aboutsummaryrefslogtreecommitdiffstats
path: root/src/cryptography/hazmat/backends/openssl/backend.py
Commit message (Collapse)AuthorAgeFilesLines
...
* X509_REVOKED_dup isn't available everywhere, we get to define our ownPaul Kehrer2015-12-251-1/+3
|
* support revoked certificates in CertificateRevocationListBuilderPaul Kehrer2015-12-251-0/+9
|
* RevokedCertificateBuilderPaul Kehrer2015-12-251-2/+19
|
* add create_x509_revoked_certificate to x509backend interfacePaul Kehrer2015-12-251-0/+3
|
* use _create_x509_extensions in create_x509_crlPaul Kehrer2015-12-251-20/+8
|
* add extension support to the CRLBuilderPaul Kehrer2015-12-251-1/+41
|
* a different approach to refactoring the x509 extension additionPaul Kehrer2015-12-241-21/+24
|
* don't reuse a variable, it's confusingPaul Kehrer2015-12-241-4/+6
|
* refactor x509 extension creation to make it a bit more reusablePaul Kehrer2015-12-241-38/+39
| | | | | Unfortunately X509 certs and CSRs add extensions differently, so we can't reuse quite as much as we'd like to...
* CertificateRevocationListBuilderPaul Kehrer2015-12-241-1/+67
| | | | | RSA keys only. Currently does not support CRL extensions or CRLEntry extensions.
* coveragePaul Kehrer2015-12-241-1/+1
|
* add create_x509_crl interfacePaul Kehrer2015-12-241-0/+3
|
* Change password callback to use userdata pointerChristian Heimes2015-12-201-33/+48
| | | | | | | | | Instead of a closure the pem_password_cb now uses the void *userdata argument to exchange data with the callback function. It's a necessary step to port all callbacks to new static callbacks. See: #2477 Signed-off-by: Christian Heimes <christian@python.org>
* X509_set_subject_name and X509_set_issuer_name copy the objectPaul Kehrer2015-12-151-2/+2
| | | | | So we need to register our own copy for gc. This fixes a memory leak reported by Wulf.
* move _encode_name_constraints and _encode_general_subtreesPaul Kehrer2015-12-021-36/+36
|
* implement support for encoding name constraintsPaul Kehrer2015-12-021-0/+37
|
* flake8Alex Gaynor2015-11-011-2/+2
|
* corrected a few typos in commentsAlex Gaynor2015-11-011-3/+3
|
* Merge pull request #2435 from reaperhulk/fix-2407Alex Gaynor2015-10-271-6/+8
|\ | | | | encode countryName with PrintableString
| * update comment to include a bit more detailPaul Kehrer2015-10-271-2/+2
| |
| * encode countryName with PrintableStringPaul Kehrer2015-10-201-6/+8
| | | | | | | | | | | | | | This commit adds a dependency on asn1crypto for testing purposes to parse the certificate and confirm that countryName is encoded with PrintableString while other fields are UTF8String. This is a test only dep.
* | Merge pull request #2446 from reaperhulk/init-locksAlex Gaynor2015-10-261-2/+0
|\ \ | | | | | | move lock initialization to during binding import
| * | move lock initialization to during binding importPaul Kehrer2015-10-241-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | Previously we attempted to register our openssl locks only if the backend was initialized, but we should really just do it immediately. Consumers like PyOpenSSL already call init_static_locks after importing the binding and if a library wants to replace the locks with something else they can do so themselves.
