summaryrefslogtreecommitdiffstats
path: root/Lib/ssl.py
Commit message (Collapse)AuthorAgeFilesLines
* [3.12] gh-113280: Always close socket if SSLSocket creation failed ↵Miss Islington (bot)2024-02-041-54/+53
| | | | | | | | (GH-114659) (GH-114995) (cherry picked from commit 0ea366240b75380ed7568acbe95d72e481a734f7) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> Co-authored-by: Thomas Grainger <tagrain@gmail.com>
* [3.12] gh-84443: SSLSocket.recv_into() now support buffer protocol with ↵Miss Islington (bot)2023-11-271-4/+8
| | | | | | | | | | itemsize != 1 (GH-20310) (GH-112458) It is also no longer use __len__(). (cherry picked from commit 812360fddda86d7aff5823f529ab720f57ddc411) Co-authored-by: Zackery Spytz <zspytz@gmail.com> Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* [3.12] gh-108342: Break ref cycle in SSLSocket._create() exc (GH-108344) ↵Miss Islington (bot)2023-08-231-1/+5
| | | | | | | | | | | | | (#108348) Explicitly break a reference cycle when SSLSocket._create() raises an exception. Clear the variable storing the exception, since the exception traceback contains the variables and so creates a reference cycle. This test leak was introduced by the test added for the fix of GH-108310. (cherry picked from commit 64f99350351bc46e016b2286f36ba7cd669b79e3) Co-authored-by: Victor Stinner <vstinner@python.org>
* [3.12] gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close ↵Łukasz Langa2023-08-221-1/+30
| | | | | | | | | | | | | | | | flaw (#108316) Instances of `ssl.SSLSocket` were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data. The vulnerability is caused when a socket is connected, data is sent by the malicious peer and stored in a buffer, and then the malicious peer closes the socket within a small timing window before the other peers’ TLS handshake can begin. After this sequence of events the closed socket will not immediately attempt a TLS handshake due to not being connected but will also allow the buffered data to be read as if a successful TLS handshake had occurred. Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
* gh-94199: Remove the ssl.wrap_socket() function (#94203)Victor Stinner2022-07-081-30/+0
| | | | | | | | Remove the ssl.wrap_socket() function, deprecated in Python 3.7: instead, create a ssl.SSLContext object and call its sl.SSLContext.wrap_socket() method. Any package that still uses ssl.wrap_socket() is broken and insecure. The function neither sends a SNI TLS extension nor validates server hostname. Code is subject to CWE-295 : Improper Certificate Validation.
* gh-94199: Remove ssl.match_hostname() function (#94224)Victor Stinner2022-06-251-62/+0
|
* gh-94199: Remove ssl.RAND_pseudo_bytes() function (#94202)Victor Stinner2022-06-241-1/+1
| | | | Remove the ssl.RAND_pseudo_bytes() function, deprecated in Python 3.6: use os.urandom() or ssl.RAND_bytes() instead.
* bpo-46604: fix function name in ssl module docstring (#31064)Kossi GLOKPOR2022-05-031-3/+4
| | | | | The function fetch_server_certificate is replaced by get_server_certificate in the module. I reflected the change in the module docstrings. Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
* bpo-40066: [Enum] skip failing doc test (GH-30637)Kumar Aditya2022-01-171-1/+0
|
* Revert "bpo-40066: [Enum] update str() and format() output (GH-30582)" ↵Victor Stinner2022-01-171-0/+1
| | | | | (GH-30632) This reverts commit acf7403f9baea3ae1119fc6b4a3298522188bf96.
* bpo-40066: [Enum] update str() and format() output (GH-30582)Ethan Furman2022-01-161-1/+0
| | | | | | | | | | | | | | | Undo rejected PEP-663 changes: - restore `repr()` to its 3.10 status - restore `str()` to its 3.10 status New changes: - `IntEnum` and `IntFlag` now leave `__str__` as the original `int.__str__` so that str() and format() return the same result - zero-valued flags without a name have a slightly changed repr(), e.g. `repr(Color(0)) == '<Color: 0>'` - update `dir()` for mixed-in types to return all the methods and attributes of the mixed-in type - added `_numeric_repr_` to `Flag` to control display of unnamed values - enums without doc strings have a more comprehensive doc string added - `ReprEnum` added -- inheriting from this makes it so only `__repr__` is replaced, not `__str__` nor `__format__`; `IntEnum`, `IntFlag`, and `StrEnum` all inherit from `ReprEnum`
* Fix typos in multiple files (GH-26689)Binbin2021-06-131-1/+1
| | | Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
* bpo-44362: ssl: improve deprecation warnings and docs (GH-26646)Christian Heimes2021-06-111-8/+15
| | | Signed-off-by: Christian Heimes <christian@python.org>
* bpo-44045: fix spelling of uppercase vs upper-case (GH-25985)Jürgen Gmach2021-05-281-1/+1
| | | | | And also of lowercase vs lower-case. The `-` notation should only be used for adjectives.
