412 commits

Author	SHA1	Message	Date
Victor Stinner	869e1778c0	Issue #22117: Replace usage of _PyTime_ROUND_UP with _PyTime_ROUND_CEILING ... All these functions only accept positive timeouts, so this change has no effect in practice.	2015-03-30 03:49:14 +02:00
Victor Stinner	ea9c0dd2c2	Issue #22117: Fix usage of _PyTime_AsTimeval() ... Add _PyTime_AsTimeval_noraise() function. Call it when it's not possible (or not useful) to raise a Python exception on overflow.	2015-03-30 02:51:13 +02:00
Victor Stinner	e245231fab	Issue #22117: Fix ssl to use _PyTime_t API on sock_timeout ... I didn't notice that the ssl module uses private attributes of socket objects.	2015-03-28 03:00:46 +01:00
Serhiy Storchaka	8490f5acfe	Issue #23001: Few functions in modules mmap, ossaudiodev, socket, ssl, and ... codecs, that accepted only read-only bytes-like object now accept writable bytes-like object too.	2015-03-20 09:00:36 +02:00
Victor Stinner	e42ccd2bfd	Issue #23694: Enhance _Py_fopen(), it now raises an exception on error ... * If fopen() fails, OSError is raised with the original filename object. * The GIL is now released while calling fopen()	2015-03-18 01:39:23 +01:00
Benjamin Peterson	de8eca4638	merge 3.4	2015-03-04 22:50:25 -05:00
Benjamin Peterson	990fcaac3c	expose X509_V_FLAG_TRUSTED_FIRST	2015-03-04 22:49:41 -05:00
Benjamin Peterson	b64ae7bf2d	merge 3.4 (#23476)	2015-03-04 22:11:48 -05:00
Benjamin Peterson	fdb1971587	enable X509_V_FLAG_TRUSTED_FIRST when possible (closes #23476)	2015-03-04 22:11:12 -05:00
Antoine Pitrou	0bfd0a4048	Issue #23576: Avoid stalling in SSL reads when EOF has been reached in the SSL layer but the underlying connection hasn't been closed.	2015-03-04 20:54:57 +01:00
Antoine Pitrou	f7f3b0a14a	Issue #23576: Avoid stalling in SSL reads when EOF has been reached in the SSL layer but the underlying connection hasn't been closed.	2015-03-04 20:51:55 +01:00
Serhiy Storchaka	4d0d982985	Issue #23446: Use PyMem_New instead of PyMem_Malloc to avoid possible integer ... overflows. Added few missed PyErr_NoMemory().	2015-02-16 13:33:32 +02:00
Serhiy Storchaka	1a1ff29659	Issue #23446: Use PyMem_New instead of PyMem_Malloc to avoid possible integer ... overflows. Added few missed PyErr_NoMemory().	2015-02-16 13:28:22 +02:00
Benjamin Peterson	c54de47759	ifdef our way to compatibility with old openssl (closes #23335)	2015-01-28 12:06:39 -05:00
Benjamin Peterson	07f0515667	disable ALPN on LibreSSL, which has a large version number, but not ALPN support (closes #23329)	2015-01-27 11:10:18 -05:00
Benjamin Peterson	8861502e07	prefer server alpn ordering over the client's	2015-01-23 17:30:26 -05:00
Benjamin Peterson	cca2732a82	add support for ALPN (closes #20188)	2015-01-23 16:35:37 -05:00
Benjamin Peterson	baf7c1e546	use SSL_get_session	2015-01-07 11:32:00 -06:00
Benjamin Peterson	4cb17812d9	expose the client's cipher suites from the handshake (closes #23186)	2015-01-07 11:14:26 -06:00
Victor Stinner	fcfed19913	Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The ... availability of the function is checked during the compilation. Patch written by Bernard Spil.	2015-01-06 13:54:58 +01:00
Antoine Pitrou	5e8430d02c	Issue #23143: Remove compatibility with OpenSSLs older than 0.9.8. ... (the last 0.9.7 release was in 2007)	2015-01-03 23:17:23 +01:00
Benjamin Peterson	e32467cf6a	allow ssl module to compile if openssl doesn't support SSL 3 (closes #22935) ... Patch by Kurt Roeckx.	2014-12-05 21:59:35 -05:00
Benjamin Peterson	7243b574e5	don't require OpenSSL SNI to pass hostname to ssl functions (#22921) ... Patch by Donald Stufft.	2014-11-23 17:04:34 -06:00
Benjamin Peterson	22293df016	merge 3.4 (#22935)	2014-12-05 22:11:33 -05:00
Victor Stinner	beeb512fe1	Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The ... availability of the function is checked during the compilation. Patch written by Bernard Spil.	2014-11-28 13:28:25 +01:00
Benjamin Peterson	f9284ae8ed	merge 3.4 (#22921)	2014-11-23 17:06:39 -06:00
Antoine Pitrou	b1fdf47ff5	Issue #21965: Add support for in-memory SSL to the ssl module. ... Patch by Geert Jansen.	2014-10-05 20:41:53 +02:00
