| Mon, 17 Oct 2016 23:16:55 +0200 |
Mads Kiilerich |
spelling: fixes of non-dictionary words
|
| Wed, 19 Oct 2016 18:06:14 +0200 |
Gábor Stefanik |
sslutil: guard against broken certifi installations (issue5406)
stable
|
| Tue, 13 Sep 2016 17:46:29 +0200 |
Pierre-Yves David |
ssl: handle a difference in SSLError with pypy (issue5348)
|
| Mon, 25 Jul 2016 12:00:55 -0700 |
Gregory Szorc |
sslutil: work around SSLContext.get_ca_certs bug on Windows (issue5313)
stable
|
| Tue, 19 Jul 2016 21:09:58 -0700 |
Gregory Szorc |
sslutil: improve messaging around unsupported protocols (issue5303)
stable
|
| Tue, 19 Jul 2016 20:30:29 -0700 |
Gregory Szorc |
sslutil: capture string string representation of protocol
stable
|
| Tue, 19 Jul 2016 20:16:51 -0700 |
Gregory Szorc |
sslutil: allow TLS 1.0 when --insecure is used
stable
|
| Mon, 18 Jul 2016 11:27:27 -0700 |
Gregory Szorc |
sslutil: more robustly detect protocol support
|
| Sun, 17 Jul 2016 11:03:08 -0700 |
Gregory Szorc |
sslutil: move comment about protocol constants
|
| Sun, 17 Jul 2016 10:59:32 -0700 |
Gregory Szorc |
sslutil: support defining cipher list
|
| Wed, 13 Jul 2016 21:49:17 -0700 |
Gregory Szorc |
sslutil: print a warning when using TLS 1.0 on legacy Python
|
| Wed, 13 Jul 2016 21:35:54 -0700 |
Gregory Szorc |
sslutil: require TLS 1.1+ when supported
|
| Thu, 14 Jul 2016 20:47:22 -0700 |
Gregory Szorc |
sslutil: config option to specify TLS protocol version
|
| Thu, 14 Jul 2016 20:07:10 -0700 |
Gregory Szorc |
sslutil: prevent CRIME
|
| Thu, 14 Jul 2016 19:56:39 -0700 |
Gregory Szorc |
sslutil: update comment about create_default_context()
|
| Thu, 14 Jul 2016 20:14:19 -0700 |
Gregory Szorc |
sslutil: implement wrapserversocket()
|
| Wed, 13 Jul 2016 19:33:52 -0700 |
Gregory Szorc |
sslutil: add assertion to prevent accidental CA usage on Windows
|
| Wed, 06 Jul 2016 22:53:22 -0700 |
Gregory Szorc |
sslutil: move context options flags to _hostsettings
|
| Wed, 06 Jul 2016 22:47:24 -0700 |
Gregory Szorc |
sslutil: move protocol determination to _hostsettings
|
| Mon, 11 Jul 2016 08:54:13 -0500 |
Matt Mackall |
merge with stable
|
| Wed, 06 Jul 2016 21:16:00 -0700 |
Gregory Szorc |
sslutil: try to find CA certficates in well-known locations
|
| Wed, 06 Jul 2016 20:46:05 -0700 |
Gregory Szorc |
sslutil: issue warning when unable to load certificates on OS X
|
| Mon, 04 Jul 2016 10:04:11 -0700 |
Gregory Szorc |
sslutil: handle default CA certificate loading on Windows
|
| Thu, 30 Jun 2016 19:54:12 -0700 |
Gregory Szorc |
sslutil: expand _defaultcacerts docstring to note calling assumptions
|
| Mon, 04 Jul 2016 10:00:56 -0700 |
Gregory Szorc |
sslutil: document the Apple OpenSSL cert trick
|
| Mon, 04 Jul 2016 09:58:45 -0700 |
Gregory Szorc |
sslutil: use certificates provided by certifi if available
|
| Fri, 01 Jul 2016 19:17:45 -0700 |
Gregory Szorc |
sslutil: don't attempt to find default CA certs file when told not to
|
| Fri, 01 Jul 2016 19:04:39 -0700 |
Gregory Szorc |
sslutil: pass ui to _defaultcacerts
|
| Fri, 01 Jul 2016 18:03:51 -0700 |
Gregory Szorc |
sslutil: change comment and logged message for found ca cert file
|
| Sat, 02 Jul 2016 09:41:40 -0700 |
Gregory Szorc |
sslutil: don't access message attribute in exception (issue5285)
stable
|
| Fri, 01 Jul 2016 16:02:56 -0500 |
Matt Mackall |
merge with stable
|
