summaryrefslogtreecommitdiff
path: root/tests
Commit message (Collapse)AuthorAgeFilesLines
...
* Final polish on removing backends from places they aren't required (#6644)Alex Gaynor2021-11-223-21/+4
|
* allow parsing of nonstandard country name and jurisdiction country name (#6641)Paul Kehrer2021-11-211-0/+22
| | | | | | The spec requires both of these to be exactly two characters to correspond with ISO country codes. Reality is sometimes messier, so this allows parsing (but not encoding) of this invalid data. Parsing will raise a UserWarning if incorrect lengths are detected.
* Simplify the code in the AEAD test (#6638)Alex Gaynor2021-11-211-10/+10
| | | Only unhexlify each thing once
* support negative serials in certificate parsing (#6626)Paul Kehrer2021-11-201-2/+7
| | | | | | | | | | | | | | | | | | | * support negative serials in certificate parsing but raise a warning every time we see it. also proactively raise on initial parse of the certificate, not just when accessing the serial_number attribute * cargo fmt * review feedback and changelog * pssh * Update CHANGELOG.rst Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* fixes #6404 -- attempt to treat OCSP Nonce as being an octet string (#6625)Alex Gaynor2021-11-202-3/+3
| | | This is an awful hybrid, but hopefully puts us on a path to removing this nonsense
* more typing (#6616)Paul Kehrer2021-11-174-92/+120
|
* raise warning on encoded default value in csr (#6615)Paul Kehrer2021-11-171-3/+4
|
* type some more things in the tests (#6614)Paul Kehrer2021-11-176-14/+32
|
* OCB3 support (#6607)Paul Kehrer2021-11-141-0/+132
| | | | | * OCB3 support in aead package * improve comment
* remove deprecated calls in tests (#6604)Paul Kehrer2021-11-141-5/+7
|
* support attributes on csrs with an iterable (#6603)Paul Kehrer2021-11-141-73/+274
|
* Allow parsing CSR extensions with the critical bit having an explicitly ↵Alex Gaynor2021-11-141-0/+18
| | | | | | | encoded default (#6600) * Allow parsing CSR extensions with the critical bit having an explicitly encoded default * Poke for zuul
* handle unused bits in distribution point reasons as well (#6594)Paul Kehrer2021-11-121-6/+7
|
* encode KeyUsage with unused bits (#6593)Paul Kehrer2021-11-121-13/+63
|
* Run tests/hazmat/bindings/test_openssl.py on BoringSSL (#6592)Alex Gaynor2021-11-121-9/+20
| | | Refs #6576
* skip pkcs7 tests on boring (#6591)Paul Kehrer2021-11-121-19/+27
| | | | | * skip pkcs7 tests on boring * make it work
* Allow to serialize extension values as DER bytes strings (#6346)Felix Fontein2021-11-121-2/+424
| | | | | * Allow to serialize extension values as DER bytes string. * Prepare test for SignedCertificateTimestamps.
* x509 tests for boring (#6590)Paul Kehrer2021-11-122-4/+8
|
* Run tests/primitives/test_{dh,serialization}.py on BoringSSL (#6589)Alex Gaynor2021-11-122-0/+20
| | | Refs #6576
* Run tests/hazmat/backends/ under BoringSSL (#6588)Alex Gaynor2021-11-121-1/+5
| | | Refs #6576
* Run tests/primitives/ (minus a few files) on BoringSSL (#6584)Alex Gaynor2021-11-111-1/+1
|
* Move extension encoding code to new crate x509::extensions (#6571)Felix Fontein2021-11-111-1/+1
| | | | | | | | | | | * Move certificate extension encoding code to new crate x509::extensions. * Move more extension serialization code to x509::extensions. * Unify extension encoding into one function. * Move all extension OIDs to x509::extensions. * Move all OIDs to x509::oid.
* allow x25519/x448 public keys in certificatebuilder (#6562)Paul Kehrer2021-11-071-0/+52
| | | | also document that we can return these key types in a certificate, although they can't be self-signed of course
* Simplify backed name check in tests (#6558)Alex Gaynor2021-11-071-2/+2
| | | | | * Simplify backed name check in tests * poke GHA
* allow multiple identical pem blocks (#6551)Paul Kehrer2021-11-051-6/+14
| | | | | this matches our behavior to OpenSSL and allows users to pass a chain to our PEM loaders. To make this a little less magical it is now documented.
