summaryrefslogtreecommitdiffstats
path: root/Lib/test/test_ssl.py
Commit message (Collapse)AuthorAgeFilesLines
* Issue #26867: Ubuntu's openssl OP_NO_SSLv3 is forced on by default; fix test.Matthias Klose2016-06-131-1/+2
|
* Issue #25940: Merge ETIMEDOUT fix from 3.3 into 3.4Martin Panter2016-01-151-1/+1
|\
| * Issue #25940: Merge ETIMEDOUT fix from 3.2 into 3.3Martin Panter2016-01-151-1/+1
| |\
| | * Issue #25940: On Windows, connecting to port 444 returns ETIMEDOUTMartin Panter2016-01-151-1/+3
| | |
* | | Issue #25940: Update new SSL tests for self-signed.pythontest.netMartin Panter2016-01-141-12/+12
| | |
* | | Issue #25940: Merge self-signed.pythontest.net testing from 3.3 into 3.4Martin Panter2016-01-141-39/+44
|\ \ \ | |/ /
| * | Issue #25940: Merge self-signed.pythontest.net testing from 3.2 into 3.3Martin Panter2016-01-141-41/+48
| |\ \ | | |/
| | * Issue #25940: Use self-signed.pythontest.net in SSL testsMartin Panter2016-01-141-49/+52
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is instead of svn.python.org, whose certificate recently expired, and whose new certificate uses a different root certificate. The certificate used at the pythontest server was modifed to set the "basic constraints" CA flag. This flag seems to be required for test_get_ca_certs_ capath() to work (in Python 3.4+). Added the new self-signed certificate to capath with the following commands: cp Lib/test/{selfsigned_pythontestdotnet.pem,capath/} c_rehash -v Lib/test/capath/ c_rehash -v -old Lib/test/capath/ # Note the generated file names cp Lib/test/capath/{selfsigned_pythontestdotnet.pem,0e4015b9.0} mv Lib/test/capath/{selfsigned_pythontestdotnet.pem,ce7b8643.0} The new server responds with "No route to host" when connecting to port 444.
| | * Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytesGeorg Brandl2014-09-301-0/+29
| | | | | | | | | | | | | | | | | | | | | inside subjectAltName correctly. Formerly the module has used OpenSSL's GENERAL_NAME_print() function to get the string represention of ASN.1 strings for ``rfc822Name`` (email), ``dNSName`` (DNS) and ``uniformResourceIdentifier`` (URI).
| * | merge 3.2 (#20896)Benjamin Peterson2014-03-121-3/+8
| |\ \ | | |/
| | * use ssl.PROTOCOL_SSLv23 for maximum compatibility (closes #20896)Benjamin Peterson2014-03-121-3/+8
| | |
| | * Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of ↵Antoine Pitrou2013-05-181-0/+11
| | | | | | | | | | | | service using certificates with many wildcards (CVE-2013-2099).
* | | always set OP_NO_SSLv3 by default (closes #25530)Benjamin Peterson2015-11-121-9/+9
| | |
* | | replace 512 bit dh key with a 2014 bit one (closes #23844)Benjamin Peterson2015-04-021-1/+1
| | | | | | | | | | | | Patch by Cédric Krier.
* | | Issue #20617: Remove unused import in test_ssl.Berker Peksag2015-03-121-1/+0
| | | | | | | | | | | | Patch by Mark Lawrence.
* | | adjust test_crl_check for trusted first being defaultBenjamin Peterson2015-03-051-1/+2
| | |
* | | expose X509_V_FLAG_TRUSTED_FIRSTBenjamin Peterson2015-03-051-2/+3
| | |
* | | Issue #23345: Prevent test_ssl failures with large OpenSSL patch levelNed Deily2015-02-051-1/+1
| | | | | | | | | | | | values (like 0.9.8zc).
* | | Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. TheVictor Stinner2015-01-061-2/+3
| | | | | | | | | | | | | | | availability of the function is checked during the compilation. Patch written by Bernard Spil.
* | | Issue #22935: Fix test_ssl when the SSLv3 protocol is not supportedVictor Stinner2014-12-121-1/+2
| | |
* | | allow ssl module to compile if openssl doesn't support SSL 3 (closes #22935)Benjamin Peterson2014-12-061-7/+16
| | | | | | | | | | | | Patch by Kurt Roeckx.
* | | don't require OpenSSL SNI to pass hostname to ssl functions (#22921)Benjamin Peterson2014-11-231-6/+2
| | | | | | | | | | | | Patch by Donald Stufft.
* | | test that keyfile can be NoneBenjamin Peterson2014-11-041-1/+1
| | |
* | | PEP 476: enable HTTPS certificate verification by default (#22417)Benjamin Peterson2014-11-031-3/+4
| | | | | | | | | | | | Patch by Alex Gaynor with some modifications by me.
* | | separate cert loading tests into Windows and non-Windows casesBenjamin Peterson2014-10-031-0/+15
| | |
* | | also use openssl envvars to find certs on windows (closes #22449)Benjamin Peterson2014-10-031-0/+8
| | | | | | | | | | | | Patch by Christian Heimes and Alex Gaynor.
* | | Issue #21976: Fix test_ssl to accept LibreSSL version strings.Antoine Pitrou2014-07-211-6/+10
| | | | | | | | | | | | Thanks to William Orr.
