Change by Christian Heimes :
--
pull_requests: +24293
pull_request: https://github.com/python/cpython/pull/25574
___
Python tracker
<https://bugs.python.org/issue43
Change by Christian Heimes :
--
pull_requests: +24292
pull_request: https://github.com/python/cpython/pull/25573
___
Python tracker
<https://bugs.python.org/issue37
Change by Christian Heimes :
--
pull_requests: +24291
pull_request: https://github.com/python/cpython/pull/25572
___
Python tracker
<https://bugs.python.org/issue37
Christian Heimes added the comment:
New changeset a460ab3134cd5cf3932c2125aec012851268f0cc by Christian Heimes in
branch 'master':
bpo-41282: Consistent message and filter warning in setup.py (GH-25571)
https://github.com/python/cpython/commit/a460ab3134cd5cf3932c2125aec012851268f0cc
Change by Christian Heimes :
--
pull_requests: +24290
pull_request: https://github.com/python/cpython/pull/25571
___
Python tracker
<https://bugs.python.org/issue41
Christian Heimes added the comment:
New changeset c8666cfa7cdc48915a14cd16095a69029720736a by Christian Heimes in
branch 'master':
bpo-37322: Fix ResourceWarning and exception handling in test (GH-25553)
https://github.com/python/cpython/commit/c8666cfa7cdc48915a14cd16095a69029720736a
Christian Heimes added the comment:
New changeset f05c2aed7e25087122613b51f152919c79641f66 by Christian Heimes in
branch 'master':
bpo-31870: Fix test_get_server_certificate_timeout on Windows (GH-25570)
https://github.com/python/cpython/commit/f05c2aed7e25087122613b51f152919c79641f66
Change by Christian Heimes :
--
pull_requests: +24289
pull_request: https://github.com/python/cpython/pull/25570
___
Python tracker
<https://bugs.python.org/issue31
Change by Christian Heimes :
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
versions: +Python 3.10 -Python 3.8
___
Python tracker
<https://bugs.python.or
Christian Heimes added the comment:
Another TLS 1.3 client cert auth test is flaky, too.
https://buildbot.python.org/all/#/builders/577/builds/14/steps/4/logs/stdio
==
FAIL: test_pha_required_nocert
Christian Heimes added the comment:
New changeset e047239eafefe8b19725efffe7756443495cf78b by Christian Heimes in
branch 'master':
bpo-43921: ignore failing test_wrong_cert_tls13 on Windows (GH-25561)
https://github.com/python/cpython/commit/e047239eafefe8b19725efffe7756443495cf78b
Change by Christian Heimes :
--
keywords: +patch
pull_requests: +24280
stage: -> patch review
pull_request: https://github.com/python/cpython/pull/25561
___
Python tracker
<https://bugs.python.org/issu
Christian Heimes added the comment:
New changeset 7d37b86ad48368cf93440ca220b758696730d0e5 by Zackery Spytz in
branch 'master':
bpo-35114: Make ssl.RAND_status() return a bool (GH-20063)
https://github.com/python/cpython/commit/7d37b86ad48368cf93440ca220b758696730d0e5
--
nosy
Christian Heimes added the comment:
Thanks Zackery!
