cpython

Commit Graph

Author	SHA1	Message	Date
Victor Stinner	1e81a399a2	Issue #20025 : ssl.RAND_bytes() and ssl.RAND_pseudo_bytes() now raise a ValueError if num is negative (instead of raising a SystemError).	13 years ago
Christian Heimes	7e24617904	Issue #19227 / Issue #18747 : Remove pthread_atfork() handler to remove OpenSSL re-seeding It is causing trouble like e.g. hanging processes.	13 years ago
Christian Heimes	fb6b44e830	Issue #19227 / Issue #18747 : Remove pthread_atfork() handler to remove OpenSSL re-seeding It is causing trouble like e.g. hanging processes.	13 years ago
Georg Brandl	81be27d53e	Issue #19227 : Try to fix deadlocks caused by re-seeding then OpenSSL pseudo-random number generator on fork().	13 years ago
Antoine Pitrou	860aee75b8	Properly initialize all fields of a SSL object after allocation.	13 years ago
Christian Heimes	60bf2fc25b	Issue #18709 : GCC 4.6 complains that 'v' may be used uninitialized in GEN_EMAIL/GEN_URI/GEN_DNS case	13 years ago
Christian Heimes	61636e7105	Issue #18747 : Fix spelling errors in my commit message and comments, thanks to Vajrasky Kok for proof-reading.	13 years ago
Christian Heimes	80c5de93f9	Issue #18747 : Use a parent atfork handler instead of a child atfork handler. fork() is suppose to be async-signal safe but the handler calls unsafe functions. A parent handler mitigates the issue.	13 years ago
Christian Heimes	f77b4b20e9	Issue #18747 : Re-seed OpenSSL's pseudo-random number generator after fork. A pthread_atfork() child handler is used to seeded the PRNG with pid, time and some stack data.	13 years ago
Christian Heimes	4d98ca9ff6	Issue #18777 : The ssl module now uses the new CRYPTO_THREADID API of OpenSSL 1.0.0+ instead of the deprecated CRYPTO id callback function.	13 years ago
Christian Heimes	3c2593b2bb	Issue 18768: Correct doc string of RAND_edg(). Patch by Vajrasky Kok.	13 years ago
Christian Heimes	474afdda60	Issue #18768 : coding style nitpick. Thanks to Vajrasky Kok	13 years ago
Ezio Melotti	85a8629d21	#18466 : fix more typos. Patch by Févry Thibault.	13 years ago
Christian Heimes	824f7f366d	Issue #18709 : Fix CVE-2013-4238. The SSL module now handles NULL bytes inside subjectAltName correctly. Formerly the module has used OpenSSL's GENERAL_NAME_print() function to get the string represention of ASN.1 strings for rfc822Name (email), dNSName (DNS) and uniformResourceIdentifier (URI).	13 years ago
Christian Heimes	5962bef8aa	Check return value of PyLong_FromLong(X509_get_version()). It might be NULL if X509_get_version() grows beyond our small int cache. CID 1058279	13 years ago
Victor Stinner	6efa965a27	Issue #18135 : ssl.SSLSocket.write() now raises an OverflowError if the input string in longer than 2 gigabytes, and ssl.SSLContext.load_cert_chain() raises a ValueError if the password is longer than 2 gigabytes. The ssl module does not support partial write.	13 years ago
Victor Stinner	9ee0203057	Issue #18135 : Fix a possible integer overflow in ssl.SSLSocket.write() and in ssl.SSLContext.load_cert_chain() for strings and passwords longer than 2 gigabytes.	13 years ago
Victor Stinner	4569cd5eab	_ssl.c: strip trailing spaces	13 years ago
Antoine Pitrou	457a2292ca	SSLContext.load_dh_params() now properly closes the input file.	14 years ago
Christian Heimes	5cb31c9277	Issue #15977 : Fix memory leak in Modules/_ssl.c when the function _set_npn_protocols() is called multiple times	14 years ago
Jesus Cea	c8754a13e6	Closes #15793 : Stack corruption in ssl.RAND_egd()	14 years ago
Christian Heimes	63b38bbd1d	Issue #15977 : Fix memory leak in Modules/_ssl.c when the function _set_npn_protocols() is called multiple times	14 years ago
Antoine Pitrou	6f430e4963	Issue #15604 : Update uses of PyObject_IsTrue() to check for and handle errors correctly. Patch by Serhiy Storchaka.	14 years ago
Antoine Pitrou	c5bef75c77	Issue #15604 : Update uses of PyObject_IsTrue() to check for and handle errors correctly. Patch by Serhiy Storchaka.	14 years ago
