summaryrefslogtreecommitdiff
path: root/Modules/_ssl.c
Commit message (Collapse)AuthorAgeFilesLines
...
* | Issue #19227 / Issue #18747: Remove pthread_atfork() handler to remove ↵Christian Heimes2013-10-291-67/+0
|\ \ | |/ | | | | | | | | OpenSSL re-seeding It is causing trouble like e.g. hanging processes.
| * Issue #19227 / Issue #18747: Remove pthread_atfork() handler to remove ↵Christian Heimes2013-10-291-67/+0
| | | | | | | | | | | | OpenSSL re-seeding It is causing trouble like e.g. hanging processes.
* | #19227: merge with 3.3Georg Brandl2013-10-271-7/+8
|\ \ | |/
| * Issue #19227: Try to fix deadlocks caused by re-seeding then OpenSSLGeorg Brandl2013-10-271-7/+8
| | | | | | | | pseudo-random number generator on fork().
* | Properly initialize all fields of a SSL object after allocation.Antoine Pitrou2013-09-291-0/+1
|\ \ | |/
| * Properly initialize all fields of a SSL object after allocation.Antoine Pitrou2013-09-291-0/+1
| |
* | Issue #19095: SSLSocket.getpeercert() now raises ValueError when the SSL ↵Antoine Pitrou2013-09-291-1/+9
| | | | | | | | handshake hasn't been done.
* | Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in ↵Christian Heimes2013-09-051-1/+1
|\ \ | |/ | | | | GEN_EMAIL/GEN_URI/GEN_DNS case
| * Issue #18709: GCC 4.6 complains that 'v' may be used uninitialized in ↵Christian Heimes2013-09-051-1/+1
| | | | | | | | GEN_EMAIL/GEN_URI/GEN_DNS case
* | Issue #18571: Implementation of the PEP 446: file descriptors and file handlesVictor Stinner2013-08-281-1/+1
| | | | | | | | | | are now created non-inheritable; add functions os.get/set_inheritable(), os.get/set_handle_inheritable() and socket.socket.get/set_inheritable().
* | Issue #18747: Fix spelling errors in my commit message and comments,Christian Heimes2013-08-251-2/+2
|\ \ | |/ | | | | thanks to Vajrasky Kok for proof-reading.
| * Issue #18747: Fix spelling errors in my commit message and comments,Christian Heimes2013-08-251-2/+2
| | | | | | | | thanks to Vajrasky Kok for proof-reading.
* | Fix compiler warning on Windows.Richard Oudkerk2013-08-241-1/+1
| |
* | Issue #18747: Use a parent atfork handler instead of a child atfork handler.Christian Heimes2013-08-221-12/+9
|\ \ | |/ | | | | fork() is suppose to be async-signal safe but the handler calls unsafe functions. A parent handler mitigates the issue.
| * Issue #18747: Use a parent atfork handler instead of a child atfork handler.Christian Heimes2013-08-221-12/+9
| | | | | | | | fork() is suppose to be async-signal safe but the handler calls unsafe functions. A parent handler mitigates the issue.
* | Issue #18747: Re-seed OpenSSL's pseudo-random number generator after fork.Christian Heimes2013-08-211-0/+72
|\ \ | |/ | | | | | | A pthread_atfork() child handler is used to seeded the PRNG with pid, time and some stack data.
| * Issue #18747: Re-seed OpenSSL's pseudo-random number generator after fork.Christian Heimes2013-08-211-0/+72
| | | | | | | | | | A pthread_atfork() child handler is used to seeded the PRNG with pid, time and some stack data.
* | Issue #18777: The ssl module now uses the new CRYPTO_THREADID API ofChristian Heimes2013-08-191-1/+17
|\ \ | |/ | | | | OpenSSL 1.0.0+ instead of the deprecated CRYPTO id callback function.
| * Issue #18777: The ssl module now uses the new CRYPTO_THREADID API ofChristian Heimes2013-08-191-1/+17
| | | | | | | | OpenSSL 1.0.0+ instead of the deprecated CRYPTO id callback function.
* | Issue 18768: Correct doc string of RAND_edg(). Patch by Vajrasky Kok.Christian Heimes2013-08-171-1/+1
|\ \ | |/
| * Issue 18768: Correct doc string of RAND_edg(). Patch by Vajrasky Kok.Christian Heimes2013-08-171-1/+1
| |
* | Issue #18768: coding style nitpick. Thanks to Vajrasky KokChristian Heimes2013-08-171-1/+1
|\ \ | |/
| * Issue #18768: coding style nitpick. Thanks to Vajrasky KokChristian Heimes2013-08-171-1/+1
| |
* | #18466: merge with 3.3.Ezio Melotti2013-08-171-1/+1
|\ \ | |/
| * #18466: fix more typos. Patch by Févry Thibault.Ezio Melotti2013-08-171-1/+1
| |
* | Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytesChristian Heimes2013-08-171-5/+59
|\ \ | |/ | | | | | | | | | | inside subjectAltName correctly. Formerly the module has used OpenSSL's GENERAL_NAME_print() function to get the string represention of ASN.1 strings for rfc822Name (email), dNSName (DNS) and uniformResourceIdentifier (URI).
| * Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytesChristian Heimes2013-08-171-5/+59
| | | | | | | | | | | | | | inside subjectAltName correctly. Formerly the module has used OpenSSL's GENERAL_NAME_print() function to get the string represention of ASN.1 strings for rfc822Name (email), dNSName (DNS) and uniformResourceIdentifier (URI).
