X25519 is not a valid curve if OpenSSL is built with FIPS mode,
and ignoring unknown groups in `SSL_CTX_set1_groups_list()`
is only supported since OpenSSL 3.3, so we use two curves that
are known to be FIPS-compliant, namely P-256 and P-384.
Default implementation of sys.unraisablehook() now uses traceback._print_exception_bltin() to print exceptions with colorized text.
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
Co-authored-by: Victor Stinner <vstinner@python.org>
Move docs to the reference section & reduce the “tutorial” part to a quick intro & link.
Clarify what values are accepted.
Add macro/attribute equivalents.
Discourage _align_ values that aren't powers of two.
Remove feature coverage comment from msgfmt script's docstring
msgfmt handles plural forms since cb081b83.
The comment was incorrectly applied in 637a33b -- original patch was from before the cb081b83 commit.
Co-authored-by: Tomas R. <tomas.roun8@gmail.com>
The calendar module displays month names in some locales using the genitive case.
This is grammatically incorrect, as the nominative case should be used when the month
is named by itself. To address this issue, this change introduces new lists
`standalone_month_name` and `standalone_month_abbr` that contain month names in
the nominative case -- or more generally, in the form that should be used to
name the month itself, rather than form a date.
The module now uses the `%OB` format specifier to get month names in this form
where available.
The implementation does not create anymore local functions which reduces
the overhead for small inputs. Some other calls are inlined into a
single `_convert_literal` function.
We have a gain of 10-20% for small inputs and only 1-2% for bigger
inputs.
Call backtrace() once when installing the signal handler to ensure that
libgcc is dynamically loaded outside the signal handler.
This fixes a "signal-unsafe call inside of a signal" TSan error from
test_faulthandler.test_enable_fd.
Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com>
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Add support for getting and setting groups used for key agreement.
* `ssl.SSLSocket.group()` returns the name of the group used
for the key agreement of the current session establishment.
This feature requires Python to be built with OpenSSL 3.2 or later.
* `ssl.SSLContext.get_groups()` returns the list of names of groups
that are compatible with the TLS version of the current context.
This feature requires Python to be built with OpenSSL 3.5 or later.
* `ssl.SSLContext.set_groups()` sets the groups allowed for key agreement
for sockets created with this context. This feature is always supported.
