Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | issue23673 | Ethan Furman | 2015-03-19 | 1 | -4/+4 |
| | | | | | | | | | add private method to enum to support replacing global constants with Enum members: - search for candidate constants via supplied filter - create new enum class and members - insert enum class and replace constants with members via supplied module name - replace __reduce_ex__ with function that returns member name, so previous Python versions can unpickle modify IntEnum classes to use new method | ||||
* | merge 3.4 | Benjamin Peterson | 2015-03-05 | 1 | -2/+1 |
|\ | |||||
| * | use _import_symbols to import VERIFY_* constants | Benjamin Peterson | 2015-03-05 | 1 | -2/+1 |
| | | |||||
* | | merge 3.4 (#23481) | Benjamin Peterson | 2015-02-19 | 1 | -4/+2 |
|\ \ | |/ | |||||
| * | remove rc4 from the default client ciphers (closes #23481) | Benjamin Peterson | 2015-02-19 | 1 | -4/+2 |
| | | |||||
| * | Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The | Victor Stinner | 2015-01-06 | 1 | -1/+6 |
| | | | | | | | | | | availability of the function is checked during the compilation. Patch written by Bernard Spil. | ||||
| * | Issue #20896, #22935: The ssl.get_server_certificate() function now uses the | Victor Stinner | 2015-01-06 | 1 | -1/+1 |
| | | | | | | | | | | | | ssl.PROTOCOL_SSLv23 protocol by default, not ssl.PROTOCOL_SSLv3, for maximum compatibility and support platforms where ssl.PROTOCOL_SSLv3 support is disabled. | ||||
| * | Issue #22935: Fix ssl module when SSLv3 protocol is not supported | Victor Stinner | 2014-12-12 | 1 | -6/+2 |
| | | |||||
* | | Issue #23239: ssl.match_hostname() now supports matching of IP addresses. | Antoine Pitrou | 2015-02-15 | 1 | -1/+22 |
| | | |||||
* | | add support for ALPN (closes #20188) | Benjamin Peterson | 2015-01-23 | 1 | -1/+26 |
| | | |||||
* | | remove extra definite article | Benjamin Peterson | 2015-01-11 | 1 | -2/+2 |
| | | |||||
* | | explain None can be returned | Benjamin Peterson | 2015-01-07 | 1 | -1/+3 |
| | | |||||
* | | expose the client's cipher suites from the handshake (closes #23186) | Benjamin Peterson | 2015-01-07 | 1 | -0/+10 |
| | | |||||
* | | Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The | Victor Stinner | 2014-11-28 | 1 | -1/+6 |
| | | | | | | | | | | | | availability of the function is checked during the compilation. Patch written by Bernard Spil. | ||||
* | | merge 3.4 (#22921) | Benjamin Peterson | 2014-11-23 | 1 | -6/+1 |
|\ \ | |/ | |||||
| * | don't require OpenSSL SNI to pass hostname to ssl functions (#22921) | Benjamin Peterson | 2014-11-23 | 1 | -6/+1 |
| | | | | | | | | Patch by Donald Stufft. | ||||
| * | Issue #22638: SSLv3 is now disabled throughout the standard library. | Antoine Pitrou | 2014-10-17 | 1 | -0/+3 |
| | | | | | | | | It can still be enabled by instantiating a SSLContext manually. | ||||
* | | merge 3.4 (#22417) | Benjamin Peterson | 2014-11-03 | 1 | -2/+8 |
|\ \ | |/ | |||||
| * | PEP 476: enable HTTPS certificate verification by default (#22417) | Benjamin Peterson | 2014-11-03 | 1 | -2/+9 |
| | | | | | | | | Patch by Alex Gaynor with some modifications by me. | ||||
* | | Issue #22186: Fix typos in Lib/. | Berker Peksag | 2014-10-19 | 1 | -1/+1 |
|\ \ | |/ | | | | | Patch by Févry Thibault. | ||||
| * | Issue #22186: Fix typos in Lib/. | Berker Peksag | 2014-10-19 | 1 | -1/+1 |
| | | | | | | | | Patch by Févry Thibault. | ||||
