mirrors/cpython
0
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2024-12-14 04:17:19 +08:00
Code Issues Packages Projects Releases Wiki Activity
55,387 Commits 6 Branches 598 Tags 2.6 GiB
47b3239cc6
Commit Graph

142 Commits

Author SHA1 Message Date
Antoine Pitrou
d5d17eb653 Issue #14204: The ssl module now has support for the Next Protocol Negotiation extension, if available in the underlying OpenSSL library. 
Patch by Colin Marc.
 2012-03-22 00:23:03 +01:00
Antoine Pitrou
c135fa424e Fix last remaining build issues of _ssl under old OpenSSLs. Patch by Vinay. 2012-02-19 21:22:39 +01:00
Antoine Pitrou
a9bf2ac726 Try to really fix compilation failures of the _ssl module under very old OpenSSLs. 2012-02-17 18:47:54 +01:00
Antoine Pitrou
e9fccb360f Fix compilation when SSL_OP_SINGLE_ECDH_USE isn't defined 2012-02-17 11:53:10 +01:00
Antoine Pitrou
04d4ee4e56 Issue #13014: Fix a possible reference leak in SSLSocket.getpeercert(). 2012-02-15 22:28:21 +01:00
Antoine Pitrou
2f5a163dfc Issue #13014: Fix a possible reference leak in SSLSocket.getpeercert(). 2012-02-15 22:25:27 +01:00
Antoine Pitrou
9e2e5329dc Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:53:29 +01:00
Antoine Pitrou
3f366314e8 Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:50:45 +01:00
Antoine Pitrou
f2bf8a6ac5 Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:48:47 +01:00
Antoine Pitrou
0e576f1f50 Issue #13626: Add support for SSL Diffie-Hellman key exchange, through the 
SSLContext.load_dh_params() method and the ssl.OP_SINGLE_DH_USE option.
 2011-12-22 10:03:38 +01:00
Antoine Pitrou
501da61671 Fix ssl module compilation if ECDH support was disabled in the OpenSSL build. 
(followup to issue #13627)
 2011-12-21 09:27:41 +01:00
Antoine Pitrou
8abdb8abd8 Issue #13634: Add support for querying and disabling SSL compression. 2011-12-20 10:13:40 +01:00
Antoine Pitrou
923df6f22a Issue #13627: Add support for SSL Elliptic Curve-based Diffie-Hellman 
key exchange, through the SSLContext.set_ecdh_curve() method and the
ssl.OP_SINGLE_ECDH_USE option.
 2011-12-19 17:16:51 +01:00
Antoine Pitrou
6db4944cc5 Issue #13635: Add ssl.OP_CIPHER_SERVER_PREFERENCE, so that SSL servers 
choose the cipher based on their own preferences, rather than on the
client's.
 2011-12-19 13:27:11 +01:00
Antoine Pitrou
bc53032408 Issue #13458: Fix a memory leak in the ssl module when decoding a certificate with a subjectAltName. 
Patch by Robert Xiao.
 2011-11-23 01:42:52 +01:00
Antoine Pitrou
116d6b98bf Issue #13458: Fix a memory leak in the ssl module when decoding a certificate with a subjectAltName. 
Patch by Robert Xiao.
 2011-11-23 01:39:19 +01:00
Antoine Pitrou
41032a69c1 Issue #11183: Add finer-grained exceptions to the ssl module, so that 
you don't have to inspect the exception's attributes in the common case.
 2011-10-27 23:56:55 +02:00
Antoine Pitrou
a0e0e23299 Add a docstring to SSLError 2011-10-22 23:41:52 +02:00
Antoine Pitrou
b7705b7792 Use PyExc_OSError directly instead of grabbing it from the socket module API 2011-10-22 23:37:51 +02:00
Antoine Pitrou
a02a12c517 Issue #13034: When decoding some SSL certificates, the subjectAltName extension could be unreported. 2011-10-01 19:22:30 +02:00
Antoine Pitrou
d8c347a8de Issue #13034: When decoding some SSL certificates, the subjectAltName extension could be unreported. 2011-10-01 19:20:25 +02:00
Charles-François Natali
ac7e9e058d Issue #12287: Fix a stack corruption in ossaudiodev module when the FD is 
greater than FD_SETSIZE.
 2011-08-28 18:10:27 +02:00
Charles-François Natali
aa26b27503 Issue #12287: Fix a stack corruption in ossaudiodev module when the FD is 
greater than FD_SETSIZE.
 2011-08-28 17:51:43 +02:00
Antoine Pitrou
4fd1e6a3ba Issue #12803: SSLContext.load_cert_chain() now accepts a password argument 
to be used if the private key is encrypted.  Patch by Adam Simpkins.
 2011-08-25 14:39:44 +02:00
Antoine Pitrou
d649480739 Issue #12551: Provide a get_channel_binding() method on SSL sockets so as 
to get channel binding data for the current SSL session (only the
"tls-unique" channel binding is implemented).  This allows the
implementation of certain authentication mechanisms such as SCRAM-SHA-1-PLUS.

