mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-07-09 20:35:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 11
109660 commits 7 branches 620 tags 3.9 GiB
Commit graph

184 commits

Author SHA1 Message Date
Antoine Pitrou
31fb419908 Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of service using certificates with many wildcards (CVE-2013-2099). 2013-05-18 17:59:12 +02:00
Antoine Pitrou
242db728e2 Issue #13721: SSLSocket.getpeercert() and SSLSocket.do_handshake() now raise an OSError with ENOTCONN, instead of an AttributeError, when the SSLSocket is not connected. 2013-05-01 20:52:07 +02:00
Giampaolo Rodola'
06d0c1e72c remove uneffective 'while True' clause 2013-04-03 12:01:44 +02:00
Antoine Pitrou
2463e5fee4 Issue #16692: The ssl module now supports TLS 1.1 and TLS 1.2. Initial patch by Michele Orrù. 2013-03-28 22:24:43 +01:00
Benjamin Peterson
f86b3c394c merge 3.3 (#16900) 2013-01-10 14:16:42 -06:00
Benjamin Peterson
36f7b97787 remove __del__ because it's evil and also prevents the ResourceWarning on the socket from happening (closes #16900) 2013-01-10 14:16:20 -06:00
Antoine Pitrou
58ddc9d743 Issue #8109: The ssl module now has support for server-side SNI, thanks to a :meth:SSLContext.set_servername_callback method. 
Patch by Daniel Black.
 2013-01-05 21:20:29 +01:00
Andrew Svetlov
0832af6628 Issue #16717: get rid of socket.error, replace with OSError 2012-12-18 23:10:48 +02:00
Antoine Pitrou
73e9bd4d25 Issue #16357: fix calling accept() on a SSLSocket created through SSLContext.wrap_socket(). 
Original patch by Jeff McNeil.
 2012-11-11 01:27:33 +01:00
Antoine Pitrou
5c89b4ec55 Issue #16357: fix calling accept() on a SSLSocket created through SSLContext.wrap_socket(). 
Original patch by Jeff McNeil.
 2012-11-11 01:25:36 +01:00
Antoine Pitrou
d5d17eb653 Issue #14204: The ssl module now has support for the Next Protocol Negotiation extension, if available in the underlying OpenSSL library. 
Patch by Colin Marc.
 2012-03-22 00:23:03 +01:00
Antoine Pitrou
a9bf2ac726 Try to really fix compilation failures of the _ssl module under very old OpenSSLs. 2012-02-17 18:47:54 +01:00
Antoine Pitrou
8f85f907e3 Issue #13636: Weak ciphers are now disabled by default in the ssl module 
(except when SSLv2 is explicitly asked for).
 2012-01-03 22:46:48 +01:00
Antoine Pitrou
72aeec35a1 Issue #13636: Weak ciphers are now disabled by default in the ssl module 
(except when SSLv2 is explicitly asked for).
 2012-01-03 22:49:08 +01:00
Antoine Pitrou
0e576f1f50 Issue #13626: Add support for SSL Diffie-Hellman key exchange, through the 
SSLContext.load_dh_params() method and the ssl.OP_SINGLE_DH_USE option.
 2011-12-22 10:03:38 +01:00
Antoine Pitrou
501da61671 Fix ssl module compilation if ECDH support was disabled in the OpenSSL build. 
(followup to issue #13627)
 2011-12-21 09:27:41 +01:00
Antoine Pitrou
8abdb8abd8 Issue #13634: Add support for querying and disabling SSL compression. 2011-12-20 10:13:40 +01:00
Antoine Pitrou
923df6f22a Issue #13627: Add support for SSL Elliptic Curve-based Diffie-Hellman 
key exchange, through the SSLContext.set_ecdh_curve() method and the
ssl.OP_SINGLE_ECDH_USE option.
 2011-12-19 17:16:51 +01:00
Antoine Pitrou
6db4944cc5 Issue #13635: Add ssl.OP_CIPHER_SERVER_PREFERENCE, so that SSL servers 
choose the cipher based on their own preferences, rather than on the
client's.
 2011-12-19 13:27:11 +01:00
Antoine Pitrou
41032a69c1 Issue #11183: Add finer-grained exceptions to the ssl module, so that 
you don't have to inspect the exception's attributes in the common case.
 2011-10-27 23:56:55 +02:00
Nick Coghlan
513886aabb Fix #12835: prevent use of the unencrypted sendmsg/recvmsg APIs on SSL wrapped sockets (Patch by David Watson) 2011-08-28 00:00:27 +10:00
Nick Coghlan
5fab03fd15 Remove the SSLSocket versions of sendmsg/recvmsg due to lack of proper tests and documentation in conjunction with lack of any known use cases (see issue #6560 for details) 2011-08-23 22:26:44 +10:00
Nick Coghlan
96fe56abec Add support for the send/recvmsg API to the socket module. Patch by David Watson and Heiko Wundram. (Closes #6560) 2011-08-22 11:55:57 +10:00
Antoine Pitrou
d649480739 Issue #12551: Provide a get_channel_binding() method on SSL sockets so as 
to get channel binding data for the current SSL session (only the
"tls-unique" channel binding is implemented).  This allows the
implementation of certain authentication mechanisms such as SCRAM-SHA-1-PLUS.