* | | Issue #22638: SSLv3 is now disabled throughout the standard library. | Antoine Pitrou | 2014-10-17 | 1 | -0/+3 |
| | | | | | | | | It can still be enabled by instantiating a SSLContext manually. | ||||
* | | Remove unused "block" argument in SSLObject.do_handshake() (issue #21965) | Antoine Pitrou | 2014-10-05 | 1 | -1/+1 |
| | | |||||
* | | Issue #21965: Add support for in-memory SSL to the ssl module. | Antoine Pitrou | 2014-10-05 | 1 | -24/+139 |
| | | | | | | | | Patch by Geert Jansen. | ||||
* | | merge 3.4 (#22449) | Benjamin Peterson | 2014-10-03 | 1 | -2/+1 |
|\ \ | |/ | |||||
| * | also use openssl envvars to find certs on windows (closes #22449) | Benjamin Peterson | 2014-10-03 | 1 | -2/+1 |
| | | | | | | | | Patch by Christian Heimes and Alex Gaynor. | ||||
* | | Issue #20421: Add a .version() method to SSL sockets exposing the actual ↵ | Antoine Pitrou | 2014-09-04 | 1 | -0/+9 |
| | | | | | | | | protocol version in use. | ||||
* | | fix issue #17552: add socket.sendfile() method allowing to send a file over ↵ | Giampaolo Rodola' | 2014-06-11 | 1 | -0/+10 |
| | | | | | | | | a socket by using high-performance os.sendfile() on UNIX. Patch by Giampaolo Rodola'· | ||||
* | | Issue #20951: SSLSocket.send() now raises either SSLWantReadError or ↵ | Antoine Pitrou | 2014-04-29 | 1 | -11/+1 |
| | | | | | | | | | | | | SSLWantWriteError on a non-blocking socket if the operation would block. Previously, it would return 0. Patch by Nikolaus Rath. | ||||
* | | Issue #19940: ssl.cert_time_to_seconds() now interprets the given time ↵ | Antoine Pitrou | 2014-04-28 | 1 | -5/+27 |
| | | | | | | | | | | | | string in the UTC timezone (as specified in RFC 5280), not the local timezone. Patch by Akira. | ||||
* | | Issue #21068: The ssl.PROTOCOL* constants are now enum members. | Antoine Pitrou | 2014-04-18 | 1 | -19/+8 |
| | | |||||
* | | Issue #20896: ssl.get_server_certificate() now uses PROTOCOL_SSLv23, not ↵ | Antoine Pitrou | 2014-04-16 | 1 | -1/+1 |
|/ | | | | PROTOCOL_SSLv3, for maximum compatibility. | ||||
* | Issue #21013: Enhance ssl.create_default_context() for server side contexts | Donald Stufft | 2014-03-23 | 1 | -6/+24 |
| | | | | | | | | | | | | | | | | | | | | Closes #21013 by modfying ssl.create_default_context() to: * Move the restricted ciphers to only apply when using ssl.Purpose.CLIENT_AUTH. The major difference between restricted and not is the lack of RC4 in the restricted. However there are servers that exist that only expose RC4 still. * Switches the default protocol to ssl.PROTOCOL_SSLv23 so that the context will select TLS1.1 or TLS1.2 if it is available. * Add ssl.OP_NO_SSLv3 by default to continue to block SSL3.0 sockets * Add ssl.OP_SINGLE_DH_USE and ssl.OP_SINGLE_ECDG_USE to improve the security of the perfect forward secrecy * Add ssl.OP_CIPHER_SERVER_PREFERENCE so that when used for a server side socket the context will prioritize our ciphers which have been carefully selected to maximize security and performance. * Documents the failure conditions when a SSL3.0 connection is required so that end users can more easily determine if they need to unset ssl.OP_NO_SSLv3. | ||||
* | Issue #20995: Enhance default ciphers used by the ssl module | Donald Stufft | 2014-03-22 | 1 | -8/+31 |
