| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | both parse and encode the ASN1 string type for Name attributes (#3896) | Paul Kehrer | 2017-09-25 | 6 | -23/+107 |
| | | | | | | | | | | | | | | | | * both parse and encode the ASN1 string type for Name attributes Previously cryptography encoded everything (except country names) as UTF8String. This caused problems with chain building in libraries like NSS where the subject and issuer are expected to match byte-for-byte. With this change we now parse and store the ASN1 string type as a private _type in NameAttribute. We then use this to encode when issuing a new certificate. This allows the CertificateBuilder to properly construct an identical issuer and fixes the issue with NSS. * make the sentinel private too | ||||
| * | blacklist yet another version of sphinx (#3940) | Alex Gaynor | 2017-09-26 | 1 | -1/+1 |
| | | |||||
| * | FreshestCRL extension support (#3937) | Paul Kehrer | 2017-09-23 | 8 | -7/+344 |
| | | | | | | | | | | | * add freshest CRL support * add tests * add changelog * add tests for FreshestCRL generation | ||||
| * | support delta crl indicator extension (#3936) | Paul Kehrer | 2017-09-22 | 10 | -5/+121 |
| | | | | This is an extension for CRLs | ||||
| * | refactor rsa signature/verification logic to remove duplication (#3903) | Paul Kehrer | 2017-09-21 | 1 | -91/+34 |
| | | |||||
| * | parametrize a bunch of x509 extension tests that were identical (#3931) | Paul Kehrer | 2017-09-21 | 1 | -377/+139 |
| | | |||||
| * | docs for what bytes means for DNSName, URI, and RFC822Name (#3904) | Paul Kehrer | 2017-09-20 | 2 | -9/+41 |
| | | |||||
| * | add Freshest CRL and Delta CRL Indicator test vectors (#3932) | Paul Kehrer | 2017-09-20 | 3 | -0/+34 |
| | | |||||
| * | Mark our custom sphinx extension as parallel safe (#3935) | Alex Gaynor | 2017-09-20 | 1 | -0/+4 |
| | | |||||
| * | correct the docs for CRLReason (#3930) | Paul Kehrer | 2017-09-20 | 1 | -2/+1 |
| | | |||||
| * | Switch NIST PDFs from nvlpubs to csrc which is HTTPS (#3929) | Alex Gaynor | 2017-09-20 | 5 | -8/+8 |
| | | |||||
| * | disable travis mac builders and add a mac jenkins build (#3933) | Paul Kehrer | 2017-09-20 | 2 | -41/+41 |
| | | | | | we'll re-enable mac builders when travis recovers and remove the jenkins build | ||||
| * | Update the rest of the NIST urls to their new HTTPS homes (#3928) | Alex Gaynor | 2017-09-20 | 3 | -4/+4 |
| | | |||||
| * | add unique identifier test vector (#3925) | Paul Kehrer | 2017-09-19 | 2 | -2/+15 |
| | | | | | | | * add unique identifier test vector * wrap a line I didn't even touch... | ||||
| * | remove py26 windows and macOS wheels (#3921) | Paul Kehrer | 2017-09-19 | 1 | -5/+3 |
| | | | | The wheel package is starting to drop support and download counts for them represent less than .02% of downloads for the month. | ||||
| * | Update PKITS link (#3923) | Alex Gaynor | 2017-09-20 | 1 | -1/+1 |
| | | |||||
| * | Update NIST CAVP url (#3922) | Alex Gaynor | 2017-09-19 | 1 | -1/+1 |
| | | |||||
| * | bump libressl version (#3920) | Alex Gaynor | 2017-09-15 | 1 | -1/+1 |
| | | |||||
| * | add chacha20 test vectors from RFC 7539 (#3918) | Paul Kehrer | 2017-09-14 | 2 | -0/+24 |
| | | |||||
| * | implement __hash__ on DistributionPoint and CRLDistributionPoints (#3915) | Paul Kehrer | 2017-09-13 | 2 | -0/+90 |
