Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add a bytes method to get the DER ASN.1 encoding of an X509 name. (#3236) | Paul Kehrer | 2016-11-13 | 1 | -0/+11 |
| | | | | | | | | | | * Add a bytes method to get the DER ASN.1 encoding of an X509 name. This is useful for creating an OpenSSL style subject_name_hash (#3011) * add to backend interface and update multibackend * bytes -> public_bytes | ||||
* | add alternate signature OID for RSA with SHA1 + test and vector (#3227) | Paul Kehrer | 2016-11-11 | 1 | -0/+12 |
| | | | | | | * add alternate signature OID for RSA with SHA1 + test and vector * mozilla is a proper noun leave me alone spellchecker | ||||
* | Name: add support for multi-value RDNs (#3202) | Fraser Tweedale | 2016-11-11 | 1 | -25/+59 |
| | | | | | | | | Update the Name class to accept and internally store a list of RelativeDistinguishedName objects. Add the 'rdns' attribute to give access to the RDNs. Update ASN.1 routines to correctly decode and encode multi-value RDNs. Fixes: https://github.com/pyca/cryptography/issues/3199 | ||||
* | Make DistributionPoint relative_name a set of NameAttribute (#3210) | Fraser Tweedale | 2016-11-07 | 1 | -1/+72 |
| | | | | | | | | | | | * Add RelativeDistinguishedName class * Make relative_name a RelativeDistinguishedName DistributionPoint relative_name is currently a Name but RFC 5280 defines it as RelativeDistinguishedName, i.e. a non-empty SET OF name attributes. Change the DistributionPoint relative_name attribute to be a RelativeDistinguishedName. | ||||
* | support encoding IPv4Network and IPv6Network, useful for NameConstraints (#3182) | Paul Kehrer | 2016-10-01 | 1 | -6/+32 |
| | | | | | | | | | | * support encoding IPv4Network and IPv6Network, useful for NameConstraints * add changelog entry * add more networks with full and no masking (/32, /128, /0) * parametrize the nc tests to fix coverage | ||||
* | reduce a bit of duplication in x509 tests (#3183) | Paul Kehrer | 2016-09-29 | 1 | -55/+29 |
| | |||||
* | support random_serial_number in the CertificateBuilder (#3132) | Paul Kehrer | 2016-09-03 | 1 | -0/+17 |
| | | | | | | | | | | * support random_serial_number in the CertificateBuilder * turns out pytest's monkeypatch has an undo * random_serial_number now a function * just certs | ||||
* | add support for signature_algorithm_oid to cert, CSR, and CRL (#3124) | Paul Kehrer | 2016-08-31 | 1 | -1/+13 |
| | | | | | | * add support for signature_algorithm_oid to cert, CSR, and CRL * refactor _SIG_OIDS_TO_HASH to use ObjectIdentifiers and use that | ||||
* | fix an overindented line. not sure why our linters didn't catch this (#3123) | Paul Kehrer | 2016-08-30 | 1 | -1/+1 |
| | |||||
* | Allow passing iterators where collections are expected (#3078) | Marti | 2016-08-26 | 1 | -0/+12 |
| | | | | | | | | | | | | | | Iterators can only be enumerated once, breaking code like this in Python 3 for example: san = SubjectAlternativeName(map(DNSName, lst)) This is also a slight behavior change if the caller modifies the list after passing it to the constructor, because input lists are now copied. Which seems like a good thing. Also: * Name now checks that attributes elements are of type NameAttribute * NoticeReference now allows notice_numbers to be any iterable | ||||
* | CertificateBuilder accepts aware datetimes for not_valid_after and ↵ | InvalidInterrupt | 2016-08-16 | 1 | -0/+50 |
| | | | | | | | | | | | | | | | | | | | not_valid_before (#2920) * CertificateBuilder accepts aware datetimes for not_valid_after and not_valid_before These functions now accept aware datetimes and convert them to UTC * Added pytz to test requirements * Correct pep8 error and improve Changelog wording * Improve tests and clarify changelog message * Trim Changelog line length * Allow RevokedCertificateBuilder and CertificateRevocationListBuilder to accept aware datetimes * Fix accidental changelog entry | ||||
* | Disallow X509 certificate serial numbers bigger than 159 bits (#3064) (#3067) | Коренберг Марк | 2016-08-02 | 1 | -3/+46 |
| | |||||
* | Use a series of constants for OpenSSL version checks (#3037) | Alex Gaynor | 2016-07-11 | 1 | -4/+4 |
| | | | | | | | | | | | | | | | | | | | | | | | | * Use a series of constants for OpenSSL version checks. N.B. I removed several qualifiers that were being used to express beta vs. release in OpenSSL version numbers. Reviewers please look closely! * Convert some python as well, also add the file * flake8 * Simplify code, remove functionality that can be expressed more simply * clean up the tests as well * more constants * wrap long lines * reflect feedback * unused * add this back? | ||||
