Stowage/cpython
2
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-10-31 13:41:24 +00:00
Code Issues Projects Releases Packages Wiki Activity
128076 commits 7 branches 633 tags 3.7 GiB
Commit graph

585 commits

Author SHA1 Message Date
Christian Heimes
32f0c7a67b or VERIFY_CRL_CHECK_LEAF to verify_flags 2013-11-22 03:43:48 +01:00
Christian Heimes
44109d7de7 Issue #17134: Finalize interface to Windows' certificate store. Cert and 
CRL enumeration are now two functions. enum_certificates() also returns
purpose flags as set of OIDs.
 2013-11-22 01:51:30 +01:00
Christian Heimes
d6dc952e17 one CERT_REQUIRED is enough 2013-11-22 00:39:38 +01:00
Christian Heimes
225877917e Issue #8813: Add SSLContext.verify_flags to change the verification flags 
of the context in order to enable certification revocation list (CRL)
checks or strict X509 rules.
 2013-11-21 23:56:13 +01:00
Christian Heimes
bd3a7f90b5 Issue #18379: SSLSocket.getpeercert() returns CA issuer AIA fields, OCSP 
and CRL distribution points.
 2013-11-21 03:40:15 +01:00
Christian Heimes
efff7060f8 Issue #18138: Implement cadata argument of SSLContext.load_verify_location() 
to load CA certificates and CRL from memory. It supports PEM and DER
encoded strings.
 2013-11-21 03:35:02 +01:00
Christian Heimes
a6bc95aa02 Issue #19448: Add private API to SSL module to lookup ASN.1 objects by OID, NID, short name and long name. 2013-11-17 19:59:14 +01:00
Georg Brandl
ec3c103520 Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes 
inside subjectAltName correctly. Formerly the module has used OpenSSL's
GENERAL_NAME_print() function to get the string represention of ASN.1
strings for ``rfc822Name`` (email), ``dNSName`` (DNS) and
``uniformResourceIdentifier`` (URI).
 2014-09-30 14:04:51 +02:00
Georg Brandl
72c98d3a76 Issue #17997: Change behavior of `ssl.match_hostname()` to follow RFC 6125, 
for security reasons.  It now doesn't match multiple wildcards nor wildcards
inside IDN fragments.
 2013-10-27 07:16:53 +01:00
Georg Brandl
b89b5df9c9 merge with 3.3 2013-10-27 07:46:09 +01:00
Antoine Pitrou
20b85557f2 Issue #19095: SSLSocket.getpeercert() now raises ValueError when the SSL handshake hasn't been done. 2013-09-29 19:50:53 +02:00
Christian Heimes
2769d44827 Issue #18709: Fix issue with IPv6 address in subjectAltName on Mac OS X Tiger 2013-08-25 14:12:50 +02:00
Christian Heimes
157c9834b4 Issue #18709: Fix issue with IPv6 address in subjectAltName on Mac OS X Tiger 2013-08-25 14:12:41 +02:00
Christian Heimes
6acbe2aaa3 Issue #18747: Re-seed OpenSSL's pseudo-random number generator after fork. 
A pthread_atfork() child handler is used to seeded the PRNG with pid, time
and some stack data.
 2013-08-21 13:26:34 +02:00
Christian Heimes
f77b4b20e9 Issue #18747: Re-seed OpenSSL's pseudo-random number generator after fork. 
A pthread_atfork() child handler is used to seeded the PRNG with pid, time
and some stack data.
 2013-08-21 13:26:05 +02:00
Christian Heimes
e06d47c70c Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes 
inside subjectAltName correctly. Formerly the module has used OpenSSL's
GENERAL_NAME_print() function to get the string represention of ASN.1
strings for rfc822Name (email), dNSName (DNS) and
uniformResourceIdentifier (URI).
 2013-08-17 00:58:00 +02:00
Christian Heimes
824f7f366d Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes 
inside subjectAltName correctly. Formerly the module has used OpenSSL's
GENERAL_NAME_print() function to get the string represention of ASN.1
strings for rfc822Name (email), dNSName (DNS) and
uniformResourceIdentifier (URI).
 2013-08-17 00:54:47 +02:00
Antoine Pitrou
2894073e1a test_ssl: use a bytestring here 2013-07-20 19:36:15 +02:00
Antoine Pitrou
60a26e0516 Issue #9177: Calling read() or write() now raises ValueError, not AttributeError, on a closed SSL socket. 
Patch by Senko Rasic.
 2013-07-20 19:35:16 +02:00
Christian Heimes
9a5395ae2b Issue #18147: Add diagnostic functions to ssl.SSLContext(). 
get_ca_list() lists all loaded CA certificates and cert_store_stats() returns
amount of loaded X.509 certs, X.509 CA certs and CRLs.
 2013-06-17 15:44:12 +02:00
Christian Heimes
9424bb4aea Issue #18207: Fix test_ssl for some versions of OpenSSL that ignore seconds 
in ASN1_TIME fields.