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
versions: +Python 3.10
___
Python tracker
<https://bugs.python.or
Change by Christian Heimes :
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Christian Heimes added the comment:
New changeset 82b6c0909aae423d9c8f4ff7d0e8df16106dbe28 by Christian Heimes in
branch '3.8':
[3.8] bpo-43920: Make load_verify_locations(cadata) error message consistent
(GH-25554) (GH-25556)
https://github.com/python/cpython/commit
Christian Heimes added the comment:
New changeset e259a77f21bdfc7d4195913b379cbd6daee45d0d by Christian Heimes in
branch '3.9':
[3.9] bpo-43920: Make load_verify_locations(cadata) error message consistent
(GH-25554) (GH-2)
https://github.com/python/cpython/commit
Christian Heimes added the comment:
New changeset dcf658157df11de198a98e3db2a3050dd4f6b973 by Christian Heimes in
branch 'master':
bpo-38820: Test with OpenSSL 3.0.0-alpha15 (GH-25537)
https://github.com/python/cpython/commit/dcf658157df11de198a98e3db2a3050dd4f6b973
Change by Christian Heimes :
--
pull_requests: +24276
pull_request: https://github.com/python/cpython/pull/25556
___
Python tracker
<https://bugs.python.org/issue43
Change by Christian Heimes :
--
pull_requests: +24275
pull_request: https://github.com/python/cpython/pull/2
___
Python tracker
<https://bugs.python.org/issue43
Christian Heimes added the comment:
New changeset b9ad88be0304136c3fe5959c65a5d2c75490cd80 by Christian Heimes in
branch 'master':
bpo-43920: Make load_verify_locations(cadata) error message consistent
(GH-25554)
https://github.com/python/cpython/commit
Change by Christian Heimes :
--
dependencies: +OpenSSL 3.0.0: handle empty cadata consistently
___
Python tracker
<https://bugs.python.org/issue38820>
___
___
Change by Christian Heimes :
--
nosy: +steve.dower
___
Python tracker
<https://bugs.python.org/issue43921>
___
___
Python-bugs-list mailing list
Unsubscribe:
Change by Christian Heimes :
--
keywords: +patch
pull_requests: +24274
stage: -> patch review
pull_request: https://github.com/python/cpython/pull/25554
___
Python tracker
<https://bugs.python.org/issu
New submission from Christian Heimes :
OpenSSL 3.0.0-alpha15 handles empty data input to d2i_X509_bio() and
PEM_read_bio_X509() differently. This causes cadata test for invalid data to
fail with inconsistent error message.
Let's handle 0 result case more consistent and raise an error message
Change by Christian Heimes :
--
pull_requests: +24273
pull_request: https://github.com/python/cpython/pull/25553
___
Python tracker
<https://bugs.python.org/issue37
Christian Heimes added the comment:
Thanks Victor, let's handle the issue in bpo-37322 instead.
--
resolution: -> duplicate
stage: patch review -> resolved
status: open -> closed
superseder: -> test_ssl: test_pha_required_nocert() emits a Res
Christian Heimes added the comment:
I wasn't aware of this bpo and created bpo-43885 a couple of days ago.
tl;dr I do not understand test changes in
fb7e7505ed1337bf40fa7b8b68317d1e86675a86 at all. I think that these changes are
broken, too. ThreadedEchoServer and ConnectionHandler must
Change by Christian Heimes :
--
pull_requests: +24256
pull_request: https://github.com/python/cpython/pull/25537
___
Python tracker
<https://bugs.python.org/issue38
Christian Heimes added the comment:
Funny, I was looking into the same issue with CDLL(). :)
The trick with ssl._ssl.__file__ may even break if users change
sys.setdlopenflag() from RTLD_GLOBAL to RTLD_LOCAL. Static linking will also
influence which symbols are available.
Python
Christian Heimes added the comment:
I don't want to import ctypes from the ssl module code.
PyCapsule could be a solution for the problem. Users would have to call
PyCapsule_Import("_ssl.capsule") and PyCapsule_GetPointer() to access a struct
with additional methods. It's a bit
New submission from Christian Heimes :
Python's ssl module exposes a limited and opinionated set of knobs to tune
OpenSSL's behavior. Each new setter, getter, or function must be carefully
design, tested, and documented. For each feature OpenSSL's C API must be
converted into a Pythonic
Christian Heimes added the comment:
I'm unassigning myself. This seems to be an asyncio-specific behavior.
--
assignee: christian.heimes ->
components: -SSL
versions: +Python 3.10, Python 3.11, Python 3.9 -Python 3.6, Python 3.7
___
Pyt
Christian Heimes added the comment:
I'm removing the SSL component. The issue here seems to be caused by the way
how ftplib use the ssl module, not by a problem in the ssl module itself.
