Commit Graph

338 Commits

Author SHA1 Message Date
Victor Stinner beeb512fe1 Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The
availability of the function is checked during the compilation.

Patch written by Bernard Spil.
2014-11-28 13:28:25 +01:00
Benjamin Peterson f9284ae8ed merge 3.4 (#22921) 2014-11-23 17:06:39 -06:00
Antoine Pitrou b1fdf47ff5 Issue #21965: Add support for in-memory SSL to the ssl module.
Patch by Geert Jansen.
2014-10-05 20:41:53 +02:00
Antoine Pitrou 47e40429fb Issue #20421: Add a .version() method to SSL sockets exposing the actual protocol version in use. 2014-09-04 21:00:10 +02:00
Victor Stinner e03de09ff2 (Merge 3.4) Issue #21781, _ssl: Fix asn1obj2py() on Windows 64-bit, "s#" format
requires size to be a Py_ssize_t, not an int. _ssl.c is now "Py_ssize_t clean".
2014-07-07 21:52:49 +02:00
Victor Stinner cd75298611 Issue #21781, _ssl: Fix asn1obj2py() on Windows 64-bit, "s#" format requires
size to be a Py_ssize_t, not an int. _ssl.c is now "Py_ssize_t clean".
2014-07-07 21:52:29 +02:00
Victor Stinner 7f084064e8 (Merge 3.4) Issue #21781: Make the ssl module "ssize_t clean" for parsing
parameters.  ssl.RAND_add() now supports strings longer than 2 GB.
2014-07-01 16:39:23 +02:00
Victor Stinner 2e57b4e488 Issue #21781: Make the ssl module "ssize_t clean" for parsing parameters.
ssl.RAND_add() now supports strings longer than 2 GB.
2014-07-01 16:37:17 +02:00
Victor Stinner 45e8e2f218 Issue #21490: Add new C macros: Py_ABS() and Py_STRINGIFY()
Keep _Py_STRINGIZE() in PC/pyconfig.h to not introduce a dependency between
pyconfig.h and pymacros.h.
2014-05-14 17:24:35 +02:00
Antoine Pitrou 0bebbc33fa Issue #21015: SSL contexts will now automatically select an elliptic curve for ECDH key exchange on OpenSSL 1.0.2 and later, and otherwise default to "prime256v1".
(should also fix a buildbot failure introduced by #20995)
2014-03-22 18:13:50 +01:00
Gregory P. Smith 83fed26953 avoid a compiler warning about assigning const char * to char *. 2014-01-17 12:09:05 -08:00
Gregory P. Smith f34890937b avoid a compiler warning about assigning const char * to char *. 2014-01-17 12:08:49 -08:00
Antoine Pitrou 78ace81c93 Issue #20207: Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly asked for. 2014-01-09 20:09:03 +01:00
Antoine Pitrou 2f7c31678a Remove conditional: it is useless at this point (OpenSSL headers are not yet included) 2014-01-09 20:07:41 +01:00
Antoine Pitrou cd3d7cabef Issue #20207: Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly asked for. 2014-01-09 20:02:20 +01:00
Victor Stinner 36e96b8716 (Merge 3.3) Issue #20025: ssl.RAND_bytes() and ssl.RAND_pseudo_bytes() now
raise a ValueError if num is negative (instead of raising a SystemError).
2013-12-19 16:47:25 +01:00
Victor Stinner 1e81a399a2 Issue #20025: ssl.RAND_bytes() and ssl.RAND_pseudo_bytes() now raise a
ValueError if num is negative (instead of raising a SystemError).
2013-12-19 16:47:04 +01:00
Christian Heimes 1aa9a75fbf Issue #19509: Add SSLContext.check_hostname to match the peer's certificate
with server_hostname on handshake.
2013-12-02 02:41:19 +01:00
Christian Heimes 470fba1f9f SNI was added in OpenSSL 0.9.8f [11 Oct 2007], too 2013-11-28 15:12:15 +01:00
Christian Heimes 2427b50fdd Issue #8813: X509_VERIFY_PARAM is only available on OpenSSL 0.9.8+
The patch removes the verify_flags feature on Mac OS X 10.4 with OpenSSL 0.9.7l 28 Sep 2006.
2013-11-23 11:24:32 +01:00
Christian Heimes 5398e1a56e Issue #19448: report name / NID in exception message of ASN1Object 2013-11-22 16:20:53 +01:00
Christian Heimes f22e8e5426 Issue #18147: Add missing documentation for SSLContext.get_ca_certs().
Also change the argument name to the same name as getpeercert()
2013-11-22 02:22:51 +01:00
Christian Heimes 44109d7de7 Issue #17134: Finalize interface to Windows' certificate store. Cert and
CRL enumeration are now two functions. enum_certificates() also returns
purpose flags as set of OIDs.
2013-11-22 01:51:30 +01:00
Christian Heimes 1dbf61fa46 downcast len to int. The code has already checked that len < INT_MAX 2013-11-22 00:34:18 +01:00
Christian Heimes 18fc7be80d lst might be NULL here
CID 1130752:  Dereference after null check  (FORWARD_NULL)
2013-11-21 23:57:49 +01:00
Christian Heimes 225877917e Issue #8813: Add SSLContext.verify_flags to change the verification flags
of the context in order to enable certification revocation list (CRL)
checks or strict X509 rules.
2013-11-21 23:56:13 +01:00
Christian Heimes 949ec14209 Issue #19682: Fix compatibility issue with old version of OpenSSL that
was introduced by Issue #18379.
2013-11-21 16:26:51 +01:00
Christian Heimes bd3a7f90b5 Issue #18379: SSLSocket.getpeercert() returns CA issuer AIA fields, OCSP
and CRL distribution points.
2013-11-21 03:40:15 +01:00
Christian Heimes efff7060f8 Issue #18138: Implement cadata argument of SSLContext.load_verify_location()
to load CA certificates and CRL from memory. It supports PEM and DER
encoded strings.
2013-11-21 03:35:02 +01:00
Christian Heimes b08ff7dcb4 Safely downcast SOCKET_T to int in _ssl module 2013-11-18 10:04:07 +01:00
Christian Heimes a6bc95aa02 Issue #19448: Add private API to SSL module to lookup ASN.1 objects by OID, NID, short name and long name. 2013-11-17 19:59:14 +01:00
Victor Stinner a9eb38f02a Issue #19437: Fix newPySSLSocket(), handle PyWeakref_NewRef() failure 2013-10-31 16:35:38 +01:00
Victor Stinner ba9be477b0 Issue #19437: Fix fill_and_set_sslerror() of _ssl, handle Py_BuildValue()
failure

