aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Comment lingering SSLv2 symbol.Cory Benfield2015-12-141-0/+4
|
* Remove SSLv2 bindings.Cory Benfield2015-12-142-22/+1
| | | | | | | | | This commit removes bindings that allow users to set SSLv2 handshake methods. These are regarded as unnecessary and out-of-date: see #2527. This commit does leave in a few options that refer to SSLv2 in order to avoid breaking deployments that rely on them, and in order to allow users to continue to request that SSLv2 not be enabled at all in their OpenSSL.
* require not_valid_after >= not_valid_beforePaul Kehrer2015-12-131-0/+11
|
* Merge pull request #2515 from reaperhulk/sigbusAlex Gaynor2015-12-092-22/+0
|\ | | | | remove the bindings for these x86_64 specific EC functions
| * remove the bindings for these x86_64 specific EC functionsPaul Kehrer2015-12-092-22/+0
| | | | | | | | | | | | | | | | We have no need to invoke them directly and their presence triggers a bug related to Fedora 23's hobbling of openssl EC functions (uugh) This also fixes the SIGBUS issue in #2503, although that is more appropriately resolved via header fixes for universal libraries on OS X.
* | fix the comment so that it is no longer nonsensePaul Kehrer2015-12-031-1/+1
| |
* | expose tbs_certrequest_bytes and signature on CertificateSigningRequestPaul Kehrer2015-12-033-0/+32
| |
* | Merge pull request #2504 from reaperhulk/encode-name-constraintsAlex Gaynor2015-12-032-0/+49
|\ \ | | | | | | implement support for encoding name constraints
| * | move _encode_name_constraints and _encode_general_subtreesPaul Kehrer2015-12-021-36/+36
| | |
| * | implement support for encoding name constraintsPaul Kehrer2015-12-022-0/+49
| |/
* | shouldn't need values herePaul Kehrer2015-12-011-3/+3
| |
* | if EC isn't present we need to declare this enumPaul Kehrer2015-12-011-1/+5
| |
* | let the compiler figure out these valuesPaul Kehrer2015-12-011-3/+4
| |
* | fix a warning in cffiPaul Kehrer2015-12-012-1/+8
|/ | | | | cffi doesn't want to guess the type, so we'll deopaque the enum and strip the values out of the lib if EC is unavailable
* Add support for 160 bit ARC4 keysEhren Kret2015-11-281-1/+1
|
* Add more CRYPTO_EX_DATA functionsChristian Heimes2015-11-203-0/+20
| | | | | | | | The patch adds a couple of additional functions to create, store and retrieve ex_data on SSL, SSL_CTX and X509 objects. It also adds the missing get_ex_new_index function for X509_STORE_CTX. Signed-off-by: Christian Heimes <cheimes@redhat.com>
* add tbsCertList and signature interfaces to CRLsErik Trauschke2015-11-193-0/+30
|
* RHEL 6.4 and below don't even claim to be 1.0.0 final...Paul Kehrer2015-11-121-1/+1
|
* whoopsPaul Kehrer2015-11-121-0/+1
|
* reorganize and renamePaul Kehrer2015-11-122-11/+11
|
* these functions were added in 1.0.0, while CMS was added in 0.9.8hPaul Kehrer2015-11-122-0/+15
| | | | | We didn't catch this in our CI because all our 0.9.8 targets have CMS disabled or are older than 0.9.8h
* Include the full OpenSSL error in the exception messageAlex Gaynor2015-11-081-1/+1
|
* Merge pull request #2467 from reaperhulk/fix-version-checkAlex Gaynor2015-11-041-2/+2
|\ | | | | these flags were actually added in 1.0.2beta2, not before that.
| * these flags were actually added in 1.0.2beta2, not before that.Paul Kehrer2015-11-051-2/+2
| |
* | remove malloc_debug_init as it has occasionally caused compile issuesPaul Kehrer2015-11-051-1/+0
|/ | | | We also don't use it in our backend (and neither does pyOpenSSL)
* rename tbs_certificate to tbs_certificate_bytes, add a commentPaul Kehrer2015-11-032-2/+3
|
* add support for Certificate signature and tbs_certificatePaul Kehrer2015-11-034-1/+29
|
* Provide more aggressive language about dropping 2.6Alex Gaynor2015-11-011-1/+2
|
* flake8Alex Gaynor2015-11-011-2/+2
|
* corrected a few typos in commentsAlex Gaynor2015-11-011-3/+3
|
* Merge pull request #2455 from alex/different-curvesPaul Kehrer2015-10-291-0/+5
|\ | | | | Error cleanly if the public and private keys to an ECDH key exchange …
| * please flake8Alex Gaynor2015-10-291-1/+1
| |
| * Error cleanly if the public and private keys to an ECDH key exchange are on ↵Alex Gaynor2015-10-281-0/+5
| | | | | | | | different curves
* | oh right pep8 is a thingPaul Kehrer2015-10-291-3/+0
| |
* | do the deprecation dance for the twelfth releasePaul Kehrer2015-10-292-13/+1
|/
* reopen master for development on the twelfth releasePaul Kehrer2015-10-291-1/+1
|
* bump version and update changelog for eleventh release (1.1)Paul Kehrer2015-10-291-1/+1
| | | | Add some missing changelog entries
* add ellipticcurvepublicnumbers reprPaul Kehrer2015-10-281-0/+6
|
* Merge pull request #2447 from reaperhulk/encode-decode-pointAlex Gaynor2015-10-272-2/+30
|\ | | | | add support for encoding/decoding elliptic curve points
| * address review feedbackPaul Kehrer2015-10-281-5/+2
| |
| * modify approach to use EllipticCurvePublicNumbers methodsPaul Kehrer2015-10-272-34/+28
| |
| * remove support for null points, improve docsPaul Kehrer2015-10-271-4/+4
| |
| * add support for encoding/decoding elliptic curve pointsPaul Kehrer2015-10-262-2/+39
| | | | | | | | Based on the work of @ronf in #2346.
* | Merge pull request #2435 from reaperhulk/fix-2407Alex Gaynor2015-10-271-6/+8
|\ \ | | | | | | encode countryName with PrintableString
| * | update comment to include a bit more detailPaul Kehrer2015-10-271-2/+2
| | |
| * | encode countryName with PrintableStringPaul Kehrer2015-10-201-6/+8
| | | | | | | | | | | | | | | | | | | | | This commit adds a dependency on asn1crypto for testing purposes to parse the certificate and confirm that countryName is encoded with PrintableString while other fields are UTF8String. This is a test only dep.
* | | Merge pull request #2446 from reaperhulk/init-locksAlex Gaynor2015-10-262-2/+8
|\ \ \ | |_|/ |/| | move lock initialization to during binding import
| * | modify sadness prosePaul Kehrer2015-10-271-3/+5
| | |
| * | expand commentPaul Kehrer2015-10-241-1/+3
| | |
| * | move lock initialization to during binding importPaul Kehrer2015-10-242-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | Previously we attempted to register our openssl locks only if the backend was initialized, but we should really just do it immediately. Consumers like PyOpenSSL already call init_static_locks after importing the binding and if a library wants to replace the locks with something else they can do so themselves.
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-09 11:39:38 +0000