summaryrefslogtreecommitdiffstats
path: root/Modules/_ssl.c
Commit message (Collapse)AuthorAgeFilesLines
...
* bpo-30622: Change NPN detection: (#2079)Melvyn Sopacua2017-09-041-7/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Change NPN detection: Version breakdown, support disabled (pre-patch/post-patch): - pre-1.0.1: OPENSSL_NPN_NEGOTIATED will not be defined -> False/False - 1.0.1 and 1.0.2: OPENSSL_NPN_NEGOTIATED will not be defined -> False/False - 1.1.0+: OPENSSL_NPN_NEGOTIATED will be defined and OPENSSL_NO_NEXTPROTONEG will be defined -> True/False Version breakdown support enabled (pre-patch/post-patch): - pre-1.0.1: OPENSSL_NPN_NEGOTIATED will not be defined -> False/False - 1.0.1 and 1.0.2: OPENSSL_NPN_NEGOTIATED will be defined and OPENSSL_NO_NEXTPROTONEG will not be defined -> True/True - 1.1.0+: OPENSSL_NPN_NEGOTIATED will be defined and OPENSSL_NO_NEXTPROTONEG will not be defined -> True/True * Refine NPN guard: - If NPN is disabled, but ALPN is available we need our callback - Make clinic's ssl behave the same way This created a working ssl module for me, with NPN disabled and ALPN enabled for OpenSSL 1.1.0f. Concerns to address: The initial commit for NPN support into OpenSSL [1], had the OPENSSL_NPN_* variables defined inside the OPENSSL_NO_NEXTPROTONEG guard. The question is if that ever made it into a release. This would need an ugly hack, something like: #if defined(OPENSSL_NO_NEXTPROTONEG) && \ !defined(OPENSSL_NPN_NEGOTIATED) # define OPENSSL_NPN_UNSUPPORTED 0 # define OPENSSL_NPN_NEGOTIATED 1 # define OPENSSL_NPN_NO_OVERLAP 2 #endif [1] https://github.com/openssl/openssl/commit/68b33cc5c7
* bpo-31095: fix potential crash during GC (GH-2974)INADA Naoki2017-08-241-0/+3
|
* bpo-9566: Fixed _ssl module warnings (#2495)Segev Finer2017-07-261-6/+13
| | | | | | | | * bpo-9566: Fixed some _ssl warnings * bpo-9566: _ssl: Fixup the fixes and also fix the remainings warnings * Add a comment about the downcast
* [bpo-30916] Pre-build OpenSSL and Tcl/Tk for Windows (#2688)Steve Dower2017-07-171-1/+37
| | | Updates ssl and tkinter projects to use pre-built externals
* Regenerate Argument Clinic code for bpo-19180. (#2073)Serhiy Storchaka2017-06-101-1/+1
|
* bpo-19180: Updated references for RFC 1750, RFC 3280 & RFC 4366 (GH-148)Chandan Kumar2017-06-091-1/+1
| | | | | * RFC 1750 has been been obsoleted by RFC 4086. * RFC 3280 has been obsoleted by RFC 5280. * RFC 4366 has been obsoleted by RFC 6066.
* bpo-30594: Fixed refcounting in newPySSLSocket (#1992)Nathaniel J. Smith2017-06-081-2/+1
| | | If pass a server_hostname= that fails IDNA decoding to SSLContext.wrap_socket or SSLContext.wrap_bio, then the SSLContext object had a spurious Py_DECREF called on it, eventually leading to segfaults.
* Simplify X.509 extension handling code (#1855)Alex Gaynor2017-06-061-30/+4
| | | | | | | | * Simplify X.509 extension handling code The previous implementation had grown organically over time, as OpenSSL's API evolved. * Delete even more code
* bpo-29334: Fix ssl.getpeercert for auto-handshake (#1769)Christian Heimes2017-05-231-19/+11
| | | | | | | | | | | | Drop handshake_done and peer_cert members from PySSLSocket struct. The peer certificate can be acquired from *SSL directly. SSL_get_peer_certificate() does not trigger any network activity. Instead of manually tracking the handshake state, simply use SSL_is_init_finished(). In combination these changes fix auto-handshake for non-blocking MemoryBIO connections. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-30022: Get rid of using EnvironmentError and IOError (except test… (#1051)Serhiy Storchaka2017-04-161-3/+3
|
* bpo-29738: Fix memory leak in _get_crl_dp (GH-526)Olivier Vielpeau2017-04-151-7/+1
| | | | | | | | | * Remove conditional on free of `dps`, since `dps` is now allocated for all versions of OpenSSL * Remove call to `x509_check_ca` since it was only used to cache the `crldp` field of the certificate CRL_DIST_POINTS_free is available in all supported versions of OpenSSL (recent 0.9.8+) and LibreSSL.
