mirrors/cpython
0
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2024-11-23 18:04:37 +08:00
Code Issues Packages Projects Releases Wiki Activity
78,020 Commits 6 Branches 593 Tags 2.5 GiB
9498839a1a
Commit Graph

155 Commits

Author SHA1 Message Date
Antoine Pitrou
912fbff105 Issue #17581: try to fix building on old OpenSSL versions 2013-03-30 16:29:32 +01:00
Antoine Pitrou
2463e5fee4 Issue #16692: The ssl module now supports TLS 1.1 and TLS 1.2. Initial patch by Michele Orrù. 2013-03-28 22:24:43 +01:00
Stefan Krah
20d60803d5 Issue #16982: Fix --without-threads build failure. 2013-01-17 17:07:17 +01:00
Antoine Pitrou
1e37e9efa9 SSLContext.load_dh_params() now properly closes the input file. 2013-01-12 21:44:33 +01:00
Antoine Pitrou
457a2292ca SSLContext.load_dh_params() now properly closes the input file. 2013-01-12 21:43:45 +01:00
Antoine Pitrou
5dd12a5978 Fix returning uninitialized variable (issue #8109). 
Found by Christian with Coverity.
 2013-01-06 15:25:36 +01:00
Antoine Pitrou
58ddc9d743 Issue #8109: The ssl module now has support for server-side SNI, thanks to a :meth:SSLContext.set_servername_callback method. 
Patch by Daniel Black.
 2013-01-05 21:20:29 +01:00
Christian Heimes
5cb31c9277 Issue #15977: Fix memory leak in Modules/_ssl.c when the function _set_npn_protocols() is called multiple times 2012-09-20 12:42:54 +02:00
Jesus Cea
b7a2800831 MERGE: Closes #15793: Stack corruption in ssl.RAND_egd() 2012-09-11 02:08:48 +02:00
Jesus Cea
c8754a13e6 Closes #15793: Stack corruption in ssl.RAND_egd() 2012-09-11 02:00:58 +02:00
Antoine Pitrou
721738fbee Issue #15604: Update uses of PyObject_IsTrue() to check for and handle errors correctly. 
Patch by Serhiy Storchaka.
 2012-08-15 23:20:39 +02:00
Antoine Pitrou
6f430e4963 Issue #15604: Update uses of PyObject_IsTrue() to check for and handle errors correctly. 
Patch by Serhiy Storchaka.
 2012-08-15 23:18:25 +02:00
Antoine Pitrou
3b36fb1f53 Issue #14837: SSL errors now have library and reason attributes describing precisely what happened and in which OpenSSL submodule. 
The str() of a SSLError is also enhanced accordingly.

NOTE: this commit creates a reference leak.  The leak seems tied to the
use of PyType_FromSpec() to create the SSLError type.  The leak is on the
type object when it is instantiated:

