| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* Fixed #5050 -- dropped support for an old LibresSSL release
* Changelog
|
| |
|
|
|
|
|
|
| |
* Add SSL_get0_verified_chain to cffi lib
OpenSSL 1.1.0 supports SSL_get0_verified_chain. This gives the full chain from the peer cert including your trusted CA cert.
* Work around no support for #if in cdef in old cffi
|
| |
|
|
|
|
|
|
|
|
| |
* Use generic DTLS functions added in LibreSSL 2.9.1
While here, bump travis.
* Remove LibreSSL 2.9.0 from travis now that 2.9.1 exists.
Requested by: @reaperhulk
|
| |
|
|
|
|
|
|
| |
* support OPENSSL_NO_ENGINE
* support some new openssl config args
* sigh
|
| |
|
|
|
| |
This adds the ability to retrieve the selected SRTP protection profile
after the DTLS handshake completes. This is needed to perform the
correct key derivation if multiple profiles were offered.
|
| | |
|
| |
|
| |
OpenSSL defines these even with OPENSSL_NO_DTLS.
|
| |
|
|
|
|
| |
* add bindings for early data
* remove final var name
|
| |
|
|
|
|
|
|
|
|
| |
* add SSL_OP_NO_TLSv1_3
* compiling now
* bind SSL_CTX_set_ciphersuites as well
* add some more
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add definitions for SSL_get0_param and X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
* remove unnecessary parameter name
* Add version conditionals and more flags
* extend cryptography_has_102_verification_params
* X509_CHECK_FLAG_NEVER_CHECK_SUBJECT only available with openssl 1.1.0+
* add missing declaration
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* try something a bit different.
* newer compiler plz
* permute
* fix some warnings
* fix getters on OpenSSL < 1.1.0
* this is getting involved
* given our compiler flags we can't have SSL_CTX_set_cookie_verify_cb
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PyPy (#4364)
* Add more SSL_CIPHER_* functions, necessary to implement ctx.get_ciphers() added by Python 3.6.1.
* Add placeholders for other versions
* Remove parameter names
* LibreSSL 2.7 has the new functions
* Add entries in _conditional.py
* SSL_CIPHER_get_id returns int, not char*
|
| |
|
|
|
|
|
|
| |
* libre 2.7.3 compatibility
* add a changelog
* actually build against 2.7.3
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fix some callback type signatures.
SSL_CTX_set_psk_server_callback:
https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_psk_server_callback.html
https://github.com/openssl/openssl/blob/OpenSSL_1_0_2/ssl/ssl.h#L1355
https://github.com/openssl/openssl/blob/OpenSSL_1_1_0/include/openssl/ssl.h#L734
SSL_CTX_set_tlsext_servername_callback:
https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_tlsext_servername_callback.html
https://github.com/openssl/openssl/blob/OpenSSL_1_0_2/ssl/s3_lib.c#L3964
https://github.com/openssl/openssl/blob/OpenSSL_1_1_0/ssl/s3_lib.c#L3499
* Missed a spot
|
| |
|
|
| |
(#4205)
|
| |
|
|
|
|
| |
* add custom extensions functions for openssl >=1.0.2
* Fix style problems
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently we only expose SSL_get_peer_certificate, which allows you
to retrieve the remote party's certificate. This adds the symetrical
binding to retrieve the local party's certificate.
The motivation for this additional binding is to make it possible to
query the local certificate regardless of the method which was used to
load the certificate into the SSL connection (from a file, from an
in-memory object). An example where this is useful is when negotiating
a DTLS-SRTP connection, the fingerprint of the local certificate needs
to be communicated to the remote party out-of-band via SDP.
This binding can be exposed in pyopenssl as Connection.get_certificate().
