cpython

Commit Graph

Author	SHA1	Message	Date
Benjamin Peterson	025a1fd990	rm trailing ws	10 years ago
Benjamin Peterson	f0c9038a36	fix possible memory lea k in _get_aia_uri (closes #25578 )	10 years ago
Benjamin Peterson	806fb25405	fix build with older openssl (#25569 )	10 years ago
Benjamin Peterson	a9dcdabccb	always set OP_NO_SSLv3 by default (closes #25530 )	10 years ago
Benjamin Peterson	eda06c8f5e	fix memory leak in _get_crl_dp (closes #25569 ) Patch started by Stéphane Wirtel.	10 years ago
Serhiy Storchaka	d65c9496da	Issue #25523 : Further a-to-an corrections.	10 years ago
Benjamin Peterson	d113c967b4	improve style of the convert macro (#24655 ) Patch by Brian Cain.	11 years ago
Benjamin Peterson	43b842775f	remove extra arguments in arg parsing format codes (closes #23875 )	11 years ago
Benjamin Peterson	990fcaac3c	expose X509_V_FLAG_TRUSTED_FIRST	11 years ago
Benjamin Peterson	fdb1971587	enable X509_V_FLAG_TRUSTED_FIRST when possible (closes #23476 )	11 years ago
Antoine Pitrou	f7f3b0a14a	Issue #23576 : Avoid stalling in SSL reads when EOF has been reached in the SSL layer but the underlying connection hasn't been closed.	11 years ago
Serhiy Storchaka	1a1ff29659	Issue #23446 : Use PyMem_New instead of PyMem_Malloc to avoid possible integer overflows. Added few missed PyErr_NoMemory().	11 years ago
Victor Stinner	fcfed19913	Issue #21356 : Make ssl.RAND_egd() optional to support LibreSSL. The availability of the function is checked during the compilation. Patch written by Bernard Spil.	11 years ago
Benjamin Peterson	e32467cf6a	allow ssl module to compile if openssl doesn't support SSL 3 (closes #22935 ) Patch by Kurt Roeckx.	11 years ago
Benjamin Peterson	7243b574e5	don't require OpenSSL SNI to pass hostname to ssl functions (#22921 ) Patch by Donald Stufft.	11 years ago
Victor Stinner	cd75298611	Issue #21781 , _ssl: Fix asn1obj2py() on Windows 64-bit, "s#" format requires size to be a Py_ssize_t, not an int. _ssl.c is now "Py_ssize_t clean".	12 years ago
Victor Stinner	2e57b4e488	Issue #21781 : Make the ssl module "ssize_t clean" for parsing parameters. ssl.RAND_add() now supports strings longer than 2 GB.	12 years ago
Antoine Pitrou	0bebbc33fa	Issue #21015 : SSL contexts will now automatically select an elliptic curve for ECDH key exchange on OpenSSL 1.0.2 and later, and otherwise default to "prime256v1". (should also fix a buildbot failure introduced by #20995)	12 years ago
Gregory P. Smith	f34890937b	avoid a compiler warning about assigning const char * to char *.	12 years ago
Antoine Pitrou	2f7c31678a	Remove conditional: it is useless at this point (OpenSSL headers are not yet included)	12 years ago
Antoine Pitrou	cd3d7cabef	Issue #20207 : Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly asked for.	12 years ago
Victor Stinner	1e81a399a2	Issue #20025 : ssl.RAND_bytes() and ssl.RAND_pseudo_bytes() now raise a ValueError if num is negative (instead of raising a SystemError).	12 years ago
Christian Heimes	1aa9a75fbf	Issue #19509 : Add SSLContext.check_hostname to match the peer's certificate with server_hostname on handshake.	12 years ago
Christian Heimes	470fba1f9f	SNI was added in OpenSSL 0.9.8f [11 Oct 2007], too	12 years ago
Christian Heimes	2427b50fdd	Issue #8813 : X509_VERIFY_PARAM is only available on OpenSSL 0.9.8+ The patch removes the verify_flags feature on Mac OS X 10.4 with OpenSSL 0.9.7l 28 Sep 2006.	12 years ago
Christian Heimes	5398e1a56e	Issue #19448 : report name / NID in exception message of ASN1Object	12 years ago
Christian Heimes	f22e8e5426	Issue #18147 : Add missing documentation for SSLContext.get_ca_certs(). Also change the argument name to the same name as getpeercert()	12 years ago
Christian Heimes	44109d7de7	Issue #17134 : Finalize interface to Windows' certificate store. Cert and CRL enumeration are now two functions. enum_certificates() also returns purpose flags as set of OIDs.	12 years ago
