mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-10-31 18:28:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 15
89174 commits 7 branches 633 tags 6 GiB
Commit graph

266 commits

Author SHA1 Message Date
Christian Heimes
75b8426698 fixd refleak 2013-06-10 10:47:22 +02:00
Christian Heimes
46bebee25f Issue #17134: Add ssl.enum_cert_store() as interface to Windows' cert store. 2013-06-09 19:03:31 +02:00
Christian Heimes
142ec2c014 get_default_verify_paths doesn't belong inside the ifdef block 2013-06-09 18:29:54 +02:00
Christian Heimes
6d7ad13a45 Issue #18143: Implement ssl.get_default_verify_paths() in order to debug 
the default locations for cafile and capath.
 2013-06-09 18:02:55 +02:00
Antoine Pitrou
19fef69b75 Fix compilation under MSVC: ssl_set_mode() is a macro, and the MSVC preprocessor doesn't process #ifdef's inside a macro argument list. 
(found explanation at http://www.tech-archive.net/Archive/VC/microsoft.public.vc.language/2007-05/msg00385.html)
 2013-05-25 13:23:03 +02:00
Antoine Pitrou
3a65ad7f08 Issue #8240: Set the SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag on SSL sockets. 2013-05-25 13:02:32 +02:00
Antoine Pitrou
50b24d0d7c Fix a crash when setting a servername callback on a SSL server socket and the client doesn't send a server name. 
Patch by Kazuhiro Yoshida.
(originally issue #8109)
 2013-04-11 20:48:42 +02:00
Antoine Pitrou
ce852cb8b9 Fix comment about the OpenSSL version in which SNI version was introduced. 2013-03-30 16:45:04 +01:00
Antoine Pitrou
edbc18e9d0 Improve set_servername_callback docstring. 2013-03-30 16:40:27 +01:00
Antoine Pitrou
a596338bb8 Fix previous fix (the cause was actually a misplaced #endif, or so it seems) 2013-03-30 16:39:00 +01:00
Antoine Pitrou
41f8c4f5e4 Further compiling fixes (issue #17581) 2013-03-30 16:36:54 +01:00
Antoine Pitrou
912fbff105 Issue #17581: try to fix building on old OpenSSL versions 2013-03-30 16:29:32 +01:00
Antoine Pitrou
2463e5fee4 Issue #16692: The ssl module now supports TLS 1.1 and TLS 1.2. Initial patch by Michele Orrù. 2013-03-28 22:24:43 +01:00
Stefan Krah
20d60803d5 Issue #16982: Fix --without-threads build failure. 2013-01-17 17:07:17 +01:00
Antoine Pitrou
1e37e9efa9 SSLContext.load_dh_params() now properly closes the input file. 2013-01-12 21:44:33 +01:00
Antoine Pitrou
457a2292ca SSLContext.load_dh_params() now properly closes the input file. 2013-01-12 21:43:45 +01:00
Antoine Pitrou
5dd12a5978 Fix returning uninitialized variable (issue #8109). 
Found by Christian with Coverity.
 2013-01-06 15:25:36 +01:00
Antoine Pitrou
58ddc9d743 Issue #8109: The ssl module now has support for server-side SNI, thanks to a :meth:SSLContext.set_servername_callback method. 
Patch by Daniel Black.
 2013-01-05 21:20:29 +01:00
Christian Heimes
5cb31c9277 Issue #15977: Fix memory leak in Modules/_ssl.c when the function _set_npn_protocols() is called multiple times 2012-09-20 12:42:54 +02:00
Jesus Cea
b7a2800831 MERGE: Closes #15793: Stack corruption in ssl.RAND_egd() 2012-09-11 02:08:48 +02:00
Jesus Cea
c8754a13e6 Closes #15793: Stack corruption in ssl.RAND_egd() 2012-09-11 02:00:58 +02:00
Antoine Pitrou
721738fbee Issue #15604: Update uses of PyObject_IsTrue() to check for and handle errors correctly. 
Patch by Serhiy Storchaka.
 2012-08-15 23:20:39 +02:00
Antoine Pitrou
6f430e4963 Issue #15604: Update uses of PyObject_IsTrue() to check for and handle errors correctly. 
Patch by Serhiy Storchaka.
 2012-08-15 23:18:25 +02:00
Antoine Pitrou
3b36fb1f53 Issue #14837: SSL errors now have library and reason attributes describing precisely what happened and in which OpenSSL submodule. 
The str() of a SSLError is also enhanced accordingly.

