summaryrefslogtreecommitdiff
path: root/Modules/_ssl.c
Commit message (Collapse)AuthorAgeFilesLines
* [3.5] bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) (#10994)Alex Viscreanu2019-02-281-8/+17
| | | | | | | | | | | | * bpo-33127: Compatibility patch for LibreSSL 2.7.0 (GH-6210) LibreSSL 2.7 introduced OpenSSL 1.1.0 API. The ssl module now detects LibreSSL 2.7 and only provides API shims for OpenSSL < 1.1.0 and LibreSSL < 2.7. Documentation updates and fixes for failing tests will be provided in another patch set. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-35746: Fix segfault in ssl's cert parser (GH-11569) (#11867)Victor Stinner2019-02-251-0/+4
| | | | | | | | | | | | Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL distribution points with empty DP or URI correctly. A malicious or buggy certificate can result into segfault. Vulnerability (TALOS-2018-0758) reported by Colin Read and Nicolas Edet of Cisco. Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit a37f52436f9aa4b9292878b72f3ff1480e2606c3)
* bpo-31095: fix potential crash during GC (GH-2974) (#3196)INADA Naoki2017-09-261-0/+2
| | | (cherry picked from commit a6296d34a478b4f697ea9db798146195075d496c)
* [3.5] bpo-30594: Fixed refcounting in newPySSLSocket (GH-1992) (#1993)Nathaniel J. Smith2017-06-081-2/+1
| | | | If pass a server_hostname= that fails IDNA decoding to SSLContext.wrap_socket or SSLContext.wrap_bio, then the SSLContext object had a spurious Py_DECREF called on it, eventually leading to segfaults. (cherry picked from commit 65ece7ca2366308fa91a39a8dfa255e6bdce3cca)
* [3.5] bpo-29738: Fix memory leak in _get_crl_dp (GH-526) (GH-1143)Mariatta2017-04-141-7/+1
| | | | | | | | | * Remove conditional on free of `dps`, since `dps` is now allocated for all versions of OpenSSL * Remove call to `x509_check_ca` since it was only used to cache the `crldp` field of the certificate CRL_DIST_POINTS_free is available in all supported versions of OpenSSL (recent 0.9.8+) and LibreSSL. (cherry picked from commit 2849cc34a8db93d448a62d69c462402347b50dcb)
* bpo-29697: Don't use OpenSSL <1.0.2 fallback on 1.1+ (GH-398)Donald Stufft2017-03-021-2/+2
|
* Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name ↵Christian Heimes2016-09-061-1/+34
| | | | fields in X.509 certs.
* Issue #26470: Use short name rather than name for compression name to fix ↵Christian Heimes2016-09-061-6/+1
| | | | #27958.
* Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0.Christian Heimes2016-09-051-45/+136
|
* fix corner cases in the management of server_hostname (closes #27773)Benjamin Peterson2016-08-151-6/+4
|
* socket: use INVALID_SOCKETVictor Stinner2016-07-221-2/+6
| | | | | | | | * Replace "fd = -1" with "fd = INVALID_SOCKET" * Replace "fd < 0" with "fd == INVALID_SOCKET": SOCKET_T is unsigned on Windows Bug found by Pavel Belikov ("Fragment N1"): http://www.viva64.com/en/b/0414/#ID0ECDAE
* Issue #23804: Fix SSL zero-length recv() calls to not block and raise EOFMartin Panter2016-07-111-0/+8
|
* Issue #27332: Fixed the type of the first argument of module-level functionsSerhiy Storchaka2016-07-071-22/+22
| | | | generated by Argument Clinic. Patch by Petr Viktorin.
* assume egd unless OPENSSL_NO_EGD is defined—remove configure check (closes ↵Benjamin Peterson2016-07-061-2/+2
| | | | #24557)
* Fix unused variable 'libver' warning in Modules/_ssl.cBerker Peksag2016-04-141-0/+2
| | | | | | | | | It can be seen on various buildbots like 3.x.cea-indiana-amd64 and 3.x.murray-snowleopard: /export/home/buildbot/64bits/3.x.cea-indiana-amd64/build/Modules/_ssl.c:2227: warning: unused variable 'libver' /Users/buildbot/buildarea/3.x.murray-snowleopard/build/Modules/_ssl.c:2227: warning: unused variable ‘libver’
* Issue #26200: Added Py_SETREF and replaced Py_XSETREF with Py_SETREFSerhiy Storchaka2016-04-101-1/+1
| | | | in places where Py_DECREF was used.
* Issue #22570: Renamed Py_SETREF to Py_XSETREF.Serhiy Storchaka2016-04-061-2/+2
|
* Issue #26644: Raise ValueError for negative SSLSocket.recv() and read()Martin Panter2016-03-271-0/+5
|
* merge 3.4 (closes #25939)Benjamin Peterson2016-02-171-2/+6
|\
| * open the cert store readonlyBenjamin Peterson2016-02-171-2/+6
| | | | | | | | Patch from Chi Hsuan Yen.