--
components: +Library (Lib) -SSL, Windows
versions: +Python 3.10, Python 3.9 -Python 3.6
Christian Heimes added the comment:
OpenSSL feature request: https://github.com/openssl/openssl/issues/11560
--
versions: +Python 3.10 -Python 3.7
___
Python tracker
<https://bugs.python.org/issue40
Christian Heimes added the comment:
New changeset 3309113d6131e4bbac570c4f54175ecca02d025a by Christian Heimes in
branch 'master':
bpo-43799: Also define SSLv3_method() (GH-25481)
https://github.com/python/cpython/commit/3309113d6131e4bbac570c4f54175ecca02d025a
Christian Heimes added the comment:
I guess so.
We turned CERT_NONE into an IntFlag enum many years ago. urlencode() uses repr
to convert integer enums.
--
nosy: +christian.heimes
___
Python tracker
<https://bugs.python.org/issue33
Change by Christian Heimes :
--
pull_requests: +24206
pull_request: https://github.com/python/cpython/pull/25481
___
Python tracker
<https://bugs.python.org/issue43
Christian Heimes added the comment:
I'm closing the ticket as out of date. Please feel free to reopen the ticket if
you can reproduce the problem with a more recent version of Python.
--
nosy: +christian.heimes
stage: -> resolved
status: pending ->
Christian Heimes added the comment:
Ethan, what's your platform and OpenSSL version?
--
resolution: fixed ->
status: closed -> open
___
Python tracker
<https://bugs.python.org/i
Change by Christian Heimes :
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Christian Heimes added the comment:
I don't think there is anything left to do.
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Change by Christian Heimes :
--
dependencies: -Run GHA CI with multiple OpenSSL versions
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Christian Heimes added the comment:
Python 3.7 no longer receives regular updates. Please feel free to reopen the
bug if you can reproduce the issue with a more recent Python and OpenSSL
version.
--
resolution: -> out of date
stage: -> resolved
status: open -&g
Christian Heimes added the comment:
Josh, could you please rebase your branch and create a pull request? The PR
process will verify that you have submitted a CLA.
--
___
Python tracker
<https://bugs.python.org/issue37
Christian Heimes added the comment:
There is no progress on the OpenSSL bug yet.
--
versions: +Python 3.10, Python 3.9
___
Python tracker
<https://bugs.python.org/issue41
Christian Heimes added the comment:
Python 3.10 contains various improvements that make it easier to compile and
link Python with a custom OpenSSL installation. You can find more information
in ticket bpo-43466.
--
resolution: -> fixed
stage: -> resolved
status: open -&g
Change by Christian Heimes :
--
assignee: christian.heimes ->
components: -SSL
title: urllib.requests.urlopen doesn't support cadata= ->
urllib.requests.urlopen: deprecate cafile=None, capath=None, cadefault=False
versions: +Python 3.10 -Python 3.8, Pyth
Change by Christian Heimes :
--
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.org/issue37120>
___
___
Pyth
Christian Heimes added the comment:
There is no easy fix for that. The TLS handskae is performed by OpenSSL
internally. You could open a feature request with OpenSSL and ask them to
implement better error detection and reporting.
--
resolution: -> wont fix
stage: -> re
Christian Heimes added the comment:
I'm closing this issue as duplicate of #36137. There is no need to keep two
issues open for the same problem.
--
resolution: -> duplicate
stage: -> resolved
status: open -> closed
superseder: -> SSL verification fails for some
Christian Heimes added the comment:
I don't think is anything left to do here. PHA has been supported for a while
and I haven't seen any problems.
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
___
Pytho
Christian Heimes added the comment:
3.10 now supports only OpenSSL versions that return the correct value. Older
Python versions may return wrong value when they are linked with OpenSSL 1.1.0
or 1.0.2.
--
resolution: -> third party
stage: -> resolved
status: open -&g
Christian Heimes added the comment:
I'm leaving the issue open as a reminder to improve whatsnew documentation.