| Sun, 26 Jun 2016 19:34:48 -0700 |
Gregory Szorc |
sslutil: synchronize hostname matching logic with CPython
stable 3.8.4
|
| Wed, 29 Jun 2016 19:43:27 -0700 |
Gregory Szorc |
sslutil: emit warning when no CA certificates loaded
|
| Wed, 29 Jun 2016 19:38:24 -0700 |
Gregory Szorc |
sslutil: don't load default certificates when they aren't relevant
|
| Wed, 29 Jun 2016 19:37:38 -0700 |
Gregory Szorc |
sslutil: display a better error message when CA file loading fails
|
| Sat, 25 Jun 2016 07:26:43 -0700 |
Gregory Szorc |
sslutil: abort when unable to verify peer connection (BC)
|
| Sat, 25 Jun 2016 07:32:02 -0700 |
Gregory Szorc |
sslutil: remove out of place comment
|
| Tue, 14 Jun 2016 11:53:55 +0200 |
liscju |
i18n: translate abort messages
|
| Fri, 10 Jun 2016 00:12:33 -0400 |
Augie Fackler |
cleanup: replace uses of util.(md5|sha1|sha256|sha512) with hashlib.\1
|
| Tue, 07 Jun 2016 20:29:54 -0700 |
Gregory Szorc |
sslutil: per-host config option to define certificates
|
| Sat, 04 Jun 2016 11:16:08 -0700 |
Gregory Szorc |
sslutil: print the fingerprint from the last hash used
|
| Tue, 31 May 2016 19:21:08 -0700 |
Gregory Szorc |
sslutil: make cert fingerprints messages more actionable
|
| Mon, 30 May 2016 15:43:03 -0700 |
Gregory Szorc |
sslutil: refactor code for fingerprint matching
|
| Mon, 30 May 2016 15:42:39 -0700 |
Gregory Szorc |
sslutil: print SHA-256 fingerprint by default
|
| Mon, 30 May 2016 13:15:53 -0700 |
Gregory Szorc |
sslutil: move and change warning when cert verification is disabled
|
| Wed, 01 Jun 2016 19:57:20 -0700 |
Gregory Szorc |
sslutil: add devel.disableloaddefaultcerts to disable CA loading
|
| Mon, 30 May 2016 11:20:31 -0700 |
Gregory Szorc |
sslutil: store flag for whether cert verification is disabled
|
| Mon, 30 May 2016 11:19:43 -0700 |
Gregory Szorc |
sslutil: remove "strict" argument from validatesocket()
|
| Sat, 28 May 2016 12:58:46 -0700 |
Gregory Szorc |
sslutil: reference appropriate config section in messaging
|
| Sat, 28 May 2016 12:37:36 -0700 |
Gregory Szorc |
sslutil: allow fingerprints to be specified in [hostsecurity]
|
| Sat, 28 May 2016 11:58:28 -0700 |
Gregory Szorc |
sslutil: calculate host fingerprints from additional algorithms
|
| Sat, 28 May 2016 12:53:33 -0700 |
Gregory Szorc |
sslutil: move CA file processing into _hostsettings()
|
| Sat, 28 May 2016 11:41:21 -0700 |
Gregory Szorc |
sslutil: move SSLContext.verify_mode value into _hostsettings
|
| Sat, 28 May 2016 11:12:02 -0700 |
Gregory Szorc |
sslutil: introduce a function for determining host-specific settings
|
| Wed, 25 May 2016 19:57:31 -0700 |
Gregory Szorc |
sslutil: remove sslkwargs() (API)
|
| Wed, 25 May 2016 19:52:02 -0700 |
Gregory Szorc |
sslutil: move sslkwargs logic into internal function (API)
|
| Wed, 25 May 2016 19:43:22 -0700 |
Gregory Szorc |
sslutil: remove ui from sslkwargs (API)
|
| Sun, 15 May 2016 11:50:49 -0700 |
Gregory Szorc |
sslutil: remove redundant check of sslsocket.cipher()
|
| Sun, 15 May 2016 11:38:38 -0700 |
Gregory Szorc |
sslutil: convert socket validation from a class to a function (API)
|
| Sun, 15 May 2016 11:32:11 -0700 |
Gregory Szorc |
sslutil: store and use hostname and ui in socket instance
|
| Sun, 15 May 2016 11:25:07 -0700 |
Gregory Szorc |
sslutil: use a dict for hanging hg state off the wrapped socket
|
