|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| ... |  | 
| | |  | 
| | 
| 
| 
| 
| 
| | * Add testing with LibreSSL 2.8.2
* Drop librsesl 2.4.5 | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Enhance info on pip requirements intallation
* Remove virtualenv files from remote
* Fix "pacakges" typo
* Removing trailling whitespaces | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Add definitions for SSL_get0_param and X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS
* remove unnecessary parameter name
* Add version conditionals and more flags
* extend cryptography_has_102_verification_params
* X509_CHECK_FLAG_NEVER_CHECK_SUBJECT only available with openssl 1.1.0+
* add missing declaration | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * simplify some language
* Update reference.rst
* wrap
* remove trailing whitespace
the github web editor is bad and should feel bad | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Fixes #4459 -- switch all our builds to xenial on travis
* Attempt to fix tests
* Try disabling sudo?
* typo
* try this?
* shellcheck | 
| | 
| 
| 
| 
| 
| | * support OCSP response serialization
* empty commit, good times | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * support extensions in the OCSP request builder
* cover a missed branch
* refactor to use new func
* review feedback | 
| | 
| 
| 
| 
| 
| | * Cleanup _encode_asn1_str_gc: don't require the length as an argument
* Apply the same cleanup to _encode_asn1_str | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * add OCSP basic response extension parsing
Just nonce for now. This does not support SINGLERESP extension parsing.
* also raises on extensions for non-successful
* empty commit | 
| | |  | 
| | 
| 
| 
| 
| 
| | * additional OCSP bindings for the response builder
* use the OCSP extension funcs that match the rest of x509 | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * support OCSP response parsing
* move the decorator to make pep8 happy
* add some missing docs
* review feedback
* more review feedback | 
| | 
| 
| 
| 
| 
| | * add ed25519 bindings
* var name | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * add OCSP request parsing support with OCSPNonce
* add docs
* reprs man
* make extensions a cached property | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * update pytest config
pytest 3.8.0 was just released and officially deprecates some of the way
we do pytest marks. They introduced a new way to do this in 3.6 so this
PR switches to that mechanism and updates our minimum pytest requirement
* update the stubs
* also update wycheproof test config to remove deprecated paths
* don't need this any more | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * try something a bit different.
* newer compiler plz
* permute
* fix some warnings
* fix getters on OpenSSL < 1.1.0
* this is getting involved
* given our compiler flags we can't have SSL_CTX_set_cookie_verify_cb | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * don't sort the serial numbers in a parsed CRL
OpenSSL sorts them in place and this breaks the signature and more.
fixes #4456
* cache the sorted CRL (but create it lazily)
* use the cache decorator | 
| | 
| 
| | of course, if this works it might just be luck | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| | * yet another ocsp response vector.
and yet there will be at least one more after this
* add one more | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * add many OCSP bindings
Much of OCSP was opaqued in 1.1.0 so this also adds a bunch of getters
for older OpenSSL. However, 1.1.0 itself made it impossible to access
certain fields in the opaque struct, so we're forced to de-opaque them
for 1.1.0 through 1.1.0i as well as 1.1.1-pre1 through 1.1.1-pre9. There
is a patch (openssl/openssl#7082) that fixes this and should be in
1.1.0j and 1.1.1-pre10 (or 1.1.1 final, whichever they choose to issue)
* backslashes are sometimes useful
* comments | 
| | |  | 
| | 
| 
| 
| | This allows us to reuse these functions in the OCSPResponse object in
the future | 
| | 
| 
| 
| 
| 
| | * add more OCSP response vectors
* another vector and better docs | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Fixes #4333 -- added support for precert poison extension
* Make work on all OpenSSL versions
* fixed flake8 + docs
* fix for older OpenSSLs
* document this
* spell | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * OCSP response vector
* oops, wrong name
* move ocsp response vector docs
* make alex happy | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * ocsp response abc
* collapse SingleReponse into OCSPResponse now that we only support one
* split responder_id into two properties, add tbs_response_bytes
* typo
* rename one method and add a mapping we'll need shortly | 
| | 
| 
| 
| 
| 
| 
| 
| | * refactor ocsp request parsing and generation to support only one cert
* small doc change
* notimplementederror | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Fixes #3460 -- deprecate OpenSSL 1.0.1
* We need to import warnings
* flake8
* words are hard
* rephrase | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Fixed a memory leak in x.509 OCSP no check
* Fix the _actual_ leak
* Speed up symbolizations
* Disable backtrace by default, because it doesn't work on Windows
* line length | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | dependencies (#4441)
* lock aws-encryption-sdk and dynamodb-encryption-sdk downstream tests to frozen dependencies
* explicitly identify test directory in dynanmodb-encryption-sdk downstream tests
* install the frozen dependencies after installing the package to force dependencies to the frozen set | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| | * fixed test name
* spelling is hard | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * reorganize downstream tests
* fix run.sh syntax
* add instructions for adding more downstream tests
* rework downstream CI test guide into rst readme
* remove unnecessary example test handler
* all test handlers should "exit 1" if an unexpected argument is received | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | (#4429)
* Fixes #4357 -- document the additional release steps for a security release
* One additional step
* Fix a few typos
* this is a word
* link these |