Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | rm trailing ws | Benjamin Peterson | 2015-11-14 | 1 | -1/+1 |
| | |||||
* | fix possible memory lea k in _get_aia_uri (closes #25578) | Benjamin Peterson | 2015-11-14 | 1 | -1/+4 |
| | |||||
* | fix build with older openssl (#25569) | Benjamin Peterson | 2015-11-14 | 1 | -1/+1 |
| | |||||
* | always set OP_NO_SSLv3 by default (closes #25530) | Benjamin Peterson | 2015-11-12 | 1 | -0/+2 |
| | |||||
* | fix memory leak in _get_crl_dp (closes #25569) | Benjamin Peterson | 2015-11-12 | 1 | -28/+24 |
| | | | | Patch started by Stéphane Wirtel. | ||||
* | Issue #25523: Further a-to-an corrections. | Serhiy Storchaka | 2015-11-02 | 1 | -1/+1 |
| | |||||
* | improve style of the convert macro (#24655) | Benjamin Peterson | 2015-07-18 | 1 | -7/+7 |
| | | | | Patch by Brian Cain. | ||||
* | remove extra arguments in arg parsing format codes (closes #23875) | Benjamin Peterson | 2015-04-06 | 1 | -2/+2 |
| | |||||
* | expose X509_V_FLAG_TRUSTED_FIRST | Benjamin Peterson | 2015-03-05 | 1 | -0/+4 |
| | |||||
* | enable X509_V_FLAG_TRUSTED_FIRST when possible (closes #23476) | Benjamin Peterson | 2015-03-05 | 1 | -0/+9 |
| | |||||
* | Issue #23576: Avoid stalling in SSL reads when EOF has been reached in the ↵ | Antoine Pitrou | 2015-03-04 | 1 | -20/+0 |
| | | | | SSL layer but the underlying connection hasn't been closed. | ||||
* | Issue #23446: Use PyMem_New instead of PyMem_Malloc to avoid possible integer | Serhiy Storchaka | 2015-02-16 | 1 | -3/+4 |
| | | | | overflows. Added few missed PyErr_NoMemory(). | ||||
* | Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The | Victor Stinner | 2015-01-06 | 1 | -0/+4 |
| | | | | | availability of the function is checked during the compilation. Patch written by Bernard Spil. | ||||
* | allow ssl module to compile if openssl doesn't support SSL 3 (closes #22935) | Benjamin Peterson | 2014-12-06 | 1 | -0/+4 |
| | | | | Patch by Kurt Roeckx. | ||||
* | don't require OpenSSL SNI to pass hostname to ssl functions (#22921) | Benjamin Peterson | 2014-11-23 | 1 | -6/+0 |
| | | | | Patch by Donald Stufft. | ||||
* | Issue #21781, _ssl: Fix asn1obj2py() on Windows 64-bit, "s#" format requires | Victor Stinner | 2014-07-07 | 1 | -1/+1 |
| | | | | size to be a Py_ssize_t, not an int. _ssl.c is now "Py_ssize_t clean". | ||||
* | Issue #21781: Make the ssl module "ssize_t clean" for parsing parameters. | Victor Stinner | 2014-07-01 | 1 | -2/+9 |
| | | | | ssl.RAND_add() now supports strings longer than 2 GB. | ||||
* | Issue #21015: SSL contexts will now automatically select an elliptic curve ↵ | Antoine Pitrou | 2014-03-22 | 1 | -0/+15 |
| | | | | | | for ECDH key exchange on OpenSSL 1.0.2 and later, and otherwise default to "prime256v1". (should also fix a buildbot failure introduced by #20995) | ||||
* | avoid a compiler warning about assigning const char * to char *. | Gregory P. Smith | 2014-01-17 | 1 | -1/+1 |
|\ | |||||
| * | avoid a compiler warning about assigning const char * to char *. | Gregory P. Smith | 2014-01-17 | 1 | -1/+1 |
| | | |||||
* | | Issue #20207: Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly ↵ | Antoine Pitrou | 2014-01-09 | 1 | -4/+5 |
|\ \ | |/ | | | | | asked for. | ||||
| * | Remove conditional: it is useless at this point (OpenSSL headers are not yet ↵ | Antoine Pitrou | 2014-01-09 | 1 | -2/+0 |
| | | | | | | | | included) | ||||
| * | Issue #20207: Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly ↵ | Antoine Pitrou | 2014-01-09 | 1 | -2/+5 |
| | | | | | | | | asked for. | ||||
* | | (Merge 3.3) Issue #20025: ssl.RAND_bytes() and ssl.RAND_pseudo_bytes() now | Victor Stinner | 2013-12-19 | 1 | -0/+5 |
|\ \ | |/ | | | | | raise a ValueError if num is negative (instead of raising a SystemError). | ||||
| * | Issue #20025: ssl.RAND_bytes() and ssl.RAND_pseudo_bytes() now raise a | Victor Stinner | 2013-12-19 | 1 | -0/+5 |
| | | | | | | | | ValueError if num is negative (instead of raising a SystemError). | ||||
* | | Issue #19509: Add SSLContext.check_hostname to match the peer's certificate | Christian Heimes | 2013-12-02 | 1 | -0/+35 |
| | | | | | | | | with server_hostname on handshake. | ||||
