summaryrefslogtreecommitdiffstats
path: root/Lib/test/make_ssl_certs.py
Commit message (Collapse)AuthorAgeFilesLines
* bpo-43522: Fix SSLContext.hostname_checks_common_name (GH-24899)Christian Heimes2021-04-171-14/+44
| | | | | | Fix problem with ssl.SSLContext.hostname_checks_common_name. OpenSSL does not copy hostflags from *struct SSL_CTX* to *struct SSL*. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-38271: encrypt private key test files with AES256 (GH-16385)Christian Heimes2019-09-251-2/+2
| | | | | | | | | | | | | | | | The private keys for test_ssl were encrypted with 3DES in traditional PKCS#5 format. 3DES and the digest algorithm of PKCS#5 are blocked by some strict crypto policies. Use PKCS#8 format with AES256 encryption instead. Signed-off-by: Christian Heimes <christian@python.org> https://bugs.python.org/issue38271 Automerge-Triggered-By: @tiran
* bpo-34542: Update test certs and keys (GH-8997)Christian Heimes2018-08-301-3/+3
| | | | | | | | Update all test certs and keys to use future proof crypto settings: * 3072 bit RSA keys * SHA-256 signature Signed-off-by: Christian Heimes <christian@python.org>
* bpo-32602: Test ECDSA certs (#5247)Christian Heimes2018-01-201-11/+77
| | | | | | | | Add test certs and test for ECDSA cert and EC/RSA dual mode. I'm also adding certs for IDNA 2003/2008 tests and simplify some test data handling. Signed-off-by: Christian Heimes <christian@python.org>
* Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name ↵Christian Heimes2016-09-061-4/+45
|\ | | | | | | fields in X.509 certs.
| * Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name ↵Christian Heimes2016-09-061-4/+45
| | | | | | | | fields in X.509 certs.
* | Issue #23277: Remove unused sys and os importsBerker Peksag2016-04-241-1/+0
|/ | | | Patch by Jon Dufresne.
* Issue #22074: Fix Lib/test/make_ssl_certs.pyAntoine Pitrou2014-07-261-1/+1
|
* Issue #8813: Add SSLContext.verify_flags to change the verification flagsChristian Heimes2013-11-211-0/+6
| | | | | of the context in order to enable certification revocation list (CRL) checks or strict X509 rules.
* Issue #8109: The ssl module now has support for server-side SNI, thanks to a ↵Antoine Pitrou2013-01-051-3/+109
| | | | | | :meth:`SSLContext.set_servername_callback` method. Patch by Daniel Black.
* Issue #9003: http.client.HTTPSConnection, urllib.request.HTTPSHandler andAntoine Pitrou2010-10-131-0/+5
| | | | | urllib.request.urlopen now take optional arguments to allow for server certificate checking, as recommended in public uses of HTTPS.
* Issue #1051: Add a script (Lib/test/make_ssl_certs.py) to generate theAntoine Pitrou2010-10-081-0/+59
custom certificate and private key files used by SSL-related certs.