[issue46159] Segfault when using trace functions in 3.11a3
Alex Gaynor added the comment: It seems to no longer be crashing with alpha5. Hopefully it's actually fixed and not merely having a more subtle failure mode. -- ___ Python tracker <https://bugs.python.org/issue46159> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue42982] Update suggested number of iterations for pbkdf2_hmac()
Alex Gaynor added the comment: Sticking with 100k is not scientific though ;-) Empiricism is science! I'm probably the person responsible for Django's process, which is to increase by some % (10% or 20% IIRC) every release. As you point out, the exact value one should use is a function of context, which we don't have as documentation authors. However, what we can do is try to select a value that's most likely to be practical for many users and will in-turn protect their users data most. 100k isn't that value, and taking inspiration from places that have had their values tested by many users is intuitive to me. -- nosy: +alex ___ Python tracker <https://bugs.python.org/issue42982> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue46159] Segfault when using trace functions in 3.11a3
Change by Alex Gaynor : -- components: +Interpreter Core nosy: +Mark.Shannon, alex ___ Python tracker <https://bugs.python.org/issue46159> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue45459] Limited API support for Py_buffer
Alex Gaynor added the comment: I am someone who is interested in having this, but FWIW my motivation is slightly more narrow, I only really need abi3-friendly buffer support with contiguous 1d buffers. Not sure if there'd be interest in doing a smaller version before figuring out the entire Py_buffer API. -- nosy: +alex ___ Python tracker <https://bugs.python.org/issue45459> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue42486] Investigate docs.python.org egregious SEO performance on Google
Change by Alex Gaynor : -- nosy: +alex ___ Python tracker <https://bugs.python.org/issue42486> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue42415] python3.lib in Python3.9.0 Windows distribution does not contain PyObject_CallNoArgs symbol
Change by Alex Gaynor : -- versions: +Python 3.10 ___ Python tracker <https://bugs.python.org/issue42415> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue42415] python3.lib in Python3.9.0 Windows distribution does not contain PyObject_CallNoArgs symbol
Change by Alex Gaynor : -- components: +C API ___ Python tracker <https://bugs.python.org/issue42415> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue42415] python3.lib in Python3.9.0 Windows distribution does not contain PyObject_CallNoArgs symbol
Alex Gaynor added the comment: This looks like a bug to me. While https://github.com/python/cpython/commit/2ff58a24e8a1c7e290d025d69ebaea0bbead3b8c added it to the header, it did not add it to https://github.com/python/cpython/blob/master/PC/python3dll.c which is required. -- components: +Extension Modules nosy: +alex ___ Python tracker <https://bugs.python.org/issue42415> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue41845] Promote PyObject_GenericGetDict to the stable API
New submission from Alex Gaynor : Currently PyObject_GenericSetDict is part of the stable API, but PyObject_GenericGetDict is not. I noticed this while working on https://github.com/PyO3/pyo3/pull/1207 Because of the symmetry here, it seems appropriate to promote Get. -- components: C API messages: 377388 nosy: alex, benjamin.peterson priority: normal severity: normal status: open title: Promote PyObject_GenericGetDict to the stable API versions: Python 3.10 ___ Python tracker <https://bugs.python.org/issue41845> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue41784] Promote PyUnicode_AsUTF8AndSize to be available with the limited API (PEP 384)
Alex Gaynor added the comment: It's a big project I think :-) Py_Buffer is allocated on the stack, so either we'd have to agree to never change it's ABI (size, alignment, etc.) or we'd need to completely change the interface. -- ___ Python tracker <https://bugs.python.org/issue41784> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue41784] Promote PyUnicode_AsUTF8AndSize to be available with the limited API (PEP 384)
Alex Gaynor added the comment: Py_buffer is not part of the limited API at all, so I don't think it's usable for this. -- ___ Python tracker <https://bugs.python.org/issue41784> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue41784] Promote PyUnicode_AsUTF8AndSize to be available with the limited API (PEP 384)
Alex Gaynor added the comment: I think less is more, one API is plenty :-) It looks to me like the API is already supported on PyPy, so I think it's fine from that perspective: https://foss.heptapod.net/pypy/pypy/-/blob/branch/py3.7/pypy/module/cpyext/unicodeobject.py#L493 -- ___ Python tracker <https://bugs.python.org/issue41784> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue41784] Promote PyUnicode_AsUTF8AndSize to be available with the limited API (PEP 384)
Change by Alex Gaynor : -- keywords: +patch pull_requests: +21307 stage: -> patch review pull_request: https://github.com/python/cpython/pull/22252 ___ Python tracker <https://bugs.python.org/issue41784> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue41784] Promote PyUnicode_AsUTF8AndSize to be available with the limited API (PEP 384)
Change by Alex Gaynor : -- assignee: -> alex ___ Python tracker <https://bugs.python.org/issue41784> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue41784] Promote PyUnicode_AsUTF8AndSize to be available with the limited API (PEP 384)
