue.
2013-08-22 13:19:56 +02:00
Christian Heimes 80c5de93f9 Issue #18747: Use a parent atfork handler instead of a child atfork handler.
fork() is suppose to be async-signal safe but the handler calls unsafe functions. A parent handler mitigates the issue.
2013-08-22 13:19:48 +02:00
Christian Heimes 6acbe2aaa3 Issue #18747: Re-seed OpenSSL's pseudo-random number generator after fork.
A pthread_atfork() child handler is used to seeded the PRNG with pid, time
and some stack data.
2013-08-21 13:26:34 +02:00
Christian Heimes f77b4b20e9 Issue #18747: Re-seed OpenSSL's pseudo-random number generator after fork.
A pthread_atfork() child handler is used to seeded the PRNG with pid, time
and some stack data.
2013-08-21 13:26:05 +02:00
Christian Heimes 85532eb212 Issue #18777: The ssl module now uses the new CRYPTO_THREADID API of
OpenSSL 1.0.0+ instead of the deprecated CRYPTO id callback function.
2013-08-19 17:36:39 +02:00
Christian Heimes 4d98ca9ff6 Issue #18777: The ssl module now uses the new CRYPTO_THREADID API of
OpenSSL 1.0.0+ instead of the deprecated CRYPTO id callback function.
2013-08-19 17:36:29 +02:00
Christian Heimes f920a1c1f1 Issue 18768: Correct doc string of RAND_edg(). Patch by Vajrasky Kok. 2013-08-17 17:25:27 +02:00
Christian Heimes 3c2593b2bb Issue 18768: Correct doc string of RAND_edg(). Patch by Vajrasky Kok. 2013-08-17 17:25:18 +02:00
Christian Heimes 9b5907cbd5 Issue #18768: coding style nitpick. Thanks to Vajrasky Kok 2013-08-17 17:19:03 +02:00
Christian Heimes 474afdda60 Issue #18768: coding style nitpick. Thanks to Vajrasky Kok 2013-08-17 17:18:56 +02:00
Ezio Melotti a7e7497d88 #18466: merge with 3.3. 2013-08-17 16:58:13 +03:00
Ezio Melotti 85a8629d21 #18466: fix more typos. Patch by Févry Thibault. 2013-08-17 16:57:41 +03:00
Christian Heimes e06d47c70c Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes
inside subjectAltName correctly. Formerly the module has used OpenSSL's
GENERAL_NAME_print() function to get the string represention of ASN.1
strings for rfc822Name (email), dNSName (DNS) and
uniformResourceIdentifier (URI).
2013-08-17 00:58:00 +02:00
Christian Heimes 824f7f366d Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes
inside subjectAltName correctly. Formerly the module has used OpenSSL's
GENERAL_NAME_print() function to get the string represention of ASN.1
strings for rfc822Name (email), dNSName (DNS) and
uniformResourceIdentifier (URI).
2013-08-17 00:54:47 +02:00
Christian Heimes 9bfcaa6fb3 Check return value of PyLong_FromLong(X509_get_version()). It might be NULL if
X509_get_version() grows beyond our small int cache.
CID 1058279
2013-07-26 15:51:35 +02:00
Christian Heimes 5962bef8aa Check return value of PyLong_FromLong(X509_get_version()). It might be NULL if
X509_get_version() grows beyond our small int cache.
CID 1058279
2013-07-26 15:51:18 +02:00
Victor Stinner 11ebff2757 Issue #18203: Replace malloc() with PyMem_Malloc() in _ssl for the password 2013-07-07 17:07:52 +02:00
Victor Stinner b64049183c Issue #18203: Replace malloc() with PyMem_Malloc() in Python modules
Replace malloc() with PyMem_Malloc() when the GIL is held, or with
PyMem_RawMalloc() otherwise.
2013-07-07 16:21:41 +02:00
Victor Stinner 7e00151e1f _ssl.c: strip trailing spaces 2013-06-25 00:44:31 +02:00
Victor Stinner 86073dc3c2 (Merge 3.3) Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if
the input string in longer than 2 gigabytes, and
ssl.SSLContext.load_cert_chain() raises a ValueError if the password is longer
than 2 gigabytes. The ssl module does not support partial write.
2013-06-25 00:43:47 +02:00
Victor Stinner 6efa965a27 Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if the input
string in longer than 2 gigabytes, and ssl.SSLContext.load_cert_chain() raises
a ValueError if the password is longer than 2 gigabytes. The ssl module does
not support partial write.
2013-06-25 00:42:31 +02:00
Victor Stinner 8cfd67cfe7 (Merge 3.3) Issue #18135: Fix a possible integer overflow in
ssl.SSLSocket.write() and in ssl.SSLContext.load_cert_chain() for strings and
passwords longer than 2 gigabytes.
2013-06-23 15:09:26 +02:00
