summaryrefslogtreecommitdiffstats
path: root/Modules/_ssl.c
Commit message (Collapse)AuthorAgeFilesLines
* Issue #20207: Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly ↵Antoine Pitrou2014-01-091-2/+5
| | | | asked for.
* Issue #19227 / Issue #18747: Remove pthread_atfork() handler to remove ↵Christian Heimes2013-10-291-65/+0
| | | | | | OpenSSL re-seeding It is causing trouble like e.g. hanging processes.
* Properly initialize all fields of a SSL object after allocation.Antoine Pitrou2013-09-291-0/+1
|
* Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in ↵Christian Heimes2013-09-051-1/+1
|\ | | | | | | GEN_EMAIL/GEN_URI/GEN_DNS case
| * Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in ↵Christian Heimes2013-09-051-1/+1
| | | | | | | | GEN_EMAIL/GEN_URI/GEN_DNS case
| * - Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytesBarry Warsaw2013-08-231-3/+61
| | | | | | | | | | | | | | inside subjectAltName correctly. Formerly the module has used OpenSSL's GENERAL_NAME_print() function to get the string represention of ASN.1 strings for `rfc822Name` (email), `dNSName` (DNS) and `uniformResourceIdentifier` (URI).
* | Issue #18747: Fix spelling errors in my commit message and comments,Christian Heimes2013-08-251-2/+2
| | | | | | | | thanks to Vajrasky Kok for proof-reading.
* | Issue #18747: Use a parent atfork handler instead of a child atfork handler.Christian Heimes2013-08-221-12/+9
| | | | | | | | fork() is suppose to be async-signal safe but the handler calls unsafe functions. A parent handler mitigates the issue.
* | Issue #18747: Re-seed OpenSSL's pseudo-random number generator after fork.Christian Heimes2013-08-211-0/+72
| | | | | | | | | | A pthread_atfork() child handler is used to seeded the PRNG with pid, time and some stack data.
* | Issue #18777: The ssl module now uses the new CRYPTO_THREADID API ofChristian Heimes2013-08-191-1/+17
| | | | | | | | OpenSSL 1.0.0+ instead of the deprecated CRYPTO id callback function.
* | Issue 18768: Correct doc string of RAND_edg(). Patch by Vajrasky Kok.Christian Heimes2013-08-171-1/+1
| |
* | Issue #18768: coding style nitpick. Thanks to Vajrasky KokChristian Heimes2013-08-171-1/+1
| |
* | #18466: fix more typos. Patch by Févry Thibault.Ezio Melotti2013-08-171-1/+1
| |
* | Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytesChristian Heimes2013-08-161-6/+60
| | | | | | | | | | | | | | inside subjectAltName correctly. Formerly the module has used OpenSSL's GENERAL_NAME_print() function to get the string represention of ASN.1 strings for rfc822Name (email), dNSName (DNS) and uniformResourceIdentifier (URI).
* | Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if the inputVictor Stinner2013-06-241-6/+7
| | | | | | | | | | string in longer than 2 gigabytes. The ssl module does not support partial write.
* | Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write()Victor Stinner2013-06-231-1/+6
| | | | | | | | for strings longer than 2 gigabytes.
* | Issue #15604: Update uses of PyObject_IsTrue() to check for and handle ↵Antoine Pitrou2012-08-151-1/+5
| | | | | | | | | | | | errors correctly. Patch by Serhiy Storchaka.
* | Issue #13014: Fix a possible reference leak in SSLSocket.getpeercert().Antoine Pitrou2012-02-151-9/+14
| |
* | Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV ↵Antoine Pitrou2012-01-271-1/+2
|\ \ | |/ | | | | attack countermeasure.
| * Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV ↵Antoine Pitrou2012-01-271-1/+2
| | | | | | | | attack countermeasure.
| * Merged revisions 83680,83685 via svnmerge fromMark Dickinson2010-08-031-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/branches/release27-maint ................ r83680 | mark.dickinson | 2010-08-03 19:34:53 +0100 (Tue, 03 Aug 2010) | 9 lines Merged revisions 83677 via svnmerge from svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r83677 | mark.dickinson | 2010-08-03 19:31:54 +0100 (Tue, 03 Aug 2010) | 1 line Fix memory leak in ssl module. ........ ................ r83685 | mark.dickinson | 2010-08-03 19:46:28 +0100 (Tue, 03 Aug 2010) | 9 lines Merged revisions 83683 via svnmerge from svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r83683 | mark.dickinson | 2010-08-03 19:44:16 +0100 (Tue, 03 Aug 2010) | 1 line Misc/NEWS entry for r83677. ........ ................