--
priority: high -> normal
___
Python tracker
<https://bugs.python.org/issu
Change by Christian Heimes :
--
resolution: -> fixed
stage: -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.org/issue40849>
___
___
New submission from Christian Heimes :
bpo-35926 and fb7e7505ed1337bf40fa7b8b68317d1e86675a86 introduced code that is
triggered resource errors and unhandled exceptions. It has been bothering me
for a while but I could never pin point the issue. Victor's and Hai's commits
e80697d687b6
Christian Heimes added the comment:
New changeset d37b74f341c5a215e2fdd5eb4f8c0182f327635c by Christian Heimes in
branch 'master':
bpo-43669: More test_ssl cleanups (GH-25470)
https://github.com/python/cpython/commit/d37b74f341c5a215e2fdd5eb4f8c0182f327635c
Change by Christian Heimes :
--
pull_requests: +24195
pull_request: https://github.com/python/cpython/pull/25470
___
Python tracker
<https://bugs.python.org/issue43
Christian Heimes added the comment:
New changeset 2875c603b2a7691b55c2046aca54831c91efda8e by Christian Heimes in
branch 'master':
bpo-43880: Show DeprecationWarnings for deprecated ssl module features
(GH-25455)
https://github.com/python/cpython/commit
Change by Christian Heimes :
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Christian Heimes added the comment:
New changeset 89d1550d14ba689af12eeb726e4ff8ce73cee7e1 by Christian Heimes in
branch 'master':
bpo-42854: Use SSL_read/write_ex() (GH-25468)
https://github.com/python/cpython/commit/89d1550d14ba689af12eeb726e4ff8ce73cee7e1
Christian Heimes added the comment:
3.10 feature freeze is in two weeks (May 3). I don't feel comfortable to add so
much new C code shortly before beta 1. If I understandly correctly the code is
new and hasn't been published on PyPI yet. I also don't have much time to
properly review
Christian Heimes added the comment:
Python 3.10 will use SSL_write_ex() and SSL_read_ex(), which support > 2 GB
data.
--
versions: -Python 3.10
___
Python tracker
<https://bugs.python.org/issu
Christian Heimes added the comment:
SSL_write_ex() and SSL_read_ex() solve two issues:
* bpo-42853: SSLSocket no longer raises overflow error when sending or
receiving more than 2 GB of data
* bpo-31711: empty send(b"") no longer fails with protocol violation
Christian Heimes added the comment:
Thanks to PEP 644 the issue will be fixed in 3.10 by using SSL_read_ex and
SSL_write_ex() functions. I couldn't use the functions earlier because Python
had to support older OpenSSL versions and LibreSSL.
See https://github.com/python/cpython/pull/25468
Change by Christian Heimes :
--
keywords: +patch
pull_requests: +24193
stage: needs patch -> patch review
pull_request: https://github.com/python/cpython/pull/25468
___
Python tracker
<https://bugs.python.org/issu
Change by Christian Heimes :
--
pull_requests: +24191
pull_request: https://github.com/python/cpython/pull/25467
___
Python tracker
<https://bugs.python.org/issue18
Christian Heimes added the comment:
Thanks!
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
versions: +Python 3.10 -Python 3.7
___
Python tracker
<https://bugs.python.or
Christian Heimes added the comment:
Thanks!
--
nosy: +christian.heimes
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Christian Heimes added the comment:
The issue affected Python 3.10a1 to latest alpha. 3.9 and earlier are not
affected.
Thanks!
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
versions: -Python 3.8, P
Christian Heimes added the comment:
New changeset aa6da32edc3c6ddfda5e849561e20273b8d82771 by Christian Heimes in
branch 'master':
bpo-43362: Fix invalid free and return check in _sha3 module (GH-25463)
https://github.com/python/cpython/commit/aa6da32edc3c6ddfda5e849561e20273b8d82771
Change by Christian Heimes :
--
pull_requests: +24189
pull_request: https://github.com/python/cpython/pull/25463
___
Python tracker
<https://bugs.python.org/issue43
Christian Heimes added the comment:
Excellent finding! The issue was introduced in commit
93d50a6a8d0c5d332c11aef267e66573a09765ac as part of bpo-1635741
--
___
Python tracker
<https://bugs.python.org/issue43
Change by Christian Heimes :
--
assignee: -> christian.heimes
nosy: +christian.heimes
type: crash -> behavior
versions: +Python 3.8, Python 3.9
___
Python tracker
<https://bugs.python.org/i
Change by Christian Heimes :
--
resolution: -> out of date
stage: -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Change by Christian Heimes :
--
resolution: -> out of date
stage: -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Christian Heimes added the comment:
I decided against the approach.