* | | SNI was added in OpenSSL 0.9.8f [11 Oct 2007], too | Christian Heimes | 2013-11-28 | 1 | -1/+1 |
| | | |||||
* | | Issue #8813: X509_VERIFY_PARAM is only available on OpenSSL 0.9.8+ | Christian Heimes | 2013-11-23 | 1 | -0/+9 |
| | | | | | | | | The patch removes the verify_flags feature on Mac OS X 10.4 with OpenSSL 0.9.7l 28 Sep 2006. | ||||
* | | Issue #19448: report name / NID in exception message of ASN1Object | Christian Heimes | 2013-11-22 | 1 | -3/+3 |
| | | |||||
* | | Issue #18147: Add missing documentation for SSLContext.get_ca_certs(). | Christian Heimes | 2013-11-22 | 1 | -4/+6 |
| | | | | | | | | Also change the argument name to the same name as getpeercert() | ||||
* | | Issue #17134: Finalize interface to Windows' certificate store. Cert and | Christian Heimes | 2013-11-22 | 1 | -95/+219 |
| | | | | | | | | | | CRL enumeration are now two functions. enum_certificates() also returns purpose flags as set of OIDs. | ||||
* | | downcast len to int. The code has already checked that len < INT_MAX | Christian Heimes | 2013-11-21 | 1 | -1/+1 |
| | | |||||
* | | lst might be NULL here | Christian Heimes | 2013-11-21 | 1 | -1/+1 |
| | | | | | | | | CID 1130752: Dereference after null check (FORWARD_NULL) | ||||
* | | Issue #8813: Add SSLContext.verify_flags to change the verification flags | Christian Heimes | 2013-11-21 | 1 | -0/+49 |
| | | | | | | | | | | of the context in order to enable certification revocation list (CRL) checks or strict X509 rules. | ||||
* | | Issue #19682: Fix compatibility issue with old version of OpenSSL that | Christian Heimes | 2013-11-21 | 1 | -0/+6 |
| | | | | | | | | was introduced by Issue #18379. | ||||
* | | Issue #18379: SSLSocket.getpeercert() returns CA issuer AIA fields, OCSP | Christian Heimes | 2013-11-21 | 1 | -1/+151 |
| | | | | | | | | and CRL distribution points. | ||||
* | | Issue #18138: Implement cadata argument of SSLContext.load_verify_location() | Christian Heimes | 2013-11-21 | 1 | -27/+167 |
| | | | | | | | | | | to load CA certificates and CRL from memory. It supports PEM and DER encoded strings. | ||||
* | | Safely downcast SOCKET_T to int in _ssl module | Christian Heimes | 2013-11-18 | 1 | -3/+5 |
| | | |||||
* | | Issue #19448: Add private API to SSL module to lookup ASN.1 objects by OID, ↵ | Christian Heimes | 2013-11-17 | 1 | -0/+91 |
| | | | | | | | | NID, short name and long name. | ||||
* | | Issue #19437: Fix newPySSLSocket(), handle PyWeakref_NewRef() failure | Victor Stinner | 2013-10-31 | 1 | -0/+4 |
| | | |||||
* | | Issue #19437: Fix fill_and_set_sslerror() of _ssl, handle Py_BuildValue() | Victor Stinner | 2013-10-31 | 1 | -1/+5 |
| | | | | | | | | | | | | failure Don't call PyObject_CallObject() with NULL parameters and an exception set. | ||||
* | | Issue #19227 / Issue #18747: Remove pthread_atfork() handler to remove ↵ | Christian Heimes | 2013-10-29 | 1 | -67/+0 |
|\ \ | |/ | | | | | | | | | OpenSSL re-seeding It is causing trouble like e.g. hanging processes. | ||||
| * | Issue #19227 / Issue #18747: Remove pthread_atfork() handler to remove ↵ | Christian Heimes | 2013-10-29 | 1 | -67/+0 |
| | | | | | | | | | | | | OpenSSL re-seeding It is causing trouble like e.g. hanging processes. | ||||
* | | #19227: merge with 3.3 | Georg Brandl | 2013-10-27 | 1 | -7/+8 |
|\ \ | |/ | |||||
| * | Issue #19227: Try to fix deadlocks caused by re-seeding then OpenSSL | Georg Brandl | 2013-10-27 | 1 | -7/+8 |
| | | | | | | | | pseudo-random number generator on fork(). | ||||
* | | Properly initialize all fields of a SSL object after allocation. | Antoine Pitrou | 2013-09-29 | 1 | -0/+1 |
|\ \ | |/ | |||||
| * | Properly initialize all fields of a SSL object after allocation. | Antoine Pitrou | 2013-09-29 | 1 | -0/+1 |
| | | |||||
* | | Issue #19095: SSLSocket.getpeercert() now raises ValueError when the SSL ↵ | Antoine Pitrou | 2013-09-29 | 1 | -1/+9 |
| | | | | | | | | handshake hasn't been done. | ||||
* | | Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in ↵ | Christian Heimes | 2013-09-05 | 1 | -1/+1 |
|\ \ | |/ | | | | | GEN_EMAIL/GEN_URI/GEN_DNS case | ||||
| * | Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in ↵ | Christian Heimes | 2013-09-05 | 1 | -1/+1 |
| | | | | | | | | GEN_EMAIL/GEN_URI/GEN_DNS case |