summaryrefslogtreecommitdiffstats
path: root/Modules/_ssl.c
Commit message (Collapse)AuthorAgeFilesLines
* Regenerate Argument Clinic code for bpo-19180. (#2073)Serhiy Storchaka2017-06-101-1/+1
|
* bpo-19180: Updated references for RFC 1750, RFC 3280 & RFC 4366 (GH-148)Chandan Kumar2017-06-091-1/+1
| | | | | * RFC 1750 has been been obsoleted by RFC 4086. * RFC 3280 has been obsoleted by RFC 5280. * RFC 4366 has been obsoleted by RFC 6066.
* bpo-30594: Fixed refcounting in newPySSLSocket (#1992)Nathaniel J. Smith2017-06-081-2/+1
| | | If pass a server_hostname= that fails IDNA decoding to SSLContext.wrap_socket or SSLContext.wrap_bio, then the SSLContext object had a spurious Py_DECREF called on it, eventually leading to segfaults.
* Simplify X.509 extension handling code (#1855)Alex Gaynor2017-06-061-30/+4
| | | | | | | | * Simplify X.509 extension handling code The previous implementation had grown organically over time, as OpenSSL's API evolved. * Delete even more code
* bpo-29334: Fix ssl.getpeercert for auto-handshake (#1769)Christian Heimes2017-05-231-19/+11
| | | | | | | | | | | | Drop handshake_done and peer_cert members from PySSLSocket struct. The peer certificate can be acquired from *SSL directly. SSL_get_peer_certificate() does not trigger any network activity. Instead of manually tracking the handshake state, simply use SSL_is_init_finished(). In combination these changes fix auto-handshake for non-blocking MemoryBIO connections. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-30022: Get rid of using EnvironmentError and IOError (except test… (#1051)Serhiy Storchaka2017-04-161-3/+3
|
* bpo-29738: Fix memory leak in _get_crl_dp (GH-526)Olivier Vielpeau2017-04-151-7/+1
| | | | | | | | | * Remove conditional on free of `dps`, since `dps` is now allocated for all versions of OpenSSL * Remove call to `x509_check_ca` since it was only used to cache the `crldp` field of the certificate CRL_DIST_POINTS_free is available in all supported versions of OpenSSL (recent 0.9.8+) and LibreSSL.
* bpo-6532: Make the thread id an unsigned integer. (#781)Serhiy Storchaka2017-03-231-2/+1
| | | | | | | | | | | * bpo-6532: Make the thread id an unsigned integer. From C API side the type of results of PyThread_start_new_thread() and PyThread_get_thread_ident(), the id parameter of PyThreadState_SetAsyncExc(), and the thread_id field of PyThreadState changed from "long" to "unsigned long". * Restore a check in thread_get_ident().
* bpo-29697: Don't use OpenSSL <1.0.2 fallback on 1.1+ (GH-395)Donald Stufft2017-03-021-2/+2
|
* Issue #28999: Use Py_RETURN_NONE, Py_RETURN_TRUE and Py_RETURN_FALSE whereverSerhiy Storchaka2017-01-231-4/+2
| | | | possible. Patch is writen with Coccinelle.
* Use _PyObject_CallNoArg()Victor Stinner2016-12-061-1/+1
| | | | | | | Replace: PyObject_CallFunctionObjArgs(callable, NULL) with: _PyObject_CallNoArg(callable)
* Backed out changeset b9c9691c72c5Victor Stinner2016-12-041-1/+1
| | | | | | Issue #28858: The change b9c9691c72c5 introduced a regression. It seems like _PyObject_CallArg1() uses more stack memory than PyObject_CallFunctionObjArgs().
* Replace PyObject_CallFunctionObjArgs() with fastcallVictor Stinner2016-12-011-1/+1
| | | | | | | | | | | | | | * PyObject_CallFunctionObjArgs(func, NULL) => _PyObject_CallNoArg(func) * PyObject_CallFunctionObjArgs(func, arg, NULL) => _PyObject_CallArg1(func, arg) PyObject_CallFunctionObjArgs() allocates 40 bytes on the C stack and requires extra work to "parse" C arguments to build a C array of PyObject*. _PyObject_CallNoArg() and _PyObject_CallArg1() are simpler and don't allocate memory on the C stack. This change is part of the fastcall project. The change on listsort() is related to the issue #23507.
* TypoChristian Heimes2016-09-241-1/+1
|
* Finish GC code for SSLSession and increase test coverageChristian Heimes2016-09-241-4/+9
|
* Issue #28188: Use PyMem_Calloc() to get rid of a type-limits warning and an ↵Christian Heimes2016-09-131-3/+2
| | | | extra memset() call in _ssl.c.
* Issue #27866: Fix refleak in cipher_to_dict()Victor Stinner2016-09-121-12/+1
|
* Issue #28085: Add PROTOCOL_TLS_CLIENT and PROTOCOL_TLS_SERVER for SSLContextChristian Heimes2016-09-111-21/+59
|
* Issue #19500: Add client-side SSL session resumption to the ssl module.Christian Heimes2016-09-101-2/+370
|
* Issue 28043: SSLContext has improved default settingsChristian Heimes2016-09-101-0/+31
| | | | The options OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE, OP_SINGLE_ECDH_USE, OP_NO_SSLv2 (except for PROTOCOL_SSLv2), and OP_NO_SSLv3 (except for PROTOCOL_SSLv3) are set by default. The initial cipher suite list contains only HIGH ciphers, no NULL ciphers and MD5 ciphers (except for PROTOCOL_SSLv2).
* Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name ↵Christian Heimes2016-09-061-1/+34
|\ | | | | | | fields in X.509 certs.
| * Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name ↵Christian Heimes2016-09-061-1/+34
| | | | | | | | fields in X.509 certs.
* | Issue #26470: Use short name rather than name for compression name to fix ↵Christian Heimes2016-09-051-6/+1
|\ \ | |/ | | | | #27958.
| * Issue #26470: Use short name rather than name for compression name to fix ↵Christian Heimes2016-09-051-6/+1
| | | | | | | | #27958.
* | Issue #27866: Add SSLContext.get_ciphers() method to get a list of all ↵Christian Heimes2016-09-051-0/+117
| | | | | | | | enabled ciphers.
* | Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0.Christian Heimes2016-09-051-45/+136
|\ \ | |/
| * Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0.Christian Heimes2016-09-051-45/+136
| |
* | merge 3.5 (#27773)Benjamin Peterson2016-08-161-6/+4
|\ \ | |/
| * fix corner cases in the management of server_hostname (closes #27773)Benjamin Peterson2016-08-161-6/+4
| |
* | Merge 3.5 (INVALID_SOCKET)Victor Stinner2016-07-221-2/+6
|\ \ | |/
| * socket: use INVALID_SOCKETVictor Stinner2016-07-221-2/+6
| | | | | | | | | | | | | | | | * Replace "fd = -1" with "fd = INVALID_SOCKET" * Replace "fd < 0" with "fd == INVALID_SOCKET": SOCKET_T is unsigned on Windows Bug found by Pavel Belikov ("Fragment N1"): http://www.viva64.com/en/b/0414/#ID0ECDAE
* | Issue #23804: Merge SSL recv() fix from 3.5Martin Panter2016-07-111-0/+8
|\ \ | |/
| * Issue #23804: Fix SSL zero-length recv() calls to not block and raise EOFMartin Panter2016-07-111-0/+8
| |
* | - Issue #27332: Fixed the type of the first argument of module-level functionsSerhiy Storchaka2016-07-071-22/+22
|\ \ | |/ | | | | generated by Argument Clinic. Patch by Petr Viktorin.
| * Issue #27332: Fixed the type of the first argument of module-level functionsSerhiy Storchaka2016-07-071-22/+22
| | | | | | | | generated by Argument Clinic. Patch by Petr Viktorin.
* | merge 3.5 (#24557)Benjamin Peterson2016-07-071-2/+2
|\ \ | |/
| * assume egd unless OPENSSL_NO_EGD is defined—remove configure check (closes ↵Benjamin Peterson2016-07-071-2/+2
| | | | | | | | #24557)
* | Fix unused variable 'libver' warning in Modules/_ssl.cBerker Peksag2016-04-141-0/+2
|\ \ | |/ | | | | | | | | | | | | | | It can be seen on various buildbots like 3.x.cea-indiana-amd64 and 3.x.murray-snowleopard: /export/home/buildbot/64bits/3.x.cea-indiana-amd64/build/Modules/_ssl.c:2227: warning: unused variable 'libver' /Users/buildbot/buildarea/3.x.murray-snowleopard/build/Modules/_ssl.c:2227: warning: unused variable ‘libver’
| * Fix unused variable 'libver' warning in Modules/_ssl.cBerker Peksag2016-04-141-0/+2
| | | | | | | | | | | | | | | | | | It can be seen on various buildbots like 3.x.cea-indiana-amd64 and 3.x.murray-snowleopard: /export/home/buildbot/64bits/3.x.cea-indiana-amd64/build/Modules/_ssl.c:2227: warning: unused variable 'libver' /Users/buildbot/buildarea/3.x.murray-snowleopard/build/Modules/_ssl.c:2227: warning: unused variable ‘libver’
* | Issue #26200: Added Py_SETREF and replaced Py_XSETREF with Py_SETREFSerhiy Storchaka2016-04-101-1/+1
|\ \ | |/ | | | | in places where Py_DECREF was used.
| * Issue #26200: Added Py_SETREF and replaced Py_XSETREF with Py_SETREFSerhiy Storchaka2016-04-101-1/+1
| | | | | | | | in places where Py_DECREF was used.
* | Issue #22570: Renamed Py_SETREF to Py_XSETREF.Serhiy Storchaka2016-04-061-2/+2
|\ \ | |/
| * Issue #22570: Renamed Py_SETREF to Py_XSETREF.Serhiy Storchaka2016-04-061-2/+2
| |
* | Issue #26644: Merge SSL negative read fix from 3.5Martin Panter2016-03-271-0/+5
|\ \ | |/
| * Issue #26644: Raise ValueError for negative SSLSocket.recv() and read()Martin Panter2016-03-271-0/+5
| |
* | merge 3.5 (closes #25939)Benjamin Peterson2016-02-181-2/+6
|\ \ | |/
| * merge 3.4 (closes #25939)Benjamin Peterson2016-02-181-2/+6
| |\
| | * open the cert store readonlyBenjamin Peterson2016-02-181-2/+6
| | | | | | | | | | | | Patch from Chi Hsuan Yen.
* | | merge 3.5 (closes #25672)Benjamin Peterson2016-01-081-0/+17
|\ \ \ | |/ /
| * | enable SSL_MODE_RELEASE_BUFFERSBenjamin Peterson2016-01-081-0/+17
| | | | | | | | | | | | Patch by Cory Benfield.
generated by cgit v0.12 at 2025-09-16 20:00:35 (GMT)