summaryrefslogtreecommitdiffstats
path: root/Modules/_ssl.c
Commit message (Collapse)AuthorAgeFilesLines
* Issue #13626: Add support for SSL Diffie-Hellman key exchange, through theAntoine Pitrou2011-12-221-0/+35
| | | | SSLContext.load_dh_params() method and the ssl.OP_SINGLE_DH_USE option.
* Fix ssl module compilation if ECDH support was disabled in the OpenSSL build.Antoine Pitrou2011-12-211-0/+12
| | | | (followup to issue #13627)
* Issue #13634: Add support for querying and disabling SSL compression.Antoine Pitrou2011-12-201-0/+24
|
* Issue #13627: Add support for SSL Elliptic Curve-based Diffie-HellmanAntoine Pitrou2011-12-191-0/+30
| | | | | key exchange, through the SSLContext.set_ecdh_curve() method and the ssl.OP_SINGLE_ECDH_USE option.
* Issue #13635: Add ssl.OP_CIPHER_SERVER_PREFERENCE, so that SSL serversAntoine Pitrou2011-12-191-0/+2
| | | | | choose the cipher based on their own preferences, rather than on the client's.
* Issue #13458: Fix a memory leak in the ssl module when decoding a ↵Antoine Pitrou2011-11-231-0/+1
|\ | | | | | | | | | | certificate with a subjectAltName. Patch by Robert Xiao.
| * Issue #13458: Fix a memory leak in the ssl module when decoding a ↵Antoine Pitrou2011-11-231-0/+1
| | | | | | | | | | | | certificate with a subjectAltName. Patch by Robert Xiao.
* | Issue #11183: Add finer-grained exceptions to the ssl module, so thatAntoine Pitrou2011-10-271-3/+57
| | | | | | | | you don't have to inspect the exception's attributes in the common case.
* | Add a docstring to SSLErrorAntoine Pitrou2011-10-221-3/+8
| |
* | Use PyExc_OSError directly instead of grabbing it from the socket module APIAntoine Pitrou2011-10-221-1/+1
| |
* | Issue #13034: When decoding some SSL certificates, the subjectAltName ↵Antoine Pitrou2011-10-011-1/+1
|\ \ | |/ | | | | extension could be unreported.
| * Issue #13034: When decoding some SSL certificates, the subjectAltName ↵Antoine Pitrou2011-10-011-1/+1
| | | | | | | | extension could be unreported.
* | Issue #12287: Fix a stack corruption in ossaudiodev module when the FD isCharles-François Natali2011-08-281-3/+1
|\ \ | |/ | | | | greater than FD_SETSIZE.
| * Issue #12287: Fix a stack corruption in ossaudiodev module when the FD isCharles-François Natali2011-08-281-3/+1
| | | | | | | | greater than FD_SETSIZE.
* | Issue #12803: SSLContext.load_cert_chain() now accepts a password argumentAntoine Pitrou2011-08-251-21/+149
| | | | | | | | to be used if the private key is encrypted. Patch by Adam Simpkins.
* | Issue #12551: Provide a get_channel_binding() method on SSL sockets so asAntoine Pitrou2011-07-201-0/+60
| | | | | | | | | | | | | | | | to get channel binding data for the current SSL session (only the "tls-unique" channel binding is implemented). This allows the implementation of certain authentication mechanisms such as SCRAM-SHA-1-PLUS. Patch by Jacek Konieczny.
