cpython

mirror of https://github.com/python/cpython.git synced 2025-10-31 13:41:24 +00:00

Author	SHA1	Message	Date
Benjamin Peterson	b64ae7bf2d	merge 3.4 (#23476 )	2015-03-04 22:11:48 -05:00
Benjamin Peterson	fdb1971587	enable X509_V_FLAG_TRUSTED_FIRST when possible (closes #23476 )	2015-03-04 22:11:12 -05:00
Antoine Pitrou	0bfd0a4048	Issue #23576 : Avoid stalling in SSL reads when EOF has been reached in the SSL layer but the underlying connection hasn't been closed.	2015-03-04 20:54:57 +01:00
Antoine Pitrou	f7f3b0a14a	Issue #23576 : Avoid stalling in SSL reads when EOF has been reached in the SSL layer but the underlying connection hasn't been closed.	2015-03-04 20:51:55 +01:00
Serhiy Storchaka	4d0d982985	Issue #23446 : Use PyMem_New instead of PyMem_Malloc to avoid possible integer overflows. Added few missed PyErr_NoMemory().	2015-02-16 13:33:32 +02:00
Serhiy Storchaka	1a1ff29659	Issue #23446 : Use PyMem_New instead of PyMem_Malloc to avoid possible integer overflows. Added few missed PyErr_NoMemory().	2015-02-16 13:28:22 +02:00
Benjamin Peterson	c54de47759	ifdef our way to compatibility with old openssl (closes #23335 )	2015-01-28 12:06:39 -05:00
Benjamin Peterson	07f0515667	disable ALPN on LibreSSL, which has a large version number, but not ALPN support (closes #23329 )	2015-01-27 11:10:18 -05:00
Benjamin Peterson	8861502e07	prefer server alpn ordering over the client's	2015-01-23 17:30:26 -05:00
Benjamin Peterson	cca2732a82	add support for ALPN (closes #20188 )	2015-01-23 16:35:37 -05:00
Benjamin Peterson	baf7c1e546	use SSL_get_session	2015-01-07 11:32:00 -06:00
Benjamin Peterson	4cb17812d9	expose the client's cipher suites from the handshake (closes #23186 )	2015-01-07 11:14:26 -06:00
Victor Stinner	fcfed19913	Issue #21356 : Make ssl.RAND_egd() optional to support LibreSSL. The availability of the function is checked during the compilation. Patch written by Bernard Spil.	2015-01-06 13:54:58 +01:00
Antoine Pitrou	5e8430d02c	Issue #23143 : Remove compatibility with OpenSSLs older than 0.9.8. (the last 0.9.7 release was in 2007)	2015-01-03 23:17:23 +01:00
Benjamin Peterson	e32467cf6a	allow ssl module to compile if openssl doesn't support SSL 3 (closes #22935 ) Patch by Kurt Roeckx.	2014-12-05 21:59:35 -05:00
Benjamin Peterson	7243b574e5	don't require OpenSSL SNI to pass hostname to ssl functions (#22921 ) Patch by Donald Stufft.	2014-11-23 17:04:34 -06:00
Benjamin Peterson	22293df016	merge 3.4 (#22935 )	2014-12-05 22:11:33 -05:00
Victor Stinner	beeb512fe1	Issue #21356 : Make ssl.RAND_egd() optional to support LibreSSL. The availability of the function is checked during the compilation. Patch written by Bernard Spil.	2014-11-28 13:28:25 +01:00
Benjamin Peterson	f9284ae8ed	merge 3.4 (#22921 )	2014-11-23 17:06:39 -06:00
Antoine Pitrou	b1fdf47ff5	Issue #21965 : Add support for in-memory SSL to the ssl module. Patch by Geert Jansen.	2014-10-05 20:41:53 +02:00
Antoine Pitrou	47e40429fb	Issue #20421 : Add a .version() method to SSL sockets exposing the actual protocol version in use.	2014-09-04 21:00:10 +02:00
Victor Stinner	e03de09ff2	(Merge 3.4) Issue #21781 , _ssl: Fix asn1obj2py() on Windows 64-bit, "s#" format requires size to be a Py_ssize_t, not an int. _ssl.c is now "Py_ssize_t clean".	2014-07-07 21:52:49 +02:00
Victor Stinner	cd75298611	Issue #21781 , _ssl: Fix asn1obj2py() on Windows 64-bit, "s#" format requires size to be a Py_ssize_t, not an int. _ssl.c is now "Py_ssize_t clean".	2014-07-07 21:52:29 +02:00
Victor Stinner	7f084064e8	(Merge 3.4) Issue #21781 : Make the ssl module "ssize_t clean" for parsing parameters. ssl.RAND_add() now supports strings longer than 2 GB.	2014-07-01 16:39:23 +02:00
Victor Stinner	2e57b4e488	Issue #21781 : Make the ssl module "ssize_t clean" for parsing parameters. ssl.RAND_add() now supports strings longer than 2 GB.	2014-07-01 16:37:17 +02:00
Victor Stinner	45e8e2f218	Issue #21490 : Add new C macros: Py_ABS() and Py_STRINGIFY() Keep _Py_STRINGIZE() in PC/pyconfig.h to not introduce a dependency between pyconfig.h and pymacros.h.	2014-05-14 17:24:35 +02:00
