aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* add support for encoding/decoding elliptic curve pointsPaul Kehrer2015-10-262-2/+39
| | | | Based on the work of @ronf in #2346.
* Merge pull request #2220 from reaperhulk/encode-cpAlex Gaynor2015-10-241-0/+90
|\ | | | | support encoding certificate policies in CertificateBuilder
| * use new ExtensionOIDPaul Kehrer2015-10-241-1/+1
| |
| * one more assertPaul Kehrer2015-10-241-1/+1
| |
| * convert asserts to openssl_assertPaul Kehrer2015-10-241-10/+10
| |
| * support encoding certificate policies in CertificateBuilderPaul Kehrer2015-10-241-0/+90
| |
* | Merge pull request #2293 from reaperhulk/idempotent-engine-addAlex Gaynor2015-10-242-6/+9
|\ \ | |/ |/| idempotent engine add
| * address review commentsPaul Kehrer2015-10-241-5/+2
| |
| * make engine addition idempotentPaul Kehrer2015-10-212-5/+11
| | | | | | | | | | | | | | | | | | | | | | Threading issues keep cropping up. ENGINE_add already acquires a lock at the C layer via CRYPTO_w_lock (provided you have registered the locking callbacks) so let's try to use that. As part of this we'll try to init the openssl locks, but of course there's potentially a race there as well. Clearly this isn't the real fix but it might improve the situation while we try to determine what to do.
* | Fixed #2444 -- added an __hash__ to x509 NamesAlex Gaynor2015-10-241-0/+8
| |
* | update a commentPaul Kehrer2015-10-221-2/+3
| |
* | pep8!Paul Kehrer2015-10-211-1/+1
| |
* | AES keywrap supportPaul Kehrer2015-10-212-1/+85
|/
* hoist a dict up to module scope so we don't recreate it every callPaul Kehrer2015-10-211-12/+15
|
* Merge pull request #2315 from etrauschke/crl_ossl_backendPaul Kehrer2015-10-215-22/+263
|\ | | | | OpenSSL backend code for CRLs
| * remove convenience functions for revoked extensionsErik Trauschke2015-10-211-30/+0
| | | | | | | | fix docs regarding CRL PEM format
| * add commentsErik Trauschke2015-10-202-26/+37
| |
| * Merge branch 'master' into crl_ossl_backendErik Trauschke2015-10-2011-23/+102
| |\
| * \ Merge branch 'crl_ossl_backend' of github.com:etrauschke/cryptography into ↵Erik Trauschke2015-10-206-22/+282
| |\ \ | | | | | | | | | | | | crl_ossl_backend
| | * | removing caching mechanism for x509 propertiesErik Trauschke2015-10-154-76/+51
| | | | | | | | | | | | | | | | | | | | | | | | undo name change of CRLExtensionOID use custom parsing mechanism for certIssuer entry extension add new crl to vectors for testing invalid certIssuer entry ext
| | * | import fixErik Trauschke2015-10-141-2/+2
| | | |
| | * | use X509ExtensionParser for Revoked extensionsErik Trauschke2015-10-144-113/+88
| | | | | | | | | | | | | | | | | | | | | | | | remove revoked_certificates property from RevokedCertificate class CRLExtensions should actually be RevokedExtensions doctest cleanup for RevokedCertificate
| | * | fix indentationsErik Trauschke2015-10-131-68/+65
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | change docs to indicate CRL objects are iterable fix docs for revoked certs make _decode_crl_reason more readable add __getitem__ method to CRL object remove double underscores
| | * | use openssl assertErik Trauschke2015-09-281-22/+27
| | | | | | | | | | | | | | | | | | | | | | | | change _build* to _decode* make CRLs into iterators various fixes
| | * | Merge branch 'master' into crl_ossl_backendErik Trauschke2015-09-286-44/+22
| | |\ \
| | * \ \ Merge branch 'crl_ossl_backend' of github.com:etrauschke/cryptography into ↵Erik Trauschke2015-09-285-4/+312
| | |\ \ \ | | | | | | | | | | | | | | | | | | crl_ossl_backend
| | | * \ \ Merge branch 'master' into crl_ossl_backendErik Trauschke2015-09-251-153/+172
| | | |\ \ \
| | | * \ \ \ Merge branch 'master' into crl_ossl_backendErik Trauschke2015-09-251-0/+70
| | | |\ \ \ \
| | | * | | | | OpenSSL backend code for CRLsErik Trauschke2015-09-245-4/+312
| | | | | | | |
* | | | | | | | Remove long comments and workarounds, use new cffi syntaxAlex Gaynor2015-10-212-36/+2
| |_|_|_|_|_|/ |/| | | | | |
* | | | | | | add __repr__ to x509.ExtensionsPaul Kehrer2015-10-201-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | fix #2434
* | | | | | | Merge pull request #2427 from alex/ecdhPaul Kehrer2015-10-196-0/+56
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | ECDH take 4
| * | | | | | | better document hte ifaceAlex Gaynor2015-10-171-0/+7
| | | | | | | |
| * | | | | | | unused importAlex Gaynor2015-10-171-1/+0
| | | | | | | |
| * | | | | | | a refactor to the APIAlex Gaynor2015-10-175-43/+35
| | | | | | | |
| * | | | | | | Add an Elliptic Curve Key Exchange Algorithm(ECDH)Simo Sorce2015-10-175-0/+58
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The ECDH Key Exchange algorithm as standardized in NIST publication 800-56A Revision 2 Includes tests with vectors from NIST. Signed-off-by: Simo Sorce <simo@redhat.com>
* | | | | | | | Fix wrong mention of class in docstring.Terry Chia2015-10-181-1/+1
|/ / / / / / /
* | | | | | | Kill Key Exchange as a separate interfaceSimo Sorce2015-10-151-18/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ultimately it was decided that ECDH and the others can be implemented as simple classes without the overhead of an interface. So ... let's kill it, it was a fun process. Signed-off-by: Simo Sorce <simo@redhat.com>
* | | | | | | add binding for d2i_GENERAL_NAMES()Erik Trauschke2015-10-151-0/+2
| | | | | | |
* | | | | | | extend pkcs7 openssl bindingsDominic Chen2015-10-132-2/+32
| | | | | | |
* | | | | | | Catch Invalid X or Y points and raise a ValueErrorSimo Sorce2015-10-121-2/+6
|/ / / / / / | | | | | | | | | | | | | | | | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* | | | | | Merge pull request #2402 from ddcc/patch-1Paul Kehrer2015-10-111-2/+7
|\ \ \ \ \ \ | | | | | | | | | | | | | | minor fix to handle malformed certificates without hostname
| * | | | | | fix to handle malformed certificates without hostnameDominic Chen2015-10-101-2/+7
| | | | | | |
* | | | | | | typoAlex Gaynor2015-10-111-1/+1
| | | | | | |
* | | | | | | handle errorsAlex Gaynor2015-10-101-0/+2
| | | | | | |
* | | | | | | Fixed #2404 -- handle a certificate with an unknown public keyAlex Gaynor2015-10-101-1/+3
|/ / / / / /
* | | | | | Introduce Key Exchange Agreements interfaceSimo Sorce2015-10-071-0/+18
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* | | | | | Change '!=' to 'is not'Manoel Domingues Junior2015-10-011-1/+1
| | | | | |
* | | | | | Handling path_length when ca is TrueManoel Domingues Junior2015-10-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Using CertificateBuilder: builder = builder.add_extension(x509.BasicConstraints(ca=True,path_length=None), critical=True) return TypeError in line 792 because None can't be converted to hex. In https://tools.ietf.org/html/rfc5280.html#section-4.2.1.9: CAs MUST NOT include the pathLenConstraint field unless the cA boolean is asserted and the key usage extension asserts the keyCertSign bit.
* | | | | | flake8Alex Gaynor2015-09-291-0/+1
| | | | | |
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-14 19:16:48 +0000