traverseda
/
cpython
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
78,871 Commits 9 Branches 456 Tags 1.7 GiB
Commit Graph

124 Commits

Author SHA1 Message Date
Benjamin Peterson 9c5a8d4e23 remove extra arguments in arg parsing format codes (closes #23875) 2015-04-06 13:05:22 -04:00
Benjamin Peterson 72ef961059 expose X509_V_FLAG_TRUSTED_FIRST 2015-03-04 22:49:41 -05:00
Benjamin Peterson b1ebba5bd5 enable X509_V_FLAG_TRUSTED_FIRST when possible (closes #23476) 2015-03-04 22:11:12 -05:00
Antoine Pitrou 34c8d98306 Issue #23576: Avoid stalling in SSL reads when EOF has been reached in the SSL layer but the underlying connection hasn't been closed. 2015-03-04 20:51:55 +01:00
Serhiy Storchaka a2269d074b Issue #23446: Use PyMem_New instead of PyMem_Malloc to avoid possible integer 
overflows.  Added few missed PyErr_NoMemory().
 2015-02-16 13:16:07 +02:00
Benjamin Peterson a99e48c2b2 ifdef our way to compatibility with old openssl (closes #23335) 2015-01-28 12:06:39 -05:00
Benjamin Peterson f4bb2311b1 disable ALPN on LibreSSL, which has a large version number, but not ALPN support (closes #23329) 2015-01-27 11:10:18 -05:00
Benjamin Peterson aa7075845c prefer server alpn ordering over the client's 2015-01-23 17:30:26 -05:00
Benjamin Peterson b10bfbe036 pep 466 backport of alpn (#20188) 2015-01-23 16:35:37 -05:00
Victor Stinner 7c90667f74 Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The 
availability of the function is checked during the compilation. Patch written
by Bernard Spil.
 2015-01-06 13:53:37 +01:00
Benjamin Peterson 60766c47e7 allow ssl module to compile if openssl doesn't support SSL 3 (closes #22935) 
Patch by Kurt Roeckx.
 2014-12-05 21:59:35 -05:00
Benjamin Peterson 31aa69ead5 allow hostname to be passed to SSLContext even if OpenSSL doesn't support SNI (closes #22921) 
Patch from Donald Stufft.
 2014-11-23 20:13:31 -06:00
Benjamin Peterson 93c41335ab allow keyfile argument to be None (closes #22787) 2014-11-03 21:12:05 -05:00
Benjamin Peterson 2f33456e41 fix sslwrap_simple (closes #22523) 
Thanks Alex Gaynor.
 2014-10-01 23:53:01 -04:00
Alex Gaynor e98205d798 Issue #20421: Add a .version() method to SSL sockets exposing the actual protocol version in use. 
Backport from default.
 2014-09-04 13:33:22 -07:00
Benjamin Peterson 876473eba3 fix load_verify_locations on unicode paths (closes #22244) 2014-08-28 09:33:21 -04:00
Benjamin Peterson 7ed3e29723 fix error message for invalid curve name 2014-08-20 21:37:01 -05:00
Benjamin Peterson cbb144afc0 PyUnicode -> PyString and PyLong -> PyInt 2014-08-20 14:25:32 -05:00
Benjamin Peterson daeb925cc8 backport many ssl features from Python 3 (closes #21308) 
A contribution of Alex Gaynor and David Reid with the generous support of
Rackspace. May God have mercy on their souls.
 2014-08-20 14:14:50 -05:00
Antoine Pitrou 3b2afbbf88 Issue #20207: Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly asked for. 2014-01-09 19:52:12 +01:00
Christian Heimes 41a7d5ee17 Issue #19227 / Issue #18747: Remove pthread_atfork() handler to remove OpenSSL re-seeding 
It is causing trouble like e.g. hanging processes.
 2013-10-29 20:50:01 +01:00
Antoine Pitrou 87c99a0d37 Properly initialize all fields of a SSL object after allocation. 2013-09-29 19:52:45 +02:00
Christian Heimes 5eb6e3b40d Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in GEN_EMAIL/GEN_URI/GEN_DNS case 2013-09-05 16:05:50 +02:00
Christian Heimes ed9884b2d0 Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in GEN_EMAIL/GEN_URI/GEN_DNS case 2013-09-05 16:04:35 +02:00
Christian Heimes 8ee5ffddf5 Issue #18747: Fix spelling errors in my commit message and comments, 
thanks to Vajrasky Kok for proof-reading.
 2013-08-25 14:19:16 +02:00
Barry Warsaw 82f8828317 - Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes 
inside subjectAltName correctly. Formerly the module has used OpenSSL's
  GENERAL_NAME_print() function to get the string represention of ASN.1
  strings for `rfc822Name` (email), `dNSName` (DNS) and
  `uniformResourceIdentifier` (URI).
 2013-08-23 13:26:49 -04:00
Christian Heimes 1d0f73d20f Issue #18747: Use a parent atfork handler instead of a child atfork handler. 
fork() is suppose to be async-signal safe but the handler calls unsafe functions. A parent handler mitigates the issue.
 2013-08-22 13:19:48 +02:00
Christian Heimes 0d604cf65e Issue #18747: Re-seed OpenSSL's pseudo-random number generator after fork. 
A pthread_atfork() child handler is used to seeded the PRNG with pid, time
and some stack data.
 2013-08-21 13:26:05 +02:00
Christian Heimes 10107813ac Issue #18777: The ssl module now uses the new CRYPTO_THREADID API of 
OpenSSL 1.0.0+ instead of the deprecated CRYPTO id callback function.
 2013-08-19 17:36:29 +02:00
Christian Heimes b4ec842f39 Issue 18768: Correct doc string of RAND_edg(). Patch by Vajrasky Kok. 2013-08-17 17:25:18 +02:00
Christian Heimes f1bd47ae14 Issue #18768: coding style nitpick. Thanks to Vajrasky Kok 2013-08-17 17:18:56 +02:00
Ezio Melotti 419e23cbb0 #18466: fix more typos. Patch by Févry Thibault. 2013-08-17 16:56:09 +03:00
Christian Heimes 88b174c977 Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes 
inside subjectAltName correctly. Formerly the module has used OpenSSL's
GENERAL_NAME_print() function to get the string represention of ASN.1
strings for rfc822Name (email), dNSName (DNS) and
uniformResourceIdentifier (URI).
 2013-08-17 00:54:47 +02:00
Victor Stinner c1a44269da Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if the input 
string in longer than 2 gigabytes. The ssl module does not support partial
write.
 2013-06-25 00:48:02 +02:00
Victor Stinner 4807df41ad Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write() 
for strings longer than 2 gigabytes.
 2013-06-23 15:15:10 +02:00
Antoine Pitrou c5bef75c77 Issue #15604: Update uses of PyObject_IsTrue() to check for and handle errors correctly. 
Patch by Serhiy Storchaka.
 2012-08-15 23:16:51 +02:00
Antoine Pitrou d358e0554b Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:42:45 +01:00
Antoine Pitrou dd7e071b23 Issue #13014: Fix a possible reference leak in SSLSocket.getpeercert(). 2012-02-15 22:25:27 +01:00
Antoine Pitrou 374b4ea9da Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:44:08 +01:00
Antoine Pitrou aa1c967f93 Issue #13458: Fix a memory leak in the ssl module when decoding a certificate with a subjectAltName. 
Patch by Robert Xiao.
 2011-11-23 01:39:19 +01:00
Antoine Pitrou f06eb46918 Issue #13034: When decoding some SSL certificates, the subjectAltName extension could be unreported. 2011-10-01 19:30:58 +02:00
Charles-François Natali fda7b379ac Issue #12287: Fix a stack corruption in ossaudiodev module when the FD is 
greater than FD_SETSIZE.
 2011-08-28 16:22:33 +02:00
Victor Stinner b1241f9619 (Merge 3.1) Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional 
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.

