summaryrefslogtreecommitdiffstats
path: root/Modules/_ssl.c
Commit message (Collapse)AuthorAgeFilesLines
* Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in ↵Christian Heimes2013-09-051-1/+1
| | | | GEN_EMAIL/GEN_URI/GEN_DNS case
* - Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytesBarry Warsaw2013-08-231-3/+61
| | | | | | | inside subjectAltName correctly. Formerly the module has used OpenSSL's GENERAL_NAME_print() function to get the string represention of ASN.1 strings for `rfc822Name` (email), `dNSName` (DNS) and `uniformResourceIdentifier` (URI).
* Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV ↵Antoine Pitrou2012-01-271-1/+2
| | | | attack countermeasure.
* Merged revisions 83680,83685 via svnmerge fromMark Dickinson2010-08-031-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/branches/release27-maint ................ r83680 | mark.dickinson | 2010-08-03 19:34:53 +0100 (Tue, 03 Aug 2010) | 9 lines Merged revisions 83677 via svnmerge from svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r83677 | mark.dickinson | 2010-08-03 19:31:54 +0100 (Tue, 03 Aug 2010) | 1 line Fix memory leak in ssl module. ........ ................ r83685 | mark.dickinson | 2010-08-03 19:46:28 +0100 (Tue, 03 Aug 2010) | 9 lines Merged revisions 83683 via svnmerge from svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r83683 | mark.dickinson | 2010-08-03 19:44:16 +0100 (Tue, 03 Aug 2010) | 1 line Misc/NEWS entry for r83677. ........ ................
* Merged revisions 82210 via svnmerge fromAntoine Pitrou2010-06-251-1/+0
| | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/trunk ........ r82210 | antoine.pitrou | 2010-06-25 02:03:21 +0200 (ven., 25 juin 2010) | 4 lines Issue #9075: In the ssl module, remove the setting of a `debug` flag on an OpenSSL structure. ........
* Merged revisions 81241 via svnmerge fromAntoine Pitrou2010-05-161-0/+3
| | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/trunk ........ r81241 | antoine.pitrou | 2010-05-17 01:11:46 +0200 (lun., 17 mai 2010) | 4 lines Clear the OpenSSL error queue each time an error is signalled. When the error queue is not emptied, strange things can happen on the next SSL call, depending on the OpenSSL version. ........
* Merged revisions 81115 via svnmerge fromAntoine Pitrou2010-05-121-34/+27
| | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/trunk ........ r81115 | antoine.pitrou | 2010-05-12 16:02:34 +0200 (mer., 12 mai 2010) | 3 lines Improve _ssl.c formatting ........
* Merged revisions 80789 via svnmerge fromAntoine Pitrou2010-05-051-1307/+1307
| | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/trunk ........ r80789 | antoine.pitrou | 2010-05-05 17:53:45 +0200 (mer., 05 mai 2010) | 3 lines Untabify Modules/_ssl.c ........
* Merged revisions 80540 via svnmerge fromAntoine Pitrou2010-04-271-1/+1
| | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/trunk ........ r80540 | antoine.pitrou | 2010-04-27 21:09:59 +0200 (mar., 27 avril 2010) | 4 lines Issue #8549: Fix compiling the _ssl extension under AIX. Patch by Sridhar Ratnakumar. ........
* Merged revisions 80451-80452 via svnmerge fromAntoine Pitrou2010-04-241-1/+6
| | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/trunk ........ r80451 | antoine.pitrou | 2010-04-24 21:57:01 +0200 (sam., 24 avril 2010) | 4 lines The do_handshake() method of SSL objects now adjusts the blocking mode of the SSL structure if necessary (as other methods already do). ........ r80452 | antoine.pitrou | 2010-04-24 22:04:58 +0200 (sam., 24 avril 2010) | 4 lines Issue #5103: SSL handshake would ignore the socket timeout and block indefinitely if the other end didn't respond. ........
* Merged revisions 80392 via svnmerge fromAntoine Pitrou2010-04-231-6/+63
| | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/trunk ........ r80392 | antoine.pitrou | 2010-04-23 01:33:02 +0200 (ven., 23 avril 2010) | 9 lines Issue #8108: Fix the unwrap() method of SSL objects when the socket has a non-infinite timeout. Also make that method friendlier with applications wanting to continue using the socket in clear-text mode, by disabling OpenSSL's internal readahead. Thanks to Darryl Miles for guidance. Issue #8108: test_ftplib's non-blocking SSL server now has proper handling of SSL shutdowns. ........
* Merged revisions 80314-80315 via svnmerge fromAntoine Pitrou2010-04-211-1/+2
| | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/trunk ........ r80314 | antoine.pitrou | 2010-04-21 21:28:03 +0200 (mer., 21 avril 2010) | 5 lines Issue #8484: Load all ciphers and digest algorithms when initializing the _ssl extension, such that verification of some SSL certificates doesn't fail because of an "unknown algorithm". ........ r80315 | antoine.pitrou | 2010-04-21 21:36:23 +0200 (mer., 21 avril 2010) | 3 lines Forgot to add the sample certificate (followup to r80314) ........