* bpo-31870: Add a timeout parameter to ssl.get_server_certificate() (GH-22270)Zackery Spytz2021-04-241-4/+7
|
* bpo-38659: [Enum] add _simple_enum decorator (GH-25497)Ethan Furman2021-04-211-4/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add: * `_simple_enum` decorator to transform a normal class into an enum * `_test_simple_enum` function to compare * `_old_convert_` to enable checking `_convert_` generated enums `_simple_enum` takes a normal class and converts it into an enum: @simple_enum(Enum) class Color: RED = 1 GREEN = 2 BLUE = 3 `_old_convert_` works much like` _convert_` does, using the original logic: # in a test file import socket, enum CheckedAddressFamily = enum._old_convert_( enum.IntEnum, 'AddressFamily', 'socket', lambda C: C.isupper() and C.startswith('AF_'), source=_socket, ) `_test_simple_enum` takes a traditional enum and a simple enum and compares the two: # in the REPL or the same module as Color class CheckedColor(Enum): RED = 1 GREEN = 2 BLUE = 3 _test_simple_enum(CheckedColor, Color) _test_simple_enum(CheckedAddressFamily, socket.AddressFamily) Any important differences will raise a TypeError
* Revert "bpo-38659: [Enum] add _simple_enum decorator (GH-25285)" (GH-25476)Ethan Furman2021-04-201-9/+4
| | | This reverts commit dbac8f40e81eb0a29dc833e6409a1abf47467da6.
* bpo-38659: [Enum] add _simple_enum decorator (GH-25285)Ethan Furman2021-04-201-4/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add: _simple_enum decorator to transform a normal class into an enum _test_simple_enum function to compare _old_convert_ to enable checking _convert_ generated enums _simple_enum takes a normal class and converts it into an enum: @simple_enum(Enum) class Color: RED = 1 GREEN = 2 BLUE = 3 _old_convert_ works much like _convert_ does, using the original logic: # in a test file import socket, enum CheckedAddressFamily = enum._old_convert_( enum.IntEnum, 'AddressFamily', 'socket', lambda C: C.isupper() and C.startswith('AF_'), source=_socket, ) test_simple_enum takes a traditional enum and a simple enum and compares the two: # in the REPL or the same module as Color class CheckedColor(Enum): RED = 1 GREEN = 2 BLUE = 3 _test_simple_enum(CheckedColor, Color) _test_simple_enum(CheckedAddressFamily, socket.AddressFamily) Any important differences will raise a TypeError
* bpo-43880: Show DeprecationWarnings for deprecated ssl module features ↵Christian Heimes2021-04-191-9/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | (GH-25455) * ssl.OP_NO_SSLv2 * ssl.OP_NO_SSLv3 * ssl.OP_NO_TLSv1 * ssl.OP_NO_TLSv1_1 * ssl.OP_NO_TLSv1_2 * ssl.OP_NO_TLSv1_3 * ssl.PROTOCOL_SSLv2 * ssl.PROTOCOL_SSLv3 * ssl.PROTOCOL_SSLv23 (alias for PROTOCOL_TLS) * ssl.PROTOCOL_TLS * ssl.PROTOCOL_TLSv1 * ssl.PROTOCOL_TLSv1_1 * ssl.PROTOCOL_TLSv1_2 * ssl.TLSVersion.SSLv3 * ssl.TLSVersion.TLSv1 * ssl.TLSVersion.TLSv1_1 * ssl.wrap_socket() * ssl.RAND_pseudo_bytes() * ssl.RAND_egd() (already removed since it's not supported by OpenSSL 1.1.1) * ssl.SSLContext() without a protocol argument * ssl.match_hostname() * hashlib.pbkdf2_hmac() (pure Python implementation, fast OpenSSL function will stay) Signed-off-by: Christian Heimes <christian@python.org>
* bpo-36076: Add SNI support to ssl.get_server_certificate. (GH-16820)juhovh2021-04-181-1/+1