Victor Stinner 9ee0203057 Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write()
and in ssl.SSLContext.load_cert_chain() for strings and passwords longer
than 2 gigabytes.
2013-06-23 15:08:23 +02:00
Victor Stinner 4569cd5eab _ssl.c: strip trailing spaces 2013-06-23 14:58:43 +02:00
Christian Heimes 9a5395ae2b Issue #18147: Add diagnostic functions to ssl.SSLContext().
get_ca_list() lists all loaded CA certificates and cert_store_stats() returns
amount of loaded X.509 certs, X.509 CA certs and CRLs.
2013-06-17 15:44:12 +02:00
Christian Heimes 200bb1b08c Simplify return value of ssl.get_default_verify_paths
prefix function with PySSL_, too. Other module level functions have a prefix, too.
2013-06-14 15:14:29 +02:00
Christian Heimes 75b8426698 fixd refleak 2013-06-10 10:47:22 +02:00
Christian Heimes 46bebee25f Issue #17134: Add ssl.enum_cert_store() as interface to Windows' cert store. 2013-06-09 19:03:31 +02:00
Christian Heimes 142ec2c014 get_default_verify_paths doesn't belong inside the ifdef block 2013-06-09 18:29:54 +02:00
Christian Heimes 6d7ad13a45 Issue #18143: Implement ssl.get_default_verify_paths() in order to debug
the default locations for cafile and capath.
2013-06-09 18:02:55 +02:00
Antoine Pitrou 19fef69b75 Fix compilation under MSVC: ssl_set_mode() is a macro, and the MSVC preprocessor doesn't process #ifdef's inside a macro argument list.
(found explanation at http://www.tech-archive.net/Archive/VC/microsoft.public.vc.language/2007-05/msg00385.html)
2013-05-25 13:23:03 +02:00
Antoine Pitrou 3a65ad7f08 Issue #8240: Set the SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag on SSL sockets. 2013-05-25 13:02:32 +02:00
Antoine Pitrou 50b24d0d7c Fix a crash when setting a servername callback on a SSL server socket and the client doesn't send a server name.
Patch by Kazuhiro Yoshida.
(originally issue #8109)
2013-04-11 20:48:42 +02:00
Antoine Pitrou ce852cb8b9 Fix comment about the OpenSSL version in which SNI version was introduced. 2013-03-30 16:45:04 +01:00
Antoine Pitrou edbc18e9d0 Improve set_servername_callback docstring. 2013-03-30 16:40:27 +01:00
Antoine Pitrou a596338bb8 Fix previous fix (the cause was actually a misplaced #endif, or so it seems) 2013-03-30 16:39:00 +01:00
Antoine Pitrou 41f8c4f5e4 Further compiling fixes (issue #17581) 2013-03-30 16:36:54 +01:00
Antoine Pitrou 912fbff105 Issue #17581: try to fix building on old OpenSSL versions 2013-03-30 16:29:32 +01:00
Antoine Pitrou 2463e5fee4 Issue #16692: The ssl module now supports TLS 1.1 and TLS 1.2. Initial patch by Michele Orrù. 2013-03-28 22:24:43 +01:00
Stefan Krah 20d60803d5 Issue #16982: Fix --without-threads build failure. 2013-01-17 17:07:17 +01:00
Antoine Pitrou 1e37e9efa9 SSLContext.load_dh_params() now properly closes the input file. 2013-01-12 21:44:33 +01:00
Antoine Pitrou 457a2292ca SSLContext.load_dh_params() now properly closes the input file. 2013-01-12 21:43:45 +01:00
Antoine Pitrou 5dd12a5978 Fix returning uninitialized variable (issue #8109).
Found by Christian with Coverity.
2013-01-06 15:25:36 +01:00
Antoine Pitrou 58ddc9d743 Issue #8109: The ssl module now has support for server-side SNI, thanks to a :meth:`SSLContext.set_servername_callback` method.
Patch by Daniel Black.
2013-01-05 21:20:29 +01:00
Christian Heimes 5cb31c9277 Issue #15977: Fix memory leak in Modules/_ssl.c when the function _set_npn_protocols() is called multiple times 2012-09-20 12:42:54 +02:00
Jesus Cea b7a2800831 MERGE: Closes #15793: Stack corruption in ssl.RAND_egd() 2012-09-11 02:08:48 +02:00
Jesus Cea c8754a13e6 Closes #15793: Stack corruption in ssl.RAND_egd() 2012-09-11 02:00:58 +02:00
Antoine Pitrou 721738fbee Issue #15604: Update uses of PyObject_IsTrue() to check for and handle errors correctly.
Patch by Serhiy Storchaka.
2012-08-15 23:20:39 +02:00
Antoine Pitrou 6f430e4963 Issue #15604: Update uses of PyObject_IsTrue() to check for and handle errors correctly.
Patch by Serhiy Storchaka.
2012-08-15 23:18:25 +02:00
Antoine Pitrou 3b36fb1f53 Issue #14837: SSL errors now have `library` and `reason` attributes describing precisely what happened and in which OpenSSL submodule.
The str() of a SSLError is also enhanced accordingly.