New submission from Alex Gaynor : This function is incredibly useful for efficient interoperability between Python and other languages with UTF-8 based strings (e.g. Rust). Right now it's not possible to do interop without several copies/allocations if you're trying to build an abi3 wheel. This is tactically relevant to me here: https://github.com/PyO3/pyo3/issues/1125 This API has been stable since it was introduced in Python 3.1, so I think making it stable would be appropriate. Inada, Benjamin suggested I should ask you for your feedback on this. I'm happy to send a pull request. -- components: C API keywords: easy (C) messages: 376896 nosy: alex, benjamin.peterson, inada.naoki priority: normal severity: normal status: open title: Promote PyUnicode_AsUTF8AndSize to be available with the limited API (PEP 384) type: enhancement ___ Python tracker <https://bugs.python.org/issue41784> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue40176] unterminated string literal tokenization error messages could be better
Alex Gaynor added the comment: Here's my suggestion: End of line reached without finding the end of string literal. Are you missing a closing quote? -- nosy: +alex ___ Python tracker <https://bugs.python.org/issue40176> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue39421] Use-after-free in heappushpop() of heapq module
Change by Alex Gaynor : -- keywords: +security_issue nosy: +alex ___ Python tracker <https://bugs.python.org/issue39421> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue37461] email.parser.Parser hang
Change by Alex Gaynor : -- nosy: +alex ___ Python tracker <https://bugs.python.org/issue37461> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue35214] Get the test suite passing with clang Memory Sanitizer enabled
Alex Gaynor added the comment: All libraries that are linked against, including libc, need to be compiled with MSAN. MSAN is not for the faint of heart. -- ___ Python tracker <https://bugs.python.org/issue35214> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue35214] Get the test suite passing with clang Memory Sanitizer enabled
Change by Alex Gaynor : -- nosy: +alex ___ Python tracker <https://bugs.python.org/issue35214> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue33661] urllib may leak sensitive HTTP headers to a third-party web site
Change by Alex Gaynor <alex.gay...@gmail.com>: -- nosy: +orsenthil ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue33661> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue991266] Cookie.py does not correctly quote Morsels
Alex Gaynor <alex.gay...@gmail.com> added the comment: None of the above :-) I'd expect the last one, but with quoting. You should not be able to set fields in a cookie by injection. -- ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue991266> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue991266] Cookie.py does not correctly quote Morsels
Alex Gaynor <alex.gay...@gmail.com> added the comment: Berker your patch looks good to me. Convert it to a PR and then merge? -- nosy: +alex ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue991266> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue29613] Support for SameSite Cookies
Alex Gaynor <alex.gay...@gmail.com> added the comment: Good catch. -- versions: +Python 3.8 -Python 3.7 ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue29613> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue29613] Support for SameSite Cookies
Change by Alex Gaynor <alex.gay...@gmail.com>: -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue29613> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue29613] Support for SameSite Cookies
Alex Gaynor <alex.gay...@gmail.com> added the comment: New changeset c87eb09d2e3783b0b5dc0d7cb304050cbcc86ad3 by Alex Gaynor in branch 'master': bpo-29613: Added support for SameSite cookies (GH-6413) https://github.com/python/cpython/commit/c87eb09d2e3783b0b5dc0d7cb304050cbcc86ad3 -- nosy: +alex ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue29613> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue29613] Support for SameSite Cookies
Change by Alex Gaynor <alex.gay...@gmail.com>: -- keywords: +patch pull_requests: +6118 ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue29613> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue32819] match_hostname() error reporting bug
Alex Gaynor <alex.gay...@gmail.com> added the comment: (Didn't mean to update status) -- status: open -> pending ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue32819> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue32819] match_hostname() error reporting bug
Alex Gaynor <alex.gay...@gmail.com> added the comment: Can confirm, no browsers do partial (or multiple) wildcards and the CABF rules don't allow public CAs to issue them. -- status: pending -> open ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue32819> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue2506] Add mechanism to disable optimizations
Alex Gaynor <alex.gay...@gmail.com> added the comment: If anyone has needed a workaround in the past 9 years and hasn't yet found one: https://github.com/pyca/cryptography/pull/3968/commits/3b585f803891e750d0ca5861b5a29e16b779bc16 -- nosy: +alex ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue2506> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue23239] SSL match_hostname does not accept IP Address
Alex Gaynor <agay...@mozilla.com> added the comment: I'd be in favor of backporting this to the 2.x - encouraging reliance on the nonsense behaviour of putting IPAddresses in DNS Names or relying on CN over SAN is bad, and we shouldn't encourage it. -- nosy: +Alex Gaynor ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue23239> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue31453] ssl.PROTOCOL_TLS only select TLSv1.2
Alex Gaynor added the comment: What operating system are you on? -- nosy: +Alex Gaynor ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue31453> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue25115] SSL_set_verify_depth not exposed by the ssl module
