aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
| | * | allow certificate and CSR to both parse the same set of extensionsPaul Kehrer2015-08-011-23/+21
| | | |
| * | | Merge pull request #2186 from reaperhulk/handle-corrupt-extensionsAlex Gaynor2015-08-011-1/+7
| |\ \ \ | | | | | | | | | | Handle invalid x509 extension payloads
| | * | | corrupt -> invalidPaul Kehrer2015-08-011-1/+2
| | | | |
| | * | | check if the extension decoded to internal openssl reprPaul Kehrer2015-08-011-1/+6
| | |/ / | | | | | | | | | | | | ...and if not, raise an error (plus consume the error stack)
| * | | Merge pull request #2184 from reaperhulk/remove-more-branchesAlex Gaynor2015-08-013-10/+18
| |\ \ \ | | |/ / | |/| | Branch coverage to 100%
| | * | Remove elifs and replace with else + assertPaul Kehrer2015-08-013-10/+18
| | |/ | | | | | | | | | This is kind of ugly, but resolves many partial branch coverage issues.
| * / simplify x509 extension decodingPaul Kehrer2015-08-011-73/+28
| |/
| * Merge pull request #2177 from reaperhulk/cp-bindingsAlex Gaynor2015-07-271-0/+21
| |\ | | | | | | add many bindings we'll need to encode a certificate policies extension
| | * add many bindings we'll need to encode a certificate policies extensionPaul Kehrer2015-07-261-0/+21
| | |
| * | openssl error codes are clearly not considered part of the api contractPaul Kehrer2015-07-251-5/+2
| | |
| * | extra parensPaul Kehrer2015-07-251-5/+3
| | |
| * | == instead of inPaul Kehrer2015-07-251-2/+2
| | |
| * | handle RSA key too small and consume errors on CSR signature failurePaul Kehrer2015-07-252-1/+11
| |/
| * remove windows link type, update docsPaul Kehrer2015-07-241-14/+1
| |
| * Merge pull request #2171 from reaperhulk/refactor-gn-encodingAlex Gaynor2015-07-241-83/+88
| |\ | | | | | | refactor general name encoding to its own function
| | * refactor general name encoding to its own functionPaul Kehrer2015-07-241-83/+88
| | |
| * | let's also add the binding to make a new GENERAL_SUBTREE stackPaul Kehrer2015-07-241-0/+1
| | |
| * | bindings for CRL encodingPaul Kehrer2015-07-241-0/+7
| |/
| * Support encoding ExtendedKeyUsage into certificate signing requestsPaul Kehrer2015-07-235-2/+36
| |
| * Support encoding KeyUsage into certificate signing requestsPaul Kehrer2015-07-234-0/+45
| |
| * when building a CSR adding > 1 extension would trigger a bugPaul Kehrer2015-07-231-1/+1
| | | | | | | | | | | | We were checking sk_X509_EXTENSION_push for a value == 1, but in reality it returns the number of extensions on the stack. We now assert >= 1 and added a test.
