New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

automatically set SSL_CTX_set_ecdh_auto when available #575

Merged
merged 2 commits into from Dec 19, 2016

Conversation

Projects
None yet
3 participants
@reaperhulk
Member

reaperhulk commented Nov 22, 2016

fixes #359

@codecov-io

This comment has been minimized.

codecov-io commented Nov 22, 2016

Current coverage is 95.65% (diff: 100%)

Merging #575 into master will increase coverage by <.01%

@@             master       #575   diff @@
==========================================
  Files            16         16          
  Lines          5615       5620     +5   
  Methods           0          0          
  Messages          0          0          
  Branches        403        403          
==========================================
+ Hits           5371       5376     +5   
  Misses          167        167          
  Partials         77         77          

Powered by Codecov. Last update e62840e...0d65cea

@@ -23,7 +23,8 @@ Deprecations:
Changes:
^^^^^^^^
*none*
- Automatically set `SSL_CTX_set_ecdh_auto()` on ``OpenSSL.SSL.Context``.

This comment has been minimized.

@hynek

hynek Nov 22, 2016

Contributor

Can you make SSL_CTX_set_ecdh_auto() a reST code too pls? Otherwise LGTM and you can merge it if the tests pass.

@hynek

This comment has been minimized.

Contributor

hynek commented Nov 22, 2016

this needs a rebase (sorry, had the choice between your and pestering a newbie some more :))

@reaperhulk reaperhulk force-pushed the reaperhulk:auto-ecdh branch from c7ce289 to 0d65cea Nov 28, 2016

@hynek

hynek approved these changes Dec 19, 2016

@hynek hynek merged commit 6c6bf86 into pyca:master Dec 19, 2016

3 checks passed

codecov/patch 100% of diff hit (target 95.65%)
Details
codecov/project 95.65% (+<.01%) compared to e62840e
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@hynek

This comment has been minimized.

Contributor

hynek commented Dec 19, 2016

Sorry, lost track of this.

aszlig added a commit to NixOS/nixpkgs that referenced this pull request Jun 21, 2017

pyopenssl: 16.2.0 -> 17.0.0 and fix tests
Upstream changes:

 * Added OpenSSL.X509Store.set_time() to set a custom verification time
   when verifying certificate chains. pyca/pyopenssl#567
 * Added a collection of functions for working with OCSP stapling. None
   of these functions make it possible to validate OCSP assertions, only
   to staple them into the handshake and to retrieve the stapled
   assertion if provided. Users will need to write their own code to
   handle OCSP assertions. We specifically added:
   Context.set_ocsp_server_callback, Context.set_ocsp_client_callback,
   and Connection.request_ocsp. pyca/pyopenssl#580
 * Changed the SSL module's memory allocation policy to avoid zeroing
   memory it allocates when unnecessary. This reduces CPU usage and
   memory allocation time by an amount proportional to the size of the
   allocation. For applications that process a lot of TLS data or that
   use very lage allocations this can provide considerable performance
   improvements. pyca/pyopenssl#578
 * Automatically set SSL_CTX_set_ecdh_auto() on OpenSSL.SSL.Context.
   pyca/pyopenssl#575
 * Fix empty exceptions from OpenSSL.crypto.load_privatekey().
   pyca/pyopenssl#581

The full upstream changelog can be found at:

https://pyopenssl.readthedocs.io/en/17.0.0/changelog.html

I've also added a patch from pyca/pyopenssl#637 in order to fix the
tests, which was the main reason for the version bump because that patch
won't apply for 16.2.0.

According to the upstream changelog there should be no
backwards-incompatible changes, but I've tested building against some of
the packages depending on pyopenssl anyway. Regardless of this, the
build for pyopenssl fails right now anyway, so the worst that could
happen via this commit would be that we break something that's already
broken.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>

peterhoeg added a commit to peterhoeg/nixpkgs that referenced this pull request Jun 22, 2017

pyopenssl: 16.2.0 -> 17.0.0 and fix tests
Upstream changes:

 * Added OpenSSL.X509Store.set_time() to set a custom verification time
   when verifying certificate chains. pyca/pyopenssl#567
 * Added a collection of functions for working with OCSP stapling. None
   of these functions make it possible to validate OCSP assertions, only
   to staple them into the handshake and to retrieve the stapled
   assertion if provided. Users will need to write their own code to
   handle OCSP assertions. We specifically added:
   Context.set_ocsp_server_callback, Context.set_ocsp_client_callback,
   and Connection.request_ocsp. pyca/pyopenssl#580
 * Changed the SSL module's memory allocation policy to avoid zeroing
   memory it allocates when unnecessary. This reduces CPU usage and
   memory allocation time by an amount proportional to the size of the
   allocation. For applications that process a lot of TLS data or that
   use very lage allocations this can provide considerable performance
   improvements. pyca/pyopenssl#578
 * Automatically set SSL_CTX_set_ecdh_auto() on OpenSSL.SSL.Context.
   pyca/pyopenssl#575
 * Fix empty exceptions from OpenSSL.crypto.load_privatekey().
   pyca/pyopenssl#581

The full upstream changelog can be found at:

https://pyopenssl.readthedocs.io/en/17.0.0/changelog.html

I've also added a patch from pyca/pyopenssl#637 in order to fix the
tests, which was the main reason for the version bump because that patch
won't apply for 16.2.0.

According to the upstream changelog there should be no
backwards-incompatible changes, but I've tested building against some of
the packages depending on pyopenssl anyway. Regardless of this, the
build for pyopenssl fails right now anyway, so the worst that could
happen via this commit would be that we break something that's already
broken.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment