Benjamin Peterson
|
f9284ae8ed
|
merge 3.4 (#22921)
|
2014-11-23 17:06:39 -06:00 |
Benjamin Peterson
|
7243b574e5
|
don't require OpenSSL SNI to pass hostname to ssl functions (#22921)
Patch by Donald Stufft.
|
2014-11-23 17:04:34 -06:00 |
Antoine Pitrou
|
b1fdf47ff5
|
Issue #21965: Add support for in-memory SSL to the ssl module.
Patch by Geert Jansen.
|
2014-10-05 20:41:53 +02:00 |
Antoine Pitrou
|
47e40429fb
|
Issue #20421: Add a .version() method to SSL sockets exposing the actual protocol version in use.
|
2014-09-04 21:00:10 +02:00 |
Victor Stinner
|
e03de09ff2
|
(Merge 3.4) Issue #21781, _ssl: Fix asn1obj2py() on Windows 64-bit, "s#" format
requires size to be a Py_ssize_t, not an int. _ssl.c is now "Py_ssize_t clean".
|
2014-07-07 21:52:49 +02:00 |
Victor Stinner
|
cd75298611
|
Issue #21781, _ssl: Fix asn1obj2py() on Windows 64-bit, "s#" format requires
size to be a Py_ssize_t, not an int. _ssl.c is now "Py_ssize_t clean".
|
2014-07-07 21:52:29 +02:00 |
Victor Stinner
|
7f084064e8
|
(Merge 3.4) Issue #21781: Make the ssl module "ssize_t clean" for parsing
parameters. ssl.RAND_add() now supports strings longer than 2 GB.
|
2014-07-01 16:39:23 +02:00 |
Victor Stinner
|
2e57b4e488
|
Issue #21781: Make the ssl module "ssize_t clean" for parsing parameters.
ssl.RAND_add() now supports strings longer than 2 GB.
|
2014-07-01 16:37:17 +02:00 |
Victor Stinner
|
45e8e2f218
|
Issue #21490: Add new C macros: Py_ABS() and Py_STRINGIFY()
Keep _Py_STRINGIZE() in PC/pyconfig.h to not introduce a dependency between
pyconfig.h and pymacros.h.
|
2014-05-14 17:24:35 +02:00 |
Antoine Pitrou
|
0bebbc33fa
|
Issue #21015: SSL contexts will now automatically select an elliptic curve for ECDH key exchange on OpenSSL 1.0.2 and later, and otherwise default to "prime256v1".
(should also fix a buildbot failure introduced by #20995)
|
2014-03-22 18:13:50 +01:00 |
Gregory P. Smith
|
83fed26953
|
avoid a compiler warning about assigning const char * to char *.
|
2014-01-17 12:09:05 -08:00 |
Gregory P. Smith
|
f34890937b
|
avoid a compiler warning about assigning const char * to char *.
|
2014-01-17 12:08:49 -08:00 |
Antoine Pitrou
|
78ace81c93
|
Issue #20207: Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly asked for.
|
2014-01-09 20:09:03 +01:00 |
Antoine Pitrou
|
2f7c31678a
|
Remove conditional: it is useless at this point (OpenSSL headers are not yet included)
|
2014-01-09 20:07:41 +01:00 |
Antoine Pitrou
|
cd3d7cabef
|
Issue #20207: Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly asked for.
|
2014-01-09 20:02:20 +01:00 |
Victor Stinner
|
36e96b8716
|
(Merge 3.3) Issue #20025: ssl.RAND_bytes() and ssl.RAND_pseudo_bytes() now
raise a ValueError if num is negative (instead of raising a SystemError).
|
2013-12-19 16:47:25 +01:00 |
Victor Stinner
|
1e81a399a2
|
Issue #20025: ssl.RAND_bytes() and ssl.RAND_pseudo_bytes() now raise a
ValueError if num is negative (instead of raising a SystemError).
|
2013-12-19 16:47:04 +01:00 |
Christian Heimes
|
1aa9a75fbf
|
Issue #19509: Add SSLContext.check_hostname to match the peer's certificate
with server_hostname on handshake.
|
2013-12-02 02:41:19 +01:00 |
Christian Heimes
|
470fba1f9f
|
SNI was added in OpenSSL 0.9.8f [11 Oct 2007], too
|
2013-11-28 15:12:15 +01:00 |
Christian Heimes
|
2427b50fdd
|
Issue #8813: X509_VERIFY_PARAM is only available on OpenSSL 0.9.8+
The patch removes the verify_flags feature on Mac OS X 10.4 with OpenSSL 0.9.7l 28 Sep 2006.
|
2013-11-23 11:24:32 +01:00 |
Christian Heimes
|
5398e1a56e
|
Issue #19448: report name / NID in exception message of ASN1Object
|
2013-11-22 16:20:53 +01:00 |
Christian Heimes
|
f22e8e5426
|
Issue #18147: Add missing documentation for SSLContext.get_ca_certs().