| * Merged revisions 82210 via svnmerge fromAntoine Pitrou2010-06-251-1/+0
| | | | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/trunk ........ r82210 | antoine.pitrou | 2010-06-25 02:03:21 +0200 (ven., 25 juin 2010) | 4 lines Issue #9075: In the ssl module, remove the setting of a `debug` flag on an OpenSSL structure. ........
| * Merged revisions 81241 via svnmerge fromAntoine Pitrou2010-05-161-0/+3
| | | | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/trunk ........ r81241 | antoine.pitrou | 2010-05-17 01:11:46 +0200 (lun., 17 mai 2010) | 4 lines Clear the OpenSSL error queue each time an error is signalled. When the error queue is not emptied, strange things can happen on the next SSL call, depending on the OpenSSL version. ........
| * Merged revisions 81115 via svnmerge fromAntoine Pitrou2010-05-121-34/+27
| | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/trunk ........ r81115 | antoine.pitrou | 2010-05-12 16:02:34 +0200 (mer., 12 mai 2010) | 3 lines Improve _ssl.c formatting ........
| * Merged revisions 80789 via svnmerge fromAntoine Pitrou2010-05-051-1307/+1307
| | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/trunk ........ r80789 | antoine.pitrou | 2010-05-05 17:53:45 +0200 (mer., 05 mai 2010) | 3 lines Untabify Modules/_ssl.c ........
| * Merged revisions 80540 via svnmerge fromAntoine Pitrou2010-04-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/trunk ........ r80540 | antoine.pitrou | 2010-04-27 21:09:59 +0200 (mar., 27 avril 2010) | 4 lines Issue #8549: Fix compiling the _ssl extension under AIX. Patch by Sridhar Ratnakumar. ........
| * Merged revisions 80451-80452 via svnmerge fromAntoine Pitrou2010-04-241-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/trunk ........ r80451 | antoine.pitrou | 2010-04-24 21:57:01 +0200 (sam., 24 avril 2010) | 4 lines The do_handshake() method of SSL objects now adjusts the blocking mode of the SSL structure if necessary (as other methods already do). ........ r80452 | antoine.pitrou | 2010-04-24 22:04:58 +0200 (sam., 24 avril 2010) | 4 lines Issue #5103: SSL handshake would ignore the socket timeout and block indefinitely if the other end didn't respond. ........
| * Merged revisions 80392 via svnmerge fromAntoine Pitrou2010-04-231-6/+63
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/trunk ........ r80392 | antoine.pitrou | 2010-04-23 01:33:02 +0200 (ven., 23 avril 2010) | 9 lines Issue #8108: Fix the unwrap() method of SSL objects when the socket has a non-infinite timeout. Also make that method friendlier with applications wanting to continue using the socket in clear-text mode, by disabling OpenSSL's internal readahead. Thanks to Darryl Miles for guidance. Issue #8108: test_ftplib's non-blocking SSL server now has proper handling of SSL shutdowns. ........
| * Merged revisions 80314-80315 via svnmerge fromAntoine Pitrou2010-04-211-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/trunk ........ r80314 | antoine.pitrou | 2010-04-21 21:28:03 +0200 (mer., 21 avril 2010) | 5 lines Issue #8484: Load all ciphers and digest algorithms when initializing the _ssl extension, such that verification of some SSL certificates doesn't fail because of an "unknown algorithm". ........ r80315 | antoine.pitrou | 2010-04-21 21:36:23 +0200 (mer., 21 avril 2010) | 3 lines Forgot to add the sample certificate (followup to r80314) ........
| * Merged revisions 79910 via svnmerge fromAntoine Pitrou2010-04-091-0/+2
| | | | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/trunk ........ r79910 | antoine.pitrou | 2010-04-09 22:38:39 +0200 (ven., 09 avril 2010) | 4 lines SSL_MODE_AUTO_RETRY has been added in OpenSSL 0.9.6. Fix compilation with earlier versions. ........
| * Merged revisions 79448 via svnmerge fromAntoine Pitrou2010-03-261-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/trunk ........ r79448 | antoine.pitrou | 2010-03-26 20:27:16 +0100 (ven., 26 mars 2010) | 6 lines Issue #8222: Enable the SSL_MODE_AUTO_RETRY flag on SSL sockets, so that blocking reads and writes are always retried by OpenSSL itself. (this is a followup to issue #3890) ........