Antoine Pitrou	0bebbc33fa	Issue #21015 : SSL contexts will now automatically select an elliptic curve for ECDH key exchange on OpenSSL 1.0.2 and later, and otherwise default to "prime256v1". (should also fix a buildbot failure introduced by #20995)	2014-03-22 18:13:50 +01:00
Gregory P. Smith	83fed26953	avoid a compiler warning about assigning const char * to char *.	2014-01-17 12:09:05 -08:00
Gregory P. Smith	f34890937b	avoid a compiler warning about assigning const char * to char *.	2014-01-17 12:08:49 -08:00
Antoine Pitrou	78ace81c93	Issue #20207 : Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly asked for.	2014-01-09 20:09:03 +01:00
Antoine Pitrou	2f7c31678a	Remove conditional: it is useless at this point (OpenSSL headers are not yet included)	2014-01-09 20:07:41 +01:00
Antoine Pitrou	cd3d7cabef	Issue #20207 : Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly asked for.	2014-01-09 20:02:20 +01:00
Victor Stinner	36e96b8716	(Merge 3.3) Issue #20025 : ssl.RAND_bytes() and ssl.RAND_pseudo_bytes() now raise a ValueError if num is negative (instead of raising a SystemError).	2013-12-19 16:47:25 +01:00
Victor Stinner	1e81a399a2	Issue #20025 : ssl.RAND_bytes() and ssl.RAND_pseudo_bytes() now raise a ValueError if num is negative (instead of raising a SystemError).	2013-12-19 16:47:04 +01:00
Christian Heimes	1aa9a75fbf	Issue #19509 : Add SSLContext.check_hostname to match the peer's certificate with server_hostname on handshake.	2013-12-02 02:41:19 +01:00
Christian Heimes	470fba1f9f	SNI was added in OpenSSL 0.9.8f [11 Oct 2007], too	2013-11-28 15:12:15 +01:00
Christian Heimes	2427b50fdd	Issue #8813 : X509_VERIFY_PARAM is only available on OpenSSL 0.9.8+ The patch removes the verify_flags feature on Mac OS X 10.4 with OpenSSL 0.9.7l 28 Sep 2006.	2013-11-23 11:24:32 +01:00
Christian Heimes	5398e1a56e	Issue #19448 : report name / NID in exception message of ASN1Object	2013-11-22 16:20:53 +01:00
Christian Heimes	f22e8e5426	Issue #18147 : Add missing documentation for SSLContext.get_ca_certs(). Also change the argument name to the same name as getpeercert()	2013-11-22 02:22:51 +01:00
Christian Heimes	44109d7de7	Issue #17134 : Finalize interface to Windows' certificate store. Cert and CRL enumeration are now two functions. enum_certificates() also returns purpose flags as set of OIDs.	2013-11-22 01:51:30 +01:00
Christian Heimes	1dbf61fa46	downcast len to int. The code has already checked that len < INT_MAX	2013-11-22 00:34:18 +01:00
Christian Heimes	18fc7be80d	lst might be NULL here CID 1130752: Dereference after null check (FORWARD_NULL)	2013-11-21 23:57:49 +01:00
Christian Heimes	225877917e	Issue #8813 : Add SSLContext.verify_flags to change the verification flags of the context in order to enable certification revocation list (CRL) checks or strict X509 rules.	2013-11-21 23:56:13 +01:00
Christian Heimes	949ec14209	Issue #19682 : Fix compatibility issue with old version of OpenSSL that was introduced by Issue #18379.	2013-11-21 16:26:51 +01:00
Christian Heimes	bd3a7f90b5	Issue #18379 : SSLSocket.getpeercert() returns CA issuer AIA fields, OCSP and CRL distribution points.	2013-11-21 03:40:15 +01:00
Christian Heimes	efff7060f8	Issue #18138 : Implement cadata argument of SSLContext.load_verify_location() to load CA certificates and CRL from memory. It supports PEM and DER encoded strings.	2013-11-21 03:35:02 +01:00
Christian Heimes	b08ff7dcb4	Safely downcast SOCKET_T to int in _ssl module	2013-11-18 10:04:07 +01:00
Christian Heimes	a6bc95aa02	Issue #19448 : Add private API to SSL module to lookup ASN.1 objects by OID, NID, short name and long name.	2013-11-17 19:59:14 +01:00
Victor Stinner	a9eb38f02a	Issue #19437 : Fix newPySSLSocket(), handle PyWeakref_NewRef() failure	2013-10-31 16:35:38 +01:00
Victor Stinner	ba9be477b0	Issue #19437 : Fix fill_and_set_sslerror() of _ssl, handle Py_BuildValue() failure Don't call PyObject_CallObject() with NULL parameters and an exception set.	2013-10-31 15:00:24 +01:00

1 2 3 4 5 ...

255 commits