| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Fix problem with ssl.SSLContext.hostname_checks_common_name. OpenSSL does not
copy hostflags from *struct SSL_CTX* to *struct SSL*.
Signed-off-by: Christian Heimes <christian@python.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The private keys for test_ssl were encrypted with 3DES in traditional
PKCS#5 format. 3DES and the digest algorithm of PKCS#5 are blocked by
some strict crypto policies. Use PKCS#8 format with AES256 encryption
instead.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue38271
Automerge-Triggered-By: @tiran
|
|
|
|
|
|
|
|
| |
Update all test certs and keys to use future proof crypto settings:
* 3072 bit RSA keys
* SHA-256 signature
Signed-off-by: Christian Heimes <christian@python.org>
|
|
|
|
|
|
|
|
| |
Add test certs and test for ECDSA cert and EC/RSA dual mode.
I'm also adding certs for IDNA 2003/2008 tests and simplify some test
data handling.
Signed-off-by: Christian Heimes <christian@python.org>
|
|\
| |
| |
| | |
fields in X.509 certs.
|
| |
| |
| |
| | |
fields in X.509 certs.
|
|/
|
|
| |
Patch by Jon Dufresne.
|
| |
|
|
|
|
|
| |
of the context in order to enable certification revocation list (CRL)
checks or strict X509 rules.
|
|
|
|
|
|
| |
:meth:`SSLContext.set_servername_callback` method.
Patch by Daniel Black.
|
|
|
|
|
| |
urllib.request.urlopen now take optional arguments to allow for
server certificate checking, as recommended in public uses of HTTPS.
|
|
custom certificate and private key files used by SSL-related certs.
|