| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
| |
Co-authored-by: pyca-boringbot[bot] <pyca-boringbot[bot]+106132319@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [proc-macro2](https://github.com/dtolnay/proc-macro2) from 1.0.57 to 1.0.58.
- [Release notes](https://github.com/dtolnay/proc-macro2/releases)
- [Commits](https://github.com/dtolnay/proc-macro2/compare/1.0.57...1.0.58)
---
updated-dependencies:
- dependency-name: proc-macro2
dependency-type: indirect
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
| | |
|
| | |
|
| |
|
| |
Co-authored-by: pyca-boringbot[bot] <pyca-boringbot[bot]+106132319@users.noreply.github.com>
|
| |
|
| |
Just find the copy of llvm-profdata/llvm-cov from rustc itself
|
| |
|
|
|
| |
* Cache slightly less in rust-coverage jobs
* Trigger CI to test cache
|
| |
|
|
|
|
|
|
| |
* don't use a set
We don't need one here and it creates ordering instability when
iterating over an RDN
* add a test
|
| |
|
| |
Co-authored-by: pyca-boringbot[bot] <pyca-boringbot[bot]+106132319@users.noreply.github.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [proc-macro2](https://github.com/dtolnay/proc-macro2) from 1.0.56 to 1.0.57.
- [Release notes](https://github.com/dtolnay/proc-macro2/releases)
- [Commits](https://github.com/dtolnay/proc-macro2/compare/1.0.56...1.0.57)
---
updated-dependencies:
- dependency-name: proc-macro2
dependency-type: indirect
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* Run full nox rust env in coverage jobs
* Update ci.yml
* Update ci.yml
* fix 1.60 clippy warnings
* warning name changed
|
| | |
|
| |
|
| |
Co-authored-by: pyca-boringbot[bot] <pyca-boringbot[bot]+106132319@users.noreply.github.com>
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
* refactor signature algorithm parameters into a separate function
this will be used in the verify_directly_issued_by PR
* fix coverage with more refactoring
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [pytest-xdist](https://github.com/pytest-dev/pytest-xdist) from 3.2.1 to 3.3.0.
- [Changelog](https://github.com/pytest-dev/pytest-xdist/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest-xdist/compare/v3.2.1...v3.3.0)
---
updated-dependencies:
- dependency-name: pytest-xdist
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [ruff](https://github.com/charliermarsh/ruff) from 0.0.265 to 0.0.267.
- [Release notes](https://github.com/charliermarsh/ruff/releases)
- [Changelog](https://github.com/charliermarsh/ruff/blob/main/BREAKING_CHANGES.md)
- [Commits](https://github.com/charliermarsh/ruff/compare/v0.0.265...v0.0.267)
---
updated-dependencies:
- dependency-name: ruff
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
| |
|
| |
Co-authored-by: pyca-boringbot[bot] <pyca-boringbot[bot]+106132319@users.noreply.github.com>
|
| |
|
| |
Turns out the docs encourage this.
|
| |
|
| |
It now has a trusted issuer
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [platformdirs](https://github.com/platformdirs/platformdirs) from 3.5.0 to 3.5.1.
- [Release notes](https://github.com/platformdirs/platformdirs/releases)
- [Changelog](https://github.com/platformdirs/platformdirs/blob/main/CHANGES.rst)
- [Commits](https://github.com/platformdirs/platformdirs/compare/3.5.0...3.5.1)
---
updated-dependencies:
- dependency-name: platformdirs
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
| |
|
| |
Co-authored-by: pyca-boringbot[bot] <pyca-boringbot[bot]+106132319@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [mypy](https://github.com/python/mypy) from 1.2.0 to 1.3.0.
