delta/python-packages/cryptography.git/src/cryptography/x509/name.py, branch macos-github-actions github.com: pyca/cryptography.git Allow NameAttribute.value to be an empty string (#5109) 2020-03-19T19:23:35+00:00 Andrea De Pasquale 447065+adepasquale@users.noreply.github.com 2020-03-19T19:23:35+00:00 87b2749c52e688c809f1861e55d958c64147493c * Allow NameAttribute.value to be an empty string RFC 4514 https://tools.ietf.org/html/rfc4514 does not mention that "AttributeValue" can not be an empty (zero-length) string. Fixes #5106 * reverse order to match fix from another PR Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com> 
* Allow NameAttribute.value to be an empty string

RFC 4514 https://tools.ietf.org/html/rfc4514 does not mention that
"AttributeValue" can not be an empty (zero-length) string.

Fixes #5106

* reverse order to match fix from another PR

Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
 Reversed the order of RDNs in x509.Name.rfc4514_string() (#5120) 2020-03-03T02:26:07+00:00 Thomas Erbesdobler t.erbesdobler@gmx.de 2020-03-03T02:26:07+00:00 ed71c5cc07e4a0bb7a58f4e0731e5af3d4d4aa53 RFC4514 requires in section 2.1 that RDNs are converted to string representation in reversed order. 
RFC4514 requires in section 2.1 that RDNs are converted to string
representation in reversed order.
 Use literals for collections and comprehensions. (#5091) 2020-01-12T22:29:17+00:00 Mads Jensen mje@inducks.org 2020-01-12T22:29:17+00:00 a849f40556bd022c7478a44e935359c5fac83193 






4810 bugfix: avoid UnicodeEncodeError on python 2 (#4846)
2019-04-16T05:46:57+00:00

redshiftzero
jen@freedom.press

2019-04-16T05:46:57+00:00

276f5c49d55b5ff7694f2f35ae538282ec360e7d

* test: regression test for UnicodeEncodeError in x509 name in #4810

added utf8 encoding at the top of the file due to PEP 263

* bugfix: #4810 resolve UnicodeEncodeError in x509 name





* test: regression test for UnicodeEncodeError in x509 name in #4810

added utf8 encoding at the top of the file due to PEP 263

* bugfix: #4810 resolve UnicodeEncodeError in x509 name







Simplify string formatting (#4757)
2019-02-20T04:38:32+00:00

Alex Gaynor
alex.gaynor@gmail.com

2019-02-20T04:38:32+00:00

ac1d13f43dea5ebee0506dc229cd431660916c73












Remove spaces from RFC 4514 strings for better compliance (#4643) (#4646)
2018-12-17T23:26:40+00:00

Marti Raudsepp
marti@juffo.org

2018-12-17T23:26:40+00:00

824155743fe3087bb2b2116ad3a8a363f550f9ab

RFC 4514 does not explicitly allow whitespace between separators:
https://tools.ietf.org/html/rfc4514

Reported-by: David Arnold <dar@xoe.solutions>




RFC 4514 does not explicitly allow whitespace between separators:
https://tools.ietf.org/html/rfc4514

Reported-by: David Arnold <dar@xoe.solutions>






Add RFC 4514 Distinguished Name formatting for Name, RDN and NameAttribute (#4304)
2018-12-08T01:26:07+00:00

Marti Raudsepp
marti@juffo.org

2018-12-08T01:26:07+00:00

c3d38b5d80a955aee4b160bb97464a20c4992da7












Make RelativeDistinguishedName preserve attribtue order (#4306)
2018-07-09T13:11:18+00:00

Marti Raudsepp
marti@juffo.org

2018-07-09T13:11:18+00:00

9e1873af35a2b530e71e1579b2d62c233b75ba26

Duplicate attributes now raise an error instead of silently discarding
duplicates.




Duplicate attributes now raise an error instead of silently discarding
duplicates.






Fix ASN1 string type encoding for several Name OIDs (#4035)
2017-12-01T02:48:56+00:00

Paul Kehrer
paul.l.kehrer@gmail.com

2017-12-01T02:48:56+00:00

4662d44fd3db5078a1882100653a3dbab3e3c7a1

* Fix ASN1 string type encoding for several Name OIDs

When we changed over to the new type encoding system we didn't verify
that the new code exactly matched the ASN1 string types that OpenSSL was
previously choosing. This caused serialNumber, dnQualifier,
emailAddress, and domainComponent to change from their proper encodings
to UTF8String as of version 2.1.

Now we check to see if there's a sentinel value (indicating no custom
type has been passed) and then check if the OID has a different default
than UTF8. If it does, we set it.

This PR also adds tests for the ASN1 string type of ever supported
NameOID.

* review feedback





* Fix ASN1 string type encoding for several Name OIDs

When we changed over to the new type encoding system we didn't verify
that the new code exactly matched the ASN1 string types that OpenSSL was
previously choosing. This caused serialNumber, dnQualifier,
emailAddress, and domainComponent to change from their proper encodings
to UTF8String as of version 2.1.

Now we check to see if there's a sentinel value (indicating no custom
type has been passed) and then check if the OID has a different default
than UTF8. If it does, we set it.

This PR also adds tests for the ASN1 string type of ever supported
NameOID.

* review feedback







both parse and encode the ASN1 string type for Name attributes (#3896)
2017-09-26T02:23:24+00:00

Paul Kehrer
paul.l.kehrer@gmail.com

2017-09-26T02:23:24+00:00

72c92f5ed1a3fe1b5196e0247bbe4cbe5e93c1a7

* both parse and encode the ASN1 string type for Name attributes

Previously cryptography encoded everything (except country names) as
UTF8String. This caused problems with chain building in libraries like
NSS where the subject and issuer are expected to match byte-for-byte.

With this change we now parse and store the ASN1 string type as a
private _type in NameAttribute. We then use this to encode when issuing
a new certificate. This allows the CertificateBuilder to properly
construct an identical issuer and fixes the issue with NSS.

* make the sentinel private too





* both parse and encode the ASN1 string type for Name attributes

Previously cryptography encoded everything (except country names) as
UTF8String. This caused problems with chain building in libraries like
NSS where the subject and issuer are expected to match byte-for-byte.

With this change we now parse and store the ASN1 string type as a
private _type in NameAttribute. We then use this to encode when issuing
a new certificate. This allows the CertificateBuilder to properly
construct an identical issuer and fixes the issue with NSS.

* make the sentinel private too