The signature algorithms allowed for certificate-based client authentication or
for the server to complete the TLS handshake can be defined on a SSL context via
`ctx.set_client_sigalgs()` and `ctx.set_server_sigalgs()`.
With OpenSSL 3.4 or later, the list of available TLS algorithms can be retrieved
by `ssl.get_sigalgs()`.
With OpenSSL 3.5 or later, the selected signature algorithms can be retrieved from
SSL sockets via `socket.client_sigalg()` and `socket.server_sigalg()`.
This commit also partially amends 377b787618
by using `PyUnicode_DecodeFSDefault` instead of `PyUnicode_DecodeASCII` in
`_ssl._SSLContext.get_groups`, so that functions consistently decode strings
obtained from OpenSSL.
---------
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
It should interpret the result of wcsxfrm() as a sequence of abstract
integers, not a sequence of Unicode code points or using other encoding
scheme that does not preserve ordering.
Previously, the size would be returned on Windows and an OSError would
be raised on Unix.
Also, raise ValueError instead of OSError for trackfd=False.
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Encode Solaris/Illumos thread names to ASCII, since
OpenIndiana does not support non-ASCII names.
Add tests for setting non-ASCII name for the main thread.
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Don't ignore errors raised by `PyErr_WarnFormat` in `warn_about_fork_with_threads`
Instead, ignore the warnings in all test code that forks. (That's a lot of functions.)
In `test_support`, make `ignore_warnings` a context manager (as well as decorator),
and add a `message` argument to it.
Also add a `ignore_fork_in_thread_deprecation_warnings` helper for the deadlock-in-fork
warning.
The csv.register_dialect() docstring no longer imply that it returns a
dialect.
All functions have now signatures.
Co-authored-by: maurycy <5383+maurycy@users.noreply.github.com>
A runtime check is needed to support cross-compiling.
Remove the _Py_NORMALIZE_CENTURY macro.
Remove _pydatetime.py's _can_support_c99.
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
It is now a positive integer larger larger than any limited resource value.
This simplifies comparison of the resource values.
Previously, it could be negative, such as -1 or -3, depending on platform.
Deprecation warning is emitted if the old negative value is passed.
The Python pickle module looks for "00" and "01" but _pickle only looked
for 2 characters that parsed to 0 or 1, meaning some payloads like "+0" or
" 0" would lead to different results in different implementations.
* Add OpenSSL 3.5.2 definitions to Modules/_ssl_data_35.h (moved from Modules/_ssl_data_34.h)
* Demote OpenSSL 3.1 to "old", remove it from CI
* Update all OpenSSL versions to latest patchlevel in CI config and multissltests defaults
* Add OpenSSL 3.5.2 to CI configuration and multissltests default list
* Fix a typo in the argument parser description of multissltests.py
