Christian Heimes 
								
							 
						 
						
							
							
							
							
								
							
							
								ee0bac66b2 
								
							 
						 
						
							
							
								
								Issue  #19227  / Issue  #18747 : Remove pthread_atfork() handler to remove OpenSSL re-seeding  
							
							... 
							
							
							
							It is causing trouble like e.g. hanging processes. 
							
						 
						
							2013-10-29 21:11:55 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Christian Heimes 
								
							 
						 
						
							
							
							
							
								
							
							
								fb6b44e830 
								
							 
						 
						
							
							
								
								Issue  #19227  / Issue  #18747 : Remove pthread_atfork() handler to remove OpenSSL re-seeding  
							
							... 
							
							
							
							It is causing trouble like e.g. hanging processes. 
							
						 
						
							2013-10-29 20:50:01 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Georg Brandl 
								
							 
						 
						
							
							
							
							
								
							
							
								81be27d53e 
								
							 
						 
						
							
							
								
								Issue  #19227 : Try to fix deadlocks caused by re-seeding then OpenSSL  
							
							... 
							
							
							
							pseudo-random number generator on fork(). 
							
						 
						
							2013-10-27 07:56:11 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Georg Brandl 
								
							 
						 
						
							
							
							
							
								
							
							
								fb404f528a 
								
							 
						 
						
							
							
								
								#19227 : merge with 3.3  
							
							
							
						 
						
							2013-10-27 07:57:42 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								b2201e1aa6 
								
							 
						 
						
							
							
								
								Properly initialize all fields of a SSL object after allocation.  
							
							
							
						 
						
							2013-09-29 19:53:45 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								860aee75b8 
								
							 
						 
						
							
							
								
								Properly initialize all fields of a SSL object after allocation.  
							
							
							
						 
						
							2013-09-29 19:52:45 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								20b85557f2 
								
							 
						 
						
							
							
								
								Issue  #19095 : SSLSocket.getpeercert() now raises ValueError when the SSL handshake hasn't been done.  
							
							
							
						 
						
							2013-09-29 19:50:53 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Christian Heimes 
								
							 
						 
						
							
							
							
							
								
							
							
								2d7aba3db1 
								
							 
						 
						
							
							
								
								Issue  #18709 : GCC 4.6 complains that 'v' may be used uninitialized in GEN_EMAIL/GEN_URI/GEN_DNS case  
							
							
							
						 
						
							2013-09-05 16:04:50 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Christian Heimes 
								
							 
						 
						
							
							
							
							
								
							
							
								60bf2fc25b 
								
							 
						 
						
							
							
								
								Issue  #18709 : GCC 4.6 complains that 'v' may be used uninitialized in GEN_EMAIL/GEN_URI/GEN_DNS case  
							
							
							
						 
						
							2013-09-05 16:04:35 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Victor Stinner 
								
							 
						 
						
							
							
							
							
								
							
							
								daf455554b 
								
							 
						 
						
							
							
								
								Issue  #18571 : Implementation of the PEP 446: file descriptors and file handles  
							
							... 
							
							
							
							are now created non-inheritable; add functions os.get/set_inheritable(),
os.get/set_handle_inheritable() and socket.socket.get/set_inheritable(). 
							
						 
						
							2013-08-28 00:53:59 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Christian Heimes 
								
							 
						 
						
							
							
							
							
								
							
							
								cfa47962c2 
								
							 
						 
						
							
							
								
								Issue  #18747 : Fix spelling errors in my commit message and comments,  
							
							... 
							
							
							
							thanks to Vajrasky Kok for proof-reading. 
							
						 
						
							2013-08-25 14:19:29 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Christian Heimes 
								
							 
						 
						
							
							
							
							
								
							
							
								61636e7105 
								
							 
						 
						
							
							
								
								Issue  #18747 : Fix spelling errors in my commit message and comments,  
							
							... 
							
							
							
							thanks to Vajrasky Kok for proof-reading. 
							
						 
						
							2013-08-25 14:19:16 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Richard Oudkerk 
								
							 
						 
						
							
							
							
							
								
							
							
								cabbde9e1e 
								
							 
						 
						
							
							
								
								Fix compiler warning on Windows.  
							
							
							
						 
						
							2013-08-24 23:46:27 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Christian Heimes 
								
							 
						 
						
							
							
							
							
								
							
							
								f54c24628b 
								
							 
						 
						
							
							
								
								Issue  #18747 : Use a parent atfork handler instead of a child atfork handler.  
							