* | | Try to fix buildbot failures on old OpenSSLs (< 1.0.0) - followup to issue ↵Antoine Pitrou2014-04-161-1/+6
| | | | | | | | | | | | #21015
* | | Issue #21013: Enhance ssl.create_default_context() for server side contextsDonald Stufft2014-03-231-3/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Closes #21013 by modfying ssl.create_default_context() to: * Move the restricted ciphers to only apply when using ssl.Purpose.CLIENT_AUTH. The major difference between restricted and not is the lack of RC4 in the restricted. However there are servers that exist that only expose RC4 still. * Switches the default protocol to ssl.PROTOCOL_SSLv23 so that the context will select TLS1.1 or TLS1.2 if it is available. * Add ssl.OP_NO_SSLv3 by default to continue to block SSL3.0 sockets * Add ssl.OP_SINGLE_DH_USE and ssl.OP_SINGLE_ECDG_USE to improve the security of the perfect forward secrecy * Add ssl.OP_CIPHER_SERVER_PREFERENCE so that when used for a server side socket the context will prioritize our ciphers which have been carefully selected to maximize security and performance. * Documents the failure conditions when a SSL3.0 connection is required so that end users can more easily determine if they need to unset ssl.OP_NO_SSLv3.
* | | Issue #21015: SSL contexts will now automatically select an elliptic curve ↵Antoine Pitrou2014-03-221-0/+12
| | | | | | | | | | | | | | | | | | for ECDH key exchange on OpenSSL 1.0.2 and later, and otherwise default to "prime256v1". (should also fix a buildbot failure introduced by #20995)
* | | merge 3.3 (#20896)Benjamin Peterson2014-03-121-3/+8
| | |
* | | Try to fix test_ssl failures on some buildbotsAntoine Pitrou2014-01-091-2/+2
|\ \ \ | |/ /
| * | Try to fix test_ssl failures on some buildbotsAntoine Pitrou2014-01-091-2/+2
| | |
* | | Issue #20207: Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly ↵Antoine Pitrou2014-01-091-6/+4
|\ \ \ | |/ / | | | | | | asked for.
| * | Issue #20207: Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly ↵Antoine Pitrou2014-01-091-6/+4
| | | | | | | | | | | | asked for.
* | | Issue #19422: Explicitly disallow non-SOCK_STREAM sockets in the ssl module, ↵Antoine Pitrou2013-12-281-0/+11
|\ \ \ | |/ / | | | | | | rather than silently let them emit clear text data.
| * | Issue #19422: Explicitly disallow non-SOCK_STREAM sockets in the ssl module, ↵Antoine Pitrou2013-12-281-0/+12
| | | | | | | | | | | | rather than silently let them emit clear text data.
* | | (Merge 3.3) Issue #20025: ssl.RAND_bytes() and ssl.RAND_pseudo_bytes() nowVictor Stinner2013-12-191-0/+4
|\ \ \ | |/ / | | | | | | raise a ValueError if num is negative (instead of raising a SystemError).
| * | Issue #20025: ssl.RAND_bytes() and ssl.RAND_pseudo_bytes() now raise aVictor Stinner2013-12-191-0/+4
| | | | | | | | | | | | ValueError if num is negative (instead of raising a SystemError).
* | | Issue #19919: Fix flacky SSL test. connect_ex() sometimes returnsChristian Heimes2013-12-161-2/+4
|\ \ \ | |/ / | | | | | | EWOULDBLOCK on Windows or VMs hosted on Windows.
| * | Issue #19919: Fix flacky SSL test. connect_ex() sometimes returnsChristian Heimes2013-12-161-2/+4
| | | | | | | | | | | | EWOULDBLOCK on Windows or VMs hosted on Windows.
* | | test_ssl: skip tests when SNI is not availableChristian Heimes2013-12-151-0/+2
| | |
* | | Test SSLSock's context getter and setterChristian Heimes2013-12-051-0/+14
| | |
* | | add check_hostname arg to ssl._create_stdlib_context()Christian Heimes2013-12-021-1/+3
| | |
* | | Issue #19509: Add SSLContext.check_hostname to match the peer's certificateChristian Heimes2013-12-021-0/+62
| | | | | | | | | | | | with server_hostname on handshake.
* | | Issue #19735: Implement private function ssl._create_stdlib_context() toChristian Heimes2013-11-231-0/+21
| | | | | | | | | | | | | | | create SSLContext objects in Python's stdlib module. It provides a single configuration point and makes use of SSLContext.load_default_certs().
* | | Issue #19689: Add ssl.create_default_context() factory function. It createsChristian Heimes2013-11-231-0/+20
| | | | | | | | | | | | a new SSLContext object with secure default settings.
* | | Issue #19292: Add SSLContext.load_default_certs() to load default root CAChristian Heimes2013-11-231-0/+32
| | | | | | | | | | | | | | | certificates from default stores or system stores. By default the method loads CA certs for authentication of server certs.
* | | Issue #8813: X509_VERIFY_PARAM is only available on OpenSSL 0.9.8+Christian Heimes2013-11-231-0/+8
| | | | | | | | | | | | The patch removes the verify_flags feature on Mac OS X 10.4 with OpenSSL 0.9.7l 28 Sep 2006.
* | | Issue #19448: report name / NID in exception message of ASN1ObjectChristian Heimes2013-11-221-2/+4
| | |
generated by cgit v0.12 at 2025-12-29 02:18:04 (GMT)