summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Migrate CI to GHAghaAlex Gaynor2020-11-173-127/+62
|
* Fix spelling of set in set_verify docstring (#959)Arne Schwabe2020-11-131-2/+2
|
* Stop testing py35 with cryptography master (#958)Alex Gaynor2020-11-121-3/+0
|
* Fix typo in debug command output (#957)Michael Lazar2020-11-121-1/+1
| | | Co-authored-by: Michael Lazar <mlazar@doctorondemand.com>
* Drop CI for OpenSSL 1.0.2 (#953)Alex Gaynor2020-10-268-95/+15
| | | | | | | * Drop CI for OpenSSL 1.0.2 * Delete code for coverage reasons * Bump minimum cryptography version
* Fixing issue #798 (#907)jalberdi0042020-10-181-1/+4
| | | | | | * Fixing issue #798, thanks to @reaperhulk; removing undocumented '%s' option and getting the date in a more robust way Co-authored-by: Joseba Alberdi <j.alberdi@simuneatomistics.com> Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* Correct typos in crypto.py (#949)Felix Yan2020-10-141-2/+2
|
* fixed tests for twisted change (#950)Alex Gaynor2020-10-141-5/+1
| | | * fixed tests for twisted change
* crypto._PassphraseHelper: pass non-callable passphrase using callback (#947)Huw Jones2020-10-123-11/+68
| | | | | | | | | | | | * crypto._PassphraseHelper: pass non-callable passphrase using callback Fixes #945 Before this commit, we would pass a bytes passphrase as a null terminated string. This causes issue when a randomly generated key's first byte is null because OpenSSL rightly determines the key length is 0. This commit modifies the passphrase helper to pass the passphrase via the callback * Update changelog to document bug fix
* Allow using additional untrusted certificates for chain building in ↵Sándor Oroszi2020-10-123-2/+176
| | | | | | | | | | | | X509StoreContext (#948) The additional certificates provided in the new `chain` parameter will be untrusted but may be used to build the chain. This makes it easier to validate a certificate against a store which contains only root ca certificates, and the intermediates come from e.g. the same untrusted source as the certificate to be verified. Co-authored-by: Sandor Oroszi <sandor.oroszi@balabit.com>
* Allow using an OpenSSL hashed directory for verification in X509Store (#943)Sándor Oroszi2020-09-113-1/+186
| | | | | | | Add X509Store.load_locations() to set a CA bundle file and/or an OpenSSL- style hashed CA/CRL lookup directory, similar to the already existing SSL.Context.load_verify_locations(). Co-authored-by: Sandor Oroszi <sandor.oroszi@balabit.com>
* I'm back in black (#941)Alex Gaynor2020-08-262-9/+21
|
* travis.com now (#939)Paul Kehrer2020-08-191-2/+2
|
* lock old issues (#937)Alex Gaynor2020-08-141-0/+14
|
* fixes #934 -- kill dead link (#936)Alex Gaynor2020-08-141-1/+0
|
* Switch to new notBefore/After APIs (#843)Rosen Penev2020-08-131-6/+6
| | | Signed-off-by: Rosen Penev <rosenp@gmail.com>
* Context.set_verify: allow omission of callback (#933)Maximilian Hils2020-08-073-16/+46
| | | | | | | * Context.set_verify: allow omission of callback * squeeze to 80 chars * make it clear that default callback is used
* Allow accessing a connection's verfied certificate chain (#894)Shane Harvey2020-08-055-11/+190
| | | | | | | | | | | | | | | | | | | | | | | | | * Allow accessing a connection's verfied certificate chain Add X509StoreContext.get_verified_chain using X509_STORE_CTX_get1_chain. Add Connection.get_verified_chain using SSL_get0_verified_chain if available (ie OpenSSL 1.1+) and X509StoreContext.get_verified_chain otherwise. Fixes #740. * TLSv1_METHOD -> SSLv23_METHOD * Use X509_up_ref instead of X509_dup * Add _openssl_assert where appropriate * SSL_get_peer_cert_chain should not be null * Reformat with black * Fix <OpenSSL.crypto.X509 object at 0x7fdbb59e8050> != <OpenSSL.crypto.X509 object at 0x7fdbb59daad0> * Add Changelog entry * Remove _add_chain
* Deprecated pkcs7 and pkcs12 support (#921)Alex Gaynor2020-08-052-1/+25
|
* focal time (#929)Paul Kehrer2020-08-053-8/+14
| | | | | | | | | * focal time * larger dh params, assert on something * urllib3 fix * actually check an error
* remove npn support entirely. you should be using alpn (#932)Paul Kehrer2020-08-033-364/+1
| | | | | * remove npn support entirely. you should be using alpn * flake8
* use SSLv23_METHOD so we get "best TLS" in most tests. (#931)Paul Kehrer2020-08-031-135/+135
|
* use modern message digests (#930)Paul Kehrer2020-08-031-3/+3
|
* newer pypy (#928)Paul Kehrer2020-08-032-18/+7
| | | | | | | * newer pypy * missed one * we don't support ancient cffi any more
* update cert fixtures and simplify tests (#927)Paul Kehrer2020-08-032-241/+392
| | | | | | | | | * simplify * generate new certs and keys with 3072-bit RSA * black * add a test to avoid losing coverage
* make our CI less frustrating (#926)Paul Kehrer2020-08-033-48/+12
| | | | | | | * make our CI less frustrating * sigh, even less sensitive * can we stop doing this on macos now?