| * Reverting r78597. This is not a critical fix and we're in rc mode.Barry Warsaw2010-03-031-5/+0
| |
| * Merged revisions 78596 via svnmerge fromVictor Stinner2010-03-021-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/trunk ........ r78596 | victor.stinner | 2010-03-02 23:44:42 +0100 (mar., 02 mars 2010) | 4 lines Issue #2973: Fix gcc warning on the 2nd argument of ASN1_item_d2i() and method->d2i(): OpenSSL API changed in OpenSSL 0.9.6m. Patch written by Daniel Black. ........
| * Fix signed/unsigned mismatch.Raymond Hettinger2009-01-261-1/+1
| |
* | Issue #13458: Fix a memory leak in the ssl module when decoding a ↵Antoine Pitrou2011-11-231-0/+1
| | | | | | | | | | | | certificate with a subjectAltName. Patch by Robert Xiao.
* | Issue #13034: When decoding some SSL certificates, the subjectAltName ↵Antoine Pitrou2011-10-011-1/+1
| | | | | | | | extension could be unreported.
* | Issue #12287: Fix a stack corruption in ossaudiodev module when the FD isCharles-François Natali2011-08-281-3/+1
| | | | | | | | greater than FD_SETSIZE.
* | (Merge 3.1) Issue #12012: ssl.PROTOCOL_SSLv2 becomes optionalVictor Stinner2011-05-091-1/+7
| | | | | | | | | | | | | | OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2 protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid. Optimize also ssl.get_protocol_name(): speed does matter!
* | Merged revisions 87140 via svnmerge fromHirokazu Yamamoto2010-12-091-2/+4
| | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r87140 | hirokazu.yamamoto | 2010-12-09 19:49:00 +0900 (木, 09 12 2010) | 2 lines Should call Py_INCREF for Py_None (Modules/_ssl.c: PySSL_cipher) ........
* | Merged revisions 85432 via svnmerge fromBenjamin Peterson2010-10-131-2/+2
| | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r85432 | benjamin.peterson | 2010-10-13 17:06:39 -0500 (Wed, 13 Oct 2010) | 1 line constify to appease compiler warnings ........
* | Merged revisions 83677 via svnmerge fromMark Dickinson2010-08-031-0/+1
| | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r83677 | mark.dickinson | 2010-08-03 19:31:54 +0100 (Tue, 03 Aug 2010) | 1 line Fix memory leak in ssl module. ........
* | Issue #9075: In the ssl module, remove the setting of a `debug` flagAntoine Pitrou2010-06-251-1/+0
| | | | | | | | on an OpenSSL structure.
* | Clear the OpenSSL error queue each time an error is signalled.Antoine Pitrou2010-05-161-0/+3
| | | | | | | | When the error queue is not emptied, strange things can happen on the next SSL call, depending on the OpenSSL version.
* | Improve _ssl.c formattingAntoine Pitrou2010-05-121-34/+27
| |
* | Untabify Modules/_ssl.cAntoine Pitrou2010-05-051-1346/+1346
| |
* | Remove unneeded variable initialization.Brett Cannon2010-05-031-3/+0
| | | | | | | | Found using Clang's static analyzer.
* | Issue #8549: Fix compiling the _ssl extension under AIX. Patch byAntoine Pitrou2010-04-271-1/+1
| | | | | | | | Sridhar Ratnakumar.
* | The do_handshake() method of SSL objects now adjusts the blocking mode ofAntoine Pitrou2010-04-241-1/+6
| | | | | | | | the SSL structure if necessary (as other methods already do).
* | Issue #8108: Fix the unwrap() method of SSL objects when the socket hasAntoine Pitrou2010-04-221-6/+63
| | | | | | | | | | | | | | | | | | a non-infinite timeout. Also make that method friendlier with applications wanting to continue using the socket in clear-text mode, by disabling OpenSSL's internal readahead. Thanks to Darryl Miles for guidance. Issue #8108: test_ftplib's non-blocking SSL server now has proper handling of SSL shutdowns.
* | Issue #8484: Load all ciphers and digest algorithms when initializingAntoine Pitrou2010-04-211-1/+2
| | | | | | | | | | the _ssl extension, such that verification of some SSL certificates doesn't fail because of an "unknown algorithm".
generated by cgit v0.12 at 2026-01-03 21:33:07 (GMT)