summaryrefslogtreecommitdiff
path: root/src/OpenSSL/SSL.py
Commit message (Collapse)AuthorAgeFilesLines
* Use autodoc for SSL.ConnectiondocstringsAlex Chan2018-02-131-75/+121
|
* Use autodoc for the SSL.Context classAlex Chan2018-02-131-37/+114
|
* Export keying material support (#725)Paul Kehrer2017-11-301-0/+24
| | | | | | | | | | | | | | * added method to export keying material from an ssl connection * updated tests to use bytestrings to avoid breaking python3 tests * added additional comments to test * simplify export_keying_material * add changelog * address review feedback
* fix a memory leak and a potential UAF and also #722 (#723)Paul Kehrer2017-11-301-2/+3
| | | | | | | | * fix a memory leak and a potential UAF and also #722 * sanity check * bump cryptography minimum version, add changelog
* define __all__ to make wildcard import work (#719)Nicolas Karolak2017-11-261-0/+89
|
* Don't use things after they're freed...duh (#709)Alex Gaynor2017-11-201-5/+2
| | | | | | | | * Don't use things after they're freed...duh * changelog * more details
* fix errors with latest flake8 (#710)Alex Gaynor2017-11-201-4/+4
| | | | | | | | | | * fix errors with latest flake8 * Also fix the macOS builds * fix? * allow urllib3 to fail for now
* Improve documentation for passphrase callback (#703)Diego Fernandez2017-10-121-1/+1
| | | Address issue #701
* fix #664 (#665)Paul Kehrer2017-07-191-2/+4
| | | | | | | | | | | | * fix #664 bytes and strings are different things. * update changelog * let's just make the sentinel values byte strings * flake8
* Kill some commented out code and other cleanups (#649)Alex Gaynor2017-06-301-9/+2
|
* Kill dead code (#647)Alex Gaynor2017-06-291-6/+5
| | | | | | | | | | * Simplify code * dead code * unused... * write imports normally
* try loading trusted certs from a list of fallbacks (#633)Paul Kehrer2017-06-291-0/+78
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * try loading trusted certs from a list of fallbacks pyca/cryptography will shortly begin shipping a wheel. Since SSL_CTX_set_default_verify_paths uses a hardcoded path compiled into the library, this will start failing to load the proper certificates for users on many linux distributions. To avoid this we can use the Go solution of iterating over a list of potential candidates and loading it when found. * capath is lazy loaded so we need to do a lot more checks This now checks to see if env vars are set as well as seeing if the dir exists and has valid certs in it. If either of those are true (or the number of certs is > 0) it won't load the fallback. If it does do the fallback it will also attempt to load certs from a dir as a final fallback * remove an early return * this shouldn't be commented out * oops * very limited testing * sigh, can't use these py3 exceptions of course * expand the tests a bit * coverage! * don't need this now * change the approach to use a pyca/cryptography guard value * test fix * older python sometimes calls itself linux2 * flake8 * add changelog * coverage * slash opt
* Fixed #486 -- deprecate the backwards compat names (#643)Alex Gaynor2017-06-291-2/+11
| | | | | | | | * Fixed #486 -- deprecate the backwards compat names * remove the docs for these, pretend they don't exist * CHANGELOG
* Limit SSL_write bufsize to avoid OverflowErrors (#603)Maximilian Hils2017-02-101-1/+9
| | | | | | * limit SSL_write bufsize to avoid OverflowErrors * fix .send() truncation, add test
* Prevent _PassphraseHelper.raise_if_problem() from eating exceptions (#581)Greg Bowser2017-01-251-5/+4
| | | | | | | | | | | | | | | | | | | | | | | * Modify tests to detect empty crypto.Errors from load_privatekey This reproduces #119 and #456. * Prevent _PassphraseHelper.raise_if_problem() from eating exceptions. This resolves #119, resolves #456. `_PassphraseHelper.raise_if_problem()` always flushes the OpenSSL exception queue, but does not always raise an exception. In some cases, other code attempts to raise an error from OpenSSL after `raise_if_problem()` has flushed the queue, thus causing an empty exception to be raised (i.e. `raise Error([])`). This commit modifies `_PassphraseHelper.raise_if_problem` to flush the OpenSSL error queue only if it has en exception to raise. Subsequent code that detects an error should now be able to raise an non-empty exception. * Add CHANGELOG entry for #581.
* Add support for OCSP stapling. (#580)Cory Benfield2017-01-241-0/+206
| | | | | | | | | | | | | | | | | | | | | | | | * Define the OCSPCallbackHelper. * Define set_ocsp_status_callback function. * Reframe this as the "server" helper. * Add OCSP helper. * Allow clients to request OCSP * Some tests for OCSP. * Don't forget to throw callback errors. * Add changelog entry for OCSP stapling. * Require at least cryptography 1.7 * Sorry Flake8, won't happen again. * How does spelling work?
* automatically set SSL_CTX_set_ecdh_auto when available (#575)Paul Kehrer2016-12-191-0/+9
|
* Don't zero memory when we don't have to. (#578)Cory Benfield2016-11-281-7/+8
|
* Convert X509ExtTests to use pytest-style tests (#564)Alex Chan2016-11-181-0/+1
|
* Test on OpenSSL 1.1.0 with travis. Fixes #524 (#526)Alex Gaynor2016-09-241-7/+9
|
* fix cffi warnings for proper buffer types (#545)Paul Kehrer2016-09-201-3/+3
|
* Simplify a few more branches to improve coverage (#500)Alex Gaynor2016-07-031-8/+2
|
* Port the easy cases of SSL.py to _openssl_assert (#499)Alex Gaynor2016-07-031-9/+3
|
* Remove a bunch of untested stuff. (#487)Alex Gaynor2016-06-041-19/+8
| | | Refs #478
* remove attempts to test against openssl 0.9.8 (#484)Alex Gaynor2016-06-041-8/+2
| | | | | | * remove attempts to test against openssl 0.9.8 * remove some untested branches
* We have always been at war with easy to read code.Alex Gaynor2016-06-011-12/+23
| | | | aka EVERYBODY GET READY FOR OPENSSL 1.1.0
* Removed nonsense docstringAlex Gaynor2016-05-271-3/+1
| | | Caught by @davidben
* Factor out common code of requires decoratorsCory Benfield2016-03-291-35/+26
|
* Raise NotImplementedError when SNI not present.Cory Benfield2016-03-291-0/+19
|
* Implement Context.set_session_idHynek Schlawack2016-03-161-10/+34
|
* Rename state_name to get_state_nameHynek Schlawack2016-03-141-2/+3
| | | | | A bit more consistent naming. Rename is possible because the method hasn't been part of a release yet.
* Pluck more unrelated bits from #422Hynek Schlawack2016-03-131-4/+4
|
* More explicit assertHynek Schlawack2016-03-111-1/+1
|
* GrammarHynek Schlawack2016-03-111-1/+1
|
* Fix set_cipher_list on modern OpenSSLHynek Schlawack2016-03-111-12/+15
| | | | Also port forward a few changes from #422.
* Fixed AttributeError when calling get_app_data()Todd Chapman2016-01-181-0/+1
|
* Move package into srcHynek Schlawack2015-10-171-0/+1915
Prevents accidental imports when running tests.
View Lorry Controller Status