aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* add bindings for early data (#4582)Paul Kehrer2018-11-122-0/+13
| | | | | | * add bindings for early data * remove final var name
* add a little bit of x25519 interface docs we missed (#4574)Paul Kehrer2018-11-121-3/+9
|
* x448 bindings (#4577)Paul Kehrer2018-11-123-0/+24
|
* add EVP raw key bindings (#4578)Paul Kehrer2018-11-122-0/+28
|
* add a few more EC OIDs (#4572)Paul Kehrer2018-11-111-0/+13
| | | | | | * add a few more EC OIDs * spaces matter
* Remove unnecessary use of six.binary_type (#4569)Jon Dufresne2018-11-111-1/+1
| | | | | All supported Pythons have type bytes. On Python 2, it is an alias of str, same as six.binary_type. Makes the code slightly more forward compatible and removes some indirection.
* reopen master for 2.5 development (#4571)Paul Kehrer2018-11-111-1/+1
|
* Revert O_CLOEXEC change to fix builds (#4570)Alex Gaynor2018-11-112-3/+10
|
* bump versions and update changelog for 2.4 release (#4568)Paul Kehrer2018-11-111-1/+1
|
* add various new TLS bindings (#4555)Paul Kehrer2018-11-032-0/+31
| | | | | | | | | | * add SSL_OP_NO_TLSv1_3 * compiling now * bind SSL_CTX_set_ciphersuites as well * add some more
* add EC OIDs (#4435)Paul Kehrer2018-10-301-0/+10
| | | | | | * add EC OIDs * move ec oid docs to bottom
* move ObjectIdentifier to break an upcoming import cycle (#4550)Paul Kehrer2018-10-302-59/+68
|
* Add eq/ne/hash to PrecertificateSignedCertificateTimestamps (#4534)Paul Kehrer2018-10-292-0/+35
| | | | | | | | | | | | | | * Add eq/ne/hash to PrecertificateSignedCertificateTimestamps This requires adding it to SignedCertificateTimestamps as well * slightly more consistent * right, these need to be conditional * compare by signature * don't use private API
* do not pass conversion on Solaris (#4545)Bernát Gábor2018-10-301-1/+1
|
* create & use _evp_md_from_algorithm and _evp_md_non_null_from_algorithm (#4542)Paul Kehrer2018-10-294-47/+37
| | | | | | * create & use _evp_md_from_algorithm and _evp_md_non_null_from_algorithm * remove unused import
* add SCT_get0_signature (#4540)Paul Kehrer2018-10-282-0/+4
|
* OCSP response builder (#4485)Paul Kehrer2018-10-283-10/+279
| | | | | | | | * ocsp response builder * better prose * review changes
* add IDP OID and docs (#4533)Paul Kehrer2018-10-281-0/+4
|
* refactor _decode_dist_points (#4536)Paul Kehrer2018-10-281-64/+67
| | | | | | | | | | | * separate refactor _decode_dist_points We need to be able to parse reasons and distpoint for the CRL extension IssuingDistributionPoint * move comment, rename a variable * review feedback
* add bindings for supporting the issuing distribution point CRL extension (#4532)Paul Kehrer2018-10-271-0/+12
|
* add _create_asn1_time (#4524)Paul Kehrer2018-10-241-12/+10
|
* refactor set_asn1_time to take a datetime (#4516)Paul Kehrer2018-10-231-14/+7
|
* bind a constant for an error check (#4514)Paul Kehrer2018-10-231-0/+1
| | | I hate it when we have to do this.
