summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* New release.0.22.4Matěj Cepl2015-10-131-5/+5
| | | | Changed maintainer and URL.
* Clean up setup.py to be PEP8-compliant.Matěj Cepl2015-10-131-36/+36
|
* Add support for IP addresses in subjectAltNameMiloslav Trmač2015-10-131-0/+33
| | | | | | | | Uses socket.getaddrinfo to convert both inputs to the same string; notably the OpenSSL formatting of subjectAltName is using non-canonical forms like 0:0:0:0:0:0:0:1 . Fixes #52
* Fix spurious test failures in test_cookie_str_changed_*Miloslav Trmač2015-10-131-3/+3
| | | | | | | | | | | The test tests that a modification of MAC is detected by replacing one character by 'X', but from time to time the original MAC may have an 'X' in that place, in which case the modification doesn’t happen. To reproduce: for i in $(seq 1 1000); do j=$(python tests/test_authcookie.py 2>&1); if echo "$j" | grep -q FAIL; then echo "$i": "$j"; break; fi; done Fixes #53
* Bump the required python to 2.6 in INSTALL file.Matěj Cepl2015-10-131-4/+4
|
* Clean up whitespace etc.Matěj Cepl2015-10-132-116/+153
|
* We forgot import platform somewhere so tests were failing.Matěj Cepl2015-10-132-2/+6
|
* Account for SHA-256 signatures.Miloslav Trmač2015-10-131-1/+1
| | | | | The test case uses OpenSSL’s default algorithm; the length 1243 corresponds to SHA-1, 1263 to SHA-256.
* Fix test_tls1_nok for recent FedorasMiloslav Trmač2015-10-131-1/+1
| | | | | | | | | | | | | | Fedora OpenSSL-1.0.1j-3 has disabled SSLv3 by default. This test verifies that TLS1 client against a server which refuses TLS1 returns an error; however, the way Fedora has disabled SSLv3, the server instead falls through to a last-resort error state which just closes the connection. This modifies the test to accept both outcomes. Alternatively we could modify the test to re-enable SSLv3, but that would test a less realistic scenario and we would have to start wrapping SSL_CTX_clear_options().
* Fix build with SWIG 3.0.5Miloslav Trmač2015-10-137-64/+54
| | | | | | | | | | See analysis and previous patches in https://github.com/martinpaljak/M2Crypto/issues/60 and https://github.com/swig/swig/issues/344, in particular this adds the build machinery to patch https://github.com/martinpaljak/M2Crypto/issues/60#issuecomment-75735489 Fixes #47
* Accommodate change of global mask in crypto/asn1/a_strnid.cMiloslav Trmač2015-10-131-1/+3
| | | | | | | | | | | | A X509_name_hash_old() return value differs because the DER encoding of a X509_NAME differs because global_mask in crypto/asn1/a_strnid.c changed from 0xFFFFFFFFL to B_ASN1_UTF8STRING between OpenSSL 1.0.1e and 1.0.1h. See https://bugzilla.redhat.com/show_bug.cgi?id=1106146 for more information. Fixes https://github.com/martinpaljak/M2Crypto/issues/42
* Use randomly assigned ports when testing.Miloslav Trmač2015-10-132-26/+32
| | | | | | | Originally workaround for the multiple runs of the testsuite of M2Crypto running on the same machine (e.g., when it is build for various archs), but generally random ports while testing are The Right Thing™ anyway.
* Add a minimal SNI supportOleg Girko2015-10-133-48/+64
| | | | | | | | | | | | | | | | M2Crypto doesn't support SNI (Server Name Indication). http://en.wikipedia.org/wiki/Server_Name_Indication This feature is necessary for selecting the right SSL-protected web site hosted using name-based virtual hosting on a shared IP address. All modern browsers support this feature. However, Python programs which use M2Crypto for programmatic access to SSL-protected web services can't use SNI because it's not implemented in M2Crypto. The manifestation of lack of SNI support is error message about wrong site certificate. See https://bugzilla.redhat.com/show_bug.cgi?id=1029246 for more information.
