aboutsummaryrefslogtreecommitdiffstats
path: root/docs/x509/reference.rst
Commit message (Collapse)AuthorAgeFilesLines
* Removed deprecated behavior in AKI.from_issuer_subject_key_identifier (#5182)Alex Gaynor2020-04-051-2/+2
|
* Fixes #4699 -- document that UnrecognizedExtension can be used in generation ↵Alex Gaynor2019-11-111-1/+3
| | | | (#5057)
* Fixed #4377 -- document certificate policies with an example (#5058)Alex Gaynor2019-11-111-0/+12
|
* Fix documentation of AuthorityKeyIdentifier.authority_cert_issuer. (#5001)Felix Fontein2019-10-191-1/+1
|
* Finish ed25519 and ed448 support in x509 module (#4972)Marko Kreen2019-09-091-32/+71
| | | | | | | | | | | | | | | | | | * Support ed25519 in csr/crl creation * Tests for ed25519/x509 * Support ed448 in crt/csr/crl creation * Tests for ed448/x509 * Support ed25519/ed448 in OCSPResponseBuilder * Tests for eddsa in OCSPResponseBuilder * Builder check missing in create_x509_csr * Documentation update for ed25519+ed448 in x509
* prevaricate more about anyextendedkeyusage (#4939)Paul Kehrer2019-07-061-1/+6
|
* ed25519 support in x509 certificate builder (#4937)Paul Kehrer2019-07-061-4/+21
| | | | | | | | | | * ed25519 support in x509 certificate builder This adds minimal ed25519 support. More to come. * Apply suggestions from code review Co-Authored-By: Alex Gaynor <alex.gaynor@gmail.com>
* Fix typo (#4829)Ofek Lev2019-04-021-1/+1
|
* consistently linky RFC in the docs (#4716)Alex Gaynor2019-01-181-5/+4
| | | | | | * consistently linky RFC in the docs * oops
* Remove spaces from RFC 4514 strings for better compliance (#4643) (#4646)Marti Raudsepp2018-12-181-3/+3
| | | | | | RFC 4514 does not explicitly allow whitespace between separators: https://tools.ietf.org/html/rfc4514 Reported-by: David Arnold <dar@xoe.solutions>
* Add RFC 4514 Distinguished Name formatting for Name, RDN and NameAttribute ↵Marti Raudsepp2018-12-081-1/+25
| | | | (#4304)
* IssuingDistributionPoint support (parse only) (#4552)Paul Kehrer2018-11-301-0/+71
| | | | | | | | | | | | | | | | | | | | | | * IssuingDistributionPoint support h/t to Irina Renteria for the initial work here * python 2 unfortunately still exists * py2 repr * typo caught by flake8 * add docs * review feedback * reorder args, other fixes * use the alex name * add changelog
* add IDP OID and docs (#4533)Paul Kehrer2018-10-281-0/+6
|
* simplify some language (#4495)Paul Kehrer2018-10-101-2/+7
| | | | | | | | | | | | * simplify some language * Update reference.rst * wrap * remove trailing whitespace the github web editor is bad and should feel bad
* Style nits for docs (#4494)Alex Gaynor2018-10-101-5/+5
|
* Add a tutorial explaining how to check the signature of a certificate (#4478)g_goessel2018-10-101-0/+68
|
* a few docs fixes and language improvements (#4472)Paul Kehrer2018-09-141-2/+2
|
* OCSP request extension parsing (#4464)Paul Kehrer2018-09-091-0/+33
| | | | | | | | | | * add OCSP request parsing support with OCSPNonce * add docs * reprs man * make extensions a cached property
* Fixes #4333 -- added support for precert poison extension (#4442)Alex Gaynor2018-08-311-0/+23
| | | | | | | | | | | | | | * Fixes #4333 -- added support for precert poison extension * Make work on all OpenSSL versions * fixed flake8 + docs * fix for older OpenSSLs * document this * spell
* make a certificate expire a few years in the future, fixes doctests (#4383)Alex Gaynor2018-08-061-1/+1
| | | | | | | | * make a certificate expire a few years in the future, fixes doctests 👋 to future alex when this test breaks in two years * short lived certs are a good idea
* add crl.get_revoked_certificate method (#4331)Paul Kehrer2018-07-161-0/+9
| | | | | | | | * add crl.get_revoked_certificate method * lexicographic is the best ographic * rename
* Make RelativeDistinguishedName preserve attribtue order (#4306)Marti Raudsepp2018-07-091-2/+3
| | | | Duplicate attributes now raise an error instead of silently discarding duplicates.
