delta/python-packages/cryptography.git/tests, branch 2.1.2 github.com: pyca/cryptography.git Debian sid is python3.6 now (#3968) (#3972) 2017-10-12T03:37:11+00:00 Alex Gaynor alex.gaynor@gmail.com 2017-10-12T03:37:11+00:00 78ae67cff45d85d75428aebf19ce68e46a3d91a6 * Debian sid is python3.6 now * Workaround because apparently measuring coverage correctly isn't a legitimate use case 
* Debian sid is python3.6 now

* Workaround because apparently measuring coverage correctly isn't a legitimate use case
 backwards incompatible change to UniformResourceIdentifier (#3954) 2017-10-11T03:47:46+00:00 Paul Kehrer paul.l.kehrer@gmail.com 2017-10-11T03:47:46+00:00 1b43b51599e4a3b39662b069af0140bf24ac3a43 * backwards incompatible change to UniformResourceIdentifier During this release cycle we decided to officially deprecate passing U-labels to our GeneralName constructors. At first we tried changing this in a purely backwards compatible way but get_values_for_type made that untenable. This PR modifies URI to accept two types: U-label strings (which raises a deprecation warning) and A-label strings (the new preferred type). There is also a constructor for URI that bypasses validation so we can parse garbage out of certificates (and round trip it if necessary) * nonsense empty commit 2.6 and codecov are the worst 
* backwards incompatible change to UniformResourceIdentifier

During this release cycle we decided to officially deprecate passing
U-labels to our GeneralName constructors. At first we tried changing
this in a purely backwards compatible way but get_values_for_type made
that untenable. This PR modifies URI to accept two types:
U-label strings (which raises a deprecation warning) and A-label strings
(the new preferred type). There is also a constructor for URI
that bypasses validation so we can parse garbage out of certificates
(and round trip it if necessary)

* nonsense empty commit 2.6 and codecov are the worst
backwards incompatible change to RFC822Name (#3953) 2017-10-11T01:48:40+00:00 Paul Kehrer paul.l.kehrer@gmail.com 2017-10-11T01:48:40+00:00 d3f73e0de5bf407f375c18b94f3f9535439ece3d * backwards incompatible change to RFC822Name During this release cycle we decided to officially deprecate passing U-labels to our GeneralName constructors. At first we tried changing this in a purely backwards compatible way but get_values_for_type made that untenable. This PR modifies RFC822Name to accept two types: U-label strings (which raises a deprecation warning) and A-label strings (the new preferred type). There is also a constructor for RFC822Name that bypasses validation so we can parse garbage out of certificates (and round trip it if necessary) * whoops 
* backwards incompatible change to RFC822Name

During this release cycle we decided to officially deprecate passing
U-labels to our GeneralName constructors. At first we tried changing
this in a purely backwards compatible way but get_values_for_type made
that untenable. This PR modifies RFC822Name to accept two types:
U-label strings (which raises a deprecation warning) and A-label strings
(the new preferred type). There is also a constructor for RFC822Name
that bypasses validation so we can parse garbage out of certificates
(and round trip it if necessary)

* whoops
Backwards incompatible change to DNSName (#3951) 2017-10-11T00:11:44+00:00 Paul Kehrer paul.l.kehrer@gmail.com 2017-10-11T00:11:44+00:00 ed32105be8daa27d39e5ef1f26e3f7bc672a7939 * Backwards incompatible change to DNSName During this release cycle we decided to officially deprecate passing U-labels to our GeneralName constructors. At first we tried changing this in a purely backwards compatible way but get_values_for_type made that untenable. This PR modifies DNSName to take three different types. U-label strings (which raises a deprecation warning), A-label strings (the new preferred type), and bytes (which are assumed to be decodable to unicode strings). The latter, while supported, is primarily intended for use by our parser and allows us to return the actual encoded data in a certificate even if it has not been properly encoded to A-label before the certificate is created. (Of course, if the certificate contains invalid utf8 sequences this will still fail, but let's handle one catastrophic failure at a time). * coverage * don't delete that asterisk from a test. it does things. * no bytes in DNSName. Private constructor for bypassing validation * test unicode in dnsname (yuck) * fix docs * empty commit, you disappoint me codecov * CI is the worst 
* Backwards incompatible change to DNSName

During this release cycle we decided to officially deprecate passing
U-labels to our GeneralName constructors. At first we tried changing
this in a purely backwards compatible way but get_values_for_type made
that untenable. This PR modifies DNSName to take three different types.
U-label strings (which raises a deprecation warning), A-label strings
(the new preferred type), and bytes (which are assumed to be decodable
to unicode strings). The latter, while supported, is primarily intended
for use by our parser and allows us to return the actual encoded data in
a certificate even if it has not been properly encoded to A-label before
the certificate is created. (Of course, if the certificate contains
invalid utf8 sequences this will still fail, but let's handle one
catastrophic failure at a time).