* next_update is not a required field on OCSP responses (#4513)Paul Kehrer2018-10-231-2/+4
|
* Fixes #4500 -- use O_CLOEXEC when opening the /dev/urandom file descriptor ↵Alex Gaynor2018-10-231-9/+2
| | | | | | | | (#4507) * Fixes #4500 -- use O_CLOEXEC when opening the /dev/urandom file descriptor * Unused variable
* Remove branch for old libressl versions that we don't support any more (#4505)Alex Gaynor2018-10-201-2/+1
|
* Add definitions that help with hostname checking (#4492)Kai Engert2018-10-103-0/+56
| | | | | | | | | | | | | | * Add definitions for SSL_get0_param and X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS * remove unnecessary parameter name * Add version conditionals and more flags * extend cryptography_has_102_verification_params * X509_CHECK_FLAG_NEVER_CHECK_SUBJECT only available with openssl 1.1.0+ * add missing declaration
* Use our cryptography-specific warning class (#4493)Alex Gaynor2018-10-101-1/+1
|
* OCSP response serialization (#4482)Paul Kehrer2018-10-061-0/+13
| | | | | | * support OCSP response serialization * empty commit, good times
* support extensions in the OCSP request builder (#4481)Paul Kehrer2018-10-063-6/+37
| | | | | | | | | | * support extensions in the OCSP request builder * cover a missed branch * refactor to use new func * review feedback
* Cleanup _encode_asn1_str_gc: don't require the length as an argument (#4484)Alex Gaynor2018-10-072-15/+11
| | | | | | * Cleanup _encode_asn1_str_gc: don't require the length as an argument * Apply the same cleanup to _encode_asn1_str
* add OCSP basic response extension parsing (#4479)Paul Kehrer2018-10-063-1/+23
| | | | | | | | | | * add OCSP basic response extension parsing Just nonce for now. This does not support SINGLERESP extension parsing. * also raises on extensions for non-successful * empty commit
* consolidate the duplicate extension check (#4483)Paul Kehrer2018-10-061-19/+11
|
* additional OCSP bindings for the response builder (#4480)Paul Kehrer2018-10-061-3/+5
| | | | | | * additional OCSP bindings for the response builder * use the OCSP extension funcs that match the rest of x509
* support OCSP response parsing (#4452)Paul Kehrer2018-10-013-4/+262
| | | | | | | | | | | | * support OCSP response parsing * move the decorator to make pep8 happy * add some missing docs * review feedback * more review feedback
* add ed25519 bindings (#4476)Paul Kehrer2018-09-264-0/+50
| | | | | | * add ed25519 bindings * var name
* Remove conditionals for OpenSSL 1.1.1 pre-releases (#4467)Alex Gaynor2018-09-152-8/+3
|
* OCSP request extension parsing (#4464)Paul Kehrer2018-09-097-5/+68
| | | | | | | | | | * add OCSP request parsing support with OCSPNonce * add docs * reprs man * make extensions a cached property
* refactor asn1_time_set to be useful in a future PR (#4465)Paul Kehrer2018-09-091-27/+27
|
* Add flags to error on compile with incompatible pointer type (#4455)Paul Kehrer2018-09-054-21/+26
| | | | | | | | | | | | | | | | * try something a bit different. * newer compiler plz * permute * fix some warnings * fix getters on OpenSSL < 1.1.0 * this is getting involved * given our compiler flags we can't have SSL_CTX_set_cookie_verify_cb
* don't sort the serial numbers in a parsed CRL (#4457)Paul Kehrer2018-09-041-2/+12
| | | | | | | | | | | * don't sort the serial numbers in a parsed CRL OpenSSL sorts them in place and this breaks the signature and more. fixes #4456 * cache the sorted CRL (but create it lazily) * use the cache decorator
* OCSP bindings (#4449)Paul Kehrer2018-09-012-0/+97
| | | | | | | | | | | | | | | * add many OCSP bindings Much of OCSP was opaqued in 1.1.0 so this also adds a bunch of getters for older OpenSSL. However, 1.1.0 itself made it impossible to access certain fields in the opaque struct, so we're forced to de-opaque them for 1.1.0 through 1.1.0i as well as 1.1.1-pre1 through 1.1.1-pre9. There is a patch (openssl/openssl#7082) that fixes this and should be in 1.1.0j and 1.1.1-pre10 (or 1.1.1 final, whichever they choose to issue) * backslashes are sometimes useful * comments
* small refactor of OCSP request parsing (#4447)Paul Kehrer2018-09-011-38/+54
| | | | This allows us to reuse these functions in the OCSPResponse object in the future
* Fixes #4333 -- added support for precert poison extension (#4442)Alex Gaynor2018-08-315-6/+33
| | | | | | | | | | | | | | * Fixes #4333 -- added support for precert poison extension * Make work on all OpenSSL versions * fixed flake8 + docs * fix for older OpenSSLs * document this * spell
* Simplify OCSP no check serialization (#4444)Alex Gaynor2018-08-312-5/+5
|
* OCSP response abstract base classes (#4431)Paul Kehrer2018-08-311-0/+130
| | | | | | | | | | | | * ocsp response abc * collapse SingleReponse into OCSPResponse now that we only support one * split responder_id into two properties, add tbs_response_bytes * typo * rename one method and add a mapping we'll need shortly
* refactor ocsp request parsing and generation to support only one cert (#4439)Paul Kehrer2018-08-313-83/+36
| | | | | | | | * refactor ocsp request parsing and generation to support only one cert * small doc change * notimplementederror
* Fixes #3460 -- deprecate OpenSSL 1.0.1 (#4427)Alex Gaynor2018-08-311-0/+16
| | | | | | | | | | | | * Fixes #3460 -- deprecate OpenSSL 1.0.1 * We need to import warnings * flake8 * words are hard * rephrase
* Fixed two memory leaks in x509 csr extensions (#4434)Alex Gaynor2018-08-313-3/+19
| | | | | | | | | | | | * Fixed a memory leak in x.509 OCSP no check * Fix the _actual_ leak * Speed up symbolizations * Disable backtrace by default, because it doesn't work on Windows * line length
* make an ocsp request (#4402)Paul Kehrer2018-08-303-0/+48
| | | | | | | | | | | | | | | | * make an ocsp request * update test, add docs * make it an OCSPRequestBuilder * review feedback and more tests * make it a class * empty commit to retrigger * type check
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-17 07:11:13 +0000