Optimize also ssl.get_protocol_name(): speed does matter!
 2011-05-10 01:52:03 +02:00
Hirokazu Yamamoto a9b1689a89 Merged revisions 87140 via svnmerge from 
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r87140 | hirokazu.yamamoto | 2010-12-09 19:49:00 +0900 (木, 09 12 2010) | 2 lines

  Should call Py_INCREF for Py_None (Modules/_ssl.c: PySSL_cipher)
........
 2010-12-09 12:12:42 +00:00
Benjamin Peterson 8e73403284 Merged revisions 85432 via svnmerge from 
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r85432 | benjamin.peterson | 2010-10-13 17:06:39 -0500 (Wed, 13 Oct 2010) | 1 line

  constify to appease compiler warnings
........
 2010-10-13 22:10:31 +00:00
Mark Dickinson c1ef2fa45f Merged revisions 83680,83685 via svnmerge from 
svn+ssh://pythondev@svn.python.org/python/branches/release27-maint

................
  r83680 | mark.dickinson | 2010-08-03 19:34:53 +0100 (Tue, 03 Aug 2010) | 9 lines

  Merged revisions 83677 via svnmerge from
  svn+ssh://pythondev@svn.python.org/python/branches/py3k

  ........
    r83677 | mark.dickinson | 2010-08-03 19:31:54 +0100 (Tue, 03 Aug 2010) | 1 line

    Fix memory leak in ssl module.
  ........
................
  r83685 | mark.dickinson | 2010-08-03 19:46:28 +0100 (Tue, 03 Aug 2010) | 9 lines

  Merged revisions 83683 via svnmerge from
  svn+ssh://pythondev@svn.python.org/python/branches/py3k

  ........
    r83683 | mark.dickinson | 2010-08-03 19:44:16 +0100 (Tue, 03 Aug 2010) | 1 line

    Misc/NEWS entry for r83677.
  ........
................
 2010-08-03 18:50:32 +00:00
Mark Dickinson 793c71ce52 Merged revisions 83677 via svnmerge from 
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r83677 | mark.dickinson | 2010-08-03 19:31:54 +0100 (Tue, 03 Aug 2010) | 1 line

  Fix memory leak in ssl module.
........
 2010-08-03 18:34:53 +00:00
Antoine Pitrou b4f0e644bc Merged revisions 82210 via svnmerge from 
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r82210 | antoine.pitrou | 2010-06-25 02:03:21 +0200 (ven., 25 juin 2010) | 4 lines

  Issue #9075: In the ssl module, remove the setting of a `debug` flag
  on an OpenSSL structure.
........
 2010-06-25 00:09:05 +00:00
Antoine Pitrou 0dddf600d4 Issue #9075: In the ssl module, remove the setting of a `debug` flag 
on an OpenSSL structure.
 2010-06-25 00:03:21 +00:00
Antoine Pitrou b6e3e3ab92 Merged revisions 81241 via svnmerge from 
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r81241 | antoine.pitrou | 2010-05-17 01:11:46 +0200 (lun., 17 mai 2010) | 4 lines

  Clear the OpenSSL error queue each time an error is signalled.
  When the error queue is not emptied, strange things can happen on the next SSL call, depending on the OpenSSL version.
........
 2010-05-16 23:14:34 +00:00