Commit Graph

93 Commits

Author SHA1 Message Date
Antoine Pitrou 3e86ba4e32 Issue #19422: Explicitly disallow non-SOCK_STREAM sockets in the ssl module, rather than silently let them emit clear text data. 2013-12-28 17:26:33 +01:00
Serhiy Storchaka fbc1c26803 Issue #19795: Improved markup of True/False constants. 2013-11-29 12:17:13 +02:00
Antoine Pitrou 9eefe91fc2 Issue #19508: direct the user to read the security considerations for the ssl module 2013-11-17 15:35:33 +01:00
Christian Heimes 47674bc470 fix language 2013-10-29 22:19:39 +01:00
Christian Heimes 3046fe4c03 Issue #18747: document issue with OpenSSL's CPRNG state and fork 2013-10-29 21:08:56 +01:00
Georg Brandl 72c98d3a76 Issue #17997: Change behavior of ``ssl.match_hostname()`` to follow RFC 6125,
for security reasons.  It now doesn't match multiple wildcards nor wildcards
inside IDN fragments.
2013-10-27 07:16:53 +01:00
Georg Brandl 4a6cf6c9d1 Closes #19177: replace dead link to SSL/TLS introduction with the version from Apache. 2013-10-06 18:20:31 +02:00
R David Murray c7f7579855 #18311: fix typo. 2013-06-26 15:11:12 -04:00
Antoine Pitrou d34941ad4e Issue #17739: fix the description of SSLSocket.getpeercert(binary_form=True) for server sockets.
Thanks to David D Lowe for reporting.
2013-04-16 20:27:17 +02:00
Antoine Pitrou d9a7e70939 Update the getpeercert() example with a real-world cert showing non-trivial issuer, subject and subjectAltName. 2012-08-16 22:18:37 +02:00
Antoine Pitrou b7c6c8105e Update the getpeercert() example with a real-world cert showing non-trivial issuer, subject and subjectAltName. 2012-08-16 22:14:43 +02:00
Antoine Pitrou 3b36fb1f53 Issue #14837: SSL errors now have `library` and `reason` attributes describing precisely what happened and in which OpenSSL submodule.
The str() of a SSLError is also enhanced accordingly.

NOTE: this commit creates a reference leak.  The leak seems tied to the
use of PyType_FromSpec() to create the SSLError type.  The leak is on the
type object when it is instantiated:

