summaryrefslogtreecommitdiffstats
path: root/Modules/_ssl.c
Commit message (Collapse)AuthorAgeFilesLines
* avoid a compiler warning about assigning const char * to char *.Gregory P. Smith2014-01-171-1/+1
|
* Remove conditional: it is useless at this point (OpenSSL headers are not yet ↵Antoine Pitrou2014-01-091-2/+0
| | | | included)
* Issue #20207: Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly ↵Antoine Pitrou2014-01-091-2/+5
| | | | asked for.
* Issue #20025: ssl.RAND_bytes() and ssl.RAND_pseudo_bytes() now raise aVictor Stinner2013-12-191-0/+5
| | | | ValueError if num is negative (instead of raising a SystemError).
* Issue #19227 / Issue #18747: Remove pthread_atfork() handler to remove ↵Christian Heimes2013-10-291-67/+0
| | | | | | OpenSSL re-seeding It is causing trouble like e.g. hanging processes.
* Issue #19227: Try to fix deadlocks caused by re-seeding then OpenSSLGeorg Brandl2013-10-271-7/+8
| | | | pseudo-random number generator on fork().
* Properly initialize all fields of a SSL object after allocation.Antoine Pitrou2013-09-291-0/+1
|
* Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in ↵Christian Heimes2013-09-051-1/+1
| | | | GEN_EMAIL/GEN_URI/GEN_DNS case
* Issue #18747: Fix spelling errors in my commit message and comments,Christian Heimes2013-08-251-2/+2
| | | | thanks to Vajrasky Kok for proof-reading.
* Issue #18747: Use a parent atfork handler instead of a child atfork handler.Christian Heimes2013-08-221-12/+9
| | | | fork() is suppose to be async-signal safe but the handler calls unsafe functions. A parent handler mitigates the issue.
* Issue #18747: Re-seed OpenSSL's pseudo-random number generator after fork.Christian Heimes2013-08-211-0/+72
| | | | | A pthread_atfork() child handler is used to seeded the PRNG with pid, time and some stack data.
* Issue #18777: The ssl module now uses the new CRYPTO_THREADID API ofChristian Heimes2013-08-191-1/+17
| | | | OpenSSL 1.0.0+ instead of the deprecated CRYPTO id callback function.
* Issue 18768: Correct doc string of RAND_edg(). Patch by Vajrasky Kok.Christian Heimes2013-08-171-1/+1
|
* Issue #18768: coding style nitpick. Thanks to Vajrasky KokChristian Heimes2013-08-171-1/+1
|
* #18466: fix more typos. Patch by Févry Thibault.Ezio Melotti2013-08-171-1/+1
|
* Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytesChristian Heimes2013-08-161-5/+59
| | | | | | | inside subjectAltName correctly. Formerly the module has used OpenSSL's GENERAL_NAME_print() function to get the string represention of ASN.1 strings for rfc822Name (email), dNSName (DNS) and uniformResourceIdentifier (URI).
* Check return value of PyLong_FromLong(X509_get_version()). It might be NULL ifChristian Heimes2013-07-261-0/+2
| | | | | X509_get_version() grows beyond our small int cache. CID 1058279
* Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if the inputVictor Stinner2013-06-241-2/+7
| | | | | | string in longer than 2 gigabytes, and ssl.SSLContext.load_cert_chain() raises a ValueError if the password is longer than 2 gigabytes. The ssl module does not support partial write.
* Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write()Victor Stinner2013-06-231-5/+11
| | | | | and in ssl.SSLContext.load_cert_chain() for strings and passwords longer than 2 gigabytes.
* _ssl.c: strip trailing spacesVictor Stinner2013-06-231-5/+5
|
* SSLContext.load_dh_params() now properly closes the input file.Antoine Pitrou2013-01-121-0/+1
|
* Issue #15977: Fix memory leak in Modules/_ssl.c when the function ↵Christian Heimes2012-09-201-0/+7
| | | | _set_npn_protocols() is called multiple times
* MERGE: Closes #15793: Stack corruption in ssl.RAND_egd()Jesus Cea2012-09-111-1/+1
|\
| * Closes #15793: Stack corruption in ssl.RAND_egd()Jesus Cea2012-09-111-1/+1
| |
* | Issue #15604: Update uses of PyObject_IsTrue() to check for and handle ↵Antoine Pitrou2012-08-151-3/+3
|\ \ | |/ | | | | | | | | errors correctly. Patch by Serhiy Storchaka.
| * Issue #15604: Update uses of PyObject_IsTrue() to check for and handle ↵Antoine Pitrou2012-08-151-1/+5
| | | | | | | | | | | | errors correctly. Patch by Serhiy Storchaka.