* Merged revisions 79910 via svnmerge fromAntoine Pitrou2010-04-091-0/+2
| | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/trunk ........ r79910 | antoine.pitrou | 2010-04-09 22:38:39 +0200 (ven., 09 avril 2010) | 4 lines SSL_MODE_AUTO_RETRY has been added in OpenSSL 0.9.6. Fix compilation with earlier versions. ........
* Merged revisions 79448 via svnmerge fromAntoine Pitrou2010-03-261-2/+1
| | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/trunk ........ r79448 | antoine.pitrou | 2010-03-26 20:27:16 +0100 (ven., 26 mars 2010) | 6 lines Issue #8222: Enable the SSL_MODE_AUTO_RETRY flag on SSL sockets, so that blocking reads and writes are always retried by OpenSSL itself. (this is a followup to issue #3890) ........
* Reverting r78597. This is not a critical fix and we're in rc mode.Barry Warsaw2010-03-031-5/+0
|
* Merged revisions 78596 via svnmerge fromVictor Stinner2010-03-021-0/+5
| | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/trunk ........ r78596 | victor.stinner | 2010-03-02 23:44:42 +0100 (mar., 02 mars 2010) | 4 lines Issue #2973: Fix gcc warning on the 2nd argument of ASN1_item_d2i() and method->d2i(): OpenSSL API changed in OpenSSL 0.9.6m. Patch written by Daniel Black. ........
* Fix signed/unsigned mismatch.Raymond Hettinger2009-01-261-1/+1
|
* various SSL fixes; issues 1251, 3162, 3212Bill Janssen2008-06-281-58/+145
|
* This reverts r63675 based on the discussion in this thread:Gregory P. Smith2008-06-091-21/+21
| | | | | | | http://mail.python.org/pipermail/python-dev/2008-June/079988.html Python 2.6 should stick with PyString_* in its codebase. The PyBytes_* names in the spirit of 3.0 are available via a #define only. See the email thread.
* Renamed PyString to PyBytesChristian Heimes2008-05-261-21/+21
|
* Fix compiler warningsNeal Norwitz2008-03-271-2/+2
|
* Initialize variable to prevent warning on some platform/config.Neal Norwitz2008-01-271-2/+2
|
* #1629: Renamed Py_Size, Py_Type and Py_Refcnt to Py_SIZE, Py_TYPE and ↵Christian Heimes2007-12-191-3/+3
| | | | Py_REFCNT. Macros for b/w compatibility are available.
* Fixed warning in ssl moduleChristian Heimes2007-12-141-1/+1
|
* Add support for asyncore server-side SSL support. This requiresBill Janssen2007-09-161-49/+4
| | | | | | | | | | | | | | | adding the 'makefile' method to ssl.SSLSocket, and importing the requisite fakefile class from socket.py, and making the appropriate changes to it to make it use the SSL connection. Added sample HTTPS server to test_ssl.py, and test that uses it. Change SSL tests to use https://svn.python.org/, instead of www.sf.net and pop.gmail.com. Added utility function to ssl module, get_server_certificate, to wrap up the several things to be done to pull a certificate from a remote server.
* More work on SSL support.Bill Janssen2007-09-101-131/+672
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Much expanded test suite: All protocols tested against all other protocols. All protocols tested with all certificate options. Tests for bad key and bad cert. Test of STARTTLS functionality. Test of RAND_* functions. * Fixes for threading/malloc bug. * Issue 1065 fixed: sslsocket class renamed to SSLSocket. sslerror class renamed to SSLError. Function "wrap_socket" now used to wrap an existing socket. * Issue 1583946 finally fixed: Support for subjectAltName added. Subject name now returned as proper DN list of RDNs. * SSLError exported from socket as "sslerror". * RAND_* functions properly exported from ssl.py. * Documentation improved: Example of how to create a self-signed certificate. Better indexing.
* SSL certificate distinguished names should be represented by tuplesBill Janssen2007-09-051-10/+15
|
* > Some of the code sets the error string in this directly beforeGuido van Rossum2007-08-271-88/+110
| | | | | | | | | | | | | | | | | | | | | | | | | | | > returning NULL, and other pieces of the code call PySSL_SetError, > which creates the error string. I think some of the places which set > the string directly probably shouldn't; instead, they should call > PySSL_SetError to cons up the error name directly from the err code. > However, PySSL_SetError only works after the construction of an ssl > object, which means it can't be used there... I'll take a longer look > at it and see if there's a reasonable fix. Here's a patch which addresses this. It also fixes the indentation in PySSL_SetError, bringing it into line with PEP 7, fixes a compile warning about one of the OpenSSL macros, and makes the namespace a bit more consistent. I've tested it on FC 7 and OS X 10.4. % ./python ./Lib/test/regrtest.py -R :1: -u all test_ssl test_ssl beginning 6 repetitions 123456 ...... 1 test OK. [29244 refs] % [GvR: slightly edited to enforce 79-char line length, even if it required violating the style guide.]
