Antoine Pitrou pit...@free.fr added the comment:
This was committed in r81392.
--
resolution: - fixed
stage: patch review - committed/rejected
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue4870
Antoine Pitrou pit...@free.fr added the comment:
I would like to move forward on this. Does anyone have any comments or
objections to the current proposal?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue4870
Giampaolo Rodola' g.rod...@gmail.com added the comment:
I like the approach of providing this feature as a single attribute instead of
two separate methods (set/get_options()).
For what it's worth, I took a look at the patch without actually trying it, and
it looks good overall, both tests and
Antoine Pitrou pit...@free.fr added the comment:
Here is an updated patch, following checkin of the new SSL contexts. Options
can be specified as an `options` property on SSL contexts.
--
nosy: +exarkun, heikki
Added file: http://bugs.python.org/file17373/sslopts3.patch
Changes by Antoine Pitrou pit...@free.fr:
Removed file: http://bugs.python.org/file17373/sslopts3.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue4870
___
Changes by Antoine Pitrou pit...@free.fr:
Added file: http://bugs.python.org/file17374/sslopts3.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue4870
___
Antoine Pitrou pit...@free.fr added the comment:
Updated patch adds a couple of words about SSLv2 in the security
considerations paragraph. Reviewing is welcome.
--
Added file: http://bugs.python.org/file17375/sslopts3.patch
___
Python tracker
Changes by Antoine Pitrou pit...@free.fr:
Removed file: http://bugs.python.org/file17374/sslopts3.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue4870
___
Antoine Pitrou pit...@free.fr added the comment:
It turns out SSL_CTX_clear_options() is not available before OpenSSL 0.9.8m. I
adapted my patch to raise a ValueError when trying to clear options on older
versions of OpenSSL. Setting additional options still works, though.
--
Added
Antoine Pitrou pit...@free.fr added the comment:
Here is an updated patch for py3k (the previous one didn't apply cleanly).
--
Added file: http://bugs.python.org/file17112/sslopts2.patch
___
Python tracker rep...@bugs.python.org
Changes by Antoine Pitrou pit...@free.fr:
--
resolution: accepted -
versions: +Python 3.2 -Python 2.6, Python 2.7, Python 3.0, Python 3.1
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue4870
Antoine Pitrou pit...@free.fr added the comment:
Here is an adapted patch for py3k. It also adds a couple of test cases.
--
nosy: +pitrou
Added file: http://bugs.python.org/file17016/sslopts.patch
___
Python tracker rep...@bugs.python.org
Jeremy Kloth jeremy.kl...@gmail.com added the comment:
I have developed a patch that adds the ability to disable SSLv2, SSlv3 and
TLSv1 when using the SSLv23 method. It changes Modules/_ssl.c, Lib/ssl.py and
Doc/library/ssl.rst.
--
keywords: +patch
nosy: +jeremy.kloth
Added file:
Changes by Brian Curtin cur...@acm.org:
--
priority: - normal
stage: needs patch - patch review
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue4870
___
New submission from Giampaolo Rodola' billiej...@users.sourceforge.net:
As came out here:
http://groups.google.it/group/comp.lang.python/browse_thread/thread/7d5b96f9bacb03d3?hl=it#
...the ssl module does not provide any facility to disable SSL version
2. This is very important when writing
Bill Janssen bill.jans...@gmail.com added the comment:
Actually, that's not quite true. Specifying TLSv1 or SSLv3 on the
server side will disable SSLv2. However, there's currently no way to
specify SSLv3 *or* TLSv1 *but not* SSLv2. This looks easy to fix; I'll
add another entry to the list of
Giampaolo Rodola' billiej...@users.sourceforge.net added the comment:
Actually, that's not quite true.
Specifying TLSv1 or SSLv3 on the
server side will disable SSLv2.
There are use cases like FTPS where it is desirable that servers support
SSLv3 *and* TLSv1.
To do that by using OpenSSL
17 matches
Mail list logo