| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
| |
this allows us to use the same code for ed25519, x448, and ed448
|
| |
|
|
|
|
| |
* add evp_pkey_ed25519
* ed448 bindings
|
| |
|
|
|
|
| |
* error if the key length for x25519 isn't 32 bytes
* also test 33
|
| |
|
|
|
|
| |
* add SHA512/224 and SHA512/256 support
* add missing docs
|
| |
|
|
|
|
| |
* add bindings for early data
* remove final var name
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* add a few more EC OIDs
* spaces matter
|
| |
|
|
|
| |
All supported Pythons have type bytes. On Python 2, it is an alias of
str, same as six.binary_type. Makes the code slightly more forward
compatible and removes some indirection.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* add SSL_OP_NO_TLSv1_3
* compiling now
* bind SSL_CTX_set_ciphersuites as well
* add some more
|
| |
|
|
|
|
| |
* add EC OIDs
* move ec oid docs to bottom
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add eq/ne/hash to PrecertificateSignedCertificateTimestamps
This requires adding it to SignedCertificateTimestamps as well
* slightly more consistent
* right, these need to be conditional
* compare by signature
* don't use private API
|
| | |
|
| |
|
|
|
|
| |
* create & use _evp_md_from_algorithm and _evp_md_non_null_from_algorithm
* remove unused import
|
| | |
|
| |
|
|
|
|
|
|
| |
* ocsp response builder
* better prose
* review changes
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* separate refactor _decode_dist_points
We need to be able to parse reasons and distpoint for the
CRL extension IssuingDistributionPoint
* move comment, rename a variable
* review feedback
|
| | |
|
| | |
|
| | |
|
| |
|
| |
I hate it when we have to do this.
|
| | |
|
| |
|
|
|
|
|
|
| |
(#4507)
* Fixes #4500 -- use O_CLOEXEC when opening the /dev/urandom file descriptor
* Unused variable
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add definitions for SSL_get0_param and X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
* remove unnecessary parameter name
* Add version conditionals and more flags
* extend cryptography_has_102_verification_params
* X509_CHECK_FLAG_NEVER_CHECK_SUBJECT only available with openssl 1.1.0+
* add missing declaration
|
| | |
|
| |
|
|
|
|
| |
* support OCSP response serialization
* empty commit, good times
|
| |
|
|
|
|
|
|
|
|
| |
* support extensions in the OCSP request builder
* cover a missed branch
* refactor to use new func
* review feedback
|
| |
|
|
|
|
| |
* Cleanup _encode_asn1_str_gc: don't require the length as an argument
* Apply the same cleanup to _encode_asn1_str
|
| |
|
|
|
|
|
|
|
|
| |
* add OCSP basic response extension parsing
Just nonce for now. This does not support SINGLERESP extension parsing.
* also raises on extensions for non-successful
* empty commit
|
| | |
|
| |
|
|
|
|
| |
* additional OCSP bindings for the response builder
* use the OCSP extension funcs that match the rest of x509
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* support OCSP response parsing
* move the decorator to make pep8 happy
* add some missing docs
* review feedback
* more review feedback
|
| |
|
|
|
|
| |
* add ed25519 bindings
* var name
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* add OCSP request parsing support with OCSPNonce
* add docs
* reprs man
* make extensions a cached property
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* try something a bit different.
* newer compiler plz
* permute
* fix some warnings
* fix getters on OpenSSL < 1.1.0
* this is getting involved
* given our compiler flags we can't have SSL_CTX_set_cookie_verify_cb
|
| |
|
|
|
|
|
|
|
|
|
| |
* don't sort the serial numbers in a parsed CRL
OpenSSL sorts them in place and this breaks the signature and more.
fixes #4456
* cache the sorted CRL (but create it lazily)
* use the cache decorator
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add many OCSP bindings
Much of OCSP was opaqued in 1.1.0 so this also adds a bunch of getters
for older OpenSSL. However, 1.1.0 itself made it impossible to access
certain fields in the opaque struct, so we're forced to de-opaque them
for 1.1.0 through 1.1.0i as well as 1.1.1-pre1 through 1.1.1-pre9. There
is a patch (openssl/openssl#7082) that fixes this and should be in
1.1.0j and 1.1.1-pre10 (or 1.1.1 final, whichever they choose to issue)
* backslashes are sometimes useful
* comments
|
| |
|
|
| |
This allows us to reuse these functions in the OCSPResponse object in
the future
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fixes #4333 -- added support for precert poison extension
* Make work on all OpenSSL versions
* fixed flake8 + docs
* fix for older OpenSSLs
* document this
* spell
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* ocsp response abc
* collapse SingleReponse into OCSPResponse now that we only support one
* split responder_id into two properties, add tbs_response_bytes
* typo
* rename one method and add a mapping we'll need shortly
|