Alex Gaynor added the comment: For the use case of "I want to trust this CA, but I don't want to trust any of it's sub CAs" I think there's a simpler solution than expanding our API: Create your own cross-sign of the root you want, and add a pathLenConstraint: 0 to the basicConstraints extension. By create a cross-sign, I mean a new certificate with the same subject/SPKI/SKI/other-extensions, but instead of being self-signed, sign it under some random private key you throw away. And then use that as your trust root, instead of the original certificate. This should work fine for validation. -- ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue25115> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue27815] Make SSL suppress_ragged_eofs default more secure
Alex Gaynor added the comment: Mmmm, my understanding is that ignoring TCP-FIN/RST-without-TLS-closenotify is pretty common for a lot of different clients. We should probably survey the landscape, see what both browsers and non-browse clients (e.g. curl) do before making a decision. -- ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue27815> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue29824] Hostname validation in SSL match_hostname()
Alex Gaynor added the comment: An additional problem in (2) is that a cert for *.google _is_ legal if the CA can prove that a single organization controls the entire TLD: https://crt.sh/?id=7668286 -- nosy: +Alex Gaynor ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue29824> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue25115] SSL_set_verify_depth not exposed by the ssl module
Alex Gaynor added the comment: +1 on making sure we have a concrete use case before expanding the API -- nosy: +Alex Gaynor ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue25115> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue28938] match_hostname treats SAN IP address as DNS name and fails to check CN then
Alex Gaynor added the comment: +1 Christian, we should not be expanding our usage of CNs at all. -- status: pending -> open ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue28938> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue28414] SSL match_hostname fails for internationalized domain names
Changes by Alex Gaynor <alex.gay...@gmail.com>: -- nosy: +dstufft, janssen ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue28414> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue28414] SSL match_hostname fails for internationalized domain names
Alex Gaynor added the comment: This came up on m.d.s.p. today: https://groups.google.com/d/msg/mozilla.dev.security.policy/K3sk5ZMv2DE/fx6c3WWFBgAJ I haven't dug in deeply, but it sounds like we handle IDNs in CNs and SANs differently? I think we should look for a way to solve that specific problem, without biting off the whole thing -- one solution would be to simply drop support for CNs in match_hostname, as both Chrome and Firefox have already done :-) -- nosy: +alex ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue28414> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue30879] os.listdir(bytes) gives a list of bytes, but os.listdir(buffer) gives a list of unicodes
Changes by Alex Gaynor <alex.gay...@gmail.com>: -- nosy: +alex ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue30879> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue30319] Change socket.close() to ignore ECONNRESET
Changes by Alex Gaynor <alex.gay...@gmail.com>: -- nosy: -alex ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue30319> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue30525] Expose SCTs on TLS connections
New submission from Alex Gaynor: CT (https://www.certificate-transparency.org/) is starting to become a thing! It'd be great if we exposed SCTs (whether from TLS extensions, OCSP, or embedded in the certificate) for TLS connections. This would allow higher level protocols to begin acting on them. This would need to be an OpenSSL 1.1.0+ feature. -- assignee: christian.heimes components: SSL messages: 294838 nosy: alex, christian.heimes, dstufft, janssen priority: normal severity: normal status: open title: Expose SCTs on TLS connections versions: Python 3.7 ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue30525> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue30511] shutil.make_archive should not need to chdir (alternatively: make shutil.make_archive thread-safe)
Alex Gaynor added the comment: Ugh, except via |register_archive_format|. |register_archive_format| could wrap callables passed to it to maintain the current behavior. -- ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue30511> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue30511] shutil.make_archive should not need to chdir (alternatively: make shutil.make_archive thread-safe)
Alex Gaynor added the comment: None of those functions are a public API, so changing them shouldn't be a problem IMO. -- ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue30511> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue30511] shutil.make_archive should not need to chdir (alternatively: make shutil.make_archive thread-safe)
New submission from Alex Gaynor: Currently shutil.make_archive uses os.chdir, however there's no need for that. Everything that's done could be equally accomplished with path manipulation: https://github.com/python/cpython/blob/master/Lib/shutil.py#L773-L779 We should switch to using path manipulation in order to make shutil.make_archive thread safe. (Flag: This is probably a good bug for someone with Python skills interested in contributing to CPython!) -- components: Library (Lib) messages: 294756 nosy: Alex Gaynor, tarek priority: normal severity: normal status: open title: shutil.make_archive should not need to chdir (alternatively: make shutil.make_archive thread-safe) versions: Python 2.7, Python 3.7 ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue30511> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue30420] Clarify kwarg handing for subprocess convenience APIs
