| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
* remove freebsd11 builder
it's out of date, we can't update it, and it is unreliable
* we don't test against freebsd for now
* what did case sensitivity ever do for me
* don't assert on bsd since we don't test on for now
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* add public_bytes to OCSPRequest
* review feedback
* OCSP request parsing
* change some prose
* add __len__ as a required method
|
| | |
|
| |
|
|
|
|
|
|
| |
* Document wycheproof revision we're current as of
* Wycheproof is a real word!
* line length
|
| |
|
|
|
|
|
|
| |
* make a certificate expire a few years in the future, fixes doctests
👋 to future alex when this test breaks in two years
* short lived certs are a good idea
|
| |
|
|
|
|
| |
* Refs #4375 -- integrate wycheproof AES CCM tests
* Skip these tests if we don't have CCM support
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* add crl.get_revoked_certificate method
* lexicographic is the best ographic
* rename
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* document one shot AEAD length restrictions
* write a test that won't consume infinity ram
continue to raise OverflowError since that's what cffi did.
* this applies to associated_data too
* remove unneeded arg
* review feedback on docs
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* document that an ECPublicNumbers object has some unexpected properties
It is not guaranteed to be a valid point on the curve as that is not
checked until you convert it to a PublicKey object.
* different language
* move the text, make it a warning, alter the language
* new language
|
| |
|
|
| |
Duplicate attributes now raise an error instead of silently discarding
duplicates.
|
| |
|
|
|
|
| |
* Make the docs clearer on why truncated tags are a bad idea
* clarify
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In 2005, IETF devised a more secure padding scheme to replace PKCS #1
v1.5. To make sure that nobody can easily support or use it, they
mandated lots of complicated parameters in the certificate, unlike any
other X.509 signature scheme.
https://tools.ietf.org/html/rfc4055
`_SIG_OIDS_TO_HASH` and `Certificate.signature_hash_algorithm` cannot be
supported as-is, because the hash algorithm is defined in the signature
algorithm parameters, not by the OID itself.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* test against python 3.7 for windows
* update docs to say we test on 3.7
* more succinct
* maybe make this actually work.
* link properly
* moar changes
|
| | |
|
| |
|
| |
The `AuthorityKeyIdentifier.authority_cert_issuer` docs state that it returns a `Name` instance, but it [actually returns a list of `GeneralName` instances or `None`](https://github.com/pyca/cryptography/blob/master/src/cryptography/x509/extensions.py#L157).
|
| |
|
|
|
|
| |
Internal block size isn't a particularly useful piece of information and
constructions like SHA3 make it even harder to determine what that
really means. Accordingly, we're removing it from the interface (but
leaving it on all existing hashes)
|
| | |
|
| |
|
|
| |
http://blog.pytest.org/2016/whats-new-in-pytest-30/
https://twitter.com/hashtag/dropthedot
|
| |
|
|
|
|
| |
* switch to py3 on docs job
* somehow unicode isn't a word
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add API for retrieving the seconds-to-expiry for the token, given a TTL.
* Process PR feedback:
* Do compute the TTL, but just the age of the token. The caller
can decided what to do next.
* Factored out the HMAC signature verification to a separate function.
* Fixed a copy&paste mistake in the test cases
* Tests cleanup.
* `struct` no longer needed
* Document `def age()`
* typo in `age()` documentation
* token, not data
* remove test for TTL expiry that is already covered by the parameterized `test_invalid()`.
* let's call this extract_timestamp and just return timestamp
* review comments
* it's UNIX I know this
|
| |
|
|
|
|
|
|
| |
* Use a checklist for bumping openssl version
* words
* empty commit to retrigger jenkins
|
| |
|
| |
These can be used when OpenSSL 1.1.1 is released
|
| | |
|
| |
|
|
|
|
|
|
| |
* Update URLs for new pypi!
* trailing slash
* grump
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* Added badtime.pem vector
In connection with forthcoming PR to fix #4158
* shortened line, corrected and->and
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* implement AES KW with padding (RFC 5649)
fixes #3791
* oops, 2.2
* make sure this is the right valueerror
* more match
* make key padding easier to read
* review feedback
* review feedback
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* added brainpool ec-curves key_length >= 256bit
* limit brainpool curves to the set that appear required + docs
* oops
* typos all around me
* add brainpool ECDH kex tests
* switch to using rfc 7027 vectors
* review feedback
* empty commits are the best
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* add 1200 byte HKDF test vector and a generator/verifier for it
* exit non-zero when failing
* ugh
|
| |
|
| |
I don't think it's relevant anymore
|
| |
|
|
|
|
| |
* DH interfaces existed in 0.9 but we didn't implement until 1.7
* sigh empty
|
| | |
|
| |
|
|
|
|
| |
* Add import default backend
* Revert blank line in
|
| | |
|
| |
|
|
|
| |
Both because it's weirdo crypto, but also because we don't even support it.
Adhere to our documented policy of using good crypto for all examples
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Use a different warning class so users get warnings
* fixed tests
* do our own warning class
* typo
* flake8
|
| |
|
|
|
|
| |
* Fixes #3947 -- remove the docutils.conf
* include minimum versions
|
