subject:"\[issue41837\] Upgrade installers to OpenSSL 1.1.1h"

[issue41837] Upgrade installers to OpenSSL 1.1.1h

2021-01-04 Thread miss-islington



Change by miss-islington :


--
pull_requests: +22917
pull_request: https://github.com/python/cpython/pull/24084

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41837] Upgrade installers to OpenSSL 1.1.1h

2021-01-04 Thread miss-islington



Change by miss-islington :


--
nosy: +miss-islington
nosy_count: 7.0 -> 8.0
pull_requests: +22916
pull_request: https://github.com/python/cpython/pull/24083

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41837] Upgrade installers to OpenSSL 1.1.1h

2021-01-04 Thread Ned Deily



Ned Deily  added the comment:


New changeset 14097a2785414c728d41d8d730a469a8c46ecdb9 by Ned Deily in branch 
'master':
bpo-41837: Update macOS installer build to use OpenSSL 1.1.1i. (GH-24080)
https://github.com/python/cpython/commit/14097a2785414c728d41d8d730a469a8c46ecdb9


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41837] Upgrade installers to OpenSSL 1.1.1h

2021-01-04 Thread Ned Deily



Change by Ned Deily :


--
keywords: +patch
pull_requests: +22914
stage:  -> patch review
pull_request: https://github.com/python/cpython/pull/24080

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41837] Upgrade installers to OpenSSL 1.1.1h

2020-12-01 Thread Christian Heimes



Christian Heimes  added the comment:

You may want to hold off until next week:

https://mta.openssl.org/pipermail/openssl-announce/2020-December/000186.html

OpenSSL 1.1.i is a security-fix release. The highest severity issue fixed in 
this release is HIGH.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41837] Upgrade installers to OpenSSL 1.1.1h

2020-11-30 Thread Christian Heimes



Christian Heimes  added the comment:

Sorry, I missed the initial ping.

The changes look unproblematic to me. Our test suite is passing with 1.1.1h, 
too. Python doesn't set VERIFY_X509_STRICT by default and does not support DTLS.

Please go ahead.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41837] Upgrade installers to OpenSSL 1.1.1h

2020-11-29 Thread Ned Deily



Ned Deily  added the comment:

Christian, ping?

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41837] Upgrade installers to OpenSSL 1.1.1h

2020-09-22 Thread Ned Deily



New submission from Ned Deily :

"22-Sep-2020  OpenSSL 1.1.1h is now available, including bug fixes"

Christian, any changes need in _ssl or any other reasons we should not upgrade?

Changes between 1.1.1g and 1.1.1h [22 Sep 2020]

  *) Certificates with explicit curve parameters are now disallowed in
 verification chains if the X509_V_FLAG_X509_STRICT flag is used.
 [Tomas Mraz]

  *) The 'MinProtocol' and 'MaxProtocol' configuration commands now silently
 ignore TLS protocol version bounds when configuring DTLS-based contexts, 
and
 conversely, silently ignore DTLS protocol version bounds when configuring
 TLS-based contexts.  The commands can be repeated to set bounds of both
 types.  The same applies with the corresponding "min_protocol" and
 "max_protocol" command-line switches, in case some application uses both 
TLS
 and DTLS.
  
 SSL_CTX instances that are created for a fixed protocol version (e.g.
 TLSv1_server_method()) also silently ignore version bounds.  Previously
 attempts to apply bounds to these protocol versions would result in an
 error.  Now only the "version-flexible" SSL_CTX instances are subject to
 limits in configuration files in command-line options.
 [Viktor Dukhovni]

  *) Handshake now fails if Extended Master Secret extension is dropped
 on renegotiation.
 [Tomas Mraz]

--
components: Build, Windows, macOS
messages: 377352
nosy: christian.heimes, ned.deily, paul.moore, ronaldoussoren, steve.dower, 
tim.golden, zach.ware
priority: high
severity: normal
status: open
title: Upgrade installers to OpenSSL 1.1.1h
versions: Python 3.10, Python 3.8, Python 3.9

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue41837] Upgrade installers to OpenSSL 1.1.1h

[issue41837] Upgrade installers to OpenSSL 1.1.1h

[issue41837] Upgrade installers to OpenSSL 1.1.1h

[issue41837] Upgrade installers to OpenSSL 1.1.1h

[issue41837] Upgrade installers to OpenSSL 1.1.1h

[issue41837] Upgrade installers to OpenSSL 1.1.1h

[issue41837] Upgrade installers to OpenSSL 1.1.1h

[issue41837] Upgrade installers to OpenSSL 1.1.1h

8 matches

Site Navigation

Mail list logo

Footer information