Changes by Alex Gaynor <alex.gay...@gmail.com>: -- pull_requests: +1781 ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue30420> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue18617] AIA chasing for missing intermediate certificates on TLS connections
Alex Gaynor added the comment: Just discussed with Christian, and we're both in favor of adding AIA chasing support to the stdlib ssl. -- nosy: +alex, janssen ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue18617> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue29810] Rename ssl.Purpose.{CLIENT,SERVER}_AUTH
Alex Gaynor added the comment: Sounds good to me! -- ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue29810> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue29810] Rename ssl.Purpose.{CLIENT,SERVER}_AUTH
Alex Gaynor added the comment: Ah, so instead of PROTOCOL_SSLv23 using PROTOCOL_TLS_CLIENT and deprecating the Purpose bits entirely? That sounds good to me! -- ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue29810> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue29810] Rename ssl.Purpose.{CLIENT,SERVER}_AUTH
Changes by Alex Gaynor <alex.gay...@gmail.com>: -- nosy: +christian.heimes, dstufft, janssen ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue29810> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue29810] Rename ssl.Purpose.{CLIENT,SERVER}_AUTH
New submission from Alex Gaynor:
The names are super misleading. First, they're written in a way that's the
opposite of how people think about these things (CLIENT_AUTH -> server socket;
SERVER_AUTH -> client socket). Second, they're misleading, you can have TLS
which is *mutually* authenticated. Third, CLIENT_AUTH is very frequently used
for a server socket where the client isn't authenticated (at the TLS layer) at
all!
A simple fix would be to add: Purpose.{CLIENT,SERVER}_SOCKET and alias the old
names to those values.
--
messages: 289601
nosy: alex
priority: normal
severity: normal
status: open
title: Rename ssl.Purpose.{CLIENT,SERVER}_AUTH
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue29810>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue23606] ctypes.util.find_library("c") no longer makes sense
Alex Gaynor added the comment:
Yeah, this got me (happy to explain what I was trying to do in more detail, if
it'd be helpful), took me longer to understand why my tests passed on
{26,27,33,34} but failed on 35 since the public "what's changed" docs page is
where I went to.
Ultimately I discovered the root cause when I started reading the
find_library() source code, and found this issue :-)
--
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue23606>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue23606] ctypes.util.find_library("c") no longer makes sense
Alex Gaynor added the comment: An FYI for the future, it would have been very helpful if this had been documented in the whats-changed file for 3.5. -- nosy: +alex ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue23606> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue29505] Submit the re, json, & csv modules to oss-fuzz testing
Changes by Alex Gaynor <alex.gay...@gmail.com>: -- nosy: +alex ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue29505> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue11549] Build-out an AST optimizer, moving some functionality out of the peephole optimizer
Changes by Alex Gaynor <alex.gay...@gmail.com>: -- nosy: -alex ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue11549> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue29136] Add OP_NO_TLSv1_3
Alex Gaynor added the comment: We can easily just add `TLS13:...` at the from of our ciphersuite list and it'll be ok though right? (Note to self, do the same in urllib3, twisted, requests, god only knows what else) -- nosy: +alex ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue29136> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue28854] FIPS mode causes dead-lock in ssl module
Changes by Alex Gaynor <alex.gay...@gmail.com>: -- nosy: +alex, dstufft, janssen ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue28854> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue28275] LZMADecompressor.decompress Use After Free
Changes by Alex Gaynor <alex.gay...@gmail.com>: -- nosy: +nadeem.vawda ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue28275> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue28275] LZMADecompressor.decompress Use After Free
Changes by Alex Gaynor <alex.gay...@gmail.com>: -- keywords: +security_issue ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue28275> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue28248] Upgrade installers to OpenSSL 1.0.2i
New submission from Alex Gaynor: https://www.openssl.org/news/secadv/20160922.txt -- assignee: christian.heimes components: Library (Lib), SSL keywords: security_issue messages: 277226 nosy: alex, christian.heimes, dstufft, janssen, ned.deily, paul.moore, ronaldoussoren, steve.dower, tim.golden, zach.ware priority: normal severity: normal status: open title: Upgrade installers to OpenSSL 1.0.2i versions: Python 2.7, Python 3.5, Python 3.6, Python 3.7 ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue28248> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue27928] Add hashlib.scrypt