							... 
							
							
							
							fork() is suppose to be async-signal safe but the handler calls unsafe functions. A parent handler mitigates the issue. 
							
						 
						
							2013-08-22 13:19:56 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Christian Heimes 
								
							 
						 
						
							
							
							
							
								
							
							
								80c5de93f9 
								
							 
						 
						
							
							
								
								Issue  #18747 : Use a parent atfork handler instead of a child atfork handler.  
							
							... 
							
							
							
							fork() is suppose to be async-signal safe but the handler calls unsafe functions. A parent handler mitigates the issue. 
							
						 
						
							2013-08-22 13:19:48 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Christian Heimes 
								
							 
						 
						
							
							
							
							
								
							
							
								6acbe2aaa3 
								
							 
						 
						
							
							
								
								Issue  #18747 : Re-seed OpenSSL's pseudo-random number generator after fork.  
							
							... 
							
							
							
							A pthread_atfork() child handler is used to seeded the PRNG with pid, time
and some stack data. 
							
						 
						
							2013-08-21 13:26:34 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Christian Heimes 
								
							 
						 
						
							
							
							
							
								
							
							
								f77b4b20e9 
								
							 
						 
						
							
							
								
								Issue  #18747 : Re-seed OpenSSL's pseudo-random number generator after fork.  
							
							... 
							
							
							
							A pthread_atfork() child handler is used to seeded the PRNG with pid, time
and some stack data. 
							
						 
						
							2013-08-21 13:26:05 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Christian Heimes 
								
							 
						 
						
							
							
							
							
								
							
							
								85532eb212 
								
							 
						 
						
							
							
								
								Issue  #18777 : The ssl module now uses the new CRYPTO_THREADID API of  
							
							... 
							
							
							
							OpenSSL 1.0.0+ instead of the deprecated CRYPTO id callback function. 
							
						 
						
							2013-08-19 17:36:39 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Christian Heimes 
								
							 
						 
						
							
							
							
							
								
							
							
								4d98ca9ff6 
								
							 
						 
						
							
							
								
								Issue  #18777 : The ssl module now uses the new CRYPTO_THREADID API of  
							
							... 
							
							
							
							OpenSSL 1.0.0+ instead of the deprecated CRYPTO id callback function. 
							
						 
						
							2013-08-19 17:36:29 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Christian Heimes 
								
							 
						 
						
							
							
							
							
								
							
							
								f920a1c1f1 
								
							 
						 
						
							
							
								
								Issue 18768: Correct doc string of RAND_edg(). Patch by Vajrasky Kok.  
							
							
							
						 
						
							2013-08-17 17:25:27 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Christian Heimes 
								
							 
						 
						
							
							
							
							
								
							
							
								3c2593b2bb 
								
							 
						 
						
							
							
								
								Issue 18768: Correct doc string of RAND_edg(). Patch by Vajrasky Kok.  
							
							
							
						 
						
							2013-08-17 17:25:18 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Christian Heimes 
								
							 
						 
						
							
							
							
							
								
							
							
								9b5907cbd5 
								
							 
						 
						
							
							
								
								Issue  #18768 : coding style nitpick. Thanks to Vajrasky Kok  
							
							
							
						 
						
							2013-08-17 17:19:03 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Christian Heimes 
								
							 
						 
						
							
							
							
							
								
							
							
								474afdda60 
								
							 
						 
						
							
							
								
								Issue  #18768 : coding style nitpick. Thanks to Vajrasky Kok  
							
							
							
						 
						
							2013-08-17 17:18:56 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Ezio Melotti 
								
							 
						 
						
							
							
							
							
								
							
							
								a7e7497d88 
								
							 
						 
						
							
							
								
								#18466 : merge with 3.3.  
							
							
							
						 
						
							2013-08-17 16:58:13 +03:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Ezio Melotti 
								
							 
						 
						
							
							
							
							
								
							
							
								85a8629d21 
								
							 
						 
						
							
							
								
								#18466 : fix more typos.  Patch by Févry Thibault.  
							
							
							
						 
						
							2013-08-17 16:57:41 +03:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Christian Heimes 
								
							 
						 
						
							
							
							
							
								
							
							
								e06d47c70c 
								
							 
						 
						
							
							
								
								Issue  #18709 : Fix CVE-2013-4238. The SSL module now handles NULL bytes  
							
							... 
							