Also change the argument name to the same name as getpeercert()
|
2013-11-22 02:22:51 +01:00 |
Christian Heimes
|
44109d7de7
|
Issue #17134: Finalize interface to Windows' certificate store. Cert and
CRL enumeration are now two functions. enum_certificates() also returns
purpose flags as set of OIDs.
|
2013-11-22 01:51:30 +01:00 |
Christian Heimes
|
1dbf61fa46
|
downcast len to int. The code has already checked that len < INT_MAX
|
2013-11-22 00:34:18 +01:00 |
Christian Heimes
|
18fc7be80d
|
lst might be NULL here
CID 1130752: Dereference after null check (FORWARD_NULL)
|
2013-11-21 23:57:49 +01:00 |
Christian Heimes
|
225877917e
|
Issue #8813: Add SSLContext.verify_flags to change the verification flags
of the context in order to enable certification revocation list (CRL)
checks or strict X509 rules.
|
2013-11-21 23:56:13 +01:00 |
Christian Heimes
|
949ec14209
|
Issue #19682: Fix compatibility issue with old version of OpenSSL that
was introduced by Issue #18379.
|
2013-11-21 16:26:51 +01:00 |
Christian Heimes
|
bd3a7f90b5
|
Issue #18379: SSLSocket.getpeercert() returns CA issuer AIA fields, OCSP
and CRL distribution points.
|
2013-11-21 03:40:15 +01:00 |
Christian Heimes
|
efff7060f8
|
Issue #18138: Implement cadata argument of SSLContext.load_verify_location()
to load CA certificates and CRL from memory. It supports PEM and DER
encoded strings.
|
2013-11-21 03:35:02 +01:00 |
Christian Heimes
|
b08ff7dcb4
|
Safely downcast SOCKET_T to int in _ssl module
|
2013-11-18 10:04:07 +01:00 |
Christian Heimes
|
a6bc95aa02
|
Issue #19448: Add private API to SSL module to lookup ASN.1 objects by OID, NID, short name and long name.
|
2013-11-17 19:59:14 +01:00 |
Victor Stinner
|
a9eb38f02a
|
Issue #19437: Fix newPySSLSocket(), handle PyWeakref_NewRef() failure
|
2013-10-31 16:35:38 +01:00 |
Victor Stinner
|
ba9be477b0
|
Issue #19437: Fix fill_and_set_sslerror() of _ssl, handle Py_BuildValue()
failure
Don't call PyObject_CallObject() with NULL parameters and an exception set.
|
2013-10-31 15:00:24 +01:00 |
Christian Heimes
|
ee0bac66b2
|
Issue #19227 / Issue #18747: Remove pthread_atfork() handler to remove OpenSSL re-seeding
It is causing trouble like e.g. hanging processes.
|
2013-10-29 21:11:55 +01:00 |
Christian Heimes
|
fb6b44e830
|
Issue #19227 / Issue #18747: Remove pthread_atfork() handler to remove OpenSSL re-seeding
It is causing trouble like e.g. hanging processes.
|
2013-10-29 20:50:01 +01:00 |
Georg Brandl
|
81be27d53e
|
Issue #19227: Try to fix deadlocks caused by re-seeding then OpenSSL
pseudo-random number generator on fork().
|
2013-10-27 07:56:11 +01:00 |
Georg Brandl
|
fb404f528a
|
#19227: merge with 3.3
|
2013-10-27 07:57:42 +01:00 |
Antoine Pitrou
|
b2201e1aa6
|
Properly initialize all fields of a SSL object after allocation.
|
2013-09-29 19:53:45 +02:00 |
Antoine Pitrou
|
860aee75b8
|
Properly initialize all fields of a SSL object after allocation.
|
2013-09-29 19:52:45 +02:00 |
Antoine Pitrou
|
20b85557f2
|
Issue #19095: SSLSocket.getpeercert() now raises ValueError when the SSL handshake hasn't been done.
|
2013-09-29 19:50:53 +02:00 |
Christian Heimes
|
2d7aba3db1
|
Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in GEN_EMAIL/GEN_URI/GEN_DNS case
|
2013-09-05 16:04:50 +02:00 |
Christian Heimes
|
60bf2fc25b
|
Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in GEN_EMAIL/GEN_URI/GEN_DNS case
|
2013-09-05 16:04:35 +02:00 |
Victor Stinner
|
daf455554b
|
Issue #18571: Implementation of the PEP 446: file descriptors and file handles
are now created non-inheritable; add functions os.get/set_inheritable(),
os.get/set_handle_inheritable() and socket.socket.get/set_inheritable().
|
2013-08-28 00:53:59 +02:00 |
Christian Heimes
|
cfa47962c2
|
Issue #18747: Fix spelling errors in my commit message and comments,
thanks to Vajrasky Kok for proof-reading.
|
2013-08-25 14:19:29 +02:00 |
Christian Heimes
|
61636e7105
|
Issue #18747: Fix spelling errors in my commit message and comments,
thanks to Vajrasky Kok for proof-reading.
|
2013-08-25 14:19:16 +02:00 |
Richard Oudkerk
|
cabbde9e1e
|
Fix compiler warning on Windows.
|
2013-08-24 23:46:27 +01:00 |
Christian Heimes
|
f54c24628b
|
Issue #18747: Use a parent atfork handler instead of a child atfork handler.
fork() is suppose to be async-signal safe but the handler calls unsafe functions. A parent handler mitigates the issue.
|
2013-08-22 13:19:56 +02:00 |
Christian Heimes
|
80c5de93f9
|
Issue #18747: Use a parent atfork handler instead of a child atfork handler.
fork() is suppose to be async-signal safe but the handler calls unsafe functions. A parent handler mitigates the issue.
|
2013-08-22 13:19:48 +02:00 |
Christian Heimes
|
6acbe2aaa3
|
Issue #18747: Re-seed OpenSSL's pseudo-random number generator after fork.
A pthread_atfork() child handler is used to seeded the PRNG with pid, time
and some stack data.
|
2013-08-21 13:26:34 +02:00 |
Christian Heimes
|
f77b4b20e9
|
Issue #18747: Re-seed OpenSSL's pseudo-random number generator after fork.
A pthread_atfork() child handler is used to seeded the PRNG with pid, time
and some stack data.
|
2013-08-21 13:26:05 +02:00 |