1
0
mirror of https://github.com/openSUSE/osc.git synced 2024-11-11 07:06:16 +01:00
Commit Graph

20 Commits

Author SHA1 Message Date
Cristian Rodríguez
0770470596 watchout the BEAST...
This patch workarounds the BEAST attack in the client side
making OSC to prefer TLS v1.1 or v1.2 ciphers/key exchanges
when available.
Now, as long as openSUSE API webservers do not support
these protocols it will prefer the RC4-SHA1 combination to
be in the safe side.
2012-07-15 23:20:19 -04:00
Ludwig Nussel
0f2e8e257d relax the cipher string to make it work with real world deployments again 2012-01-18 16:50:46 +01:00
Ludwig Nussel
1f8bed8221 don't set SSL_OP_ALL
SSL_OP_ALL contains SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS which actually
fixes a weakness in SSL.
2012-01-18 16:50:46 +01:00
Cristian Rodríguez
931d216ea0 Set the SSL client cipher list to only use very strong algorithms. 2011-08-16 11:33:56 +02:00
Ludwig Nussel
e8505d829b allow TLS only 2011-04-20 14:12:59 +02:00
Ludwig Nussel
eee8c96d0c use ssl session resumption
saves some cycles if osc makes several requests
2011-04-18 11:03:42 +02:00
Marcus Huewe
186d4ae4f7 - fix for 3892117558 2011-01-05 17:00:19 +01:00
Michal Čihař
3892117558 Print warnings to stderr.
This way we can avoid confusion for programs which do parse osc output.
2011-01-05 16:32:41 +01:00
Marcus Huewe
306507748c - fixed proxy handling (broken by 53361a50f1)
- this fixes #657958 ("openSUSE:Tools/osc: Bug")
- oscssl.myProxyHTTPSConnection: proxy auth works again
2010-12-17 18:14:11 +01:00
Marcus Huewe
53361a50f1 - oscssl.myHTTPSHandler.https_open: use selector instead of fullurl
- fixes an issue with lighttpd 1.5
2010-11-16 21:29:33 +01:00
Marcus Huewe
6b9621b5b9 - fix for python2.7/m2crypto: M2Crypto.httpslib.ProxyHTTPSConnection defines "endheaders" without parameters
Now "myProxyHTTPSConnection" inherits from "M2Crypto.httpslib.ProxyHTTPSConnection" _and_ "httplib.HTTPSConnection".
The latter class is only used to call "httplib.HTTPSConnection.endheaders". This multiple inheritance shouldn't have any side-effects
because "M2Crypto.httpslib.ProxyHTTPSConnection" already inherits from "httplib.HTTPSConnection" (and mro will pick the methods from
"M2Crypto.httpslib.ProxyHTTPSConnection" first).
2010-09-16 14:28:14 +02:00
Juergen Weigert
f25bfa6ad1 made URLError readable, instead of a bogus stack-trace.
added full_url, to even give a hint about the cause.
2010-03-07 21:56:29 +01:00
Pavol Rusnak
8d551e0a69 fix whitespace 2010-02-28 02:30:13 +01:00
Ludwig Nussel
32e99306b4 add vim mode lines to avoid evil tab characters :-) 2010-02-25 09:53:45 +01:00
Marcus Huewe
f16cc7e667 - convert tabs to spaces... 2010-02-24 20:02:52 +01:00
Marcus Huewe
14288a9468 - changed appname handling 2010-01-20 14:46:10 +01:00
Ludwig Nussel
f2f948388e appname should be osc for ssl support 2010-01-20 09:15:51 +01:00
Marcus Huewe
52b22b19a5 - fixed proxy support when using m2crypto 2010-01-08 22:20:40 +01:00
Ludwig Nussel
11c22ac9c1 reset Validation errors after each connect 2009-11-17 13:39:40 +00:00
Ludwig Nussel
c3f6f03e3c better ssl certificate verification
+ now allows to store&compare peer certificate
- needs more python hacks
2009-11-13 10:46:23 +00:00