aboutsummaryrefslogtreecommitdiffstats
path: root/docs/x509
Commit message (Collapse)AuthorAgeFilesLines
* prevaricate more about anyextendedkeyusage (#4939)Paul Kehrer2019-07-061-1/+6
|
* ed25519 support in x509 certificate builder (#4937)Paul Kehrer2019-07-061-4/+21
| | | | | | | | | | * ed25519 support in x509 certificate builder This adds minimal ed25519 support. More to come. * Apply suggestions from code review Co-Authored-By: Alex Gaynor <alex.gaynor@gmail.com>
* Fix typo (#4829)Ofek Lev2019-04-021-1/+1
|
* full state or province name (#4758)itinerarium2019-02-201-2/+2
| | | | | | | CA -> California 6.3.5 of ITU-T X.520 (10/2016) provides a spelled out sample state. In other contexts, hints generally suggest the "full name" of a state or province. A spelled out state in the sample code might be more consistent with general usage.
* consistently linky RFC in the docs (#4716)Alex Gaynor2019-01-181-5/+4
| | | | | | * consistently linky RFC in the docs * oops
* add signature_hash_algorithm to OCSPResponse (#4681)Paul Kehrer2019-01-101-0/+10
| | | | | | * add signature_hash_algorithm to OCSPResponse * fix pointless asserts
* Remove spaces from RFC 4514 strings for better compliance (#4643) (#4646)Marti Raudsepp2018-12-181-3/+3
| | | | | | RFC 4514 does not explicitly allow whitespace between separators: https://tools.ietf.org/html/rfc4514 Reported-by: David Arnold <dar@xoe.solutions>
* Add RFC 4514 Distinguished Name formatting for Name, RDN and NameAttribute ↵Marti Raudsepp2018-12-081-1/+25
| | | | (#4304)
* IssuingDistributionPoint support (parse only) (#4552)Paul Kehrer2018-11-301-0/+71
| | | | | | | | | | | | | | | | | | | | | | * IssuingDistributionPoint support h/t to Irina Renteria for the initial work here * python 2 unfortunately still exists * py2 repr * typo caught by flake8 * add docs * review feedback * reorder args, other fixes * use the alex name * add changelog
* OCSP response builder (#4485)Paul Kehrer2018-10-281-0/+185
| | | | | | | | * ocsp response builder * better prose * review changes
* add IDP OID and docs (#4533)Paul Kehrer2018-10-281-0/+6
|
* simplify some language (#4495)Paul Kehrer2018-10-101-2/+7
| | | | | | | | | | | | * simplify some language * Update reference.rst * wrap * remove trailing whitespace the github web editor is bad and should feel bad
* Style nits for docs (#4494)Alex Gaynor2018-10-101-5/+5
|
* Add a tutorial explaining how to check the signature of a certificate (#4478)g_goessel2018-10-101-0/+68
|
* OCSP response serialization (#4482)Paul Kehrer2018-10-061-0/+8
| | | | | | * support OCSP response serialization * empty commit, good times
* support extensions in the OCSP request builder (#4481)Paul Kehrer2018-10-061-0/+10
| | | | | | | | | | * support extensions in the OCSP request builder * cover a missed branch * refactor to use new func * review feedback
* add OCSP basic response extension parsing (#4479)Paul Kehrer2018-10-061-0/+5
| | | | | | | | | | * add OCSP basic response extension parsing Just nonce for now. This does not support SINGLERESP extension parsing. * also raises on extensions for non-successful * empty commit
* support OCSP response parsing (#4452)Paul Kehrer2018-10-011-0/+21
| | | | | | | | | | | | * support OCSP response parsing * move the decorator to make pep8 happy * add some missing docs * review feedback * more review feedback
* a few docs fixes and language improvements (#4472)Paul Kehrer2018-09-142-6/+4
|
* OCSP request extension parsing (#4464)Paul Kehrer2018-09-092-0/+39
| | | | | | | | | | * add OCSP request parsing support with OCSPNonce * add docs * reprs man * make extensions a cached property
* document that OCSPResponse attributes can raise valuerror (#4453)Paul Kehrer2018-09-011-0/+48
|
* initial OCSP response docs (#4448)Paul Kehrer2018-09-011-0/+179
|
* Fixes #4333 -- added support for precert poison extension (#4442)Alex Gaynor2018-08-311-0/+23
| | | | | | | | | | | | | | * Fixes #4333 -- added support for precert poison extension * Make work on all OpenSSL versions * fixed flake8 + docs * fix for older OpenSSLs * document this * spell
