Antoine Pitrou
72aeec35a1
Issue #13636 : Weak ciphers are now disabled by default in the ssl module
...
(except when SSLv2 is explicitly asked for).
2012-01-03 22:49:08 +01:00
Antoine Pitrou
8f85f907e3
Issue #13636 : Weak ciphers are now disabled by default in the ssl module
...
(except when SSLv2 is explicitly asked for).
2012-01-03 22:46:48 +01:00
Antoine Pitrou
0e576f1f50
Issue #13626 : Add support for SSL Diffie-Hellman key exchange, through the
...
SSLContext.load_dh_params() method and the ssl.OP_SINGLE_DH_USE option.
2011-12-22 10:03:38 +01:00
Antoine Pitrou
501da61671
Fix ssl module compilation if ECDH support was disabled in the OpenSSL build.
...
(followup to issue #13627 )
2011-12-21 09:27:41 +01:00
Antoine Pitrou
8abdb8abd8
Issue #13634 : Add support for querying and disabling SSL compression.
2011-12-20 10:13:40 +01:00
Antoine Pitrou
923df6f22a
Issue #13627 : Add support for SSL Elliptic Curve-based Diffie-Hellman
...
key exchange, through the SSLContext.set_ecdh_curve() method and the
ssl.OP_SINGLE_ECDH_USE option.
2011-12-19 17:16:51 +01:00
Antoine Pitrou
6db4944cc5
Issue #13635 : Add ssl.OP_CIPHER_SERVER_PREFERENCE, so that SSL servers
...
choose the cipher based on their own preferences, rather than on the
client's.
2011-12-19 13:27:11 +01:00
Antoine Pitrou
41032a69c1
Issue #11183 : Add finer-grained exceptions to the ssl module, so that
...
you don't have to inspect the exception's attributes in the common case.
2011-10-27 23:56:55 +02:00
Nick Coghlan
513886aabb
Fix #12835 : prevent use of the unencrypted sendmsg/recvmsg APIs on SSL wrapped sockets (Patch by David Watson)
2011-08-28 00:00:27 +10:00
Nick Coghlan
5fab03fd15
Remove the SSLSocket versions of sendmsg/recvmsg due to lack of proper tests and documentation in conjunction with lack of any known use cases (see issue #6560 for details)
2011-08-23 22:26:44 +10:00
Nick Coghlan
96fe56abec
Add support for the send/recvmsg API to the socket module. Patch by David Watson and Heiko Wundram. ( Closes #6560 )
2011-08-22 11:55:57 +10:00
Antoine Pitrou
d649480739
Issue #12551 : Provide a get_channel_binding() method on SSL sockets so as
...
to get channel binding data for the current SSL session (only the
"tls-unique" channel binding is implemented). This allows the
implementation of certain authentication mechanisms such as SCRAM-SHA-1-PLUS.
Patch by Jacek Konieczny.
2011-07-21 01:11:30 +02:00
Antoine Pitrou
7128f95bd2
Issue #12440 : When testing whether some bits in SSLContext.options can be
...
reset, check the version of the OpenSSL headers Python was compiled against,
rather than the runtime version of the OpenSSL library.
2011-07-08 18:49:07 +02:00
Antoine Pitrou
b9ac25d1c3
Issue #12440 : When testing whether some bits in SSLContext.options can be
...
reset, check the version of the OpenSSL headers Python was compiled against,
rather than the runtime version of the OpenSSL library.
2011-07-08 18:47:06 +02:00
Victor Stinner
99c8b16143
Issue #12049 : Add RAND_bytes() and RAND_pseudo_bytes() functions to the ssl
...
module.
2011-05-24 12:05:19 +02:00
Antoine Pitrou
7a616f2fc5
Issue #12065 : connect_ex() on an SSL socket now returns the original errno
...
when the socket's timeout expires (it used to return None).
2011-05-18 18:52:20 +02:00
Antoine Pitrou
b4410dbea6
Issue #12065 : connect_ex() on an SSL socket now returns the original errno
...
when the socket's timeout expires (it used to return None).
2011-05-18 18:51:06 +02:00
Victor Stinner
17ca323e7c
(Merge 3.1) Issue #12012 : ssl.PROTOCOL_SSLv2 becomes optional
...
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.
Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-10 00:48:41 +02:00
Victor Stinner
ee18b6f2fd
Issue #12012 : ssl.PROTOCOL_SSLv2 becomes optional
...
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.
Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-10 00:38:00 +02:00
Victor Stinner
3de49192aa
Issue #12012 : ssl.PROTOCOL_SSLv2 becomes optional
...
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.
Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-09 00:42:58 +02:00
Antoine Pitrou
ff9bfca482
Issue #12000 : When a SSL certificate has a subjectAltName without any
...
dNSName entry, ssl.match_hostname() should use the subject's commonName.
Patch by Nicolas Bareil.
2011-05-06 15:20:55 +02:00
Antoine Pitrou
1c86b44506
Issue #12000 : When a SSL certificate has a subjectAltName without any
...
dNSName entry, ssl.match_hostname() should use the subject's commonName.
Patch by Nicolas Bareil.
2011-05-06 15:19:49 +02:00
Antoine Pitrou
15399c3f09
Issue #11811 : ssl.get_server_certificate() is now IPv6-compatible. Patch
...
by Charles-François Natali.
2011-04-28 19:23:55 +02:00
Antoine Pitrou
86cbfec50a
Merged revisions 88664 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r88664 | antoine.pitrou | 2011-02-27 00:24:06 +0100 (dim., 27 févr. 2011) | 4 lines
Issue #11326 : Add the missing connect_ex() implementation for SSL sockets,
and make it work for non-blocking connects.
........
2011-02-26 23:25:34 +00:00
Antoine Pitrou
e93bf7aed2
Issue #11326 : Add the missing connect_ex() implementation for SSL sockets,
...
and make it work for non-blocking connects.
2011-02-26 23:24:06 +00:00
Antoine Pitrou
d532321f7b
Issue #5639 : Add a *server_hostname* argument to `SSLContext.wrap_socket`
...
in order to support the TLS SNI extension. `HTTPSConnection` and
`urlopen()` also use this argument, so that HTTPS virtual hosts are now
supported.
2010-10-22 18:19:07 +00:00
Antoine Pitrou
59fdd6736b
Issue #1589 : Add ssl.match_hostname(), to help implement server identity
...
verification for higher-level protocols.
2010-10-08 10:37:08 +00:00
Antoine Pitrou
5974cdd5f5
Merged revisions 84807 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r84807 | antoine.pitrou | 2010-09-14 16:43:44 +0200 (mar., 14 sept. 2010) | 4 lines
Issue #9853 : Fix the signature of SSLSocket.recvfrom() and
SSLSocket.sendto() to match the corresponding socket methods.
........
2010-09-14 14:47:08 +00:00
Antoine Pitrou
a468adc76d
Issue #9853 : Fix the signature of SSLSocket.recvfrom() and
...
SSLSocket.sendto() to match the corresponding socket methods.
2010-09-14 14:43:44 +00:00
Antoine Pitrou
10c4c23a25
Merged revisions 84464 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r84464 | antoine.pitrou | 2010-09-03 20:38:17 +0200 (ven., 03 sept. 2010) | 3 lines
Issue #3805 : clean up implementation of the _read method in _ssl.c.
........
2010-09-03 18:39:47 +00:00
Antoine Pitrou
24e561ae04
Issue #3805 : clean up implementation of the _read method in _ssl.c.
2010-09-03 18:38:17 +00:00
Giampaolo Rodolà
8b7da623ce
Fix issue #9711 : raise ValueError is SSLConnection constructor is invoked with keyfile and not certfile.
2010-08-30 18:28:05 +00:00
Giampaolo Rodolà
745ab3807e
Fix issue issue9706: provides a better error handling for various SSL operations
2010-08-29 19:25:49 +00:00
Giampaolo Rodolà
374f835316
Raise ValuError if non-zero flag argument is provided for sendall() method for conformity with send(), recv() and recv_into()
2010-08-29 12:08:09 +00:00
Antoine Pitrou
6e451df800
Followup to r83869 and issue #8524 : rename socket.forget() to socket.detach()
...
and make it return the file descriptor.
2010-08-09 20:39:54 +00:00
Antoine Pitrou
e43f9d0ed6
Issue #8524 : Add a forget() method to socket objects, so as to put the
...
socket into the closed state without closing the underlying file
descriptor.
2010-08-08 23:24:50 +00:00
Antoine Pitrou
b52187710e
Issue #4870 : Add an `options` attribute to SSL contexts, as well as
...
several ``OP_*`` constants to the `ssl` module. This allows to selectively
disable protocol versions, when used in combination with `PROTOCOL_SSLv23`.
2010-05-21 09:56:06 +00:00
Antoine Pitrou
152efa2ae2
Issue #8550 : Add first class `SSLContext` objects to the ssl module.
2010-05-16 18:19:27 +00:00
Antoine Pitrou
f07d5589c0
Merged revisions 80517 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r80517 | antoine.pitrou | 2010-04-27 01:06:26 +0200 (mar., 27 avril 2010) | 3 lines
Remove unused import
........
