summaryrefslogtreecommitdiffstats
path: root/Tools/ssl
Commit message (Collapse)AuthorAgeFilesLines
* gh-109649: Use os.process_cpu_count() (#110165)Victor Stinner2023-10-011-1/+4
| | | | | | | | | | | | | | | | | | | | Replace os.cpu_count() with os.process_cpu_count() in modules: * compileall * concurrent.futures * multiprocessing Replace os.cpu_count() with os.process_cpu_count() in programs: * _decimal deccheck.py test * freeze.py * multissltests.py * python -m test (regrtest) * wasm_build.py Other changes: * test.pythoninfo logs os.process_cpu_count(). * regrtest gets os.process_cpu_count() / os.cpu_count() in headers.
* gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and ↵Ned Deily2023-09-281-3/+3
| | | | multissltests to use 1.1.1w, 3.0.11, and 3.1.3. (gh-110002)
* gh-107565: Update multissltests and GitHub CI workflows to use OpenSSL ↵Ned Deily2023-08-181-3/+3
| | | | 1.1.1v, 3.0.10, and 3.1.2. (GH-107896)
* gh-103142: Upgrade binary builds and CI to OpenSSL 1.1.1u (#105174)Gregory P. Smith2023-06-011-2/+3
| | | | | | | | | | | | | Upgrade builds to OpenSSL 1.1.1u. This OpenSSL version addresses a pile if less-urgent CVEs since 1.1.1t. The Mac/BuildScript/build-installer.py was already updated. Also updates _ssl_data_111.h from OpenSSL 1.1.1u, _ssl_data_300.h from 3.0.9, and adds a new _ssl_data_31.h file from 3.1.1 along with the ssl.c code to use it. Manual edits to the _ssl_data_300.h file prevent it from removing any existing definitions in case those exist in some peoples builds and were important (avoiding regressions during backporting). backports of this prior to 3.12 will not include the openssl 3.1 header.
* gh-101726: Update the OpenSSL version to 1.1.1t (GH-101727)Gregory P. Smith2023-02-091-2/+2
| | | | Fixes CVE-2023-0286 (High) and a couple of Medium security issues. https://www.openssl.org/news/secadv/20230207.txt
* gh-100454: Start running SSL tests with OpenSSL 3.1.0-beta1 (#100456)Illia Volochii2022-12-241-4/+4
|
* Update github CI to use OpenSSL 1.1.1s and 3.0.7. (#99364)Gregory P. Smith2022-11-111-2/+2
|
* gh-94682: Build and test with OpenSSL 1.1.1q (gh-94683)Christian Heimes2022-08-291-2/+2
|
* gh-93939: Build C extensions without setup.py (GH-94474)Christian Heimes2022-07-141-2/+2
| | | Combines GH-93940, GH-94452, and GH-94433
* gh-84623: Remove unused imports (#94132)Victor Stinner2022-06-221-1/+0
|
* bpo-47024: Update OpenSSL to 1.1.1n (GH-31895)Christian Heimes2022-03-151-2/+2
| | | Co-authored-by: Zachary Ware <zachary.ware@gmail.com>
* bpo-46106: Update OpenSSL to 1.1.1m (GH-30211)Kumar Aditya2021-12-221-1/+1
| | | Co-authored-by: Ned Deily <nad@python.org>
* bpo-46114: Fix OpenSSL version check for 3.0.1 (GH-30170)Christian Heimes2021-12-171-1/+1
|
* Fix out-of-tree build support for multissltest (GH-29694)Christian Heimes2021-11-221-4/+10
|
* bpo-38820: Test with OpenSSL 3.0.0 final (GH-28205)Christian Heimes2021-09-071-1/+5
| | | Signed-off-by: Christian Heimes <christian@python.org>
* bpo-45007: Update multissl to openssl 1.1.1l as well (GH-28044)Łukasz Langa2021-08-301-1/+1
| | | This was missed while upgrading CI.
* bpo-38820: Test with OpenSSL 3.0.0-beta1 (GH-26769)Christian Heimes2021-06-191-1/+1
| | | Signed-off-by: Christian Heimes <christian@python.org>
* bpo-38820: Test with OpenSSL 3.0.0-alpha17 (#26266)Christian Heimes2021-05-201-1/+1
|
* bpo-38820: Test with OpenSSL 3.0.0-alpha16 (GH-25942)Christian Heimes2021-05-061-44/+11
| | | Also use new make target to install FIPS provider.