| | | | | | | | | | | | | | | | Closes #20995 by Enabling better security by prioritizing ciphers such that: * Prefer cipher suites that offer perfect forward secrecy (DHE/ECDHE) * Prefer ECDHE over DHE for better performance * Prefer any AES-GCM over any AES-CBC for better performance and security * Then Use HIGH cipher suites as a fallback * Then Use 3DES as fallback which is secure but slow * Finally use RC4 as a fallback which is problematic but needed for compatibility some times. * Disable NULL authentication, NULL encryption, and MD5 MACs for security reasons | ||||
* | Issue #20976: pyflakes: Remove unused imports | Victor Stinner | 2014-03-20 | 1 | -3/+0 |
| | |||||
* | Issue #19422: Explicitly disallow non-SOCK_STREAM sockets in the ssl module, ↵ | Antoine Pitrou | 2013-12-28 | 1 | -0/+5 |
|\ | | | | | | | rather than silently let them emit clear text data. | ||||
| * | Issue #19422: Explicitly disallow non-SOCK_STREAM sockets in the ssl module, ↵ | Antoine Pitrou | 2013-12-28 | 1 | -0/+5 |
| | | | | | | | | rather than silently let them emit clear text data. | ||||
* | | Issue #19509: Don't close the socket in do_handshake() when hostname ↵ | Christian Heimes | 2013-12-04 | 1 | -9/+4 |
| | | | | | | | | verification fails. | ||||
* | | add check_hostname arg to ssl._create_stdlib_context() | Christian Heimes | 2013-12-02 | 1 | -1/+2 |
| | | |||||
* | | Issue #19509: Add SSLContext.check_hostname to match the peer's certificate | Christian Heimes | 2013-12-02 | 1 | -5/+27 |
| | | | | | | | | with server_hostname on handshake. | ||||
* | | ssl.create_default_context() sets OP_NO_COMPRESSION to prevent CRIME | Christian Heimes | 2013-11-28 | 1 | -0/+2 |
| | | |||||
* | | Issue #19735: Implement private function ssl._create_stdlib_context() to | Christian Heimes | 2013-11-23 | 1 | -6/+44 |
| | | | | | | | | | | create SSLContext objects in Python's stdlib module. It provides a single configuration point and makes use of SSLContext.load_default_certs(). | ||||
* | | Issue #19689: Add ssl.create_default_context() factory function. It creates | Christian Heimes | 2013-11-23 | 1 | -0/+35 |
| | | | | | | | | a new SSLContext object with secure default settings. | ||||
* | | Issue #19292: Add SSLContext.load_default_certs() to load default root CA | Christian Heimes | 2013-11-23 | 1 | -0/+28 |
| | | | | | | | | | | certificates from default stores or system stores. By default the method loads CA certs for authentication of server certs. | ||||
* | | Issue #17134: Finalize interface to Windows' certificate store. Cert and | Christian Heimes | 2013-11-22 | 1 | -1/+1 |
| | | | | | | | | | | CRL enumeration are now two functions. enum_certificates() also returns purpose flags as set of OIDs. | ||||
* | | Issue #8813: Add SSLContext.verify_flags to change the verification flags | Christian Heimes | 2013-11-21 | 1 | -0/+2 |
| | | | | | | | | | | of the context in order to enable certification revocation list (CRL) checks or strict X509 rules. | ||||
* | | Issue #19448: Add private API to SSL module to lookup ASN.1 objects by OID, ↵ | Christian Heimes | 2013-11-17 | 1 | -2/+24 |
| | | | | | | | | NID, short name and long name. | ||||
* | | merge with 3.3 | Georg Brandl | 2013-10-27 | 1 | -22/+50 |
|\ \ | |/ | |||||
| * | Issue #17997: Change behavior of ``ssl.match_hostname()`` to follow RFC 6125, | Georg Brandl | 2013-10-27 | 1 | -22/+50 |
| | | | | | | | | | | for security reasons. It now doesn't match multiple wildcards nor wildcards inside IDN fragments. | ||||
* | | #18705: merge with 3.3. | Ezio Melotti | 2013-08-17 | 1 | -1/+1 |
|\ \ | |/ |