* | Issue #12440: When testing whether some bits in SSLContext.options can beAntoine Pitrou2011-07-081-9/+25
|\ \ | |/ | | | | | | reset, check the version of the OpenSSL headers Python was compiled against, rather than the runtime version of the OpenSSL library.
| * Issue #12440: When testing whether some bits in SSLContext.options can beAntoine Pitrou2011-07-081-9/+25
| | | | | | | | | | reset, check the version of the OpenSSL headers Python was compiled against, rather than the runtime version of the OpenSSL library.
| * (Merge 3.1) Issue #12012: ssl.PROTOCOL_SSLv2 becomes optionalVictor Stinner2011-05-091-1/+7
| |\ | | | | | | | | | | | | | | | | | | OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2 protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid. Optimize also ssl.get_protocol_name(): speed does matter!
| | * Issue #12012: ssl.PROTOCOL_SSLv2 becomes optionalVictor Stinner2011-05-091-1/+7
| | | | | | | | | | | | | | | | | | | | | OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2 protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid. Optimize also ssl.get_protocol_name(): speed does matter!
| | * Merged revisions 87140 via svnmerge fromHirokazu Yamamoto2010-12-091-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r87140 | hirokazu.yamamoto | 2010-12-09 19:49:00 +0900 (木, 09 12 2010) | 2 lines Should call Py_INCREF for Py_None (Modules/_ssl.c: PySSL_cipher) ........
| | * Merged revisions 85432 via svnmerge fromBenjamin Peterson2010-10-131-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r85432 | benjamin.peterson | 2010-10-13 17:06:39 -0500 (Wed, 13 Oct 2010) | 1 line constify to appease compiler warnings ........
| | * Merged revisions 84464 via svnmerge fromAntoine Pitrou2010-09-031-29/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r84464 | antoine.pitrou | 2010-09-03 20:38:17 +0200 (ven., 03 sept. 2010) | 3 lines Issue #3805: clean up implementation of the _read method in _ssl.c. ........
| | * Merged revisions 83677 via svnmerge fromMark Dickinson2010-08-031-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r83677 | mark.dickinson | 2010-08-03 19:31:54 +0100 (Tue, 03 Aug 2010) | 1 line Fix memory leak in ssl module. ........
| | * Merged revisions 82211 via svnmerge fromAntoine Pitrou2010-06-251-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/branches/py3k ................ r82211 | antoine.pitrou | 2010-06-25 02:07:34 +0200 (ven., 25 juin 2010) | 10 lines Merged revisions 82210 via svnmerge from svn+ssh://pythondev@svn.python.org/python/trunk ........ r82210 | antoine.pitrou | 2010-06-25 02:03:21 +0200 (ven., 25 juin 2010) | 4 lines Issue #9075: In the ssl module, remove the setting of a `debug` flag on an OpenSSL structure. ........ ................
| | * Merged revisions 82204 via svnmerge fromAntoine Pitrou2010-06-241-27/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r82204 | antoine.pitrou | 2010-06-25 00:34:04 +0200 (ven., 25 juin 2010) | 5 lines Issue #8682: The ssl module now temporary increments the reference count of a socket object got through `PyWeakref_GetObject`, so as to avoid possible deallocation while the object is still being used. ........
| | * Merged revisions 81242 via svnmerge fromAntoine Pitrou2010-05-161-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/branches/py3k ................ r81242 | antoine.pitrou | 2010-05-17 01:14:22 +0200 (lun., 17 mai 2010) | 10 lines Merged revisions 81241 via svnmerge from svn+ssh://pythondev@svn.python.org/python/trunk ........ r81241 | antoine.pitrou | 2010-05-17 01:11:46 +0200 (lun., 17 mai 2010) | 4 lines Clear the OpenSSL error queue each time an error is signalled. When the error queue is not emptied, strange things can happen on the next SSL call, depending on the OpenSSL version. ........ ................
| | * Merged revisions 81116 via svnmerge fromAntoine Pitrou2010-05-121-33/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/branches/py3k ................ r81116 | antoine.pitrou | 2010-05-12 16:05:24 +0200 (mer., 12 mai 2010) | 9 lines Merged revisions 81115 via svnmerge from svn+ssh://pythondev@svn.python.org/python/trunk ........ r81115 | antoine.pitrou | 2010-05-12 16:02:34 +0200 (mer., 12 mai 2010) | 3 lines Improve _ssl.c formatting ........ ................