* bpo-38820: Old OpenSSL 3.0.0 releases are in /old/3.0/ (GH-25624)Christian Heimes2021-04-261-5/+9
| | | Signed-off-by: Christian Heimes <christian@python.org>
* bpo-38820: Test with OpenSSL 3.0.0-alpha15 (GH-25537)Christian Heimes2021-04-231-1/+1
| | | Signed-off-by: Christian Heimes <christian@python.org>
* bpo-43669: PEP 644: Require OpenSSL 1.1.1 or newer (GH-23014)Christian Heimes2021-04-171-5/+1
| | | | | | | | | | | | | | | | | | | | | | | | - Remove HAVE_X509_VERIFY_PARAM_SET1_HOST check - Update hashopenssl to require OpenSSL 1.1.1 - multissltests only OpenSSL > 1.1.0 - ALPN is always supported - SNI is always supported - Remove deprecated NPN code. Python wrappers are no-op. - ECDH is always supported - Remove OPENSSL_VERSION_1_1 macro - Remove locking callbacks - Drop PY_OPENSSL_1_1_API macro - Drop HAVE_SSL_CTX_CLEAR_OPTIONS macro - SSL_CTRL_GET_MAX_PROTO_VERSION is always defined now - security level is always available now - get_num_tickets is available with TLS 1.3 - X509_V_ERR MISMATCH is always available now - Always set SSL_MODE_RELEASE_BUFFERS - X509_V_FLAG_TRUSTED_FIRST is always available - get_ciphers is always supported - SSL_CTX_set_keylog_callback is always available - Update Modules/Setup with static link example - Mention PEP in whatsnew - Drop 1.0.2 and 1.1.0 from GHA tests
* bpo-43788: Generate version specific _ssl_data.h (GH-25300)Christian Heimes2021-04-092-81/+115
| | | | | Signed-off-by: Christian Heimes <christian@python.org> Automerge-Triggered-By: GH:tiran
* bpo-43631: Update to OpenSSL 1.1.1k (GH-25024)Christian Heimes2021-03-301-1/+1
| | | | | | | | | | - [x] Build OpenSSL 1.1.1k for macOS - [x] Build OpenSSL 1.1.1k for Windows I have also updated multissl tester and various CI configurations to use latest OpenSSL. The versions were all over the place. Signed-off-by: Christian Heimes <christian@python.org> Automerge-Triggered-By: GH:tiran
* bpo-43466: Add --with-openssl-rpath configure option (GH-24820)Christian Heimes2021-03-191-10/+16
|
* bpo-41043: Escape literal part of the path for glob(). (GH-20994)Serhiy Storchaka2020-06-201-1/+1
|
* bpo-30008: Fix OpenSSL no-deprecated compilation (GH-20397)Christian Heimes2020-06-011-0/+1
| | | | | | | | | Fix :mod:`ssl`` code to be compatible with OpenSSL 1.1.x builds that use ``no-deprecated`` and ``--api=1.1.0``. Note: Tests assume full OpenSSL API and fail with limited API. Signed-off-by: Christian Heimes <christian@python.org> Co-authored-by: Mark Wright <gienah@gentoo.org>
* bpo-40457: Support OpenSSL without TLS 1.0/1.1 (GH-19862)Christian Heimes2020-05-161-4/+5
| | | | | | | | | | | OpenSSL can be build without support for TLS 1.0 and 1.1. The ssl module now correctly adheres to OPENSSL_NO_TLS1 and OPENSSL_NO_TLS1_1 flags. Also update multissltest to test with latest OpenSSL and LibreSSL releases. Signed-off-by: Christian Heimes <christian@python.org> Automerge-Triggered-By: @tiran
* bpo-40163: Fix multissltest download of old OpenSSL (GH-19329)Christian Heimes2020-05-151-11/+41
|
* bpo-40479: Test with latest OpenSSL versions (GH-20108)Christian Heimes2020-05-151-3/+58
| | | | | | | | | | | | | * 1.0.2u (EOL) * 1.1.0l (EOL) * 1.1.1g * 3.0.0-alpha2 (disabled for now) Build the FIPS provider and create a FIPS configuration file for OpenSSL 3.0.0. Signed-off-by: Christian Heimes <christian@python.org> Automerge-Triggered-By: @tiran
* closes bpo-40266, closes bpo-39953: Use numeric lib code if compiling ↵Benjamin Peterson2020-04-141-4/+8
| | | | against old OpenSSL. (GH-19506)
* closes bpo-39953: Generate ifdefs around library code definitions. (GH-19490)Benjamin Peterson2020-04-121-0/+2
|
* closes bpo-39953: Update OpenSSL error codes table. (GH-19082)Benjamin Peterson2020-04-111-9/+16
| | | I updated the error codes using the OpenSSL 1.1.1f source tree.