Alex Gaynor added the comment: OpenSSL supports scrypt On Sep 7, 2016 12:28 PM, "Benjamin Peterson" <rep...@bugs.python.org> wrote: > > Benjamin Peterson added the comment: > > Why are we adding scrypt and not argon2 anyway? > > On Wed, Sep 7, 2016, at 03:25, Christian Heimes wrote: > > > > Christian Heimes added the comment: > > > > Benjamin, what's your take on Alex's suggestion? > > > > gutworth: Alex_Gaynor has asked me if hashlib.scrypt() can go into > > 2.7, too. It's a password-based KDF like hashlib.pbkdf2() but more secure > > than PBKDF2. It requires OpenSSL 1.1.0. > > gutworth: I think it'd be good if this were approved, for > > the same reasons as PEP466 > > contrary to PKBDF2 it doesn't make sense to have a pure-Python > > implementation. scrypt uses ChaCha20 cipher. I don't want to add a cipher > > to CPython core (possible legal issue) and it's not available in OpenSSL > > < 1.1.0. > > > > -- > > nosy: +benjamin.peterson > > versions: +Python 2.7 > > > > ___ > > Python tracker <rep...@bugs.python.org> > > <http://bugs.python.org/issue27928> > > ___ > > -- > > ___ > Python tracker <rep...@bugs.python.org> > <http://bugs.python.org/issue27928> > ___ > -- ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue27928> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue27928] Add hashlib.scrypt
Alex Gaynor added the comment: PEP466 includes hashlib.pbkdf2_hmac(). Any reasoning that includes that surely is applicable to scrypt as well. -- ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue27928> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue27928] Add hashlib.scrypt
Alex Gaynor added the comment: Bug in the error message "n must be a multiple of 2." it should say "n must be a power of 2." -- nosy: +alex ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue27928> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue26470] Make OpenSSL module compatible with OpenSSL 1.1.0
Alex Gaynor added the comment: - The 2.7 patch contains numerous references to 3.6, these should be rewritten to 2.7.x - -- ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue26470> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue27850] Remove 3DES from cipher list (sweet32 CVE-2016-2183)
Alex Gaynor added the comment: +! from me, removing 3DES is a totally sane default, people who need IE8+XP compat can change the default. -- ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue27850> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue27768] ssl: add public API for IA-32 processor capabilities vector
Alex Gaynor added the comment: In this case, performance is security. Both AES-GCM and ChaCha20-Poly1305 are secure. Modulo one thing: GCM in software is hard to implement in constant-time, so it's strongly preferable to use it only when there's a hardware implementation. It works out nicely that in addition to being constant-time, the hardware implementation of GCM is faster. -- ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue27768> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue27766] Add ChaCha20 Poly1305 to SSL ciphers
Alex Gaynor added the comment: Exposing it in some way would be good, but we can make that a seperate issue. -- ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue27766> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue27766] Add ChaCha20 Poly1305 to SSL ciphers
Alex Gaynor added the comment: Simply doing AES-GCM before ChaCha20 is probably the simplest thing to start with, can always get fancier later. -- ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue27766> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue27766] Add ChaCha20 Poly1305 to SSL ciphers
Alex Gaynor added the comment: So, for servers really what we care about is if the _client_ has PCLMULQDQ/AESNI, not whether the server itself does. Unfortunately, there's no sane way to do this. Haven't reviewed this patch in terribly much detail, but conceptually fine. Cory, we should make sure this type of change propogates its way through requests, urllib3, hynek's blog post, and whatever else has a copy-pasted ciphersuite string. -- nosy: +hynek ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue27766> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue27592] FIPS_mode() and FIPS_mode_set() functions in Python (ssl)
Alex Gaynor added the comment: I'm opposed to adding FIPS knobs to Python's SSL module for a few reasons: - FIPS is a bad standard (which I'm happy to talk at length about) - OpenSSL is regularly on the verge of dropping FIPS support (https://www.openssl.org/blog/blog/2016/07/20/fips/ is the most recent rescue from the brink of removal) - It further ties us to the OpenSSL API, in favor of being a more general purpose SSL API. -- nosy: +alex, christian.heimes, dstufft, giampaolo.rodola, janssen, pitrou ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue27592> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()
Alex Gaynor added the comment: Colm -- how is that situation not addressed by fixing the hash seed generation specifically, rather than patching all consumers of os.urandom? -- ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue26839> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue27249] Add os.urandom_info
Changes by Alex Gaynor <alex.gay...@gmail.com>: -- nosy: +alex ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue27249> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue27250] Add os.urandom_block()
Changes by Alex Gaynor <alex.gay...@gmail.com>: -- nosy: +alex ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue27250> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()
Alex Gaynor added the comment: Repeating what a few other folks have said: the of os.urandom's callers shouldn't have to pay for the hash seed implementation. If Python internally is ok with suboptimal entropy, it should use a different function. Or early-boot Python users should set PYTHONHASHSEED. -- ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue26839> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue26839] Python 3.5 running on Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()