| | * Merged revisions 80790 via svnmerge fromAntoine Pitrou2010-05-051-1376/+1376
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/branches/py3k ................ r80790 | antoine.pitrou | 2010-05-05 17:57:33 +0200 (mer., 05 mai 2010) | 9 lines Merged revisions 80789 via svnmerge from svn+ssh://pythondev@svn.python.org/python/trunk ........ r80789 | antoine.pitrou | 2010-05-05 17:53:45 +0200 (mer., 05 mai 2010) | 3 lines Untabify Modules/_ssl.c ........ ................
| | * Merged revisions 80542 via svnmerge fromAntoine Pitrou2010-04-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/branches/py3k ................ r80542 | antoine.pitrou | 2010-04-27 21:14:15 +0200 (mar., 27 avril 2010) | 10 lines Merged revisions 80540 via svnmerge from svn+ssh://pythondev@svn.python.org/python/trunk ........ r80540 | antoine.pitrou | 2010-04-27 21:09:59 +0200 (mar., 27 avril 2010) | 4 lines Issue #8549: Fix compiling the _ssl extension under AIX. Patch by Sridhar Ratnakumar. ........ ................
| | * Merged revisions 80454 via svnmerge fromAntoine Pitrou2010-04-241-9/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/branches/py3k ................ r80454 | antoine.pitrou | 2010-04-24 23:26:44 +0200 (sam., 24 avril 2010) | 15 lines Merged revisions 80451-80452 via svnmerge from svn+ssh://pythondev@svn.python.org/python/trunk ........ r80451 | antoine.pitrou | 2010-04-24 21:57:01 +0200 (sam., 24 avril 2010) | 4 lines The do_handshake() method of SSL objects now adjusts the blocking mode of the SSL structure if necessary (as other methods already do). ........ r80452 | antoine.pitrou | 2010-04-24 22:04:58 +0200 (sam., 24 avril 2010) | 4 lines Issue #5103: SSL handshake would ignore the socket timeout and block indefinitely if the other end didn't respond. ........ ................
| | * Merged revisions 80394 via svnmerge fromAntoine Pitrou2010-04-231-6/+63
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/branches/py3k ................ r80394 | antoine.pitrou | 2010-04-23 02:16:21 +0200 (ven., 23 avril 2010) | 15 lines Merged revisions 80392 via svnmerge from svn+ssh://pythondev@svn.python.org/python/trunk ........ r80392 | antoine.pitrou | 2010-04-23 01:33:02 +0200 (ven., 23 avril 2010) | 9 lines Issue #8108: Fix the unwrap() method of SSL objects when the socket has a non-infinite timeout. Also make that method friendlier with applications wanting to continue using the socket in clear-text mode, by disabling OpenSSL's internal readahead. Thanks to Darryl Miles for guidance. Issue #8108: test_ftplib's non-blocking SSL server now has proper handling of SSL shutdowns. ........ ................
| | * Merged revisions 80317 via svnmerge fromAntoine Pitrou2010-04-211-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/branches/py3k ................ r80317 | antoine.pitrou | 2010-04-21 21:46:23 +0200 (mer., 21 avril 2010) | 15 lines Merged revisions 80314-80315 via svnmerge from svn+ssh://pythondev@svn.python.org/python/trunk ........ r80314 | antoine.pitrou | 2010-04-21 21:28:03 +0200 (mer., 21 avril 2010) | 5 lines Issue #8484: Load all ciphers and digest algorithms when initializing the _ssl extension, such that verification of some SSL certificates doesn't fail because of an "unknown algorithm". ........ r80315 | antoine.pitrou | 2010-04-21 21:36:23 +0200 (mer., 21 avril 2010) | 3 lines Forgot to add the sample certificate (followup to r80314) ........ ................