* | Check return value of PyLong_FromLong(X509_get_version()). It might be NULL ifChristian Heimes2013-07-261-0/+2
|\ \ | |/ | | | | | | X509_get_version() grows beyond our small int cache. CID 1058279
| * Check return value of PyLong_FromLong(X509_get_version()). It might be NULL ifChristian Heimes2013-07-261-0/+2
| | | | | | | | | | X509_get_version() grows beyond our small int cache. CID 1058279
* | Issue #18203: Replace malloc() with PyMem_Malloc() in _ssl for the passwordVictor Stinner2013-07-071-4/+4
| |
* | Issue #18203: Replace malloc() with PyMem_Malloc() in Python modulesVictor Stinner2013-07-071-2/+2
| | | | | | | | | | Replace malloc() with PyMem_Malloc() when the GIL is held, or with PyMem_RawMalloc() otherwise.
* | _ssl.c: strip trailing spacesVictor Stinner2013-06-251-3/+3
| |
* | (Merge 3.3) Issue #18135: ssl.SSLSocket.write() now raises an OverflowError ifVictor Stinner2013-06-251-2/+7
|\ \ | |/ | | | | | | | | the input string in longer than 2 gigabytes, and ssl.SSLContext.load_cert_chain() raises a ValueError if the password is longer than 2 gigabytes. The ssl module does not support partial write.
| * Issue #18135: ssl.SSLSocket.write() now raises an OverflowError if the inputVictor Stinner2013-06-251-2/+7
| | | | | | | | | | | | string in longer than 2 gigabytes, and ssl.SSLContext.load_cert_chain() raises a ValueError if the password is longer than 2 gigabytes. The ssl module does not support partial write.
* | (Merge 3.3) Issue #18135: Fix a possible integer overflow inVictor Stinner2013-06-231-10/+16
|\ \ | |/ | | | | | | ssl.SSLSocket.write() and in ssl.SSLContext.load_cert_chain() for strings and passwords longer than 2 gigabytes.
| * Issue #18135: Fix a possible integer overflow in ssl.SSLSocket.write()Victor Stinner2013-06-231-5/+11
| | | | | | | | | | and in ssl.SSLContext.load_cert_chain() for strings and passwords longer than 2 gigabytes.
| * _ssl.c: strip trailing spacesVictor Stinner2013-06-231-5/+5
| |
* | Issue #18147: Add diagnostic functions to ssl.SSLContext().Christian Heimes2013-06-171-17/+127
| | | | | | | | | | get_ca_list() lists all loaded CA certificates and cert_store_stats() returns amount of loaded X.509 certs, X.509 CA certs and CRLs.
* | Simplify return value of ssl.get_default_verify_pathsChristian Heimes2013-06-141-11/+3
| | | | | | | | prefix function with PySSL_, too. Other module level functions have a prefix, too.
* | fixd refleakChristian Heimes2013-06-101-1/+9
| |
* | Issue #17134: Add ssl.enum_cert_store() as interface to Windows' cert store.Christian Heimes2013-06-091-0/+132
| |
* | get_default_verify_paths doesn't belong inside the ifdef blockChristian Heimes2013-06-091-1/+1
| |
* | Issue #18143: Implement ssl.get_default_verify_paths() in order to debugChristian Heimes2013-06-091-0/+42
| | | | | | | | the default locations for cafile and capath.
* | Fix compilation under MSVC: ssl_set_mode() is a macro, and the MSVC ↵Antoine Pitrou2013-05-251-3/+4
| | | | | | | | | | | | preprocessor doesn't process #ifdef's inside a macro argument list. (found explanation at http://www.tech-archive.net/Archive/VC/microsoft.public.vc.language/2007-05/msg00385.html)
* | Issue #8240: Set the SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER flag on SSL sockets.Antoine Pitrou2013-05-251-1/+3
| |
* | Fix a crash when setting a servername callback on a SSL server socket and ↵Antoine Pitrou2013-04-111-12/+18
| | | | | | | | | | | | | | the client doesn't send a server name. Patch by Kazuhiro Yoshida. (originally issue #8109)
* | Fix comment about the OpenSSL version in which SNI version was introduced.Antoine Pitrou2013-03-301-1/+1
| |
* | Improve set_servername_callback docstring.Antoine Pitrou2013-03-301-3/+3
| |
* | Fix previous fix (the cause was actually a misplaced #endif, or so it seems)Antoine Pitrou2013-03-301-3/+1
| |
* | Further compiling fixes (issue #17581)Antoine Pitrou2013-03-301-1/+4
| |
View Lorry Controller Status