* | Add alias for Certificate serial as serial number (#2950) | Chelsea Winfree | 2016-06-02 | 1 | -5/+30 |
| | | | | | | | | * Add alias for Certificate serial as serial number * Adding deprecation to utils * Now with catch warnings and proper vers | ||||
* | Fixed #2747 -- allow creating x509 exts with unknown extensions | Alex Gaynor | 2016-03-14 | 1 | -0/+33 |
| | |||||
* | support PolicyConstraints in the CertificateBuilder | Paul Kehrer | 2016-03-13 | 1 | -0/+48 |
| | |||||
* | Merge pull request #2670 from joernheissler/x509_req_verify | Paul Kehrer | 2016-03-06 | 1 | -0/+16 |
|\ | | | | | Add verify method on CertificateSigningRequest | ||||
| * | Change method to property | Joern Heissler | 2016-01-18 | 1 | -7/+5 |
| | | |||||
| * | Add verify method on CertificateSigningRequest | Joern Heissler | 2016-01-13 | 1 | -1/+19 |
| | | |||||
* | | raise ValueError if > 2 byte value for NameAttribute with CN OID | Paul Kehrer | 2016-03-06 | 1 | -0/+14 |
|/ | |||||
* | support unrecognized extensions in x509 | Paul Kehrer | 2015-12-30 | 1 | -1/+5 |
| | |||||
* | move two tests to the openssl backend tests where they belong | Paul Kehrer | 2015-12-26 | 1 | -51/+0 |
| | |||||
* | add invaliditydate class for crl entry extensions | Paul Kehrer | 2015-12-26 | 1 | -3/+3 |
| | |||||
* | switch CRLReason to use a class | Paul Kehrer | 2015-12-26 | 1 | -5/+5 |
| | |||||
* | start switching the CRL entry extensions to be full-fledged classes | Paul Kehrer | 2015-12-25 | 1 | -7/+6 |
| | | | | first up: CertificateIssuer | ||||
* | full indexing support + testsg | Alex Gaynor | 2015-12-24 | 1 | -3/+8 |
| | |||||
* | tests on indexing | Alex Gaynor | 2015-12-24 | 1 | -1/+12 |
| | |||||
* | address review comments | Paul Kehrer | 2015-12-23 | 1 | -8/+3 |
| | |||||
* | add test that fails if CRL references aren't properly retained | Paul Kehrer | 2015-12-23 | 1 | -0/+19 |
| | | | | | | If the X509_CRL reference is not properly retained then this test will return an openssl error or potentially a crash as it's reading freed memory to obtain the revocation_date and serial_number | ||||
* | CRLNumber needs to be a class for reasons. | Paul Kehrer | 2015-12-22 | 1 | -1/+1 |
| | |||||
* | add support for parsing AuthorityInfoAccess and IssuerAltName CRL exts | Paul Kehrer | 2015-12-22 | 1 | -3/+18 |
| | | | | Expand the CRL extensions test to check the value | ||||
* | support parsing CRL extensions in the OpenSSL backend | Paul Kehrer | 2015-12-21 | 1 | -5/+17 |
| | |||||
* | add test for byte matching | Paul Kehrer | 2015-12-21 | 1 | -0/+24 |
| | |||||
* | add a CRL public_bytes method | Paul Kehrer | 2015-12-20 | 1 | -0/+42 |
| | |||||
* | Merge pull request #2538 from reaperhulk/empty-crls-are-beautiful-too | Alex Gaynor | 2015-12-20 | 1 | -0/+8 |
|\ | | | | | support CRLs with no revoked certificates | ||||
| * | support CRLs with no revoked certificates | Paul Kehrer | 2015-12-20 | 1 | -0/+8 |
| | | |||||
* | | Dealing with the pedantry of pep8 | Nick Bastin | 2015-12-20 | 1 | -2/+0 |
| | | |||||
* | | Test for non-standard AIA support in CertificateBuilder | Nick Bastin | 2015-12-20 | 1 | -0/+32 |
|/ | |||||
* | Merge pull request #2530 from nbastin/20151214-oid-val | Paul Kehrer | 2015-12-18 | 1 | -27/+50 |
|\ | | | | | OID validation | ||||
| * | Avoid IndexError on too-short OIDs, add test for regression | Nick Bastin | 2015-12-17 | 1 | -0/+4 |
| | | |||||
| * | OID validation | Nick Bastin | 2015-12-14 | 1 | -27/+46 |
| | | |||||
* | | require not_valid_after >= not_valid_before | Paul Kehrer | 2015-12-13 | 1 | -0/+22 |
|/ | |||||
* | add some missing skips | Paul Kehrer | 2015-12-03 | 1 | -0/+2 |
| | |||||
* | expose tbs_certrequest_bytes and signature on CertificateSigningRequest | Paul Kehrer | 2015-12-03 | 1 | -0/+132 |
| | |||||
* | implement support for encoding name constraints | Paul Kehrer | 2015-12-02 | 1 | -0/+35 |
| | |||||
* | test name fix | Erik Trauschke | 2015-11-19 | 1 | -1/+1 |
| | |||||
* | add tbsCertList and signature interfaces to CRLs | Erik Trauschke | 2015-11-19 | 1 | -0/+38 |
| | |||||
* | rename tbs_certificate to tbs_certificate_bytes, add a comment | Paul Kehrer | 2015-11-03 | 1 | -9/+9 |
| | |||||
* | skip check | Paul Kehrer | 2015-11-03 | 1 | -0/+1 |
| | |||||
* | add support for Certificate signature and tbs_certificate | Paul Kehrer | 2015-11-03 | 1 | -1/+184 |
| |