| | | | | | | | | | | | | | Many servers in the cloud environment require SNI to be used during the SSL/TLS handshake, therefore it is not possible to fetch their certificates using the ssl.get_server_certificate interface. This change adds an additional optional hostname argument that can be used to set the SNI. Note that it is intentionally a separate argument instead of using the host part of the addr tuple, because one might want to explicitly fetch the default certificate or fetch a certificate from a specific IP address with the specified SNI hostname. A separate argument also works better for backwards compatibility. Automerge-Triggered-By: GH:tiran
* bpo-43669: PEP 644: Require OpenSSL 1.1.1 or newer (GH-23014)Christian Heimes2021-04-171-8/+2
| | | | | | | | | | | | | | | | | | | | | | | | - Remove HAVE_X509_VERIFY_PARAM_SET1_HOST check - Update hashopenssl to require OpenSSL 1.1.1 - multissltests only OpenSSL > 1.1.0 - ALPN is always supported - SNI is always supported - Remove deprecated NPN code. Python wrappers are no-op. - ECDH is always supported - Remove OPENSSL_VERSION_1_1 macro - Remove locking callbacks - Drop PY_OPENSSL_1_1_API macro - Drop HAVE_SSL_CTX_CLEAR_OPTIONS macro - SSL_CTRL_GET_MAX_PROTO_VERSION is always defined now - security level is always available now - get_num_tickets is available with TLS 1.3 - X509_V_ERR MISMATCH is always available now - Always set SSL_MODE_RELEASE_BUFFERS - X509_V_FLAG_TRUSTED_FIRST is always available - get_ciphers is always supported - SSL_CTX_set_keylog_callback is always available - Update Modules/Setup with static link example - Mention PEP in whatsnew - Drop 1.0.2 and 1.1.0 from GHA tests
* bpo-40443: Remove unused imports in stdlib (GH-19815)Victor Stinner2020-05-011-1/+1
|
* bpo-37463: match_hostname requires quad-dotted IPv4 (GH-14499)Christian Heimes2019-07-021-9/+20
| | | | | | | | | | | | | | | | ssl.match_hostname() no longer accepts IPv4 addresses with additional text after the address and only quad-dotted notation without trailing whitespaces. Some inet_aton() implementations ignore whitespace and all data after whitespace, e.g. '127.0.0.1 whatever'. Short notations like '127.1' for '127.0.0.1' were already filtered out. The bug was initially found by Dominik Czarnota and reported by Paul Kehrer. Signed-off-by: Christian Heimes <christian@python.org> https://bugs.python.org/issue37463
* bpo-34271: Fix compatibility with 1.0.2 (GH-13728)Christian Heimes2019-06-031-3/+3
| | | | | | Fix various compatibility issues with LibreSSL and OpenSSL 1.0.2 introduced by bpo-34271. Signed-off-by: Christian Heimes <christian@python.org>
* Fix typos in docs and docstrings (GH-13745)Xtreak2019-06-021-1/+1
|
* bpo-34271: Add ssl debugging helpers (GH-10031)Christian Heimes2019-05-311-1/+171
| | | | | | | | | | | The ssl module now can dump key material to a keylog file and trace TLS protocol messages with a tracing callback. The default and stdlib contexts also support SSLKEYLOGFILE env var. The msg_callback and related enums are private members. The feature is designed for internal debugging and not for end users. Signed-off-by: Christian Heimes <christian@python.org>
* Simplify SSLSocket / SSLObject doc string (GH-9972)Christian Heimes2019-05-171-16/+21
| | | | | | Instead of maintaining the same doc string two times, let's copy common doc strings from SSLObject methods and properties to SSLSocket. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-33023: Fix NotImplemented to NotImplementedError. (GH-10934)Serhiy Storchaka2018-12-061-2/+2
|
* Fix a typo ssl.py docstring (GH-9697)Matt Eaton2018-10-051-1/+1
|
* bpo-34670: Add TLS 1.3 post handshake auth (GH-9460)Christian Heimes2018-09-231-0/+9
| | | | | | | | | | Add SSLContext.post_handshake_auth and SSLSocket.verify_client_post_handshake for TLS 1.3 post-handshake authentication. Signed-off-by: Christian Heimes <christian@python.org>q https://bugs.python.org/issue34670
