Georg Brandl 
								
							 
						 
						
							
							
							
							
								
							
							
								72c98d3a76 
								
							 
						 
						
							
							
								
								Issue  #17997 : Change behavior of `ssl.match_hostname()` to follow RFC 6125,  
							
							... 
							
							
							
							for security reasons.  It now doesn't match multiple wildcards nor wildcards
inside IDN fragments. 
							
						 
						
							2013-10-27 07:16:53 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Ezio Melotti 
								
							 
						 
						
							
							
							
							
								
							
							
								30b9d5d3af 
								
							 
						 
						
							
							
								
								#18705 : fix a number of typos.  Patch by Févry Thibault.  
							
							
							
						 
						
							2013-08-17 15:50:46 +03:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								636f93c63b 
								
							 
						 
						
							
							
								
								Issue  #17980 : Fix possible abuse of ssl.match_hostname() for denial of service using certificates with many wildcards (CVE-2013-2099).  
							
							
							
						 
						
							2013-05-18 17:56:42 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Benjamin Peterson 
								
							 
						 
						
							
							
							
							
								
							
							
								36f7b97787 
								
							 
						 
						
							
							
								
								remove __del__ because it's evil and also prevents the ResourceWarning on the socket from happening ( closes   #16900 )  
							
							
							
						 
						
							2013-01-10 14:16:20 -06:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								73e9bd4d25 
								
							 
						 
						
							
							
								
								Issue  #16357 : fix calling accept() on a SSLSocket created through SSLContext.wrap_socket().  
							
							... 
							
							
							
							Original patch by Jeff McNeil. 
							
						 
						
							2012-11-11 01:27:33 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								5c89b4ec55 
								
							 
						 
						
							
							
								
								Issue  #16357 : fix calling accept() on a SSLSocket created through SSLContext.wrap_socket().  
							
							... 
							
							
							
							Original patch by Jeff McNeil. 
							
						 
						
							2012-11-11 01:25:36 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								d5d17eb653 
								
							 
						 
						
							
							
								
								Issue  #14204 : The ssl module now has support for the Next Protocol Negotiation extension, if available in the underlying OpenSSL library.  
							
							... 
							
							
							
							Patch by Colin Marc. 
							
						 
						
							2012-03-22 00:23:03 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								a9bf2ac726 
								
							 
						 
						
							
							
								
								Try to really fix compilation failures of the _ssl module under very old OpenSSLs.  
							
							
							
						 
						
							2012-02-17 18:47:54 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								8f85f907e3 
								
							 
						 
						
							
							
								
								Issue  #13636 : Weak ciphers are now disabled by default in the ssl module  
							
							... 
							
							
							
							(except when SSLv2 is explicitly asked for). 
							
						 
						
							2012-01-03 22:46:48 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								72aeec35a1 
								
							 
						 
						
							
							
								
								Issue  #13636 : Weak ciphers are now disabled by default in the ssl module  
							
							... 
							
							
							
							(except when SSLv2 is explicitly asked for). 
							
						 
						
							2012-01-03 22:49:08 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								0e576f1f50 
								
							 
						 
						
							
							
								
								Issue  #13626 : Add support for SSL Diffie-Hellman key exchange, through the  
							
							... 
							
							
							
							SSLContext.load_dh_params() method and the ssl.OP_SINGLE_DH_USE option. 
							
						 
						
							2011-12-22 10:03:38 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								501da61671 
								
							 
						 
						
							
							
								
								Fix ssl module compilation if ECDH support was disabled in the OpenSSL build.  
							
							... 
							
							
							
							(followup to issue #13627 ) 
							
						 
						
							2011-12-21 09:27:41 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								8abdb8abd8 
								
							 
						 
						
							
							
								
								Issue  #13634 : Add support for querying and disabling SSL compression.  
							
							
							
						 
						
							2011-12-20 10:13:40 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								923df6f22a 
								
							 
						 
						
							
							
								
								Issue  #13627 : Add support for SSL Elliptic Curve-based Diffie-Hellman  
							
							... 
							
							
							
							key exchange, through the SSLContext.set_ecdh_curve() method and the
ssl.OP_SINGLE_ECDH_USE option. 
							