 2013-06-17 15:32:57 +02:00
Christian Heimes
46bebee25f Issue #17134: Add ssl.enum_cert_store() as interface to Windows' cert store. 2013-06-09 19:03:31 +02:00
Christian Heimes
6d7ad13a45 Issue #18143: Implement ssl.get_default_verify_paths() in order to debug 
the default locations for cafile and capath.
 2013-06-09 18:02:55 +02:00
Antoine Pitrou
86d53cadda Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of service using certificates with many wildcards (CVE-2013-2099). 2013-05-18 17:56:42 +02:00
Antoine Pitrou
636f93c63b Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of service using certificates with many wildcards (CVE-2013-2099). 2013-05-18 17:56:42 +02:00
Antoine Pitrou
31fb419908 Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of service using certificates with many wildcards (CVE-2013-2099). 2013-05-18 17:59:12 +02:00
Antoine Pitrou
242db728e2 Issue #13721: SSLSocket.getpeercert() and SSLSocket.do_handshake() now raise an OSError with ENOTCONN, instead of an AttributeError, when the SSLSocket is not connected. 2013-05-01 20:52:07 +02:00
Antoine Pitrou
50b24d0d7c Fix a crash when setting a servername callback on a SSL server socket and the client doesn't send a server name. 
Patch by Kazuhiro Yoshida.
(originally issue #8109)
 2013-04-11 20:48:42 +02:00
Antoine Pitrou
609ef01b02 In search of TLS 1.1 bug: add debugging output in verbose mode 2013-03-29 18:09:06 +01:00
Antoine Pitrou
972d5bb763 Use a subtest in test_ssl.test_echo 2013-03-29 17:56:03 +01:00
Antoine Pitrou
2463e5fee4 Issue #16692: The ssl module now supports TLS 1.1 and TLS 1.2. Initial patch by Michele Orrù. 2013-03-28 22:24:43 +01:00
Nadeem Vawda
6386e17f39 Issue #13898: test_ssl no longer prints a spurious stack trace on Ubuntu. 2013-03-03 22:48:15 +01:00
Nadeem Vawda
ad246bfb71 Issue #13898: test_ssl no longer prints a spurious stack trace on Ubuntu. 2013-03-03 22:44:22 +01:00
Nadeem Vawda
7b39b9b51b Issue #13898: test_ssl no longer prints a spurious stack trace on Ubuntu. 2013-03-03 22:31:21 +01:00
Antoine Pitrou
da23259f99 Issue #17107: Test client-side SNI support in urllib.request thanks to the new server-side SNI support in the ssl module. 
Initial patch by Daniel Black.
 2013-02-05 21:20:51 +01:00
Antoine Pitrou
6b4e2a9c02 In test_ssl, threaded tests shouldn't need the network resource to be enabled 2013-01-12 22:00:54 +01:00
Antoine Pitrou
db5012ab47 In test_ssl, threaded tests shouldn't need the "network" resource to be enabled 2013-01-12 22:00:09 +01:00
Antoine Pitrou
e9bb4733d9 Issue #16923: Fix ResourceWarnings in test_ssl. 2013-01-12 21:56:56 +01:00
Antoine Pitrou
e1ceb50cdf Issue #16923: Fix ResourceWarnings in test_ssl. 2013-01-12 21:54:44 +01:00
Benjamin Peterson
f86b3c394c merge 3.3 (#16900) 2013-01-10 14:16:42 -06:00
Benjamin Peterson
36f7b97787 remove __del__ because it's evil and also prevents the ResourceWarning on the socket from happening (closes #16900) 2013-01-10 14:16:20 -06:00
Antoine Pitrou
58ddc9d743 Issue #8109: The ssl module now has support for server-side SNI, thanks to a :meth:SSLContext.set_servername_callback method. 
Patch by Daniel Black.
 2013-01-05 21:20:29 +01:00
Antoine Pitrou
49f7e58778 Forward port new test for SSLSocket.connect_ex() 2012-12-28 19:09:41 +01:00
Antoine Pitrou
6464b84b3e Forward port new test for SSLSocket.connect_ex() 2012-12-28 19:08:49 +01:00
Antoine Pitrou
ddb87ab1b4 Forward port new test for SSLSocket.connect_ex() 2012-12-28 19:07:43 +01:00
Antoine Pitrou
40f12ab0c5 Backport Python 3.2 fix for issue #12065, and add another test for SSLSocket.connect_ex(). 2012-12-28 19:03:43 +01:00
Andrew Svetlov
f7a17b48d7 Replace IOError with OSError (#16715) 2012-12-25 16:47:37 +02:00
Andrew Svetlov
0832af6628 Issue #16717: get rid of socket.error, replace with OSError 2012-12-18 23:10:48 +02:00
Antoine Pitrou
73e9bd4d25 Issue #16357: fix calling accept() on a SSLSocket created through SSLContext.wrap_socket(). 
Original patch by Jeff McNeil.
 2012-11-11 01:27:33 +01:00
Antoine Pitrou
5c89b4ec55 Issue #16357: fix calling accept() on a SSLSocket created through SSLContext.wrap_socket(). 
Original patch by Jeff McNeil.
 2012-11-11 01:25:36 +01:00