summaryrefslogtreecommitdiffstats
path: root/Lib/test/test_ssl.py
Commit message (Collapse)AuthorAgeFilesLines
* Issue #28394: More typo fixes for 3.6+Martin Panter2016-10-101-1/+1
|
* Finish GC code for SSLSession and increase test coverageChristian Heimes2016-09-241-0/+3
|
* Issue #28221: Merge SSL test cleanup from 3.5 into 3.6Martin Panter2016-09-241-2/+0
|\
| * Issue #28221: Remove unused assignment from test_asyncore_server()Martin Panter2016-09-231-2/+0
| | | | | | | | | | The later value of FOO is fine. The test just needs to verify that the server converted it to lowercase.
* | Merge socketserver fixes from 3.5 into 3.6Martin Panter2016-09-221-1/+1
|\ \ | |/
| * Fix references to Python 3’s socketserver (lowercase) moduleMartin Panter2016-09-221-1/+1
| |
* | Issue #28093: Check more invalid combinations of PROTOCOL_TLS_CLIENT / ↵Christian Heimes2016-09-121-3/+23
| | | | | | | | PROTOCOL_TLS_SERVER
* | Issue #28085: Add PROTOCOL_TLS_CLIENT and PROTOCOL_TLS_SERVER for SSLContextChristian Heimes2016-09-111-0/+32
| |
* | Issue #19500: Add client-side SSL session resumption to the ssl module.Christian Heimes2016-09-101-2/+110
| |
* | Issue #28022: Deprecate ssl-related arguments in favor of SSLContext.Christian Heimes2016-09-101-36/+51
| | | | | | | | | | | | | | The deprecation include manual creation of SSLSocket and certfile/keyfile (or similar) in ftplib, httplib, imaplib, smtplib, poplib and urllib. ssl.wrap_socket() is not marked as deprecated yet.
* | Issue 28043: SSLContext has improved default settingsChristian Heimes2016-09-101-29/+33
| | | | | | | | The options OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE, OP_SINGLE_ECDH_USE, OP_NO_SSLv2 (except for PROTOCOL_SSLv2), and OP_NO_SSLv3 (except for PROTOCOL_SSLv3) are set by default. The initial cipher suite list contains only HIGH ciphers, no NULL ciphers and MD5 ciphers (except for PROTOCOL_SSLv2).
* | #27364: fix "incorrect" uses of escape character in the stdlib.R David Murray2016-09-081-1/+1
| | | | | | | | | | | | | | And most of the tools. Patch by Emanual Barry, reviewed by me, Serhiy Storchaka, and Martin Panter.
* | Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name ↵Christian Heimes2016-09-061-0/+23
|\ \ | |/ | | | | fields in X.509 certs.
| * Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name ↵Christian Heimes2016-09-061-0/+23
| | | | | | | | fields in X.509 certs.
* | Issue 27866: relax get_cipher() test even more. Gentoo buildbot has no ECDHEChristian Heimes2016-09-061-2/+2
| |
* | Issue 27866: relax test case for set_cipher() and allow more cipher suitesChristian Heimes2016-09-061-4/+3
| |
* | Issue #27866: Add SSLContext.get_ciphers() method to get a list of all ↵Christian Heimes2016-09-051-0/+9
| | | | | | | | enabled ciphers.
* | Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0.Christian Heimes2016-09-051-31/+58
|\ \ | |/
| * Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0.Christian Heimes2016-09-051-31/+58
| |
* | Issue #23804: Merge SSL recv() fix from 3.5Martin Panter2016-07-111-8/+21
|\ \ | |/
| * Issue #23804: Fix SSL zero-length recv() calls to not block and raise EOFMartin Panter2016-07-111-8/+21
| |
* | Merge from 3.5.Larry Hastings2016-06-271-1/+2
|\ \ | |/
| * Issue #26867: Ubuntu's openssl OP_NO_SSLv3 is forced on by default; fix test.Matthias Klose2016-06-131-1/+2
| |
* | Issue #25951: Fix SSLSocket.sendall() to return None, by Aviv PalivodaMartin Panter2016-04-031-6/+10
| |
* | Issue #23804: Merge SSL zero read fix from 3.5Martin Panter2016-03-281-1/+8
|\ \ | |/
| * Issue #23804: Fix SSL recv/read(0) to not return 1024 bytesMartin Panter2016-03-281-1/+8
| |
* | Issue #26644: Merge SSL negative read fix from 3.5Martin Panter2016-03-271-0/+11
|\ \ | |/
| * Issue #26644: Raise ValueError for negative SSLSocket.recv() and read()Martin Panter2016-03-271-0/+11
| |
* | Issue #25940: Use internal local server more in test_sslMartin Panter2016-03-271-342/+335
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Move many tests from NetworkedTests and NetworkedBIOTests to a new Simple- BackgroundTests class, using the existing ThreadedEchoServer and SIGNED_ CERTFILE infrastructure. For tests that cause the server to crash by rejecting its certificate, separate them into independent test methods. Added custom root certificate to capath with the following commands: cp Lib/test/{pycacert.pem,capath/} # Edit copy to remove part before certificate c_rehash -v Lib/test/capath/ c_rehash -v -old Lib/test/capath/ # Note the generated file names cp Lib/test/capath/{pycacert.pem,b1930218.0} mv Lib/test/capath/{pycacert.pem,ceff1710.0} Change to pure PEM version of SIGNING_CA because PEM_cert_to_DER_cert() does not like the extra text at the start. Moved test_connect_ex_error() into BasicSocketTests and rewrote it to connect to a reserved localhost port. NetworkedTests.test_get_server_certificate_ipv6() split out because it needs to connect to an IPv6 DNS address. The only reference left to self-signed.pythontest.net is test_timeout_ connect_ex(), which needs a remote server to reliably time out the connection, but does not rely on the server running SSL. Made ThreadedEchoServer call unwrap() by default when it sees the client has shut the connection down, so that the client can cleanly call unwrap().
