summaryrefslogtreecommitdiffstats
path: root/Lib/ssl.py
Commit message (Collapse)AuthorAgeFilesLines
* [2.7] bpo-29136: Add TLS 1.3 cipher suites and OP_NO_TLSv1_3 (GH-1363) (#3446)Christian Heimes2017-09-081-1/+7
| | | | | | | | | | | | | | | | * bpo-29136: Add TLS 1.3 support TLS 1.3 introduces a new, distinct set of cipher suites. The TLS 1.3 cipher suites don't overlap with cipher suites from TLS 1.2 and earlier. Since Python sets its own set of permitted ciphers, TLS 1.3 handshake will fail as soon as OpenSSL 1.1.1 is released. Let's enable the common AES-GCM and ChaCha20 suites. Additionally the flag OP_NO_TLSv1_3 is added. It defaults to 0 (no op) with OpenSSL prior to 1.1.1. This allows applications to opt-out from TLS 1.3 now. Signed-off-by: Christian Heimes <christian@python.org>. (cherry picked from commit cb5b68abdeb1b1d56c581d5b4d647018703d61e3)
* Issues #27850 and #27766: Remove 3DES from ssl default cipher list and add ↵Christian Heimes2016-09-061-15/+21
| | | | ChaCha20 Poly1305.
* Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0.Christian Heimes2016-09-051-6/+10
|
* Issue #27114: Fix SSLContext._load_windows_store_certs fails with ↵Steve Dower2016-05-261-5/+9
| | | | PermissionError
* Issue #23804: Fix SSL recv/read(0) to not return 1024 bytesMartin Panter2016-03-281-2/+2
|
* Issue #23857: Implement PEP 493Nick Coghlan2016-03-201-4/+21
| | | | | | Adds a Python-2-only ssl module API and environment variable to configure the default handling of SSL/TLS certificates for HTTPS connections.
* Issue #26313: ssl.py _load_windows_store_certs fails if windows cert store ↵Steve Dower2016-03-171-1/+2
| | | | is empty. Patch by Baji.
* use _import_symbols to import VERIFY_* constantsBenjamin Peterson2015-03-051-2/+1
|
* remove rc4 from the default client ciphers (closes #23481)Benjamin Peterson2015-02-191-4/+2
|
* pep 466 backport of alpn (#20188)Benjamin Peterson2015-01-231-1/+19
|
* Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. TheVictor Stinner2015-01-061-1/+6
| | | | | availability of the function is checked during the compilation. Patch written by Bernard Spil.
* pep 476: verify certificates by default (#22417)Benjamin Peterson2014-11-241-2/+9
|
* allow hostname to be passed to SSLContext even if OpenSSL doesn't support ↵Benjamin Peterson2014-11-241-6/+1
| | | | | | SNI (closes #22921) Patch from Donald Stufft.
* initialize _makefile_refs earlier so things don't blow up when close() is ↵Benjamin Peterson2014-11-231-1/+1
| | | | called in the constructor
* Backport disabling of SSLv3 in ssl._create_stdlib_context() (issue #22638).Antoine Pitrou2014-10-171-0/+3
| | | | The backport currently doesn't achieve anything since the function isn't used (yet).
* also use openssl envvars to find certs on windows (closes #22449)Benjamin Peterson2014-10-031-2/+1
| | | | Patch by Christian Heimes and Alex Gaynor.
* fix sslwrap_simple (closes #22523)Benjamin Peterson2014-10-021-4/+4
| | | | Thanks Alex Gaynor.
* Issue #20421: Add a .version() method to SSL sockets exposing the actual ↵Alex Gaynor2014-09-041-0/+9
| | | | | | protocol version in use. Backport from default.
* backport many ssl features from Python 3 (closes #21308)Benjamin Peterson2014-08-201-145/+643
| | | | | A contribution of Alex Gaynor and David Reid with the generous support of Rackspace. May God have mercy on their souls.
* Issue #19422: Explicitly disallow non-SOCK_STREAM sockets in the ssl module, ↵Antoine Pitrou2013-12-281-0/+5
| | | | rather than silently let them emit clear text data.
* Issue #17918: When using SSLSocket.accept(), if the SSL handshake failed on ↵Antoine Pitrou2013-05-061-11/+15
| | | | | | the new socket, the socket would linger indefinitely. Thanks to Peter Saveliev for reporting.
* Backport Python 3.2 fix for issue #12065, and add another test for ↵Antoine Pitrou2012-12-281-9/+11
| | | | SSLSocket.connect_ex().
* Issue #13636: Weak ciphers are now disabled by default in the ssl moduleAntoine Pitrou2012-01-031-1/+10
| | | | (except when SSLv2 is explicitly asked for).
* (Merge 3.1) Issue #12012: ssl.PROTOCOL_SSLv2 becomes optionalVictor Stinner2011-05-091-11/+13
| | | | | | | OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2 protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid. Optimize also ssl.get_protocol_name(): speed does matter!
* Merged revisions 88664 via svnmerge fromAntoine Pitrou2011-02-261-9/+26
| | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r88664 | antoine.pitrou | 2011-02-27 00:24:06 +0100 (dim., 27 févr. 2011) | 4 lines Issue #11326: Add the missing connect_ex() implementation for SSL sockets, and make it work for non-blocking connects. ........