--
resolution: -> rejected
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Christian Heimes added the comment:
The issue has been fixed by fbf94af2af3c09493481b8559b84f6e9f0628c37 in on
2020-Jun-21.
--
resolution: -> fixed
stage: -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Change by Christian Heimes :
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Change by Christian Heimes :
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Change by Christian Heimes :
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Change by Christian Heimes :
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Change by Christian Heimes :
--
assignee: christian.heimes ->
components: -SSL
nosy: -christian.heimes
versions: +Python 3.10 -Python 3.7
___
Python tracker
<https://bugs.python.org/issu
Christian Heimes added the comment:
Python 2.7 is out of supports. 3.6 will reach end of security support soon.
More recent Python versions have TLS 1.0 and 1.1 deprecated and contain
workarounds for tests.
--
resolution: -> out of date
stage: patch review -> resolved
status
Christian Heimes added the comment:
We are no longer testing with any OpenSSL version that has SSL 2.0 enabled or
even available.
--
resolution: -> out of date
stage: -> resolved
status: open -> closed
___
Python tracke
Change by Christian Heimes :
--
components: -SSL
nosy: -christian.heimes
versions: +Python 3.10, Python 3.8, Python 3.9 -Python 3.6, Python 3.7
___
Python tracker
<https://bugs.python.org/issue33
Christian Heimes added the comment:
The issue has been stale for over two years. Closing.
--
resolution: -> out of date
stage: -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Christian Heimes added the comment:
You are correct. The ssl.get_server_certificate() helper function performs a
full handshake and then returns the certificate. It's technically possible to
get the cert chain from the ServerHello message, but Python does not provide an
API for that.
I
Christian Heimes added the comment:
Nathaniel, is this still an issue with recent OpenSSL and Python versions?
--
status: open -> pending
___
Python tracker
<https://bugs.python.org/issu
Christian Heimes added the comment:
3.6 will be out of support very soon. I'm closing this old bug as wontfix.
Thanks for your investigation! :)
--
resolution: -> wont fix
status: open -> closed
___
Python tracker
<https://bugs.p
Change by Christian Heimes :
--
resolution: -> fixed
stage: -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.org/issue39344>
___
___
Christian Heimes added the comment:
I'm closing the issue as outdated.
--
resolution: -> out of date
stage: -> resolved
status: open -> closed
type: -> behavior
___
Python tracker
<https://bugs.python
Change by Christian Heimes :
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Christian Heimes added the comment:
Python 2 is out of support. Python 3 can verify IP addresses in certificates
correctly.
--
resolution: -> out of date
stage: needs patch -> resolved
status: open -> closed
___
Python tracke
Christian Heimes added the comment:
No response in over two years. I'm closing the issue. Please feel free to
reopen the issue with more information.
--
resolution: -> out of date
stage: -> resolved
status: open -> closed
___
Pytho
Christian Heimes added the comment:
The getter is available in 3.10. Thanks for your contribution!
--
resolution: -> fixed
stage: patch review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Christian Heimes added the comment:
I haven't seen the problem in a while.
--
resolution: -> fixed
stage: commit review -> resolved
status: open -> closed
___
Python tracker
<https://bugs.python.or
Christian Heimes added the comment:
I have removed the code from master. Do you want to remove it from 3.9 and 3.8
or should we just ignore the dead code?
--
resolution: -> fixed
status: open -> pending
___
Python tracker
Christian Heimes added the comment:
The op hasn't replied in three months. I'm closing the issue. Please feel free
to reopen the issue with more information.
--
resolution: -> out of date
stage: -> resolved
status: open -> closed
type: crash -&
Christian Heimes added the comment:
3.10 branch now requires OpenSSL 1.1.1. This should be easy to implement.
--
keywords: +easy (C)
priority: normal -> high
stage: -> needs patch
___
Python tracker
<https://bugs.python.org/i
1001 - 1100 of 6455 matches
Mail list logo