* | Issue #14837: SSL errors now have `library` and `reason` attributes ↵Antoine Pitrou2012-06-221-63/+199
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | describing precisely what happened and in which OpenSSL submodule. The str() of a SSLError is also enhanced accordingly. NOTE: this commit creates a reference leak. The leak seems tied to the use of PyType_FromSpec() to create the SSLError type. The leak is on the type object when it is instantiated: >>> e = ssl.SSLError() >>> sys.getrefcount(ssl.SSLError) 35 >>> e = ssl.SSLError() >>> sys.getrefcount(ssl.SSLError) 36 >>> e = ssl.SSLError() >>> sys.getrefcount(ssl.SSLError) 37
* | Issue #14204: The ssl module now has support for the Next Protocol ↵Antoine Pitrou2012-03-211-0/+115
| | | | | | | | | | | | Negotiation extension, if available in the underlying OpenSSL library. Patch by Colin Marc.
* | Fix last remaining build issues of _ssl under old OpenSSLs. Patch by Vinay.Antoine Pitrou2012-02-191-0/+5
| |
* | Try to really fix compilation failures of the _ssl module under very old ↵Antoine Pitrou2012-02-171-0/+6
| | | | | | | | OpenSSLs.
* | Fix compilation when SSL_OP_SINGLE_ECDH_USE isn't definedAntoine Pitrou2012-02-171-0/+2
| |
* | Issue #13014: Fix a possible reference leak in SSLSocket.getpeercert().Antoine Pitrou2012-02-151-9/+14
|\ \ | |/
| * Issue #13014: Fix a possible reference leak in SSLSocket.getpeercert().Antoine Pitrou2012-02-151-9/+14
| |
* | Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV ↵Antoine Pitrou2012-01-271-2/+4
|\ \ | |/ | | | | attack countermeasure.
| * Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV ↵Antoine Pitrou2012-01-271-2/+4
| |\ | | | | | | | | | attack countermeasure.
| | * Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC IV ↵Antoine Pitrou2012-01-271-1/+2
| | | | | | | | | | | | attack countermeasure.
* | | Issue #13626: Add support for SSL Diffie-Hellman key exchange, through theAntoine Pitrou2011-12-221-0/+35
| | | | | | | | | | | | SSLContext.load_dh_params() method and the ssl.OP_SINGLE_DH_USE option.
* | | Fix ssl module compilation if ECDH support was disabled in the OpenSSL build.Antoine Pitrou2011-12-211-0/+12
| | | | | | | | | | | | (followup to issue #13627)
* | | Issue #13634: Add support for querying and disabling SSL compression.Antoine Pitrou2011-12-201-0/+24
| | |
* | | Issue #13627: Add support for SSL Elliptic Curve-based Diffie-HellmanAntoine Pitrou2011-12-191-0/+30
| | | | | | | | | | | | | | | key exchange, through the SSLContext.set_ecdh_curve() method and the ssl.OP_SINGLE_ECDH_USE option.
* | | Issue #13635: Add ssl.OP_CIPHER_SERVER_PREFERENCE, so that SSL serversAntoine Pitrou2011-12-191-0/+2
| | | | | | | | | | | | | | | choose the cipher based on their own preferences, rather than on the client's.
* | | Issue #13458: Fix a memory leak in the ssl module when decoding a ↵Antoine Pitrou2011-11-231-0/+1
|\ \ \ | |/ / | | | | | | | | | | | | certificate with a subjectAltName. Patch by Robert Xiao.
| * | Issue #13458: Fix a memory leak in the ssl module when decoding a ↵Antoine Pitrou2011-11-231-0/+1
| | | | | | | | | | | | | | | | | | certificate with a subjectAltName. Patch by Robert Xiao.
* | | Issue #11183: Add finer-grained exceptions to the ssl module, so thatAntoine Pitrou2011-10-271-3/+57
| | | | | | | | | | | | you don't have to inspect the exception's attributes in the common case.
* | | Add a docstring to SSLErrorAntoine Pitrou2011-10-221-3/+8
| | |
* | | Use PyExc_OSError directly instead of grabbing it from the socket module APIAntoine Pitrou2011-10-221-1/+1
| | |
* | | Issue #13034: When decoding some SSL certificates, the subjectAltName ↵Antoine Pitrou2011-10-011-1/+1
|\ \ \ | |/ / | | | | | | extension could be unreported.
| * | Issue #13034: When decoding some SSL certificates, the subjectAltName ↵Antoine Pitrou2011-10-011-1/+1
| | | | | | | | | | | | extension could be unreported.
* | | Issue #12287: Fix a stack corruption in ossaudiodev module when the FD isCharles-François Natali2011-08-281-3/+1
|\ \ \ | |/ / | | | | | | greater than FD_SETSIZE.
| * | Issue #12287: Fix a stack corruption in ossaudiodev module when the FD isCharles-François Natali2011-08-281-3/+1
| | | | | | | | | | | | greater than FD_SETSIZE.
generated by cgit v0.12 at 2024-11-26 11:47:49 (GMT)