* Fix a few more variables to try to get this to compile with Visual Studio.Neal Norwitz2007-08-251-2/+3
|
* Try to get this to build with Visual Studio by moving all the variableNeal Norwitz2007-08-251-17/+24
| | | | declarations to the beginning of a scope.
* Server-side SSL and certificate validation, by Bill Janssen.Guido van Rossum2007-08-251-91/+386
| | | | | While cleaning up Bill's C style, I may have cleaned up some code he didn't touch as well (in _ssl.c).
* PEP 3123: Provide forward compatibility with Python 3.0, while keepingMartin v. Löwis2007-07-211-5/+4
| | | | | backwards compatibility. Add Py_Refcnt, Py_Type, Py_Size, and PyVarObject_HEAD_INIT.
* Fix various minor errors in passing arguments toMartin v. Löwis2006-10-191-1/+1
| | | | PyArg_ParseTuple.
* #1494314: Fix a regression with high-numbered sockets in 2.4.3. ThisAnthony Baxter2006-07-111-1/+28
| | | | | means that select() on sockets > FD_SETSIZE (typically 1024) work again. The patch makes sockets use poll() internally where available.
* Don't mask a no memory error with a less meaningful one as discussed on ↵Neal Norwitz2006-05-111-3/+1
| | | | python-checkins
* Fix problems found by Coverity.Neal Norwitz2006-05-101-3/+3
| | | | | | | | | | | | | longobject.c: also fix an ssize_t problem <a> could have been NULL, so hoist the size calc to not use <a>. _ssl.c: under fail: self is DECREF'd, but it would have been NULL. _elementtree.c: delete self if there was an error. _csv.c: I'm not sure if lineterminator could have been anything other than a string. However, other string method calls are checked, so check this one too.
* Remove unused fieldNeal Norwitz2006-04-171-1/+0
|
* Patch #1380952: fix SSL objects timing out on consecutive read()sGeorg Brandl2006-03-311-8/+15
|
* Try to improve name based on discussion on python-checkins with Jim JewettNeal Norwitz2006-02-131-5/+5
|
* Introduce Py_SOCKET_FD_CAN_BE_GE_FD_SETSIZE.Martin v. Löwis2006-02-111-0/+2
| | | | Proposed by Tim Peters.
* Bug #876637, prevent stack corruption when socket descriptorNeal Norwitz2006-02-071-0/+14
| | | | | | | | | | | | | | | | | | is larger than FD_SETSIZE. This can only be acheived with ulimit -n SOME_NUMBER_BIGGER_THAN_FD_SETSIZE which is typically only available to root. Since this wouldn't normally be run in a test (ie, run as root), it doesn't seem too worthwhile to add a normal test. The bug report has one version of a test. I've written another. Not sure what the best thing to do is. Do the check before calling internal_select() because we can't set an error in between Py_BEGIN_ALLOW_THREADS and Py_END_ALLOW_THREADS. This seemed the clearest solution, ie handle before calling internal_select() rather than inside. Plus there is at least one place outside of internal_select() that needed to be handled. Will backport.
* Fix indentation (whitespace only).Neal Norwitz2006-02-071-3/+3
|
* Check return result from Py_InitModule*(). This API can fail.Neal Norwitz2006-01-191-0/+2
| | | | Probably should be backported.
* Add a missing decref -- PyErr_SetObject increfs the 'object'!Michael W. Hudson2004-08-041-0/+1
|
* [Patch #909007] Enable a bunch of safe bug workarounds in OpenSSL, for ↵Andrew M. Kuchling2004-07-101-0/+1
| | | | compatibility with various broken SSL implementations out there.
* [Patch #945642] Fix non-blocking SSL sockets, which blocked on reads/writes ↵Andrew M. Kuchling2004-07-101-26/+60
| | | | | | | in Python 2.3. (It turns out that the Debian unstable packaging of Python 2.3.4 includes this patch.) Patch by Tino Lange.
* Make socket.sslerror a subclass of socket.error .Brett Cannon2004-03-231-1/+3
| | | | Added socket.error to the socket module's C API.
* Patch #803998: Correctly check for error in SSL_write.Martin v. Löwis2003-10-271-2/+3
|
* Fix a bunch of typos in documentation, docstrings and comments.Walter Dörwald2003-10-201-1/+1
| | | | (From SF patch #810751)
* Fix SF #754870, SSL crash interpreter when remote side closes during connectNeal Norwitz2003-06-301-1/+2
| | | | Also fix a memory leak.
generated by cgit v0.12 at 2025-12-27 11:17:45 (GMT)