						 
						
							2011-12-19 17:16:51 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								6db4944cc5 
								
							 
						 
						
							
							
								
								Issue  #13635 : Add ssl.OP_CIPHER_SERVER_PREFERENCE, so that SSL servers  
							
							... 
							
							
							
							choose the cipher based on their own preferences, rather than on the
client's. 
							
						 
						
							2011-12-19 13:27:11 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								41032a69c1 
								
							 
						 
						
							
							
								
								Issue  #11183 : Add finer-grained exceptions to the ssl module, so that  
							
							... 
							
							
							
							you don't have to inspect the exception's attributes in the common case. 
							
						 
						
							2011-10-27 23:56:55 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Nick Coghlan 
								
							 
						 
						
							
							
							
							
								
							
							
								513886aabb 
								
							 
						 
						
							
							
								
								Fix   #12835 : prevent use of the unencrypted sendmsg/recvmsg APIs on SSL wrapped sockets (Patch by David Watson)  
							
							
							
						 
						
							2011-08-28 00:00:27 +10:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Nick Coghlan 
								
							 
						 
						
							
							
							
							
								
							
							
								5fab03fd15 
								
							 
						 
						
							
							
								
								Remove the SSLSocket versions of sendmsg/recvmsg due to lack of proper tests and documentation in conjunction with lack of any known use cases (see issue  #6560  for details)  
							
							
							
						 
						
							2011-08-23 22:26:44 +10:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Nick Coghlan 
								
							 
						 
						
							
							
							
							
								
							
							
								96fe56abec 
								
							 
						 
						
							
							
								
								Add support for the send/recvmsg API to the socket module. Patch by David Watson and Heiko Wundram. ( Closes   #6560 )  
							
							
							
						 
						
							2011-08-22 11:55:57 +10:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								d649480739 
								
							 
						 
						
							
							
								
								Issue  #12551 : Provide a get_channel_binding() method on SSL sockets so as  
							
							... 
							
							
							
							to get channel binding data for the current SSL session (only the
"tls-unique" channel binding is implemented).  This allows the
implementation of certain authentication mechanisms such as SCRAM-SHA-1-PLUS.
Patch by Jacek Konieczny. 
							
						 
						
							2011-07-21 01:11:30 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								7128f95bd2 
								
							 
						 
						
							
							
								
								Issue  #12440 : When testing whether some bits in SSLContext.options can be  
							
							... 
							
							
							
							reset, check the version of the OpenSSL headers Python was compiled against,
rather than the runtime version of the OpenSSL library. 
							
						 
						
							2011-07-08 18:49:07 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								b9ac25d1c3 
								
							 
						 
						
							
							
								
								Issue  #12440 : When testing whether some bits in SSLContext.options can be  
							
							... 
							
							
							
							reset, check the version of the OpenSSL headers Python was compiled against,
rather than the runtime version of the OpenSSL library. 
							
						 
						
							2011-07-08 18:47:06 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Victor Stinner 
								
							 
						 
						
							
							
							
							
								
							
							
								99c8b16143 
								
							 
						 
						
							
							
								
								Issue  #12049 : Add RAND_bytes() and RAND_pseudo_bytes() functions to the ssl  
							
							... 
							
							
							
							module. 
							
						 
						
							2011-05-24 12:05:19 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								7a616f2fc5 
								
							 
						 
						
							
							
								
								Issue  #12065 : connect_ex() on an SSL socket now returns the original errno  
							
							... 
							
							
							
							when the socket's timeout expires (it used to return None). 
							
						 
						
							2011-05-18 18:52:20 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								b4410dbea6 
								
							 
						 
						
							
							
								
								Issue  #12065 : connect_ex() on an SSL socket now returns the original errno  
							
							... 
							
							
							
							when the socket's timeout expires (it used to return None). 
							
						 
						
							2011-05-18 18:51:06 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Victor Stinner 
								
							 
						 
						
							
							
							
							
								
							
							
								17ca323e7c 
								
							 
						 
						
							
							
								
								(Merge 3.1) Issue  #12012 : ssl.PROTOCOL_SSLv2 becomes optional  
							
							... 
							
							
							
							OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.
Optimize also ssl.get_protocol_name(): speed does matter! 
							
