Fix problem with ssl.SSLContext.hostname_checks_common_name. OpenSSL does not
copy hostflags from *struct SSL_CTX* to *struct SSL*.
Signed-off-by: Christian Heimes <christian@python.org>.
(cherry picked from commit b467d9a240)
Co-authored-by: Christian Heimes <christian@python.org>
Fix a race condition in the SMTP test of test_logging. Don't close a
file descriptor (socket) from a different thread while
asyncore.loop() is polling the file descriptor.
(cherry picked from commit 75ec103b3a)
The new checks are only executed when one or more OpenSSL-related files are modified. The checks run a handful of networking and hashing test suites. All SSL checks are optional. This PR also introduces ccache to speed up compilation. In common cases it speeds up configure and compile time from about 90 seconds to less than 30 seconds.
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 8fa1489365)
Co-authored-by: Christian Heimes <christian@python.org>
Automerge-Triggered-By: GH:tiran
Signed-off-by: Andrew V. Jones <andrew.jones@vector.com>
(cherry picked from commit 54db51c911)
Co-authored-by: Andrew V. Jones <andrewvaughanj@gmail.com>
Co-authored-by: Andrew V. Jones <andrewvaughanj@gmail.com>
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit a4833883c9)
Co-authored-by: Christian Heimes <christian@python.org>
Automerge-Triggered-By: GH:tiran
(cherry picked from commit 79650d0118)
Co-authored-by: Mark Dickinson <mdickinson@enthought.com>
Co-authored-by: Mark Dickinson <mdickinson@enthought.com>
ripemd160 is not available in OpenSSL 3.0.0's default crypto provider.
It's only present in legacy provider.
Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 2d7fdc9073)
Co-authored-by: Christian Heimes <christian@python.org>
The previous "Fundamental data types" section says a c_char_p must be bytes (or None).
(cherry picked from commit 14829b09eb)
Co-authored-by: Zackery Spytz <zspytz@gmail.com>
Fix Regular Expression Denial of Service (ReDoS) vulnerability in
urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex
has quadratic worst-case complexity and it allows cause a denial of
service when identifying crafted invalid RFCs. This ReDoS issue is on
the client side and needs remote attackers to control the HTTP server.
(cherry picked from commit 7215d1ae25)
Co-authored-by: Yeting Li <liyt@ios.ac.cn>
Co-authored-by: Yeting Li <liyt@ios.ac.cn>
(cherry picked from commit 1744c96ebc)
Co-authored-by: Eric V. Smith <ericvsmith@users.noreply.github.com>
Co-authored-by: Eric V. Smith <ericvsmith@users.noreply.github.com>
Earlier releases were mislabelled and included 1.1.1i again.
The tag/directory name is updated to ensure that builds get the fresh bits. However, the openssl-bin-1.1.1k tag in the repository has been forcibly updated, so fresh builds will be fine even without this change.
When a dataclass inherits from an empty base, all immutability checks are omitted. This PR fixes this and adds tests for it.
Automerge-Triggered-By: GH:ericvsmith
(cherry picked from commit 376ffc6ac4)
Co-authored-by: Iurii Kemaev <6885137+hbq1@users.noreply.github.com>
Co-authored-by: Iurii Kemaev <6885137+hbq1@users.noreply.github.com>
So long as we don't have idna2008 in the standard library, we should at least point people to the third-party solution.
(cherry picked from commit 1d023e374c)
Co-authored-by: Gregory P. Smith <greg@krypto.org>
(cherry picked from commit 2b5913b4ee)
Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com>
Automerge-Triggered-By: GH:gvanrossum
(cherry picked from commit e4c8895ee5)
Co-authored-by: Raymond Hettinger <rhettinger@users.noreply.github.com>
Co-authored-by: Raymond Hettinger <rhettinger@users.noreply.github.com>
Changed the inline mentions of the attributes into a proper attribute list like `SystemExit` has.
Automerge-Triggered-By: GH:gvanrossum
(cherry picked from commit b2a91e0c9e)
Co-authored-by: Ammar Askar <ammar@ammaraskar.com>
