cpython

Commit Graph

Author	SHA1	Message	Date
Benjamin Peterson	990fcaac3c	expose X509_V_FLAG_TRUSTED_FIRST	11 years ago
Benjamin Peterson	fdb1971587	enable X509_V_FLAG_TRUSTED_FIRST when possible (closes #23476 )	11 years ago
Antoine Pitrou	f7f3b0a14a	Issue #23576 : Avoid stalling in SSL reads when EOF has been reached in the SSL layer but the underlying connection hasn't been closed.	11 years ago
Serhiy Storchaka	1a1ff29659	Issue #23446 : Use PyMem_New instead of PyMem_Malloc to avoid possible integer overflows. Added few missed PyErr_NoMemory().	11 years ago
Benjamin Peterson	c54de47759	ifdef our way to compatibility with old openssl (closes #23335 )	11 years ago
Benjamin Peterson	07f0515667	disable ALPN on LibreSSL, which has a large version number, but not ALPN support (closes #23329 )	11 years ago
Benjamin Peterson	8861502e07	prefer server alpn ordering over the client's	11 years ago
Benjamin Peterson	cca2732a82	add support for ALPN (closes #20188 )	11 years ago
Benjamin Peterson	baf7c1e546	use SSL_get_session	11 years ago
Benjamin Peterson	4cb17812d9	expose the client's cipher suites from the handshake (closes #23186 )	11 years ago
Victor Stinner	fcfed19913	Issue #21356 : Make ssl.RAND_egd() optional to support LibreSSL. The availability of the function is checked during the compilation. Patch written by Bernard Spil.	11 years ago
Antoine Pitrou	5e8430d02c	Issue #23143 : Remove compatibility with OpenSSLs older than 0.9.8. (the last 0.9.7 release was in 2007)	11 years ago
Benjamin Peterson	e32467cf6a	allow ssl module to compile if openssl doesn't support SSL 3 (closes #22935 ) Patch by Kurt Roeckx.	11 years ago
Benjamin Peterson	7243b574e5	don't require OpenSSL SNI to pass hostname to ssl functions (#22921 ) Patch by Donald Stufft.	11 years ago
Victor Stinner	beeb512fe1	Issue #21356 : Make ssl.RAND_egd() optional to support LibreSSL. The availability of the function is checked during the compilation. Patch written by Bernard Spil.	11 years ago
Antoine Pitrou	b1fdf47ff5	Issue #21965 : Add support for in-memory SSL to the ssl module. Patch by Geert Jansen.	11 years ago
Antoine Pitrou	47e40429fb	Issue #20421 : Add a .version() method to SSL sockets exposing the actual protocol version in use.	12 years ago
Victor Stinner	cd75298611	Issue #21781 , _ssl: Fix asn1obj2py() on Windows 64-bit, "s#" format requires size to be a Py_ssize_t, not an int. _ssl.c is now "Py_ssize_t clean".	12 years ago
Victor Stinner	2e57b4e488	Issue #21781 : Make the ssl module "ssize_t clean" for parsing parameters. ssl.RAND_add() now supports strings longer than 2 GB.	12 years ago
Victor Stinner	45e8e2f218	Issue #21490 : Add new C macros: Py_ABS() and Py_STRINGIFY() Keep _Py_STRINGIZE() in PC/pyconfig.h to not introduce a dependency between pyconfig.h and pymacros.h.	12 years ago
Antoine Pitrou	0bebbc33fa	Issue #21015 : SSL contexts will now automatically select an elliptic curve for ECDH key exchange on OpenSSL 1.0.2 and later, and otherwise default to "prime256v1". (should also fix a buildbot failure introduced by #20995)	12 years ago
Gregory P. Smith	f34890937b	avoid a compiler warning about assigning const char * to char *.	12 years ago
Antoine Pitrou	2f7c31678a	Remove conditional: it is useless at this point (OpenSSL headers are not yet included)	12 years ago
Antoine Pitrou	cd3d7cabef	Issue #20207 : Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly asked for.	12 years ago
Victor Stinner	1e81a399a2	Issue #20025 : ssl.RAND_bytes() and ssl.RAND_pseudo_bytes() now raise a ValueError if num is negative (instead of raising a SystemError).	12 years ago
Christian Heimes	1aa9a75fbf	Issue #19509 : Add SSLContext.check_hostname to match the peer's certificate with server_hostname on handshake.	12 years ago
Christian Heimes	470fba1f9f	SNI was added in OpenSSL 0.9.8f [11 Oct 2007], too	12 years ago
