| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
* Delete README
* Delete client.py
* Delete server.py
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Delete README
* Delete another.invalid.crt
* Delete another.invalid.key
* Delete client.py
* Delete example.invalid.crt
* Delete example.invalid.key
* Delete server.py
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
generate certs (#833)
|
|
|
| |
These don't actually cover any code.
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Make test_ssl pass in an IPv6-only environment
* Review comments
* Update tests/test_ssl.py
Co-Authored-By: davidben <davidben@davidben.net>
* Wrap long line with parens.
|
|
|
|
|
|
| |
* skip NPN tests if NPN is not available
* use the right name
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Deprecated NPN
* arithmetic is hard
* oops
* oops
|
|
|
|
|
|
|
|
|
|
|
| |
* Raise an Error with "no cipher match" even with TLS 1.3
This makes Twisted's OpenSSLAcceptableCiphers.fromOpenSSLCipherString
and seamlessly work with TLS 1.3:
https://github.com/twisted/twisted/pull/1100/files/a5df2fb373ac67b0e3032acc9291ae88dfd0b3b1#diff-df501bac724aab523150498f84749b88R1767
* Split TestContext.test_set_cipher_list_wrong_args into two tests.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Removed deprecated Type aliases
* typo
* typo
* missed this somehow
* Line wrap
|
| |
|
| |
|
|
|
| |
2566 is not a valid digest, whoops!
|
|
|
|
|
|
|
|
|
|
|
|
| |
* more infra changes
* upgrade pypy
* still run a test against 1.0.1
* we don't need this builder
* ...
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
rtype for the following was incorrect:
X509Req.from_cryptography
X509.from_cryptography
|
|
|
|
|
|
|
|
|
|
|
| |
* Handle NULL bytes in get_components() values
Some old software may generate "bogus" CN with each character preceded
by a NULL.
This is already handled in commonName, but wasn't in get_components()
* review fixes (fix py3 test & avoid unpack/cast)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* fix openssl CLI testing for 1.1.1
* various 1.1.1 related fixes
some of which are just admitting TLS 1.3 is fundamentally different and
pinning the tests to TLS 1.2
* flake8 fixes
* allow travis_infra env var through
* fix twisted
|
| |
|
| |
|
|
|
|
|
|
| |
* X509Store.add_cert no longer raises an error on duplicate cert
* move changelog entry
|
| |
|
|
|
|
|
|
|
| |
My system apparently has larger socket buffers than this test assumes,
so it fails. (Debian 9, Linux 4.16, Python 3.7)
So let's increase the size of the buffers such that it works for me.
This was the smallest power of 2 that worked.
|
|
|
|
|
|
|
|
| |
* Added py37 to travis
* Added py37 trove classifier
* Added py37 to tox
|
|
|
| |
Not much point in making it otherwise.
|
|
|
|
|
|
|
|
|
| |
The ownership semantics of SSL_set_tlsext_status_ocsp_resp are not as
complex as the comment suggests. There's no leak or complex lifetime.
It's an ownership transfer of an OPENSSL_malloc'd buffer. The
documentation is lacking, and making the copy internally would have been
tidier (though less efficient if the OCSP response where generated by
i2d_OCSP_RESPONSE), but this sort of thing has precedent in OpenSSL's
API.
|
|
|
|
|
|
| |
See also https://github.com/pyca/cryptography/pull/4227. I suspect this
is a no-op since cffi is probably just generating its own function
stubs and every ABI makes const and non-const pointers the same. Still,
better to match things.
|
|
|
|
|
|
| |
* reopen master for 18.1
* there are four dashes
|
| |
|
|
|
|
|
|
|
|
| |
* tell people to stop using this where possible
* links require actual linking
* bolding
|
|
|
|
|
|
|
|
| |
This makes it possible to retrieve the local certificate (if any)
for a Connection.
An example where this is useful is when negotiating a DTLS-SRTP
connection, the fingerprint of the local certificate needs to be
communicated to the remote party out-of-band via SDP.
|
|
|
|
|
|
|
|
|
|
|
| |
* Make sure a NotImplementedError is always raised on Connection.makefile
With this patch, code which calls (for example) conn.makefile('rb') will
get a NotImplementedError instead of a confusing TypeError:
TypeError: makefile() takes 1 positional argument but 2 were given
* ignore any args/kwargs passed
|
|
|
|
| |
This allows negotiating SRTP keying material, which is useful when using
DTLS-SRTP, as WebRTC does for example.
|
|
|
|
|
|
| |
* make codecov stop commenting
* *shakes fist at manifest.in*
|