* bpo-34282: Fix Enum._convert shadowing members named _convert (GH-8568)orlnub1232018-09-121-6/+6
| | | | | * Fix enum members getting shadowed by parent attributes * Move Enum._convert to EnumMeta._convert_ * Deprecate _convert
* bpo-24334: Remove inaccurate match_hostname call (#6211)Christian Heimes2018-03-241-5/+0
| | | | | | Commit 141c5e8c re-added match_hostname() call. The resurrection of the function call was never intended and was solely a merge mistake. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-31453: Add setter for min/max protocol version (#5259)Christian Heimes2018-02-271-3/+34
| | | | | | | | | | | | OpenSSL 1.1 has introduced a new API to set the minimum and maximum supported protocol version. The API is easier to use than the old OP_NO_TLS1 option flags, too. Since OpenSSL has no call to set minimum version to highest supported, the implementation emulate maximum_version = MINIMUM_SUPPORTED and minimum_version = MAXIMUM_SUPPORTED by figuring out the minumum and maximum supported version at compile time. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-32951: Disable SSLSocket/SSLObject constructor (#5864)Christian Heimes2018-02-271-71/+67
| | | | | | | | | | | | | | | | Direct instantiation of SSLSocket and SSLObject objects is now prohibited. The constructors were never documented, tested, or designed as public constructors. The SSLSocket constructor had limitations. For example it was not possible to enabled hostname verification except was ssl_version=PROTOCOL_TLS_CLIENT with cert_reqs=CERT_REQUIRED. SSLContext.wrap_socket() and SSLContext.wrap_bio are the recommended API to construct SSLSocket and SSLObject instances. ssl.wrap_socket() is also deprecated. The only test case for direct instantiation was added a couple of days ago for IDNA testing. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-24334: Cleanup SSLSocket (#5252)Christian Heimes2018-02-241-54/+62
| | | | | | | | | | | | | * The SSLSocket is no longer implemented on top of SSLObject to avoid an extra level of indirection. * Owner and session are now handled in the internal constructor. * _ssl._SSLSocket now uses the same method names as SSLSocket and SSLObject. * Channel binding type check is now handled in C code. Channel binding is always available. The patch also changes the signature of SSLObject.__init__(). In my opinion it's fine. A SSLObject is not a user-constructable object. SSLContext.wrap_bio() is the only valid factory.
* bpo-32819: Simplify and improve ssl.match_hostname (#5620)Christian Heimes2018-02-241-41/+65
| | | | | | | ssl.match_hostname() has been simplified and no longer depends on re and ipaddress module for wildcard and IP addresses. Error reporting for invalid wildcards has been improved. Signed-off-by: Christian Heimes <christian@python.org>
* [bpo-28414] Make all hostnames in SSL module IDN A-labels (GH-5128)Christian Heimes2018-02-241-6/+34
| | | | | | | | | | | | Previously, the ssl module stored international domain names (IDNs) as U-labels. This is problematic for a number of reasons -- for example, it made it impossible for users to use a different version of IDNA than the one built into Python. After this change, we always convert to A-labels as soon as possible, and use them for all internal processing. In particular, server_hostname attribute is now an A-label, and on the server side there's a new sni_callback that receives the SNI servername as an A-label rather than a U-label.
