Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in ↵ | Christian Heimes | 2013-09-05 | 1 | -1/+1 |
|\ | | | | | | | GEN_EMAIL/GEN_URI/GEN_DNS case | ||||
| * | Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in ↵ | Christian Heimes | 2013-09-05 | 1 | -1/+1 |
| | | | | | | | | GEN_EMAIL/GEN_URI/GEN_DNS case | ||||
* | | Issue #18571: Implementation of the PEP 446: file descriptors and file handles | Victor Stinner | 2013-08-27 | 1 | -1/+1 |
| | | | | | | | | | | are now created non-inheritable; add functions os.get/set_inheritable(), os.get/set_handle_inheritable() and socket.socket.get/set_inheritable(). | ||||
* | | Issue #18747: Fix spelling errors in my commit message and comments, | Christian Heimes | 2013-08-25 | 1 | -2/+2 |
|\ \ | |/ | | | | | thanks to Vajrasky Kok for proof-reading. | ||||
| * | Issue #18747: Fix spelling errors in my commit message and comments, | Christian Heimes | 2013-08-25 | 1 | -2/+2 |
| | | | | | | | | thanks to Vajrasky Kok for proof-reading. | ||||
* | | Fix compiler warning on Windows. | Richard Oudkerk | 2013-08-24 | 1 | -1/+1 |
| | | |||||
* | | Issue #18747: Use a parent atfork handler instead of a child atfork handler. | Christian Heimes | 2013-08-22 | 1 | -12/+9 |
|\ \ | |/ | | | | | fork() is suppose to be async-signal safe but the handler calls unsafe functions. A parent handler mitigates the issue. | ||||
| * | Issue #18747: Use a parent atfork handler instead of a child atfork handler. | Christian Heimes | 2013-08-22 | 1 | -12/+9 |
| | | | | | | | | fork() is suppose to be async-signal safe but the handler calls unsafe functions. A parent handler mitigates the issue. | ||||
* | | Issue #18747: Re-seed OpenSSL's pseudo-random number generator after fork. | Christian Heimes | 2013-08-21 | 1 | -0/+72 |
|\ \ | |/ | | | | | | | A pthread_atfork() child handler is used to seeded the PRNG with pid, time and some stack data. | ||||
| * | Issue #18747: Re-seed OpenSSL's pseudo-random number generator after fork. | Christian Heimes | 2013-08-21 | 1 | -0/+72 |
| | | | | | | | | | | A pthread_atfork() child handler is used to seeded the PRNG with pid, time and some stack data. | ||||
* | | Issue #18777: The ssl module now uses the new CRYPTO_THREADID API of | Christian Heimes | 2013-08-19 | 1 | -1/+17 |
|\ \ | |/ | | | | | OpenSSL 1.0.0+ instead of the deprecated CRYPTO id callback function. | ||||
| * | Issue #18777: The ssl module now uses the new CRYPTO_THREADID API of | Christian Heimes | 2013-08-19 | 1 | -1/+17 |
| | | | | | | | | OpenSSL 1.0.0+ instead of the deprecated CRYPTO id callback function. | ||||
* | | Issue 18768: Correct doc string of RAND_edg(). Patch by Vajrasky Kok. | Christian Heimes | 2013-08-17 | 1 | -1/+1 |
|\ \ | |/ | |||||
| * | Issue 18768: Correct doc string of RAND_edg(). Patch by Vajrasky Kok. | Christian Heimes | 2013-08-17 | 1 | -1/+1 |
| | | |||||
* | | Issue #18768: coding style nitpick. Thanks to Vajrasky Kok | Christian Heimes | 2013-08-17 | 1 | -1/+1 |
|\ \ | |/ | |||||
| * | Issue #18768: coding style nitpick. Thanks to Vajrasky Kok | Christian Heimes | 2013-08-17 | 1 | -1/+1 |
| | | |||||
* | | #18466: merge with 3.3. | Ezio Melotti | 2013-08-17 | 1 | -1/+1 |
|\ \ | |/ | |||||
| * | #18466: fix more typos. Patch by Févry Thibault. | Ezio Melotti | 2013-08-17 | 1 | -1/+1 |
| | | |||||
* | | Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes | Christian Heimes | 2013-08-16 | 1 | -5/+59 |
|\ \ | |/ | | | | | | | | | | | inside subjectAltName correctly. Formerly the module has used OpenSSL's GENERAL_NAME_print() function to get the string represention of ASN.1 strings for rfc822Name (email), dNSName (DNS) and uniformResourceIdentifier (URI). | ||||
| * | Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes | Christian Heimes | 2013-08-16 | 1 | -5/+59 |
| | | | | | | | | | | | | | | inside subjectAltName correctly. Formerly the module has used OpenSSL's GENERAL_NAME_print() function to get the string represention of ASN.1 strings for rfc822Name (email), dNSName (DNS) and uniformResourceIdentifier (URI). | ||||
* | | Check return value of PyLong_FromLong(X509_get_version()). It might be NULL if | Christian Heimes | 2013-07-26 | 1 | -0/+2 |
|\ \ | |/ | | | | | | | X509_get_version() grows beyond our small int cache. CID 1058279 | ||||
| * | Check return value of PyLong_FromLong(X509_get_version()). It might be NULL if | Christian Heimes | 2013-07-26 | 1 | -0/+2 |
| | | | | | | | | | | X509_get_version() grows beyond our small int cache. CID 1058279 | ||||
* | | Issue #18203: Replace malloc() with PyMem_Malloc() in _ssl for the password | Victor Stinner | 2013-07-07 | 1 | -4/+4 |
| | | |||||
* | | Issue #18203: Replace malloc() with PyMem_Malloc() in Python modules | Victor Stinner | 2013-07-07 | 1 | -2/+2 |