* bpo-6532: Make the thread id an unsigned integer. (#781)Serhiy Storchaka2017-03-231-2/+1
| | | | | | | | | | | * bpo-6532: Make the thread id an unsigned integer. From C API side the type of results of PyThread_start_new_thread() and PyThread_get_thread_ident(), the id parameter of PyThreadState_SetAsyncExc(), and the thread_id field of PyThreadState changed from "long" to "unsigned long". * Restore a check in thread_get_ident().
* bpo-29697: Don't use OpenSSL <1.0.2 fallback on 1.1+ (GH-395)Donald Stufft2017-03-021-2/+2
|
* Issue #28999: Use Py_RETURN_NONE, Py_RETURN_TRUE and Py_RETURN_FALSE whereverSerhiy Storchaka2017-01-231-4/+2
| | | | possible. Patch is writen with Coccinelle.
* Use _PyObject_CallNoArg()Victor Stinner2016-12-061-1/+1
| | | | | | | Replace: PyObject_CallFunctionObjArgs(callable, NULL) with: _PyObject_CallNoArg(callable)
* Backed out changeset b9c9691c72c5Victor Stinner2016-12-041-1/+1
| | | | | | Issue #28858: The change b9c9691c72c5 introduced a regression. It seems like _PyObject_CallArg1() uses more stack memory than PyObject_CallFunctionObjArgs().
* Replace PyObject_CallFunctionObjArgs() with fastcallVictor Stinner2016-12-011-1/+1
| | | | | | | | | | | | | | * PyObject_CallFunctionObjArgs(func, NULL) => _PyObject_CallNoArg(func) * PyObject_CallFunctionObjArgs(func, arg, NULL) => _PyObject_CallArg1(func, arg) PyObject_CallFunctionObjArgs() allocates 40 bytes on the C stack and requires extra work to "parse" C arguments to build a C array of PyObject*. _PyObject_CallNoArg() and _PyObject_CallArg1() are simpler and don't allocate memory on the C stack. This change is part of the fastcall project. The change on listsort() is related to the issue #23507.
* TypoChristian Heimes2016-09-241-1/+1
|
* Finish GC code for SSLSession and increase test coverageChristian Heimes2016-09-241-4/+9
|
* Issue #28188: Use PyMem_Calloc() to get rid of a type-limits warning and an ↵Christian Heimes2016-09-131-3/+2
| | | | extra memset() call in _ssl.c.
* Issue #27866: Fix refleak in cipher_to_dict()Victor Stinner2016-09-121-12/+1
|
* Issue #28085: Add PROTOCOL_TLS_CLIENT and PROTOCOL_TLS_SERVER for SSLContextChristian Heimes2016-09-111-21/+59
|
* Issue #19500: Add client-side SSL session resumption to the ssl module.Christian Heimes2016-09-101-2/+370
|
* Issue 28043: SSLContext has improved default settingsChristian Heimes2016-09-101-0/+31
| | | | The options OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE, OP_SINGLE_ECDH_USE, OP_NO_SSLv2 (except for PROTOCOL_SSLv2), and OP_NO_SSLv3 (except for PROTOCOL_SSLv3) are set by default. The initial cipher suite list contains only HIGH ciphers, no NULL ciphers and MD5 ciphers (except for PROTOCOL_SSLv2).
* Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name ↵Christian Heimes2016-09-061-1/+34
|\ | | | | | | fields in X.509 certs.
| * Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name ↵Christian Heimes2016-09-061-1/+34
| | | | | | | | fields in X.509 certs.
* | Issue #26470: Use short name rather than name for compression name to fix ↵Christian Heimes2016-09-051-6/+1
|\ \ | |/ | | | | #27958.
| * Issue #26470: Use short name rather than name for compression name to fix ↵Christian Heimes2016-09-051-6/+1
| | | | | | | | #27958.
