An error occurred fetching the project authors.
  1. 27 Feb, 2018 2 commits
    • Christian Heimes's avatar
      bpo-28124: deprecate ssl.wrap_socket() (#5888) · 90f05a52
      Christian Heimes authored
      The ssl module function ssl.wrap_socket() has been de-emphasized
      and deprecated in favor of the more secure and efficient
      SSLContext.wrap_socket() method.
      Signed-off-by: default avatarChristian Heimes <christian@python.org>
      90f05a52
    • Christian Heimes's avatar
      bpo-32947: OpenSSL 1.1.1-pre1 / TLS 1.3 fixes (#5663) · 05d9fe32
      Christian Heimes authored
      * bpo-32947: OpenSSL 1.1.1-pre1 / TLS 1.3 fixes
      
      Misc fixes and workarounds for compatibility with OpenSSL 1.1.1-pre1 and
      TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
      default. Some test cases only apply to TLS 1.2. Other tests currently
      fail because the threaded or async test servers stop after failure.
      
      I'm going to address these issues when OpenSSL 1.1.1 reaches beta.
      
      OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
      1.3. The feature is enabled by default for maximum compatibility with
      broken middle boxes. Users should be able to disable the hack and CPython's test suite needs
      it to verify default options.
      Signed-off-by: default avatarChristian Heimes <christian@python.org>
      05d9fe32
  2. 24 Feb, 2018 2 commits
  3. 21 Feb, 2018 1 commit
  4. 27 Jan, 2018 1 commit
    • Christian Heimes's avatar
      bpo-31399: Let OpenSSL verify hostname and IP address (#3462) · 61d478c7
      Christian Heimes authored
      bpo-31399: Let OpenSSL verify hostname and IP
      
      The ssl module now uses OpenSSL's X509_VERIFY_PARAM_set1_host() and
      X509_VERIFY_PARAM_set1_ip() API to verify hostname and IP addresses.
      
      * Remove match_hostname calls
      * Check for libssl with set1_host, libssl must provide X509_VERIFY_PARAM_set1_host()
      * Add documentation for OpenSSL 1.0.2 requirement
      * Don't support OpenSSL special mode with a leading dot, e.g. ".example.org" matches "www.example.org". It's not standard conform.
      * Add hostname_checks_common_name
      Signed-off-by: default avatarChristian Heimes <christian@python.org>
      61d478c7
  5. 20 Jan, 2018 1 commit
  6. 13 Dec, 2017 1 commit
  7. 06 Dec, 2017 1 commit
  8. 26 Nov, 2017 1 commit
  9. 20 Sep, 2017 1 commit
  10. 15 Sep, 2017 2 commits
  11. 08 Sep, 2017 2 commits
  12. 06 Sep, 2017 1 commit
  13. 15 Aug, 2017 1 commit
  14. 11 Jun, 2017 2 commits
  15. 09 Jun, 2017 1 commit
  16. 02 May, 2017 1 commit
  17. 13 Apr, 2017 1 commit
  18. 02 Mar, 2017 1 commit
  19. 01 Mar, 2017 1 commit
  20. 06 Feb, 2017 1 commit
  21. 19 Oct, 2016 2 commits
  22. 13 Sep, 2016 2 commits
  23. 11 Sep, 2016 2 commits
  24. 10 Sep, 2016 3 commits
  25. 09 Sep, 2016 1 commit
  26. 06 Sep, 2016 1 commit
  27. 05 Sep, 2016 2 commits
  28. 11 Jun, 2016 1 commit
  29. 10 May, 2016 1 commit