* _only_ update the image (#925)Alex Gaynor2020-08-031-1/+1
| | | | | | | * _only_ update the image * Update .travis.yml Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
* use larger keys in ssl tests (#922)Alex Gaynor2020-08-031-3/+3
|
* Remove RPM build script that we have no idea if it works (#923)Alex Gaynor2020-08-032-2/+0
| | | | | * Remove RPM build script that we have no idea if it works * MANIFEST.in as well
* Add SSL.Context.set_keylog_callback (#910)Maximilian Hils2020-07-283-1/+64
| | | | | | | | | * add SSL.Context.set_keylog_callback * don't fail on missing attribute * lint! * make it black
* Paint it Black by the Rolling Stones (#920)Alex Gaynor2020-07-2323-1023/+1466
|
* Fix Travis CI build config validation issues (#918)Christian Clauss2020-07-121-2/+2
| | | | | * `sudo` key is deprecated * `os` key is missing * `matrix` is an alias for `jobs`
* Fix generated test X.509 certificates. (#917)David Benjamin2020-06-242-0/+6
| | | | | | | | | | | From RFC 5280, section 4.1.2.9: [Extensions] MUST only appear if the version is 3 (Section 4.1.2.1). If present, this field is a SEQUENCE of one or more certificate extensions. The format and content of certificate extensions in the Internet PKI are defined in Section 4.2. X509 objects default to v1, so the test certs need a set_version(2) call. (Note v3 is encoded as 2.)
* Remove deprecated tsafe module. (#913)Benjamin Peterson2020-05-223-54/+1
|
* Remove dead examples directory from flake8 invocation. (#914)Benjamin Peterson2020-05-211-1/+1
|
* Update to a more modern macOS image (#909)Alex Gaynor2020-04-071-1/+1
|
* Drop OpenSSL 1.0.1 (#908)Alex Gaynor2020-04-075-236/+198
|
* Remove asserts (#904)Adrián Chaves2020-03-312-5/+5
|
* Uhhh, fix twisted tests to actually run twisted (wat) (#906)Alex Gaynor2020-03-301-2/+3
| | | | | * Uhhh, fix twisted tests to actually run twisted (wat) * Update tox.ini
* Run twisted tests under py3 (#905)Alex Gaynor2020-03-301-2/+2
|
* Fix PKey.check for some broken keys (#897)Mrmaxmeier2020-03-112-1/+15
| | | | | | | | | * fix PKey.check for some broken keys RSA_check_key is documented to return 1 for valid keys. It (currently) returns 0 or -1 for invalid ones. The previous code accepted invalid keys if RSA_check_key returns -1! * add test
* Make tests pass in the future (now the present) (#888)Alex Gaynor2020-01-121-3/+5
|
* Drop support for Python 3.4, since cryptography dropped it (#884)Alex Gaynor2019-12-154-10/+3
|
* Make the code slightly resillient to python4 (#880)Alex Gaynor2019-11-181-2/+2
|
* Random cleanup around our usage of binary_type (#879)Alex Gaynor2019-11-183-14/+10
|
* reopen master, call it 20.0 because let's be honest with ourselves (#878)Paul Kehrer2019-11-182-1/+22
|
* version bump for 19.1 release (#877)19.1.0Paul Kehrer2019-11-172-2/+2
|
* ALPN: complete handshake without accepting a client's protocols. (#876)Mark Williams2019-11-184-11/+114
| | | | | | | | | | | | | | | | | | | | | | | | | * ALPN: complete handshake without accepting a client's protocols. The callback passed to `SSL_CTX_set_alpn_select_cb` can return `SSL_TLSEXT_ERR_NOACK` to allow the handshake to continue without accepting any of the client's offered protocols. This commit introduces `NO_OVERLAPPING_PROTOCOLS`, which the Python callback passed to `Context.set_alpn_select_callback` can return to achieve the same thing. It does not change the previous meaning of an empty string, which still terminates the handshake. * Update src/OpenSSL/SSL.py Co-Authored-By: Alex Gaynor <alex.gaynor@gmail.com> * Address @alex's review. * Use recorded value in test, fix lint error. * Cover TypeError branch in _ALPNHelper.callback
* use _ffi.from_buffer() to support bytearray (#852)Daniel Holth2019-11-185-40/+92
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * use _ffi.from_buffer(buf) in send, to support bytearray * add bytearray test * update CHANGELOG.rst * move from_buffer before 'buffer too long' check * context-managed from_buffer + black * don't shadow buf in send() * test return count for sendall * test sending an array * fix test * also use from_buffer in bio_write * de-format _util.py * formatting * add simple bio_write tests * wrap line
* bump the minimum cryptography version (#875)Paul Kehrer2019-11-173-2/+4
| | | | | | | Users with older cryptography (and hence potentially older asn1crypto, a transitive dependency) are seeing a serious bug on macOS catalina due to the way older asn1crypto loads a shared library. While this isn't a pyOpenSSL bug bumping this dep might prevent the bug from impacting some users.
View Lorry Controller Status