Antoine Pitrou	47e40429fb	Issue #20421: Add a .version() method to SSL sockets exposing the actual protocol version in use.	2014-09-04 21:00:10 +02:00
Victor Stinner	e03de09ff2	(Merge 3.4) Issue #21781, _ssl: Fix asn1obj2py() on Windows 64-bit, "s#" format ... requires size to be a Py_ssize_t, not an int. _ssl.c is now "Py_ssize_t clean".	2014-07-07 21:52:49 +02:00
Victor Stinner	cd75298611	Issue #21781, _ssl: Fix asn1obj2py() on Windows 64-bit, "s#" format requires ... size to be a Py_ssize_t, not an int. _ssl.c is now "Py_ssize_t clean".	2014-07-07 21:52:29 +02:00
Victor Stinner	7f084064e8	(Merge 3.4) Issue #21781: Make the ssl module "ssize_t clean" for parsing ... parameters. ssl.RAND_add() now supports strings longer than 2 GB.	2014-07-01 16:39:23 +02:00
Victor Stinner	2e57b4e488	Issue #21781: Make the ssl module "ssize_t clean" for parsing parameters. ... ssl.RAND_add() now supports strings longer than 2 GB.	2014-07-01 16:37:17 +02:00
Victor Stinner	45e8e2f218	Issue #21490: Add new C macros: Py_ABS() and Py_STRINGIFY() ... Keep _Py_STRINGIZE() in PC/pyconfig.h to not introduce a dependency between pyconfig.h and pymacros.h.	2014-05-14 17:24:35 +02:00
Antoine Pitrou	0bebbc33fa	Issue #21015: SSL contexts will now automatically select an elliptic curve for ECDH key exchange on OpenSSL 1.0.2 and later, and otherwise default to "prime256v1". ... (should also fix a buildbot failure introduced by #20995)	2014-03-22 18:13:50 +01:00
Gregory P. Smith	83fed26953	avoid a compiler warning about assigning const char * to char *.	2014-01-17 12:09:05 -08:00
Gregory P. Smith	f34890937b	avoid a compiler warning about assigning const char * to char *.	2014-01-17 12:08:49 -08:00
Antoine Pitrou	78ace81c93	Issue #20207: Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly asked for.	2014-01-09 20:09:03 +01:00
Antoine Pitrou	2f7c31678a	Remove conditional: it is useless at this point (OpenSSL headers are not yet included)	2014-01-09 20:07:41 +01:00
Antoine Pitrou	cd3d7cabef	Issue #20207: Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly asked for.	2014-01-09 20:02:20 +01:00
Victor Stinner	36e96b8716	(Merge 3.3) Issue #20025: ssl.RAND_bytes() and ssl.RAND_pseudo_bytes() now ... raise a ValueError if num is negative (instead of raising a SystemError).	2013-12-19 16:47:25 +01:00
Victor Stinner	1e81a399a2	Issue #20025: ssl.RAND_bytes() and ssl.RAND_pseudo_bytes() now raise a ... ValueError if num is negative (instead of raising a SystemError).	2013-12-19 16:47:04 +01:00
Christian Heimes	1aa9a75fbf	Issue #19509: Add SSLContext.check_hostname to match the peer's certificate ... with server_hostname on handshake.	2013-12-02 02:41:19 +01:00
Christian Heimes	470fba1f9f	SNI was added in OpenSSL 0.9.8f [11 Oct 2007], too	2013-11-28 15:12:15 +01:00
Christian Heimes	2427b50fdd	Issue #8813: X509_VERIFY_PARAM is only available on OpenSSL 0.9.8+ ... The patch removes the verify_flags feature on Mac OS X 10.4 with OpenSSL 0.9.7l 28 Sep 2006.	2013-11-23 11:24:32 +01:00
Christian Heimes	5398e1a56e	Issue #19448: report name / NID in exception message of ASN1Object	2013-11-22 16:20:53 +01:00
Christian Heimes	f22e8e5426	Issue #18147: Add missing documentation for SSLContext.get_ca_certs(). ... Also change the argument name to the same name as getpeercert()	2013-11-22 02:22:51 +01:00
Christian Heimes	44109d7de7	Issue #17134: Finalize interface to Windows' certificate store. Cert and ... CRL enumeration are now two functions. enum_certificates() also returns purpose flags as set of OIDs.	2013-11-22 01:51:30 +01:00
Christian Heimes	1dbf61fa46	downcast len to int. The code has already checked that len < INT_MAX	2013-11-22 00:34:18 +01:00
Christian Heimes	18fc7be80d	lst might be NULL here ... CID 1130752: Dereference after null check (FORWARD_NULL)	2013-11-21 23:57:49 +01:00
Christian Heimes	225877917e	Issue #8813: Add SSLContext.verify_flags to change the verification flags ... of the context in order to enable certification revocation list (CRL) checks or strict X509 rules.	2013-11-21 23:56:13 +01:00