2010-04-26 23:08:35 +00:00
Antoine Pitrou
90e6d04071
Remove unused import
2010-04-26 23:06:26 +00:00
Antoine Pitrou
28f7ab6402
Merged revisions 80515 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r80515 | antoine.pitrou | 2010-04-27 00:17:47 +0200 (mar., 27 avril 2010) | 4 lines
Hopefully fix sporadic Windows issue by avoiding calling getpeername()
on a freshly dup'ed socket.
........
2010-04-26 22:37:59 +00:00
Antoine Pitrou
fa2b9380c0
Hopefully fix sporadic Windows issue by avoiding calling getpeername()
...
on a freshly dup'ed socket.
2010-04-26 22:17:47 +00:00
Antoine Pitrou
365171d8f6
Merged revisions 80509 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
................
r80509 | antoine.pitrou | 2010-04-26 19:29:05 +0200 (lun., 26 avril 2010) | 10 lines
Merged revisions 80507 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r80507 | antoine.pitrou | 2010-04-26 19:23:33 +0200 (lun., 26 avril 2010) | 4 lines
When calling getpeername() in SSLSocket.__init__, only silence exceptions
caused by the "socket not connected" condition.
........
................
2010-04-26 17:32:49 +00:00
Antoine Pitrou
de8cf32ec8
Merged revisions 80507 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/trunk
........
r80507 | antoine.pitrou | 2010-04-26 19:23:33 +0200 (lun., 26 avril 2010) | 4 lines
When calling getpeername() in SSLSocket.__init__, only silence exceptions
caused by the "socket not connected" condition.
........
2010-04-26 17:29:05 +00:00
Antoine Pitrou
c2203f92ff
Merged revisions 80456 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
r80456 | antoine.pitrou | 2010-04-25 00:04:40 +0200 (dim., 25 avril 2010) | 5 lines
Issue #8524 : When creating an SSL socket, the timeout value of the
original socket wasn't retained (instead, a socket with a positive timeout
would be turned into a non-blocking SSL socket).
........
2010-04-24 22:07:51 +00:00
Antoine Pitrou
40f0874b55
Issue #8524 : When creating an SSL socket, the timeout value of the
...
original socket wasn't retained (instead, a socket with a positive timeout
would be turned into a non-blocking SSL socket).
2010-04-24 22:04:40 +00:00
Antoine Pitrou
2d9cb9c1cb
Merged revisions 80151 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/trunk
........
r80151 | antoine.pitrou | 2010-04-17 19:10:38 +0200 (sam., 17 avril 2010) | 4 lines
Issue #8322 : Add a *ciphers* argument to SSL sockets, so as to change the
available cipher list. Helps fix test_ssl with OpenSSL 1.0.0.
........
2010-04-17 17:40:45 +00:00
Antoine Pitrou
04f6a32dff
Merged revisions 79812 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/trunk
........
r79812 | antoine.pitrou | 2010-04-05 23:35:07 +0200 (lun., 05 avril 2010) | 5 lines
Issue #8321 : Give access to OpenSSL version numbers from the `ssl` module,
using the new attributes `ssl.OPENSSL_VERSION`, `ssl.OPENSSL_VERSION_INFO`
and `ssl.OPENSSL_VERSION_NUMBER`.
........
2010-04-05 21:40:07 +00:00
Antoine Pitrou
a06bfd87da
Merged revisions 79287,79289 via svnmerge from
...
svn+ssh://pythondev@svn.python.org/python/branches/py3k
................
r79287 | antoine.pitrou | 2010-03-22 15:49:10 +0100 (lun., 22 mars 2010) | 13 lines
Merged revisions 79226,79286 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r79226 | antoine.pitrou | 2010-03-21 20:33:38 +0100 (dim., 21 mars 2010) | 4 lines
Issue #3890 : Fix recv() and recv_into() on non-blocking SSL sockets.
........
r79286 | antoine.pitrou | 2010-03-22 15:41:48 +0100 (lun., 22 mars 2010) | 3 lines
Fix an occasional test_ftplib failure, following r79226.
........
................
r79289 | antoine.pitrou | 2010-03-22 16:07:09 +0100 (lun., 22 mars 2010) | 3 lines
Fix a blunder in r79287. This part is, obviously, poorly tested (if at all).
................
2010-03-22 15:09:31 +00:00
Antoine Pitrou
37c1f18a72
Fix a blunder in r79287. This part is, obviously, poorly tested (if at all).
2010-03-22 15:07:09 +00:00