delta/cpython-git.git/Tools/ssl, branch fix-namedexpr-comment

bpo-38117: Test with OpenSSL 1.1.1d (GH-15983)

2019-09-11T16:45:52+00:00

Signed-off-by: Christian Heimes

Fix typos in comments, docs and test names (#15018)

2019-07-30T22:16:13+00:00

* Fix typos in comments, docs and test names

* Update test_pyparse.py

account for change in string length

* Apply suggestion: splitable -> splittable

Co-Authored-By: Terry Jan Reedy 

* Apply suggestion: splitable -> splittable

Co-Authored-By: Terry Jan Reedy 

* Apply suggestion: Dealloccte -> Deallocate

Co-Authored-By: Terry Jan Reedy 

* Update posixmodule checksum.

* Reverse idlelib changes.

bpo-34271: Fix compatibility with 1.0.2 (GH-13728)

2019-06-03T18:40:15+00:00

Fix various compatibility issues with LibreSSL and OpenSSL 1.0.2
introduced by bpo-34271.

Signed-off-by: Christian Heimes

bpo-37081: Test with OpenSSL 1.1.1c (GH-13631)

2019-06-03T18:10:19+00:00

Signed-off-by: Christian Heimes

bpo-34670: Add TLS 1.3 post handshake auth (GH-9460)

2018-09-23T06:32:31+00:00

Add SSLContext.post_handshake_auth and
SSLSocket.verify_client_post_handshake for TLS 1.3 post-handshake
authentication.

Signed-off-by: Christian Heimes q


https://bugs.python.org/issue34670

bpo-33618: Enable TLS 1.3 in tests (GH-7079)

2018-05-23T20:24:45+00:00

TLS 1.3 behaves slightly different than TLS 1.2. Session tickets and TLS
client cert auth are now handled after the initialy handshake. Tests now
either send/recv data to trigger session and client certs. Or tests
ignore ConnectionResetError / BrokenPipeError on the server side to
handle clients that force-close the socket fd.

To test TLS 1.3, OpenSSL 1.1.1-pre7-dev (git master + OpenSSL PR
https://github.com/openssl/openssl/pull/6340) is required.

Signed-off-by: Christian Heimes

bpo-33570: TLS 1.3 ciphers for OpenSSL 1.1.1 (GH-6976)

2018-05-22T20:50:12+00:00

Change TLS 1.3 cipher suite settings for compatibility with OpenSSL
1.1.1-pre6 and newer. OpenSSL 1.1.1 will have TLS 1.3 cipers enabled by
default.

Also update multissltests and Travis config to test with latest OpenSSL.

Signed-off-by: Christian Heimes

bpo-33522: Enable CI builds on Visual Studio Team Services (#6865)

2018-05-16T21:50:29+00:00

bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210)

2018-03-24T14:41:37+00:00

LibreSSL 2.7 introduced OpenSSL 1.1.0 API. The ssl module now detects
LibreSSL 2.7 and only provides API shims for OpenSSL < 1.1.0 and
LibreSSL < 2.7.

Documentation updates and fixes for failing tests will be provided in
another patch set.

Signed-off-by: Christian Heimes

bpo-32947: OpenSSL 1.1.1-pre1 / TLS 1.3 fixes (#5663)

2018-02-27T07:55:39+00:00

* bpo-32947: OpenSSL 1.1.1-pre1 / TLS 1.3 fixes

Misc fixes and workarounds for compatibility with OpenSSL 1.1.1-pre1 and
TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
default. Some test cases only apply to TLS 1.2. Other tests currently
fail because the threaded or async test servers stop after failure.

I'm going to address these issues when OpenSSL 1.1.1 reaches beta.

OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
1.3. The feature is enabled by default for maximum compatibility with
broken middle boxes. Users should be able to disable the hack and CPython's test suite needs
it to verify default options.

Signed-off-by: Christian Heimes