Don't call PyObject_CallObject() with NULL parameters and an exception set.
2013-10-31 15:00:24 +01:00
Christian Heimes ee0bac66b2 Issue #19227 / Issue #18747: Remove pthread_atfork() handler to remove OpenSSL re-seeding
It is causing trouble like e.g. hanging processes.
2013-10-29 21:11:55 +01:00
Christian Heimes fb6b44e830 Issue #19227 / Issue #18747: Remove pthread_atfork() handler to remove OpenSSL re-seeding
It is causing trouble like e.g. hanging processes.
2013-10-29 20:50:01 +01:00
Georg Brandl 81be27d53e Issue #19227: Try to fix deadlocks caused by re-seeding then OpenSSL
pseudo-random number generator on fork().
2013-10-27 07:56:11 +01:00
Georg Brandl fb404f528a #19227: merge with 3.3 2013-10-27 07:57:42 +01:00
Antoine Pitrou b2201e1aa6 Properly initialize all fields of a SSL object after allocation. 2013-09-29 19:53:45 +02:00
Antoine Pitrou 860aee75b8 Properly initialize all fields of a SSL object after allocation. 2013-09-29 19:52:45 +02:00
Antoine Pitrou 20b85557f2 Issue #19095: SSLSocket.getpeercert() now raises ValueError when the SSL handshake hasn't been done. 2013-09-29 19:50:53 +02:00
Christian Heimes 2d7aba3db1 Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in GEN_EMAIL/GEN_URI/GEN_DNS case 2013-09-05 16:04:50 +02:00
Christian Heimes 60bf2fc25b Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in GEN_EMAIL/GEN_URI/GEN_DNS case 2013-09-05 16:04:35 +02:00
Victor Stinner daf455554b Issue #18571: Implementation of the PEP 446: file descriptors and file handles
are now created non-inheritable; add functions os.get/set_inheritable(),
os.get/set_handle_inheritable() and socket.socket.get/set_inheritable().
2013-08-28 00:53:59 +02:00
Christian Heimes cfa47962c2 Issue #18747: Fix spelling errors in my commit message and comments,
thanks to Vajrasky Kok for proof-reading.
2013-08-25 14:19:29 +02:00
Christian Heimes 61636e7105 Issue #18747: Fix spelling errors in my commit message and comments,
thanks to Vajrasky Kok for proof-reading.
2013-08-25 14:19:16 +02:00
Richard Oudkerk cabbde9e1e Fix compiler warning on Windows. 2013-08-24 23:46:27 +01:00
Christian Heimes f54c24628b Issue #18747: Use a parent atfork handler instead of a child atfork handler.
fork() is suppose to be async-signal safe but the handler calls unsafe functions. A parent handler mitigates the issue.
2013-08-22 13:19:56 +02:00
Christian Heimes 80c5de93f9 Issue #18747: Use a parent atfork handler instead of a child atfork handler.
fork() is suppose to be async-signal safe but the handler calls unsafe functions. A parent handler mitigates the issue.
2013-08-22 13:19:48 +02:00
Christian Heimes 6acbe2aaa3 Issue #18747: Re-seed OpenSSL's pseudo-random number generator after fork.
A pthread_atfork() child handler is used to seeded the PRNG with pid, time
and some stack data.
2013-08-21 13:26:34 +02:00
Christian Heimes f77b4b20e9 Issue #18747: Re-seed OpenSSL's pseudo-random number generator after fork.
A pthread_atfork() child handler is used to seeded the PRNG with pid, time
and some stack data.
2013-08-21 13:26:05 +02:00
Christian Heimes 85532eb212 Issue #18777: The ssl module now uses the new CRYPTO_THREADID API of
OpenSSL 1.0.0+ instead of the deprecated CRYPTO id callback function.
2013-08-19 17:36:39 +02:00
Christian Heimes 4d98ca9ff6 Issue #18777: The ssl module now uses the new CRYPTO_THREADID API of
OpenSSL 1.0.0+ instead of the deprecated CRYPTO id callback function.
2013-08-19 17:36:29 +02:00
Christian Heimes f920a1c1f1 Issue 18768: Correct doc string of RAND_edg(). Patch by Vajrasky Kok. 2013-08-17 17:25:27 +02:00
