60a26e0516
Issue #9177 : Calling read() or write() now raises ValueError, not AttributeError, on a closed SSL socket.
...
Patch by Senko Rasic.
2013-07-20 19:35:16 +02:00
9a5395ae2b
Issue #18147 : Add diagnostic functions to ssl.SSLContext().
...
get_ca_list() lists all loaded CA certificates and cert_store_stats() returns
amount of loaded X.509 certs, X.509 CA certs and CRLs.
2013-06-17 15:44:12 +02:00
9424bb4aea
Issue #18207 : Fix test_ssl for some versions of OpenSSL that ignore seconds
...
in ASN1_TIME fields.
2013-06-17 15:32:57 +02:00
46bebee25f
Issue #17134 : Add ssl.enum_cert_store() as interface to Windows' cert store.
2013-06-09 19:03:31 +02:00
6d7ad13a45
Issue #18143 : Implement ssl.get_default_verify_paths() in order to debug
...
the default locations for cafile and capath.
2013-06-09 18:02:55 +02:00
636f93c63b
Issue #17980 : Fix possible abuse of ssl.match_hostname() for denial of service using certificates with many wildcards (CVE-2013-2099).
2013-05-18 17:56:42 +02:00
31fb419908
Issue #17980 : Fix possible abuse of ssl.match_hostname() for denial of service using certificates with many wildcards (CVE-2013-2099).
2013-05-18 17:59:12 +02:00
242db728e2
Issue #13721 : SSLSocket.getpeercert() and SSLSocket.do_handshake() now raise an OSError with ENOTCONN, instead of an AttributeError, when the SSLSocket is not connected.
2013-05-01 20:52:07 +02:00
50b24d0d7c
Fix a crash when setting a servername callback on a SSL server socket and the client doesn't send a server name.
...
Patch by Kazuhiro Yoshida.
(originally issue #8109 )
2013-04-11 20:48:42 +02:00
609ef01b02
In search of TLS 1.1 bug: add debugging output in verbose mode
2013-03-29 18:09:06 +01:00
972d5bb763
Use a subtest in test_ssl.test_echo
2013-03-29 17:56:03 +01:00
2463e5fee4
Issue #16692 : The ssl module now supports TLS 1.1 and TLS 1.2. Initial patch by Michele Orrù.
2013-03-28 22:24:43 +01:00
6386e17f39
Issue #13898 : test_ssl no longer prints a spurious stack trace on Ubuntu.
2013-03-03 22:48:15 +01:00
ad246bfb71
Issue #13898 : test_ssl no longer prints a spurious stack trace on Ubuntu.
2013-03-03 22:44:22 +01:00
7b39b9b51b
Issue #13898 : test_ssl no longer prints a spurious stack trace on Ubuntu.
2013-03-03 22:31:21 +01:00
da23259f99
Issue #17107 : Test client-side SNI support in urllib.request thanks to the new server-side SNI support in the ssl module.
...
Initial patch by Daniel Black.
2013-02-05 21:20:51 +01:00
6b4e2a9c02
In test_ssl, threaded tests shouldn't need the network resource to be enabled
2013-01-12 22:00:54 +01:00
db5012ab47
In test_ssl, threaded tests shouldn't need the "network" resource to be enabled
2013-01-12 22:00:09 +01:00
e9bb4733d9
Issue #16923 : Fix ResourceWarnings in test_ssl.
2013-01-12 21:56:56 +01:00
e1ceb50cdf
Issue #16923 : Fix ResourceWarnings in test_ssl.
2013-01-12 21:54:44 +01:00
f86b3c394c
merge 3.3 ( #16900 )
2013-01-10 14:16:42 -06:00
36f7b97787
remove __del__ because it's evil and also prevents the ResourceWarning on the socket from happening ( closes #16900 )
2013-01-10 14:16:20 -06:00
58ddc9d743
Issue #8109 : The ssl module now has support for server-side SNI, thanks to a :meth:`SSLContext.set_servername_callback` method.
...
Patch by Daniel Black.
2013-01-05 21:20:29 +01:00
49f7e58778
Forward port new test for SSLSocket.connect_ex()
2012-12-28 19:09:41 +01:00
6464b84b3e
Forward port new test for SSLSocket.connect_ex()
2012-12-28 19:08:49 +01:00
ddb87ab1b4
Forward port new test for SSLSocket.connect_ex()
2012-12-28 19:07:43 +01:00
40f12ab0c5
Backport Python 3.2 fix for issue #12065 , and add another test for SSLSocket.connect_ex().
2012-12-28 19:03:43 +01:00
f7a17b48d7
Replace IOError with OSError ( #16715 )
2012-12-25 16:47:37 +02:00
0832af6628
Issue #16717 : get rid of socket.error, replace with OSError
2012-12-18 23:10:48 +02:00
73e9bd4d25
Issue #16357 : fix calling accept() on a SSLSocket created through SSLContext.wrap_socket().