* Fix incorrect exception type raised when in FIPS modeMiloslav Trmač2015-10-131-0/+12
| | | | | | | | | When in FIPS mode M2Crypto when using disallowed version of SSL returned a rather non-sensical TypeError exception. This patches changes it to M2Crypto.SSL.SSLError: null ssl method passed See https://bugzilla.redhat.com/show_bug.cgi?id=879043 for more information.
* Use correct syntax for testing SSLv2Miloslav Trmač2015-10-131-1/+1
| | | | | | | | | | Original "-no_tls1 -no_ssl3" was meant as a synonym for SSLv2. However, with the progressing deterioration of old SSL versions, this could actually end with something else. So, we ask specifically for SSLv2 when we want it. See https://bugzilla.redhat.com/show_bug.cgi?id=1004437 for more information on the issue.
* Replace expired certificates in the test suiteMiloslav Trmač2015-10-1310-245/+240
| | | | | | Testing certificates in the testsuite were replaced the ones with the expiration date Jan 8 15:33:54 2023 GMT which should be enough for some time.
* Fix https connections over a proxy with Python >= 2.6Miloslav Trmač2015-10-132-3/+5
| | | | | | | | | | | Make m2urllib2 allow use of the relative paths in requests, which make M2Crypto more proxy-friendly and working with some caches which don't allow mixing two different URLs for the same resource. See https://bugzilla.redhat.com/show_bug.cgi?id=803554 and https://bugzilla.redhat.com/show_bug.cgi?id=491674 for more information.
* Support IPv6 in M2Crypto.httpslibMiloslav Trmač2015-10-132-17/+39
| | | | | See https://bugzilla.redhat.com/show_bug.cgi?id=742914 for more information.
* Memory leak in SWIG/_aes.i: AES_cryptMiloslav Trmač2015-10-131-1/+4
| | | | | | | | See https://bugzilla.redhat.com/show_bug.cgi?id=659881 for more information. A buffer out is malloced in the size of the encrypted cipherstring, but never freed.
* Fix S/MIME examples and documentation.Miloslav Trmač2015-10-137-14/+24
| | | | | | See https://bugzilla.redhat.com/show_bug.cgi?id=618500 for more. Rather large reproducer is also included in the bug report.
* Fix handling of buffer() objects as input data to SSLMiloslav Trmač2015-10-133-10/+82
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | See https://bugzilla.redhat.com/show_bug.cgi?id=702766 for more information. Accommodation of M2Crypto to the incompatible C API changes caused by https://docs.python.org/2.6/whatsnew/2.6.html#pep-3118-revised-buffer-protocol. Probably caused by changes introduced in 8cdcb2308a This is a reproducer from the bug: import mmap import os import M2Crypto if __name__ == '__main__': filename = '/etc/issue' fd = open(filename, 'rb') mapped = mmap.mmap(fd.fileno(), os.path.getsize(filename), mmap.MAP_SHARED, mmap.PROT_READ) buf = buffer(mapped) c = M2Crypto.m2.ssl_ctx_new(M2Crypto.m2.tlsv1_method()) s = M2Crypto.m2.ssl_new(c) M2Crypto.m2.ssl_write(s, buf)
* Allow overriding SSL.Connection.postConnectionCheck from m2urllib2Miloslav Trmač2015-10-132-2/+8
| | | | | | | | | | | | | | | | | | | | | | | See https://bugzilla.redhat.com/show_bug.cgi?id=610906 for more. Example of use of the changed API is this (for permitting connection to the sites with invalid certificates): import M2Crypto import urlgrabber ctx = M2Crypto.SSL.Context() ctx.set_allow_unknown_ca(True) ctx.set_verify(M2Crypto.SSL.verify_none, -1) def checker(*args): return True ctx.post_connection_check = checker ## Test opener directly opener = M2Crypto.m2urllib2.build_opener(ctx) f = opener.open('https://localhost:443/test.txt') print f.read() f.close()
* Fix M2Crypto in FIPS mode.Miloslav Trmač2015-10-138-21/+40
