[issue44811] Change default signature algorithms for context in the ssl library
ramikg added the comment: As a side note, while the ideal solution would be for Python to expose the appropriate API, there exists a hacky solution using ctypes: https://github.com/ramikg/ssl-context-configurator -- nosy: +ramikg ___ Python tracker <https://bugs.python.org/issue44811> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue45369] Remove LibreSSL support
Change by ramikg : -- keywords: +patch pull_requests: +27075 stage: -> patch review pull_request: https://github.com/python/cpython/pull/28728 ___ Python tracker <https://bugs.python.org/issue45369> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue45369] Remove LibreSSL support
New submission from ramikg : Python 3.10 drops support for LibreSSL (as per PEP 644), but there are still a few workarounds & mentions of LibreSSL in the source code. The related PR cleans the code of any LibreSSL workarounds or mentions. -- assignee: christian.heimes components: SSL messages: 403193 nosy: christian.heimes, ramikg priority: normal severity: normal status: open title: Remove LibreSSL support type: enhancement versions: Python 3.11 ___ Python tracker <https://bugs.python.org/issue45369> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue31399] Let OpenSSL verify hostname and IP address
Change by ramikg : -- nosy: +ramikg nosy_count: 4.0 -> 5.0 pull_requests: +27115 pull_request: https://github.com/python/cpython/pull/28602 ___ Python tracker <https://bugs.python.org/issue31399> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue43669] PEP 644: Require OpenSSL 1.1.1 or newer
Change by ramikg : -- nosy: +ramikg nosy_count: 4.0 -> 5.0 pull_requests: +27116 pull_request: https://github.com/python/cpython/pull/28602 ___ Python tracker <https://bugs.python.org/issue43669> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue45399] Remove hostflags from PySSLContext
New submission from ramikg : The PySSLContext struct mentions that "OpenSSL has no API to get hostflags from X509_VERIFY_PARAM* struct. We have to maintain our own copy". Since OpenSSL 1.1.0i added the function X509_VERIFY_PARAM_get_hostflags, this statement is no longer true. Because Python 3.10 requires OpenSSL 1.1.1 (PEP 644), we no longer have to maintain a copy of the host flags. The related PR removes the hostflags member from the PySSLContext struct. -- assignee: christian.heimes components: SSL messages: 403368 nosy: christian.heimes, ramikg priority: normal pull_requests: 27117 severity: normal status: open title: Remove hostflags from PySSLContext type: enhancement versions: Python 3.10, Python 3.11 ___ Python tracker <https://bugs.python.org/issue45399> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue45399] Remove hostflags from PySSLContext
ramikg added the comment: In addition to https://github.com/python/cpython/pull/28602? What would the PR include? -- ___ Python tracker <https://bugs.python.org/issue45399> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue45399] Remove hostflags from PySSLContext
ramikg added the comment: @komugi The same code written independently by multiple people is probably the most effective and least cost-efficient form of code review. @christian.heimes Of course, there is no hurry. -- ___ Python tracker <https://bugs.python.org/issue45399> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
