| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Stub API for SCTs, feedback wanted
* grr, flake8
* finish up the __init__
* Initial implementation and tests
* write a test. it fails because computer
* get the tests passing and fix some TODOs
* changelog entry
* This can go now
* Put a skip in this test
* grump
* Removed unreachable code
* moved changelog to the correct section
* Use the deocrator for expressing requirements
* This needs f for the right entry_type
* coverage
* syntax error
* tests for coverage
* better sct eq tests
* docs
* technically correct, the most useless kind of correct
* typo and more details
* bug
* drop __eq__
|
| |
|
|
| |
generation section (#3669)
|
| |
|
|
|
|
| |
* deprecate signer/verifier on asymmetric keys
* review feedback, switch deprecated_call to work around a bug
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* Revert "Attempted workaround for intermittent coverage issues (#3661)"
This reverts commit 84a634c1e7645970382a3a271dfae9ef95685e7a.
* pin coverage to 4.3.4
|
| |
|
| |
The root cause is https://bitbucket.org/ned/coveragepy/issues/578/incomplete-file-path-in-xml-report
|
| | |
|
| |
|
|
|
|
| |
* make signature and verification contexts error better re: prehashed
* code review feedback
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* runtime detection of getentropy for macOS via weak-linking
In the before time, in the long long ago, there was a desire to use
getentropy on macOS. So some code was written and it detected getentropy
support by seeing if SYS_getentropy was available in the headers. But
lo, it turns out Apple ships headers for different SDK versions and
users on < 10.12 were getting headers that had SYS_getentropy even
though their OS did not support it. There was much wailing and
gnashing of teeth, but the frustrated developers remembered that Apple
wants their developers to use weak linking. With weak linking the mighty
developer can specify a minimum version and any symbol that was added
after that version will be weakly linked. Then, at runtime, the dynamic
linker will make unavailable symbols thus marked into NULLs. So, the
developer need only alter their code to do runtime detection of weakly
linked symbols and then a single binary may be compiled that will
correctly select getentropy or /dev/urandom at runtime. Hallelujah!
* oops
* separate the enum
* okay just apple
|
| | |
|
| | |
|
| | |
|
| |
|
| |
turns out new jenkins changed its JSON a bit.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* update to new CI server for wheels + switch to using a job token
* avoid slash folding
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* add a jenkinsfile for building wheels
* remove scripts we don't need now
* still do the list of installed items on the mac builder
* build 2.6, don't bother with 2.7 ucs4 on mac, simplify batch
|
| |
|
|
|
|
|
|
|
| |
The OpenSSL manual recommends a buffer size of 80 for OBJ_oid2txt:
https://www.openssl.org/docs/crypto/OBJ_nid2ln.html#return_values.
But OIDs longer than this occur in real life (e.g. Active Directory
makes some very long OIDs). If the length of the stringified OID
exceeds the buffer size, allocate a new buffer that is big enough to
hold the stringified OID, and re-do the conversion into the new
buffer.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* move MACContext to mac.py and eliminate interfaces.py finally
* improve title
* re-add and deprecate interfaces.MACContext
* use pytest.warns instead of deprecated_call
The pytest docs insist that deprecation warnings are handled differently
and that you should use deprecated_call, but this works so okay then
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* add windows OpenSSL 1.1 jenkinsfile builder
I tested this before submitting. You can see the output here:
https://ci.cryptography.io/blue/organizations/jenkins/openssl-release-1.1/detail/openssl-release-1.1/8/pipeline
Once this merges we can switch the jenkins job to pull this directly
from the repository. Unfortunately the job does not get created
automatically in jenkins, so that's a new step in building our infra
* add comments
|
| | |
|
| |
|
|
|
|
| |
* Improve accuracy of install docs page
* fix line length
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* Modify DH/ECDH examples to be explicit for DHE/ECDHE
Also add note to DH docs that you should probably use ECDH
* give a reason
|
| |
|
|
|
|
| |
* re-add the why of cryptography to the faq with some small updates
* reorder the items a bit
|
| | |
|
| |
|
|
|
|
| |
* port 1.8.2 changelog to master
* we did this in 1.8.2
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add libre so I can see the error
* add the libre error needed and refactor error handling a bit
We were historically matching on lib + func + reason, but func is
somewhat unstable so now we match on lib + reason only. Of course, in
this case libressl changed both lib and reason so it wouldn't
have mattered. All error handling from the error queue in
openssl is an illusion
* fix a typo, probably an unneeded branch
* review feedback
* refactor tests to support libressl
insert additional rant about libre here, although admittedly these tests
were assuming stability where openssl itself guarantees none
* better assert, fix flake8
|
| |
|
|
|
|
|
|
|
|
| |
* Figure out when this came into existance by deleting it
* Revert "Figure out when this came into existance by deleting it"
This reverts commit 2fb9b8e104742bfa12eb5feedccebacfc23c66bb.
* Clearly document when this became true
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* jurisdictionCountryName also must be PrintableString
* flake8 + citation
* Write a test, which fails. If my analysis is correct, this is blocked on:
https://github.com/openssl/openssl/pull/3284
* This is only true on 1.1.0
* clearly express the version requirement
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* only build master and our release branches
* review feedback
* also build the tags
tags are of form `digit . digit` or `digit . digit . digit`
* alex is right
* that should match 0-1 times, not 0-infinity
* so much regex
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* add some explicit instructions on determining key type in a cert
* can't call it a CSR
|
| | |
|
| |
|
|
|
|
| |
* Put the exchange method on the correct interface
* fixed links in docs
|