| | | | | | | | | | | | | | | | More comments and rationale is at https://bugzilla.redhat.com/show_bug.cgi?id=565662 * Some algorithms are not available in FIPS mode, in particular MD5. * Ignoring the error returned by HMAC_Init IIRC results in a NULL deference. * FIPS mode prohibits 512-bit RSA keys, so the tests have to increase the key length. * MD5 is prohibited in FIPS mode, had to use a different algorithm (and different known answers) for testing HMAC. * RC4 is unavailable in FIPS mode. Should probably use @unittest.skip nowadays. * The same goes for RIPEMD-160
* Switch unit testing to have at least 2.7 unittest API available.Matěj Cepl2015-10-1327-31/+138
| | | | Fixes #48
* Add support for SSL socket timeoutsJames Bowes2015-10-134-110/+307
| | | | | | | | | | | | | | | | | | | | | | | See for discussion of this patch https://bugzilla.redhat.com/show_bug.cgi?id=210966 This patch adds timeout to SSL Operations, but it breaks API. From the linked bug comment: This patch seems to change the API, likely breaking any currently working code that uses nonblocking sockets. - the patch completely changes the semantics of non-blocking operations (with timeout==0.0): instead of returning 0L, None or -1, they would raise exceptions - although SSL.Connection._{read,write}_{,n}bio uses the "internal use" naming convention, they are used in the shipped demo and contrib code, so I wouldn't be surprised if they were used in applications as well - SSL.Connection.makefile() supports write-only and read-write file objects, while SSLFile is supports only reading. ALSO, BE AWARE THAT THIS BUG USES LINUX SYSTEM CALL POLL() IN ITS C PART, SO IT IS NOT WORKING ON WINDOWS.
* Everybody has to be ignorant sometimes.Matěj Cepl2015-10-031-0/+11
| | | | Add .gitignore
* Fixed invalid variable nameHugo Castilho2015-10-031-1/+1
|
* 0.21.1 release0.21.1Heikki Toivonen2011-01-150-0/+0
| | | | git-svn-id: http://svn.osafoundation.org/m2crypto/tags/0.21.1@738 2715db39-9adf-0310-9c64-84f055769b4b
* 0.21 release tarball was buggy, so need to release 0.21.1.Heikki Toivonen2011-01-153-4/+8
| | | | git-svn-id: http://svn.osafoundation.org/m2crypto/branches/0.21@737 2715db39-9adf-0310-9c64-84f055769b4b
* Prepare for 0.21Heikki Toivonen2011-01-132-4/+4
| | | | git-svn-id: http://svn.osafoundation.org/m2crypto/branches/0.21@735 2715db39-9adf-0310-9c64-84f055769b4b
* Preparing for 0.21 releaseHeikki Toivonen2011-01-120-0/+0
| | | | git-svn-id: http://svn.osafoundation.org/m2crypto/branches/0.21@726 2715db39-9adf-0310-9c64-84f055769b4b
* Add a warning about when the chain will become invalid.Heikki Toivonen2010-05-081-1/+6
| | | | git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@724 2715db39-9adf-0310-9c64-84f055769b4b
* Bug 12935, 0.20 started releasing Python locks even around some operations thatHeikki Toivonen2010-02-136-17/+36
| | | | | | | interacted with the Python runtime, potentially causing crashes and other weirdness, fix by Miloslav Trmac. git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@723 2715db39-9adf-0310-9c64-84f055769b4b
* Bug 12910, make httpslib.ProxyHTTPSConnection work with Python 2.3.Heikki Toivonen2010-02-132-1/+5
| | | | git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@722 2715db39-9adf-0310-9c64-84f055769b4b
* Support OpenSSL 1.0. Thanks to Miloslav Trmac for figuring out how to fix ↵Heikki Toivonen2010-02-1315-126/+213
| | | | | | test_smime.py. git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@721 2715db39-9adf-0310-9c64-84f055769b4b
* Rename m2.engine_init to engine_init_error so that ENGINE_init and ↵Heikki Toivonen2010-02-133-2/+20