Antoine Pitrou	3b36fb1f53	Issue #14837 : SSL errors now have `library` and `reason` attributes describing precisely what happened and in which OpenSSL submodule. The str() of a SSLError is also enhanced accordingly. NOTE: this commit creates a reference leak. The leak seems tied to the use of PyType_FromSpec() to create the SSLError type. The leak is on the type object when it is instantiated: >>> e = ssl.SSLError() >>> sys.getrefcount(ssl.SSLError) 35 >>> e = ssl.SSLError() >>> sys.getrefcount(ssl.SSLError) 36 >>> e = ssl.SSLError() >>> sys.getrefcount(ssl.SSLError) 37	14 years ago
Antoine Pitrou	d5d17eb653	Issue #14204 : The ssl module now has support for the Next Protocol Negotiation extension, if available in the underlying OpenSSL library. Patch by Colin Marc.	14 years ago
Antoine Pitrou	c135fa424e	Fix last remaining build issues of _ssl under old OpenSSLs. Patch by Vinay.	14 years ago
Antoine Pitrou	a9bf2ac726	Try to really fix compilation failures of the _ssl module under very old OpenSSLs.	15 years ago
Antoine Pitrou	e9fccb360f	Fix compilation when SSL_OP_SINGLE_ECDH_USE isn't defined	15 years ago
Antoine Pitrou	dd7e071b23	Issue #13014 : Fix a possible reference leak in SSLSocket.getpeercert().	15 years ago
Antoine Pitrou	2f5a163dfc	Issue #13014 : Fix a possible reference leak in SSLSocket.getpeercert().	15 years ago
Antoine Pitrou	f2bf8a6ac5	Issue #13885 : CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure.	15 years ago
Antoine Pitrou	d358e0554b	Issue #13885 : CVE-2011-3389: the _ssl module would always disable the CBC IV attack countermeasure.	15 years ago
Antoine Pitrou	0e576f1f50	Issue #13626 : Add support for SSL Diffie-Hellman key exchange, through the SSLContext.load_dh_params() method and the ssl.OP_SINGLE_DH_USE option.	15 years ago
Antoine Pitrou	501da61671	Fix ssl module compilation if ECDH support was disabled in the OpenSSL build. (followup to issue #13627)	15 years ago
Antoine Pitrou	8abdb8abd8	Issue #13634 : Add support for querying and disabling SSL compression.	15 years ago
Antoine Pitrou	923df6f22a	Issue #13627 : Add support for SSL Elliptic Curve-based Diffie-Hellman key exchange, through the SSLContext.set_ecdh_curve() method and the ssl.OP_SINGLE_ECDH_USE option.	15 years ago
Antoine Pitrou	6db4944cc5	Issue #13635 : Add ssl.OP_CIPHER_SERVER_PREFERENCE, so that SSL servers choose the cipher based on their own preferences, rather than on the client's.	15 years ago
Antoine Pitrou	116d6b98bf	Issue #13458 : Fix a memory leak in the ssl module when decoding a certificate with a subjectAltName. Patch by Robert Xiao.	15 years ago
Antoine Pitrou	aa1c967f93	Issue #13458 : Fix a memory leak in the ssl module when decoding a certificate with a subjectAltName. Patch by Robert Xiao.	15 years ago
Antoine Pitrou	41032a69c1	Issue #11183 : Add finer-grained exceptions to the ssl module, so that you don't have to inspect the exception's attributes in the common case.	15 years ago
Antoine Pitrou	a0e0e23299	Add a docstring to SSLError	15 years ago
Antoine Pitrou	b7705b7792	Use PyExc_OSError directly instead of grabbing it from the socket module API	15 years ago
Antoine Pitrou	f06eb46918	Issue #13034 : When decoding some SSL certificates, the subjectAltName extension could be unreported.	15 years ago
Antoine Pitrou	d8c347a8de	Issue #13034 : When decoding some SSL certificates, the subjectAltName extension could be unreported.	15 years ago
Charles-François Natali	aa26b27503	Issue #12287 : Fix a stack corruption in ossaudiodev module when the FD is greater than FD_SETSIZE.	15 years ago
Charles-François Natali	fda7b379ac	Issue #12287 : Fix a stack corruption in ossaudiodev module when the FD is greater than FD_SETSIZE.	15 years ago
Antoine Pitrou	4fd1e6a3ba	Issue #12803 : SSLContext.load_cert_chain() now accepts a password argument to be used if the private key is encrypted. Patch by Adam Simpkins.	15 years ago
Antoine Pitrou	d649480739	Issue #12551 : Provide a get_channel_binding() method on SSL sockets so as to get channel binding data for the current SSL session (only the "tls-unique" channel binding is implemented). This allows the implementation of certain authentication mechanisms such as SCRAM-SHA-1-PLUS. Patch by Jacek Konieczny.	15 years ago
Antoine Pitrou	b9ac25d1c3	Issue #12440 : When testing whether some bits in SSLContext.options can be reset, check the version of the OpenSSL headers Python was compiled against, rather than the runtime version of the OpenSSL library.	15 years ago

1 2 3 4

166 Commits (fa10ae097855c5bf927414fce2cc12aee3cdcc98)