| Thu, 05 May 2016 19:10:18 -0700 |
Gregory Szorc |
sslutil: require serverhostname argument (API)
|
| Thu, 05 May 2016 00:46:31 -0700 |
Gregory Szorc |
sslutil: stop checking for web.cacerts=! (BC)
|
| Thu, 05 May 2016 00:38:18 -0700 |
Gregory Szorc |
sslutil: use CA loaded state to drive validation logic
|
| Thu, 05 May 2016 00:37:28 -0700 |
Gregory Szorc |
sslutil: handle ui.insecureconnections in validator
|
| Thu, 05 May 2016 00:35:45 -0700 |
Gregory Szorc |
sslutil: check for ui.insecureconnections in sslkwargs
|
| Thu, 05 May 2016 00:32:43 -0700 |
Gregory Szorc |
sslutil: make sslkwargs code even more explicit
|
| Wed, 04 May 2016 23:38:34 -0700 |
Gregory Szorc |
sslutil: move code examining _canloaddefaultcerts out of _defaultcacerts
|
| Wed, 04 May 2016 23:01:49 -0700 |
Gregory Szorc |
sslutil: further refactor sslkwargs
|
| Thu, 05 May 2016 00:31:11 -0700 |
Gregory Szorc |
sslutil: document and slightly refactor sslkwargs
|
| Sat, 30 Apr 2016 09:26:47 -0700 |
Gregory Szorc |
sslutil: restore old behavior not requiring a hostname argument (issue5210)
stable
|
| Sun, 10 Apr 2016 11:02:58 -0700 |
Gregory Szorc |
sslutil: document and slightly refactor validation logic
|
| Sun, 10 Apr 2016 11:00:41 -0700 |
Gregory Szorc |
sslutil: require a server hostname when wrapping sockets (API)
|
| Sun, 10 Apr 2016 10:59:45 -0700 |
Gregory Szorc |
sslutil: move and document verify_mode assignment
|
| Sun, 27 Mar 2016 13:13:19 -0700 |
Gregory Szorc |
sslutil: add docstring to wrapsocket()
|
| Sun, 27 Mar 2016 11:39:39 -0700 |
Gregory Szorc |
sslutil: remove indentation in wrapsocket declaration
|
| Sun, 27 Mar 2016 14:18:32 -0700 |
Gregory Szorc |
sslutil: always use SSLContext
|
| Sun, 27 Mar 2016 14:08:52 -0700 |
Gregory Szorc |
sslutil: move _canloaddefaultcerts logic
|
| Sun, 27 Mar 2016 13:50:34 -0700 |
Gregory Szorc |
sslutil: implement SSLContext class
|
| Sun, 27 Mar 2016 10:47:24 -0700 |
Gregory Szorc |
sslutil: store OP_NO_SSL* constants in module scope
|
| Sun, 27 Mar 2016 14:07:06 -0700 |
Gregory Szorc |
sslutil: better document state of security/ssl module
|
| Sat, 19 Mar 2016 10:10:09 -0700 |
Gregory Szorc |
sslutil: use preferred formatting for import syntax
|
| Sun, 13 Mar 2016 14:03:58 -0700 |
Gregory Szorc |
sslutil: allow multiple fingerprints per host
|
| Fri, 08 Jan 2016 16:27:25 +0100 |
Gábor Stefanik |
sslutil: fix reversed logic (issue5034)
stable
|
| Tue, 29 Sep 2015 16:17:32 -0700 |
Gregory Szorc |
sslutil: expose attribute indicating whether SNI is supported
|
| Thu, 08 Oct 2015 12:55:45 -0700 |
Pierre-Yves David |
error: get Abort from 'error' instead of 'util'
|
| Sat, 08 Aug 2015 19:56:22 -0700 |
Gregory Szorc |
sslutil: use absolute_import
|
| Fri, 05 Jun 2015 21:45:44 +0900 |
Yuya Nishihara |
ssl: remove CERT_REQUIRED constant that was necessary for compatibility
|
| Fri, 05 Jun 2015 21:40:59 +0900 |
Yuya Nishihara |
ssl: drop try-except clause that was necessary for ancient Python
|
| Fri, 05 Jun 2015 21:37:46 +0900 |
Yuya Nishihara |
ssl: drop support for Python < 2.6, require ssl module
|
| Fri, 05 Jun 2015 21:25:28 +0900 |
Yuya Nishihara |
ssl: rename ssl_wrap_socket() to conform to our naming convention
|
| Thu, 07 May 2015 17:15:24 +0900 |
Yuya Nishihara |
ssl: prompt passphrase of client key file via ui.getpass() (issue4648)
|
| Sat, 04 Apr 2015 14:56:18 +0900 |
