aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* support extensions in the OCSP request builder (#4481)Paul Kehrer2018-10-066-6/+100
| | | | | | | | | | * support extensions in the OCSP request builder * cover a missed branch * refactor to use new func * review feedback
* Cleanup _encode_asn1_str_gc: don't require the length as an argument (#4484)Alex Gaynor2018-10-072-15/+11
| | | | | | * Cleanup _encode_asn1_str_gc: don't require the length as an argument * Apply the same cleanup to _encode_asn1_str
* add OCSP basic response extension parsing (#4479)Paul Kehrer2018-10-065-1/+43
| | | | | | | | | | * add OCSP basic response extension parsing Just nonce for now. This does not support SINGLERESP extension parsing. * also raises on extensions for non-successful * empty commit
* consolidate the duplicate extension check (#4483)Paul Kehrer2018-10-061-19/+11
|
* additional OCSP bindings for the response builder (#4480)Paul Kehrer2018-10-061-3/+5
| | | | | | * additional OCSP bindings for the response builder * use the OCSP extension funcs that match the rest of x509
* support OCSP response parsing (#4452)Paul Kehrer2018-10-015-4/+420
| | | | | | | | | | | | * support OCSP response parsing * move the decorator to make pep8 happy * add some missing docs * review feedback * more review feedback
* add ed25519 bindings (#4476)Paul Kehrer2018-09-264-0/+50
| | | | | | * add ed25519 bindings * var name
* Remove conditionals for OpenSSL 1.1.1 pre-releases (#4467)Alex Gaynor2018-09-152-8/+3
|
* Move linkcheck tox env to use setup.py to get docs dependencies (#4473)Alex Gaynor2018-09-141-2/+1
|
* a few docs fixes and language improvements (#4472)Paul Kehrer2018-09-144-13/+11
|
* block sphinx 1.8.0 since it fails our docs job (#4469)Paul Kehrer2018-09-141-1/+1
|
* 1.1.1 is out! (#4466)Alex Gaynor2018-09-111-2/+2
|
* OCSP request extension parsing (#4464)Paul Kehrer2018-09-0912-5/+152
| | | | | | | | | | * add OCSP request parsing support with OCSPNonce * add docs * reprs man * make extensions a cached property
* refactor asn1_time_set to be useful in a future PR (#4465)Paul Kehrer2018-09-091-27/+27
|
* add OCSP request with a request extension (nonce) (#4462)Paul Kehrer2018-09-072-0/+2
|
* update pytest config (#4463)Paul Kehrer2018-09-064-12/+13
| | | | | | | | | | | | | | * update pytest config pytest 3.8.0 was just released and officially deprecates some of the way we do pytest marks. They introduced a new way to do this in 3.6 so this PR switches to that mechanism and updates our minimum pytest requirement * update the stubs * also update wycheproof test config to remove deprecated paths * don't need this any more
* Add flags to error on compile with incompatible pointer type (#4455)Paul Kehrer2018-09-057-29/+42
| | | | | | | | | | | | | | | | * try something a bit different. * newer compiler plz * permute * fix some warnings * fix getters on OpenSSL < 1.1.0 * this is getting involved * given our compiler flags we can't have SSL_CTX_set_cookie_verify_cb
* don't sort the serial numbers in a parsed CRL (#4457)Paul Kehrer2018-09-042-2/+41
| | | | | | | | | | | * don't sort the serial numbers in a parsed CRL OpenSSL sorts them in place and this breaks the signature and more. fixes #4456 * cache the sorted CRL (but create it lazily) * use the cache decorator
* unpin coverage (#4458)Paul Kehrer2018-09-043-6/+6
| | | of course, if this works it might just be luck
* document that OCSPResponse attributes can raise valuerror (#4453)Paul Kehrer2018-09-011-0/+48
|
* More OCSP vectors (#4451)Paul Kehrer2018-09-013-0/+5
| | | | | | | | * yet another ocsp response vector. and yet there will be at least one more after this * add one more
* add LE subordinate certificate to test vectors (#4450)Paul Kehrer2018-09-012-0/+29
|
* OCSP bindings (#4449)Paul Kehrer2018-09-012-0/+97
| | | | | | | | | | | | | | | * add many OCSP bindings Much of OCSP was opaqued in 1.1.0 so this also adds a bunch of getters for older OpenSSL. However, 1.1.0 itself made it impossible to access certain fields in the opaque struct, so we're forced to de-opaque them for 1.1.0 through 1.1.0i as well as 1.1.1-pre1 through 1.1.1-pre9. There is a patch (openssl/openssl#7082) that fixes this and should be in 1.1.0j and 1.1.1-pre10 (or 1.1.1 final, whichever they choose to issue) * backslashes are sometimes useful * comments
* initial OCSP response docs (#4448)Paul Kehrer2018-09-011-0/+179
|
* small refactor of OCSP request parsing (#4447)Paul Kehrer2018-09-011-38/+54
| | | | This allows us to reuse these functions in the OCSPResponse object in the future
* add more OCSP response vectors (#4445)Paul Kehrer2018-09-014-0/+9
| | | | | | * add more OCSP response vectors * another vector and better docs
* Fixes #4333 -- added support for precert poison extension (#4442)Alex Gaynor2018-08-318-6/+86
