aboutsummaryrefslogtreecommitdiffstats
path: root/src/cryptography/hazmat/backends/openssl
Commit message (Collapse)AuthorAgeFilesLines
...
* move encode out of try blocksPaul Kehrer2015-08-091-2/+2
|
* simplify the CSRBuilderPaul Kehrer2015-08-081-9/+4
|
* remove a lot of if/elif chains in the certificate builderPaul Kehrer2015-08-081-23/+19
|
* support InhibitAnyPolicy in CertificateBuilderPaul Kehrer2015-08-081-0/+13
|
* add support for AuthorityKeyIdentifier in CertificateBuilderPaul Kehrer2015-08-081-0/+32
|
* add support for encoding SubjectKeyIdentifier to CertificateBuilderPaul Kehrer2015-08-081-0/+13
|
* move distpoint fullname/relativename to consts in backends.openssl.x509Paul Kehrer2015-08-082-5/+9
|
* switch to _encode_general_names.Paul Kehrer2015-08-081-8/+1
| | | | I knew I made that for a reason, thanks Alex
* remove a double for loop that made literally no sensePaul Kehrer2015-08-081-6/+5
|
* switch ReasonFlags bit string setting to use a dict mappingPaul Kehrer2015-08-081-40/+18
|
* support relativename encoding using X509_NAMEPaul Kehrer2015-08-081-3/+6
| | | | X509_NAME contains a STACK_OF(X509_NAME_ENTRY) which we duplicate
* support CRLDistributionPoints in the CertificateBuilderPaul Kehrer2015-08-081-0/+93
|
* Merge pull request #2222 from reaperhulk/memleak-partdeuxAlex Gaynor2015-08-061-0/+2
|\ | | | | X509_add_ext dupes the X509_EXTENSION when adding it. fix the leak
| * X509_add_ext dupes the X509_EXTENSION when adding it. fix the leakPaul Kehrer2015-08-061-0/+2
| |
* | fix a memory leak in certificate creation during extension creationPaul Kehrer2015-08-061-1/+1
|/
* rename sign_x509_certificate backend method to create_x509_certificatePaul Kehrer2015-08-061-1/+1
|
* we still need to gc in encode_subject_alt_namePaul Kehrer2015-08-051-0/+3
|
* refactor SAN encoding to separate out general names in openssl backendPaul Kehrer2015-08-051-7/+8
|
* Merge pull request #2193 from reaperhulk/encode-aiaAlex Gaynor2015-08-031-0/+30
|\ | | | | Support AuthorityInformationAccess in CertificateBuilder
| * add support for AIA to CertificateBuilder and OpenSSL backendPaul Kehrer2015-08-031-1/+7
| |
| * encode authority information accessPaul Kehrer2015-08-031-0/+24
| |
* | support keyusage and extendedkeyusage in certificatebuilderPaul Kehrer2015-08-031-0/+4
|/
* Merge remote-tracking branch 'upstream/master' into cert-builderIan Cordasco2015-08-033-190/+234
|\
| * Merge pull request #2187 from reaperhulk/csr-decode-all-extsAlex Gaynor2015-08-011-23/+21
| |\ | | | | | | allow certificate and CSR to both parse the same set of extensions
| | * allow certificate and CSR to both parse the same set of extensionsPaul Kehrer2015-08-011-23/+21
| | |
| * | Merge pull request #2186 from reaperhulk/handle-corrupt-extensionsAlex Gaynor2015-08-011-1/+7
| |\ \ | | | | | | | | Handle invalid x509 extension payloads
| | * | corrupt -> invalidPaul Kehrer2015-08-011-1/+2
| | | |
| | * | check if the extension decoded to internal openssl reprPaul Kehrer2015-08-011-1/+6
| | |/ | | | | | | | | | ...and if not, raise an error (plus consume the error stack)
| * | Merge pull request #2184 from reaperhulk/remove-more-branchesAlex Gaynor2015-08-013-10/+18
| |\ \ | | |/ | |/| Branch coverage to 100%
| | * Remove elifs and replace with else + assertPaul Kehrer2015-08-013-10/+18
| | | | | | | | | | | | This is kind of ugly, but resolves many partial branch coverage issues.
| * | simplify x509 extension decodingPaul Kehrer2015-08-011-73/+28
| |/
| * openssl error codes are clearly not considered part of the api contractPaul Kehrer2015-07-251-5/+2
| |
| * extra parensPaul Kehrer2015-07-251-5/+3
| |
| * == instead of inPaul Kehrer2015-07-251-2/+2
| |
| * handle RSA key too small and consume errors on CSR signature failurePaul Kehrer2015-07-251-1/+10
| |
| * refactor general name encoding to its own functionPaul Kehrer2015-07-241-83/+88
| |
| * Support encoding ExtendedKeyUsage into certificate signing requestsPaul Kehrer2015-07-232-2/+29
| |
| * Support encoding KeyUsage into certificate signing requestsPaul Kehrer2015-07-232-0/+41
| |
| * when building a CSR adding > 1 extension would trigger a bugPaul Kehrer2015-07-231-1/+1
| | | | | | | | | | | | We were checking sk_X509_EXTENSION_push for a value == 1, but in reality it returns the number of extensions on the stack. We now assert >= 1 and added a test.
* | Add _encode_asn1_int_gcIan Cordasco2015-08-011-1/+7
| | | | | | | | Ensure the certificate serial number is freed
* | Add check for an RSA Key being too smallIan Cordasco2015-08-011-1/+5
| | | | | | | | | | - Remove outdated/unnecessary/illegitimate TODOs - Fix up test for an RSA key that is too small
* | Check result of setting the serial numberIan Cordasco2015-07-241-2/+14
| | | | | | | | | | - Add checks for private key types - Add tests around new checks for types of private keys
* | Use correct exception class in openssl backendIan Cordasco2015-07-201-1/+1
| |
* | Handle SubjectAlternativeName extensions in the backendIan Cordasco2015-07-191-0/+2
| | | | | | | | They are handled in cryptography.x509 so they need to be handled here
* | Construct extensions like a CSRIan Cordasco2015-07-191-6/+9
| | | | | | | | | | | | - Use _encode_basic_constraints appropriately - Create an appropriate object from the oid dotted string - Create the X509 Extension appropriately
* | Remove unnecessary helper functionsIan Cordasco2015-07-181-17/+1
| | | | | | | | | | - Update documented methods - Do not mute the CertificateBuilder object if no version is set
* | Adds certificate builder.Andre Caron2015-07-181-0/+96
|/
* remove unused importPaul Kehrer2015-07-141-2/+0
|
* encode uriPaul Kehrer2015-07-131-2/+12
|
* Merge pull request #2137 from reaperhulk/encode-rfc822nameAlex Gaynor2015-07-121-0/+8
|\ | | | | Encode rfc822name
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-08 04:36:16 +0000