* | Issue #27866: Add SSLContext.get_ciphers() method to get a list of all ↵Christian Heimes2016-09-051-0/+117
| | | | | | | | enabled ciphers.
* | Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0.Christian Heimes2016-09-051-45/+136
|\ \ | |/
| * Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0.Christian Heimes2016-09-051-45/+136
| |
* | merge 3.5 (#27773)Benjamin Peterson2016-08-161-6/+4
|\ \ | |/
| * fix corner cases in the management of server_hostname (closes #27773)Benjamin Peterson2016-08-161-6/+4
| |
* | Merge 3.5 (INVALID_SOCKET)Victor Stinner2016-07-221-2/+6
|\ \ | |/
| * socket: use INVALID_SOCKETVictor Stinner2016-07-221-2/+6
| | | | | | | | | | | | | | | | * Replace "fd = -1" with "fd = INVALID_SOCKET" * Replace "fd < 0" with "fd == INVALID_SOCKET": SOCKET_T is unsigned on Windows Bug found by Pavel Belikov ("Fragment N1"): http://www.viva64.com/en/b/0414/#ID0ECDAE
* | Issue #23804: Merge SSL recv() fix from 3.5Martin Panter2016-07-111-0/+8
|\ \ | |/
| * Issue #23804: Fix SSL zero-length recv() calls to not block and raise EOFMartin Panter2016-07-111-0/+8
| |
* | - Issue #27332: Fixed the type of the first argument of module-level functionsSerhiy Storchaka2016-07-071-22/+22
|\ \ | |/ | | | | generated by Argument Clinic. Patch by Petr Viktorin.
| * Issue #27332: Fixed the type of the first argument of module-level functionsSerhiy Storchaka2016-07-071-22/+22
| | | | | | | | generated by Argument Clinic. Patch by Petr Viktorin.
* | merge 3.5 (#24557)Benjamin Peterson2016-07-071-2/+2
|\ \ | |/
| * assume egd unless OPENSSL_NO_EGD is defined—remove configure check (closes ↵Benjamin Peterson2016-07-071-2/+2
| | | | | | | | #24557)
* | Fix unused variable 'libver' warning in Modules/_ssl.cBerker Peksag2016-04-141-0/+2
|\ \ | |/ | | | | | | | | | | | | | | It can be seen on various buildbots like 3.x.cea-indiana-amd64 and 3.x.murray-snowleopard: /export/home/buildbot/64bits/3.x.cea-indiana-amd64/build/Modules/_ssl.c:2227: warning: unused variable 'libver' /Users/buildbot/buildarea/3.x.murray-snowleopard/build/Modules/_ssl.c:2227: warning: unused variable ‘libver’
| * Fix unused variable 'libver' warning in Modules/_ssl.cBerker Peksag2016-04-141-0/+2
| | | | | | | | | | | | | | | | | | It can be seen on various buildbots like 3.x.cea-indiana-amd64 and 3.x.murray-snowleopard: /export/home/buildbot/64bits/3.x.cea-indiana-amd64/build/Modules/_ssl.c:2227: warning: unused variable 'libver' /Users/buildbot/buildarea/3.x.murray-snowleopard/build/Modules/_ssl.c:2227: warning: unused variable ‘libver’
* | Issue #26200: Added Py_SETREF and replaced Py_XSETREF with Py_SETREFSerhiy Storchaka2016-04-101-1/+1
|\ \ | |/ | | | | in places where Py_DECREF was used.
| * Issue #26200: Added Py_SETREF and replaced Py_XSETREF with Py_SETREFSerhiy Storchaka2016-04-101-1/+1
| | | | | | | | in places where Py_DECREF was used.
* | Issue #22570: Renamed Py_SETREF to Py_XSETREF.Serhiy Storchaka2016-04-061-2/+2
|\ \ | |/
| * Issue #22570: Renamed Py_SETREF to Py_XSETREF.Serhiy Storchaka2016-04-061-2/+2
| |
* | Issue #26644: Merge SSL negative read fix from 3.5Martin Panter2016-03-271-0/+5
|\ \ | |/
| * Issue #26644: Raise ValueError for negative SSLSocket.recv() and read()Martin Panter2016-03-271-0/+5
| |
* | merge 3.5 (closes #25939)Benjamin Peterson2016-02-181-2/+6
|\ \ | |/
generated by cgit v0.12 at 2025-08-28 06:52:17 (GMT)