| | | | | | | | | | | | | | * Fixes #4333 -- added support for precert poison extension * Make work on all OpenSSL versions * fixed flake8 + docs * fix for older OpenSSLs * document this * spell
* OCSP response vector (#4443)Paul Kehrer2018-08-312-0/+5
| | | | | | | | | | * OCSP response vector * oops, wrong name * move ocsp response vector docs * make alex happy
* Simplify OCSP no check serialization (#4444)Alex Gaynor2018-08-312-5/+5
|
* OCSP response abstract base classes (#4431)Paul Kehrer2018-08-311-0/+130
| | | | | | | | | | | | * ocsp response abc * collapse SingleReponse into OCSPResponse now that we only support one * split responder_id into two properties, add tbs_response_bytes * typo * rename one method and add a mapping we'll need shortly
* refactor ocsp request parsing and generation to support only one cert (#4439)Paul Kehrer2018-08-315-177/+78
| | | | | | | | * refactor ocsp request parsing and generation to support only one cert * small doc change * notimplementederror
* Fixes #3460 -- deprecate OpenSSL 1.0.1 (#4427)Alex Gaynor2018-08-313-0/+24
| | | | | | | | | | | | * Fixes #3460 -- deprecate OpenSSL 1.0.1 * We need to import warnings * flake8 * words are hard * rephrase
* Fixed two memory leaks in x509 csr extensions (#4434)Alex Gaynor2018-08-314-6/+75
| | | | | | | | | | | | * Fixed a memory leak in x.509 OCSP no check * Fix the _actual_ leak * Speed up symbolizations * Disable backtrace by default, because it doesn't work on Windows * line length
* Lock aws-encryption-sdk and dynamodb-encryption-sdk downstream test ↵Matt Bullock2018-08-312-3/+3
| | | | | | | | | | dependencies (#4441) * lock aws-encryption-sdk and dynamodb-encryption-sdk downstream tests to frozen dependencies * explicitly identify test directory in dynanmodb-encryption-sdk downstream tests * install the frozen dependencies after installing the package to force dependencies to the frozen set
* Use a less YOLO debian (#4438)Alex Gaynor2018-08-301-1/+1
|
* Run things with -ex and shellcheck (#4436)Alex Gaynor2018-08-3010-16/+13
|
* fixed test name (#4433)Alex Gaynor2018-08-301-1/+1
| | | | | | * fixed test name * spelling is hard
* reorganize downstream tests to avoid dependency squashing (#4418)Matt Bullock2018-08-3010-60/+154
| | | | | | | | | | | | | | * reorganize downstream tests * fix run.sh syntax * add instructions for adding more downstream tests * rework downstream CI test guide into rst readme * remove unnecessary example test handler * all test handlers should "exit 1" if an unexpected argument is received
* Fixes #4357 -- document the additional release steps for a security release ↵Alex Gaynor2018-08-302-0/+17
| | | | | | | | | | | | | | (#4429) * Fixes #4357 -- document the additional release steps for a security release * One additional step * Fix a few typos * this is a word * link these
* Added vector for pre-certificate poison extension (#4432)Alex Gaynor2018-08-302-0/+32
|
* Update our security documentation to match what we actually do (#4430)Alex Gaynor2018-08-301-37/+7
| | | | | | * Update our security documentation to match what we actually do * If you stand for nothing Burr, what will you fall for?
* make an ocsp request (#4402)Paul Kehrer2018-08-305-0/+225
| | | | | | | | | | | | | | | | * make an ocsp request * update test, add docs * make it an OCSPRequestBuilder * review feedback and more tests * make it a class * empty commit to retrigger * type check
* Fixes #4426 -- use modern idiom in our bindings docs (#4428)Alex Gaynor2018-08-301-1/+1
|
* Fixes #4408 -- added an FAQ about abi3 wheels (#4425)Alex Gaynor2018-08-301-0/+8
| | | | | | * Fixes #4408 -- added an FAQ about abi3 wheels * abi3 is a word, sort of
* Fixes #4421 -- use the latest openssl 1.1.0 in travis (#4424)Alex Gaynor2018-08-291-5/+5
|
* Mention that PyCA also maintains pynacl (#4422)Alex Gaynor2018-08-291-1/+2
| | | | | | * Mention that PyCA also maintains pynacl * line wrap
* Remove several very old FAQ entries (#4423)Alex Gaynor2018-08-291-11/+1
|
* openssl 1.1.1 testing (#4112)Paul Kehrer2018-08-292-0/+7
| | | | | | | | | | | | | | * test openssl 1.1.1 * let's see what a 1.1.1 pyopenssl does * 1.1.1-pre8 * pre9 * docs and test more things * 3.7 needs xenial
* 1.1.0 locks (#4420)Paul Kehrer2018-08-294-5/+13
| | | | | | | | | | | | * Do conditional compiling of Cryptography_setup_ssl_threads * Check Cryptography_HAS_LOCKING_CALLBACKS before initing static locks Check if compiling and initing locking callbacks is necessary PEP8 fix * Make test_crypto_lock_init more complete
* Don't clone wycheproof if we're doing a downstream test (#4416)Alex Gaynor2018-08-261-1/+3
| | | | | | * Don't clone wycheproof if we're doing a downstream test * you and your rules
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-02 19:44:06 +0000