Christian Heimes 3c2593b2bb Issue 18768: Correct doc string of RAND_edg(). Patch by Vajrasky Kok. 2013-08-17 17:25:18 +02:00
Christian Heimes 9b5907cbd5 Issue #18768: coding style nitpick. Thanks to Vajrasky Kok 2013-08-17 17:19:03 +02:00
Christian Heimes 474afdda60 Issue #18768: coding style nitpick. Thanks to Vajrasky Kok 2013-08-17 17:18:56 +02:00
Ezio Melotti a7e7497d88 #18466: merge with 3.3. 2013-08-17 16:58:13 +03:00
Ezio Melotti 85a8629d21 #18466: fix more typos. Patch by Févry Thibault. 2013-08-17 16:57:41 +03:00
Christian Heimes e06d47c70c Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes
inside subjectAltName correctly. Formerly the module has used OpenSSL's
GENERAL_NAME_print() function to get the string represention of ASN.1
strings for rfc822Name (email), dNSName (DNS) and
uniformResourceIdentifier (URI).
2013-08-17 00:58:00 +02:00
Christian Heimes 824f7f366d Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes
inside subjectAltName correctly. Formerly the module has used OpenSSL's
GENERAL_NAME_print() function to get the string represention of ASN.1
strings for rfc822Name (email), dNSName (DNS) and
uniformResourceIdentifier (URI).
2013-08-17 00:54:47 +02:00
Christian Heimes 9bfcaa6fb3 Check return value of PyLong_FromLong(X509_get_version()). It might be NULL if
X509_get_version() grows beyond our small int cache.
CID 1058279
2013-07-26 15:51:35 +02:00
Christian Heimes 5962bef8aa Check return value of PyLong_FromLong(X509_get_version()). It might be NULL if
X509_get_version() grows beyond our small int cache.
CID 1058279
2013-07-26 15:51:18 +02:00
Victor Stinner 11ebff2757 Issue #18203: Replace malloc() with PyMem_Malloc() in _ssl for the password 2013-07-07 17:07:52 +02:00
Victor Stinner b64049183c Issue #18203: Replace malloc() with PyMem_Malloc() in Python modules
Replace malloc() with PyMem_Malloc() when the GIL is held, or with
PyMem_RawMalloc() otherwise.
2013-07-07 16:21:41 +02:00
Victor Stinner 7e00151e1f _ssl.c: strip trailing spaces 2013-06-25 00:44:31 +02:00
Victor Stinner 86073dc3c2 (Merge 3.3) Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if
the input string in longer than 2 gigabytes, and
ssl.SSLContext.load_cert_chain() raises a ValueError if the password is longer
than 2 gigabytes. The ssl module does not support partial write.
2013-06-25 00:43:47 +02:00
Victor Stinner 6efa965a27 Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if the input
string in longer than 2 gigabytes, and ssl.SSLContext.load_cert_chain() raises
a ValueError if the password is longer than 2 gigabytes. The ssl module does
not support partial write.
2013-06-25 00:42:31 +02:00
Victor Stinner 8cfd67cfe7 (Merge 3.3) Issue #18135: Fix a possible integer overflow in
ssl.SSLSocket.write() and in ssl.SSLContext.load_cert_chain() for strings and
passwords longer than 2 gigabytes.
2013-06-23 15:09:26 +02:00
Victor Stinner 9ee0203057 Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write()
and in ssl.SSLContext.load_cert_chain() for strings and passwords longer
than 2 gigabytes.
2013-06-23 15:08:23 +02:00
Victor Stinner 4569cd5eab _ssl.c: strip trailing spaces 2013-06-23 14:58:43 +02:00
Christian Heimes 9a5395ae2b Issue #18147: Add diagnostic functions to ssl.SSLContext().
get_ca_list() lists all loaded CA certificates and cert_store_stats() returns
amount of loaded X.509 certs, X.509 CA certs and CRLs.
2013-06-17 15:44:12 +02:00
Christian Heimes 200bb1b08c Simplify return value of ssl.get_default_verify_paths