Yuya Nishihara |
ssl: resolve symlink before checking for Apple python executable (issue4588)
|
| Thu, 26 Feb 2015 22:54:13 +0900 |
Yuya Nishihara |
ssl: load CA certificates from system's store by default on Python 2.7.9
|
| Wed, 04 Mar 2015 23:27:04 +0900 |
Yuya Nishihara |
ssl: set explicit symbol "!" to web.cacerts to disable SSL verification (BC)
|
| Wed, 04 Mar 2015 22:27:01 +0900 |
Yuya Nishihara |
ssl: extract function that returns dummycert path on Apple python
|
| Wed, 14 Jan 2015 15:46:21 -0500 |
Augie Fackler |
sslutil: drop defunct ssl version constants
|
| Wed, 14 Jan 2015 15:46:00 -0500 |
Augie Fackler |
sslutil: use saner TLS settings on Python 2.7.9
|
| Wed, 14 Jan 2015 15:31:16 -0500 |
Augie Fackler |
sslutil: drop support for clients of sslutil specifying a TLS version
|
| Mon, 12 Jan 2015 18:01:20 -0700 |
Alex Orange |
https: support tls sni (server name indication) for https urls (issue3090)
|
| Tue, 21 Oct 2014 17:01:23 -0400 |
Augie Fackler |
sslutil: only support TLS (BC)
stable
|
| Fri, 17 Oct 2014 18:56:12 +0200 |
Mads Kiilerich |
ssl: only use the dummy cert hack if using an Apple Python (issue4410)
|
| Fri, 26 Sep 2014 02:19:48 +0200 |
Mads Kiilerich |
ssl: on OS X, use a dummy cert to trick Python/OpenSSL to use system CA certs
|
| Fri, 26 Sep 2014 02:19:47 +0200 |
Mads Kiilerich |
ssl: refactor sslkwargs - move things around a bit, preparing for next change
|
| Fri, 20 Sep 2013 09:15:43 -0400 |
Augie Fackler |
sslutil: make keyfile and certfile arguments consistent between 2.6+ and 2.5-
|
| Thu, 19 Sep 2013 16:29:00 -0400 |
Augie Fackler |
sslutil: add a config knob to support TLS (default) or SSLv23 (bc) (issue4038)
|
| Wed, 18 Sep 2013 14:40:17 -0400 |
Augie Fackler |
sslutil: backed out changeset 074bd02352c0 (issue4038)
stable
|
| Wed, 24 Jul 2013 14:51:13 -0400 |
Augie Fackler |
sslutil: force SSLv3 on Python 2.6 and later (issue3905)
stable
|
| Tue, 26 Mar 2013 02:28:10 +0900 |
FUJIWARA Katsunori |
sslutil: abort if peer certificate is not verified for secure use
|
| Fri, 05 Apr 2013 12:20:14 -0500 |
Matt Mackall |
sslutil: try harder to avoid getpeercert problems
|
| Mon, 09 Apr 2012 14:36:16 -0700 |
Steven Stallion |
ui: optionally quiesce ssl verification warnings on python 2.5
|
| Thu, 26 Jan 2012 11:23:15 -0600 |
Matt Mackall |
sslutil: more helpful fingerprint mismatch message
stable
|
| Mon, 09 Jan 2012 14:56:05 +0100 |
Mads Kiilerich |
sslutil: abort properly if no certificate received for https connection
|
| Mon, 09 Jan 2012 14:43:25 +0100 |
Mads Kiilerich |
sslutil: work around validator crash getting certificate on failed sockets
|
| Mon, 09 Jan 2012 14:43:24 +0100 |
Mads Kiilerich |
sslutil: reorder validator code to make it more readable
|
| Mon, 09 Jan 2012 14:43:24 +0100 |
Mads Kiilerich |
sslutil: show fingerprint when cacerts validation fails
|
| Mon, 09 Jan 2012 14:43:23 +0100 |
Mads Kiilerich |
sslutil: handle setups without .getpeercert() early in the validator
|
| Mon, 09 Jan 2012 14:43:15 +0100 |
Mads Kiilerich |
sslutil: verify that wrap_socket really wrapped the socket
|
| Tue, 27 Sep 2011 18:51:10 +0200 |
Mads Kiilerich |
sslutil: abort when ssl module is needed but not found
|
| Sat, 18 Jun 2011 01:08:54 +0200 |
Mads Kiilerich |
sslutil: make messages for Python without certificate handling more helpful
|