...
Original patch by Jeff McNeil.
2012-11-11 01:27:33 +01:00
5c89b4ec55
Issue #16357 : fix calling accept() on a SSLSocket created through SSLContext.wrap_socket().
...
Original patch by Jeff McNeil.
2012-11-11 01:25:36 +01:00
b7a2800831
MERGE: Closes #15793 : Stack corruption in ssl.RAND_egd()
2012-09-11 02:08:48 +02:00
c8754a13e6
Closes #15793 : Stack corruption in ssl.RAND_egd()
2012-09-11 02:00:58 +02:00
a8a5b397c1
Closes #15793 : Stack corruption in ssl.RAND_egd(). Python 2.7 hasn't any issue about this, but add a test just to be sure
2012-09-11 01:55:04 +02:00
3b36fb1f53
Issue #14837 : SSL errors now have `library` and `reason` attributes describing precisely what happened and in which OpenSSL submodule.
...
The str() of a SSLError is also enhanced accordingly.
NOTE: this commit creates a reference leak. The leak seems tied to the
use of PyType_FromSpec() to create the SSLError type. The leak is on the
type object when it is instantiated:
>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
35
>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
36
>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
37
2012-06-22 21:11:52 +02:00
c642f67c63
Skip test_algorithms (known remote hosts need SNI, which is only available on 3.2+)
2012-05-04 16:33:30 +02:00
f340c21ca9
Fix test connecting to sha256.tbs-internet.com.
...
The certificate has changed and the test now needs SNI to pass.
2012-05-04 16:26:56 +02:00
16f6f8338b
Fix test connecting to sha256.tbs-internet.com.
...
The certificate has changed and the test now needs SNI to pass.
2012-05-04 16:26:02 +02:00
d5d17eb653
Issue #14204 : The ssl module now has support for the Next Protocol Negotiation extension, if available in the underlying OpenSSL library.
...
Patch by Colin Marc.
2012-03-22 00:23:03 +01:00
c135fa424e
Fix last remaining build issues of _ssl under old OpenSSLs. Patch by Vinay.
2012-02-19 21:22:39 +01:00
ce816a5111
Issue #13895 : fix test_ssl hanging under Ubuntu
2012-01-28 17:40:23 +01:00
eba63c4203
Issue #13895 : fix test_ssl hanging under Ubuntu
2012-01-28 17:38:34 +01:00
6636887104
Fix intermittent test_ssl failure.
2012-01-27 17:34:56 +01:00
eced82ecbf
Fix intermittent test_ssl failure.
2012-01-27 17:33:01 +01:00
7a556846d4
Fix intermittent test_ssl failure.
2012-01-27 17:33:01 +01:00
d76088d972
Issue #13636 : Weak ciphers are now disabled by default in the ssl module
...
(except when SSLv2 is explicitly asked for).
2012-01-03 22:46:48 +01:00
8f85f907e3
Issue #13636 : Weak ciphers are now disabled by default in the ssl module
...
(except when SSLv2 is explicitly asked for).
2012-01-03 22:46:48 +01:00
65a3f4b8c5
Use context managers in test_ssl to simplify test writing.
2011-12-21 16:52:40 +01:00
5b95eb90a7
Use context managers in test_ssl to simplify test writing.
2011-12-21 16:52:40 +01:00
72aeec35a1
Issue #13636 : Weak ciphers are now disabled by default in the ssl module
...
(except when SSLv2 is explicitly asked for).
2012-01-03 22:49:08 +01:00
0e576f1f50
Issue #13626 : Add support for SSL Diffie-Hellman key exchange, through the
...
SSLContext.load_dh_params() method and the ssl.OP_SINGLE_DH_USE option.
2011-12-22 10:03:38 +01:00
6b15c90fd8
Use context managers in test_ssl to simplify test writing.
2011-12-21 16:54:45 +01:00
501da61671
Fix ssl module compilation if ECDH support was disabled in the OpenSSL build.
...
(followup to issue #13627 )
2011-12-21 09:27:41 +01:00
8691bff6db
Fix for buggy test
2011-12-20 10:47:42 +01:00
8abdb8abd8
Issue #13634 : Add support for querying and disabling SSL compression.
2011-12-20 10:13:40 +01:00
923df6f22a
Issue #13627 : Add support for SSL Elliptic Curve-based Diffie-Hellman
...
key exchange, through the SSLContext.set_ecdh_curve() method and the
ssl.OP_SINGLE_ECDH_USE option.
2011-12-19 17:16:51 +01:00
6db4944cc5
Issue #13635 : Add ssl.OP_CIPHER_SERVER_PREFERENCE, so that SSL servers
...
choose the cipher based on their own preferences, rather than on the
client's.