* | | use new ExtensionOIDPaul Kehrer2015-10-241-1/+1
| | |
* | | one more assertPaul Kehrer2015-10-241-1/+1
| | |
* | | convert asserts to openssl_assertPaul Kehrer2015-10-241-10/+10
| | |
* | | support encoding certificate policies in CertificateBuilderPaul Kehrer2015-10-241-0/+90
|/ /
* | Merge branch 'master' into crl_ossl_backendErik Trauschke2015-10-201-2/+13
|\|
| * a refactor to the APIAlex Gaynor2015-10-171-19/+6
| |
| * Add an Elliptic Curve Key Exchange Algorithm(ECDH)Simo Sorce2015-10-171-0/+20
| | | | | | | | | | | | | | | | | | The ECDH Key Exchange algorithm as standardized in NIST publication 800-56A Revision 2 Includes tests with vectors from NIST. Signed-off-by: Simo Sorce <simo@redhat.com>
| * Catch Invalid X or Y points and raise a ValueErrorSimo Sorce2015-10-121-2/+6
| | | | | | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* | Merge branch 'crl_ossl_backend' of github.com:etrauschke/cryptography into ↵Erik Trauschke2015-10-201-2/+24
|\ \ | |/ |/| | | crl_ossl_backend
| * Merge branch 'master' into crl_ossl_backendErik Trauschke2015-09-281-16/+1
| |\
| * \ Merge branch 'crl_ossl_backend' of github.com:etrauschke/cryptography into ↵Erik Trauschke2015-09-281-2/+24
| |\ \ | | | | | | | | | | | | crl_ossl_backend
| | * \ Merge branch 'master' into crl_ossl_backendErik Trauschke2015-09-251-153/+172
| | |\ \
| | * | | OpenSSL backend code for CRLsErik Trauschke2015-09-241-2/+24
| | | | |
* | | | | Change '!=' to 'is not'Manoel Domingues Junior2015-10-011-1/+1
| | | | |
* | | | | Handling path_length when ca is TrueManoel Domingues Junior2015-10-011-1/+1
| |_|_|/ |/| | | | | | | | | | | | | | | | | | | Using CertificateBuilder: builder = builder.add_extension(x509.BasicConstraints(ca=True,path_length=None), critical=True) return TypeError in line 792 because None can't be converted to hex. In https://tools.ietf.org/html/rfc5280.html#section-4.2.1.9: CAs MUST NOT include the pathLenConstraint field unless the cA boolean is asserted and the key usage extension asserts the keyCertSign bit.
* | | | unused importAlex Gaynor2015-09-261-3/+1
| | | |
* | | | Use InternalError for stuffAlex Gaynor2015-09-261-13/+0
|/ / /
* | | flake8 itAlex Gaynor2015-09-261-6/+4
| | |
* | | Convert asserts in bindings as wellAlex Gaynor2015-09-261-29/+5
| |/ |/|
* | remove unnecessary checkPaul Kehrer2015-09-251-1/+0
| |
* | change some asserts back since they're not openssl specificPaul Kehrer2015-09-251-18/+19
| | | | | | | | plus bonus better exception msg
* | start converting asserts to a function callPaul Kehrer2015-09-251-166/+185
|/ | | | | This prevents situations where asserts are bypassed when running python with -O.
* should have _asn1_* utility functions in a common placeErik Trauschke2015-09-241-0/+47
|
* Resolve an unusual test bug related to initializing the bindingsPaul Kehrer2015-08-291-7/+0
| | | | | | | | | | | | | | | | | | | To make calls against the "SSL" parts of OpenSSL you need to call SSL_library_init. There are multiple ways this can be called: * If you're using the same OpenSSL in cryptography as you are in your Python then Python will call it for you. * If you import the openssl backend. These tests need SSL_library_init to be called. When run in our CI SSL_library_init is called because during the parametrization step the OpenSSL backend is imported (thus triggering it). However, you can also run tests directly via py.test and without this change py.test tests/hazmat/bindings/test_openssl.py would crash if you had cryptography linked against a different OpenSSL than your Python used.
* set the default stringmask to utf8Paul Kehrer2015-08-221-0/+6
| | | | | This corrects a problem where older OpenSSL versions don't do this by default. fixes #2291
* switch the openssl backend to use the OID namespacePaul Kehrer2015-08-101-11/+12
|
* Merge pull request #2233 from reaperhulk/encode-nocheckAlex Gaynor2015-08-091-0/+9
|\ | | | | add support for OCSPNoCheck to the CertificateBuilder
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-13 01:35:43 +0000