* Add OID for RSASSA-PSS X.509 signature algorithm (RFC 4055) (#4294)Marti Raudsepp2018-06-291-0/+9
| | | | | | | | | | | | In 2005, IETF devised a more secure padding scheme to replace PKCS #1 v1.5. To make sure that nobody can easily support or use it, they mandated lots of complicated parameters in the certificate, unlike any other X.509 signature scheme. https://tools.ietf.org/html/rfc4055 `_SIG_OIDS_TO_HASH` and `Certificate.signature_hash_algorithm` cannot be supported as-is, because the hash algorithm is defined in the signature algorithm parameters, not by the OID itself.
* Make AuthorityKeyIdentifier docs reflect reality (#4252)Thom Dixon2018-05-181-1/+1
| | | The `AuthorityKeyIdentifier.authority_cert_issuer` docs state that it returns a `Name` instance, but it [actually returns a list of `GeneralName` instances or `None`](https://github.com/pyca/cryptography/blob/master/src/cryptography/x509/extensions.py#L157).
* switch to py3 on docs job (#4230)Paul Kehrer2018-05-121-13/+13
| | | | | | * switch to py3 on docs job * somehow unicode isn't a word
* Update docs and changelog for URI, RFC822Name, and DNSName (#3955)Paul Kehrer2017-10-111-57/+37
| | | | | | | | | | | | | | | | * Update docs and changelog for URI, RFC822Name, and DNSName As of 2.1 we want users to pass A-label strings, but we still accept U-label strings and auto-encode on their behalf (with a deprecation warning). However, we do not return U-label in the value attribute so we are making a backwards incompatible change for users that utilize internationalized domain names. * language updates * add presentational to the word list * the linux dictionary is pathetic
* Backwards incompatible change to DNSName (#3951)Paul Kehrer2017-10-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Backwards incompatible change to DNSName During this release cycle we decided to officially deprecate passing U-labels to our GeneralName constructors. At first we tried changing this in a purely backwards compatible way but get_values_for_type made that untenable. This PR modifies DNSName to take three different types. U-label strings (which raises a deprecation warning), A-label strings (the new preferred type), and bytes (which are assumed to be decodable to unicode strings). The latter, while supported, is primarily intended for use by our parser and allows us to return the actual encoded data in a certificate even if it has not been properly encoded to A-label before the certificate is created. (Of course, if the certificate contains invalid utf8 sequences this will still fail, but let's handle one catastrophic failure at a time). * coverage * don't delete that asterisk from a test. it does things. * no bytes in DNSName. Private constructor for bypassing validation * test unicode in dnsname (yuck) * fix docs * empty commit, you disappoint me codecov * CI is the worst
* FreshestCRL extension support (#3937)Paul Kehrer2017-09-231-0/+23
| | | | | | | | | | * add freshest CRL support * add tests * add changelog * add tests for FreshestCRL generation
* support delta crl indicator extension (#3936)Paul Kehrer2017-09-221-0/+32
| | | This is an extension for CRLs
* docs for what bytes means for DNSName, URI, and RFC822Name (#3904)Paul Kehrer2017-09-201-9/+35
|
* correct the docs for CRLReason (#3930)Paul Kehrer2017-09-201-2/+1
|
* [WIP] add support for the TLSFeature extension in x509 (#3899)Paul Kehrer2017-09-101-0/+45
| | | | | | | | | | | | | | | | | | * add support for the TLSFeature extension in x509 This extension is used for OCSP Must-Staple. * fix changelog link * pep8 * refactor to support the sequence properly and add status_request_v2 * update some language * add test vector, implement eq/ne/hash on TLSFeature * address review comments
* add changelog and a warning for is_signature_valid on crl (#3861)Paul Kehrer2017-08-121-0/+6
| | | | | | * add changelog and a warning * document this properly
* Add is_signature_valid method on CertificateRevocationList (#3849)Vincent Pelletier2017-08-121-0/+6
|
* deprecate unicode input for RFC822Name (#3836)Paul Kehrer2017-08-011-0/+16
| | | | | | * deprecate unicode input for RFC822Name * pep8...?