Alex Gaynor added the comment: This doesn't look correct to me. Despite what the Linux maintainers insist, it's a _bug_ that /dev/urandom will return immediately if the system's entropy pool has never been seeded; one of the whole points of the getrandom syscall is that it has the correct behavior (which is the same behavior as BSDs). IMO the patch landed this morning should be reverted and it should be left as is. -- nosy: +alex ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue26839> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue26930] Upgrade installers to OpenSSL 1.0.2h
New submission from Alex Gaynor: https://www.openssl.org/news/secadv/20160503.txt -- keywords: security_issue messages: 264731 nosy: alex, ned.deily, paul.moore, ronaldoussoren, steve.dower, tim.golden, zach.ware priority: normal severity: normal status: open title: Upgrade installers to OpenSSL 1.0.2h ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue26930> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue26798] add BLAKE2 to hashlib
Alex Gaynor added the comment: Right now all the hashlib algorithms are backed by OpenSSL. OpenSSL 1.1.0 will have blake2, so perhaps the right move is just to wait for that to drop in a few weeks? Sadly many users with old OpenSSL's still won't have blake2, but pretty quickly Windows and OS X users will get blake2! -- nosy: +alex ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue26798> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue26465] Upgrade OpenSSL shipped with python installers
Changes by Alex Gaynor <alex.gay...@gmail.com>: -- nosy: +christian.heimes, dstufft, giampaolo.rodola, janssen, pitrou ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue26465> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue26465] Upgrade OpenSSL shipped with python installers
New submission from Alex Gaynor: https://openssl.org/news/secadv/20160301.txt -- keywords: security_issue messages: 261052 nosy: alex, paul.moore, steve.dower, tim.golden, zach.ware priority: critical severity: normal status: open title: Upgrade OpenSSL shipped with python installers versions: Python 2.7, Python 3.2, Python 3.3, Python 3.4, Python 3.5, Python 3.6 ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue26465> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue26242] reST formatting error in Doc/library/importlib.rst
New submission from Alex Gaynor: https://hg.python.org/cpython/file/default/Doc/library/importlib.rst#l1124 the spacing is wrong, it should be: .. versionchanged:: 3.5 -- assignee: docs@python components: Documentation messages: 259263 nosy: alex, docs@python, eric.araujo, ezio.melotti, georg.brandl priority: normal severity: normal status: open title: reST formatting error in Doc/library/importlib.rst versions: Python 3.5 ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue26242> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue26066] Language on the "Cryptographic Services" is out of date
New submission from Alex Gaynor: https://docs.python.org/2/library/crypto.html https://docs.python.org/3/library/crypto.html This language has a number of issues: - Crypto isn't just for "Hardcore cypherpunks" anymore, it's a necessary component of a great many software projects - PyCrypto isn't maintained by A.M. Kuchling any longer - (IMO) it's no longer the recommended library for cryptography in Python - The page should probably also point people towards the ssl module. -- assignee: docs@python components: Documentation messages: 257857 nosy: alex, docs@python priority: normal severity: normal status: open title: Language on the "Cryptographic Services" is out of date versions: Python 2.7, Python 3.5, Python 3.6 ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue26066> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue26066] Language on the "Cryptographic Services" documentation page is out of date
Changes by Alex Gaynor <alex.gay...@gmail.com>: -- title: Language on the "Cryptographic Services" is out of date -> Language on the "Cryptographic Services" documentation page is out of date ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue26066> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue25940] SSL tests failed due to expired svn.python.org SSL certificate
Alex Gaynor added the comment: I agree the tests shouldn't rely on a legacy domain like svn.python.org In the mean time Ernest is working on getting a valid cert set up. -- nosy: +alex ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue25940> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue25940] SSL tests failed due to expired svn.python.org SSL certificate
Alex Gaynor added the comment: There's good news and bad news, which do you want first? Good news, great! svn.python.org now has a certificate that's not expired, and it's even trusted by major trust stores. Bad news? The tests rely on the cert for svn.python.org specifically be a cacert one. IMO this is a bug in the tests and should be fixed. -- ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue25940> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue25578] Memory leak in SSLSocket.getpeercert() with 0-length AIA extension
Changes by Alex Gaynor <alex.gay...@gmail.com>: -- nosy: +benjamin.peterson ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue25578> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue25569] Memory leak in SSLSocket.getpeercert()
Alex Gaynor added the comment: fixed -- status: open -> closed ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue25569> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue25613] fix ssl tests with sslv3 disabled
Alex Gaynor added the comment: Does this issue still occur on default? https://hg.python.org/cpython/rev/d80954d941c7 -- nosy: +alex ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue25613> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue25578] Memory leak in SSLSocket.getpeercert() with 0-length AIA extension
New submission from Alex Gaynor:
Test.