Christian Heimes	2427b50fdd	Issue #8813 : X509_VERIFY_PARAM is only available on OpenSSL 0.9.8+ The patch removes the verify_flags feature on Mac OS X 10.4 with OpenSSL 0.9.7l 28 Sep 2006.	12 years ago
Christian Heimes	5398e1a56e	Issue #19448 : report name / NID in exception message of ASN1Object	12 years ago
Christian Heimes	f22e8e5426	Issue #18147 : Add missing documentation for SSLContext.get_ca_certs(). Also change the argument name to the same name as getpeercert()	12 years ago
Christian Heimes	44109d7de7	Issue #17134 : Finalize interface to Windows' certificate store. Cert and CRL enumeration are now two functions. enum_certificates() also returns purpose flags as set of OIDs.	12 years ago
Christian Heimes	1dbf61fa46	downcast len to int. The code has already checked that len < INT_MAX	12 years ago
Christian Heimes	18fc7be80d	lst might be NULL here CID 1130752: Dereference after null check (FORWARD_NULL)	12 years ago
Christian Heimes	225877917e	Issue #8813 : Add SSLContext.verify_flags to change the verification flags of the context in order to enable certification revocation list (CRL) checks or strict X509 rules.	12 years ago
Christian Heimes	949ec14209	Issue #19682 : Fix compatibility issue with old version of OpenSSL that was introduced by Issue #18379.	12 years ago
Christian Heimes	bd3a7f90b5	Issue #18379 : SSLSocket.getpeercert() returns CA issuer AIA fields, OCSP and CRL distribution points.	12 years ago
Christian Heimes	efff7060f8	Issue #18138 : Implement cadata argument of SSLContext.load_verify_location() to load CA certificates and CRL from memory. It supports PEM and DER encoded strings.	12 years ago
Christian Heimes	b08ff7dcb4	Safely downcast SOCKET_T to int in _ssl module	12 years ago
Christian Heimes	a6bc95aa02	Issue #19448 : Add private API to SSL module to lookup ASN.1 objects by OID, NID, short name and long name.	12 years ago
Victor Stinner	a9eb38f02a	Issue #19437 : Fix newPySSLSocket(), handle PyWeakref_NewRef() failure	12 years ago
Victor Stinner	ba9be477b0	Issue #19437 : Fix fill_and_set_sslerror() of _ssl, handle Py_BuildValue() failure Don't call PyObject_CallObject() with NULL parameters and an exception set.	12 years ago
Georg Brandl	ec3c103520	Issue #18709 : Fix CVE-2013-4238. The SSL module now handles NULL bytes inside subjectAltName correctly. Formerly the module has used OpenSSL's GENERAL_NAME_print() function to get the string represention of ASN.1 strings for ``rfc822Name`` (email), ``dNSName`` (DNS) and ``uniformResourceIdentifier`` (URI).	11 years ago
Christian Heimes	7e24617904	Issue #19227 / Issue #18747 : Remove pthread_atfork() handler to remove OpenSSL re-seeding It is causing trouble like e.g. hanging processes.	12 years ago
Christian Heimes	fb6b44e830	Issue #19227 / Issue #18747 : Remove pthread_atfork() handler to remove OpenSSL re-seeding It is causing trouble like e.g. hanging processes.	12 years ago
Georg Brandl	81be27d53e	Issue #19227 : Try to fix deadlocks caused by re-seeding then OpenSSL pseudo-random number generator on fork().	12 years ago
Antoine Pitrou	860aee75b8	Properly initialize all fields of a SSL object after allocation.	12 years ago
Antoine Pitrou	20b85557f2	Issue #19095 : SSLSocket.getpeercert() now raises ValueError when the SSL handshake hasn't been done.	12 years ago
Christian Heimes	60bf2fc25b	Issue #18709 : GCC 4.6 complains that 'v' may be used uninitialized in GEN_EMAIL/GEN_URI/GEN_DNS case	13 years ago
Victor Stinner	daf455554b	Issue #18571 : Implementation of the PEP 446: file descriptors and file handles are now created non-inheritable; add functions os.get/set_inheritable(), os.get/set_handle_inheritable() and socket.socket.get/set_inheritable().	13 years ago
Christian Heimes	61636e7105	Issue #18747 : Fix spelling errors in my commit message and comments, thanks to Vajrasky Kok for proof-reading.	13 years ago

1 2 3 4 5 ...

257 Commits (c2ccce791ccbe35bee0edea2dedabb0fc7ea5906)