* Issue #9729: Fix the signature of SSLSocket.recvfrom() andAntoine Pitrou2010-09-141-8/+10
| | | | | | | | | SSLSocket.sendto() to match the corresponding socket methods. Also, fix various SSLSocket methods to raise socket.error rather than an unhelpful TypeError when called on an unconnected socket. Original patch by Andrew Bennetts. NOTE: obviously, these methods are untested and unused in the real world...
* Issue #8086: In :func:`ssl.DER_cert_to_PEM_cert()`, fix missing newlineAntoine Pitrou2010-04-271-1/+1
| | | | before the certificate footer. Patch by Kyle VanderBeek.
* When calling getpeername() in SSLSocket.__init__, only silence exceptionsAntoine Pitrou2010-04-261-1/+4
| | | | caused by the "socket not connected" condition.
* Issue #5103: SSL handshake would ignore the socket timeout and blockAntoine Pitrou2010-04-241-6/+1
| | | | indefinitely if the other end didn't respond.
* Issue #5238: Calling makefile() on an SSL object would prevent theAntoine Pitrou2010-04-231-1/+3
| | | | underlying socket from being closed until all objects get truely destroyed.
* Issue #7943: Fix circular reference created when instantiating an SSLAntoine Pitrou2010-04-231-8/+9
| | | | socket. Initial patch by Péter Szabó.
* Issue #8322: Add a *ciphers* argument to SSL sockets, so as to change theAntoine Pitrou2010-04-171-5/+9
| | | | available cipher list. Helps fix test_ssl with OpenSSL 1.0.0.
* Issue #8321: Give access to OpenSSL version numbers from the `ssl` module,Antoine Pitrou2010-04-051-0/+1
| | | | | using the new attributes `ssl.OPENSSL_VERSION`, `ssl.OPENSSL_VERSION_INFO` and `ssl.OPENSSL_VERSION_NUMBER`.
* Issue #3890: Fix recv() and recv_into() on non-blocking SSL sockets.Antoine Pitrou2010-03-211-20/+6
|
* #7730: remove spaces after functions namesEzio Melotti2010-01-181-17/+17
|
* fix name collision issuesBenjamin Peterson2008-12-311-3/+3
|
* #4788 qualify some bare except clausesBenjamin Peterson2008-12-311-2/+2
|
* fix for release blocker 3910, 2.6 regression in socket.ssl methodBill Janssen2008-09-291-2/+13
|
* incorporate fixes from issue 3162; SSL doc patchBill Janssen2008-09-081-5/+39
|
* remove duplicate close() from ssl.py; expose unwrap and add test for itBill Janssen2008-08-121-4/+8
|
* various SSL fixes; issues 1251, 3162, 3212Bill Janssen2008-06-281-256/+105
|
* Patch #2167 from calvin: Remove unused importsChristian Heimes2008-02-231-1/+1
|
* Add support for asyncore server-side SSL support. This requiresBill Janssen2007-09-161-25/+311
| | | | | | | | | | | | | | | adding the 'makefile' method to ssl.SSLSocket, and importing the requisite fakefile class from socket.py, and making the appropriate changes to it to make it use the SSL connection. Added sample HTTPS server to test_ssl.py, and test that uses it. Change SSL tests to use https://svn.python.org/, instead of www.sf.net and pop.gmail.com. Added utility function to ssl module, get_server_certificate, to wrap up the several things to be done to pull a certificate from a remote server.
* More work on SSL support.Bill Janssen2007-09-101-10/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Much expanded test suite: All protocols tested against all other protocols. All protocols tested with all certificate options. Tests for bad key and bad cert. Test of STARTTLS functionality. Test of RAND_* functions. * Fixes for threading/malloc bug. * Issue 1065 fixed: sslsocket class renamed to SSLSocket. sslerror class renamed to SSLError. Function "wrap_socket" now used to wrap an existing socket. * Issue 1583946 finally fixed: Support for subjectAltName added. Subject name now returned as proper DN list of RDNs. * SSLError exported from socket as "sslerror". * RAND_* functions properly exported from ssl.py. * Documentation improved: Example of how to create a self-signed certificate. Better indexing.
* Added docstrings to methods and functions.Bill Janssen2007-08-301-0/+36
|
* This contains a number of things:Bill Janssen2007-08-291-125/+74
| | | | | | | | | | | | | | | | 1) Improve the documentation of the SSL module, with a fuller explanation of certificate usage, another reference, proper formatting of this and that. 2) Fix Windows bug in ssl.py, and general bug in sslsocket.close(). Remove some unused code from ssl.py. Allow accept() to be called on sslsocket sockets. 3) Use try-except-else in import of ssl in socket.py. Deprecate use of socket.ssl(). 4) Remove use of socket.ssl() in every library module, except for test_socket_ssl.py and test_ssl.py.
* Bill Janssen wrote:Guido van Rossum2007-08-261-4/+5
| | | | | Here's a patch which makes test_ssl a better player in the buildbots environment. I deep-ended on "try-except-else" clauses.
* Server-side SSL and certificate validation, by Bill Janssen.Guido van Rossum2007-08-251-0/+252
While cleaning up Bill's C style, I may have cleaned up some code he didn't touch as well (in _ssl.c).
generated by cgit v0.12 at 2025-04-30 02:46:49 (GMT)