Patch by Jacek Konieczny.
 2011-07-21 01:11:30 +02:00
Antoine Pitrou
7128f95bd2 Issue #12440: When testing whether some bits in SSLContext.options can be 
reset, check the version of the OpenSSL headers Python was compiled against,
rather than the runtime version of the OpenSSL library.
 2011-07-08 18:49:07 +02:00
Antoine Pitrou
b9ac25d1c3 Issue #12440: When testing whether some bits in SSLContext.options can be 
reset, check the version of the OpenSSL headers Python was compiled against,
rather than the runtime version of the OpenSSL library.
 2011-07-08 18:47:06 +02:00
Victor Stinner
99c8b16143 Issue #12049: Add RAND_bytes() and RAND_pseudo_bytes() functions to the ssl 
module.
 2011-05-24 12:05:19 +02:00
Victor Stinner
17ca323e7c (Merge 3.1) Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional 
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.

Optimize also ssl.get_protocol_name(): speed does matter!
 2011-05-10 00:48:41 +02:00
Victor Stinner
ee18b6f2fd Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional 
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.

Optimize also ssl.get_protocol_name(): speed does matter!
 2011-05-10 00:38:00 +02:00
Victor Stinner
3de49192aa Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional 
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.

Optimize also ssl.get_protocol_name(): speed does matter!
 2011-05-09 00:42:58 +02:00
Antoine Pitrou
a7caec74aa Merge fix for issue #11746 2011-04-03 18:16:50 +02:00
Antoine Pitrou
9c25486093 Issue #11746: Fix SSLContext.load_cert_chain() to accept elliptic curve private keys. 2011-04-03 18:15:34 +02:00
Brett Cannon
b94767ff44 Issue #8914: fix various warnings from the Clang static analyzer v254. 2011-02-22 20:15:44 +00:00
Victor Stinner
80f75e684e Issue #10989: Fix a crash on SSLContext.load_verify_locations(None, True). 
Patch reviewed by Antoine Pitrou, okayed by Georg Brandl.
 2011-01-29 11:31:20 +00:00
Hirokazu Yamamoto
8e63c687ef Merged revisions 87140 via svnmerge from 
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r87140 | hirokazu.yamamoto | 2010-12-09 19:49:00 +0900 (木, 09 12 2010) | 2 lines

  Should call Py_INCREF for Py_None (Modules/_ssl.c: PySSL_cipher)
........
 2010-12-09 12:30:05 +00:00
Hirokazu Yamamoto
524f10359b Should call Py_INCREF for Py_None (Modules/_ssl.c: PySSL_cipher) 2010-12-09 10:49:00 +00:00
Antoine Pitrou
c4df784514 Issue #10272: The ssl module now raises socket.timeout instead of a generic 
SSLError on socket timeouts.
 2010-12-03 19:59:41 +00:00
Antoine Pitrou
664c2d1fc0 Issue #10443: Add the SSLContext.set_default_verify_paths() method. 2010-11-17 20:29:42 +00:00
Antoine Pitrou
fb0469112f Issue #10022: The dictionary returned by the getpeercert() method 
of SSL sockets now has additional items such as `issuer` and `notBefore`.
 2010-11-09 20:21:19 +00:00
Antoine Pitrou
d532321f7b Issue #5639: Add a *server_hostname* argument to SSLContext.wrap_socket 
in order to support the TLS SNI extension.  `HTTPSConnection` and
`urlopen()` also use this argument, so that HTTPS virtual hosts are now
supported.
 2010-10-22 18:19:07 +00:00
Benjamin Peterson
31370951c0 Merged revisions 85432 via svnmerge from 
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r85432 | benjamin.peterson | 2010-10-13 17:06:39 -0500 (Wed, 13 Oct 2010) | 1 line

  constify to appease compiler warnings
........
 2010-10-13 22:20:48 +00:00
Benjamin Peterson
eb1410fc40 constify to appease compiler warnings 2010-10-13 22:06:39 +00:00
Antoine Pitrou
fc113eeb7d Define a "session_id_context" at context creation. This is recommended 
for the OpenSSL server-side session cache.
 2010-10-13 12:46:13 +00:00
Gregory P. Smith
bd4dacb3f9 Fix compile on NetBSD 5.0 (or anything else using an old 0.9.9-dev OpenSSL). 2010-10-13 03:53:21 +00:00
Antoine Pitrou
b0182c8ca5 Issue #10075: Add a session_stats() method to SSLContext objects. 2010-10-12 20:09:02 +00:00
Antoine Pitrou
10c4c23a25 Merged revisions 84464 via svnmerge from 
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r84464 | antoine.pitrou | 2010-09-03 20:38:17 +0200 (ven., 03 sept. 2010) | 3 lines

  Issue #3805: clean up implementation of the _read method in _ssl.c.
........
 2010-09-03 18:39:47 +00:00
Antoine Pitrou
24e561ae04 Issue #3805: clean up implementation of the _read method in _ssl.c. 2010-09-03 18:38:17 +00:00
Antoine Pitrou
67e8e5633e Try to fix some buildbot failures on test_ssl 2010-09-01 20:55:41 +00:00
Giampaolo Rodolà
e0f9863a61 Issue #9693 - msg 115273: attempt to fix ssl module failures on certain OpenSSL versions by calling ERR_clear_error() before raising IOError 2010-09-01 19:28:49 +00:00