Patch by Jacek Konieczny.
 2011-07-21 01:11:30 +02:00
Antoine Pitrou
7128f95bd2 Issue #12440: When testing whether some bits in SSLContext.options can be 
reset, check the version of the OpenSSL headers Python was compiled against,
rather than the runtime version of the OpenSSL library.
 2011-07-08 18:49:07 +02:00
Antoine Pitrou
b9ac25d1c3 Issue #12440: When testing whether some bits in SSLContext.options can be 
reset, check the version of the OpenSSL headers Python was compiled against,
rather than the runtime version of the OpenSSL library.
 2011-07-08 18:47:06 +02:00
Victor Stinner
99c8b16143 Issue #12049: Add RAND_bytes() and RAND_pseudo_bytes() functions to the ssl 
module.
 2011-05-24 12:05:19 +02:00
Antoine Pitrou
7a616f2fc5 Issue #12065: connect_ex() on an SSL socket now returns the original errno 
when the socket's timeout expires (it used to return None).
 2011-05-18 18:52:20 +02:00
Antoine Pitrou
b4410dbea6 Issue #12065: connect_ex() on an SSL socket now returns the original errno 
when the socket's timeout expires (it used to return None).
 2011-05-18 18:51:06 +02:00
Victor Stinner
17ca323e7c (Merge 3.1) Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional 
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.

Optimize also ssl.get_protocol_name(): speed does matter!
 2011-05-10 00:48:41 +02:00
Victor Stinner
ee18b6f2fd Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional 
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.

Optimize also ssl.get_protocol_name(): speed does matter!
 2011-05-10 00:38:00 +02:00
Victor Stinner
3de49192aa Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional 
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.

Optimize also ssl.get_protocol_name(): speed does matter!
 2011-05-09 00:42:58 +02:00
Antoine Pitrou
ff9bfca482 Issue #12000: When a SSL certificate has a subjectAltName without any 
dNSName entry, ssl.match_hostname() should use the subject's commonName.
Patch by Nicolas Bareil.
 2011-05-06 15:20:55 +02:00
Antoine Pitrou
1c86b44506 Issue #12000: When a SSL certificate has a subjectAltName without any 
dNSName entry, ssl.match_hostname() should use the subject's commonName.
Patch by Nicolas Bareil.
 2011-05-06 15:19:49 +02:00
Antoine Pitrou
15399c3f09 Issue #11811: ssl.get_server_certificate() is now IPv6-compatible. Patch 
by Charles-François Natali.
 2011-04-28 19:23:55 +02:00
Antoine Pitrou
86cbfec50a Merged revisions 88664 via svnmerge from 
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r88664 | antoine.pitrou | 2011-02-27 00:24:06 +0100 (dim., 27 févr. 2011) | 4 lines

  Issue #11326: Add the missing connect_ex() implementation for SSL sockets,
  and make it work for non-blocking connects.
........
 2011-02-26 23:25:34 +00:00
Antoine Pitrou
e93bf7aed2 Issue #11326: Add the missing connect_ex() implementation for SSL sockets, 
and make it work for non-blocking connects.
 2011-02-26 23:24:06 +00:00
Antoine Pitrou
d532321f7b Issue #5639: Add a *server_hostname* argument to SSLContext.wrap_socket 
in order to support the TLS SNI extension.  `HTTPSConnection` and
`urlopen()` also use this argument, so that HTTPS virtual hosts are now
supported.
 2010-10-22 18:19:07 +00:00
Antoine Pitrou
59fdd6736b Issue #1589: Add ssl.match_hostname(), to help implement server identity 
verification for higher-level protocols.
 2010-10-08 10:37:08 +00:00
Antoine Pitrou
5974cdd5f5 Merged revisions 84807 via svnmerge from 
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r84807 | antoine.pitrou | 2010-09-14 16:43:44 +0200 (mar., 14 sept. 2010) | 4 lines

  Issue #9853: Fix the signature of SSLSocket.recvfrom() and
  SSLSocket.sendto() to match the corresponding socket methods.
........
 2010-09-14 14:47:08 +00:00
Antoine Pitrou
a468adc76d Issue #9853: Fix the signature of SSLSocket.recvfrom() and 
SSLSocket.sendto() to match the corresponding socket methods.
 2010-09-14 14:43:44 +00:00
Antoine Pitrou
10c4c23a25 Merged revisions 84464 via svnmerge from 
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r84464 | antoine.pitrou | 2010-09-03 20:38:17 +0200 (ven., 03 sept. 2010) | 3 lines

  Issue #3805: clean up implementation of the _read method in _ssl.c.
........
 2010-09-03 18:39:47 +00:00
Antoine Pitrou
24e561ae04 Issue #3805: clean up implementation of the _read method in _ssl.c. 2010-09-03 18:38:17 +00:00
Giampaolo Rodolà
8b7da623ce Fix issue #9711: raise ValueError is SSLConnection constructor is invoked with keyfile and not certfile. 2010-08-30 18:28:05 +00:00
Giampaolo Rodolà
745ab3807e Fix issue issue9706: provides a better error handling for various SSL operations 2010-08-29 19:25:49 +00:00
Giampaolo Rodolà
374f835316 Raise ValuError if non-zero flag argument is provided for sendall() method for conformity with send(), recv() and recv_into() 2010-08-29 12:08:09 +00:00
Antoine Pitrou
6e451df800 Followup to r83869 and issue #8524: rename socket.forget() to socket.detach() 
and make it return the file descriptor.
 2010-08-09 20:39:54 +00:00
Antoine Pitrou
e43f9d0ed6 Issue #8524: Add a forget() method to socket objects, so as to put the 
socket into the closed state without closing the underlying file
descriptor.
 2010-08-08 23:24:50 +00:00
Antoine Pitrou
b52187710e Issue #4870: Add an options attribute to SSL contexts, as well as 
several ``OP_*`` constants to the `ssl` module.  This allows to selectively
disable protocol versions, when used in combination with `PROTOCOL_SSLv23`.
 2010-05-21 09:56:06 +00:00
Antoine Pitrou
152efa2ae2 Issue #8550: Add first class SSLContext objects to the ssl module. 2010-05-16 18:19:27 +00:00