NOTE: this commit creates a reference leak.  The leak seems tied to the
use of PyType_FromSpec() to create the SSLError type.  The leak is on the
type object when it is instantiated:

>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
35
>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
36
>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
37
2012-06-22 21:11:52 +02:00
Antoine Pitrou d5d17eb653 Issue #14204: The ssl module now has support for the Next Protocol Negotiation extension, if available in the underlying OpenSSL library.
Patch by Colin Marc.
2012-03-22 00:23:03 +01:00
Antoine Pitrou c135fa424e Fix last remaining build issues of _ssl under old OpenSSLs. Patch by Vinay. 2012-02-19 21:22:39 +01:00
Antoine Pitrou a9bf2ac726 Try to really fix compilation failures of the _ssl module under very old OpenSSLs. 2012-02-17 18:47:54 +01:00
Antoine Pitrou e9fccb360f Fix compilation when SSL_OP_SINGLE_ECDH_USE isn't defined 2012-02-17 11:53:10 +01:00
Antoine Pitrou 04d4ee4e56 Issue #13014: Fix a possible reference leak in SSLSocket.getpeercert(). 2012-02-15 22:28:21 +01:00
Antoine Pitrou 2f5a163dfc Issue #13014: Fix a possible reference leak in SSLSocket.getpeercert(). 2012-02-15 22:25:27 +01:00
Antoine Pitrou 9e2e5329dc Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:53:29 +01:00
Antoine Pitrou 3f366314e8 Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:50:45 +01:00
Antoine Pitrou f2bf8a6ac5 Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:48:47 +01:00
Antoine Pitrou 0e576f1f50 Issue #13626: Add support for SSL Diffie-Hellman key exchange, through the
SSLContext.load_dh_params() method and the ssl.OP_SINGLE_DH_USE option.
2011-12-22 10:03:38 +01:00
Antoine Pitrou 501da61671 Fix ssl module compilation if ECDH support was disabled in the OpenSSL build.
(followup to issue #13627)
2011-12-21 09:27:41 +01:00
Antoine Pitrou 8abdb8abd8 Issue #13634: Add support for querying and disabling SSL compression. 2011-12-20 10:13:40 +01:00
Antoine Pitrou 923df6f22a Issue #13627: Add support for SSL Elliptic Curve-based Diffie-Hellman
key exchange, through the SSLContext.set_ecdh_curve() method and the
ssl.OP_SINGLE_ECDH_USE option.
2011-12-19 17:16:51 +01:00
Antoine Pitrou 6db4944cc5 Issue #13635: Add ssl.OP_CIPHER_SERVER_PREFERENCE, so that SSL servers
choose the cipher based on their own preferences, rather than on the
client's.
2011-12-19 13:27:11 +01:00
Antoine Pitrou bc53032408 Issue #13458: Fix a memory leak in the ssl module when decoding a certificate with a subjectAltName.
Patch by Robert Xiao.
2011-11-23 01:42:52 +01:00
Antoine Pitrou 116d6b98bf Issue #13458: Fix a memory leak in the ssl module when decoding a certificate with a subjectAltName.
Patch by Robert Xiao.
2011-11-23 01:39:19 +01:00
Antoine Pitrou 41032a69c1 Issue #11183: Add finer-grained exceptions to the ssl module, so that
you don't have to inspect the exception's attributes in the common case.
2011-10-27 23:56:55 +02:00
Antoine Pitrou a0e0e23299 Add a docstring to SSLError 2011-10-22 23:41:52 +02:00
Antoine Pitrou b7705b7792 Use PyExc_OSError directly instead of grabbing it from the socket module API 2011-10-22 23:37:51 +02:00
Antoine Pitrou a02a12c517 Issue #13034: When decoding some SSL certificates, the subjectAltName extension could be unreported. 2011-10-01 19:22:30 +02:00
Antoine Pitrou d8c347a8de Issue #13034: When decoding some SSL certificates, the subjectAltName extension could be unreported. 2011-10-01 19:20:25 +02:00
Charles-François Natali ac7e9e058d Issue #12287: Fix a stack corruption in ossaudiodev module when the FD is
greater than FD_SETSIZE.
2011-08-28 18:10:27 +02:00
Charles-François Natali aa26b27503 Issue #12287: Fix a stack corruption in ossaudiodev module when the FD is
greater than FD_SETSIZE.
2011-08-28 17:51:43 +02:00
Antoine Pitrou 4fd1e6a3ba Issue #12803: SSLContext.load_cert_chain() now accepts a password argument
to be used if the private key is encrypted.  Patch by Adam Simpkins.
2011-08-25 14:39:44 +02:00
Antoine Pitrou d649480739 Issue #12551: Provide a get_channel_binding() method on SSL sockets so as
to get channel binding data for the current SSL session (only the
"tls-unique" channel binding is implemented).  This allows the
implementation of certain authentication mechanisms such as SCRAM-SHA-1-PLUS.

Patch by Jacek Konieczny.
2011-07-21 01:11:30 +02:00
Antoine Pitrou 7128f95bd2 Issue #12440: When testing whether some bits in SSLContext.options can be
reset, check the version of the OpenSSL headers Python was compiled against,
rather than the runtime version of the OpenSSL library.
2011-07-08 18:49:07 +02:00
Antoine Pitrou b9ac25d1c3 Issue #12440: When testing whether some bits in SSLContext.options can be
reset, check the version of the OpenSSL headers Python was compiled against,
rather than the runtime version of the OpenSSL library.
2011-07-08 18:47:06 +02:00
Victor Stinner 99c8b16143 Issue #12049: Add RAND_bytes() and RAND_pseudo_bytes() functions to the ssl
module.
2011-05-24 12:05:19 +02:00
Victor Stinner 17ca323e7c (Merge 3.1) Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.

Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-10 00:48:41 +02:00
Victor Stinner ee18b6f2fd Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.

Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-10 00:38:00 +02:00
Victor Stinner 3de49192aa Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.

Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-09 00:42:58 +02:00
Antoine Pitrou a7caec74aa Merge fix for issue #11746 2011-04-03 18:16:50 +02:00
Antoine Pitrou 9c25486093 Issue #11746: Fix SSLContext.load_cert_chain() to accept elliptic curve private keys. 2011-04-03 18:15:34 +02:00
Brett Cannon b94767ff44 Issue #8914: fix various warnings from the Clang static analyzer v254. 2011-02-22 20:15:44 +00:00
Victor Stinner 80f75e684e Issue #10989: Fix a crash on SSLContext.load_verify_locations(None, True).
Patch reviewed by Antoine Pitrou, okayed by Georg Brandl.
2011-01-29 11:31:20 +00:00
Hirokazu Yamamoto 8e63c687ef Merged revisions 87140 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r87140 | hirokazu.yamamoto | 2010-12-09 19:49:00 +0900 (木, 09 12 2010) | 2 lines

  Should call Py_INCREF for Py_None (Modules/_ssl.c: PySSL_cipher)
........
2010-12-09 12:30:05 +00:00
Hirokazu Yamamoto 524f10359b Should call Py_INCREF for Py_None (Modules/_ssl.c: PySSL_cipher) 2010-12-09 10:49:00 +00:00
Antoine Pitrou c4df784514 Issue #10272: The ssl module now raises socket.timeout instead of a generic
SSLError on socket timeouts.
2010-12-03 19:59:41 +00:00
Antoine Pitrou 664c2d1fc0 Issue #10443: Add the SSLContext.set_default_verify_paths() method. 2010-11-17 20:29:42 +00:00
Antoine Pitrou fb0469112f Issue #10022: The dictionary returned by the `getpeercert()` method
of SSL sockets now has additional items such as `issuer` and `notBefore`.
2010-11-09 20:21:19 +00:00
Antoine Pitrou d532321f7b Issue #5639: Add a *server_hostname* argument to `SSLContext.wrap_socket`
in order to support the TLS SNI extension.  `HTTPSConnection` and
`urlopen()` also use this argument, so that HTTPS virtual hosts are now
supported.
2010-10-22 18:19:07 +00:00
Benjamin Peterson 31370951c0 Merged revisions 85432 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r85432 | benjamin.peterson | 2010-10-13 17:06:39 -0500 (Wed, 13 Oct 2010) | 1 line

  constify to appease compiler warnings
........
2010-10-13 22:20:48 +00:00
Benjamin Peterson eb1410fc40 constify to appease compiler warnings 2010-10-13 22:06:39 +00:00
Antoine Pitrou fc113eeb7d Define a "session_id_context" at context creation. This is recommended
for the OpenSSL server-side session cache.
2010-10-13 12:46:13 +00:00
Gregory P. Smith bd4dacb3f9 Fix compile on NetBSD 5.0 (or anything else using an old 0.9.9-dev OpenSSL). 2010-10-13 03:53:21 +00:00
Antoine Pitrou b0182c8ca5 Issue #10075: Add a session_stats() method to SSLContext objects. 2010-10-12 20:09:02 +00:00
Antoine Pitrou 10c4c23a25 Merged revisions 84464 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r84464 | antoine.pitrou | 2010-09-03 20:38:17 +0200 (ven., 03 sept. 2010) | 3 lines

  Issue #3805: clean up implementation of the _read method in _ssl.c.
........
2010-09-03 18:39:47 +00:00
Antoine Pitrou 24e561ae04 Issue #3805: clean up implementation of the _read method in _ssl.c. 2010-09-03 18:38:17 +00:00
Antoine Pitrou 67e8e5633e Try to fix some buildbot failures on test_ssl 2010-09-01 20:55:41 +00:00
Giampaolo Rodolà e0f9863a61 Issue #9693 - msg 115273: attempt to fix ssl module failures on certain OpenSSL versions by calling ERR_clear_error() before raising IOError 2010-09-01 19:28:49 +00:00
Giampaolo Rodolà 745ab3807e Fix issue issue9706: provides a better error handling for various SSL operations 2010-08-29 19:25:49 +00:00
Mark Dickinson 732cc9be1e Merged revisions 83677 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r83677 | mark.dickinson | 2010-08-03 19:31:54 +0100 (Tue, 03 Aug 2010) | 1 line

  Fix memory leak in ssl module.
........
2010-08-03 18:33:11 +00:00
Mark Dickinson ee55df5c85 Fix memory leak in ssl module. 2010-08-03 18:31:54 +00:00
Antoine Pitrou 4b261d2073 Merged revisions 82211 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

................
  r82211 | antoine.pitrou | 2010-06-25 02:07:34 +0200 (ven., 25 juin 2010) | 10 lines

  Merged revisions 82210 via svnmerge from
  svn+ssh://pythondev@svn.python.org/python/trunk

  ........
    r82210 | antoine.pitrou | 2010-06-25 02:03:21 +0200 (ven., 25 juin 2010) | 4 lines

    Issue #9075: In the ssl module, remove the setting of a `debug` flag
    on an OpenSSL structure.
  ........
................
2010-06-25 00:13:19 +00:00
Antoine Pitrou 6186bfb735 Merged revisions 82210 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r82210 | antoine.pitrou | 2010-06-25 02:03:21 +0200 (ven., 25 juin 2010) | 4 lines

  Issue #9075: In the ssl module, remove the setting of a `debug` flag
  on an OpenSSL structure.
........
2010-06-25 00:07:34 +00:00
Antoine Pitrou 94fbaac58d Merged revisions 82204 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r82204 | antoine.pitrou | 2010-06-25 00:34:04 +0200 (ven., 25 juin 2010) | 5 lines

