summaryrefslogtreecommitdiffstats
path: root/Lib/test/test_ssl.py
Commit message (Collapse)AuthorAgeFilesLines
* Test SSLSock's context getter and setterChristian Heimes2013-12-051-0/+14
|
* add check_hostname arg to ssl._create_stdlib_context()Christian Heimes2013-12-021-1/+3
|
* Issue #19509: Add SSLContext.check_hostname to match the peer's certificateChristian Heimes2013-12-021-0/+62
| | | | with server_hostname on handshake.
* Issue #19735: Implement private function ssl._create_stdlib_context() toChristian Heimes2013-11-231-0/+21
| | | | | create SSLContext objects in Python's stdlib module. It provides a single configuration point and makes use of SSLContext.load_default_certs().
* Issue #19689: Add ssl.create_default_context() factory function. It createsChristian Heimes2013-11-231-0/+20
| | | | a new SSLContext object with secure default settings.
* Issue #19292: Add SSLContext.load_default_certs() to load default root CAChristian Heimes2013-11-231-0/+32
| | | | | certificates from default stores or system stores. By default the method loads CA certs for authentication of server certs.
* Issue #8813: X509_VERIFY_PARAM is only available on OpenSSL 0.9.8+Christian Heimes2013-11-231-0/+8
| | | | The patch removes the verify_flags feature on Mac OS X 10.4 with OpenSSL 0.9.7l 28 Sep 2006.
* Issue #19448: report name / NID in exception message of ASN1ObjectChristian Heimes2013-11-221-2/+4
|
* Issue #17134: check certs of CA and ROOT system storeChristian Heimes2013-11-221-13/+14
|
* or VERIFY_CRL_CHECK_LEAF to verify_flagsChristian Heimes2013-11-221-2/+2
|
* Issue #17134: Finalize interface to Windows' certificate store. Cert andChristian Heimes2013-11-221-21/+36
| | | | | CRL enumeration are now two functions. enum_certificates() also returns purpose flags as set of OIDs.
* one CERT_REQUIRED is enoughChristian Heimes2013-11-211-1/+0
|
* Issue #8813: Add SSLContext.verify_flags to change the verification flagsChristian Heimes2013-11-211-1/+62
| | | | | of the context in order to enable certification revocation list (CRL) checks or strict X509 rules.
* Issue #18379: SSLSocket.getpeercert() returns CA issuer AIA fields, OCSPChristian Heimes2013-11-211-1/+7
| | | | and CRL distribution points.
* Issue #18138: Implement cadata argument of SSLContext.load_verify_location()Christian Heimes2013-11-211-2/+86
| | | | | to load CA certificates and CRL from memory. It supports PEM and DER encoded strings.
* Issue #19448: Add private API to SSL module to lookup ASN.1 objects by OID, ↵Christian Heimes2013-11-171-0/+38
| | | | NID, short name and long name.
* merge with 3.3Georg Brandl2013-10-271-6/+32
|\
| * Issue #17997: Change behavior of ``ssl.match_hostname()`` to follow RFC 6125,Georg Brandl2013-10-271-6/+32
| | | | | | | | | | for security reasons. It now doesn't match multiple wildcards nor wildcards inside IDN fragments.
* | Issue #19095: SSLSocket.getpeercert() now raises ValueError when the SSL ↵Antoine Pitrou2013-09-291-1/+7
| | | | | | | | handshake hasn't been done.
* | Issue #18709: Fix issue with IPv6 address in subjectAltName on Mac OS X TigerChristian Heimes2013-08-251-7/+15
|\ \ | |/
| * Issue #18709: Fix issue with IPv6 address in subjectAltName on Mac OS X TigerChristian Heimes2013-08-251-7/+15
| |
* | Issue #18747: Re-seed OpenSSL's pseudo-random number generator after fork.Christian Heimes2013-08-211-0/+32
|\ \ | |/ | | | | | | A pthread_atfork() child handler is used to seeded the PRNG with pid, time and some stack data.
| * Issue #18747: Re-seed OpenSSL's pseudo-random number generator after fork.Christian Heimes2013-08-211-0/+32
| | | | | | | | | | A pthread_atfork() child handler is used to seeded the PRNG with pid, time and some stack data.
* | Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytesChristian Heimes2013-08-161-0/+29
|\ \ | |/ | | | | | | | | | | inside subjectAltName correctly. Formerly the module has used OpenSSL's GENERAL_NAME_print() function to get the string represention of ASN.1 strings for rfc822Name (email), dNSName (DNS) and uniformResourceIdentifier (URI).
| * Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytesChristian Heimes2013-08-161-0/+29
| | | | | | | | | | | | | | inside subjectAltName correctly. Formerly the module has used OpenSSL's GENERAL_NAME_print() function to get the string represention of ASN.1 strings for rfc822Name (email), dNSName (DNS) and uniformResourceIdentifier (URI).
