| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Don't raise an UnsupportedExtension for critical extensions.
Fixes #2903
Fixes #2901
Fixes #3325
* Don't link
* Revert "Don't link"
This reverts commit 4fe847f91d9dd45cdc28a4984c4e44aad62a5de6.
* fix
* Revert "Revert "Don't link""
This reverts commit 856031b5a1fbad04ac218fa94ebf37dcd402f3ed.
* fix
* Deprecate this
* Better changelog entry
|
| |
|
|
|
|
| |
* Remove API deprecated in 1.6, clean up the legacy deprecations
* flake8, unused import
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* replace pyasn1 with asn1crypto
* allow trailing bytes
* fix x509 test
* update CHANGELOG.rst
* fix assert
* make asn1crypto code more idiomatic
* find tag
* final clean-up
* leave trailing byte logic unchanged
* document dependency change
* spelling
* fix spelling
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* delete the 1.0.0 support
* drop the version check
* drop the AES-CTR stuff
* Update the example
* openssl truncates for us now
* delete unused test
* unused imports
* Remove a bunch of conditional bindings for NPN
* no more 1.0.0 builders
* libressl fix
* update the docs
* remove dead branches
* oops
* this is a word, damnit
* spelling
* try removing this
* this test is not needed
* unused import
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* Add a bytes method to get the DER ASN.1 encoding of an X509 name.
This is useful for creating an OpenSSL style subject_name_hash (#3011)
* add to backend interface and update multibackend
* bytes -> public_bytes
|
| |
|
|
|
|
| |
* add alternate signature OID for RSA with SHA1 + test and vector
* mozilla is a proper noun leave me alone spellchecker
|
| |
|
|
|
|
|
|
| |
Update the Name class to accept and internally store a list of
RelativeDistinguishedName objects. Add the 'rdns' attribute to give
access to the RDNs. Update ASN.1 routines to correctly decode and
encode multi-value RDNs.
Fixes: https://github.com/pyca/cryptography/issues/3199
|
| |
|
|
|
|
|
|
|
|
|
| |
* Add RelativeDistinguishedName class
* Make relative_name a RelativeDistinguishedName
DistributionPoint relative_name is currently a Name but RFC 5280
defines it as RelativeDistinguishedName, i.e. a non-empty SET OF
name attributes. Change the DistributionPoint relative_name
attribute to be a RelativeDistinguishedName.
|
| |
|
|
|
|
|
|
|
|
| |
* support encoding IPv4Network and IPv6Network, useful for NameConstraints
* add changelog entry
* add more networks with full and no masking (/32, /128, /0)
* parametrize the nc tests to fix coverage
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* support random_serial_number in the CertificateBuilder
* turns out pytest's monkeypatch has an undo
* random_serial_number now a function
* just certs
|
| |
|
|
|
|
| |
* add support for signature_algorithm_oid to cert, CSR, and CRL
* refactor _SIG_OIDS_TO_HASH to use ObjectIdentifiers and use that
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Iterators can only be enumerated once, breaking code like this in
Python 3 for example:
san = SubjectAlternativeName(map(DNSName, lst))
This is also a slight behavior change if the caller modifies the list
after passing it to the constructor, because input lists are now copied.
Which seems like a good thing.
Also:
* Name now checks that attributes elements are of type NameAttribute
* NoticeReference now allows notice_numbers to be any iterable
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
not_valid_before (#2920)
* CertificateBuilder accepts aware datetimes for not_valid_after and not_valid_before
These functions now accept aware datetimes and convert them to UTC
* Added pytz to test requirements
* Correct pep8 error and improve Changelog wording
* Improve tests and clarify changelog message
* Trim Changelog line length
* Allow RevokedCertificateBuilder and CertificateRevocationListBuilder to accept aware datetimes
* Fix accidental changelog entry
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Use a series of constants for OpenSSL version checks.
N.B. I removed several qualifiers that were being used to express beta vs. release in OpenSSL version numbers. Reviewers please look closely!
* Convert some python as well, also add the file
* flake8
* Simplify code, remove functionality that can be expressed more simply
* clean up the tests as well
* more constants
* wrap long lines
* reflect feedback
* unused
* add this back?
|
| |
|
|
|
|
|
|
| |
* Add alias for Certificate serial as serial number
* Adding deprecation to utils
* Now with catch warnings and proper vers
|
| | |
|
| | |
|
| |\
| |
| | |
Add verify method on CertificateSigningRequest
|
| | | |
|
| | | |
|
| |/ |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
first up: CertificateIssuer
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
If the X509_CRL reference is not properly retained then this
test will return an openssl error or potentially a crash as it's
reading freed memory to obtain the revocation_date and serial_number
|
| | |
|
| |
|
|
| |
Expand the CRL extensions test to check the value
|
| | |
|
| | |
|
| | |
|
| |\
| |
| | |
support CRLs with no revoked certificates
|
| | | |
|
| | | |
|
| |/ |
|
| |\
| |
| | |
OID validation
|
| | | |
|
| | | |
|
| |/ |
|
| | |
|
| | |
|
| | |
|
