summaryrefslogtreecommitdiffstats
path: root/Doc/library/ssl.rst
Commit message (Collapse)AuthorAgeFilesLines
...
* bpo-31399: Let OpenSSL verify hostname and IP address (#3462)Christian Heimes2018-01-271-4/+40
| | | | | | | | | | | | | | | bpo-31399: Let OpenSSL verify hostname and IP The ssl module now uses OpenSSL's X509_VERIFY_PARAM_set1_host() and X509_VERIFY_PARAM_set1_ip() API to verify hostname and IP addresses. * Remove match_hostname calls * Check for libssl with set1_host, libssl must provide X509_VERIFY_PARAM_set1_host() * Add documentation for OpenSSL 1.0.2 requirement * Don't support OpenSSL special mode with a leading dot, e.g. ".example.org" matches "www.example.org". It's not standard conform. * Add hostname_checks_common_name Signed-off-by: Christian Heimes <christian@python.org>
* bpo-25910: Link redirections in docs (#1933)Sanyam Khurana2018-01-201-11/+10
| | | Fixes some redirection links in docs.
* trivial: link updates in documentation (#2765)jimmy2017-12-131-2/+2
|
* bpo-25910: Fixes redirection from http to https (#4674)Sanyam Khurana2017-12-061-1/+1
|
* bpo-23033: Improve SSL Certificate handling (GH-937)Mandeep Singh2017-11-261-0/+4
| | | | Wildcard is now supported in hostname when it is one and only character in the leftmost segment.
* bpo-31533: fix broken link to OpenSSL docs (#3674)Felipe2017-09-201-2/+2
|
* bpo-31431: SSLContext.check_hostname auto-sets CERT_REQUIRED (#3531)Christian Heimes2017-09-151-1/+11
| | | Signed-off-by: Christian Heimes <christian@python.org>
* bpo-31386: Custom wrap_bio and wrap_socket type (#3426)Christian Heimes2017-09-151-5/+31
| | | | | | | | | SSLSocket.wrap_bio() and SSLSocket.wrap_socket() hard-code SSLObject and SSLSocket as return types. In the light of future deprecation of ssl.wrap_socket() module function and direct instantiation of SSLSocket, it is desirable to make the return type of SSLSocket.wrap_bio() and SSLSocket.wrap_socket() customizable. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-28182: Expose OpenSSL verification results (#3412)Christian Heimes2017-09-081-1/+16
| | | | | | | | | The SSL module now raises SSLCertVerificationError when OpenSSL fails to verify the peer's certificate. The exception contains more information about the error. Original patch by Chi Hsuan Yen Signed-off-by: Christian Heimes <christian@python.org>
* bpo-29136: Add TLS 1.3 cipher suites and OP_NO_TLSv1_3 (#1363)Christian Heimes2017-09-081-2/+26
| | | | | | | | | | | | | | | | * bpo-29136: Add TLS 1.3 support TLS 1.3 introduces a new, distinct set of cipher suites. The TLS 1.3 cipher suites don't overlap with cipher suites from TLS 1.2 and earlier. Since Python sets its own set of permitted ciphers, TLS 1.3 handshake will fail as soon as OpenSSL 1.1.1 is released. Let's enable the common AES-GCM and ChaCha20 suites. Additionally the flag OP_NO_TLSv1_3 is added. It defaults to 0 (no op) with OpenSSL prior to 1.1.1. This allows applications to opt-out from TLS 1.3 now. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-21649: Add RFC 7525 and Mozilla server side TLS (#3387)Christian Heimes2017-09-061-0/+6
| | | Signed-off-by: Christian Heimes <christian@python.org>
* bpo-30714: ALPN changes for OpenSSL 1.1.0f (#2305)Christian Heimes2017-08-151-2/+3
| | | | | | | | | | OpenSSL 1.1.0 to 1.1.0e aborted the handshake when server and client could not agree on a protocol using ALPN. OpenSSL 1.1.0f changed that. The most recent version now behaves like OpenSSL 1.0.2 again. The ALPN callback can pretend to not been set. See https://github.com/openssl/openssl/pull/3158 for more details Signed-off-by: Christian Heimes <christian@python.org>
* remove extra word (#2101)Benjamin Peterson2017-06-111-2/+2
|
* clarify recv() and send() on SSLObject (#2100)Benjamin Peterson2017-06-111-2/+2
| | | SSLObject has recv() and send(), but they don't do any network io.
* bpo-19180: Updated references for RFC 1750, RFC 3280 & RFC 4366 (GH-148)Chandan Kumar2017-06-091-11/+8
| | | | | * RFC 1750 has been been obsoleted by RFC 4086. * RFC 3280 has been obsoleted by RFC 5280. * RFC 4366 has been obsoleted by RFC 6066.
