soledad.git, branch 0.6.3 [soledad] Fold in changes. 2014-12-16T15:05:19+00:00 drebs drebs@leap.se 2014-12-16T15:05:19+00:00 b44103de55cd9d2f347c344c23d71cb87d8d06cb 






Merge remote-tracking branch 'drebs-github/bug/6500_fix-deferred-enc-dec' into release/0.6.x
2014-12-15T18:49:36+00:00

Kali Kaneko
kali@leap.se

2014-12-15T18:49:36+00:00

ef0d008b53ac214dc77fe572f2cc5d18efbd1b35












Fix deferred enc/dec params and fallback (#6500).
2014-12-15T17:55:25+00:00

drebs
drebs@leap.se

2014-12-15T17:55:25+00:00

a7abb6eb3fe9a0a904bcabd0bf344637e9fd4e62












Merge branch 'release-0.6.2' into release/0.6.x
2014-12-11T18:49:53+00:00

drebs
drebs@leap.se

2014-12-11T18:49:53+00:00

969851741dfd23981a74da07dbb565299e55815f












Fix incorrect ssl context setup
2014-12-11T18:49:35+00:00

Kali Kaneko
kali@leap.se

2014-12-09T22:07:17+00:00

dafcfac4663d00ee2049b0a245c2ecb84ef2bad5

The changes introduced in aafa79c0f5 having to do with the cert
verification are incorrect, regarding the use of the newest ssl context
api introduced in python 2.7.9. There the use of the server setup was
taken, instead of the correct client options.

I hereby apologize for the insuficient testing on that fix. It happens
that I wrongly tested in an evironment that did the fallback to
pre-2.7.9 interpreter.





The changes introduced in aafa79c0f5 having to do with the cert
verification are incorrect, regarding the use of the newest ssl context
api introduced in python 2.7.9. There the use of the server setup was
taken, instead of the correct client options.

I hereby apologize for the insuficient testing on that fix. It happens
that I wrongly tested in an evironment that did the fallback to
pre-2.7.9 interpreter.







Merge branch 'release-0.6.1' into release/0.6.x
2014-12-08T16:37:29+00:00

drebs
drebs@leap.se

2014-12-08T16:37:29+00:00

7496a78b2d82d27a7b2470f5393f0e531ef75360












Fold in changes.
2014-12-08T16:36:48+00:00

drebs
drebs@leap.se

2014-12-08T16:36:25+00:00

2abe641215b6435fa3c18ae802a621a23d01f643












fix ssl negotiation
2014-12-05T16:40:36+00:00

Kali Kaneko
kali@leap.se

2014-12-04T17:13:06+00:00

527c28c73d22b5f852273e2c5d1713e82a2c49fd

since ssl.SSLContext does not exist prior to python 2.7.9





since ssl.SSLContext does not exist prior to python 2.7.9







Use SSL negotiation.
2014-12-05T16:40:27+00:00

Kali Kaneko
kali@leap.se

2014-12-02T23:22:18+00:00

6fc80e14d568d83df7899e516d1422b2e011d2cb

Although the API can be misleading, PROTOCOL_SSLv23 selects the highest
protocol version that both the client and server support. Despite the
name, this option can select “TLS” protocols as well as “SSL”.

In this way, we can use TLSv1.2 (PROTOCOL_TLSv1 will *only* give us TLS
v1.0)

In the client side, we try to disable SSLv2 and SSLv3 options
explicitely.

The python version in wheezy does not offer PROTOCOL_TLSv1_2 nor
OP_NO_SSLv2 or OP_NO_SSLv3 (It's new in 2.7.9)





Although the API can be misleading, PROTOCOL_SSLv23 selects the highest
protocol version that both the client and server support. Despite the
name, this option can select “TLS” protocols as well as “SSL”.

In this way, we can use TLSv1.2 (PROTOCOL_TLSv1 will *only* give us TLS
v1.0)

In the client side, we try to disable SSLv2 and SSLv3 options
explicitely.

The python version in wheezy does not offer PROTOCOL_TLSv1_2 nor
OP_NO_SSLv2 or OP_NO_SSLv3 (It's new in 2.7.9)







Enclose server initscript variables in curly brackets.
2014-12-05T16:40:19+00:00

drebs
drebs@leap.se

2014-11-28T11:39:41+00:00

4f7a1e1063199cb91535ab9cd3ca428bca2ced96