* | Add sign_x509_certificate to MultiBackendIan Cordasco2015-08-021-0/+9
| | | | | | | | Add example of CertificateBuilder to the reference documentation
* | Add note to serial_number parameter about entropyIan Cordasco2015-08-021-0/+2
| | | | | | | | | | | | | | | | | | | | - Add reference to random-numbers.rst for easy intra-linking - Document critical parameter of CertificateBuilder.add_extension - Support InhibitAnyPolicy in the CertificateBuilder frontend but not in the backend - Slim down more tests - Fix up test that asserts the backend does not allow for unsupported extensions
* | Add _encode_asn1_int_gcIan Cordasco2015-08-011-1/+7
| | | | | | | | Ensure the certificate serial number is freed
* | Add check for an RSA Key being too smallIan Cordasco2015-08-012-3/+5
| | | | | | | | | | - Remove outdated/unnecessary/illegitimate TODOs - Fix up test for an RSA key that is too small
* | Document other two parameters from sign methodIan Cordasco2015-07-311-11/+21
| | | | | | | | | | | | | | - Remove incorrect CertificateBuilder doc-string - Check that serial numbers are non-negative and < 160 bits - Check that dates passed aren't earlier than the unix epoch - Remove version from CertificateBuilder.__init__ and version method
* | Check result of setting the serial numberIan Cordasco2015-07-241-2/+14
| | | | | | | | | | - Add checks for private key types - Add tests around new checks for types of private keys
* | Remove CertificateBuilder.versionIan Cordasco2015-07-241-19/+2
| | | | | | | | Default CertificateBuilder to Version.v3
* | Use correct exception class in openssl backendIan Cordasco2015-07-201-1/+1
| |
* | Remove unnecessary type checkIan Cordasco2015-07-191-2/+0
| |
* | Handle SubjectAlternativeName extensions in the backendIan Cordasco2015-07-191-0/+2
| | | | | | | | They are handled in cryptography.x509 so they need to be handled here
* | Construct extensions like a CSRIan Cordasco2015-07-191-6/+9
| | | | | | | | | | | | - Use _encode_basic_constraints appropriately - Create an appropriate object from the oid dotted string - Create the X509 Extension appropriately
* | Fix copy-paste errorsIan Cordasco2015-07-191-3/+3
| |
* | Remove unnecessary helper functionsIan Cordasco2015-07-182-19/+4
| | | | | | | | | | - Update documented methods - Do not mute the CertificateBuilder object if no version is set
* | Make the CertificateBuilder interface more like the CSRBuilderIan Cordasco2015-07-181-27/+92
| |
* | Adds certificate builder.Andre Caron2015-07-182-0/+186
|/
* remove unused importPaul Kehrer2015-07-141-2/+0
|
* encode uriPaul Kehrer2015-07-131-2/+12
|
* Merge pull request #2149 from reaperhulk/better-uriAlex Gaynor2015-07-131-0/+26
|\ | | | | expand UniformResourceIdentifier to parse and internally IDNA encode
| * expand UniformResourceIdentiier to parse and internally IDNA encodePaul Kehrer2015-07-121-0/+26
| |
* | Merge pull request #2137 from reaperhulk/encode-rfc822nameAlex Gaynor2015-07-121-0/+8
|\ \ | | | | | | Encode rfc822name
| * | support rfc822Name general name encodingPaul Kehrer2015-07-121-0/+8
| | |
* | | Merge pull request #2148 from reaperhulk/fix-random-orderAlex Gaynor2015-07-121-0/+1
|\ \ \ | |_|/ |/| | clear the error stack if d2i_ASN1_TYPE fails
| * | clear the error stack if d2i_ASN1_TYPE failsPaul Kehrer2015-07-121-0/+1
| |/ | | | | | | The random order jenkins job found a bug!
* | Merge pull request #2147 from reaperhulk/there-are-two-partsAlex Gaynor2015-07-121-4/+3
|\ \ | | | | | | parts can't be > 2, so let's not pretend it could be
| * | parts can't be > 2, so let's not pretend it could bePaul Kehrer2015-07-121-4/+3
| | | | | | | | | | | | (famous last words)
* | | Merge pull request #2139 from alex/remove-fast-pathPaul Kehrer2015-07-121-3/+0
|\ \ \ | |_|/ |/| | Removed the fastpath from binding initialization. These aren't instantiated frequently enough for this to be worth it, and it improves our coverage.
| * | Removed the fastpath from binding initialization. These aren't instantiated ↵Alex Gaynor2015-07-121-3/+0
| | | | | | | | | | | | frequently enough for this to be worth it, and it improves our coverage.
* | | Merge pull request #2141 from reaperhulk/better-rfc822nameAlex Gaynor2015-07-121-0/+19
|\ \ \ | | | | | | | | expand RFC822Name to validate and (internally) IDNA encode
| * | | simplify logic, it doesn't appear parts > 2 is possiblePaul Kehrer2015-07-121-4/+3
| | | |
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-01 18:07:23 +0000