prefix function with PySSL_, too. Other module level functions have a prefix, too.
2013-06-14 15:14:29 +02:00
Christian Heimes 75b8426698 fixd refleak 2013-06-10 10:47:22 +02:00
Christian Heimes 46bebee25f Issue #17134: Add ssl.enum_cert_store() as interface to Windows' cert store. 2013-06-09 19:03:31 +02:00
Christian Heimes 142ec2c014 get_default_verify_paths doesn't belong inside the ifdef block 2013-06-09 18:29:54 +02:00
Christian Heimes 6d7ad13a45 Issue #18143: Implement ssl.get_default_verify_paths() in order to debug
the default locations for cafile and capath.
2013-06-09 18:02:55 +02:00
Antoine Pitrou 19fef69b75 Fix compilation under MSVC: ssl_set_mode() is a macro, and the MSVC preprocessor doesn't process #ifdef's inside a macro argument list.
(found explanation at http://www.tech-archive.net/Archive/VC/microsoft.public.vc.language/2007-05/msg00385.html)
2013-05-25 13:23:03 +02:00
Antoine Pitrou 3a65ad7f08 Issue #8240: Set the SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag on SSL sockets. 2013-05-25 13:02:32 +02:00
Antoine Pitrou 50b24d0d7c Fix a crash when setting a servername callback on a SSL server socket and the client doesn't send a server name.
Patch by Kazuhiro Yoshida.
(originally issue #8109)
2013-04-11 20:48:42 +02:00
Antoine Pitrou ce852cb8b9 Fix comment about the OpenSSL version in which SNI version was introduced. 2013-03-30 16:45:04 +01:00
Antoine Pitrou edbc18e9d0 Improve set_servername_callback docstring. 2013-03-30 16:40:27 +01:00
Antoine Pitrou a596338bb8 Fix previous fix (the cause was actually a misplaced #endif, or so it seems) 2013-03-30 16:39:00 +01:00
Antoine Pitrou 41f8c4f5e4 Further compiling fixes (issue #17581) 2013-03-30 16:36:54 +01:00
Antoine Pitrou 912fbff105 Issue #17581: try to fix building on old OpenSSL versions 2013-03-30 16:29:32 +01:00
Antoine Pitrou 2463e5fee4 Issue #16692: The ssl module now supports TLS 1.1 and TLS 1.2. Initial patch by Michele Orrù. 2013-03-28 22:24:43 +01:00
Stefan Krah 20d60803d5 Issue #16982: Fix --without-threads build failure. 2013-01-17 17:07:17 +01:00
Antoine Pitrou 1e37e9efa9 SSLContext.load_dh_params() now properly closes the input file. 2013-01-12 21:44:33 +01:00
Antoine Pitrou 457a2292ca SSLContext.load_dh_params() now properly closes the input file. 2013-01-12 21:43:45 +01:00
Antoine Pitrou 5dd12a5978 Fix returning uninitialized variable (issue #8109).
Found by Christian with Coverity.
2013-01-06 15:25:36 +01:00
Antoine Pitrou 58ddc9d743 Issue #8109: The ssl module now has support for server-side SNI, thanks to a :meth:`SSLContext.set_servername_callback` method.
Patch by Daniel Black.
2013-01-05 21:20:29 +01:00
Christian Heimes 5cb31c9277 Issue #15977: Fix memory leak in Modules/_ssl.c when the function _set_npn_protocols() is called multiple times 2012-09-20 12:42:54 +02:00
Jesus Cea b7a2800831 MERGE: Closes #15793: Stack corruption in ssl.RAND_egd() 2012-09-11 02:08:48 +02:00
Jesus Cea c8754a13e6 Closes #15793: Stack corruption in ssl.RAND_egd() 2012-09-11 02:00:58 +02:00
Antoine Pitrou 721738fbee Issue #15604: Update uses of PyObject_IsTrue() to check for and handle errors correctly.
Patch by Serhiy Storchaka.
2012-08-15 23:20:39 +02:00
Antoine Pitrou 6f430e4963 Issue #15604: Update uses of PyObject_IsTrue() to check for and handle errors correctly.
Patch by Serhiy Storchaka.
2012-08-15 23:18:25 +02:00
Antoine Pitrou 3b36fb1f53 Issue #14837: SSL errors now have `library` and `reason` attributes describing precisely what happened and in which OpenSSL submodule.
The str() of a SSLError is also enhanced accordingly.