							
							
							inside subjectAltName correctly. Formerly the module has used OpenSSL's
GENERAL_NAME_print() function to get the string represention of ASN.1
strings for rfc822Name (email), dNSName (DNS) and
uniformResourceIdentifier (URI). 
							
						 
						
							2013-08-17 00:58:00 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Christian Heimes 
								
							 
						 
						
							
							
							
							
								
							
							
								824f7f366d 
								
							 
						 
						
							
							
								
								Issue  #18709 : Fix CVE-2013-4238. The SSL module now handles NULL bytes  
							
							... 
							
							
							
							inside subjectAltName correctly. Formerly the module has used OpenSSL's
GENERAL_NAME_print() function to get the string represention of ASN.1
strings for rfc822Name (email), dNSName (DNS) and
uniformResourceIdentifier (URI). 
							
						 
						
							2013-08-17 00:54:47 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Christian Heimes 
								
							 
						 
						
							
							
							
							
								
							
							
								9bfcaa6fb3 
								
							 
						 
						
							
							
								
								Check return value of PyLong_FromLong(X509_get_version()). It might be NULL if  
							
							... 
							
							
							
							X509_get_version() grows beyond our small int cache.
CID 1058279 
							
						 
						
							2013-07-26 15:51:35 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Christian Heimes 
								
							 
						 
						
							
							
							
							
								
							
							
								5962bef8aa 
								
							 
						 
						
							
							
								
								Check return value of PyLong_FromLong(X509_get_version()). It might be NULL if  
							
							... 
							
							
							
							X509_get_version() grows beyond our small int cache.
CID 1058279 
							
						 
						
							2013-07-26 15:51:18 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Victor Stinner 
								
							 
						 
						
							
							
							
							
								
							
							
								11ebff2757 
								
							 
						 
						
							
							
								
								Issue  #18203 : Replace malloc() with PyMem_Malloc() in _ssl for the password  
							
							
							
						 
						
							2013-07-07 17:07:52 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Victor Stinner 
								
							 
						 
						
							
							
							
							
								
							
							
								b64049183c 
								
							 
						 
						
							
							
								
								Issue  #18203 : Replace malloc() with PyMem_Malloc() in Python modules  
							
							... 
							
							
							
							Replace malloc() with PyMem_Malloc() when the GIL is held, or with
PyMem_RawMalloc() otherwise. 
							
						 
						
							2013-07-07 16:21:41 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Victor Stinner 
								
							 
						 
						
							
							
							
							
								
							
							
								7e00151e1f 
								
							 
						 
						
							
							
								
								_ssl.c: strip trailing spaces  
							
							
							
						 
						
							2013-06-25 00:44:31 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Victor Stinner 
								
							 
						 
						
							
							
							
							
								
							
							
								86073dc3c2 
								
							 
						 
						
							
							
								
								(Merge 3.3) Issue  #18135 : ssl.SSLSocket.write() now raises an OverflowError if  
							
							... 
							
							
							
							the input string in longer than 2 gigabytes, and
ssl.SSLContext.load_cert_chain() raises a ValueError if the password is longer
than 2 gigabytes. The ssl module does not support partial write. 
							
						 
						
							2013-06-25 00:43:47 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Victor Stinner 
								
							 
						 
						
							
							
							
							
								
							
							
								6efa965a27 
								
							 
						 
						
							
							
								
								Issue  #18135 : ssl.SSLSocket.write() now raises an OverflowError if the input  
							
							... 
							
							
							
							string in longer than 2 gigabytes, and ssl.SSLContext.load_cert_chain() raises
a ValueError if the password is longer than 2 gigabytes. The ssl module does
not support partial write. 
							
						 
						
							2013-06-25 00:42:31 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Victor Stinner 
								
							 
						 
						
							
							
							
							
								
							
							
								8cfd67cfe7 
								
							 
						 
						
							
							
								
								(Merge 3.3) Issue  #18135 : Fix a possible integer overflow in  
							
							... 
							
							
							
							ssl.SSLSocket.write() and in ssl.SSLContext.load_cert_chain() for strings and
passwords longer than 2 gigabytes. 
							