  Issue #8682: The ssl module now temporary increments the reference count of
  a socket object got through `PyWeakref_GetObject`, so as to avoid possible
  deallocation while the object is still being used.
........
2010-06-24 22:49:57 +00:00
Antoine Pitrou 8bae4ec622 Issue #8682: The ssl module now temporary increments the reference count of
a socket object got through `PyWeakref_GetObject`, so as to avoid possible
deallocation while the object is still being used.
2010-06-24 22:34:04 +00:00
Antoine Pitrou b52187710e Issue #4870: Add an `options` attribute to SSL contexts, as well as
several ``OP_*`` constants to the `ssl` module.  This allows to selectively
disable protocol versions, when used in combination with `PROTOCOL_SSLv23`.
2010-05-21 09:56:06 +00:00
Antoine Pitrou 321257da1a Merged revisions 81242 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

................
  r81242 | antoine.pitrou | 2010-05-17 01:14:22 +0200 (lun., 17 mai 2010) | 10 lines

  Merged revisions 81241 via svnmerge from
  svn+ssh://pythondev@svn.python.org/python/trunk

  ........
    r81241 | antoine.pitrou | 2010-05-17 01:11:46 +0200 (lun., 17 mai 2010) | 4 lines

    Clear the OpenSSL error queue each time an error is signalled.
    When the error queue is not emptied, strange things can happen on the next SSL call, depending on the OpenSSL version.
  ........
................
2010-05-16 23:18:00 +00:00
Antoine Pitrou 9d74b42aca Merged revisions 81241 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r81241 | antoine.pitrou | 2010-05-17 01:11:46 +0200 (lun., 17 mai 2010) | 4 lines

  Clear the OpenSSL error queue each time an error is signalled.
  When the error queue is not emptied, strange things can happen on the next SSL call, depending on the OpenSSL version.
........
2010-05-16 23:14:22 +00:00
Victor Stinner f9faaad801 Issue #8477: ssl.RAND_egd() supports str with surrogates and bytes for the path 2010-05-16 21:36:37 +00:00
Victor Stinner 3800e1e961 Issue #8477: _ssl._test_decode_cert() supports str with surrogates and bytes
for the filename
2010-05-16 21:23:48 +00:00
Antoine Pitrou 65ec8ae47f Fix (hopefully) the remaining test_ssl buildbot failures 2010-05-16 19:56:32 +00:00
Antoine Pitrou 152efa2ae2 Issue #8550: Add first class `SSLContext` objects to the ssl module. 2010-05-16 18:19:27 +00:00
Antoine Pitrou a29b181693 Merged revisions 81116 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

................
  r81116 | antoine.pitrou | 2010-05-12 16:05:24 +0200 (mer., 12 mai 2010) | 9 lines

  Merged revisions 81115 via svnmerge from
  svn+ssh://pythondev@svn.python.org/python/trunk

  ........
    r81115 | antoine.pitrou | 2010-05-12 16:02:34 +0200 (mer., 12 mai 2010) | 3 lines

    Improve _ssl.c formatting
  ........
................
2010-05-12 14:08:45 +00:00
Antoine Pitrou 525807bf72 Merged revisions 81115 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r81115 | antoine.pitrou | 2010-05-12 16:02:34 +0200 (mer., 12 mai 2010) | 3 lines

  Improve _ssl.c formatting
........
2010-05-12 14:05:24 +00:00
Antoine Pitrou 30dc1a73d0 Merged revisions 80790 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

................
  r80790 | antoine.pitrou | 2010-05-05 17:57:33 +0200 (mer., 05 mai 2010) | 9 lines

  Merged revisions 80789 via svnmerge from
  svn+ssh://pythondev@svn.python.org/python/trunk

  ........
    r80789 | antoine.pitrou | 2010-05-05 17:53:45 +0200 (mer., 05 mai 2010) | 3 lines

    Untabify Modules/_ssl.c
  ........
................
2010-05-05 16:01:14 +00:00
Antoine Pitrou cbb82ebd75 Merged revisions 80789 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r80789 | antoine.pitrou | 2010-05-05 17:53:45 +0200 (mer., 05 mai 2010) | 3 lines

  Untabify Modules/_ssl.c
........
2010-05-05 15:57:33 +00:00
Antoine Pitrou 79ac78afef Merged revisions 80542 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

................
  r80542 | antoine.pitrou | 2010-04-27 21:14:15 +0200 (mar., 27 avril 2010) | 10 lines

  Merged revisions 80540 via svnmerge from
  svn+ssh://pythondev@svn.python.org/python/trunk

  ........
    r80540 | antoine.pitrou | 2010-04-27 21:09:59 +0200 (mar., 27 avril 2010) | 4 lines

    Issue #8549: Fix compiling the _ssl extension under AIX.  Patch by
    Sridhar Ratnakumar.
  ........
................
2010-04-27 19:18:34 +00:00
Antoine Pitrou 06e34a9476 Merged revisions 80540 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r80540 | antoine.pitrou | 2010-04-27 21:09:59 +0200 (mar., 27 avril 2010) | 4 lines

  Issue #8549: Fix compiling the _ssl extension under AIX.  Patch by
  Sridhar Ratnakumar.
........
2010-04-27 19:14:15 +00:00
Antoine Pitrou ec146185c4 Merged revisions 80454 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

................
  r80454 | antoine.pitrou | 2010-04-24 23:26:44 +0200 (sam., 24 avril 2010) | 15 lines

  Merged revisions 80451-80452 via svnmerge from
  svn+ssh://pythondev@svn.python.org/python/trunk

  ........
    r80451 | antoine.pitrou | 2010-04-24 21:57:01 +0200 (sam., 24 avril 2010) | 4 lines

