| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
* Update fernet docs to use latest Django recommendations
* Err, remember how RST works
|
| | |
|
| |
|
|
|
| |
* OCB3 support in aead package
* improve comment
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
encoded default (#6600)
* Allow parsing CSR extensions with the critical bit having an explicitly encoded default
* Poke for zuul
|
| | |
|
| | |
|
| |
|
|
|
| |
* Allow to serialize extension values as DER bytes string.
* Prepare test for SignedCertificateTimestamps.
|
| |
|
|
| |
also document that we can return these key types in a certificate,
although they can't be self-signed of course
|
| |
|
|
|
| |
this matches our behavior to OpenSSL and allows users to pass a chain to
our PEM loaders. To make this a little less magical it is now
documented.
|
| | |
|
| | |
|
| |
|
|
|
| |
* deprecate backend part 5 of n
* remove doc8
|
| | |
|
| |
|
| |
finish the asymmetric docs
|
| | |
|
| |
|
|
| |
* update all custom vector generation scripts to not use backends
* remove references to backends in test-vectors.rst
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
`rfc4514_string()` and related methods now have an optional
`attr_name_overrides` parameter to supply custom OID to name mappings,
which can be used to match vendor-specific extensions.
**BACKWARDS INCOMPATIBLE:** Reverted the nonstandard formatting of email
address fields as `E` in `rfc4514_string()` methods from version 35.0.
The previous behavior can be restored with:
`name.rfc4514_string({NameOID.EMAIL_ADDRESS: "E"})`
Expanded documentation of `Name.rfc4514_string`.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* Convert CRL creation to Rust
* fixes
* small reflows
* Delete all teh code
* flake8
|
| |
|
|
|
|
|
|
|
| |
* Convert CSR creation to Rust
* put this back
* unused
* coverage
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* Convert x.509 certificate generation to Rust
* flake8
* Coverage shenangins
* moar hashes
* moar hashes
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* Update installation for testing against bookworm
* Try bumping macOS timeout
* Try pinning cffi
* Ban 1.15.0
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Propose a new load_key_and_certificates_with_name API to return the PKCS12 'friendly name' as well.
* Extend load_key_and_certificates_with_name to return friendly names for all certificates; add serialize_key_and_certificates_with_names; add X509_alias_set1 to cffi; add basic tests for all these.
* Add changelog entry and documentation.
* Revert "Extend load_key_and_certificates_with_name to return friendly names for all certificates; add serialize_key_and_certificates_with_names; add X509_alias_set1 to cffi; add basic tests for all these."
This reverts commit 125935e8cf1d27028c5b593bb058e2716311fd72.
* Create new interface.
* Rename load_key_and_certificates_object -> load_pkcs12.
* Add constructor validation, improve repr tests.
* Mention '... or None'.
* Allow all private key types.
* Fix/improve tests.
* Ignore type errors when intentionally passing wrong types.
* Fix type; linting.
* Use correct ignore.
|
| |
|
|
|
|
|
| |
* Add new PKCS12 test vectors for #6348.
* Re-create test certs without DSA.
* Forgot to adjust the docs.
|
| |
|
|
|
| |
* accept combined PEM files with multiple sections
* pass error messages into `find_in_pem`
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* Improve changelog for cryptography.x509 changes
* Update CHANGELOG.rst
* Update CHANGELOG.rst
* Update CHANGELOG.rst
* this is a word
|
| | |
|
| |
|
|
|
| |
* add several OCSP response vectors
* fix naming
|
| |
|
|
|
| |
* add faq entry about why rust
* de facto isn't misspelled
|
| |
|
| |
(Lots of commits that got squashed)
|
| |
|
|
|
| |
* musllinux ftw
* appease the spellchecker
|
| |
|
|
|
|
|
| |
* Don't internal error on CRL with no nextUpdate value
* Fix typing
* docs
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
* add more eku oids
fixes #5892
* kerberos is a word in our world
|
| | |
|
| |
|
|
|
| |
Use always string as output format
Co-authored-by: Baofeng Wang <baofeng.wang67@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Implement KBKDFCMAC
Also adjust KBKDFHMAC to avoid code duplication.
* Add KBKDFCMAC unit tests
* Enable KBKDFCMAC vector tests
* Fix doc8 too long line issue in changelog
Adding bullet list entries after line 30 in the CHANGELOG.rst leads to
doc8 D001 error in line 30. Looks like a doc8 bug. Breaking the line in
the middle of the cross-reference solves the problem for now.
Also replace the trailing comma with a dot.
* Add KBKDFCMAC documentation and update changelog
|
| |
|
|
|
| |
Django recommends 320,000 rounds of PBKDF2 as of January 2021.
Note that it hasn't been 100,000 for some time, so this number should probably be revisited somewhat more frequently. I did point to the source code, to make that number easier to find for people.
|
| |
|
|
|
|
| |
1. In signature generation code example, add a `key' assignment so it can be run solely.
2. In verify() code example, add a positive case before the negative one. Also use copy() to do self authentication.
Co-authored-by: Baofeng Wang <baofeng.wang67@gmail.com>
|
| | |
|
| | |
|
