Commit Graph

47 Commits

Author SHA1 Message Date
Christian Heimes
d988f429fe Issues #27850 and #27766: Remove 3DES from ssl default cipher list and add ChaCha20 Poly1305. 2016-09-06 20:06:47 +02:00
Christian Heimes
c2fc7c4f53 Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0. 2016-09-05 23:37:13 +02:00
Steve Dower
90c9b40c71 Issue #27114: Fix SSLContext._load_windows_store_certs fails with PermissionError 2016-05-26 12:17:21 -07:00
Martin Panter
d524b705af Issue #23804: Fix SSL recv/read(0) to not return 1024 bytes 2016-03-28 00:22:09 +00:00
Nick Coghlan
dbcd457624 Issue #23857: Implement PEP 493
Adds a Python-2-only ssl module API and environment variable to
configure the default handling of SSL/TLS certificates for
HTTPS connections.
2016-03-20 22:39:15 +10:00
Steve Dower
9cb2074fe4 Issue #26313: ssl.py _load_windows_store_certs fails if windows cert store is empty. Patch by Baji. 2016-03-17 15:02:19 -07:00
Benjamin Peterson
b10d50eb90 use _import_symbols to import VERIFY_* constants 2015-03-04 23:18:57 -05:00
Benjamin Peterson
a0dd7dc1b0 remove rc4 from the default client ciphers (closes #23481) 2015-02-19 17:57:08 -05:00
Benjamin Peterson
b10bfbe036 pep 466 backport of alpn (#20188) 2015-01-23 16:35:37 -05:00
Victor Stinner
7c90667f74 Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The
availability of the function is checked during the compilation. Patch written
by Bernard Spil.
2015-01-06 13:53:37 +01:00
Benjamin Peterson
e3e7d40514 pep 476: verify certificates by default (#22417) 2014-11-23 21:02:02 -06:00
Benjamin Peterson
31aa69ead5 allow hostname to be passed to SSLContext even if OpenSSL doesn't support SNI (closes #22921)
Patch from Donald Stufft.
2014-11-23 20:13:31 -06:00
Benjamin Peterson
5f6b89bda3 initialize _makefile_refs earlier so things don't blow up when close() is called in the constructor 2014-11-23 11:16:48 -06:00
Antoine Pitrou
95b616480e Backport disabling of SSLv3 in ssl._create_stdlib_context() (issue #22638).
The backport currently doesn't achieve anything since the function isn't used (yet).
2014-10-17 19:28:30 +02:00
Benjamin Peterson
0b30a2bd27 also use openssl envvars to find certs on windows (closes #22449)
Patch by Christian Heimes and Alex Gaynor.
2014-10-03 17:27:05 -04:00
Benjamin Peterson
2f33456e41 fix sslwrap_simple (closes #22523)
Thanks Alex Gaynor.
2014-10-01 23:53:01 -04:00
Alex Gaynor
e98205d798 Issue #20421: Add a .version() method to SSL sockets exposing the actual protocol version in use.
Backport from default.
2014-09-04 13:33:22 -07:00
Benjamin Peterson
daeb925cc8 backport many ssl features from Python 3 (closes #21308)
A contribution of Alex Gaynor and David Reid with the generous support of
Rackspace. May God have mercy on their souls.
2014-08-20 14:14:50 -05:00
Antoine Pitrou
63cc99d9a6 Issue #19422: Explicitly disallow non-SOCK_STREAM sockets in the ssl module, rather than silently let them emit clear text data. 2013-12-28 17:26:33 +01:00
Antoine Pitrou
f16ff7bc21 Issue #17918: When using SSLSocket.accept(), if the SSL handshake failed on the new socket, the socket would linger indefinitely.
Thanks to Peter Saveliev for reporting.
2013-05-06 22:19:48 +02:00
Antoine Pitrou
40f12ab0c5 Backport Python 3.2 fix for issue #12065, and add another test for SSLSocket.connect_ex(). 2012-12-28 19:03:43 +01:00
Antoine Pitrou
d76088d972 Issue #13636: Weak ciphers are now disabled by default in the ssl module
(except when SSLv2 is explicitly asked for).
2012-01-03 22:46:48 +01:00
Victor Stinner
b1241f9619 (Merge 3.1) Issue #12012: ssl.PROTOCOL_SSLv2 becomes optional
OpenSSL is now compiled with OPENSSL_NO_SSL2 defined (without the SSLv2
protocol) on Debian: fix the ssl module on Debian Testing and Debian Sid.

Optimize also ssl.get_protocol_name(): speed does matter!
2011-05-10 01:52:03 +02:00
Antoine Pitrou
d3f6ea1d1e Merged revisions 88664 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r88664 | antoine.pitrou | 2011-02-27 00:24:06 +0100 (dim., 27 févr. 2011) | 4 lines

  Issue #11326: Add the missing connect_ex() implementation for SSL sockets,
  and make it work for non-blocking connects.
........
2011-02-26 23:35:27 +00:00
Antoine Pitrou
f7f390a251 Issue #9729: Fix the signature of SSLSocket.recvfrom() and
SSLSocket.sendto() to match the corresponding socket methods.  Also,
fix various SSLSocket methods to raise socket.error rather than an
unhelpful TypeError when called on an unconnected socket.  Original patch
by Andrew Bennetts.

NOTE: obviously, these methods are untested and unused in the real world...
2010-09-14 14:37:18 +00:00