cpython

Commit Graph

Author	SHA1	Message	Date
Victor Stinner	fcfed19913	Issue #21356 : Make ssl.RAND_egd() optional to support LibreSSL. The availability of the function is checked during the compilation. Patch written by Bernard Spil.	12 years ago
Benjamin Peterson	e32467cf6a	allow ssl module to compile if openssl doesn't support SSL 3 (closes #22935 ) Patch by Kurt Roeckx.	12 years ago
Benjamin Peterson	7243b574e5	don't require OpenSSL SNI to pass hostname to ssl functions (#22921 ) Patch by Donald Stufft.	12 years ago
Victor Stinner	cd75298611	Issue #21781 , _ssl: Fix asn1obj2py() on Windows 64-bit, "s#" format requires size to be a Py_ssize_t, not an int. _ssl.c is now "Py_ssize_t clean".	12 years ago
Victor Stinner	2e57b4e488	Issue #21781 : Make the ssl module "ssize_t clean" for parsing parameters. ssl.RAND_add() now supports strings longer than 2 GB.	12 years ago
Antoine Pitrou	0bebbc33fa	Issue #21015 : SSL contexts will now automatically select an elliptic curve for ECDH key exchange on OpenSSL 1.0.2 and later, and otherwise default to "prime256v1". (should also fix a buildbot failure introduced by #20995)	12 years ago
Gregory P. Smith	f34890937b	avoid a compiler warning about assigning const char * to char *.	13 years ago
Antoine Pitrou	2f7c31678a	Remove conditional: it is useless at this point (OpenSSL headers are not yet included)	13 years ago
Antoine Pitrou	cd3d7cabef	Issue #20207 : Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly asked for.	13 years ago
Victor Stinner	1e81a399a2	Issue #20025 : ssl.RAND_bytes() and ssl.RAND_pseudo_bytes() now raise a ValueError if num is negative (instead of raising a SystemError).	13 years ago
Christian Heimes	1aa9a75fbf	Issue #19509 : Add SSLContext.check_hostname to match the peer's certificate with server_hostname on handshake.	13 years ago
Christian Heimes	470fba1f9f	SNI was added in OpenSSL 0.9.8f [11 Oct 2007], too	13 years ago
Christian Heimes	2427b50fdd	Issue #8813 : X509_VERIFY_PARAM is only available on OpenSSL 0.9.8+ The patch removes the verify_flags feature on Mac OS X 10.4 with OpenSSL 0.9.7l 28 Sep 2006.	13 years ago
Christian Heimes	5398e1a56e	Issue #19448 : report name / NID in exception message of ASN1Object	13 years ago
Christian Heimes	f22e8e5426	Issue #18147 : Add missing documentation for SSLContext.get_ca_certs(). Also change the argument name to the same name as getpeercert()	13 years ago
Christian Heimes	44109d7de7	Issue #17134 : Finalize interface to Windows' certificate store. Cert and CRL enumeration are now two functions. enum_certificates() also returns purpose flags as set of OIDs.	13 years ago
Christian Heimes	1dbf61fa46	downcast len to int. The code has already checked that len < INT_MAX	13 years ago
Christian Heimes	18fc7be80d	lst might be NULL here CID 1130752: Dereference after null check (FORWARD_NULL)	13 years ago
Christian Heimes	225877917e	Issue #8813 : Add SSLContext.verify_flags to change the verification flags of the context in order to enable certification revocation list (CRL) checks or strict X509 rules.	13 years ago
Christian Heimes	949ec14209	Issue #19682 : Fix compatibility issue with old version of OpenSSL that was introduced by Issue #18379.	13 years ago
Christian Heimes	bd3a7f90b5	Issue #18379 : SSLSocket.getpeercert() returns CA issuer AIA fields, OCSP and CRL distribution points.	13 years ago
Christian Heimes	efff7060f8	Issue #18138 : Implement cadata argument of SSLContext.load_verify_location() to load CA certificates and CRL from memory. It supports PEM and DER encoded strings.	13 years ago
Christian Heimes	b08ff7dcb4	Safely downcast SOCKET_T to int in _ssl module	13 years ago
Christian Heimes	a6bc95aa02	Issue #19448 : Add private API to SSL module to lookup ASN.1 objects by OID, NID, short name and long name.	13 years ago
Victor Stinner	a9eb38f02a	Issue #19437 : Fix newPySSLSocket(), handle PyWeakref_NewRef() failure	13 years ago
Victor Stinner	ba9be477b0	Issue #19437 : Fix fill_and_set_sslerror() of _ssl, handle Py_BuildValue() failure Don't call PyObject_CallObject() with NULL parameters and an exception set.	13 years ago
