| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
|
| |
* add EC OIDs
* move ec oid docs to bottom
|
| |
|
|
|
|
| |
* add pkcs12 test vectors
* add more explanatino
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* ocsp response builder
* better prose
* review changes
|
| | |
|
| | |
|
| |
|
| |
also add a disclaimer that you shouldn't use them
|
| |
|
|
|
|
| |
* add a new SCT vector
* ridiculous
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* Update the linkcheck ignores
* Hack?
* Ok, this should work
|
| |
|
|
|
|
|
|
|
|
| |
* Enhance info on pip requirements intallation
* Remove virtualenv files from remote
* Fix "pacakges" typo
* Removing trailling whitespaces
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* simplify some language
* Update reference.rst
* wrap
* remove trailing whitespace
the github web editor is bad and should feel bad
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* support OCSP response serialization
* empty commit, good times
|
| |
|
|
|
|
|
|
|
|
| |
* support extensions in the OCSP request builder
* cover a missed branch
* refactor to use new func
* review feedback
|
| |
|
|
|
|
|
|
|
|
| |
* add OCSP basic response extension parsing
Just nonce for now. This does not support SINGLERESP extension parsing.
* also raises on extensions for non-successful
* empty commit
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* support OCSP response parsing
* move the decorator to make pep8 happy
* add some missing docs
* review feedback
* more review feedback
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* add OCSP request parsing support with OCSPNonce
* add docs
* reprs man
* make extensions a cached property
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* yet another ocsp response vector.
and yet there will be at least one more after this
* add one more
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* add more OCSP response vectors
* another vector and better docs
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fixes #4333 -- added support for precert poison extension
* Make work on all OpenSSL versions
* fixed flake8 + docs
* fix for older OpenSSLs
* document this
* spell
|
| |
|
|
|
|
|
|
|
|
| |
* OCSP response vector
* oops, wrong name
* move ocsp response vector docs
* make alex happy
|
| |
|
|
|
|
|
|
| |
* refactor ocsp request parsing and generation to support only one cert
* small doc change
* notimplementederror
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Fixes #3460 -- deprecate OpenSSL 1.0.1
* We need to import warnings
* flake8
* words are hard
* rephrase
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
(#4429)
* Fixes #4357 -- document the additional release steps for a security release
* One additional step
* Fix a few typos
* this is a word
* link these
|
| | |
|
| |
|
|
|
|
| |
* Update our security documentation to match what we actually do
* If you stand for nothing Burr, what will you fall for?
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* make an ocsp request
* update test, add docs
* make it an OCSPRequestBuilder
* review feedback and more tests
* make it a class
* empty commit to retrigger
* type check
|
| | |
|
| |
|
|
|
|
| |
* Fixes #4408 -- added an FAQ about abi3 wheels
* abi3 is a word, sort of
|
| |
|
|
|
|
| |
* Mention that PyCA also maintains pynacl
* line wrap
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* test openssl 1.1.1
* let's see what a 1.1.1 pyopenssl does
* 1.1.1-pre8
* pre9
* docs and test more things
* 3.7 needs xenial
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fix encoding errors in RSA test keys.
enc-rsa-pkcs8.pem and unenc-rsa-pkcs8.pem did not encode the RSA key
correctly. Per RFC 8017, appendix A.1:
The object identifier rsaEncryption identifies RSA public and private
keys as defined in Appendices A.1.1 and A.1.2. The parameters field
has associated with this OID in a value of type AlgorithmIdentifier
SHALL have a value of type NULL.
rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 }
unenc-rsa-pkcs8.pem, however, was missing that NULL, which was, in turn,
carried into the encrypted payload of enc-rsa-pkcs8.pem. The DER
version, enc-rsa-pkcs8.der, carries this mistake too. Interestingly,
unenc-rsa-pkcs8.der does *not* have it. I'm guessing it was converted
with the openssl command-line tool which fixed the encoding in
conversion.
Current versions of OpenSSL are lax and ignore the parameters field, but
it's best to test against spec-compliant inputs. Fix unenc-rsa-pkcs8.pem
to match unenc-rsa-pkcs8.der and then refresh enc-rsa-pkcs8.{der,pem}
with the new encoding but otherwise the same encryption parameters.
I've refreshed the dumpasn1 (at least that's what it looks like)
preamble at the top of each file, but the current version of dumpasn1
appears to have changed the spacing slightly, so there's some whitespace
diff noise.
* Update test-vectors.rst.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* remove freebsd11 builder
it's out of date, we can't update it, and it is unreliable
* we don't test against freebsd for now
* what did case sensitivity ever do for me
* don't assert on bsd since we don't test on for now
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* add public_bytes to OCSPRequest
* review feedback
* OCSP request parsing
* change some prose
* add __len__ as a required method
|
| | |
|