						 
						
							2013-06-23 15:09:26 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Victor Stinner 
								
							 
						 
						
							
							
							
							
								
							
							
								9ee0203057 
								
							 
						 
						
							
							
								
								Issue  #18135 : Fix a possible integer overflow in ssl.SSLSocket.write()  
							
							... 
							
							
							
							and in ssl.SSLContext.load_cert_chain() for strings and passwords longer
than 2 gigabytes. 
							
						 
						
							2013-06-23 15:08:23 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Victor Stinner 
								
							 
						 
						
							
							
							
							
								
							
							
								4569cd5eab 
								
							 
						 
						
							
							
								
								_ssl.c: strip trailing spaces  
							
							
							
						 
						
							2013-06-23 14:58:43 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Christian Heimes 
								
							 
						 
						
							
							
							
							
								
							
							
								9a5395ae2b 
								
							 
						 
						
							
							
								
								Issue  #18147 : Add diagnostic functions to ssl.SSLContext().  
							
							... 
							
							
							
							get_ca_list() lists all loaded CA certificates and cert_store_stats() returns
amount of loaded X.509 certs, X.509 CA certs and CRLs. 
							
						 
						
							2013-06-17 15:44:12 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Christian Heimes 
								
							 
						 
						
							
							
							
							
								
							
							
								200bb1b08c 
								
							 
						 
						
							
							
								
								Simplify return value of ssl.get_default_verify_paths  
							
							... 
							
							
							
							prefix function with PySSL_, too. Other module level functions have a prefix, too. 
							
						 
						
							2013-06-14 15:14:29 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Christian Heimes 
								
							 
						 
						
							
							
							
							
								
							
							
								75b8426698 
								
							 
						 
						
							
							
								
								fixd refleak  
							
							
							
						 
						
							2013-06-10 10:47:22 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Christian Heimes 
								
							 
						 
						
							
							
							
							
								
							
							
								46bebee25f 
								
							 
						 
						
							
							
								
								Issue  #17134 : Add ssl.enum_cert_store() as interface to Windows' cert store.  
							
							
							
						 
						
							2013-06-09 19:03:31 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Christian Heimes 
								
							 
						 
						
							
							
							
							
								
							
							
								142ec2c014 
								
							 
						 
						
							
							
								
								get_default_verify_paths doesn't belong inside the ifdef block  
							
							
							
						 
						
							2013-06-09 18:29:54 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Christian Heimes 
								
							 
						 
						
							
							
							
							
								
							
							
								6d7ad13a45 
								
							 
						 
						
							
							
								
								Issue  #18143 : Implement ssl.get_default_verify_paths() in order to debug  
							
							... 
							
							
							
							the default locations for cafile and capath. 
							
						 
						
							2013-06-09 18:02:55 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								19fef69b75 
								
							 
						 
						
							
							
								
								Fix compilation under MSVC: ssl_set_mode() is a macro, and the MSVC preprocessor doesn't process #ifdef's inside a macro argument list.  
							
							... 
							
							
							
							(found explanation at http://www.tech-archive.net/Archive/VC/microsoft.public.vc.language/2007-05/msg00385.html ) 
							
						 
						
							2013-05-25 13:23:03 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								3a65ad7f08 
								
							 
						 
						
							
							
								
								Issue  #8240 : Set the SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag on SSL sockets.  
							
							
							
						 
						
							2013-05-25 13:02:32 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								50b24d0d7c 
								
							 
						 
						
							
							
								
								Fix a crash when setting a servername callback on a SSL server socket and the client doesn't send a server name.  
							
							... 
							
							
							
							Patch by Kazuhiro Yoshida.
(originally issue #8109 ) 
							
						 
						
							2013-04-11 20:48:42 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								ce852cb8b9 
								
							 
						 
						
							
							
								
								Fix comment about the OpenSSL version in which SNI version was introduced.  
							
							
							
						 
						
							2013-03-30 16:45:04 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								edbc18e9d0 
								
							 
						 
						
							
							
								
								Improve set_servername_callback docstring.  
							
							
							
						 
						
							2013-03-30 16:40:27 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								a596338bb8 
								
							 
						 
						
							
							
								
								Fix previous fix (the cause was actually a misplaced #endif, or so it seems)  
							
							
							
						 
						
							2013-03-30 16:39:00 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								41f8c4f5e4 
								
							 
						 
						
							
							
								
								Further compiling fixes (issue  #17581 )  
							
							
							
						 
						
							2013-03-30 16:36:54 +01:00