From: Christian Heimes Date: Tue, 6 Sep 2016 21:27:06 +0000 (+0200) Subject: Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name fields... X-Git-Tag: v3.6.0b1~404 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fe3c9c1ee9d59f0b1d174210132e71037fd7f2e8;p=thirdparty%2FPython%2Fcpython.git Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs. --- fe3c9c1ee9d59f0b1d174210132e71037fd7f2e8 diff --cc Lib/test/test_ssl.py index 4e0e4a2185a7,0f4faa09bdeb..d8d53af62b6e --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@@ -63,10 -56,12 +63,12 @@@ CRLFILE = data_file("revocation.crl" # Two keys and certs signed by the same CA (for SNI tests) SIGNED_CERTFILE = data_file("keycert3.pem") SIGNED_CERTFILE2 = data_file("keycert4.pem") -SIGNING_CA = data_file("pycacert.pem") +# Same certificate as pycacert.pem, but without extra text in file +SIGNING_CA = data_file("capath", "ceff1710.0") + # cert with all kinds of subject alt names + ALLSANFILE = data_file("allsans.pem") REMOTE_HOST = "self-signed.pythontest.net" -REMOTE_ROOT_CERT = data_file("selfsigned_pythontestdotnet.pem") EMPTYCERT = data_file("nullcert.pem") BADCERT = data_file("badcert.pem") diff --cc Misc/NEWS index c3672b2e8ac4,816e426bcbfd..eee58d388e2f --- a/Misc/NEWS +++ b/Misc/NEWS @@@ -89,18 -39,30 +89,21 @@@ Core and Builtin Library ------- + - Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name + fields in X.509 certs. + +- Issue #25761: Improved error reporting about truncated pickle data in + C implementation of unpickler. UnpicklingError is now raised instead of + AttributeError and ValueError in some cases. + +- Issue #26798: Add BLAKE2 (blake2b and blake2s) to hashlib. + +- Issue #25596: Optimized glob() and iglob() functions in the + glob module; they are now about 3--6 times faster. + +- Issue #27928: Add scrypt (password-based key derivation function) to + hashlib module (requires OpenSSL 1.1.0). + - Issue #27850: Remove 3DES from ssl module's default cipher list to counter measure sweet32 attack (CVE-2016-2183).