NOTE: this commit creates a reference leak.  The leak seems tied to the
use of PyType_FromSpec() to create the SSLError type.  The leak is on the
type object when it is instantiated:

>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
35
>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
36
>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
37
2012-06-22 21:11:52 +02:00
Antoine Pitrou d5d17eb653 Issue #14204: The ssl module now has support for the Next Protocol Negotiation extension, if available in the underlying OpenSSL library.
Patch by Colin Marc.
2012-03-22 00:23:03 +01:00
Antoine Pitrou c135fa424e Fix last remaining build issues of _ssl under old OpenSSLs. Patch by Vinay. 2012-02-19 21:22:39 +01:00
Antoine Pitrou a9bf2ac726 Try to really fix compilation failures of the _ssl module under very old OpenSSLs. 2012-02-17 18:47:54 +01:00
Antoine Pitrou e9fccb360f Fix compilation when SSL_OP_SINGLE_ECDH_USE isn't defined 2012-02-17 11:53:10 +01:00
Antoine Pitrou 04d4ee4e56 Issue #13014: Fix a possible reference leak in SSLSocket.getpeercert(). 2012-02-15 22:28:21 +01:00
Antoine Pitrou 2f5a163dfc Issue #13014: Fix a possible reference leak in SSLSocket.getpeercert(). 2012-02-15 22:25:27 +01:00
Antoine Pitrou 9e2e5329dc Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:53:29 +01:00
Antoine Pitrou 3f366314e8 Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:50:45 +01:00
Antoine Pitrou f2bf8a6ac5 Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:48:47 +01:00
Antoine Pitrou 0e576f1f50 Issue #13626: Add support for SSL Diffie-Hellman key exchange, through the
SSLContext.load_dh_params() method and the ssl.OP_SINGLE_DH_USE option.
2011-12-22 10:03:38 +01:00
Antoine Pitrou 501da61671 Fix ssl module compilation if ECDH support was disabled in the OpenSSL build.
(followup to issue #13627)
2011-12-21 09:27:41 +01:00
Antoine Pitrou 8abdb8abd8 Issue #13634: Add support for querying and disabling SSL compression. 2011-12-20 10:13:40 +01:00
Antoine Pitrou 923df6f22a Issue #13627: Add support for SSL Elliptic Curve-based Diffie-Hellman
key exchange, through the SSLContext.set_ecdh_curve() method and the
ssl.OP_SINGLE_ECDH_USE option.
2011-12-19 17:16:51 +01:00
Antoine Pitrou 6db4944cc5 Issue #13635: Add ssl.OP_CIPHER_SERVER_PREFERENCE, so that SSL servers
choose the cipher based on their own preferences, rather than on the
client's.
2011-12-19 13:27:11 +01:00
Antoine Pitrou bc53032408 Issue #13458: Fix a memory leak in the ssl module when decoding a certificate with a subjectAltName.
Patch by Robert Xiao.
2011-11-23 01:42:52 +01:00
Antoine Pitrou 116d6b98bf Issue #13458: Fix a memory leak in the ssl module when decoding a certificate with a subjectAltName.
Patch by Robert Xiao.
2011-11-23 01:39:19 +01:00
Antoine Pitrou 41032a69c1 Issue #11183: Add finer-grained exceptions to the ssl module, so that
you don't have to inspect the exception's attributes in the common case.
2011-10-27 23:56:55 +02:00
Antoine Pitrou a0e0e23299 Add a docstring to SSLError 2011-10-22 23:41:52 +02:00
Antoine Pitrou b7705b7792 Use PyExc_OSError directly instead of grabbing it from the socket module API 2011-10-22 23:37:51 +02:00
Antoine Pitrou a02a12c517 Issue #13034: When decoding some SSL certificates, the subjectAltName extension could be unreported. 2011-10-01 19:22:30 +02:00
Antoine Pitrou d8c347a8de Issue #13034: When decoding some SSL certificates, the subjectAltName extension could be unreported. 2011-10-01 19:20:25 +02:00
Charles-François Natali ac7e9e058d Issue #12287: Fix a stack corruption in ossaudiodev module when the FD is
greater than FD_SETSIZE.
2011-08-28 18:10:27 +02:00
Charles-François Natali aa26b27503 Issue #12287: Fix a stack corruption in ossaudiodev module when the FD is
greater than FD_SETSIZE.
2011-08-28 17:51:43 +02:00
Antoine Pitrou 4fd1e6a3ba Issue #12803: SSLContext.load_cert_chain() now accepts a password argument
to be used if the private key is encrypted.  Patch by Adam Simpkins.
2011-08-25 14:39:44 +02:00
Antoine Pitrou d649480739 Issue #12551: Provide a get_channel_binding() method on SSL sockets so as
to get channel binding data for the current SSL session (only the
"tls-unique" channel binding is implemented).  This allows the
implementation of certain authentication mechanisms such as SCRAM-SHA-1-PLUS.