    The do_handshake() method of SSL objects now adjusts the blocking mode of
    the SSL structure if necessary (as other methods already do).
  ........
    r80452 | antoine.pitrou | 2010-04-24 22:04:58 +0200 (sam., 24 avril 2010) | 4 lines

    Issue #5103: SSL handshake would ignore the socket timeout and block
    indefinitely if the other end didn't respond.
  ........
................
2010-04-24 21:30:20 +00:00
Antoine Pitrou d3f8ab8bd3 Merged revisions 80451-80452 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r80451 | antoine.pitrou | 2010-04-24 21:57:01 +0200 (sam., 24 avril 2010) | 4 lines

  The do_handshake() method of SSL objects now adjusts the blocking mode of
  the SSL structure if necessary (as other methods already do).
........
  r80452 | antoine.pitrou | 2010-04-24 22:04:58 +0200 (sam., 24 avril 2010) | 4 lines

  Issue #5103: SSL handshake would ignore the socket timeout and block
  indefinitely if the other end didn't respond.
........
2010-04-24 21:26:44 +00:00
Antoine Pitrou 5a1c4d1880 Merged revisions 80394 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

................
  r80394 | antoine.pitrou | 2010-04-23 02:16:21 +0200 (ven., 23 avril 2010) | 15 lines

  Merged revisions 80392 via svnmerge from
  svn+ssh://pythondev@svn.python.org/python/trunk

  ........
    r80392 | antoine.pitrou | 2010-04-23 01:33:02 +0200 (ven., 23 avril 2010) | 9 lines

    Issue #8108: Fix the unwrap() method of SSL objects when the socket has
    a non-infinite timeout.  Also make that method friendlier with applications
    wanting to continue using the socket in clear-text mode, by disabling
    OpenSSL's internal readahead.  Thanks to Darryl Miles for guidance.

    Issue #8108: test_ftplib's non-blocking SSL server now has proper handling
    of SSL shutdowns.
  ........
................
2010-04-23 21:11:10 +00:00
Antoine Pitrou 2c4f98b3c5 Merged revisions 80392 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r80392 | antoine.pitrou | 2010-04-23 01:33:02 +0200 (ven., 23 avril 2010) | 9 lines

  Issue #8108: Fix the unwrap() method of SSL objects when the socket has
  a non-infinite timeout.  Also make that method friendlier with applications
  wanting to continue using the socket in clear-text mode, by disabling
  OpenSSL's internal readahead.  Thanks to Darryl Miles for guidance.

  Issue #8108: test_ftplib's non-blocking SSL server now has proper handling
  of SSL shutdowns.
........
2010-04-23 00:16:21 +00:00
Antoine Pitrou da6902cb7b Merged revisions 80317 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

................
  r80317 | antoine.pitrou | 2010-04-21 21:46:23 +0200 (mer., 21 avril 2010) | 15 lines

  Merged revisions 80314-80315 via svnmerge from
  svn+ssh://pythondev@svn.python.org/python/trunk

  ........
    r80314 | antoine.pitrou | 2010-04-21 21:28:03 +0200 (mer., 21 avril 2010) | 5 lines

    Issue #8484: Load all ciphers and digest algorithms when initializing
    the _ssl extension, such that verification of some SSL certificates
    doesn't fail because of an "unknown algorithm".
  ........
    r80315 | antoine.pitrou | 2010-04-21 21:36:23 +0200 (mer., 21 avril 2010) | 3 lines

    Forgot to add the sample certificate (followup to r80314)
  ........
................
2010-04-21 19:52:52 +00:00
Antoine Pitrou fec12fff0f Merged revisions 80314-80315 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r80314 | antoine.pitrou | 2010-04-21 21:28:03 +0200 (mer., 21 avril 2010) | 5 lines

  Issue #8484: Load all ciphers and digest algorithms when initializing
  the _ssl extension, such that verification of some SSL certificates
  doesn't fail because of an "unknown algorithm".
........
  r80315 | antoine.pitrou | 2010-04-21 21:36:23 +0200 (mer., 21 avril 2010) | 3 lines

  Forgot to add the sample certificate (followup to r80314)
........
2010-04-21 19:46:23 +00:00
Antoine Pitrou 2d9cb9c1cb Merged revisions 80151 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r80151 | antoine.pitrou | 2010-04-17 19:10:38 +0200 (sam., 17 avril 2010) | 4 lines

  Issue #8322: Add a *ciphers* argument to SSL sockets, so as to change the
  available cipher list.  Helps fix test_ssl with OpenSSL 1.0.0.
........
2010-04-17 17:40:45 +00:00
Antoine Pitrou d59ceb5b7c Merged revisions 79912 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

................
  r79912 | antoine.pitrou | 2010-04-09 22:42:09 +0200 (ven., 09 avril 2010) | 10 lines

  Merged revisions 79910 via svnmerge from
  svn+ssh://pythondev@svn.python.org/python/trunk

  ........
    r79910 | antoine.pitrou | 2010-04-09 22:38:39 +0200 (ven., 09 avril 2010) | 4 lines

    SSL_MODE_AUTO_RETRY has been added in OpenSSL 0.9.6.  Fix compilation
    with earlier versions.
  ........
................
2010-04-09 20:47:00 +00:00
Antoine Pitrou 0ae7b5897e Merged revisions 79910 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r79910 | antoine.pitrou | 2010-04-09 22:38:39 +0200 (ven., 09 avril 2010) | 4 lines