| | | | | | | | | | | Replace malloc() with PyMem_Malloc() when the GIL is held, or with PyMem_RawMalloc() otherwise. | ||||
* | | _ssl.c: strip trailing spaces | Victor Stinner | 2013-06-24 | 1 | -3/+3 |
| | | |||||
* | | (Merge 3.3) Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if | Victor Stinner | 2013-06-24 | 1 | -2/+7 |
|\ \ | |/ | | | | | | | | | the input string in longer than 2 gigabytes, and ssl.SSLContext.load_cert_chain() raises a ValueError if the password is longer than 2 gigabytes. The ssl module does not support partial write. | ||||
| * | Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if the input | Victor Stinner | 2013-06-24 | 1 | -2/+7 |
| | | | | | | | | | | | | string in longer than 2 gigabytes, and ssl.SSLContext.load_cert_chain() raises a ValueError if the password is longer than 2 gigabytes. The ssl module does not support partial write. | ||||
* | | (Merge 3.3) Issue #18135: Fix a possible integer overflow in | Victor Stinner | 2013-06-23 | 1 | -10/+16 |
|\ \ | |/ | | | | | | | ssl.SSLSocket.write() and in ssl.SSLContext.load_cert_chain() for strings and passwords longer than 2 gigabytes. | ||||
| * | Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write() | Victor Stinner | 2013-06-23 | 1 | -5/+11 |
| | | | | | | | | | | and in ssl.SSLContext.load_cert_chain() for strings and passwords longer than 2 gigabytes. | ||||
| * | _ssl.c: strip trailing spaces | Victor Stinner | 2013-06-23 | 1 | -5/+5 |
| | | |||||
* | | Issue #18147: Add diagnostic functions to ssl.SSLContext(). | Christian Heimes | 2013-06-17 | 1 | -17/+127 |
| | | | | | | | | | | get_ca_list() lists all loaded CA certificates and cert_store_stats() returns amount of loaded X.509 certs, X.509 CA certs and CRLs. | ||||
* | | Simplify return value of ssl.get_default_verify_paths | Christian Heimes | 2013-06-14 | 1 | -11/+3 |
| | | | | | | | | prefix function with PySSL_, too. Other module level functions have a prefix, too. | ||||
* | | fixd refleak | Christian Heimes | 2013-06-10 | 1 | -1/+9 |
| | | |||||
* | | Issue #17134: Add ssl.enum_cert_store() as interface to Windows' cert store. | Christian Heimes | 2013-06-09 | 1 | -0/+132 |
| | | |||||
* | | get_default_verify_paths doesn't belong inside the ifdef block | Christian Heimes | 2013-06-09 | 1 | -1/+1 |
| | | |||||
* | | Issue #18143: Implement ssl.get_default_verify_paths() in order to debug | Christian Heimes | 2013-06-09 | 1 | -0/+42 |
| | | | | | | | | the default locations for cafile and capath. | ||||
* | | Fix compilation under MSVC: ssl_set_mode() is a macro, and the MSVC ↵ | Antoine Pitrou | 2013-05-25 | 1 | -3/+4 |
| | | | | | | | | | | | | preprocessor doesn't process #ifdef's inside a macro argument list. (found explanation at http://www.tech-archive.net/Archive/VC/microsoft.public.vc.language/2007-05/msg00385.html) | ||||
* | | Issue #8240: Set the SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag on SSL sockets. | Antoine Pitrou | 2013-05-25 | 1 | -1/+3 |
| | | |||||
* | | Fix a crash when setting a servername callback on a SSL server socket and ↵ | Antoine Pitrou | 2013-04-11 | 1 | -12/+18 |
| | | | | | | | | | | | | | | the client doesn't send a server name. Patch by Kazuhiro Yoshida. (originally issue #8109) | ||||
* | | Fix comment about the OpenSSL version in which SNI version was introduced. | Antoine Pitrou | 2013-03-30 | 1 | -1/+1 |
| | | |||||
* | | Improve set_servername_callback docstring. | Antoine Pitrou | 2013-03-30 | 1 | -3/+3 |
| | | |||||
* | | Fix previous fix (the cause was actually a misplaced #endif, or so it seems) | Antoine Pitrou | 2013-03-30 | 1 | -3/+1 |
| | | |||||
* | | Further compiling fixes (issue #17581) | Antoine Pitrou | 2013-03-30 | 1 | -1/+4 |
| | | |||||
* | | Issue #17581: try to fix building on old OpenSSL versions | Antoine Pitrou | 2013-03-30 | 1 | -7/+27 |
| | | |||||
* | | Issue #16692: The ssl module now supports TLS 1.1 and TLS 1.2. Initial ↵ | Antoine Pitrou | 2013-03-28 | 1 | -47/+77 |
| | | | | | | | | patch by Michele Orrù. | ||||
* | | Issue #16982: Fix --without-threads build failure. | Stefan Krah | 2013-01-17 | 1 | -3/+9 |
| | | |||||
* | | SSLContext.load_dh_params() now properly closes the input file. | Antoine Pitrou | 2013-01-12 | 1 | -0/+1 |
|\ \ | |/ | |||||
| * | SSLContext.load_dh_params() now properly closes the input file. | Antoine Pitrou | 2013-01-12 | 1 | -0/+1 |
| | | |||||
* | | Fix returning uninitialized variable (issue #8109). | Antoine Pitrou | 2013-01-06 | 1 | -1/+1 |
| | | | | | | | | Found by Christian with Coverity. | ||||
* | | Issue #8109: The ssl module now has support for server-side SNI, thanks to a ↵ | Antoine Pitrou | 2013-01-05 | 1 | -5/+248 |
|/ | | | | | | :meth:`SSLContext.set_servername_callback` method. Patch by Daniel Black. |