Patch by Jacek Konieczny.
2011-07-21 01:11:30 +02:00
Antoine Pitrou 7128f95bd2 Issue #12440: When testing whether some bits in SSLContext.options can be
reset, check the version of the OpenSSL headers Python was compiled against,
rather than the runtime version of the OpenSSL library.
2011-07-08 18:49:07 +02:00
Antoine Pitrou b9ac25d1c3 Issue #12440: When testing whether some bits in SSLContext.options can be
reset, check the version of the OpenSSL headers Python was compiled against,
rather than the runtime version of the OpenSSL library.
2011-07-08 18:47:06 +02:00
Victor Stinner 99c8b16143 Issue #12049: Add RAND_bytes() and RAND_pseudo_bytes() functions to the ssl
module.
2011-05-24 12:05:19 +02:00
Victor Stinner 17ca323e7c (Merge 3.1) Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.

Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-10 00:48:41 +02:00
Victor Stinner ee18b6f2fd Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.

Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-10 00:38:00 +02:00
Victor Stinner 3de49192aa Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.

Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-09 00:42:58 +02:00
Antoine Pitrou a7caec74aa Merge fix for issue #11746 2011-04-03 18:16:50 +02:00
Antoine Pitrou 9c25486093 Issue #11746: Fix SSLContext.load_cert_chain() to accept elliptic curve private keys. 2011-04-03 18:15:34 +02:00
Brett Cannon b94767ff44 Issue #8914: fix various warnings from the Clang static analyzer v254. 2011-02-22 20:15:44 +00:00
Victor Stinner 80f75e684e Issue #10989: Fix a crash on SSLContext.load_verify_locations(None, True).
Patch reviewed by Antoine Pitrou, okayed by Georg Brandl.
2011-01-29 11:31:20 +00:00
Hirokazu Yamamoto 8e63c687ef Merged revisions 87140 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r87140 | hirokazu.yamamoto | 2010-12-09 19:49:00 +0900 (木, 09 12 2010) | 2 lines