						 
						
							2011-05-10 00:48:41 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Victor Stinner 
								
							 
						 
						
							
							
							
							
								
							
							
								ee18b6f2fd 
								
							 
						 
						
							
							
								
								Issue  #12012 : ssl.PROTOCOL_SSLv2 becomes optional  
							
							... 
							
							
							
							OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.
Optimize also ssl.get_protocol_name(): speed does matter! 
							
						 
						
							2011-05-10 00:38:00 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Victor Stinner 
								
							 
						 
						
							
							
							
							
								
							
							
								3de49192aa 
								
							 
						 
						
							
							
								
								Issue  #12012 : ssl.PROTOCOL_SSLv2 becomes optional  
							
							... 
							
							
							
							OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.
Optimize also ssl.get_protocol_name(): speed does matter! 
							
						 
						
							2011-05-09 00:42:58 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								ff9bfca482 
								
							 
						 
						
							
							
								
								Issue  #12000 : When a SSL certificate has a subjectAltName without any  
							
							... 
							
							
							
							dNSName entry, ssl.match_hostname() should use the subject's commonName.
Patch by Nicolas Bareil. 
							
						 
						
							2011-05-06 15:20:55 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								1c86b44506 
								
							 
						 
						
							
							
								
								Issue  #12000 : When a SSL certificate has a subjectAltName without any  
							
							... 
							
							
							
							dNSName entry, ssl.match_hostname() should use the subject's commonName.
Patch by Nicolas Bareil. 
							
						 
						
							2011-05-06 15:19:49 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								15399c3f09 
								
							 
						 
						
							
							
								
								Issue  #11811 : ssl.get_server_certificate() is now IPv6-compatible.  Patch  
							
							... 
							
							
							
							by Charles-François Natali. 
							
						 
						
							2011-04-28 19:23:55 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								86cbfec50a 
								
							 
						 
						
							
							
								
								Merged revisions 88664 via svnmerge from  
							
							... 
							
							
							
							svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
  r88664 | antoine.pitrou | 2011-02-27 00:24:06 +0100 (dim., 27 févr. 2011) | 4 lines
  Issue #11326 : Add the missing connect_ex() implementation for SSL sockets,
  and make it work for non-blocking connects.
........ 
							
						 
						
							2011-02-26 23:25:34 +00:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								e93bf7aed2 
								
							 
						 
						
							
							
								
								Issue  #11326 : Add the missing connect_ex() implementation for SSL sockets,  
							
							... 
							
							
							
							and make it work for non-blocking connects. 
							
						 
						
							2011-02-26 23:24:06 +00:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								d532321f7b 
								
							 
						 
						
							
							
								
								Issue  #5639 : Add a *server_hostname* argument to SSLContext.wrap_socket  
							
							... 
							
							
							
							in order to support the TLS SNI extension.  `HTTPSConnection` and
`urlopen()` also use this argument, so that HTTPS virtual hosts are now
supported. 
							
						 
						
							2010-10-22 18:19:07 +00:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								59fdd6736b 
								
							 
						 
						
							
							
								
								Issue  #1589 : Add ssl.match_hostname(), to help implement server identity  
							
							... 
							
							
							
							verification for higher-level protocols. 
							
						 
						
							2010-10-08 10:37:08 +00:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								5974cdd5f5 
								
							 
						 
						
							
							
								
								Merged revisions 84807 via svnmerge from  
							
							... 
							
							
							
							svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
  r84807 | antoine.pitrou | 2010-09-14 16:43:44 +0200 (mar., 14 sept. 2010) | 4 lines
  Issue #9853 : Fix the signature of SSLSocket.recvfrom() and
  SSLSocket.sendto() to match the corresponding socket methods.
........ 
							
						 
						
							2010-09-14 14:47:08 +00:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								a468adc76d 
								
							 
						 
						
							
							
								
								Issue  #9853 : Fix the signature of SSLSocket.recvfrom() and  
							
							... 
							
							
							
							SSLSocket.sendto() to match the corresponding socket methods. 
							
						 
						
							2010-09-14 14:43:44 +00:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								10c4c23a25 
								
							 
						 
						
							
							
								
								Merged revisions 84464 via svnmerge from  
							
							... 
							