* deprecate backend part 14 of...probably 15? (#6534)Paul Kehrer2021-11-033-26/+0
| | | | | | | | * * CMAC * HMAC * * hashes * * keywrap
* deprecate backend part 11 of n (#6530)Paul Kehrer2021-11-032-18/+7
| | | cipher class
* deprecate backend part 8 of n (#6527)Paul Kehrer2021-11-031-9/+0
| | | | | The RSA chapter: * Retype backend args to typing.Any * Stop using _get_backend and directly import
* deprecate backend part 7 of n (#6526)Paul Kehrer2021-11-031-8/+0
| | | | * Move around some code to kill the need for a backend method * Type the backend arg to typing.Any since we just don't care now
* deprecate backend part 12 of n (#6532)Paul Kehrer2021-11-036-119/+14
| | | All the KDFs
* deprecate backend part 13 of n (#6533)Paul Kehrer2021-11-032-30/+0
| | | * OTPs
* support BMPString in explicitText parsing for legacy certificates (#6516)Paul Kehrer2021-11-021-0/+14
|
* handle case where private_value is the point at infinity (#6515)Paul Kehrer2021-11-021-0/+9
| | | Previously we raised InternalError, but now we raise a ValueError
* Allow custom attribute shortnames in rfc4514_string (#6490)Marti Raudsepp2021-11-011-0/+17
| | | | | | | | | | | | | `rfc4514_string()` and related methods now have an optional `attr_name_overrides` parameter to supply custom OID to name mappings, which can be used to match vendor-specific extensions. **BACKWARDS INCOMPATIBLE:** Reverted the nonstandard formatting of email address fields as `E` in `rfc4514_string()` methods from version 35.0. The previous behavior can be restored with: `name.rfc4514_string({NameOID.EMAIL_ADDRESS: "E"})` Expanded documentation of `Name.rfc4514_string`.
* Take backend as a parameter so skips work (#6504)Alex Gaynor2021-11-011-1/+1
| | | | | * Take backend as a parameter so skips work * Bump timeout threshold since alpine appears to be right on the line
* Convert CRL creation to Rust (#6496)Alex Gaynor2021-10-312-14/+2
| | | | | | | | | | | * Convert CRL creation to Rust * fixes * small reflows * Delete all teh code * flake8
* Convert CSR creation to Rust (#6495)Alex Gaynor2021-10-312-12/+14
| | | | | | | | | * Convert CSR creation to Rust * put this back * unused * coverage
* Check for CCM support in their tests (#6497)Alex Gaynor2021-10-311-0/+4
| | | Needed for BoringSSL (https://github.com/pyca/cryptography/pull/5305)
* support bmpstring and universalstring decoding in name (#6492)Paul Kehrer2021-10-291-0/+35
| | | | | | | | * support bmpstring and universalstring decoding in name this doesn't fix BMPString/UniversalString in DisplayText; that requires altering our implementation or adding those types to rust-asn1 * cargo fmt
* Convert x.509 certificate generation to Rust (#6479)Alex Gaynor2021-10-292-23/+2
| | | | | | | | | | | * Convert x.509 certificate generation to Rust * flake8 * Coverage shenangins * moar hashes * moar hashes
* Attempt to turn FIPS small RSA errors into something useful (#6487)Alex Gaynor2021-10-291-0/+9
| | | | | | | | | * Attempt to turn FIPS small RSA errors into something useful * Black * fix * doh
* add two additional DSA signature algorithm oids & test dsa_with_sha224 (#6483)Paul Kehrer2021-10-261-0/+1
|
* expand signing tests to encompass more signature OIDs (#6480)Paul Kehrer2021-10-261-6/+49
| | | | | | | | | * expand signing tests to encompass more signature OIDs also test those OIDs * black * skip sha1 in fips
* Added a test for signing an OCSP response with None as a hash algorithm (#6471)Alex Gaynor2021-10-251-0/+22
|
* Added a test for signing an OCSP response with an unknown private key type ↵Alex Gaynor2021-10-251-0/+22
| | | | | | | (#6469) * Added a test for signing an OCSP response with an unknown private key type * Update test_ocsp.py
* Added a test for signing an OCSP response with an invalid hash (#6468)Alex Gaynor2021-10-251-0/+29
| | | | | * Added a test for signing an OCSP response with an invalid hash * Fix for libressl
* Added test for signing an unknown cert status response (#6467)Alex Gaynor2021-10-251-0/+27
| | | | | | | * Added test for signing an unknown cert status response refs #6460 * Update test_ocsp.py
* Revert "Ban cffi version that makes CI sad (#6418)" (#6441)Alex Gaynor2021-10-191-21/+23
| | | | | | | | | * Revert "Ban cffi version that makes CI sad (#6418)" This reverts commit bba65084eadca64776d520004ded10375ab5d30e. * Run the necessary teardown code always * Restore this
* Make memleak test assertion more precise (#6440)Alex Gaynor2021-10-191-1/+1
|
* port some crl extensions, refactor a bit (#6425)Paul Kehrer2021-10-171-1/+16
| | | | | | | * port some crl extensions, refactor a bit * add a test * black
View Lorry Controller Status