Christian Heimes	1dbf61fa46	downcast len to int. The code has already checked that len < INT_MAX	12 years ago
Christian Heimes	18fc7be80d	lst might be NULL here CID 1130752: Dereference after null check (FORWARD_NULL)	12 years ago
Christian Heimes	225877917e	Issue #8813 : Add SSLContext.verify_flags to change the verification flags of the context in order to enable certification revocation list (CRL) checks or strict X509 rules.	12 years ago
Christian Heimes	949ec14209	Issue #19682 : Fix compatibility issue with old version of OpenSSL that was introduced by Issue #18379.	12 years ago
Christian Heimes	bd3a7f90b5	Issue #18379 : SSLSocket.getpeercert() returns CA issuer AIA fields, OCSP and CRL distribution points.	12 years ago
Christian Heimes	efff7060f8	Issue #18138 : Implement cadata argument of SSLContext.load_verify_location() to load CA certificates and CRL from memory. It supports PEM and DER encoded strings.	12 years ago
Christian Heimes	b08ff7dcb4	Safely downcast SOCKET_T to int in _ssl module	12 years ago
Christian Heimes	a6bc95aa02	Issue #19448 : Add private API to SSL module to lookup ASN.1 objects by OID, NID, short name and long name.	12 years ago
Victor Stinner	a9eb38f02a	Issue #19437 : Fix newPySSLSocket(), handle PyWeakref_NewRef() failure	12 years ago
Victor Stinner	ba9be477b0	Issue #19437 : Fix fill_and_set_sslerror() of _ssl, handle Py_BuildValue() failure Don't call PyObject_CallObject() with NULL parameters and an exception set.	12 years ago
Georg Brandl	ec3c103520	Issue #18709 : Fix CVE-2013-4238. The SSL module now handles NULL bytes inside subjectAltName correctly. Formerly the module has used OpenSSL's GENERAL_NAME_print() function to get the string represention of ASN.1 strings for ``rfc822Name`` (email), ``dNSName`` (DNS) and ``uniformResourceIdentifier`` (URI).	11 years ago
Christian Heimes	7e24617904	Issue #19227 / Issue #18747 : Remove pthread_atfork() handler to remove OpenSSL re-seeding It is causing trouble like e.g. hanging processes.	12 years ago
Christian Heimes	fb6b44e830	Issue #19227 / Issue #18747 : Remove pthread_atfork() handler to remove OpenSSL re-seeding It is causing trouble like e.g. hanging processes.	12 years ago
Georg Brandl	81be27d53e	Issue #19227 : Try to fix deadlocks caused by re-seeding then OpenSSL pseudo-random number generator on fork().	12 years ago
Antoine Pitrou	860aee75b8	Properly initialize all fields of a SSL object after allocation.	12 years ago
Antoine Pitrou	20b85557f2	Issue #19095 : SSLSocket.getpeercert() now raises ValueError when the SSL handshake hasn't been done.	12 years ago
Christian Heimes	60bf2fc25b	Issue #18709 : GCC 4.6 complains that 'v' may be used uninitialized in GEN_EMAIL/GEN_URI/GEN_DNS case	13 years ago
Victor Stinner	daf455554b	Issue #18571 : Implementation of the PEP 446: file descriptors and file handles are now created non-inheritable; add functions os.get/set_inheritable(), os.get/set_handle_inheritable() and socket.socket.get/set_inheritable().	13 years ago
Christian Heimes	61636e7105	Issue #18747 : Fix spelling errors in my commit message and comments, thanks to Vajrasky Kok for proof-reading.	13 years ago
Richard Oudkerk	cabbde9e1e	Fix compiler warning on Windows.	13 years ago
Christian Heimes	80c5de93f9	Issue #18747 : Use a parent atfork handler instead of a child atfork handler. fork() is suppose to be async-signal safe but the handler calls unsafe functions. A parent handler mitigates the issue.	13 years ago
Christian Heimes	f77b4b20e9	Issue #18747 : Re-seed OpenSSL's pseudo-random number generator after fork. A pthread_atfork() child handler is used to seeded the PRNG with pid, time and some stack data.	13 years ago

1 2 3 4 5

246 Commits (86fb46d439bb9f73658ccbd36cbbb20ead795617)