2011-12-19 13:27:11 +01:00
cf9943de97
Backout redundant changeset 1de4d92cd6a4
2011-10-31 20:23:00 +01:00
39aec0171d
test_protocol_sslv2(): Skip this test if ssl.PROTOCOL_SSLv2 is not
...
defined (as is the case with Ubuntu 11.10).
2011-10-31 14:08:15 -04:00
6361ea2b07
Remove unstable SSL tests in the absence of ssl.OP_NO_{SSLv2,SSLv3,TLSv1}
2011-10-30 21:31:34 +01:00
be83698f21
- Issue #13218 : Fix test_ssl failures on Debian/Ubuntu.
2011-10-28 16:14:44 -04:00
c21a81bf76
- Issue #13218 : Fix test_ssl failures on Debian/Ubuntu.
2011-10-28 17:08:12 -04:00
46ae0efce1
- Issue #13218 : Fix test_ssl failures on Debian/Ubuntu.
2011-10-28 16:52:17 -04:00
41032a69c1
Issue #11183 : Add finer-grained exceptions to the ssl module, so that
...
you don't have to inspect the exception's attributes in the common case.
2011-10-27 23:56:55 +02:00
f06eb46918
Issue #13034 : When decoding some SSL certificates, the subjectAltName extension could be unreported.
2011-10-01 19:30:58 +02:00
a02a12c517
Issue #13034 : When decoding some SSL certificates, the subjectAltName extension could be unreported.
2011-10-01 19:22:30 +02:00
d8c347a8de
Issue #13034 : When decoding some SSL certificates, the subjectAltName extension could be unreported.
2011-10-01 19:20:25 +02:00
513886aabb
Fix #12835 : prevent use of the unencrypted sendmsg/recvmsg APIs on SSL wrapped sockets (Patch by David Watson)
2011-08-28 00:00:27 +10:00
4fd1e6a3ba
Issue #12803 : SSLContext.load_cert_chain() now accepts a password argument
...
to be used if the private key is encrypted. Patch by Adam Simpkins.
2011-08-25 14:39:44 +02:00
5fab03fd15
Remove the SSLSocket versions of sendmsg/recvmsg due to lack of proper tests and documentation in conjunction with lack of any known use cases (see issue #6560 for details)
2011-08-23 22:26:44 +10:00
96fe56abec
Add support for the send/recvmsg API to the socket module. Patch by David Watson and Heiko Wundram. ( Closes #6560 )
2011-08-22 11:55:57 +10:00
d649480739
Issue #12551 : Provide a get_channel_binding() method on SSL sockets so as
...
to get channel binding data for the current SSL session (only the
"tls-unique" channel binding is implemented). This allows the
implementation of certain authentication mechanisms such as SCRAM-SHA-1-PLUS.
Patch by Jacek Konieczny.
2011-07-21 01:11:30 +02:00
7128f95bd2
Issue #12440 : When testing whether some bits in SSLContext.options can be
...
reset, check the version of the OpenSSL headers Python was compiled against,
rather than the runtime version of the OpenSSL library.
2011-07-08 18:49:07 +02:00
b9ac25d1c3
Issue #12440 : When testing whether some bits in SSLContext.options can be
...
reset, check the version of the OpenSSL headers Python was compiled against,
rather than the runtime version of the OpenSSL library.
2011-07-08 18:47:06 +02:00
2e2baa9208
Issue #12049 : test_ssl now checks also that RAND_bytes() raises an error if
...
there is not enough entropy.
2011-05-25 11:15:16 +02:00
99c8b16143
Issue #12049 : Add RAND_bytes() and RAND_pseudo_bytes() functions to the ssl
...
module.
2011-05-24 12:05:19 +02:00
2e7f39e889
Issue #12012 : test_ssl uses test_support.import_module()
...
Skip the whole file if the SSL module is missing. It was already the case,
except that the SkipTest exception was raised in test_main().
This commit fixes an error in test_ssl if the ssl module is missing.
2011-05-22 13:22:28 +02:00
7a616f2fc5
Issue #12065 : connect_ex() on an SSL socket now returns the original errno
...
when the socket's timeout expires (it used to return None).
2011-05-18 18:52:20 +02:00
b4410dbea6
Issue #12065 : connect_ex() on an SSL socket now returns the original errno
...
when the socket's timeout expires (it used to return None).
2011-05-18 18:51:06 +02:00
b1241f9619
(Merge 3.1) Issue #12012 : ssl.PROTOCOL_SSLv2 becomes optional
...
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.
Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-10 01:52:03 +02:00
17ca323e7c
(Merge 3.1) Issue #12012 : ssl.PROTOCOL_SSLv2 becomes optional
...
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.
Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-10 00:48:41 +02:00
ee18b6f2fd
Issue #12012 : ssl.PROTOCOL_SSLv2 becomes optional
...
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.
Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-10 00:38:00 +02:00
3de49192aa
Issue #12012 : ssl.PROTOCOL_SSLv2 becomes optional
...
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.
Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-09 00:42:58 +02:00
ff9bfca482
Issue #12000 : When a SSL certificate has a subjectAltName without any
...
dNSName entry, ssl.match_hostname() should use the subject's commonName.
Patch by Nicolas Bareil.
2011-05-06 15:20:55 +02:00
1c86b44506
Issue #12000 : When a SSL certificate has a subjectAltName without any
...
dNSName entry, ssl.match_hostname() should use the subject's commonName.
Patch by Nicolas Bareil.
2011-05-06 15:19:49 +02:00
5aefa6637c
Fix whitespace
2011-04-28 19:24:46 +02:00
15399c3f09
Issue #11811 : ssl.get_server_certificate() is now IPv6-compatible. Patch
...
by Charles-François Natali.
2011-04-28 19:23:55 +02:00
8ef3907044
Merged revisions 88671 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r88671 | antoine.pitrou | 2011-02-27 16:44:12 +0100 (dim., 27 févr. 2011) | 3 lines
Follow up to r88664: non-blocking connect-ex() can return EWOULDBLOCK under Windows
........
2011-02-27 15:45:22 +00:00
d1c9845b54
Merged revisions 88671 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r88671 | antoine.pitrou | 2011-02-27 16:44:12 +0100 (dim., 27 févr. 2011) | 3 lines
Follow up to r88664: non-blocking connect-ex() can return EWOULDBLOCK under Windows
........
2011-02-27 15:45:16 +00:00
8a14a0c88b
Follow up to r88664: non-blocking connect-ex() can return EWOULDBLOCK under Windows
2011-02-27 15:44:12 +00:00
d3f6ea1d1e
Merged revisions 88664 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r88664 | antoine.pitrou | 2011-02-27 00:24:06 +0100 (dim., 27 févr. 2011) | 4 lines
Issue #11326 : Add the missing connect_ex() implementation for SSL sockets,
and make it work for non-blocking connects.
........
2011-02-26 23:35:27 +00:00
86cbfec50a
Merged revisions 88664 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r88664 | antoine.pitrou | 2011-02-27 00:24:06 +0100 (dim., 27 févr. 2011) | 4 lines
Issue #11326 : Add the missing connect_ex() implementation for SSL sockets,
and make it work for non-blocking connects.
........
2011-02-26 23:25:34 +00:00
e93bf7aed2
Issue #11326 : Add the missing connect_ex() implementation for SSL sockets,
...
and make it work for non-blocking connects.
2011-02-26 23:24:06 +00:00
80f75e684e
Issue #10989 : Fix a crash on SSLContext.load_verify_locations(None, True).
...
Patch reviewed by Antoine Pitrou, okayed by Georg Brandl.
2011-01-29 11:31:20 +00:00
d43245a965
Merged revisions 87861,87863 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r87861 | antoine.pitrou | 2011-01-08 11:23:29 +0100 (sam., 08 janv. 2011) | 3 lines
Fix test_ssl after r87849
........
r87863 | antoine.pitrou | 2011-01-08 11:28:11 +0100 (sam., 08 janv. 2011) | 3 lines
Add EHOSTUNREACH ('No route to host') to the errnos trapped by transient_internet().
........
2011-01-08 10:32:51 +00:00
50778ab4c2
Merged revisions 87861,87863 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r87861 | antoine.pitrou | 2011-01-08 11:23:29 +0100 (sam., 08 janv. 2011) | 3 lines
Fix test_ssl after r87849
........
r87863 | antoine.pitrou | 2011-01-08 11:28:11 +0100 (sam., 08 janv. 2011) | 3 lines
Add EHOSTUNREACH ('No route to host') to the errnos trapped by transient_internet().
........
2011-01-08 10:31:09 +00:00
160fd938ed
Fix test_ssl after r87849
2011-01-08 10:23:29 +00:00
f332abbf15
test_ssl: test SHA256 using sha256.tbs-internet.com instead of sha2.hboeck.de
2011-01-08 03:16:05 +00:00
c4df784514
Issue #10272 : The ssl module now raises socket.timeout instead of a generic
...
SSLError on socket timeouts.
2010-12-03 19:59:41 +00:00
ed3a7d2d60
#10273 : Rename assertRegexpMatches and assertRaisesRegexp to assertRegex and assertRaisesRegex.
2010-12-01 02:32:32 +00:00
Antoine Pitrou
Christian Heimes
Nadeem Vawda
Benjamin Peterson
Andrew Svetlov
Jesus Cea
Barry Warsaw
Nick Coghlan
Victor Stinner
Ezio Melotti