* | test_ssl: use a bytestring hereAntoine Pitrou2013-07-201-1/+1
| |
* | Issue #9177: Calling read() or write() now raises ValueError, not ↵Antoine Pitrou2013-07-201-0/+15
| | | | | | | | | | | | AttributeError, on a closed SSL socket. Patch by Senko Rasic.
* | Issue #18147: Add diagnostic functions to ssl.SSLContext().Christian Heimes2013-06-171-0/+57
| | | | | | | | | | get_ca_list() lists all loaded CA certificates and cert_store_stats() returns amount of loaded X.509 certs, X.509 CA certs and CRLs.
* | Issue #18207: Fix test_ssl for some versions of OpenSSL that ignore secondsChristian Heimes2013-06-171-2/+16
| | | | | | | | in ASN1_TIME fields.
* | Issue #17134: Add ssl.enum_cert_store() as interface to Windows' cert store.Christian Heimes2013-06-091-0/+23
| |
* | Issue #18143: Implement ssl.get_default_verify_paths() in order to debugChristian Heimes2013-06-091-0/+13
| | | | | | | | the default locations for cafile and capath.
* | Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of ↵Antoine Pitrou2013-05-181-0/+11
|\ \ | |/ | | | | service using certificates with many wildcards (CVE-2013-2099).
| * Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of ↵Antoine Pitrou2013-05-181-0/+11
| | | | | | | | service using certificates with many wildcards (CVE-2013-2099).
* | Issue #13721: SSLSocket.getpeercert() and SSLSocket.do_handshake() now raise ↵Antoine Pitrou2013-05-011-0/+15
| | | | | | | | an OSError with ENOTCONN, instead of an AttributeError, when the SSLSocket is not connected.
* | Fix a crash when setting a servername callback on a SSL server socket and ↵Antoine Pitrou2013-04-111-1/+10
| | | | | | | | | | | | | | the client doesn't send a server name. Patch by Kazuhiro Yoshida. (originally issue #8109)
* | In search of TLS 1.1 bug: add debugging output in verbose modeAntoine Pitrou2013-03-291-0/+5
| |
* | Use a subtest in test_ssl.test_echoAntoine Pitrou2013-03-291-4/+5
| |
* | Issue #16692: The ssl module now supports TLS 1.1 and TLS 1.2. Initial ↵Antoine Pitrou2013-03-281-20/+53
| | | | | | | | patch by Michele Orrù.
* | Issue #13898: test_ssl no longer prints a spurious stack trace on Ubuntu.Nadeem Vawda2013-03-031-1/+5
|\ \ | |/
| * Issue #13898: test_ssl no longer prints a spurious stack trace on Ubuntu.Nadeem Vawda2013-03-031-1/+5
| |\
| | * Issue #13898: test_ssl no longer prints a spurious stack trace on Ubuntu.Nadeem Vawda2013-03-031-1/+7
| | |
* | | Issue #17107: Test client-side SNI support in urllib.request thanks to the ↵Antoine Pitrou2013-02-051-1/+1
| | | | | | | | | | | | | | | | | | new server-side SNI support in the ssl module. Initial patch by Daniel Black.
* | | In test_ssl, threaded tests shouldn't need the network resource to be enabledAntoine Pitrou2013-01-121-1/+1
|\ \ \ | |/ /
| * | In test_ssl, threaded tests shouldn't need the "network" resource to be enabledAntoine Pitrou2013-01-121-1/+1
| | |
* | | Issue #16923: Fix ResourceWarnings in test_ssl.Antoine Pitrou2013-01-121-33/+35
|\ \ \ | |/ /
| * | Issue #16923: Fix ResourceWarnings in test_ssl.Antoine Pitrou2013-01-121-33/+35
| | |
* | | merge 3.3 (#16900)Benjamin Peterson2013-01-101-0/+8
|\ \ \ | |/ /
| * | remove __del__ because it's evil and also prevents the ResourceWarning on ↵Benjamin Peterson2013-01-101-0/+8
| | | | | | | | | | | | the socket from happening (closes #16900)
* | | Issue #8109: The ssl module now has support for server-side SNI, thanks to a ↵Antoine Pitrou2013-01-051-2/+136
| | | | | | | | | | | | | | | | | | :meth:`SSLContext.set_servername_callback` method. Patch by Daniel Black.
* | | Forward port new test for SSLSocket.connect_ex()Antoine Pitrou2012-12-281-0/+11
|\ \ \ | |/ /
generated by cgit v0.12 at 2025-11-30 02:06:27 (GMT)