Put this certificate in a file:
-BEGIN CERTIFICATE-
MIICjTCCAXWgAwIBAgIBADANBgkqhkiG9w0BAQsFADAAMB4XDTE1MTEwNzE1MTAw
NVoXDTE1MTEwNzE1MTAwNVowADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKiZ3rzOM1m6toThRtkwgZzjuVVdapwU63yoXmp91f14pfO1z5XIkVAP1Sz/
nK5Ti95LRmgPOzbIQHyNv2k2IOIbHL52y4AwWTa2G1EF3NvD9Tp6Zs85GFf7T5/N
WnlqHHPZhAHpgHL2xjBWnnhVojDm6fgxE6OI0aFarLlO0FBs3PLgIoxY4RRPVYaz
toP9G8ezbdGWGhaCqKO+ZjrCoQ2JNIdk4WsuGrZbCnGvGzFm+uhvs68IbJM4Mfm6
mAO85UfjdHsyacs5MYYsb7GyzrkGnLwWNcK5NdZiJwzwxBYpbchj5hYIsYjIVAL6
0BE4qG7wnJcHq1rvBeNgp7fP06kCAwEAAaMSMBAwDgYIKwYBBQUHAQEEAjAAMA0G
CSqGSIb3DQEBCwUAA4IBAQBS+2YG56erPLavJ3PvP+DekHOuIakT3l6GCiDGsufO
owdPxqsUZcCHlYjn6E50dLoKN0N6ECoKB0bIsA2EuwY08MSgtD4dA93jTXsdvWcX
2QMIM11LIGLyJIZRgUeMdHAbsb9qdpWFXX6smDGLBBKHCIFwu/4qSXU+Gf5d2DMl
edMDMkbgv3B8Q+7pCi7AgUOaZXPTbpHCdYnT2t+z3gNgyiXBH5wJNkrkK5tmawNb
88+Kxa00mbYoSEPaz7E/zBB/W1NpoZCOgEq4t9Uuk7hm10htbKoyM7FxVpBEJkPE
XpUdSNdClrHN36j1iB1NeFuOlxNVbD5FtMXx/wgX0B28
-END CERTIFICATE-
And run this script:
import _ssl
def main():
while True:
_ssl._test_decode_cert("/path/to/cert.pem")
main()
Patch is attached
--
files: aia.diff
keywords: needs review, patch
messages: 254275
nosy: alex, christian.heimes, dstufft, giampaolo.rodola, janssen, pitrou
priority: normal
severity: normal
status: open
title: Memory leak in SSLSocket.getpeercert() with 0-length AIA extension
versions: Python 2.7, Python 3.5, Python 3.6
Added file: http://bugs.python.org/file40973/aia.diff
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue25578>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue25569] Memory leak in SSLSocket.getpeercert()
Alex Gaynor added the comment: Tests pass and the original script runs without a leak using this patch. It could probably be shorter if we converted from local returns to `goto fail` or something, but I don't really have an opinion. -- ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue25569> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue25569] Memory leak in SSLSocket.getpeercert()
New submission from Alex Gaynor:
Run the following code:
import socket
import ssl
import sys
def main():
ctx = ssl.create_default_context()
s = socket.create_connection(('www.bing.com', 443))
s = ctx.wrap_socket(s, server_hostname='www.bing.com')
while True:
s.getpeercert()
sys.stderr.write('.')
sys.stderr.flush()
if __name__ == '__main__':
main()
and observe memory usage, you'll see it increases by a MB/s or so.
--
messages: 254210
nosy: alex
priority: normal
severity: normal
status: open
title: Memory leak in SSLSocket.getpeercert()
versions: Python 2.7, Python 3.5, Python 3.6
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue25569>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue25569] Memory leak in SSLSocket.getpeercert()
Changes by Alex Gaynor <alex.gay...@gmail.com>: -- nosy: +christian.heimes, dstufft, giampaolo.rodola, janssen, pitrou ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue25569> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue25569] Memory leak in SSLSocket.getpeercert()
Alex Gaynor added the comment: A probably source of the leak is here: https://github.com/python/cpython/blob/master/Modules/_ssl.c#L1073-L1076 `dps` is never freed. (This is with OpenSSL 0.9.8zg) -- ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue25569> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue25569] Memory leak in SSLSocket.getpeercert()
Alex Gaynor added the comment: I think you want sk_DIST_POINT_free actually. -- ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue25569> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue25530] ssl: OP_NO_SSLv3 should always be set unless a user specifically asks for it
Alex Gaynor added the comment: Oops, there were a few failing tests on that patch. New one is green -- Added file: http://bugs.python.org/file40927/sslv3.diff ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue25530> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue25530] ssl: OP_NO_SSLv3 should always be set unless a user specifically asks for it
New submission from Alex Gaynor: SSLv3 is broken, both _create_unverified_context and create_default_context turn it off, but we should make all contexts turn it off, like we do for SSLv2. A patch is attached. -- components: Library (Lib) files: sslv3.diff keywords: needs review, patch, security_issue messages: 253868 nosy: alex, christian.heimes, dstufft, giampaolo.rodola, janssen, pitrou priority: normal severity: normal status: open title: ssl: OP_NO_SSLv3 should always be set unless a user specifically asks for it versions: Python 2.7, Python 3.5, Python 3.6 Added file: http://bugs.python.org/file40920/sslv3.diff ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue25530> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue25515] Always use os.urandom for generating uuid4s