| | | |||||
| * | add __hash__ to GeneralNames, SAN, IAN, and CertificateIssuer (#3916) | Paul Kehrer | 2017-09-13 | 2 | -0/+46 |
| | | |||||
| * | add __hash__ to PolicyConstraints and Extension (#3917) | Paul Kehrer | 2017-09-13 | 2 | -0/+34 |
| | | |||||
| * | implement __hash__ on KeyUsage and ExtendedKeyUsage (#3913) | Paul Kehrer | 2017-09-13 | 2 | -0/+60 |
| | | | | | | | * implement __hash__ on KeyUsage and ExtendedKeyUsage * properly use private values and alter test to catch that bug | ||||
| * | implement __hash__ on CertificatePolicies and its child classes (#3914) | Paul Kehrer | 2017-09-13 | 2 | -0/+62 |
| | | |||||
| * | add aki hash (#3910) | Paul Kehrer | 2017-09-13 | 2 | -1/+19 |
| | | | | | | | | | | | * Implement __hash__ on AuthorityKeyIdentifier * Adding dirname to fix build issue on AuthorityKeyIdentifier test * .authority_cert_issuer to str * use a tuple and not a str repr | ||||
| * | name constraints __hash__ (#3912) | Paul Kehrer | 2017-09-13 | 2 | -0/+34 |
| | | |||||
| * | AIA hashing (#3911) | Paul Kehrer | 2017-09-13 | 2 | -0/+37 |
| | | |||||
| * | remove u-label conversion during general name decode (#3905) | Paul Kehrer | 2017-09-13 | 1 | -49/+4 |
| | | | | | We support directly passing bytes now and these code paths are duplicated in the deprecated value attributes. | ||||
| * | fix a bug with URI value when parsing a string with no hostname (#3909) | Paul Kehrer | 2017-09-13 | 3 | -6/+9 |
| | | | | | | strings of the form "scheme:///anything" would incorrectly have two slashes dropped. This is fixed in two code paths in this PR but one of those code paths will be entirely removed in a followup PR. | ||||
| * | implement __hash__ on all GeneralName types (#3907) | Paul Kehrer | 2017-09-13 | 2 | -2/+58 |
| | | | | Needed to implement __hash__ on AuthorityKeyIdentifier | ||||
| * | coverage pin test part deux (#3908) | Paul Kehrer | 2017-09-12 | 3 | -1/+6 |
| | | | | | | | * we pinned coverage for xml generation...let's try everywhere * add so many comments | ||||
| * | compare against bytes values, not the U-label decoded ones (#3906) | Paul Kehrer | 2017-09-12 | 2 | -2/+7 |
| | | | | | We need to add one small test to cover a case that is no longer covered with this switch. | ||||
| * | add a faq note about having a compiler that is too old (#3902) | Paul Kehrer | 2017-09-11 | 1 | -0/+9 |
| | | | | | | | | | | * add a faq note about having a compiler that is too old Also add a bit of text explaining what to do on OpenBSD 6.1 and earlier since that is the most likely place this will occur. * I always forget it spell checks titles | ||||
| * | refactor AES keywrap into a wrap core and unwrap core (#3901) | Paul Kehrer | 2017-09-11 | 1 | -23/+30 |
| | | | | | | | | | * refactor AES keywrap into a wrap core and unwrap core This refactor makes adding AES keywrap with padding much simpler. * remove an unneeded arg | ||||
| * | [WIP] add support for the TLSFeature extension in x509 (#3899) | Paul Kehrer | 2017-09-10 | 9 | -10/+258 |
| | | | | | | | | | | | | | | | | | | | * add support for the TLSFeature extension in x509 This extension is used for OCSP Must-Staple. * fix changelog link * pep8 * refactor to support the sequence properly and add status_request_v2 * update some language * add test vector, implement eq/ne/hash on TLSFeature * address review comments | ||||
