| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* support negative serials in certificate parsing
but raise a warning every time we see it. also proactively raise on
initial parse of the certificate, not just when accessing the
serial_number attribute
* cargo fmt
* review feedback and changelog
* pssh
* Update CHANGELOG.rst
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
|
| |
|
| |
This is an awful hybrid, but hopefully puts us on a path to removing this nonsense
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
* OCB3 support in aead package
* improve comment
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
encoded default (#6600)
* Allow parsing CSR extensions with the critical bit having an explicitly encoded default
* Poke for zuul
|
| | |
|
| | |
|
| |
|
| |
Refs #6576
|
| |
|
|
|
| |
* skip pkcs7 tests on boring
* make it work
|
| |
|
|
|
| |
* Allow to serialize extension values as DER bytes string.
* Prepare test for SignedCertificateTimestamps.
|
| | |
|
| |
|
| |
Refs #6576
|
| |
|
| |
Refs #6576
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* Move certificate extension encoding code to new crate x509::extensions.
* Move more extension serialization code to x509::extensions.
* Unify extension encoding into one function.
* Move all extension OIDs to x509::extensions.
* Move all OIDs to x509::oid.
|
| |
|
|
| |
also document that we can return these key types in a certificate,
although they can't be self-signed of course
|
| |
|
|
|
| |
* Simplify backed name check in tests
* poke GHA
|
| |
|
|
|
| |
this matches our behavior to OpenSSL and allows users to pass a chain to
our PEM loaders. To make this a little less magical it is now
documented.
|
| |
|
|
|
|
|
|
| |
* * CMAC
* HMAC
* * hashes
* * keywrap
|
| |
|
| |
cipher class
|
| |
|
|
|
| |
The RSA chapter:
* Retype backend args to typing.Any
* Stop using _get_backend and directly import
|
| |
|
|
| |
* Move around some code to kill the need for a backend method
* Type the backend arg to typing.Any since we just don't care now
|
| |
|
| |
All the KDFs
|
| |
|
| |
* OTPs
|
| | |
|
| |
|
| |
Previously we raised InternalError, but now we raise a ValueError
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
`rfc4514_string()` and related methods now have an optional
`attr_name_overrides` parameter to supply custom OID to name mappings,
which can be used to match vendor-specific extensions.
**BACKWARDS INCOMPATIBLE:** Reverted the nonstandard formatting of email
address fields as `E` in `rfc4514_string()` methods from version 35.0.
The previous behavior can be restored with:
`name.rfc4514_string({NameOID.EMAIL_ADDRESS: "E"})`
Expanded documentation of `Name.rfc4514_string`.
|
| |
|
|
|
| |
* Take backend as a parameter so skips work
* Bump timeout threshold since alpine appears to be right on the line
|
| |
|
|
|
|
|
|
|
|
|
| |
* Convert CRL creation to Rust
* fixes
* small reflows
* Delete all teh code
* flake8
|
| |
|
|
|
|
|
|
|
| |
* Convert CSR creation to Rust
* put this back
* unused
* coverage
|
| |
|
| |
Needed for BoringSSL (https://github.com/pyca/cryptography/pull/5305)
|
| |
|
|
|
|
|
|
| |
* support bmpstring and universalstring decoding in name
this doesn't fix BMPString/UniversalString in DisplayText; that requires
altering our implementation or adding those types to rust-asn1
* cargo fmt
|
| |
|
|
|
|
|
|
|
|
|
| |
* Convert x.509 certificate generation to Rust
* flake8
* Coverage shenangins
* moar hashes
* moar hashes
|
| |
|
|
|
|
|
|
|
| |
* Attempt to turn FIPS small RSA errors into something useful
* Black
* fix
* doh
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* expand signing tests to encompass more signature OIDs
also test those OIDs
* black
* skip sha1 in fips
|
| | |
|
| |
|
|
|
|
|
| |
(#6469)
* Added a test for signing an OCSP response with an unknown private key type
* Update test_ocsp.py
|
| |
|
|
|
| |
* Added a test for signing an OCSP response with an invalid hash
* Fix for libressl
|
| |
|
|
|
|
|
| |
* Added test for signing an unknown cert status response
refs #6460
* Update test_ocsp.py
|
| |
|
|
|
|
|
|
|
| |
* Revert "Ban cffi version that makes CI sad (#6418)"
This reverts commit bba65084eadca64776d520004ded10375ab5d30e.
* Run the necessary teardown code always
* Restore this
|
| | |
|
| |
|
|
|
|
|
| |
* port some crl extensions, refactor a bit
* add a test
* black
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Encode general names in rust
Enable SAN/IAN encoding in rust
* fmt
* simplify
* satisfy mypy, review comment
* coverage lol
* more coverage
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* encode x509.Name.public_bytes using rust
* mypy
* remove x509_name_bytes entirely
* black
* simplify type signature
* black again
* remove branches
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Convert CertificatePolicies to Rust
* Satisfy clippy
* Incorporate rust tests into coverage
* Attempt to get the coverage integrated
* Debugging, as a treat
* Attempt to get the coverage integrated
* cursed
* Maybe?
* Required!
* lol
* unused
* Handle non-ascii qualifiers
|
