cpython.git - https://github.com/python/cpython.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	bpo-23033: Improve SSL Certificate handling (GH-937)	Mandeep Singh	2017-11-26	1	-2/+7
\| \| \| \|	Wildcard is now supported in hostname when it is one and only character in the leftmost segment.
*	bpo-31659: Use simple slicing to format PEM cert (GH-3849)	INADA Naoki	2017-10-02	1	-4/+4
\| \| \| \| \| \| \|	DER_cert_to_PEM_cert() used textwrap.fill() to format PEM. But it's library to wrap lines on word boundary, while PEM is base64 encoded string. Additionally, importing textwrap is little slow.
*	bpo-31346: Use PROTOCOL_TLS_CLIENT/SERVER (#3058)	Christian Heimes	2017-09-15	1	-2/+5
\| \| \| \| \| \|	Replaces PROTOCOL_TLSv* and PROTOCOL_SSLv23 with PROTOCOL_TLS_CLIENT and PROTOCOL_TLS_SERVER. Signed-off-by: Christian Heimes <christian@python.org>
*	bpo-31386: Custom wrap_bio and wrap_socket type (#3426)	Christian Heimes	2017-09-15	1	-8/+18
\| \| \| \| \| \| \| \| \|	SSLSocket.wrap_bio() and SSLSocket.wrap_socket() hard-code SSLObject and SSLSocket as return types. In the light of future deprecation of ssl.wrap_socket() module function and direct instantiation of SSLSocket, it is desirable to make the return type of SSLSocket.wrap_bio() and SSLSocket.wrap_socket() customizable. Signed-off-by: Christian Heimes <christian@python.org>
*	bpo-28182: Expose OpenSSL verification results (#3412)	Christian Heimes	2017-09-08	1	-1/+1
\| \| \| \| \| \| \| \| \|	The SSL module now raises SSLCertVerificationError when OpenSSL fails to verify the peer's certificate. The exception contains more information about the error. Original patch by Chi Hsuan Yen Signed-off-by: Christian Heimes <christian@python.org>
*	bpo-29136: Add TLS 1.3 cipher suites and OP_NO_TLSv1_3 (#1363)	Christian Heimes	2017-09-08	1	-1/+7
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* bpo-29136: Add TLS 1.3 support TLS 1.3 introduces a new, distinct set of cipher suites. The TLS 1.3 cipher suites don't overlap with cipher suites from TLS 1.2 and earlier. Since Python sets its own set of permitted ciphers, TLS 1.3 handshake will fail as soon as OpenSSL 1.1.1 is released. Let's enable the common AES-GCM and ChaCha20 suites. Additionally the flag OP_NO_TLSv1_3 is added. It defaults to 0 (no op) with OpenSSL prior to 1.1.1. This allows applications to opt-out from TLS 1.3 now. Signed-off-by: Christian Heimes <christian@python.org>
*	bpo-27340: Use memoryview in SSLSocket.sendall() (#3384)	Christian Heimes	2017-09-07	1	-4/+5
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	* bpo-27340: Use memoryview in SSLSocket.sendall() SSLSocket.sendall() now uses memoryview to create slices of data. This fix support for all bytes-like object. It is also more efficient and avoids costly copies. Signed-off-by: Christian Heimes <christian@python.org> * Cast view to bytes, fix typo Signed-off-by: Christian Heimes <christian@python.org>
*	Issue #28085: Add PROTOCOL_TLS_CLIENT and PROTOCOL_TLS_SERVER for SSLContext	Christian Heimes	2016-09-11	1	-0/+2
\|
*	Issue #19500: Add client-side SSL session resumption to the ssl module.	Christian Heimes	2016-09-10	1	-12/+53
\|
*	Issue #28022: Deprecate ssl-related arguments in favor of SSLContext.	Christian Heimes	2016-09-10	1	-1/+0
\| \| \| \| \| \| \|	The deprecation include manual creation of SSLSocket and certfile/keyfile (or similar) in ftplib, httplib, imaplib, smtplib, poplib and urllib. ssl.wrap_socket() is not marked as deprecated yet.