* | Fix test_ssl.test_refcycle()Victor Stinner2016-03-211-1/+1
|/ | | | | | Issue #26590: support.check_warnings() stores warnins, but ResourceWarning now comes with a reference to the socket object which indirectly keeps the socket alive.
* Issue #26173: Separate bad cert file tests and client rejection testMartin Panter2016-02-011-40/+54
| | | | | | | | | Test test_wrong_cert() runs a server that rejects the client's certificate, so ECONNRESET is reasonable in addition to SSLError. On the other hand, the other three tests don't even need to run a server because they are just testing the parsing of invalid certificate files. Also fix a ResourceWarning by closing the wrapped socket.
* Issue #26173: Fix test_ssl confusion with non-existing cert and wrongcert.pemMartin Panter2016-01-301-14/+11
| | | | | | Testing for a non-existing certificate file is already done in test_errors(). Copy wrongcert.pem from Python 2 and use it to test the behaviour with a mismatched certificate.
* Issue #25940: Merge ETIMEDOUT fix from 3.4 into 3.5Martin Panter2016-01-151-1/+1
|\
| * Issue #25940: Merge ETIMEDOUT fix from 3.3 into 3.4Martin Panter2016-01-151-1/+1
| |\
| | * Issue #25940: Merge ETIMEDOUT fix from 3.2 into 3.3Martin Panter2016-01-151-1/+1
| | |\
| | | * Issue #25940: On Windows, connecting to port 444 returns ETIMEDOUTMartin Panter2016-01-151-1/+3
| | | |
* | | | Issue #25940: Update new SSL tests for self-signed.pythontest.netMartin Panter2016-01-141-13/+14
| | | | | | | | | | | | | | | | | | | | Removed SSL_ERROR_SYSCALL checking from ssl_io_loop() so that the loop can terminate when unwrap() raises that error.
* | | | Issue #25940: Merge self-signed.pythontest.net testing from 3.4 into 3.5Martin Panter2016-01-141-51/+56
|\ \ \ \ | |/ / /
| * | | Issue #25940: Update new SSL tests for self-signed.pythontest.netMartin Panter2016-01-141-12/+12
| | | |
| * | | Issue #25940: Merge self-signed.pythontest.net testing from 3.3 into 3.4Martin Panter2016-01-141-39/+44
| |\ \ \ | | |/ /
| | * | Issue #25940: Merge self-signed.pythontest.net testing from 3.2 into 3.3Martin Panter2016-01-141-41/+48
| | |\ \ | | | |/
| | | * Issue #25940: Use self-signed.pythontest.net in SSL testsMartin Panter2016-01-141-49/+52
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is instead of svn.python.org, whose certificate recently expired, and whose new certificate uses a different root certificate. The certificate used at the pythontest server was modifed to set the "basic constraints" CA flag. This flag seems to be required for test_get_ca_certs_ capath() to work (in Python 3.4+). Added the new self-signed certificate to capath with the following commands: cp Lib/test/{selfsigned_pythontestdotnet.pem,capath/} c_rehash -v Lib/test/capath/ c_rehash -v -old Lib/test/capath/ # Note the generated file names cp Lib/test/capath/{selfsigned_pythontestdotnet.pem,0e4015b9.0} mv Lib/test/capath/{selfsigned_pythontestdotnet.pem,ce7b8643.0} The new server responds with "No route to host" when connecting to port 444.
| | | * Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytesGeorg Brandl2014-09-301-0/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | inside subjectAltName correctly. Formerly the module has used OpenSSL's GENERAL_NAME_print() function to get the string represention of ASN.1 strings for ``rfc822Name`` (email), ``dNSName`` (DNS) and ``uniformResourceIdentifier`` (URI).
| | * | merge 3.2 (#20896)Benjamin Peterson2014-03-121-3/+8
| | |\ \ | | | |/
| | | * use ssl.PROTOCOL_SSLv23 for maximum compatibility (closes #20896)Benjamin Peterson2014-03-121-3/+8
| | | |
| | | * Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of ↵Antoine Pitrou2013-05-181-0/+11
| | | | | | | | | | | | | | | | service using certificates with many wildcards (CVE-2013-2099).
* | | | merge 3.4 (#25530)Benjamin Peterson2015-11-121-9/+9
|\ \ \ \ | |/ / /
| * | | always set OP_NO_SSLv3 by default (closes #25530)Benjamin Peterson2015-11-121-9/+9
| | | |
* | | | Issue #24210: Silence more PendingDeprecationWarning warnings in tests.Berker Peksag2015-05-161-7/+15
| | | |
* | | | merge 3.4 (#23844)Benjamin Peterson2015-04-021-1/+1
|\ \ \ \ | |/ / /
generated by cgit v0.12 at 2025-01-28 23:27:21 (GMT)