Alex Gaynor added the comment: (Note that the speed difference would be even bigger on a recent python, 2.7.3 was before the file descriptor was cached for os.urandom) -- ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue25515> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue25515] Always use os.urandom for generating uuid4s
New submission from Alex Gaynor: Right now uuid4 can be implemented one of 3 ways: - If there's a libuuid (and it's not OS X's) it uses that. - Fallback to os.urandom - If that raises an exception, fall back to the random module I propose to simplify this to _just_ use os.urandom always. Reasons: - Its security properties are more obviously correct. (There's a large comment in uuid.py about how libuuid doees the wrong thing with fork on OS X, who knows if it's correct on other platforms) - It's simpler. - It's faster: a_gaynor@miranda:~$ python -mtimeit -s "import uuid; import os; import ctypes" "_buffer = ctypes.create_string_buffer(16); uuid._uuid_generate_random(_buffer); bytes(_buffer.raw)" 10 loops, best of 3: 10 usec per loop a_gaynor@miranda:~$ python -mtimeit -s "import uuid; import os; import ctypes" "_buffer = ctypes.create_string_buffer(16); uuid._uuid_generate_random(_buffer); bytes(_buffer.raw)" 10 loops, best of 3: 10.3 usec per loop a_gaynor@miranda:~$ python -mtimeit -s "import uuid; import os; import ctypes" "_buffer = ctypes.create_string_buffer(16); uuid._uuid_generate_random(_buffer); bytes(_buffer.raw)" 10 loops, best of 3: 9.99 usec per loop a_gaynor@miranda:~$ python -mtimeit -s "import uuid; import os; import ctypes" "_buffer = ctypes.create_string_buffer(16); uuid._uuid_generate_random(_buffer); bytes(_buffer.raw)" 10 loops, best of 3: 10.2 usec per loop a_gaynor@miranda:~$ python -mtimeit -s "import uuid; import os; import ctypes" "_buffer = ctypes.create_string_buffer(16); uuid._uuid_generate_random(_buffer); bytes(_buffer.raw)" 10 loops, best of 3: 10.2 usec per loop a_gaynor@miranda:~$ a_gaynor@miranda:~$ a_gaynor@miranda:~$ a_gaynor@miranda:~$ a_gaynor@miranda:~$ python -mtimeit -s "import uuid; import os; import ctypes" "os.urandom(16)" 10 loops, best of 3: 8.94 usec per loop a_gaynor@miranda:~$ python -mtimeit -s "import uuid; import os; import ctypes" "os.urandom(16)" 10 loops, best of 3: 8.92 usec per loop a_gaynor@miranda:~$ python -mtimeit -s "import uuid; import os; import ctypes" "os.urandom(16)" 10 loops, best of 3: 8.97 usec per loop a_gaynor@miranda:~$ python -mtimeit -s "import uuid; import os; import ctypes" "os.urandom(16)" 10 loops, best of 3: 8.93 usec per loop a_gaynor@miranda:~$ python -mtimeit -s "import uuid; import os; import ctypes" "os.urandom(16)" 10 loops, best of 3: 8.94 usec per loop a_gaynor@miranda:~$ a_gaynor@miranda:~$ a_gaynor@miranda:~$ python --version Python 2.7.3 -- components: Library (Lib) files: uuid.diff keywords: needs review, patch messages: 253697 nosy: alex, dstufft priority: normal severity: normal status: open title: Always use os.urandom for generating uuid4s versions: Python 2.7, Python 3.5, Python 3.6 Added file: http://bugs.python.org/file40899/uuid.diff ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue25515> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue24432] Upgrade windows builds to use OpenSSL 1.0.2b
New submission from Alex Gaynor: https://www.openssl.org/news/secadv_20150611.txt -- components: Library (Lib) keywords: security_issue messages: 245173 nosy: alex, christian.heimes, dstufft, giampaolo.rodola, janssen, paul.moore, pitrou, steve.dower, tim.golden, zach.ware priority: normal severity: normal status: open title: Upgrade windows builds to use OpenSSL 1.0.2b ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue24432 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue24158] Error of the hint of upgrading pip
Changes by Alex Gaynor alex.gay...@gmail.com: -- nosy: +dstufft, ncoghlan ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue24158 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue24107] Add support for retrieving the certificate chain
Changes by Alex Gaynor alex.gay...@gmail.com: -- nosy: +alex, christian.heimes, dstufft, giampaolo.rodola, janssen, pitrou ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue24107 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