| | | | | | ENGINE_finish can be exposed, thanks to Erlo (see http://stackoverflow.com/questions/2195179/need-help-using-m2crypto-engine-to-access-usb-token). git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@720 2715db39-9adf-0310-9c64-84f055769b4b
* Forgot to attribute RSA PSS issue to Stef Walter.Heikki Toivonen2009-10-061-1/+1
| | | | git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@716 2715db39-9adf-0310-9c64-84f055769b4b
* Bug 12894, (Re)Enable configuration and use with OpenSSL 0.9.7g and older by ↵Heikki Toivonen2009-10-064-36/+48
| | | | | | disabling RSA PSS methods when using such old OpenSSL. git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@715 2715db39-9adf-0310-9c64-84f055769b4b
* Make tests more verbose.Heikki Toivonen2009-10-061-1/+1
| | | | git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@714 2715db39-9adf-0310-9c64-84f055769b4b
* Open trunk for 0.21 work.Heikki Toivonen2009-08-273-4/+4
| | | | git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@713 2715db39-9adf-0310-9c64-84f055769b4b
* Bug 12857, fix regression in httpslib.ProxyHTTPSConnection, by Miloslav Trmac.Heikki Toivonen2009-08-122-4/+9
| | | | git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@709 2715db39-9adf-0310-9c64-84f055769b4b
* Don't want to export/document v that was used for version generation, so ↵Heikki Toivonen2009-08-071-1/+1
| | | | | | make it private. git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@704 2715db39-9adf-0310-9c64-84f055769b4b
* Simplify document generation by using epydoc config file. Run with:Heikki Toivonen2009-08-071-0/+29
| | | | | | | | epydoc --no-private --config=epydoc.conf (for some reason the private options does not work in the config file). git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@703 2715db39-9adf-0310-9c64-84f055769b4b
* Docstring should say this is deprecated too.Heikki Toivonen2009-08-071-1/+3
| | | | git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@702 2715db39-9adf-0310-9c64-84f055769b4b
* Created new test certificates that will be valid until 2019.Heikki Toivonen2009-07-2812-257/+266
| | | | git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@698 2715db39-9adf-0310-9c64-84f055769b4b
* Part of bug 12442, make C code follow the way fips_rsa_sign.c does it in ↵Heikki Toivonen2009-07-283-38/+43
| | | | | | OpenSSL. Make the tests use the same digest algorithm as we are testing the signature with. These fix the tests for 64-bit platforms. git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@697 2715db39-9adf-0310-9c64-84f055769b4b
* Part of bug 11693, taking out the fast code path because it was not working ↵Heikki Toivonen2009-07-281-3/+0
| | | | | | on 64-bit systems. This causes things like cert.get_serial_number() to be 5-6% slower, for example. git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@696 2715db39-9adf-0310-9c64-84f055769b4b
* Bug 12775, allow more blocking OpenSSL functions to run without GIL, by ↵Heikki Toivonen2009-07-2414-10/+171
| | | | | | Miloslav Trmac. This bumps swig dependency to >= 1.3.28. git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@695 2715db39-9adf-0310-9c64-84f055769b4b
* Bug 11693, ASN1_INTEGERs can now be larger than fits in an int, for example ↵Heikki Toivonen2009-07-245-4/+148
| | | | | | to support X509 certificates with large serial numbers, patch by Mikhail Vorozhtsov and testcase by Barry G. git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@694 2715db39-9adf-0310-9c64-84f055769b4b
* Forgot to checkin.Heikki Toivonen2009-07-241-0/+8
| | | | git-svn-id: http://svn.osafoundation.org/m2crypto/trunk@693 2715db39-9adf-0310-9c64-84f055769b4b
View Lorry Controller Status