| * | RSA OAEP label support for OpenSSL 1.0.2+ (#3897) | Paul Kehrer | 2017-09-08 | 5 | -18/+153 |
| | | | | | | | | | | | * RSA OAEP label support for OpenSSL 1.0.2+ * changelog * move around tests, address review feedback, use backend supported method * unsupported padding catches this now | ||||
| * | add X509 test vector with a TLS Feature (RFC 7633) extension (#3898) | Paul Kehrer | 2017-09-08 | 2 | -0/+36 |
| | | |||||
| * | oaep label vector (#3895) | Paul Kehrer | 2017-09-07 | 2 | -0/+10 |
| | | | | | | | | | | | * oaep label vector * add count so we can use the nist vector loader * add RSA key from the boring vectors as well https://boringssl.googlesource.com/boringssl/+/ce3773f9fe25c3b54390bc51d72572f251c7d7e6/crypto/evp/evp_tests.txt#8 | ||||
| * | add initial OCSP request test vector (#3890) | Paul Kehrer | 2017-09-07 | 2 | -0/+5 |
| | | |||||
| * | add set0_rsa_oaep_label binding (#3894) | Paul Kehrer | 2017-09-07 | 2 | -0/+17 |
| | | |||||
| * | move x509 tests into a module (#3889) | Paul Kehrer | 2017-09-06 | 6 | -12/+12 |
| | | | | | | | | | | | | * move x509 tests into a module This is just to make grouping things like test_ocsp, etc a bit simpler in the future * fix path * pep8 | ||||
| * | add OCSP binding for obtaining information from CertID structure (#3888) | Paul Kehrer | 2017-09-06 | 1 | -0/+2 |
| | | | | | | | * add OCSP binding for obtaining information from CertID structure * empty commit | ||||
| * | send a few more variables to distinguish our jobs in codecov (#3892) | Paul Kehrer | 2017-09-06 | 1 | -3/+3 |
| | | | | | | | * send a few more variables to distinguish our jobs in codecov * put the labels in the right places | ||||
| * | added binding support for rfc 5705 (#3878) | Kelby Ludwig | 2017-08-29 | 1 | -0/+2 |
| | | | | | | | | | | | | | | | * added binding support for rfc 5705 * WIP: testing some cffi updates * added openssl version check * updated cffi defs to align with pep8 * removed superfluous version checks * remove more unecessary boilerplate | ||||
| * | Switch to using the other style of environment markers (#3796) | Alex Gaynor | 2017-08-24 | 2 | -11/+9 |
| | | | | | | | | | * Switch to using the other style of environment markers * We don't do py3.3 any more! * changelog | ||||
| * | Document that we care about our infrastructure's security as well (#3874) | Alex Gaynor | 2017-08-24 | 1 | -0/+8 |
| | | |||||
| * | add blake2b/blake2s support for hmac (#3873) | Paul Kehrer | 2017-08-22 | 3 | -5/+35 |
| | | | | | | | | | | | * add blake2b/blake2s support for hmac This was a bug, but it turns out the noise protocol suggests using the HMAC construction with BLAKE2 (rather than BLAKE2's own keyed functionality) for a few reasons, so we should support it. * actually test the thing | ||||
| * | Remove branches for 1.0.2 betas. (#3870) | Alex Gaynor | 2017-08-20 | 3 | -8/+6 |
| | | | | There's no sense in which we actually support them | ||||
| * | Fix `load_rsa_public_numbers` documentation (#3871) | David Sanders | 2017-08-20 | 1 | -1/+1 |
| | | |||||
| * | Fix mistake in `RSAPublicKey.verify` documentation (#3872) | David Sanders | 2017-08-20 | 1 | -1/+1 |
| | | |||||
 |
index : cloud-email/cryptography | |
| python cryptography | James |
| aboutsummaryrefslogtreecommitdiffstats |