*	Issue 28043: SSLContext has improved default settings	Christian Heimes	2016-09-10	1	-24/+6
\| \| \| \|	The options OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE, OP_SINGLE_ECDH_USE, OP_NO_SSLv2 (except for PROTOCOL_SSLv2), and OP_NO_SSLv3 (except for PROTOCOL_SSLv3) are set by default. The initial cipher suite list contains only HIGH ciphers, no NULL ciphers and MD5 ciphers (except for PROTOCOL_SSLv2).
*	Issue #28025: Convert all ssl module constants to IntEnum and IntFlags.	Christian Heimes	2016-09-09	1	-19/+61
\|
*	Issues #27850 and #27766: Remove 3DES from ssl default cipher list and add ↵	Christian Heimes	2016-09-06	1	-15/+21
\|\ \| \| \| \| \| \|	ChaCha20 Poly1305.
\| *	Issues #27850 and #27766: Remove 3DES from ssl default cipher list and add ↵	Christian Heimes	2016-09-06	1	-15/+21
\| \| \| \| \| \| \| \|	ChaCha20 Poly1305.
* \|	Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0.	Christian Heimes	2016-09-05	1	-8/+10
\|\ \ \| \|/
\| *	Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0.	Christian Heimes	2016-09-05	1	-8/+10
\| \|
* \|	Issue #27114: Fix SSLContext._load_windows_store_certs fails with ↵	Steve Dower	2016-05-26	1	-5/+9
\|\ \ \| \|/ \| \| \| \|	PermissionError
\| *	Issue #27114: Fix SSLContext._load_windows_store_certs fails with ↵	Steve Dower	2016-05-26	1	-5/+9
\| \| \| \| \| \| \| \|	PermissionError
* \|	Issue #25951: Fix SSLSocket.sendall() to return None, by Aviv Palivoda	Martin Panter	2016-04-03	1	-1/+0
\|/
*	Issue #23804: Fix SSL recv/read(0) to not return 1024 bytes	Martin Panter	2016-03-28	1	-3/+3
\|
*	Issue #26313: ssl.py _load_windows_store_certs fails if windows cert store ↵	Steve Dower	2016-03-17	1	-1/+2
\| \| \| \|	is empty. Patch by Baji.
*	issue23673	Ethan Furman	2015-03-19	1	-4/+4
\| \| \| \| \| \| \| \| \|	add private method to enum to support replacing global constants with Enum members: - search for candidate constants via supplied filter - create new enum class and members - insert enum class and replace constants with members via supplied module name - replace __reduce_ex__ with function that returns member name, so previous Python versions can unpickle modify IntEnum classes to use new method
*	merge 3.4	Benjamin Peterson	2015-03-05	1	-2/+1
\|\
\| *	use _import_symbols to import VERIFY_* constants	Benjamin Peterson	2015-03-05	1	-2/+1
\| \|
* \|	merge 3.4 (#23481)	Benjamin Peterson	2015-02-19	1	-4/+2
\|\ \ \| \|/
\| *	remove rc4 from the default client ciphers (closes #23481)	Benjamin Peterson	2015-02-19	1	-4/+2
\| \|
\| *	Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The	Victor Stinner	2015-01-06	1	-1/+6
\| \| \| \| \| \| \| \| \| \|	availability of the function is checked during the compilation. Patch written by Bernard Spil.
\| *	Issue #20896, #22935: The ssl.get_server_certificate() function now uses the	Victor Stinner	2015-01-06	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \|	ssl.PROTOCOL_SSLv23 protocol by default, not ssl.PROTOCOL_SSLv3, for maximum compatibility and support platforms where ssl.PROTOCOL_SSLv3 support is disabled.