* | enable SSL_MODE_RELEASE_BUFFERSBenjamin Peterson2016-01-071-0/+17
| | | | | | | | Patch by Cory Benfield.
* | Issue #20440: Massive replacing unsafe attribute setting code with specialSerhiy Storchaka2015-12-241-4/+2
| | | | | | | | macro Py_SETREF.
* | merge 3.4 (#25578)Benjamin Peterson2015-11-141-2/+5
|\ \ | |/
| * rm trailing wsBenjamin Peterson2015-11-141-1/+1
| |
| * fix possible memory lea k in _get_aia_uri (closes #25578)Benjamin Peterson2015-11-141-1/+4
| |
* | merge 3.4 (#25569)Benjamin Peterson2015-11-141-1/+1
|\ \ | |/
| * fix build with older openssl (#25569)Benjamin Peterson2015-11-141-1/+1
| |
* | merge 3.4 (#25530)Benjamin Peterson2015-11-111-0/+2
|\ \ | |/
| * always set OP_NO_SSLv3 by default (closes #25530)Benjamin Peterson2015-11-111-0/+2
| |
* | merge 3.5 (#25569)Benjamin Peterson2015-11-111-28/+24
|\ \ | |/
| * fix memory leak in _get_crl_dp (closes #25569)Benjamin Peterson2015-11-111-28/+24
| | | | | | | | Patch started by Stéphane Wirtel.
* | Issue #25523: Further a-to-an corrections new in 3.5.Serhiy Storchaka2015-11-021-1/+1
| |
* | Issue #25523: Merge a-to-an corrections from 3.4.Serhiy Storchaka2015-11-021-1/+1
|\ \ | |/
| * Issue #25523: Further a-to-an corrections.Serhiy Storchaka2015-11-021-1/+1
| |
* | detect alpn by feature flag not openssl version (closes #23329)Benjamin Peterson2015-09-271-2/+1
| |
* | merge 3.4 (#24655)Benjamin Peterson2015-07-181-7/+7
|\ \ | |/
| * improve style of the convert macro (#24655)Benjamin Peterson2015-07-181-7/+7
| | | | | | | | Patch by Brian Cain.
* | Issue #24001: Argument Clinic converters now use accept={type}Larry Hastings2015-05-041-4/+4
| | | | | | | | instead of types={'type'} to specify the types the converter accepts.
* | Issue #20179: Converted the _ssl module to Argument Clinic.Serhiy Storchaka2015-05-031-479/+541
| |
* | Issue #23853: Methods of SSL socket don't reset the socket timeout anymore eachVictor Stinner2015-04-061-17/+65
| | | | | | | | | | | | | | | | time bytes are received or sent. The socket timeout is now the maximum total duration of the method. This change fixes a denial of service if the application is regulary interrupted by a signal and the signal handler does not raise an exception.
* | merge 3.4 (#23875)Benjamin Peterson2015-04-061-2/+2
|\ \ | |/
| * remove extra arguments in arg parsing format codes (closes #23875)Benjamin Peterson2015-04-061-2/+2
| |
* | Issue #23853: Cleanup _ssl.cVictor Stinner2015-04-021-45/+50
| | | | | | | | | | | | * Rename check_socket_and_wait_for_timeout() to PySSL_select() * PySSL_select() is now clearly splitted betwen poll() and select() * Add empty lines for readability
* | Issue #22117: Replace usage of _PyTime_ROUND_UP with _PyTime_ROUND_CEILINGVictor Stinner2015-03-301-2/+2
| | | | | | | | | | All these functions only accept positive timeouts, so this change has no effect in practice.
* | Issue #22117: Fix usage of _PyTime_AsTimeval()Victor Stinner2015-03-301-3/+1
| | | | | | | | | | Add _PyTime_AsTimeval_noraise() function. Call it when it's not possible (or not useful) to raise a Python exception on overflow.
* | Issue #22117: Fix ssl to use _PyTime_t API on sock_timeoutVictor Stinner2015-03-281-11/+14
| | | | | | | | I didn't notice that the ssl module uses private attributes of socket objects.
* | Issue #23001: Few functions in modules mmap, ossaudiodev, socket, ssl, andSerhiy Storchaka2015-03-201-2/+6
| | | | | | | | | | codecs, that accepted only read-only bytes-like object now accept writable bytes-like object too.
* | Issue #23694: Enhance _Py_fopen(), it now raises an exception on errorVictor Stinner2015-03-181-4/+2
| | | | | | | | | | * If fopen() fails, OSError is raised with the original filename object. * The GIL is now released while calling fopen()
* | merge 3.4Benjamin Peterson2015-03-041-0/+4
|\ \ | |/
| * expose X509_V_FLAG_TRUSTED_FIRSTBenjamin Peterson2015-03-041-0/+4
| |
View Lorry Controller Status