* closes bpo-40125: Update multissltests.py to use OpenSSL 1.1.1f. (GH-19248)Benjamin Peterson2020-03-311-1/+1
|
* bpo-38117: Test with OpenSSL 1.1.1d (GH-15983)Christian Heimes2019-09-111-5/+4
| | | Signed-off-by: Christian Heimes <christian@python.org>
* Fix typos in comments, docs and test names (#15018)Min ho Kim2019-07-301-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | * Fix typos in comments, docs and test names * Update test_pyparse.py account for change in string length * Apply suggestion: splitable -> splittable Co-Authored-By: Terry Jan Reedy <tjreedy@udel.edu> * Apply suggestion: splitable -> splittable Co-Authored-By: Terry Jan Reedy <tjreedy@udel.edu> * Apply suggestion: Dealloccte -> Deallocate Co-Authored-By: Terry Jan Reedy <tjreedy@udel.edu> * Update posixmodule checksum. * Reverse idlelib changes.
* bpo-34271: Fix compatibility with 1.0.2 (GH-13728)Christian Heimes2019-06-031-1/+2
| | | | | | Fix various compatibility issues with LibreSSL and OpenSSL 1.0.2 introduced by bpo-34271. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-37081: Test with OpenSSL 1.1.1c (GH-13631)Christian Heimes2019-06-031-3/+3
| | | Signed-off-by: Christian Heimes <christian@python.org>
* bpo-34670: Add TLS 1.3 post handshake auth (GH-9460)Christian Heimes2018-09-231-4/+4
| | | | | | | | | | Add SSLContext.post_handshake_auth and SSLSocket.verify_client_post_handshake for TLS 1.3 post-handshake authentication. Signed-off-by: Christian Heimes <christian@python.org>q https://bugs.python.org/issue34670
* bpo-33618: Enable TLS 1.3 in tests (GH-7079)Christian Heimes2018-05-231-8/+25
| | | | | | | | | | | | TLS 1.3 behaves slightly different than TLS 1.2. Session tickets and TLS client cert auth are now handled after the initialy handshake. Tests now either send/recv data to trigger session and client certs. Or tests ignore ConnectionResetError / BrokenPipeError on the server side to handle clients that force-close the socket fd. To test TLS 1.3, OpenSSL 1.1.1-pre7-dev (git master + OpenSSL PR https://github.com/openssl/openssl/pull/6340) is required. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-33570: TLS 1.3 ciphers for OpenSSL 1.1.1 (GH-6976)Christian Heimes2018-05-221-4/+4
| | | | | | | | | | Change TLS 1.3 cipher suite settings for compatibility with OpenSSL 1.1.1-pre6 and newer. OpenSSL 1.1.1 will have TLS 1.3 cipers enabled by default. Also update multissltests and Travis config to test with latest OpenSSL. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-33522: Enable CI builds on Visual Studio Team Services (#6865)Steve Dower2018-05-161-2/+12
|
* bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210)Christian Heimes2018-03-241-1/+1
| | | | | | | | | | LibreSSL 2.7 introduced OpenSSL 1.1.0 API. The ssl module now detects LibreSSL 2.7 and only provides API shims for OpenSSL < 1.1.0 and LibreSSL < 2.7. Documentation updates and fixes for failing tests will be provided in another patch set. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-32947: OpenSSL 1.1.1-pre1 / TLS 1.3 fixes (#5663)Christian Heimes2018-02-271-9/+5
| | | | | | | | | | | | | | | | | | * bpo-32947: OpenSSL 1.1.1-pre1 / TLS 1.3 fixes Misc fixes and workarounds for compatibility with OpenSSL 1.1.1-pre1 and TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by default. Some test cases only apply to TLS 1.2. Other tests currently fail because the threaded or async test servers stop after failure. I'm going to address these issues when OpenSSL 1.1.1 reaches beta. OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS 1.3. The feature is enabled by default for maximum compatibility with broken middle boxes. Users should be able to disable the hack and CPython's test suite needs it to verify default options. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-32549: Compile OpenSSL 1.1.0 on Travis CI (#5180)Christian Heimes2018-01-161-52/+69
| | | | | | Use an improved version of multissl test helper to compile a local copy of OpenSSL 1.1.0g. Signed-off-by: Christian Heimes <christian@python.org>
* Update multissltests: 1.0.2m, 1.1.0g (#4232)Christian Heimes2017-11-021-3/+2
|
* bpo-31392: Update SSL build for 1.1.0 (#3448)Steve Dower2017-09-091-70/+0
|
* Update multissl test helper (#3349)Christian Heimes2017-09-072-241/+430
| | | Signed-off-by: Christian Heimes <christian@python.org>
* Closes #27904: Improved logging statements to defer formatting until needed.Vinay Sajip2016-08-311-3/+3
|
* Issue #23248: Update ssl error codes from latest OpenSSL git master.Antoine Pitrou2015-01-181-19/+38
|\
generated by cgit v0.12 at 2024-11-25 13:53:27 (GMT)