  Should call Py_INCREF for Py_None (Modules/_ssl.c: PySSL_cipher)
........
2010-12-09 12:30:05 +00:00
Hirokazu Yamamoto 524f10359b Should call Py_INCREF for Py_None (Modules/_ssl.c: PySSL_cipher) 2010-12-09 10:49:00 +00:00
Antoine Pitrou c4df784514 Issue #10272: The ssl module now raises socket.timeout instead of a generic
SSLError on socket timeouts.
2010-12-03 19:59:41 +00:00
Antoine Pitrou 664c2d1fc0 Issue #10443: Add the SSLContext.set_default_verify_paths() method. 2010-11-17 20:29:42 +00:00
Antoine Pitrou fb0469112f Issue #10022: The dictionary returned by the `getpeercert()` method
of SSL sockets now has additional items such as `issuer` and `notBefore`.
2010-11-09 20:21:19 +00:00
Antoine Pitrou d532321f7b Issue #5639: Add a *server_hostname* argument to `SSLContext.wrap_socket`
in order to support the TLS SNI extension.  `HTTPSConnection` and
`urlopen()` also use this argument, so that HTTPS virtual hosts are now
supported.
2010-10-22 18:19:07 +00:00
Benjamin Peterson 31370951c0 Merged revisions 85432 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r85432 | benjamin.peterson | 2010-10-13 17:06:39 -0500 (Wed, 13 Oct 2010) | 1 line

  constify to appease compiler warnings
........
2010-10-13 22:20:48 +00:00
Benjamin Peterson eb1410fc40 constify to appease compiler warnings 2010-10-13 22:06:39 +00:00
Antoine Pitrou fc113eeb7d Define a "session_id_context" at context creation. This is recommended
for the OpenSSL server-side session cache.
2010-10-13 12:46:13 +00:00
Gregory P. Smith bd4dacb3f9 Fix compile on NetBSD 5.0 (or anything else using an old 0.9.9-dev OpenSSL). 2010-10-13 03:53:21 +00:00
Antoine Pitrou b0182c8ca5 Issue #10075: Add a session_stats() method to SSLContext objects. 2010-10-12 20:09:02 +00:00
Antoine Pitrou 10c4c23a25 Merged revisions 84464 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r84464 | antoine.pitrou | 2010-09-03 20:38:17 +0200 (ven., 03 sept. 2010) | 3 lines

  Issue #3805: clean up implementation of the _read method in _ssl.c.
........
2010-09-03 18:39:47 +00:00
Antoine Pitrou 24e561ae04 Issue #3805: clean up implementation of the _read method in _ssl.c. 2010-09-03 18:38:17 +00:00
Antoine Pitrou 67e8e5633e Try to fix some buildbot failures on test_ssl 2010-09-01 20:55:41 +00:00
Giampaolo Rodolà e0f9863a61 Issue #9693 - msg 115273: attempt to fix ssl module failures on certain OpenSSL versions by calling ERR_clear_error() before raising IOError 2010-09-01 19:28:49 +00:00
Giampaolo Rodolà 745ab3807e Fix issue issue9706: provides a better error handling for various SSL operations 2010-08-29 19:25:49 +00:00
Mark Dickinson 732cc9be1e Merged revisions 83677 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r83677 | mark.dickinson | 2010-08-03 19:31:54 +0100 (Tue, 03 Aug 2010) | 1 line

  Fix memory leak in ssl module.
........
2010-08-03 18:33:11 +00:00
Mark Dickinson ee55df5c85 Fix memory leak in ssl module. 2010-08-03 18:31:54 +00:00
Antoine Pitrou 4b261d2073 Merged revisions 82211 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

................
  r82211 | antoine.pitrou | 2010-06-25 02:07:34 +0200 (ven., 25 juin 2010) | 10 lines

  Merged revisions 82210 via svnmerge from
  svn+ssh://pythondev@svn.python.org/python/trunk

  ........
    r82210 | antoine.pitrou | 2010-06-25 02:03:21 +0200 (ven., 25 juin 2010) | 4 lines

    Issue #9075: In the ssl module, remove the setting of a `debug` flag
    on an OpenSSL structure.
  ........
................
2010-06-25 00:13:19 +00:00