* refactor ocsp request parsing and generation to support only one cert (#4439)Paul Kehrer2018-08-311-25/+17
| | | | | | | | * refactor ocsp request parsing and generation to support only one cert * small doc change * notimplementederror
* make an ocsp request (#4402)Paul Kehrer2018-08-301-0/+113
| | | | | | | | | | | | | | | | * make an ocsp request * update test, add docs * make it an OCSPRequestBuilder * review feedback and more tests * make it a class * empty commit to retrigger * type check
* OCSP request parsing (#4393)Paul Kehrer2018-08-152-0/+95
| | | | | | | | | | | | * add public_bytes to OCSPRequest * review feedback * OCSP request parsing * change some prose * add __len__ as a required method
* make a certificate expire a few years in the future, fixes doctests (#4383)Alex Gaynor2018-08-061-1/+1
| | | | | | | | * make a certificate expire a few years in the future, fixes doctests 👋 to future alex when this test breaks in two years * short lived certs are a good idea
* add crl.get_revoked_certificate method (#4331)Paul Kehrer2018-07-161-0/+9
| | | | | | | | * add crl.get_revoked_certificate method * lexicographic is the best ographic * rename
* Make RelativeDistinguishedName preserve attribtue order (#4306)Marti Raudsepp2018-07-091-2/+3
| | | | Duplicate attributes now raise an error instead of silently discarding duplicates.
* Add OID for RSASSA-PSS X.509 signature algorithm (RFC 4055) (#4294)Marti Raudsepp2018-06-291-0/+9
| | | | | | | | | | | | In 2005, IETF devised a more secure padding scheme to replace PKCS #1 v1.5. To make sure that nobody can easily support or use it, they mandated lots of complicated parameters in the certificate, unlike any other X.509 signature scheme. https://tools.ietf.org/html/rfc4055 `_SIG_OIDS_TO_HASH` and `Certificate.signature_hash_algorithm` cannot be supported as-is, because the hash algorithm is defined in the signature algorithm parameters, not by the OID itself.
* Make AuthorityKeyIdentifier docs reflect reality (#4252)Thom Dixon2018-05-181-1/+1
| | | The `AuthorityKeyIdentifier.authority_cert_issuer` docs state that it returns a `Name` instance, but it [actually returns a list of `GeneralName` instances or `None`](https://github.com/pyca/cryptography/blob/master/src/cryptography/x509/extensions.py#L157).
* switch to py3 on docs job (#4230)Paul Kehrer2018-05-121-13/+13
| | | | | | * switch to py3 on docs job * somehow unicode isn't a word
* fixed #3986 -- properly use unicode for DNSName (#3988)Alex Gaynor2017-10-191-4/+4
|
* Update docs and changelog for URI, RFC822Name, and DNSName (#3955)Paul Kehrer2017-10-111-57/+37
| | | | | | | | | | | | | | | | * Update docs and changelog for URI, RFC822Name, and DNSName As of 2.1 we want users to pass A-label strings, but we still accept U-label strings and auto-encode on their behalf (with a deprecation warning). However, we do not return U-label in the value attribute so we are making a backwards incompatible change for users that utilize internationalized domain names. * language updates * add presentational to the word list * the linux dictionary is pathetic
* Backwards incompatible change to DNSName (#3951)Paul Kehrer2017-10-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Backwards incompatible change to DNSName During this release cycle we decided to officially deprecate passing U-labels to our GeneralName constructors. At first we tried changing this in a purely backwards compatible way but get_values_for_type made that untenable. This PR modifies DNSName to take three different types. U-label strings (which raises a deprecation warning), A-label strings (the new preferred type), and bytes (which are assumed to be decodable to unicode strings). The latter, while supported, is primarily intended for use by our parser and allows us to return the actual encoded data in a certificate even if it has not been properly encoded to A-label before the certificate is created. (Of course, if the certificate contains invalid utf8 sequences this will still fail, but let's handle one catastrophic failure at a time). * coverage * don't delete that asterisk from a test. it does things. * no bytes in DNSName. Private constructor for bypassing validation * test unicode in dnsname (yuck) * fix docs * empty commit, you disappoint me codecov * CI is the worst
