delta/python-packages/pyopenssl.git/src/OpenSSL/SSL.py, branch dependabot/github_actions/actions/setup-python-2.3.1 github.com: pyca/pyopenssl.git remove SSL_CTX_set_ecdh_auto call (#1059) 2021-11-03T22:45:09+00:00 Paul Kehrer paul.l.kehrer@gmail.com 2021-11-03T22:45:09+00:00 c8fe4dd5e91b00a5817db283c6198ef7031da825 They are a noop on 1.1.0+ and pyOpenSSL only supports 1.1.0+ now due to cryptography versions 
They are a noop on 1.1.0+ and pyOpenSSL only supports 1.1.0+ now due to
cryptography versions
 Expose some DTLS-related features (#1026) 2021-11-02T06:30:36+00:00 Nathaniel J. Smith njs@pobox.com 2021-11-02T06:30:36+00:00 e84e7b57d1838de70ab7a27089fbee78ce0d2106 * Expose DTLS_METHOD and friends * Expose OP_NO_RENEGOTIATION * Expose DTLS MTU-related functions * Expose DTLSv1_listen and associated callbacks * Add a basic DTLS test * Cope with old versions of openssl/libressl * blacken * Soothe flake8 * Add temporary hack to skip DTLS test on old cryptography versions * Update for cryptography v35 release * Add changelog entry * Fix versionadded:: * get_cleartext_mtu doesn't exist on decrepit old openssl * Rewrite DTLS test to work around stupid OpenSSL misbehavior * flake8 go away * minor tidying 
* Expose DTLS_METHOD and friends

* Expose OP_NO_RENEGOTIATION

* Expose DTLS MTU-related functions

* Expose DTLSv1_listen and associated callbacks

* Add a basic DTLS test

* Cope with old versions of openssl/libressl

* blacken

* Soothe flake8

* Add temporary hack to skip DTLS test on old cryptography versions

* Update for cryptography v35 release

* Add changelog entry

* Fix versionadded::

* get_cleartext_mtu doesn't exist on decrepit old openssl

* Rewrite DTLS test to work around stupid OpenSSL misbehavior

* flake8 go away

* minor tidying
 Check for invalid ALPN lists before calling OpenSSL, for consistency (#1056) 2021-10-27T22:37:33+00:00 Nathaniel J. Smith njs@pobox.com 2021-10-27T22:37:33+00:00 45c5678e48839e08cd290285c052a65ecb4cac80 * Check for invalid ALPN lists before calling OpenSSL, for consistency Fixes gh-1043 * Soothe flake8 
* Check for invalid ALPN lists before calling OpenSSL, for consistency

Fixes gh-1043

* Soothe flake8
 py27 going, going, gone (#1047) 2021-10-04T08:22:33+00:00 Paul Kehrer paul.l.kehrer@gmail.com 2021-10-04T08:22:33+00:00 a42ec20880d44150022b8cd9c852fff6cca2dcaa * py27 going, going, gone * black * more black * ok then * forgot to remove pypy2 
* py27 going, going, gone

* black

* more black

* ok then

* forgot to remove pypy2
 add `NO_OVERLAPPING_PROTOCOLS` to `__all__` (#1025) 2021-06-30T20:32:58+00:00 Maximilian Hils git@maximilianhils.com 2021-06-30T20:32:58+00:00 c062a5d27932b57db9df32720966f54b36c95efb 






Add SSL_CTX_set_min_proto_version/SSL_CTX_set_max_proto_version bindings (#985)
2021-03-10T21:35:24+00:00

Maximilian Hils
git@maximilianhils.com

2021-03-10T21:35:24+00:00

5dc698861c91b4aa83b284b282c0e91cdcee49a3

* add Context.set_*_proto_version, fix #860

* docs: add new openssl tls methods

* accept the fact that nothing can be taken for granted

* bump minimum required cryptography version to 3.3

* drop support for Python 3.5

* use binary wheels for cryptography

* Revert "use binary wheels for cryptography"

This reverts commit 91a04c612ed1d0dd9fd541dfefe21cac7c25b1c1.

* docker ci: compile cryptography with rust




* add Context.set_*_proto_version, fix #860

* docs: add new openssl tls methods

* accept the fact that nothing can be taken for granted

* bump minimum required cryptography version to 3.3

* drop support for Python 3.5

* use binary wheels for cryptography

* Revert "use binary wheels for cryptography"

This reverts commit 91a04c612ed1d0dd9fd541dfefe21cac7c25b1c1.

* docker ci: compile cryptography with rust






Check return code of SSL_[CTX_]set_alpn_protos (#993)
2021-02-17T19:06:26+00:00

Maximilian Hils
git@maximilianhils.com

2021-02-17T19:06:26+00:00

614d6737d84294b038eead384100e2a7a65f717b

* check return code of SSL_CTX_set_alpn_protos, fix #992

* paint it black!

* fix line lengths as well :upside_down_face:




* check return code of SSL_CTX_set_alpn_protos, fix #992

* paint it black!

* fix line lengths as well :upside_down_face:






cleanup from_buffer now that we just use cffi natively (#989)
2021-01-16T16:41:11+00:00

Alex Gaynor
alex.gaynor@gmail.com

2021-01-16T16:41:11+00:00

90f09650e289022e10570702eaf007f44d1cac05












Fix for running on OpenSSL 1.1.0 + CI (#978)
2020-12-15T03:57:52+00:00

Alex Gaynor
alex.gaynor@gmail.com

2020-12-15T03:57:52+00:00

cdbfd828fcbfdd21c61bde6ceb9db6a6329605f0

* Test on OpenSSL 1.1.0 w/ Debian stretch

* Make pyOpenSSL compatible with openssl 1.1.0 again

Co-authored-by: Shane Harvey <shnhrv@gmail.com>




* Test on OpenSSL 1.1.0 w/ Debian stretch

* Make pyOpenSSL compatible with openssl 1.1.0 again

Co-authored-by: Shane Harvey <shnhrv@gmail.com>






Keep reference to SSL verify_call in Connection object (#956)
2020-11-27T18:29:49+00:00

Arne Schwabe
arne@rfc2549.org

2020-11-27T18:29:49+00:00

3562df8732f66848342874526d0ce12392d7d62e

* Keep reference to SSL verify_call in Connection object

If a set_verify is used on a context before and after a Connection
the reference in the SSL* object still points to the old _verify_helper
object. Since this object has no longer any references to it, the
callback can result in a segfault.

This commit fixes the issues by ensuring that as long as the
Connection object/SSL* object lives a reference to the callback
function is held.

* Add Unit test for set_verify_callback deference




* Keep reference to SSL verify_call in Connection object

If a set_verify is used on a context before and after a Connection
the reference in the SSL* object still points to the old _verify_helper
object. Since this object has no longer any references to it, the
callback can result in a segfault.

This commit fixes the issues by ensuring that as long as the
Connection object/SSL* object lives a reference to the callback
function is held.

* Add Unit test for set_verify_callback deference