* Clean up some confusing text left by PROTOCOL_SSLv23 -> PROTOCOL_TLS ↵Nathaniel J. Smith2017-05-021-3/+3
| | | | transition (#1355)
* bpo-27200: Fix pathlib, ssl, turtle and weakref doctests (GH-616)Marco Buttu2017-04-131-4/+11
|
* In SSL module version examples, don't use a legacy version. (#381)Alex Gaynor2017-03-021-4/+4
|
* Fixed a handful of typos (GH-343)Alex Gaynor2017-03-011-3/+3
|
* Fix usage of data directiveBerker Peksag2017-02-061-5/+5
|
* Issue #19795: Improved more markups of True/False.Serhiy Storchaka2016-10-191-1/+1
|\
| * Issue #19795: Improved more markups of True/False.Serhiy Storchaka2016-10-191-1/+1
| |
* | Issue #19795: Mark up None as literal text.Serhiy Storchaka2016-10-191-2/+2
|\ \ | |/
| * Issue #19795: Mark up None as literal text.Serhiy Storchaka2016-10-191-2/+2
| |
* | Explain why PROTOCOL_SSLv23 does not support SSLv2 and SSLv3 by default.Christian Heimes2016-09-131-1/+1
| |
* | Explain why PROTOCOL_SSLv23 does not support SSLv2 and SSLv3 by default.Christian Heimes2016-09-131-10/+14
| |
* | Update whatsnew with my contributionsChristian Heimes2016-09-111-3/+3
| |
* | Issue #28085: Add PROTOCOL_TLS_CLIENT and PROTOCOL_TLS_SERVER for SSLContextChristian Heimes2016-09-111-11/+30
| |
* | Issue #19500: Add client-side SSL session resumption to the ssl module.Christian Heimes2016-09-101-4/+47
| |
* | Issue #28022: Deprecate ssl-related arguments in favor of SSLContext.Christian Heimes2016-09-101-2/+11
| | | | | | | | | | | | | | The deprecation include manual creation of SSLSocket and certfile/keyfile (or similar) in ftplib, httplib, imaplib, smtplib, poplib and urllib. ssl.wrap_socket() is not marked as deprecated yet.
* | Issue 28043: SSLContext has improved default settingsChristian Heimes2016-09-101-1/+8
| | | | | | | | The options OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE, OP_SINGLE_ECDH_USE, OP_NO_SSLv2 (except for PROTOCOL_SSLv2), and OP_NO_SSLv3 (except for PROTOCOL_SSLv3) are set by default. The initial cipher suite list contains only HIGH ciphers, no NULL ciphers and MD5 ciphers (except for PROTOCOL_SSLv2).
* | Issue #28025: Convert all ssl module constants to IntEnum and IntFlags.Christian Heimes2016-09-091-0/+51
| |
* | Issues #27850 and #27766: Remove 3DES from ssl default cipher list and add ↵Christian Heimes2016-09-061-0/+6
|\ \ | |/ | | | | ChaCha20 Poly1305.
| * Issues #27850 and #27766: Remove 3DES from ssl default cipher list and add ↵Christian Heimes2016-09-061-0/+6
| | | | | | | | ChaCha20 Poly1305.
* | Issue #27866: Add SSLContext.get_ciphers() method to get a list of all ↵Christian Heimes2016-09-051-0/+56
| | | | | | | | enabled ciphers.
* | Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0.Christian Heimes2016-09-051-21/+87
|\ \ | |/
| * Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0.Christian Heimes2016-09-051-21/+81
|/
* Issue #22558: Add remaining doc links to source code for Python-coded modules.Terry Jan Reedy2016-06-111-2/+1
| | | | | Reformat header above separator line (added if missing) to a common format. Patch by Yoni Lavi.
* Issue #23921: Standardized documentation whitespace formatting.Serhiy Storchaka2016-05-101-1/+1
| | | | Original patch by James Edwards.
* Issue #26736: Used HTTPS for external links in the documentation if possible.Serhiy Storchaka2016-05-071-7/+7
|
* Issue #23804: Fix SSL recv/read(0) to not return 1024 bytesMartin Panter2016-03-281-1/+1
|
* Closes #25910: fix dead and permanently redirected links in the docs. Thanks ↵Georg Brandl2016-02-261-13/+13
| | | | to SilentGhost for the patch.
* Closes #26435: fix syntax in directives. Thanks to Jakub Stasiak.Georg Brandl2016-02-251-1/+1
|
* Fixed merging error in 3ebeeed1eb28.Serhiy Storchaka2015-11-061-2/+0
| | | | Thanks Марк Коренберг.
* Merge spelling fixes from 3.4 into 3.5Martin Panter2015-10-311-1/+1
|\
| * Fix some spelling errors in documentation and code commentsMartin Panter2015-10-311-1/+1
| |
* | Issue #24232: Fix typos. Patch by Ville Skyttä.Berker Peksag2015-05-181-1/+1
|\ \ | |/
| * Issue #24232: Fix typos. Patch by Ville Skyttä.Berker Peksag2015-05-181-1/+1
| |
* | Fix duplicate doc entry for SSLContext.get_ca_certs()Antoine Pitrou2015-04-131-12/+4
|\ \ | |/ | | | | (closes #18147)
| * Fix duplicate doc entry for SSLContext.get_ca_certs()Antoine Pitrou2015-04-131-12/+4
| | | | | | | | (closes #18147)
generated by cgit v0.12 at 2025-04-17 18:41:40 (GMT)