| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
(GH-25451)
Fix problem with ssl.SSLContext.hostname_checks_common_name. OpenSSL does not
copy hostflags from *struct SSL_CTX* to *struct SSL*.
Signed-off-by: Christian Heimes <christian@python.org>.
(cherry picked from commit b467d9a24011992242c95d9157d3455f8a84466b)
Co-authored-by: Christian Heimes <christian@python.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The private keys for test_ssl were encrypted with 3DES in traditional
PKCS#5 format. 3DES and the digest algorithm of PKCS#5 are blocked by
some strict crypto policies. Use PKCS#8 format with AES256 encryption
instead.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue38271
Automerge-Triggered-By: @tiran
|
| |
|
|
|
|
|
|
| |
Update all test certs and keys to use future proof crypto settings:
* 3072 bit RSA keys
* SHA-256 signature
Signed-off-by: Christian Heimes <christian@python.org>
|
| |
|
|
|
|
|
|
| |
Add test certs and test for ECDSA cert and EC/RSA dual mode.
I'm also adding certs for IDNA 2003/2008 tests and simplify some test
data handling.
Signed-off-by: Christian Heimes <christian@python.org>
|
| |\
| |
| |
| | |
fields in X.509 certs.
|
| | |
| |
| |
| | |
fields in X.509 certs.
|
| |/
|
|
| |
Patch by Jon Dufresne.
|
| | |
|
| |
|
|
|
| |
of the context in order to enable certification revocation list (CRL)
checks or strict X509 rules.
|
| |
|
|
|
|
| |
:meth:`SSLContext.set_servername_callback` method.
Patch by Daniel Black.
|
| |
|
|
|
| |
urllib.request.urlopen now take optional arguments to allow for
server certificate checking, as recommended in public uses of HTTPS.
|
|
|
custom certificate and private key files used by SSL-related certs.
|