* deprecate auto-idna on UniformResourceIdentifier (#3832)Paul Kehrer2017-08-011-4/+15
| | | | | | | | | | * deprecate auto-idna on UniformResourceIdentifier * fix repr test * docs * some updated language
* note version added and deprecated for bytes_value/value on DNSName (#3833)Paul Kehrer2017-08-011-0/+4
|
* Begin the deprecation of auto-idna for x509.DNSName (#3830)Alex Gaynor2017-07-301-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * Begin the deprecation of auto-idna for x509.DNSName Refs #3357 * fix warning * py3k fixes * fix docs * sigh * flake8 * these are words * words * tests for coverage * another test * do idna things * more idna things
* Fixes #3745 -- add the any EKU EKU (#3750)Alex Gaynor2017-07-031-0/+7
| | | | | | | | | | * Fixes #3745 -- add the any EKU EKU * docs * whitespace * versionadded
* Refs #3461 -- parse SCTs from x.509 extension (#3480)Alex Gaynor2017-06-041-0/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Stub API for SCTs, feedback wanted * grr, flake8 * finish up the __init__ * Initial implementation and tests * write a test. it fails because computer * get the tests passing and fix some TODOs * changelog entry * This can go now * Put a skip in this test * grump * Removed unreachable code * moved changelog to the correct section * Use the deocrator for expressing requirements * This needs f for the right entry_type * coverage * syntax error * tests for coverage * better sct eq tests * docs * technically correct, the most useless kind of correct * typo and more details * bug * drop __eq__
* Don't raise an UnsupportedExtension for critical extensions. (#3550)Alex Gaynor2017-05-201-21/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | * Don't raise an UnsupportedExtension for critical extensions. Fixes #2903 Fixes #2901 Fixes #3325 * Don't link * Revert "Don't link" This reverts commit 4fe847f91d9dd45cdc28a4984c4e44aad62a5de6. * fix * Revert "Revert "Don't link"" This reverts commit 856031b5a1fbad04ac218fa94ebf37dcd402f3ed. * fix * Deprecate this * Better changelog entry
* Refs #3461 -- added the OID for the SCT x.509 extension (#3464)Alex Gaynor2017-03-201-0/+6
| | | | | | * Refs #3461 -- added the OID for the SCT x.509 extension * Version added
* add a SAN to the certificatebuilder example (#3353)Paul Kehrer2017-01-181-0/+6
| | | | Evidently users copy/paste these examples so adding a SAN here will help people screw up less. Fixes #3314
* add a few more OIDs (#3259)Paul Kehrer2016-11-191-0/+18
| | | pulled from #3244
* Add a bytes method to get the DER ASN.1 encoding of an X509 name. (#3236)Paul Kehrer2016-11-131-0/+10
| | | | | | | | | | * Add a bytes method to get the DER ASN.1 encoding of an X509 name. This is useful for creating an OpenSSL style subject_name_hash (#3011) * add to backend interface and update multibackend * bytes -> public_bytes
* Turns out we shouldn't call it uniqueIdentifier (#3234)Paul Kehrer2016-11-121-1/+1
| | | http://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.tec465360.html
* add some new oids (#3233)Paul Kehrer2016-11-111-0/+12
| | | | | | * add some new oids * As Alex pointed out, it's streetAddress
* Name: add support for multi-value RDNs (#3202)Fraser Tweedale2016-11-111-1/+20
| | | | | | | | Update the Name class to accept and internally store a list of RelativeDistinguishedName objects. Add the 'rdns' attribute to give access to the RDNs. Update ASN.1 routines to correctly decode and encode multi-value RDNs. Fixes: https://github.com/pyca/cryptography/issues/3199
* Make DistributionPoint relative_name a set of NameAttribute (#3210)Fraser Tweedale2016-11-071-1/+20
| | | | | | | | | | | * Add RelativeDistinguishedName class * Make relative_name a RelativeDistinguishedName DistributionPoint relative_name is currently a Name but RFC 5280 defines it as RelativeDistinguishedName, i.e. a non-empty SET OF name attributes. Change the DistributionPoint relative_name attribute to be a RelativeDistinguishedName.
* support random_serial_number in the CertificateBuilder (#3132)Paul Kehrer2016-09-031-8/+21
| | | | | | | | | | * support random_serial_number in the CertificateBuilder * turns out pytest's monkeypatch has an undo * random_serial_number now a function * just certs
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-05 02:41:35 +0000