aboutsummaryrefslogtreecommitdiffstats
path: root/src/cryptography/hazmat/backends/openssl
Commit message (Collapse)AuthorAgeFilesLines
...
* | Merge pull request #2446 from reaperhulk/init-locksAlex Gaynor2015-10-261-2/+0
|\ \ | | | | | | move lock initialization to during binding import
| * | move lock initialization to during binding importPaul Kehrer2015-10-241-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | Previously we attempted to register our openssl locks only if the backend was initialized, but we should really just do it immediately. Consumers like PyOpenSSL already call init_static_locks after importing the binding and if a library wants to replace the locks with something else they can do so themselves.
* | | use new ExtensionOIDPaul Kehrer2015-10-241-1/+1
| | |
* | | one more assertPaul Kehrer2015-10-241-1/+1
| | |
* | | convert asserts to openssl_assertPaul Kehrer2015-10-241-10/+10
| | |
* | | support encoding certificate policies in CertificateBuilderPaul Kehrer2015-10-241-0/+90
|/ /
* | hoist a dict up to module scope so we don't recreate it every callPaul Kehrer2015-10-211-12/+15
| |
* | remove convenience functions for revoked extensionsErik Trauschke2015-10-211-30/+0
| | | | | | | | fix docs regarding CRL PEM format
* | add commentsErik Trauschke2015-10-201-24/+37
| |
* | Merge branch 'master' into crl_ossl_backendErik Trauschke2015-10-202-2/+38
|\|
| * a refactor to the APIAlex Gaynor2015-10-172-19/+31
| |
| * Add an Elliptic Curve Key Exchange Algorithm(ECDH)Simo Sorce2015-10-171-0/+20
| | | | | | | | | | | | | | | | | | The ECDH Key Exchange algorithm as standardized in NIST publication 800-56A Revision 2 Includes tests with vectors from NIST. Signed-off-by: Simo Sorce <simo@redhat.com>
| * Catch Invalid X or Y points and raise a ValueErrorSimo Sorce2015-10-121-2/+6
| | | | | | | | Signed-off-by: Simo Sorce <simo@redhat.com>
* | Merge branch 'crl_ossl_backend' of github.com:etrauschke/cryptography into ↵Erik Trauschke2015-10-202-14/+250
|\ \ | |/ |/| | | crl_ossl_backend
| * removing caching mechanism for x509 propertiesErik Trauschke2015-10-151-67/+40
| | | | | | | | | | | | undo name change of CRLExtensionOID use custom parsing mechanism for certIssuer entry extension add new crl to vectors for testing invalid certIssuer entry ext
| * use X509ExtensionParser for Revoked extensionsErik Trauschke2015-10-141-99/+80
| | | | | | | | | | | | remove revoked_certificates property from RevokedCertificate class CRLExtensions should actually be RevokedExtensions doctest cleanup for RevokedCertificate
| * fix indentationsErik Trauschke2015-10-131-68/+65
| | | | | | | | | | | | | | | | change docs to indicate CRL objects are iterable fix docs for revoked certs make _decode_crl_reason more readable add __getitem__ method to CRL object remove double underscores
| * use openssl assertErik Trauschke2015-09-281-22/+27
| | | | | | | | | | | | change _build* to _decode* make CRLs into iterators various fixes
| * Merge branch 'master' into crl_ossl_backendErik Trauschke2015-09-282-32/+15
| |\
| * \ Merge branch 'crl_ossl_backend' of github.com:etrauschke/cryptography into ↵Erik Trauschke2015-09-282-2/+282
| |\ \ | | | | | | | | | | | | crl_ossl_backend
| | * \ Merge branch 'master' into crl_ossl_backendErik Trauschke2015-09-251-153/+172
| | |\ \
| | * | | OpenSSL backend code for CRLsErik Trauschke2015-09-242-2/+282
| | | | |
* | | | | Merge pull request #2402 from ddcc/patch-1Paul Kehrer2015-10-111-2/+7
|\ \ \ \ \ | | | | | | | | | | | | minor fix to handle malformed certificates without hostname
| * | | | | fix to handle malformed certificates without hostnameDominic Chen2015-10-101-2/+7
| | | | | |
* | | | | | typoAlex Gaynor2015-10-111-1/+1
| | | | | |
* | | | | | handle errorsAlex Gaynor2015-10-101-0/+2
| | | | | |
* | | | | | Fixed #2404 -- handle a certificate with an unknown public keyAlex Gaynor2015-10-101-1/+3
|/ / / / /
* | | | | Change '!=' to 'is not'Manoel Domingues Junior2015-10-011-1/+1
| | | | |
* | | | | Handling path_length when ca is TrueManoel Domingues Junior2015-10-011-1/+1
| |_|_|/ |/| | | | | | | | | | | | | | | | | | | Using CertificateBuilder: builder = builder.add_extension(x509.BasicConstraints(ca=True,path_length=None), critical=True) return TypeError in line 792 because None can't be converted to hex. In https://tools.ietf.org/html/rfc5280.html#section-4.2.1.9: CAs MUST NOT include the pathLenConstraint field unless the cA boolean is asserted and the key usage extension asserts the keyCertSign bit.