* coverage

* don't delete that asterisk from a test. it does things.

* no bytes in DNSName. Private constructor for bypassing validation

* test unicode in dnsname (yuck)

* fix docs

* empty commit, you disappoint me codecov

* CI is the worst
Add support for AES XTS (#3900) 2017-10-02T02:03:20+00:00 Paul Kehrer paul.l.kehrer@gmail.com 2017-10-02T02:03:20+00:00 a397d75a1e091299d012035655bdc30376378b4c * Add support for AES XTS We drop the non-byte aligned test vectors because according to NIST http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSVS.pdf "An implementation may support a data unit length that is not a multiple of 8 bits." OpenSSL does not support this, so we can't use those test vectors. * fix docs and pep8 * docs fix * the spellchecker is so frustrating * add note about AES 192 for XTS (it's not supported) * docs work * enforce key length on ECB mode in AES as well (thanks XTS) * a few more words about why we exclude some test vectors for XTS 
* Add support for AES XTS

We drop the non-byte aligned test vectors because according to NIST
http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSVS.pdf
"An implementation may support a data unit length that is not a
multiple of 8 bits." OpenSSL does not support this, so we can't
use those test vectors.

* fix docs and pep8

* docs fix

* the spellchecker is so frustrating

* add note about AES 192 for XTS (it's not supported)

* docs work

* enforce key length on ECB mode in AES as well (thanks XTS)

* a few more words about why we exclude some test vectors for XTS
add ChaCha20 support (#3919) 2017-09-28T15:46:49+00:00 Paul Kehrer paul.l.kehrer@gmail.com 2017-09-28T15:46:49+00:00 62ebb429fe94693e5b94480025f3f3e0556b83b1 * add ChaCha20 support * review feedback * 256 divided by 8 is what again? * ... 
* add ChaCha20 support

* review feedback

* 256 divided by 8 is what again?

* ...
both parse and encode the ASN1 string type for Name attributes (#3896) 2017-09-26T02:23:24+00:00 Paul Kehrer paul.l.kehrer@gmail.com 2017-09-26T02:23:24+00:00 72c92f5ed1a3fe1b5196e0247bbe4cbe5e93c1a7 * both parse and encode the ASN1 string type for Name attributes Previously cryptography encoded everything (except country names) as UTF8String. This caused problems with chain building in libraries like NSS where the subject and issuer are expected to match byte-for-byte. With this change we now parse and store the ASN1 string type as a private _type in NameAttribute. We then use this to encode when issuing a new certificate. This allows the CertificateBuilder to properly construct an identical issuer and fixes the issue with NSS. * make the sentinel private too 
* both parse and encode the ASN1 string type for Name attributes

Previously cryptography encoded everything (except country names) as
UTF8String. This caused problems with chain building in libraries like
NSS where the subject and issuer are expected to match byte-for-byte.

With this change we now parse and store the ASN1 string type as a
private _type in NameAttribute. We then use this to encode when issuing
a new certificate. This allows the CertificateBuilder to properly
construct an identical issuer and fixes the issue with NSS.

* make the sentinel private too
FreshestCRL extension support (#3937) 2017-09-24T00:44:12+00:00 Paul Kehrer paul.l.kehrer@gmail.com 2017-09-24T00:44:12+00:00 b76bcf88bd272dcde26858c936a743a229aefd5a * add freshest CRL support * add tests * add changelog * add tests for FreshestCRL generation 
* add freshest CRL support

* add tests

* add changelog

* add tests for FreshestCRL generation
support delta crl indicator extension (#3936) 2017-09-22T13:29:36+00:00 Paul Kehrer paul.l.kehrer@gmail.com 2017-09-22T13:29:36+00:00 5e3cc98473ad54db390736ac81bb74210e85056d This is an extension for CRLs 
This is an extension for CRLs
 parametrize a bunch of x509 extension tests that were identical (#3931) 2017-09-22T02:07:10+00:00 Paul Kehrer paul.l.kehrer@gmail.com 2017-09-22T02:07:10+00:00 2931b8609427f0dc3b95d70e02804c53057bfbfc