aboutsummaryrefslogtreecommitdiffstats
path: root/src/cryptography/hazmat
Commit message (Collapse)AuthorAgeFilesLines
...
* don't reuse a variable, it's confusingPaul Kehrer2015-12-241-4/+6
|
* refactor x509 extension creation to make it a bit more reusablePaul Kehrer2015-12-241-38/+39
| | | | | Unfortunately X509 certs and CSRs add extensions differently, so we can't reuse quite as much as we'd like to...
* CertificateRevocationListBuilderPaul Kehrer2015-12-241-1/+67
| | | | | RSA keys only. Currently does not support CRL extensions or CRLEntry extensions.
* coveragePaul Kehrer2015-12-241-1/+1
|
* add create_x509_crl interfacePaul Kehrer2015-12-243-0/+19
|
* please the great flake8 in the skyAlex Gaynor2015-12-241-3/+1
|
* full indexing support + testsgAlex Gaynor2015-12-241-4/+12
|
* Make indexing a CRL O(1) instead of O(n).Alex Gaynor2015-12-241-2/+5
| | | | This drops support for slicing, if that's important someone say something and I can add it back
* Simplify implementation of CRL indexing and iteration.Alex Gaynor2015-12-241-13/+8
| | | | No longer allocates a list just to iterate over it.
* coverage fixAlex Gaynor2015-12-241-8/+7
|
* Improve the performance of len(crl)Alex Gaynor2015-12-231-3/+6
|
* fix a potential memory issue when retaining revoked certs from a CRLPaul Kehrer2015-12-231-2/+13
|
* CRLNumber needs to be a class for reasons.Paul Kehrer2015-12-221-1/+1
|
* add support for parsing AuthorityInfoAccess and IssuerAltName CRL extsPaul Kehrer2015-12-221-0/+4
| | | | Expand the CRL extensions test to check the value
* support parsing CRL extensions in the OpenSSL backendPaul Kehrer2015-12-211-1/+18
|
* add a CRL public_bytes methodPaul Kehrer2015-12-201-0/+14
|
* support CRLs with no revoked certificatesPaul Kehrer2015-12-201-7/+6
|
* Change password callback to use userdata pointerChristian Heimes2015-12-201-33/+48
| | | | | | | | | Instead of a closure the pem_password_cb now uses the void *userdata argument to exchange data with the callback function. It's a necessary step to port all callbacks to new static callbacks. See: #2477 Signed-off-by: Christian Heimes <christian@python.org>
* Merge pull request #2532 from reaperhulk/fix-memory-leakAlex Gaynor2015-12-151-2/+2
|\ | | | | X509_set_subject_name and X509_set_issuer_name copy the object
| * X509_set_subject_name and X509_set_issuer_name copy the objectPaul Kehrer2015-12-151-2/+2
| | | | | | | | | | So we need to register our own copy for gc. This fixes a memory leak reported by Wulf.
* | Remove SSLv2 bindings.Cory Benfield2015-12-141-6/+0
|/ | | | | | | | | This commit removes bindings that allow users to set SSLv2 handshake methods. These are regarded as unnecessary and out-of-date: see #2527. This commit does leave in a few options that refer to SSLv2 in order to avoid breaking deployments that rely on them, and in order to allow users to continue to request that SSLv2 not be enabled at all in their OpenSSL.
* Merge pull request #2515 from reaperhulk/sigbusAlex Gaynor2015-12-091-6/+0
|\ | | | | remove the bindings for these x86_64 specific EC functions
| * remove the bindings for these x86_64 specific EC functionsPaul Kehrer2015-12-091-6/+0
| | | | | | | | | | | | | | | | We have no need to invoke them directly and their presence triggers a bug related to Fedora 23's hobbling of openssl EC functions (uugh) This also fixes the SIGBUS issue in #2503, although that is more appropriately resolved via header fixes for universal libraries on OS X.
* | fix the comment so that it is no longer nonsensePaul Kehrer2015-12-031-1/+1
| |
* | expose tbs_certrequest_bytes and signature on CertificateSigningRequestPaul Kehrer2015-12-031-0/+15
| |
* | Merge pull request #2504 from reaperhulk/encode-name-constraintsAlex Gaynor2015-12-031-0/+37
|\ \ | | | | | | implement support for encoding name constraints
| * | move _encode_name_constraints and _encode_general_subtreesPaul Kehrer2015-12-021-36/+36
| | |
| * | implement support for encoding name constraintsPaul Kehrer2015-12-021-0/+37
| |/
* / fix a warning in cffiPaul Kehrer2015-12-011-0/+3
|/ | | | | cffi doesn't want to guess the type, so we'll deopaque the enum and strip the values out of the lib if EC is unavailable
* Add support for 160 bit ARC4 keysEhren Kret2015-11-281-1/+1
|
* add tbsCertList and signature interfaces to CRLsErik Trauschke2015-11-191-0/+15
|
* reorganize and renamePaul Kehrer2015-11-121-1/+1
|
* these functions were added in 1.0.0, while CMS was added in 0.9.8hPaul Kehrer2015-11-121-0/+5
| | | | | We didn't catch this in our CI because all our 0.9.8 targets have CMS disabled or are older than 0.9.8h
* Include the full OpenSSL error in the exception messageAlex Gaynor2015-11-081-1/+1
|
* rename tbs_certificate to tbs_certificate_bytes, add a commentPaul Kehrer2015-11-031-1/+2
|
* add support for Certificate signature and tbs_certificatePaul Kehrer2015-11-031-0/+14
|
* flake8Alex Gaynor2015-11-011-2/+2
|
* corrected a few typos in commentsAlex Gaynor2015-11-011-3/+3
|
* please flake8Alex Gaynor2015-10-291-1/+1
|
* Error cleanly if the public and private keys to an ECDH key exchange are on ↵Alex Gaynor2015-10-281-0/+5
| | | | different curves
* add ellipticcurvepublicnumbers reprPaul Kehrer2015-10-281-0/+6
|
* Merge pull request #2447 from reaperhulk/encode-decode-pointAlex Gaynor2015-10-271-0/+25
|\ | | | | add support for encoding/decoding elliptic curve points
| * address review feedbackPaul Kehrer2015-10-281-5/+2
| |
| * modify approach to use EllipticCurvePublicNumbers methodsPaul Kehrer2015-10-272-34/+28
| |
| * remove support for null points, improve docsPaul Kehrer2015-10-271-4/+4
| |
| * add support for encoding/decoding elliptic curve pointsPaul Kehrer2015-10-261-0/+34
| | | | | | | | Based on the work of @ronf in #2346.
* | Merge pull request #2435 from reaperhulk/fix-2407Alex Gaynor2015-10-271-6/+8
|\ \ | | | | | | encode countryName with PrintableString
| * | update comment to include a bit more detailPaul Kehrer2015-10-271-2/+2
| | |
| * | encode countryName with PrintableStringPaul Kehrer2015-10-201-6/+8
| | | | | | | | | | | | | | | | | | | | | This commit adds a dependency on asn1crypto for testing purposes to parse the certificate and confirm that countryName is encoded with PrintableString while other fields are UTF8String. This is a test only dep.
* | | Merge pull request #2446 from reaperhulk/init-locksAlex Gaynor2015-10-262-2/+8
|\ \ \ | |_|/ |/| | move lock initialization to during binding import
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-04 00:45:30 +0000