* FreshestCRL extension support (#3937)Paul Kehrer2017-09-231-0/+23
| | | | | | | | | | * add freshest CRL support * add tests * add changelog * add tests for FreshestCRL generation
* support delta crl indicator extension (#3936)Paul Kehrer2017-09-221-0/+32
| | | This is an extension for CRLs
* docs for what bytes means for DNSName, URI, and RFC822Name (#3904)Paul Kehrer2017-09-201-9/+35
|
* correct the docs for CRLReason (#3930)Paul Kehrer2017-09-201-2/+1
|
* [WIP] add support for the TLSFeature extension in x509 (#3899)Paul Kehrer2017-09-101-0/+45
| | | | | | | | | | | | | | | | | | * add support for the TLSFeature extension in x509 This extension is used for OCSP Must-Staple. * fix changelog link * pep8 * refactor to support the sequence properly and add status_request_v2 * update some language * add test vector, implement eq/ne/hash on TLSFeature * address review comments
* add changelog and a warning for is_signature_valid on crl (#3861)Paul Kehrer2017-08-121-0/+6
| | | | | | * add changelog and a warning * document this properly
* Add is_signature_valid method on CertificateRevocationList (#3849)Vincent Pelletier2017-08-121-0/+6
|
* deprecate unicode input for RFC822Name (#3836)Paul Kehrer2017-08-011-0/+16
| | | | | | * deprecate unicode input for RFC822Name * pep8...?
* deprecate auto-idna on UniformResourceIdentifier (#3832)Paul Kehrer2017-08-011-4/+15
| | | | | | | | | | * deprecate auto-idna on UniformResourceIdentifier * fix repr test * docs * some updated language
* note version added and deprecated for bytes_value/value on DNSName (#3833)Paul Kehrer2017-08-011-0/+4
|
* Begin the deprecation of auto-idna for x509.DNSName (#3830)Alex Gaynor2017-07-302-5/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * Begin the deprecation of auto-idna for x509.DNSName Refs #3357 * fix warning * py3k fixes * fix docs * sigh * flake8 * these are words * words * tests for coverage * another test * do idna things * more idna things
* Fixes #3745 -- add the any EKU EKU (#3750)Alex Gaynor2017-07-031-0/+7
| | | | | | | | | | * Fixes #3745 -- add the any EKU EKU * docs * whitespace * versionadded
* Refs #3461 -- parse SCTs from x.509 extension (#3480)Alex Gaynor2017-06-042-3/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Stub API for SCTs, feedback wanted * grr, flake8 * finish up the __init__ * Initial implementation and tests * write a test. it fails because computer * get the tests passing and fix some TODOs * changelog entry * This can go now * Put a skip in this test * grump * Removed unreachable code * moved changelog to the correct section * Use the deocrator for expressing requirements * This needs f for the right entry_type * coverage * syntax error * tests for coverage * better sct eq tests * docs * technically correct, the most useless kind of correct * typo and more details * bug * drop __eq__
* add some explicit instructions on determining key type in a cert (#3596)Paul Kehrer2017-05-241-0/+17
| | | | | | * add some explicit instructions on determining key type in a cert * can't call it a CSR
* Don't raise an UnsupportedExtension for critical extensions. (#3550)Alex Gaynor2017-05-201-21/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | * Don't raise an UnsupportedExtension for critical extensions. Fixes #2903 Fixes #2901 Fixes #3325 * Don't link * Revert "Don't link" This reverts commit 4fe847f91d9dd45cdc28a4984c4e44aad62a5de6. * fix * Revert "Revert "Don't link"" This reverts commit 856031b5a1fbad04ac218fa94ebf37dcd402f3ed. * fix * Deprecate this * Better changelog entry
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-09 07:38:54 +0000