							
							
							svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
  r84464 | antoine.pitrou | 2010-09-03 20:38:17 +0200 (ven., 03 sept. 2010) | 3 lines
  Issue #3805 : clean up implementation of the _read method in _ssl.c.
........ 
							
						 
						
							2010-09-03 18:39:47 +00:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								24e561ae04 
								
							 
						 
						
							
							
								
								Issue  #3805 : clean up implementation of the _read method in _ssl.c.  
							
							
							
						 
						
							2010-09-03 18:38:17 +00:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Giampaolo Rodolà 
								
							 
						 
						
							
							
							
							
								
							
							
								8b7da623ce 
								
							 
						 
						
							
							
								
								Fix issue  #9711 : raise ValueError is SSLConnection constructor is invoked with keyfile and not certfile.  
							
							
							
						 
						
							2010-08-30 18:28:05 +00:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Giampaolo Rodolà 
								
							 
						 
						
							
							
							
							
								
							
							
								745ab3807e 
								
							 
						 
						
							
							
								
								Fix issue issue9706: provides a better error handling for various SSL operations  
							
							
							
						 
						
							2010-08-29 19:25:49 +00:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Giampaolo Rodolà 
								
							 
						 
						
							
							
							
							
								
							
							
								374f835316 
								
							 
						 
						
							
							
								
								Raise ValuError if non-zero flag argument is provided for sendall() method for conformity with send(), recv() and recv_into()  
							
							
							
						 
						
							2010-08-29 12:08:09 +00:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								6e451df800 
								
							 
						 
						
							
							
								
								Followup to r83869 and issue  #8524 : rename socket.forget() to socket.detach()  
							
							... 
							
							
							
							and make it return the file descriptor. 
							
						 
						
							2010-08-09 20:39:54 +00:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								e43f9d0ed6 
								
							 
						 
						
							
							
								
								Issue  #8524 : Add a forget() method to socket objects, so as to put the  
							
							... 
							
							
							
							socket into the closed state without closing the underlying file
descriptor. 
							
						 
						
							2010-08-08 23:24:50 +00:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								b52187710e 
								
							 
						 
						
							
							
								
								Issue  #4870 : Add an options attribute to SSL contexts, as well as  
							
							... 
							
							
							
							several ``OP_*`` constants to the `ssl` module.  This allows to selectively
disable protocol versions, when used in combination with `PROTOCOL_SSLv23`. 
							
						 
						
							2010-05-21 09:56:06 +00:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								152efa2ae2 
								
							 
						 
						
							
							
								
								Issue  #8550 : Add first class SSLContext objects to the ssl module.  
							
							
							
						 
						
							2010-05-16 18:19:27 +00:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								f07d5589c0 
								
							 
						 
						
							
							
								
								Merged revisions 80517 via svnmerge from  
							
							... 
							
							
							
							svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
  r80517 | antoine.pitrou | 2010-04-27 01:06:26 +0200 (mar., 27 avril 2010) | 3 lines
  Remove unused import
........ 
							
						 
						
							2010-04-26 23:08:35 +00:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								90e6d04071 
								
							 
						 
						
							
							
								
								Remove unused import  
							
							
							
						 
						
							2010-04-26 23:06:26 +00:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								28f7ab6402 
								
							 
						 
						
							
							
								
								Merged revisions 80515 via svnmerge from  
							
							... 
							
							
							
							svn+ssh://pythondev@svn.python.org/python/branches/py3k
........
  r80515 | antoine.pitrou | 2010-04-27 00:17:47 +0200 (mar., 27 avril 2010) | 4 lines
  Hopefully fix sporadic Windows issue by avoiding calling getpeername()
  on a freshly dup'ed socket.
........ 
							
						 
						
							2010-04-26 22:37:59 +00:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Antoine Pitrou 
								
							 
						 
						
							
							
							
							
								
							
							
								fa2b9380c0 
								
							 
						 
						
							
							
								
								Hopefully fix sporadic Windows issue by avoiding calling getpeername()  
							
							... 
							
							
							
							on a freshly dup'ed socket. 
							
						 
						
							2010-04-26 22:17:47 +00:00