Georg Brandl	ec3c103520	Issue #18709 : Fix CVE-2013-4238. The SSL module now handles NULL bytes inside subjectAltName correctly. Formerly the module has used OpenSSL's GENERAL_NAME_print() function to get the string represention of ASN.1 strings for ``rfc822Name`` (email), ``dNSName`` (DNS) and ``uniformResourceIdentifier`` (URI).	12 years ago
Christian Heimes	7e24617904	Issue #19227 / Issue #18747 : Remove pthread_atfork() handler to remove OpenSSL re-seeding It is causing trouble like e.g. hanging processes.	13 years ago
Christian Heimes	fb6b44e830	Issue #19227 / Issue #18747 : Remove pthread_atfork() handler to remove OpenSSL re-seeding It is causing trouble like e.g. hanging processes.	13 years ago
Georg Brandl	81be27d53e	Issue #19227 : Try to fix deadlocks caused by re-seeding then OpenSSL pseudo-random number generator on fork().	13 years ago
Antoine Pitrou	860aee75b8	Properly initialize all fields of a SSL object after allocation.	13 years ago
Antoine Pitrou	20b85557f2	Issue #19095 : SSLSocket.getpeercert() now raises ValueError when the SSL handshake hasn't been done.	13 years ago
Christian Heimes	60bf2fc25b	Issue #18709 : GCC 4.6 complains that 'v' may be used uninitialized in GEN_EMAIL/GEN_URI/GEN_DNS case	13 years ago
Victor Stinner	daf455554b	Issue #18571 : Implementation of the PEP 446: file descriptors and file handles are now created non-inheritable; add functions os.get/set_inheritable(), os.get/set_handle_inheritable() and socket.socket.get/set_inheritable().	13 years ago
Christian Heimes	61636e7105	Issue #18747 : Fix spelling errors in my commit message and comments, thanks to Vajrasky Kok for proof-reading.	13 years ago
Richard Oudkerk	cabbde9e1e	Fix compiler warning on Windows.	13 years ago
Christian Heimes	80c5de93f9	Issue #18747 : Use a parent atfork handler instead of a child atfork handler. fork() is suppose to be async-signal safe but the handler calls unsafe functions. A parent handler mitigates the issue.	13 years ago
Christian Heimes	f77b4b20e9	Issue #18747 : Re-seed OpenSSL's pseudo-random number generator after fork. A pthread_atfork() child handler is used to seeded the PRNG with pid, time and some stack data.	13 years ago
Christian Heimes	4d98ca9ff6	Issue #18777 : The ssl module now uses the new CRYPTO_THREADID API of OpenSSL 1.0.0+ instead of the deprecated CRYPTO id callback function.	13 years ago
Christian Heimes	3c2593b2bb	Issue 18768: Correct doc string of RAND_edg(). Patch by Vajrasky Kok.	13 years ago
Christian Heimes	474afdda60	Issue #18768 : coding style nitpick. Thanks to Vajrasky Kok	13 years ago
Ezio Melotti	85a8629d21	#18466 : fix more typos. Patch by Févry Thibault.	13 years ago
Christian Heimes	824f7f366d	Issue #18709 : Fix CVE-2013-4238. The SSL module now handles NULL bytes inside subjectAltName correctly. Formerly the module has used OpenSSL's GENERAL_NAME_print() function to get the string represention of ASN.1 strings for rfc822Name (email), dNSName (DNS) and uniformResourceIdentifier (URI).	13 years ago
Christian Heimes	5962bef8aa	Check return value of PyLong_FromLong(X509_get_version()). It might be NULL if X509_get_version() grows beyond our small int cache. CID 1058279	13 years ago
Victor Stinner	11ebff2757	Issue #18203 : Replace malloc() with PyMem_Malloc() in _ssl for the password	13 years ago
Victor Stinner	b64049183c	Issue #18203 : Replace malloc() with PyMem_Malloc() in Python modules Replace malloc() with PyMem_Malloc() when the GIL is held, or with PyMem_RawMalloc() otherwise.	13 years ago
Victor Stinner	7e00151e1f	_ssl.c: strip trailing spaces	13 years ago
Victor Stinner	6efa965a27	Issue #18135 : ssl.SSLSocket.write() now raises an OverflowError if the input string in longer than 2 gigabytes, and ssl.SSLContext.load_cert_chain() raises a ValueError if the password is longer than 2 gigabytes. The ssl module does not support partial write.	13 years ago
Victor Stinner	9ee0203057	Issue #18135 : Fix a possible integer overflow in ssl.SSLSocket.write() and in ssl.SSLContext.load_cert_chain() for strings and passwords longer than 2 gigabytes.	13 years ago
Victor Stinner	4569cd5eab	_ssl.c: strip trailing spaces	13 years ago

1 2 3 4 5

234 Commits (833d1925c77f8b996016d57fb08f981d3bfaf690)