\| *	Issue #22935: Fix ssl module when SSLv3 protocol is not supported	Victor Stinner	2014-12-12	1	-6/+2
\| \|
* \|	Issue #23239: ssl.match_hostname() now supports matching of IP addresses.	Antoine Pitrou	2015-02-15	1	-1/+22
\| \|
* \|	add support for ALPN (closes #20188)	Benjamin Peterson	2015-01-23	1	-1/+26
\| \|
* \|	remove extra definite article	Benjamin Peterson	2015-01-11	1	-2/+2
\| \|
* \|	explain None can be returned	Benjamin Peterson	2015-01-07	1	-1/+3
\| \|
* \|	expose the client's cipher suites from the handshake (closes #23186)	Benjamin Peterson	2015-01-07	1	-0/+10
\| \|
* \|	Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The	Victor Stinner	2014-11-28	1	-1/+6
\| \| \| \| \| \| \| \| \| \| \| \|	availability of the function is checked during the compilation. Patch written by Bernard Spil.
* \|	merge 3.4 (#22921)	Benjamin Peterson	2014-11-23	1	-6/+1
\|\ \ \| \|/
\| *	don't require OpenSSL SNI to pass hostname to ssl functions (#22921)	Benjamin Peterson	2014-11-23	1	-6/+1
\| \| \| \| \| \| \| \|	Patch by Donald Stufft.
\| *	Issue #22638: SSLv3 is now disabled throughout the standard library.	Antoine Pitrou	2014-10-17	1	-0/+3
\| \| \| \| \| \| \| \|	It can still be enabled by instantiating a SSLContext manually.
* \|	merge 3.4 (#22417)	Benjamin Peterson	2014-11-03	1	-2/+8
\|\ \ \| \|/
\| *	PEP 476: enable HTTPS certificate verification by default (#22417)	Benjamin Peterson	2014-11-03	1	-2/+9
\| \| \| \| \| \| \| \|	Patch by Alex Gaynor with some modifications by me.
* \|	Issue #22186: Fix typos in Lib/.	Berker Peksag	2014-10-19	1	-1/+1
\|\ \ \| \|/ \| \| \| \|	Patch by Févry Thibault.
\| *	Issue #22186: Fix typos in Lib/.	Berker Peksag	2014-10-19	1	-1/+1
\| \| \| \| \| \| \| \|	Patch by Févry Thibault.
* \|	Issue #22638: SSLv3 is now disabled throughout the standard library.	Antoine Pitrou	2014-10-17	1	-0/+3
\| \| \| \| \| \| \| \|	It can still be enabled by instantiating a SSLContext manually.
* \|	Remove unused "block" argument in SSLObject.do_handshake() (issue #21965)	Antoine Pitrou	2014-10-05	1	-1/+1
\| \|
* \|	Issue #21965: Add support for in-memory SSL to the ssl module.	Antoine Pitrou	2014-10-05	1	-24/+139
\| \| \| \| \| \| \| \|	Patch by Geert Jansen.
* \|	merge 3.4 (#22449)	Benjamin Peterson	2014-10-03	1	-2/+1
\|\ \ \| \|/
\| *	also use openssl envvars to find certs on windows (closes #22449)	Benjamin Peterson	2014-10-03	1	-2/+1
\| \| \| \| \| \| \| \|	Patch by Christian Heimes and Alex Gaynor.
* \|	Issue #20421: Add a .version() method to SSL sockets exposing the actual ↵	Antoine Pitrou	2014-09-04	1	-0/+9
\| \| \| \| \| \| \| \|	protocol version in use.
* \|	fix issue #17552: add socket.sendfile() method allowing to send a file over ↵	Giampaolo Rodola'	2014-06-11	1	-0/+10
\| \| \| \| \| \| \| \|	a socket by using high-performance os.sendfile() on UNIX. Patch by Giampaolo Rodola'·
* \|	Issue #20951: SSLSocket.send() now raises either SSLWantReadError or ↵	Antoine Pitrou	2014-04-29	1	-11/+1
\| \| \| \| \| \| \| \| \| \| \| \|	SSLWantWriteError on a non-blocking socket if the operation would block. Previously, it would return 0. Patch by Nikolaus Rath.