>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
35
>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
36
>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
37
2012-06-22 21:11:52 +02:00
Antoine Pitrou d5d17eb653 Issue #14204: The ssl module now has support for the Next Protocol Negotiation extension, if available in the underlying OpenSSL library.
Patch by Colin Marc.
2012-03-22 00:23:03 +01:00
Antoine Pitrou e10ae8871a Clarify that ssl.OP_ALL can be different from OpenSSL's SSL_OP_ALL. 2012-01-27 10:03:23 +01:00
Antoine Pitrou 9f6b02ecde Clarify that ssl.OP_ALL can be different from OpenSSL's SSL_OP_ALL. 2012-01-27 10:02:55 +01:00
Antoine Pitrou ac8bfcacfc Issue #13747: fix SSL compatibility table. 2012-01-09 21:43:18 +01:00
Antoine Pitrou 84a2edcdf7 Issue #13747: fix documentation error about the default SSL version. 2012-01-09 21:35:11 +01:00
Antoine Pitrou 441ae043df Update printout of SSL certificate examples for 3.2+. 2012-01-06 20:06:15 +01:00
Antoine Pitrou b7ffed8a50 Add a subsection explaning cipher selection. 2012-01-04 02:53:44 +01:00
Antoine Pitrou 8a9b9c7d16 Merge SSL doc fixes (issue #13747). 2012-01-09 21:46:11 +01:00
Antoine Pitrou deec7566ae Update printout of SSL certificate examples for 3.2+. 2012-01-06 20:09:29 +01:00
Antoine Pitrou 8f746d83e2 Add a subsection explaning cipher selection. 2012-01-04 02:54:12 +01:00
Antoine Pitrou 0e576f1f50 Issue #13626: Add support for SSL Diffie-Hellman key exchange, through the
SSLContext.load_dh_params() method and the ssl.OP_SINGLE_DH_USE option.
2011-12-22 10:03:38 +01:00
Antoine Pitrou 501da61671 Fix ssl module compilation if ECDH support was disabled in the OpenSSL build.
(followup to issue #13627)
2011-12-21 09:27:41 +01:00
Antoine Pitrou 8abdb8abd8 Issue #13634: Add support for querying and disabling SSL compression. 2011-12-20 10:13:40 +01:00
Antoine Pitrou 923df6f22a Issue #13627: Add support for SSL Elliptic Curve-based Diffie-Hellman
key exchange, through the SSLContext.set_ecdh_curve() method and the
ssl.OP_SINGLE_ECDH_USE option.
2011-12-19 17:16:51 +01:00
Antoine Pitrou 6db4944cc5 Issue #13635: Add ssl.OP_CIPHER_SERVER_PREFERENCE, so that SSL servers
choose the cipher based on their own preferences, rather than on the
client's.
2011-12-19 13:27:11 +01:00
Antoine Pitrou f3dc2d7afd Fix typo 2011-10-28 00:01:03 +02:00
Antoine Pitrou 873bf262ad Update example of non-blocking SSL code for the new finer-grained exceptions 2011-10-27 23:59:03 +02:00
Antoine Pitrou 41032a69c1 Issue #11183: Add finer-grained exceptions to the ssl module, so that
you don't have to inspect the exception's attributes in the common case.
2011-10-27 23:56:55 +02:00
Antoine Pitrou 5574c3012d Replace mentions of socket.error. 2011-10-12 17:53:43 +02:00
Antoine Pitrou 756b169c5a Issue #12823: remove broken link and replace it with another resource. 2011-10-07 16:58:35 +02:00
Antoine Pitrou f394e47851 Issue #12823: remove broken link and replace it with another resource. 2011-10-07 16:58:07 +02:00
Antoine Pitrou 4fd1e6a3ba Issue #12803: SSLContext.load_cert_chain() now accepts a password argument
to be used if the private key is encrypted.  Patch by Adam Simpkins.
2011-08-25 14:39:44 +02:00
Antoine Pitrou d649480739 Issue #12551: Provide a get_channel_binding() method on SSL sockets so as
to get channel binding data for the current SSL session (only the
"tls-unique" channel binding is implemented).  This allows the
implementation of certain authentication mechanisms such as SCRAM-SHA-1-PLUS.

Patch by Jacek Konieczny.
2011-07-21 01:11:30 +02:00
Antoine Pitrou 126edb5607 Use infinitive, not 3rd person of present tense. 2011-07-11 01:39:35 +02:00
Antoine Pitrou b3593cada2 Use infinitive, not 3rd person of present tense. 2011-07-11 01:39:19 +02:00
Antoine Pitrou f08310f08b Issue #12343: Add some notes on behaviour of non-blocking SSL sockets. 2011-07-11 01:38:27 +02:00
Antoine Pitrou 6f5dcb1ee2 Issue #12343: Add some notes on behaviour of non-blocking SSL sockets. 2011-07-11 01:35:48 +02:00
Victor Stinner a675206366 Issue #12049: Document errors cases of ssl.RAND_bytes() and
ssl.RAND_pseudo_bytes().  Add also links to RAND_status and RAND_add.
2011-05-25 11:27:40 +02:00
Victor Stinner 19fb53c119 Issue #12049: improve RAND_bytes() and RAND_pseudo_bytes() documentation
Add also a security warning in the module random pointing to ssl.RAND_bytes().
2011-05-24 21:32:40 +02:00
Victor Stinner 99c8b16143 Issue #12049: Add RAND_bytes() and RAND_pseudo_bytes() functions to the ssl
module.
2011-05-24 12:05:19 +02:00
Victor Stinner 17ca323e7c (Merge 3.1) Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.

Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-10 00:48:41 +02:00
Victor Stinner ee18b6f2fd Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.

Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-10 00:38:00 +02:00
Victor Stinner 3de49192aa Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.

Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-09 00:42:58 +02:00
Antoine Pitrou 15399c3f09 Issue #11811: ssl.get_server_certificate() is now IPv6-compatible. Patch
by Charles-François Natali.
2011-04-28 19:23:55 +02:00
Georg Brandl 2774310c27 Merged revisions 87627,87638,87739,87760,87771,87787,87984,87986,88108,88115,88144,88165,88329,88364-88365,88369-88370,88423-88424 via svnmerge from
svn+ssh://svn.python.org/python/branches/py3k

........
  r87627 | georg.brandl | 2011-01-02 15:23:43 +0100 (So, 02 Jan 2011) | 1 line

  #1665333: add more docs for optparse.OptionGroup.
........
  r87638 | georg.brandl | 2011-01-02 20:07:51 +0100 (So, 02 Jan 2011) | 1 line

  Fix code indentation.
........
  r87739 | georg.brandl | 2011-01-04 18:27:13 +0100 (Di, 04 Jan 2011) | 1 line

  Fix exception catching.
........
  r87760 | georg.brandl | 2011-01-05 11:59:48 +0100 (Mi, 05 Jan 2011) | 1 line

  Fix duplicate end tag.
........
  r87771 | georg.brandl | 2011-01-05 22:47:47 +0100 (Mi, 05 Jan 2011) | 1 line

  On Py3k, -tt and -3 are no-op and unsupported respectively.
........
  r87787 | georg.brandl | 2011-01-06 10:15:45 +0100 (Do, 06 Jan 2011) | 1 line

  Remove doc for nonexisting parameter.
........
  r87984 | georg.brandl | 2011-01-13 08:24:40 +0100 (Do, 13 Jan 2011) | 1 line

  Add semicolon for consistency.
........
  r87986 | georg.brandl | 2011-01-13 08:31:18 +0100 (Do, 13 Jan 2011) | 1 line

  Fix the example output of count().
........
  r88108 | georg.brandl | 2011-01-19 09:42:03 +0100 (Mi, 19 Jan 2011) | 1 line

  Suppress trailing spaces in table paragraphs.
........
  r88115 | georg.brandl | 2011-01-19 21:05:49 +0100 (Mi, 19 Jan 2011) | 1 line

  #10944: add c_bool to types table.
........
  r88144 | georg.brandl | 2011-01-22 23:06:24 +0100 (Sa, 22 Jan 2011) | 1 line

  #10983: fix several bugs in the _tunnel implementation that seem to have missed while porting between branches.  A unittest is needed!
........
  r88165 | georg.brandl | 2011-01-24 20:53:18 +0100 (Mo, 24 Jan 2011) | 1 line

  Typo fix.
........
  r88329 | georg.brandl | 2011-02-03 08:08:25 +0100 (Do, 03 Feb 2011) | 1 line

  Punctuation typos.
........
  r88364 | georg.brandl | 2011-02-07 13:10:46 +0100 (Mo, 07 Feb 2011) | 1 line

  #11138: fix order of fill and align specifiers.
........
  r88365 | georg.brandl | 2011-02-07 13:13:58 +0100 (Mo, 07 Feb 2011) | 1 line

  #8691: document that right alignment is default for numbers.
........
  r88369 | georg.brandl | 2011-02-07 16:30:45 +0100 (Mo, 07 Feb 2011) | 1 line

  Consistent heading spacing, and fix two typos.
........
  r88370 | georg.brandl | 2011-02-07 16:44:27 +0100 (Mo, 07 Feb 2011) | 1 line

  Spelling fixes.
........
  r88423 | georg.brandl | 2011-02-15 13:41:17 +0100 (Di, 15 Feb 2011) | 1 line

  Apply logging SocketHandler doc update by Vinay.
........
  r88424 | georg.brandl | 2011-02-15 13:44:43 +0100 (Di, 15 Feb 2011) | 1 line

  Remove editing slip.
........
2011-02-25 10:18:11 +00:00
Raymond Hettinger 469271d4ea More source links 2011-01-27 20:38:46 +00:00
Antoine Pitrou cae7c1d824 Merged revisions 87653-87655 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r87653 | antoine.pitrou | 2011-01-02 23:06:53 +0100 (dim., 02 janv. 2011) | 3 lines

  Clarify behaviour of close() and shutdown() on sockets.
........
  r87654 | antoine.pitrou | 2011-01-02 23:09:27 +0100 (dim., 02 janv. 2011) | 3 lines

  Add a shutdown() call in the server example.
........
  r87655 | antoine.pitrou | 2011-01-02 23:12:22 +0100 (dim., 02 janv. 2011) | 3 lines

  Some nits.
........
2011-01-02 22:35:59 +00:00
Antoine Pitrou e1bc898216 Some nits. 2011-01-02 22:12:22 +00:00