| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
* Update the linkcheck ignores
* Hack?
* Ok, this should work
|
| |
|
|
|
|
|
|
| |
* ci is suffering again, is it the new pytest or hypothesis?
* now try 3.79.2 hypothesis
* it's a blacklist party
|
| |
|
|
|
|
|
|
| |
(#4507)
* Fixes #4500 -- use O_CLOEXEC when opening the /dev/urandom file descriptor
* Unused variable
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* Add testing with LibreSSL 2.8.2
* Drop librsesl 2.4.5
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* Enhance info on pip requirements intallation
* Remove virtualenv files from remote
* Fix "pacakges" typo
* Removing trailling whitespaces
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add definitions for SSL_get0_param and X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
* remove unnecessary parameter name
* Add version conditionals and more flags
* extend cryptography_has_102_verification_params
* X509_CHECK_FLAG_NEVER_CHECK_SUBJECT only available with openssl 1.1.0+
* add missing declaration
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* simplify some language
* Update reference.rst
* wrap
* remove trailing whitespace
the github web editor is bad and should feel bad
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fixes #4459 -- switch all our builds to xenial on travis
* Attempt to fix tests
* Try disabling sudo?
* typo
* try this?
* shellcheck
|
| |
|
|
|
|
| |
* support OCSP response serialization
* empty commit, good times
|
| |
|
|
|
|
|
|
|
|
| |
* support extensions in the OCSP request builder
* cover a missed branch
* refactor to use new func
* review feedback
|
| |
|
|
|
|
| |
* Cleanup _encode_asn1_str_gc: don't require the length as an argument
* Apply the same cleanup to _encode_asn1_str
|
| |
|
|
|
|
|
|
|
|
| |
* add OCSP basic response extension parsing
Just nonce for now. This does not support SINGLERESP extension parsing.
* also raises on extensions for non-successful
* empty commit
|
| | |
|
| |
|
|
|
|
| |
* additional OCSP bindings for the response builder
* use the OCSP extension funcs that match the rest of x509
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* support OCSP response parsing
* move the decorator to make pep8 happy
* add some missing docs
* review feedback
* more review feedback
|
| |
|
|
|
|
| |
* add ed25519 bindings
* var name
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* add OCSP request parsing support with OCSPNonce
* add docs
* reprs man
* make extensions a cached property
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* update pytest config
pytest 3.8.0 was just released and officially deprecates some of the way
we do pytest marks. They introduced a new way to do this in 3.6 so this
PR switches to that mechanism and updates our minimum pytest requirement
* update the stubs
* also update wycheproof test config to remove deprecated paths
* don't need this any more
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* try something a bit different.
* newer compiler plz
* permute
* fix some warnings
* fix getters on OpenSSL < 1.1.0
* this is getting involved
* given our compiler flags we can't have SSL_CTX_set_cookie_verify_cb
|
| |
|
|
|
|
|
|
|
|
|
| |
* don't sort the serial numbers in a parsed CRL
OpenSSL sorts them in place and this breaks the signature and more.
fixes #4456
* cache the sorted CRL (but create it lazily)
* use the cache decorator
|
| |
|
| |
of course, if this works it might just be luck
|
| | |
|
| |
|
|
|
|
|
|
| |
* yet another ocsp response vector.
and yet there will be at least one more after this
* add one more
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add many OCSP bindings
Much of OCSP was opaqued in 1.1.0 so this also adds a bunch of getters
for older OpenSSL. However, 1.1.0 itself made it impossible to access
certain fields in the opaque struct, so we're forced to de-opaque them
for 1.1.0 through 1.1.0i as well as 1.1.1-pre1 through 1.1.1-pre9. There
is a patch (openssl/openssl#7082) that fixes this and should be in
1.1.0j and 1.1.1-pre10 (or 1.1.1 final, whichever they choose to issue)
* backslashes are sometimes useful
* comments
|
| | |
|
| |
|
|
| |
This allows us to reuse these functions in the OCSPResponse object in
the future
|
| |
|
|
|
|
| |
* add more OCSP response vectors
* another vector and better docs
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fixes #4333 -- added support for precert poison extension
* Make work on all OpenSSL versions
* fixed flake8 + docs
* fix for older OpenSSLs
* document this
* spell
|
| |
|
|
|
|
|
|
|
|
| |
* OCSP response vector
* oops, wrong name
* move ocsp response vector docs
* make alex happy
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* ocsp response abc
* collapse SingleReponse into OCSPResponse now that we only support one
* split responder_id into two properties, add tbs_response_bytes
* typo
* rename one method and add a mapping we'll need shortly
|
| |
|
|
|
|
|
|
| |
* refactor ocsp request parsing and generation to support only one cert
* small doc change
* notimplementederror
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Fixes #3460 -- deprecate OpenSSL 1.0.1
* We need to import warnings
* flake8
* words are hard
* rephrase
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Fixed a memory leak in x.509 OCSP no check
* Fix the _actual_ leak
* Speed up symbolizations
* Disable backtrace by default, because it doesn't work on Windows
* line length
|
| |
|
|
|
|
|
|
|
|
| |
dependencies (#4441)
* lock aws-encryption-sdk and dynamodb-encryption-sdk downstream tests to frozen dependencies
* explicitly identify test directory in dynanmodb-encryption-sdk downstream tests
* install the frozen dependencies after installing the package to force dependencies to the frozen set
|
| | |
|