- [Commits](https://github.com/python/mypy/compare/v1.2.0...v1.3.0)
---
updated-dependencies:
- dependency-name: mypy
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* support X.509 certificate PSS signing
no CSR, CRL, etc
* handle PSS.(MAX_LENGTH, DIGEST_LENGTH), review feedback
* name the kwarg
* test improvements
* skip if sha3 isn't supported
|
| | |
|
| |
|
| |
Co-authored-by: pyca-boringbot[bot] <pyca-boringbot[bot]+106132319@users.noreply.github.com>
|
| |
|
| |
This matter models how x.509 represents these things, and will make it easier to make Extensions an iterator in the future
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* certificate: add a `get_extension` helper
Signed-off-by: William Woodruff <william@trailofbits.com>
* certificate: OID by ref
Signed-off-by: William Woodruff <william@trailofbits.com>
* certificate: syntax
Signed-off-by: William Woodruff <william@trailofbits.com>
* x509, src: `check_duplicate_extensions`
Signed-off-by: William Woodruff <william@trailofbits.com>
* src: simplify
Signed-off-by: William Woodruff <william@trailofbits.com>
* src: everyone loves newtypes
Signed-off-by: William Woodruff <william@trailofbits.com>
* rust: refactor-o-rama
Signed-off-by: William Woodruff <william@trailofbits.com>
* src: look upon my works
Signed-off-by: William Woodruff <william@trailofbits.com>
* src: continue blasting the code
Signed-off-by: William Woodruff <william@trailofbits.com>
* src/rust: actually commit my changes
Signed-off-by: William Woodruff <william@trailofbits.com>
* src: clippage
Signed-off-by: William Woodruff <william@trailofbits.com>
* relocate
Signed-off-by: William Woodruff <william@trailofbits.com>
* src: dedupe
Signed-off-by: William Woodruff <william@trailofbits.com>
* src: cleanup
Signed-off-by: William Woodruff <william@trailofbits.com>
* clippage
Signed-off-by: William Woodruff <william@trailofbits.com>
* src: dedupe
Signed-off-by: William Woodruff <william@trailofbits.com>
* common: cleanup
Signed-off-by: William Woodruff <william@trailofbits.com>
* src: unused impls
Signed-off-by: William Woodruff <william@trailofbits.com>
* more deletion
Signed-off-by: William Woodruff <william@trailofbits.com>
* clippage
Signed-off-by: William Woodruff <william@trailofbits.com>
* extensions: add a `get_extension` test
Signed-off-by: William Woodruff <william@trailofbits.com>
* extensions: unused derives
Signed-off-by: William Woodruff <william@trailofbits.com>
* tests/x509: dup ext check for tbs_precertificate_bytes
Signed-off-by: William Woodruff <william@trailofbits.com>
* certificate: remove `extensions()`
Signed-off-by: William Woodruff <william@trailofbits.com>
* extensions: docs
Signed-off-by: William Woodruff <william@trailofbits.com>
* extensions: newtype
Signed-off-by: William Woodruff <william@trailofbits.com>
* rust: better error types, dedupe
Signed-off-by: William Woodruff <william@trailofbits.com>
extensions: unwrap -> expect
Signed-off-by: William Woodruff <william@trailofbits.com>
* Revert "rust: better error types, dedupe"
This reverts commit 212b75ff2f69a3b3cfc9d6a55949f23877f8f618.
---------
Signed-off-by: William Woodruff <william@trailofbits.com>
|
| |
|
| |
rust uses mtime to determine if files are fresh or not. However, if the mtime of a file in main is newer than the mtime of a commit in a PR then it will load the cache and there will be weird errors since it thinks the cache is new enough but in reality the code has changed. This change ties our cache keys to all our rust files, not just our cargo.lock, and should resolve this issue.
|
| | |
|
| |
|
| |
Co-authored-by: pyca-boringbot[bot] <pyca-boringbot[bot]+106132319@users.noreply.github.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [quote](https://github.com/dtolnay/quote) from 1.0.26 to 1.0.27.
- [Release notes](https://github.com/dtolnay/quote/releases)
- [Commits](https://github.com/dtolnay/quote/compare/1.0.26...1.0.27)
---
updated-dependencies:
- dependency-name: quote
dependency-type: indirect
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
| |
|
| |
Co-authored-by: pyca-boringbot[bot] <pyca-boringbot[bot]+106132319@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.143 to 0.2.144.
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.143...0.2.144)
---
updated-dependencies:
- dependency-name: libc
dependency-type: indirect
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
| |
|
|
| |
this allows easier verification of cert signatures, but more
specifically allows PSS signature verification
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [asn1](https://github.com/alex/rust-asn1) from 0.15.1 to 0.15.2.
- [Commits](https://github.com/alex/rust-asn1/compare/0.15.1...0.15.2)
---
updated-dependencies:
- dependency-name: asn1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* invalid visible string support
this allows utf8 in visiblestring, which is not valid DER. we raise a
warning when this happens, but allow it since belgian eIDs, among
others, have encoding errors. Belgium fixed this by 2021 (and possibly
earlier), but their eID certificates have 10 year validity.
* review comments
* clippy
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.142 to 0.2.143.
- [Release notes](https://github.com/rust-lang/libc/releases)
- [Commits](https://github.com/rust-lang/libc/compare/0.2.142...0.2.143)
---
updated-dependencies:
- dependency-name: libc
dependency-type: indirect
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [certifi](https://github.com/certifi/python-certifi) from 2022.12.7 to 2023.5.7.
- [Commits](https://github.com/certifi/python-certifi/compare/2022.12.07...2023.05.07)
---
updated-dependencies:
- dependency-name: certifi
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [ruff](https://github.com/charliermarsh/ruff) from 0.0.264 to 0.0.265.
- [Release notes](https://github.com/charliermarsh/ruff/releases)
- [Changelog](https://github.com/charliermarsh/ruff/blob/main/BREAKING_CHANGES.md)
- [Commits](https://github.com/charliermarsh/ruff/compare/v0.0.264...v0.0.265)
---
updated-dependencies:
- dependency-name: ruff
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
| |
|
| |
Co-authored-by: pyca-boringbot[bot] <pyca-boringbot[bot]+106132319@users.noreply.github.com>
|
| | |
|