| | * Merged revisions 79912 via svnmerge fromAntoine Pitrou2010-04-091-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/branches/py3k ................ r79912 | antoine.pitrou | 2010-04-09 22:42:09 +0200 (ven., 09 avril 2010) | 10 lines Merged revisions 79910 via svnmerge from svn+ssh://pythondev@svn.python.org/python/trunk ........ r79910 | antoine.pitrou | 2010-04-09 22:38:39 +0200 (ven., 09 avril 2010) | 4 lines SSL_MODE_AUTO_RETRY has been added in OpenSSL 0.9.6. Fix compilation with earlier versions. ........ ................
| | * Merged revisions 79449,79452 via svnmerge fromAntoine Pitrou2010-03-261-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/branches/py3k ................ r79449 | antoine.pitrou | 2010-03-26 20:32:24 +0100 (ven., 26 mars 2010) | 12 lines Merged revisions 79448 via svnmerge from svn+ssh://pythondev@svn.python.org/python/trunk ........ r79448 | antoine.pitrou | 2010-03-26 20:27:16 +0100 (ven., 26 mars 2010) | 6 lines Issue #8222: Enable the SSL_MODE_AUTO_RETRY flag on SSL sockets, so that blocking reads and writes are always retried by OpenSSL itself. (this is a followup to issue #3890) ........ ................ r79452 | antoine.pitrou | 2010-03-26 20:36:14 +0100 (ven., 26 mars 2010) | 3 lines Add NEWS entry for r79449. ................
| | * Merged revisions 78598 via svnmerge fromVictor Stinner2010-03-021-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/branches/py3k ................ r78598 | victor.stinner | 2010-03-02 23:48:17 +0100 (mar., 02 mars 2010) | 11 lines Merged revisions 78596 via svnmerge from svn+ssh://pythondev@svn.python.org/python/trunk ........ r78596 | victor.stinner | 2010-03-02 23:44:42 +0100 (mar., 02 mars 2010) | 4 lines Issue #2973: Fix gcc warning on the 2nd argument of ASN1_item_d2i() and method->d2i(): OpenSSL API changed in OpenSSL 0.9.6m. Patch written by Daniel Black. ........ ................
| | * Merged revisions 73623-73624 via svnmerge fromBenjamin Peterson2009-06-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | svn+ssh://pythondev@svn.python.org/python/branches/py3k ................ r73623 | benjamin.peterson | 2009-06-28 12:22:03 -0500 (Sun, 28 Jun 2009) | 58 lines Merged revisions 73004,73439,73496,73509,73529,73564,73576-73577,73595-73596,73605 via svnmerge from svn+ssh://pythondev@svn.python.org/python/trunk ........ r73004 | jeffrey.yasskin | 2009-05-28 22:44:31 -0500 (Thu, 28 May 2009) | 5 lines Fix nearly all compilation warnings under Apple gcc-4.0. Tested with OPT="-g -Wall -Wstrict-prototypes -Werror" in both --with-pydebug mode and --without. There's still a batch of non-prototype warnings in Xlib.h that I don't know how to fix. ........ r73439 | benjamin.peterson | 2009-06-15 19:29:31 -0500 (Mon, 15 Jun 2009) | 1 line don't mask encoding errors when decoding a string #6289 ........ r73496 | vinay.sajip | 2009-06-21 12:37:27 -0500 (Sun, 21 Jun 2009) | 1 line Issue #6314: logging.basicConfig() performs extra checks on the "level" argument. ........ r73509 | amaury.forgeotdarc | 2009-06-22 14:33:48 -0500 (Mon, 22 Jun 2009) | 2 lines #4490 Fix sample code run by "python -m xml.sax.xmlreader" ........ r73529 | r.david.murray | 2009-06-23 13:02:46 -0500 (Tue, 23 Jun 2009) | 4 lines Fix issue 5230 by having pydoc's safeimport check to see if the import error was thrown from itself in order to decide if the module can't be found. Thanks to Lucas Prado Melo for collaborating on the fix and tests. ........ r73564 | amaury.forgeotdarc | 2009-06-25 17:29:29 -0500 (Thu, 25 Jun 2009) | 6 lines #2016 Fix a crash in function call when the **kwargs dictionary is mutated during the function call setup. This even gives a slight speedup, probably because tuple allocation is faster than PyMem_NEW. ........ r73576 | benjamin.peterson | 2009-06-26 18:37:06 -0500 (Fri, 26 Jun 2009) | 1 line document is_declared_global() ........ r73577 | benjamin.peterson | 2009-06-27 09:16:23 -0500 (Sat, 27 Jun 2009) | 1 line link to extensive generator docs in the reference manual ........ r73595 | ezio.melotti | 2009-06-27 18:45:39 -0500 (Sat, 27 Jun 2009) | 1 line stmt and setup can contain multiple statements, see #5896 ........ r73596 | ezio.melotti | 2009-06-27 19:07:45 -0500 (Sat, 27 Jun 2009) | 1 line Fixed a wrong apostrophe ........ r73605 | georg.brandl | 2009-06-28 07:10:18 -0500 (Sun, 28 Jun 2009) | 1 line Remove stray pychecker directive. ........ ................ r73624 | benjamin.peterson | 2009-06-28 12:32:20 -0500 (Sun, 28 Jun 2009) | 1 line document BufferedIOBase.raw and TextIOBase.buffer ................
* | | Issue #12049: Add RAND_bytes() and RAND_pseudo_bytes() functions to the sslVictor Stinner2011-05-241-0/+67
| | | | | | | | | | | | module.
* | | Issue #12012: ssl.PROTOCOL_SSLv2 becomes optionalVictor Stinner2011-05-081-1/+7
| | | | | | | | | | | | | | | | | | | | | OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2 protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid. Optimize also ssl.get_protocol_name(): speed does matter!
* | | Merge fix for issue #11746Antoine Pitrou2011-04-031-1/+1
|\ \ \ | |/ /
| * | Issue #11746: Fix SSLContext.load_cert_chain() to accept elliptic curve ↵Antoine Pitrou2011-04-031-1/+1
| | | | | | | | | | | | private keys.
* | | Issue #8914: fix various warnings from the Clang static analyzer v254.Brett Cannon2011-02-221-3/+0
|/ /
* | Issue #10989: Fix a crash on SSLContext.load_verify_locations(None, True).Victor Stinner2011-01-291-1/+1
| | | | | | | | Patch reviewed by Antoine Pitrou, okayed by Georg Brandl.
* | Should call Py_INCREF for Py_None (Modules/_ssl.c: PySSL_cipher)Hirokazu Yamamoto2010-12-091-2/+4
| |
* | Issue #10272: The ssl module now raises socket.timeout instead of a genericAntoine Pitrou2010-12-031-7/+7
| | | | | | | | SSLError on socket timeouts.
* | Issue #10443: Add the SSLContext.set_default_verify_paths() method.Antoine Pitrou2010-11-171-0/+12
| |
* | Issue #10022: The dictionary returned by the `getpeercert()` methodAntoine Pitrou2010-11-091-53/+47
| | | | | | | | of SSL sockets now has additional items such as `issuer` and `notBefore`.
* | Issue #5639: Add a *server_hostname* argument to `SSLContext.wrap_socket`Antoine Pitrou2010-10-221-5/+40
| | | | | | | | | | | | in order to support the TLS SNI extension. `HTTPSConnection` and `urlopen()` also use this argument, so that HTTPS virtual hosts are now supported.
* | constify to appease compiler warningsBenjamin Peterson2010-10-131-2/+2
| |
* | Define a "session_id_context" at context creation. This is recommendedAntoine Pitrou2010-10-131-0/+5
| | | | | | | | for the OpenSSL server-side session cache.