>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
35
>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
36
>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
37
 2012-06-22 21:11:52 +02:00
Antoine Pitrou
d5d17eb653 Issue #14204: The ssl module now has support for the Next Protocol Negotiation extension, if available in the underlying OpenSSL library. 
Patch by Colin Marc.
 2012-03-22 00:23:03 +01:00
Antoine Pitrou
c135fa424e Fix last remaining build issues of _ssl under old OpenSSLs. Patch by Vinay. 2012-02-19 21:22:39 +01:00
Antoine Pitrou
a9bf2ac726 Try to really fix compilation failures of the _ssl module under very old OpenSSLs. 2012-02-17 18:47:54 +01:00
Antoine Pitrou
e9fccb360f Fix compilation when SSL_OP_SINGLE_ECDH_USE isn't defined 2012-02-17 11:53:10 +01:00
Antoine Pitrou
04d4ee4e56 Issue #13014: Fix a possible reference leak in SSLSocket.getpeercert(). 2012-02-15 22:28:21 +01:00
Antoine Pitrou
2f5a163dfc Issue #13014: Fix a possible reference leak in SSLSocket.getpeercert(). 2012-02-15 22:25:27 +01:00
Antoine Pitrou
9e2e5329dc Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:53:29 +01:00
Antoine Pitrou
3f366314e8 Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:50:45 +01:00
Antoine Pitrou
f2bf8a6ac5 Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:48:47 +01:00
Antoine Pitrou
0e576f1f50 Issue #13626: Add support for SSL Diffie-Hellman key exchange, through the 
SSLContext.load_dh_params() method and the ssl.OP_SINGLE_DH_USE option.
 2011-12-22 10:03:38 +01:00
Antoine Pitrou
501da61671 Fix ssl module compilation if ECDH support was disabled in the OpenSSL build. 
(followup to issue #13627)
 2011-12-21 09:27:41 +01:00
Antoine Pitrou
8abdb8abd8 Issue #13634: Add support for querying and disabling SSL compression. 2011-12-20 10:13:40 +01:00
Antoine Pitrou
923df6f22a Issue #13627: Add support for SSL Elliptic Curve-based Diffie-Hellman 
key exchange, through the SSLContext.set_ecdh_curve() method and the
ssl.OP_SINGLE_ECDH_USE option.
 2011-12-19 17:16:51 +01:00
Antoine Pitrou
6db4944cc5 Issue #13635: Add ssl.OP_CIPHER_SERVER_PREFERENCE, so that SSL servers 
choose the cipher based on their own preferences, rather than on the
client's.
 2011-12-19 13:27:11 +01:00
Antoine Pitrou
bc53032408 Issue #13458: Fix a memory leak in the ssl module when decoding a certificate with a subjectAltName. 
Patch by Robert Xiao.
 2011-11-23 01:42:52 +01:00
Antoine Pitrou
116d6b98bf Issue #13458: Fix a memory leak in the ssl module when decoding a certificate with a subjectAltName. 
Patch by Robert Xiao.
 2011-11-23 01:39:19 +01:00
Antoine Pitrou
41032a69c1 Issue #11183: Add finer-grained exceptions to the ssl module, so that 
you don't have to inspect the exception's attributes in the common case.
 2011-10-27 23:56:55 +02:00
Antoine Pitrou
a0e0e23299 Add a docstring to SSLError 2011-10-22 23:41:52 +02:00
Antoine Pitrou
b7705b7792 Use PyExc_OSError directly instead of grabbing it from the socket module API 2011-10-22 23:37:51 +02:00
Antoine Pitrou
a02a12c517 Issue #13034: When decoding some SSL certificates, the subjectAltName extension could be unreported. 2011-10-01 19:22:30 +02:00
Antoine Pitrou
d8c347a8de Issue #13034: When decoding some SSL certificates, the subjectAltName extension could be unreported. 2011-10-01 19:20:25 +02:00
Charles-François Natali
ac7e9e058d Issue #12287: Fix a stack corruption in ossaudiodev module when the FD is 
greater than FD_SETSIZE.
 2011-08-28 18:10:27 +02:00
Charles-François Natali
aa26b27503 Issue #12287: Fix a stack corruption in ossaudiodev module when the FD is 
greater than FD_SETSIZE.
 2011-08-28 17:51:43 +02:00
Antoine Pitrou
4fd1e6a3ba Issue #12803: SSLContext.load_cert_chain() now accepts a password argument 
to be used if the private key is encrypted.  Patch by Adam Simpkins.
 2011-08-25 14:39:44 +02:00
Antoine Pitrou
d649480739 Issue #12551: Provide a get_channel_binding() method on SSL sockets so as 
to get channel binding data for the current SSL session (only the
"tls-unique" channel binding is implemented).  This allows the
implementation of certain authentication mechanisms such as SCRAM-SHA-1-PLUS.

Patch by Jacek Konieczny.
 2011-07-21 01:11:30 +02:00
Antoine Pitrou
7128f95bd2 Issue #12440: When testing whether some bits in SSLContext.options can be 
reset, check the version of the OpenSSL headers Python was compiled against,
rather than the runtime version of the OpenSSL library.
 2011-07-08 18:49:07 +02:00
Antoine Pitrou
b9ac25d1c3 Issue #12440: When testing whether some bits in SSLContext.options can be 
reset, check the version of the OpenSSL headers Python was compiled against,
rather than the runtime version of the OpenSSL library.
 2011-07-08 18:47:06 +02:00
Victor Stinner
99c8b16143 Issue #12049: Add RAND_bytes() and RAND_pseudo_bytes() functions to the ssl 
module.
 2011-05-24 12:05:19 +02:00
Victor Stinner
17ca323e7c (Merge 3.1) Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional 
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.

Optimize also ssl.get_protocol_name(): speed does matter!
 2011-05-10 00:48:41 +02:00
Victor Stinner
ee18b6f2fd Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional 
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.

Optimize also ssl.get_protocol_name(): speed does matter!
 2011-05-10 00:38:00 +02:00
Victor Stinner
3de49192aa Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional 
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.

Optimize also ssl.get_protocol_name(): speed does matter!
 2011-05-09 00:42:58 +02:00
Antoine Pitrou
a7caec74aa Merge fix for issue #11746 2011-04-03 18:16:50 +02:00
Antoine Pitrou
9c25486093 Issue #11746: Fix SSLContext.load_cert_chain() to accept elliptic curve private keys. 2011-04-03 18:15:34 +02:00
Brett Cannon
b94767ff44 Issue #8914: fix various warnings from the Clang static analyzer v254. 2011-02-22 20:15:44 +00:00
Victor Stinner
80f75e684e Issue #10989: Fix a crash on SSLContext.load_verify_locations(None, True). 
Patch reviewed by Antoine Pitrou, okayed by Georg Brandl.
 2011-01-29 11:31:20 +00:00
Hirokazu Yamamoto
8e63c687ef Merged revisions 87140 via svnmerge from 
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r87140 | hirokazu.yamamoto | 2010-12-09 19:49:00 +0900 (木, 09 12 2010) | 2 lines

  Should call Py_INCREF for Py_None (Modules/_ssl.c: PySSL_cipher)
........
 2010-12-09 12:30:05 +00:00
Hirokazu Yamamoto
524f10359b Should call Py_INCREF for Py_None (Modules/_ssl.c: PySSL_cipher) 2010-12-09 10:49:00 +00:00