already cached the zip's table of contents we detect this and recover
rather than read bad data from the .zip (causing odd import errors).
+Library
+-------
+
++- Issue #20207: Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly
++ asked for.
++
+- Issue #18960: The tokenize module now ignore the source encoding declaration
+ on the second line if the first line contains anything except a comment.
+
+- Issue #20078: Reading malformed zipfiles no longer hangs with 100% CPU
+ consumption.
+
+- Issue #20113: os.readv() and os.writev() now raise an OSError exception on
+ error instead of returning -1.
+
+- Issue #19719: Make importlib.abc.MetaPathFinder.find_module(),
+ PathEntryFinder.find_loader(), and Loader.load_module() use PEP 451 APIs to
+ help with backwards-compatibility.
+
+- Issue #20144: inspect.Signature now supports parsing simple symbolic
+ constants as parameter default values in __text_signature__.
+
+- Issue #20072: Fixed multiple errors in tkinter with wantobjects is False.
+
+IDLE
+----
+
+- Issue #18960: IDLE now ignores the source encoding declaration on the second
+ line if the first line contains anything except a comment.
+
+Tools/Demos
+-----------
+
+- Issue #18960: 2to3 and the findnocoding.py script now ignore the source
+ encoding declaration on the second line if the first line contains anything
+ except a comment.
+
+- Issue #19723: The marker comments Argument Clinic uses have been changed
+ to improve readability.
+
+- Issue #20157: When Argument Clinic renames a parameter because its name
+ collides with a C keyword, it no longer exposes that rename to PyArg_Parse.
+
+- Issue #20141: Improved Argument Clinic's support for the PyArg_Parse "O!"
+ format unit.
+
+- Issue #20144: Argument Clinic now supports simple symbolic constants
+ as parameter default values.
+
+- Issue #20143: The line numbers reported in Argument Clinic errors are
+ now more accurate.
+
+- Issue #20142: Py_buffer variables generated by Argument Clinic are now
+ initialized with a default value.
+
+Build
+-----
+
+- Issue #12837: Silence a tautological comparison warning on OS X under Clang in
+ socketmodule.c.
+
+What's New in Python 3.4.0 Beta 2?
+==================================
+
+Release date: 2014-01-05
+
+Core and Builtins
+-----------------
+
- Issue #17432: Drop UCS2 from names of Unicode functions in python3.def.
+- Issue #19526: Exclude all new API from the stable ABI. Exceptions can be
+ made if a need is demonstrated.
+
- Issue #19969: PyBytes_FromFormatV() now raises an OverflowError if "%c"
argument is not in range [0; 255].
static PyObject *err_names_to_codes;
static PyObject *lib_codes_to_names;
- #ifndef OPENSSL_NO_SSL2
+struct py_ssl_error_code {
+ const char *mnemonic;
+ int library, reason;
+};
+struct py_ssl_library_code {
+ const char *library;
+ int code;
+};
+
+/* Include generated data (error codes) */
+#include "_ssl_data.h"
+
+/* Openssl comes with TLSv1.1 and TLSv1.2 between 1.0.0h and 1.0.1
+ http://www.openssl.org/news/changelog.html
+ */
+#if OPENSSL_VERSION_NUMBER >= 0x10001000L
+# define HAVE_TLSv1_2 1
+#else
+# define HAVE_TLSv1_2 0
+#endif
+
+/* SNI support (client- and server-side) appeared in OpenSSL 1.0.0 and 0.9.8f
+ * This includes the SSL_set_SSL_CTX() function.
+ */
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+# define HAVE_SNI 1
+#else
+# define HAVE_SNI 0
+#endif
+
+enum py_ssl_error {
+ /* these mirror ssl.h */
+ PY_SSL_ERROR_NONE,
+ PY_SSL_ERROR_SSL,
+ PY_SSL_ERROR_WANT_READ,
+ PY_SSL_ERROR_WANT_WRITE,
+ PY_SSL_ERROR_WANT_X509_LOOKUP,
+ PY_SSL_ERROR_SYSCALL, /* look at error stack/return value/errno */
+ PY_SSL_ERROR_ZERO_RETURN,
+ PY_SSL_ERROR_WANT_CONNECT,
+ /* start of non ssl.h errorcodes */
+ PY_SSL_ERROR_EOF, /* special case of SSL_ERROR_SYSCALL */
+ PY_SSL_ERROR_NO_SOCKET, /* socket has been GC'd */
+ PY_SSL_ERROR_INVALID_ERROR_CODE
+};
+
+enum py_ssl_server_or_client {
+ PY_SSL_CLIENT,
+ PY_SSL_SERVER
+};
+
+enum py_ssl_cert_requirements {
+ PY_SSL_CERT_NONE,
+ PY_SSL_CERT_OPTIONAL,
+ PY_SSL_CERT_REQUIRED
+};
+
+enum py_ssl_version {
- #endif
+ PY_SSL_VERSION_SSL2,
+ PY_SSL_VERSION_SSL3=1,
+ PY_SSL_VERSION_SSL23,
+#if HAVE_TLSv1_2
+ PY_SSL_VERSION_TLS1,
+ PY_SSL_VERSION_TLS1_1,
+ PY_SSL_VERSION_TLS1_2
+#else
+ PY_SSL_VERSION_TLS1
+#endif
+};
+
#ifdef WITH_THREAD
/* serves as a flag to see whether we've initialized the SSL thread support. */
#ifdef OPENSSL_NPN_NEGOTIATED
self->npn_protocols = NULL;
#endif
+#ifndef OPENSSL_NO_TLSEXT
+ self->set_hostname = NULL;
+#endif
+ /* Don't check host name by default */
+ self->check_hostname = 0;
/* Defaults */
SSL_CTX_set_verify(self->ctx, SSL_VERIFY_NONE, NULL);
- SSL_CTX_set_options(self->ctx,
- SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
+ options = SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+ if (proto_version != PY_SSL_VERSION_SSL2)
+ options |= SSL_OP_NO_SSLv2;
+ SSL_CTX_set_options(self->ctx, options);
#define SID_CTX "Python"
SSL_CTX_set_session_id_context(self->ctx, (const unsigned char *) SID_CTX,
projects / python / commitdiff