* | | | unused importAlex Gaynor2015-09-261-3/+1
| | | |
* | | | Use InternalError for stuffAlex Gaynor2015-09-262-29/+14
|/ / /
* | | flake8 itAlex Gaynor2015-09-261-6/+4
| | |
* | | Convert asserts in bindings as wellAlex Gaynor2015-09-261-29/+5
| | |
* | | converted a few more assertsAlex Gaynor2015-09-263-3/+3
| | |
* | | move two asserts much closer to call sitePaul Kehrer2015-09-251-2/+2
| | |
* | | convert the rest of the openssl backend to using openssl_assertPaul Kehrer2015-09-258-87/+90
| |/ |/|
* | remove unnecessary checkPaul Kehrer2015-09-251-1/+0
| |
* | change some asserts back since they're not openssl specificPaul Kehrer2015-09-251-18/+19
| | | | | | | | plus bonus better exception msg
* | start converting asserts to a function callPaul Kehrer2015-09-251-166/+185
|/ | | | | This prevents situations where asserts are bypassed when running python with -O.
* should have _asn1_* utility functions in a common placeErik Trauschke2015-09-242-73/+63
|
* Resolve an unusual test bug related to initializing the bindingsPaul Kehrer2015-08-291-7/+0
| | | | | | | | | | | | | | | | | | | To make calls against the "SSL" parts of OpenSSL you need to call SSL_library_init. There are multiple ways this can be called: * If you're using the same OpenSSL in cryptography as you are in your Python then Python will call it for you. * If you import the openssl backend. These tests need SSL_library_init to be called. When run in our CI SSL_library_init is called because during the parametrization step the OpenSSL backend is imported (thus triggering it). However, you can also run tests directly via py.test and without this change py.test tests/hazmat/bindings/test_openssl.py would crash if you had cryptography linked against a different OpenSSL than your Python used.
* set the default stringmask to utf8Paul Kehrer2015-08-221-0/+6
| | | | | This corrects a problem where older OpenSSL versions don't do this by default. fixes #2291
* Move signature type checksStanisław Pitucha2015-08-143-8/+9
| | | | Move the point of checking signatures, as suggested by alex in PR 2262.
* Enforce signature type in ECDSA and add testsStanisław Pitucha2015-08-121-0/+2
| | | | | Ensure that ECDSA signatures are bytes to match RSA/DSA and add tests for all three.
* Ensure early exeption on non-bytes signatureStanisław Pitucha2015-08-112-0/+6
| | | | | Signature must be in bytes. If the check is skipped, verify() can explode later in cffi call in _verify_pkey_ctx() for example.
* switch the openssl backend to use the OID namespacePaul Kehrer2015-08-102-26/+28
|
* Merge pull request #2233 from reaperhulk/encode-nocheckAlex Gaynor2015-08-091-0/+9
|\ | | | | add support for OCSPNoCheck to the CertificateBuilder
| * improve comment for ocsp_nocheck encodingPaul Kehrer2015-08-091-3/+2
| |
| * add support for OCSPNoCheck to the CertificateBuilderPaul Kehrer2015-08-091-0/+10
| |
* | support issuer alternative name encodingPaul Kehrer2015-08-091-2/+3
|/
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-07 23:47:38 +0000