  SSL_MODE_AUTO_RETRY has been added in OpenSSL 0.9.6.  Fix compilation
  with earlier versions.
........
2010-04-09 20:42:09 +00:00
Antoine Pitrou 04f6a32dff Merged revisions 79812 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r79812 | antoine.pitrou | 2010-04-05 23:35:07 +0200 (lun., 05 avril 2010) | 5 lines

  Issue #8321: Give access to OpenSSL version numbers from the `ssl` module,
  using the new attributes `ssl.OPENSSL_VERSION`, `ssl.OPENSSL_VERSION_INFO`
  and `ssl.OPENSSL_VERSION_NUMBER`.
........
2010-04-05 21:40:07 +00:00
Antoine Pitrou ed6c893cfc Merged revisions 79449,79452 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

................
  r79449 | antoine.pitrou | 2010-03-26 20:32:24 +0100 (ven., 26 mars 2010) | 12 lines

  Merged revisions 79448 via svnmerge from
  svn+ssh://pythondev@svn.python.org/python/trunk

  ........
    r79448 | antoine.pitrou | 2010-03-26 20:27:16 +0100 (ven., 26 mars 2010) | 6 lines

    Issue #8222: Enable the SSL_MODE_AUTO_RETRY flag on SSL sockets, so that blocking
    reads and writes are always retried by OpenSSL itself.

    (this is a followup to issue #3890)
  ........
................
  r79452 | antoine.pitrou | 2010-03-26 20:36:14 +0100 (ven., 26 mars 2010) | 3 lines

  Add NEWS entry for r79449.
................
2010-03-26 19:38:11 +00:00
Antoine Pitrou 5f1c38f06b Merged revisions 79448 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r79448 | antoine.pitrou | 2010-03-26 20:27:16 +0100 (ven., 26 mars 2010) | 6 lines

  Issue #8222: Enable the SSL_MODE_AUTO_RETRY flag on SSL sockets, so that blocking
  reads and writes are always retried by OpenSSL itself.

  (this is a followup to issue #3890)
........
2010-03-26 19:32:24 +00:00
Victor Stinner 117ff17da3 Merged revisions 78598 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

................
  r78598 | victor.stinner | 2010-03-02 23:48:17 +0100 (mar., 02 mars 2010) | 11 lines

  Merged revisions 78596 via svnmerge from
  svn+ssh://pythondev@svn.python.org/python/trunk

  ........
    r78596 | victor.stinner | 2010-03-02 23:44:42 +0100 (mar., 02 mars 2010) | 4 lines

    Issue #2973: Fix gcc warning on the 2nd argument of ASN1_item_d2i() and
    method->d2i(): OpenSSL API changed in OpenSSL 0.9.6m. Patch written by Daniel
    Black.
  ........
................
2010-03-02 22:49:30 +00:00
Victor Stinner 7124a41da2 Merged revisions 78596 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r78596 | victor.stinner | 2010-03-02 23:44:42 +0100 (mar., 02 mars 2010) | 4 lines

  Issue #2973: Fix gcc warning on the 2nd argument of ASN1_item_d2i() and
  method->d2i(): OpenSSL API changed in OpenSSL 0.9.6m. Patch written by Daniel
  Black.
........
2010-03-02 22:48:17 +00:00
Antoine Pitrou 7d7aede558 Merged revisions 75529 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r75529 | antoine.pitrou | 2009-10-19 19:59:07 +0200 (lun., 19 oct. 2009) | 5 lines

  Issue #7133: SSL objects now support the new buffer API.

  This fixes the test_ssl failure.
........
2009-11-25 18:55:32 +00:00
Benjamin Peterson d76c8da098 Merged revisions 73623-73624 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

................
  r73623 | benjamin.peterson | 2009-06-28 12:22:03 -0500 (Sun, 28 Jun 2009) | 58 lines

  Merged revisions 73004,73439,73496,73509,73529,73564,73576-73577,73595-73596,73605 via svnmerge from
  svn+ssh://pythondev@svn.python.org/python/trunk

  ........
    r73004 | jeffrey.yasskin | 2009-05-28 22:44:31 -0500 (Thu, 28 May 2009) | 5 lines

    Fix nearly all compilation warnings under Apple gcc-4.0.  Tested with OPT="-g
    -Wall -Wstrict-prototypes -Werror" in both --with-pydebug mode and --without.
    There's still a batch of non-prototype warnings in Xlib.h that I don't know how
    to fix.
  ........
    r73439 | benjamin.peterson | 2009-06-15 19:29:31 -0500 (Mon, 15 Jun 2009) | 1 line

    don't mask encoding errors when decoding a string #6289
  ........
    r73496 | vinay.sajip | 2009-06-21 12:37:27 -0500 (Sun, 21 Jun 2009) | 1 line

    Issue #6314: logging.basicConfig() performs extra checks on the "level" argument.
  ........
    r73509 | amaury.forgeotdarc | 2009-06-22 14:33:48 -0500 (Mon, 22 Jun 2009) | 2 lines

    #4490 Fix sample code run by "python -m xml.sax.xmlreader"
  ........
    r73529 | r.david.murray | 2009-06-23 13:02:46 -0500 (Tue, 23 Jun 2009) | 4 lines

    Fix issue 5230 by having pydoc's safeimport check to see if the import
    error was thrown from itself in order to decide if the module can't be
    found.  Thanks to Lucas Prado Melo for collaborating on the fix and tests.
  ........
    r73564 | amaury.forgeotdarc | 2009-06-25 17:29:29 -0500 (Thu, 25 Jun 2009) | 6 lines

    #2016 Fix a crash in function call when the **kwargs dictionary is mutated
    during the function call setup.

