|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| ... |  | 
| | 
| 
| 
| 
| 
| | * Export missing OpenSSL `X509_VERIFY_PARAM_free`
* Remove un-needed export in conditional names | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * support encoding IPv4Network and IPv6Network, useful for NameConstraints
* add changelog entry
* add more networks with full and no masking (/32, /128, /0)
* parametrize the nc tests to fix coverage | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * 1.0.2i changed the way COMP_METHOD is exported if NO_COMP is set
* add a comment explaining why we changed this
* 1.0.2i handles NUMERICSTRING properly now so need only test < 1.0.2i
* needs to be visible | 
| | |  | 
| | 
| 
| 
| 
| 
| | * re-add setuptools resolve vs load workaround
* add deprecatedin tag so we can find this easier | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * support random_serial_number in the CertificateBuilder
* turns out pytest's monkeypatch has an undo
* random_serial_number now a function
* just certs | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Add bounds checking for Scrypt parameters.
* Pep8.
* More PEP8.
* Change wording. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | * fix inconsistency in utilization of block_size in openssl cipher impl
Previously we over-allocated our buffers because we treated a bit size
as bytes.
* rename property | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Scrypt implementation.
* Docs stuff.
* Make example just an example and not a doctest.
* Add changelog entry.
* Docs cleanup.
* Add more tests.
* Add multibackend tests.
* PEP8.
* Add docs about Scrypt parameters.
* Docs cleanup.
* Add AlreadyFinalized. | 
| | 
| 
| 
| 
| 
| | * add support for signature_algorithm_oid to cert, CSR, and CRL
* refactor _SIG_OIDS_TO_HASH to use ObjectIdentifiers and use that | 
| | 
| 
| 
| 
| 
| 
| 
| | * Add a register_interface_if decorator.
* Add tests.
* PEP 8. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * blake2b/blake2s support
Doesn't support keying, personalization, salting, or tree hashes so
the API is pretty simple right now.
* implement digest_size via utils.read_only_property
* un-keyed for spelling's sake
* test copying + digest_size checks
* unkeyed is too a word
* line wrap
* reword the docs
* use the evp algorithm name in the error
This will make BLAKE2 alternate digest size errors a bit less confusing
* add changelog entry and docs about supported digest_size | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Add Scrypt bindings.
* Add check for OPENSSL_NO_SCRYPT.
* Fix CUSTOMIZATIONS.
* Account for LibreSSL.
* Remove argument names.
* Remove more argument names. | 
| | 
| 
| 
| | the next release. (#3113) | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * make pre5 work
* add a blank line to make the diff happier
* 1.1.0-pre6 working
* support the changes since 1.1.0-pre6
* fixes
* add 1.1.0 to travis
* expose the symbol
* better testing for numericstring
* handle libre...
* actually use the 1.1.0 we compile
* cache the ossl-110 dir on travis
* add some newlines
* changelog entry for 1.1.0 support
* note that we test on 1.1.0
* proper skip on this test
* reorder | 
| | |  | 
| | |  | 
| | 
| 
| | We're so close. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Iterators can only be enumerated once, breaking code like this in
Python 3 for example:
    san = SubjectAlternativeName(map(DNSName, lst))
This is also a slight behavior change if the caller modifies the list
after passing it to the constructor, because input lists are now copied.
Which seems like a good thing.
Also:
* Name now checks that attributes elements are of type NameAttribute
* NoticeReference now allows notice_numbers to be any iterable | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * constify more things in x509 and reorder a few func args
Post pre6 they changed some function argument order...
* fix the function arg order where we call it
* still need arg names when implementing the function...whoops | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | not_valid_before (#2920)
* CertificateBuilder accepts aware datetimes for not_valid_after and not_valid_before
These functions now accept aware datetimes and convert them to UTC
* Added pytz to test requirements
* Correct pep8 error and improve Changelog wording
* Improve tests and clarify changelog message
* Trim Changelog line length
* Allow RevokedCertificateBuilder and CertificateRevocationListBuilder to accept aware datetimes
* Fix accidental changelog entry | 
| | 
| 
| 
| 
| 
| 
| 
| | * ERR_load_RAND_strings changed function signature in 1.1.0
Here is a hack to avoid breaking pyOpenSSL.
* not sure how I managed that. I blame vim | 
| | |  | 
| | |  | 
| | 
| 
| | Since we aren't using it bye bye | 
| | |  | 
| | 
| 
| 
| 
| 
| | Fix DNSName wildcard encoding for NameConstraints
Previously '.example.com' would get normalised to 'example.com', making
it impossible to add wildcard NameConstraints. | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Add the unconditional SecureTransport bindings
* Looks like the PSK cipher suites got removed in 10.8
* Line-length.
* Style.
* Remove further troublesome bindings. | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Add the unconditional SecureTransport bindings
* Line-length.
* Looks like the PSK cipher suites got removed in 10.8
* Style. | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Add an enforce_key_length parameter to HOTP and TOTP.
* Document changes in docs.
* Add some words to the wordlist.
* Add versionadded to docs. | 
| | 
| 
| 
| 
| 
| 
| | >>> lib.EVP_get_digestbyname(b'md_gost94')
<cdata 'EVP_MD *' NULL>
>>> lib.OPENSSL_config(ffi.NULL)
>>> lib.EVP_get_digestbyname(b'md_gost94')
<cdata 'EVP_MD *' 0x10adc7440> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Use a series of constants for OpenSSL version checks.
N.B. I removed several qualifiers that were being used to express beta vs. release in OpenSSL version numbers. Reviewers please look closely!
* Convert some python as well, also add the file
* flake8
* Simplify code, remove functionality that can be expressed more simply
* clean up the tests as well
* more constants
* wrap long lines
* reflect feedback
* unused
* add this back? | 
| | 
| 
| 
| | This is due to a bug in CommonCrypto present in 10.11.x. Filed as
radar://26636600 | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | * Add sign and verify methods to ECDSA
* Documented ECDSA sign/verify methods
* Added CHANGELOG entry
* Skipping test verify and sign if curve is not supported
* Fixed typo in documentation return type
* Removed provider language from EllipticCurvePrivateKey and EllipticCurvePublicKey | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| | * Add sign and verify methods to DSA
* Documented DSA sign/verify methods
* Added CHANGELOG entry |