* bpo-31429: Define TLS cipher suite on build time (#3532)Christian Heimes2018-01-291-46/+2
| | | | | | | | | | | | | Until now Python used a hard coded white list of default TLS cipher suites. The old approach has multiple downsides. OpenSSL's default selection was completely overruled. Python did neither benefit from new cipher suites (ChaCha20, TLS 1.3 suites) nor blacklisted cipher suites. For example we used to re-enable 3DES. Python now defaults to OpenSSL DEFAULT cipher suite selection and black lists all unwanted ciphers. Downstream vendors can override the default cipher list with --with-ssl-default-suites. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-31399: Let OpenSSL verify hostname and IP address (#3462)Christian Heimes2018-01-271-9/+20
| | | | | | | | | | | | | | | bpo-31399: Let OpenSSL verify hostname and IP The ssl module now uses OpenSSL's X509_VERIFY_PARAM_set1_host() and X509_VERIFY_PARAM_set1_ip() API to verify hostname and IP addresses. * Remove match_hostname calls * Check for libssl with set1_host, libssl must provide X509_VERIFY_PARAM_set1_host() * Add documentation for OpenSSL 1.0.2 requirement * Don't support OpenSSL special mode with a leading dot, e.g. ".example.org" matches "www.example.org". It's not standard conform. * Add hostname_checks_common_name Signed-off-by: Christian Heimes <christian@python.org>
* bpo-31853: Replaced socket.method calls with super() in SSLSocket. (#4048)Mads Jensen2018-01-271-20/+19
|
* bpo-23033: Improve SSL Certificate handling (GH-937)Mandeep Singh2017-11-261-2/+7
| | | | Wildcard is now supported in hostname when it is one and only character in the leftmost segment.
* bpo-31659: Use simple slicing to format PEM cert (GH-3849)INADA Naoki2017-10-021-4/+4
| | | | | | | DER_cert_to_PEM_cert() used textwrap.fill() to format PEM. But it's library to wrap lines on word boundary, while PEM is base64 encoded string. Additionally, importing textwrap is little slow.
* bpo-31346: Use PROTOCOL_TLS_CLIENT/SERVER (#3058)Christian Heimes2017-09-151-2/+5
| | | | | | Replaces PROTOCOL_TLSv* and PROTOCOL_SSLv23 with PROTOCOL_TLS_CLIENT and PROTOCOL_TLS_SERVER. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-31386: Custom wrap_bio and wrap_socket type (#3426)Christian Heimes2017-09-151-8/+18
| | | | | | | | | SSLSocket.wrap_bio() and SSLSocket.wrap_socket() hard-code SSLObject and SSLSocket as return types. In the light of future deprecation of ssl.wrap_socket() module function and direct instantiation of SSLSocket, it is desirable to make the return type of SSLSocket.wrap_bio() and SSLSocket.wrap_socket() customizable. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-28182: Expose OpenSSL verification results (#3412)Christian Heimes2017-09-081-1/+1
| | | | | | | | | The SSL module now raises SSLCertVerificationError when OpenSSL fails to verify the peer's certificate. The exception contains more information about the error. Original patch by Chi Hsuan Yen Signed-off-by: Christian Heimes <christian@python.org>
* bpo-29136: Add TLS 1.3 cipher suites and OP_NO_TLSv1_3 (#1363)Christian Heimes2017-09-081-1/+7
| | | | | | | | | | | | | | | | * bpo-29136: Add TLS 1.3 support TLS 1.3 introduces a new, distinct set of cipher suites. The TLS 1.3 cipher suites don't overlap with cipher suites from TLS 1.2 and earlier. Since Python sets its own set of permitted ciphers, TLS 1.3 handshake will fail as soon as OpenSSL 1.1.1 is released. Let's enable the common AES-GCM and ChaCha20 suites. Additionally the flag OP_NO_TLSv1_3 is added. It defaults to 0 (no op) with OpenSSL prior to 1.1.1. This allows applications to opt-out from TLS 1.3 now. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-27340: Use memoryview in SSLSocket.sendall() (#3384)Christian Heimes2017-09-071-4/+5
| | | | | | | | | | | | | | * bpo-27340: Use memoryview in SSLSocket.sendall() SSLSocket.sendall() now uses memoryview to create slices of data. This fix support for all bytes-like object. It is also more efficient and avoids costly copies. Signed-off-by: Christian Heimes <christian@python.org> * Cast view to bytes, fix typo Signed-off-by: Christian Heimes <christian@python.org>
* Issue #28085: Add PROTOCOL_TLS_CLIENT and PROTOCOL_TLS_SERVER for SSLContextChristian Heimes2016-09-111-0/+2
|
* Issue #19500: Add client-side SSL session resumption to the ssl module.Christian Heimes2016-09-101-12/+53
|
* Issue #28022: Deprecate ssl-related arguments in favor of SSLContext.Christian Heimes2016-09-101-1/+0
| | | | | | | The deprecation include manual creation of SSLSocket and certfile/keyfile (or similar) in ftplib, httplib, imaplib, smtplib, poplib and urllib. ssl.wrap_socket() is not marked as deprecated yet.