    This even gives a slight speedup, probably because tuple allocation
    is faster than PyMem_NEW.
  ........
    r73576 | benjamin.peterson | 2009-06-26 18:37:06 -0500 (Fri, 26 Jun 2009) | 1 line

    document is_declared_global()
  ........
    r73577 | benjamin.peterson | 2009-06-27 09:16:23 -0500 (Sat, 27 Jun 2009) | 1 line

    link to extensive generator docs in the reference manual
  ........
    r73595 | ezio.melotti | 2009-06-27 18:45:39 -0500 (Sat, 27 Jun 2009) | 1 line

    stmt and setup can contain multiple statements, see #5896
  ........
    r73596 | ezio.melotti | 2009-06-27 19:07:45 -0500 (Sat, 27 Jun 2009) | 1 line

    Fixed a wrong apostrophe
  ........
    r73605 | georg.brandl | 2009-06-28 07:10:18 -0500 (Sun, 28 Jun 2009) | 1 line

    Remove stray pychecker directive.
  ........
................
  r73624 | benjamin.peterson | 2009-06-28 12:32:20 -0500 (Sun, 28 Jun 2009) | 1 line

  document BufferedIOBase.raw and TextIOBase.buffer
................
2009-06-28 17:35:48 +00:00
Benjamin Peterson 0289b15820 Merged revisions 73004,73439,73496,73509,73529,73564,73576-73577,73595-73596,73605 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r73004 | jeffrey.yasskin | 2009-05-28 22:44:31 -0500 (Thu, 28 May 2009) | 5 lines

  Fix nearly all compilation warnings under Apple gcc-4.0.  Tested with OPT="-g
  -Wall -Wstrict-prototypes -Werror" in both --with-pydebug mode and --without.
  There's still a batch of non-prototype warnings in Xlib.h that I don't know how
  to fix.
........
  r73439 | benjamin.peterson | 2009-06-15 19:29:31 -0500 (Mon, 15 Jun 2009) | 1 line

  don't mask encoding errors when decoding a string #6289
........
  r73496 | vinay.sajip | 2009-06-21 12:37:27 -0500 (Sun, 21 Jun 2009) | 1 line

  Issue #6314: logging.basicConfig() performs extra checks on the "level" argument.
........
  r73509 | amaury.forgeotdarc | 2009-06-22 14:33:48 -0500 (Mon, 22 Jun 2009) | 2 lines

  #4490 Fix sample code run by "python -m xml.sax.xmlreader"
........
  r73529 | r.david.murray | 2009-06-23 13:02:46 -0500 (Tue, 23 Jun 2009) | 4 lines

  Fix issue 5230 by having pydoc's safeimport check to see if the import
  error was thrown from itself in order to decide if the module can't be
  found.  Thanks to Lucas Prado Melo for collaborating on the fix and tests.
........
  r73564 | amaury.forgeotdarc | 2009-06-25 17:29:29 -0500 (Thu, 25 Jun 2009) | 6 lines

  #2016 Fix a crash in function call when the **kwargs dictionary is mutated
  during the function call setup.

  This even gives a slight speedup, probably because tuple allocation
  is faster than PyMem_NEW.
........
  r73576 | benjamin.peterson | 2009-06-26 18:37:06 -0500 (Fri, 26 Jun 2009) | 1 line

  document is_declared_global()
........
  r73577 | benjamin.peterson | 2009-06-27 09:16:23 -0500 (Sat, 27 Jun 2009) | 1 line

  link to extensive generator docs in the reference manual
........
  r73595 | ezio.melotti | 2009-06-27 18:45:39 -0500 (Sat, 27 Jun 2009) | 1 line

  stmt and setup can contain multiple statements, see #5896
........
  r73596 | ezio.melotti | 2009-06-27 19:07:45 -0500 (Sat, 27 Jun 2009) | 1 line

  Fixed a wrong apostrophe
........
  r73605 | georg.brandl | 2009-06-28 07:10:18 -0500 (Sun, 28 Jun 2009) | 1 line

  Remove stray pychecker directive.
........
2009-06-28 17:22:03 +00:00
Benjamin Peterson b173f7853e add a replacement API for PyCObject, PyCapsule #5630
All stdlib modules with C-APIs now use this.

Patch by Larry Hastings
2009-05-05 22:31:58 +00:00
Benjamin Peterson 56420b406d #4967 fix buggy read() 2009-02-28 19:06:54 +00:00
Mark Dickinson e94c679df0 Issue #1717: rename tp_compare to tp_reserved. I'll change the
type of tp_compare in a separate commit, for ease of reversion
should things go wrong.
2009-02-02 20:36:42 +00:00
Raymond Hettinger 26dd760636 Fix signed/unsigned mismatch. 2009-01-26 16:53:29 +00:00
Bill Janssen 40a0f66e95 clean up ssl.py; expose unwrap and add test for it 2008-08-12 16:56:25 +00:00
Marc-André Lemburg 4cc0f24857 Rename PyUnicode_AsString -> _PyUnicode_AsString and
PyUnicode_AsStringAndSize -> _PyUnicode_AsStringAndSize to mark
them for interpreter internal use only.

We'll have to rework these APIs or create new ones for the
purpose of accessing the UTF-8 representation of Unicode objects
for 3.1.
2008-08-07 18:54:33 +00:00