NOTE: this commit creates a reference leak.  The leak seems tied to the
use of PyType_FromSpec() to create the SSLError type.  The leak is on the
type object when it is instantiated:

>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
35
>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
36
>>> e = ssl.SSLError()
>>> sys.getrefcount(ssl.SSLError)
37
 2012-06-22 21:11:52 +02:00
Antoine Pitrou
d5d17eb653 Issue #14204: The ssl module now has support for the Next Protocol Negotiation extension, if available in the underlying OpenSSL library. 
Patch by Colin Marc.
 2012-03-22 00:23:03 +01:00
Antoine Pitrou
c135fa424e Fix last remaining build issues of _ssl under old OpenSSLs. Patch by Vinay. 2012-02-19 21:22:39 +01:00
Antoine Pitrou
a9bf2ac726 Try to really fix compilation failures of the _ssl module under very old OpenSSLs. 2012-02-17 18:47:54 +01:00
Antoine Pitrou
e9fccb360f Fix compilation when SSL_OP_SINGLE_ECDH_USE isn't defined 2012-02-17 11:53:10 +01:00
Antoine Pitrou
04d4ee4e56 Issue #13014: Fix a possible reference leak in SSLSocket.getpeercert(). 2012-02-15 22:28:21 +01:00
Antoine Pitrou
2f5a163dfc Issue #13014: Fix a possible reference leak in SSLSocket.getpeercert(). 2012-02-15 22:25:27 +01:00
Antoine Pitrou
9e2e5329dc Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:53:29 +01:00
Antoine Pitrou
3f366314e8 Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:50:45 +01:00
Antoine Pitrou
f2bf8a6ac5 Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure. 2012-01-27 09:48:47 +01:00
Antoine Pitrou
0e576f1f50 Issue #13626: Add support for SSL Diffie-Hellman key exchange, through the 
SSLContext.load_dh_params() method and the ssl.OP_SINGLE_DH_USE option.
 2011-12-22 10:03:38 +01:00
Antoine Pitrou
501da61671 Fix ssl module compilation if ECDH support was disabled in the OpenSSL build. 
(followup to issue #13627)
 2011-12-21 09:27:41 +01:00
Antoine Pitrou
8abdb8abd8 Issue #13634: Add support for querying and disabling SSL compression. 2011-12-20 10:13:40 +01:00
Antoine Pitrou
923df6f22a Issue #13627: Add support for SSL Elliptic Curve-based Diffie-Hellman 
key exchange, through the SSLContext.set_ecdh_curve() method and the
ssl.OP_SINGLE_ECDH_USE option.
 2011-12-19 17:16:51 +01:00
Antoine Pitrou
6db4944cc5 Issue #13635: Add ssl.OP_CIPHER_SERVER_PREFERENCE, so that SSL servers 
choose the cipher based on their own preferences, rather than on the
client's.
 2011-12-19 13:27:11 +01:00
Antoine Pitrou
bc53032408 Issue #13458: Fix a memory leak in the ssl module when decoding a certificate with a subjectAltName. 
Patch by Robert Xiao.
 2011-11-23 01:42:52 +01:00
Antoine Pitrou
116d6b98bf Issue #13458: Fix a memory leak in the ssl module when decoding a certificate with a subjectAltName. 
Patch by Robert Xiao.
 2011-11-23 01:39:19 +01:00
Antoine Pitrou
41032a69c1 Issue #11183: Add finer-grained exceptions to the ssl module, so that 
you don't have to inspect the exception's attributes in the common case.
 2011-10-27 23:56:55 +02:00
Antoine Pitrou
a0e0e23299 Add a docstring to SSLError 2011-10-22 23:41:52 +02:00
Antoine Pitrou
b7705b7792 Use PyExc_OSError directly instead of grabbing it from the socket module API 2011-10-22 23:37:51 +02:00
Antoine Pitrou
a02a12c517 Issue #13034: When decoding some SSL certificates, the subjectAltName extension could be unreported. 2011-10-01 19:22:30 +02:00
Antoine Pitrou
d8c347a8de Issue #13034: When decoding some SSL certificates, the subjectAltName extension could be unreported. 2011-10-01 19:20:25 +02:00
Charles-François Natali
ac7e9e058d Issue #12287: Fix a stack corruption in ossaudiodev module when the FD is 
greater than FD_SETSIZE.
 2011-08-28 18:10:27 +02:00
Charles-François Natali
aa26b27503 Issue #12287: Fix a stack corruption in ossaudiodev module when the FD is 
greater than FD_SETSIZE.
 2011-08-28 17:51:43 +02:00
Antoine Pitrou
4fd1e6a3ba Issue #12803: SSLContext.load_cert_chain() now accepts a password argument 
to be used if the private key is encrypted.  Patch by Adam Simpkins.
 2011-08-25 14:39:44 +02:00
Antoine Pitrou
d649480739 Issue #12551: Provide a get_channel_binding() method on SSL sockets so as 
to get channel binding data for the current SSL session (only the
"tls-unique" channel binding is implemented).  This allows the
implementation of certain authentication mechanisms such as SCRAM-SHA-1-PLUS.

Patch by Jacek Konieczny.
 2011-07-21 01:11:30 +02:00
Antoine Pitrou
7128f95bd2 Issue #12440: When testing whether some bits in SSLContext.options can be 
reset, check the version of the OpenSSL headers Python was compiled against,
rather than the runtime version of the OpenSSL library.
 2011-07-08 18:49:07 +02:00