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* + more DTLS bindings
* + BIO_CTRL_DGRAM*
* + read ahead functions
* rm BIO_CTRL_DGRAM_SET_PEEK_MODE
* rm BIO_CTRL_DGRAM_SET_DONT_FRAG
* + link mtu conditional logic
* rm some BIO_CTRL_DGRAM* bindings
|
| |
|
|
|
|
|
|
|
|
| |
* + PSK function bindings
* + PSK conditional
* trigger CI
* trigger CI
|
| |
|
|
|
|
|
|
| |
* + bindings for SSL_OP_NO_DTLS*
* + conditional for not HAS_GENERIC_DTLS_METHOD
* flag SSL_OP_NO_DTLS* for unsupported deletion
|
| |
|
|
|
|
| |
* Fixed #4006 -- bind functions for dealing with sigalgs
* oops
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* added binding support for rfc 5705
* WIP: testing some cffi updates
* added openssl version check
* updated cffi defs to align with pep8
* removed superfluous version checks
* remove more unecessary boilerplate
|
| |
|
|
|
|
|
|
| |
* Remove conditionals we never use.
Refs #3763
* put this back
|
| |
|
|
|
|
|
|
| |
* No more FUNCS/MACROS distinction
* change the docs to not talk about MACROS since they're gone
* remove out of date comment
|
| |
|
|
|
|
| |
* enable wconversion and finish fixes
* don't pass -Wconversion if it's win32
|
| |
|
|
|
|
| |
* bind DTLS 1.2 methods
* remove version specific dtls bindings, rename sentinel value
|
| |
|
|
|
|
|
|
|
|
| |
* Attempt to simplify the libressl checing
* SHENANGINS
* Attempted fix
* More simplification
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* We always have EC
* We always have ECDH
* We always have ECDSA
* We always have EC codes
* This can go as well
* And this
* unused import
|
| |
|
|
|
|
|
|
|
|
| |
* CMAC is always supported
* TLSv1.2 is always supported
* Releasing buffers is always supported
* Nonsense IE SSLv2 nonsens is always supported
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add DTLSv1_2 methods
* add binding to DTLSv1_get_timeout() and DTLSv1_handle_timeout()
* fix: PEP8 failed
fix the following error:
./src/_cffi_src/openssl/ssl.py:728:80: E501 line too long (80 > 79 characters)
see https://jenkins.cryptography.io/job/cryptography-pr-pep8/1954/
* Revert "add DTLSv1_2 methods"
This reverts commit e4a9150b12ddb4790159a5835f1d1136cb1b996e.
* replace 'long int' by 'long'
To be more consistent with the naming convention
cf https://github.com/pyca/cryptography/pull/3286/files/8dde92aad5db97fa176bf164783bdf9ba242edf4#r90153970
* wrap with braces
cf https://github.com/pyca/cryptography/pull/3286/files/8dde92aad5db97fa176bf164783bdf9ba242edf4#r90154057
* conditionally bind all DTLS
* rebase error
* rename wrapped function
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* delete the 1.0.0 support
* drop the version check
* drop the AES-CTR stuff
* Update the example
* openssl truncates for us now
* delete unused test
* unused imports
* Remove a bunch of conditional bindings for NPN
* no more 1.0.0 builders
* libressl fix
* update the docs
* remove dead branches
* oops
* this is a word, damnit
* spelling
* try removing this
* this test is not needed
* unused import
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* 1.0.2i changed the way COMP_METHOD is exported if NO_COMP is set
* add a comment explaining why we changed this
* 1.0.2i handles NUMERICSTRING properly now so need only test < 1.0.2i
* needs to be visible
|
| |
|
| |
We're so close.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Use a series of constants for OpenSSL version checks.
N.B. I removed several qualifiers that were being used to express beta vs. release in OpenSSL version numbers. Reviewers please look closely!
* Convert some python as well, also add the file
* flake8
* Simplify code, remove functionality that can be expressed more simply
* clean up the tests as well
* more constants
* wrap long lines
* reflect feedback
* unused
* add this back?
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add more bindings to OpenSSL, all are used by the Python _ssl module.
* Add a conditional: SSL_CTX_clear_options() does not exist before 0.9.8m
* 80 cols
* Condionally define the TLSEXT error codes.
* Address review comments
* Remove all parameter names
|
| | |
|
| | |
|
