delta/cpython-git.git/Modules/_ssl.c, branch fix-namedexpr-comment

bpo-38820: OpenSSL 3.0.0 compatibility. (GH-17190)

2019-12-07T16:59:36+00:00

test_openssl_version now accepts version 3.0.0.

getpeercert() no longer returns IPv6 addresses with a trailing new line.

Signed-off-by: Christian Heimes 


https://bugs.python.org/issue38820

bpo-37206: Unrepresentable default values no longer represented as None. (GH-13933)

2019-09-14T09:24:05+00:00

In ArgumentClinic, value "NULL" should now be used only for unrepresentable default values
(like in the optional third parameter of getattr). "None" should be used if None is accepted
as argument and passing None has the same effect as not passing the argument at all.

bpo-35941: Fix performance regression in new code (GH-12610)

2019-09-09T16:06:55+00:00

Accumulate certificates in a set instead of doing a costly list contain
operation. A Windows cert store can easily contain over hundred
certificates. The old code would result in way over 5,000 comparison
operations

Signed-off-by: Christian Heimes

bpo-37702: Fix SSL's certificate-store leak on Windows (GH-15632)

2019-09-09T12:33:43+00:00

ssl_collect_certificates function in _ssl.c has a memory leak.
Calling CertOpenStore() and CertAddStoreToCollection(), a store's refcnt gets incremented by 2.
But CertCloseStore() is called only once and the refcnt leaves 1.

Replace usage of the obscure PEM_read_bio_X509_AUX with the more standard PEM_read_bio_X509 (GH-15303)

2019-08-15T12:31:28+00:00

X509_AUX is an odd, note widely used, OpenSSL extension to the X509 file format. This function doesn't actually use any of the extra metadata that it parses, so just use the standard API.

Automerge-Triggered-By: @tiran

bpo-37648: Fixed minor inconsistency in some contains. (GH-14904)

2019-08-04T11:12:48+00:00

The collection's item is now always at the left and
the needle is on the right of ==.

bpo-37120: Fix _ssl get_num_tickets() (GH-14668)

2019-07-09T11:30:52+00:00

Replace PyLong_FromLong() with PyLong_FromSize_t():
SSL_CTX_get_num_tickets() return type is size_t.


https://bugs.python.org/issue37120

bpo-37428: Don't set PHA verify flag on client side (GH-14421)

2019-07-01T06:29:17+00:00

SSLContext.post_handshake_auth = True no longer sets
SSL_VERIFY_POST_HANDSHAKE verify flag for client connections. Although the
option is documented as ignored for clients, OpenSSL implicitly enables cert
chain validation when the flag is set.

Signed-off-by: Christian Heimes 



https://bugs.python.org/issue37428

bpo-37120: Add SSLContext.num_tickets (GH-13719)

2019-06-03T19:00:10+00:00

Signed-off-by: Christian Heimes

bpo-34271: Add ssl debugging helpers (GH-10031)

2019-05-31T09:44:05+00:00

The ssl module now can dump key material to a keylog file and trace TLS
protocol messages with a tracing callback. The default and stdlib
contexts also support SSLKEYLOGFILE env var.

The msg_callback and related enums are private members. The feature
is designed for internal debugging and not for end users.

Signed-off-by: Christian Heimes