| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
* fix testing against cryptography main branch and improve twisted
* oops
|
|
|
|
|
|
|
|
|
|
|
| |
* Reject invalid versions in X509Req.set_version
* Update CHANGELOG.rst
Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
---------
Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
|
|
|
|
|
| |
* port changelog
* forward port the nid2sn workaround
|
| |
|
|
|
|
|
| |
* parallel twisted tests and newer mypy
* update mypy env
|
| |
|
|
|
|
|
| |
* fix tests on Windows, add Windows CI
* remove test safeguards from coverage
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for DTLS timeouts
When performing a DTLS handshake, the DTLS state machine may need to be
updated based on the passage of time, for instance in response to packet
loss.
OpenSSL supports this by means of the `DTLSv1_get_timeout` and
`DTLSv1_handle_timeout` methods, both of which are included in
cryptography's bindings. This change adds Python wrappers for these
methods in the `Connection` class.
|
|
|
|
|
| |
* Reformat code using black 23.x
* fix compat with tox 4
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
* fixes #1173
make the x509extension docs more clear
* Update crypto.py
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fix CRL nextUpdate handling.
When setting the nextUpdate field of a CRL, this code grabbed the
nextUpdate ASN1_TIME field from the CRL and set its time. But nextUpdate
is optional in a CRL so that field is usually NULL. But OpenSSL's
ASN1_TIME_set_string succeeds when the destination argument is NULL, so
it was silently a no-op.
Given that, the call in a test to set the nextUpdate field suddenly
starts working and sets the time to 2018, thus causing the CRL to be
considered expired and breaking the test. So this change also changes
the expiry year far into the future.
Additionally, the other CRL and Revoked setters violate const in the
API.
Fixes #1168.
* Replace self-check with an assert for coverage
* Update src/OpenSSL/crypto.py
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
|
|
|
|
| |
The bio was never freed, or used. sometime is never freed. While I'm
here, check return values for all the functions called here.
|
|
|
|
|
|
|
|
|
| |
* Add support for X509_V_FLAG_PARTIAL_CHAIN
* Remove unneeded import
* Update changelog to add PR number.
* Fix whitespace issue identified by black
|
|
|
|
|
| |
* fixes for tox4
* Update tox.ini
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [dessant/lock-threads](https://github.com/dessant/lock-threads) from 3 to 4.
- [Release notes](https://github.com/dessant/lock-threads/releases)
- [Changelog](https://github.com/dessant/lock-threads/blob/master/CHANGELOG.md)
- [Commits](https://github.com/dessant/lock-threads/compare/v3...v4)
---
updated-dependencies:
- dependency-name: dessant/lock-threads
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
| |
|
| |
|
| |
|
|
|
| |
don't leave comment out code, and use append rather than += on lists
|
|
|
|
|
| |
* add attributes only conditionally
* fix flake8
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
(#1147)
* disallow latest sphinx release because it doesn't work with sphinx_rtd_theme
* Update test_ssl.py
* black
|
|
|
|
|
|
|
|
|
|
|
| |
* add `Connection.use_(certificate|privatekey)`
* bump minimum cryptography version
* deduplicate tests
* black!
* max line length
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Switch to the new utils.deprecation spelling
The new spelling was introduced in
https://github.com/pyca/cryptography/pull/6923 and is more friendly to
type checkers.
Version-wise, that PR appears to be in cryptography 37.0.0, which is now
beyond the minimum version for pyOpenSSL.
* reformat
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Don't test that invalid RSA keys can be imported
test_check_pr_897 asserts that an invalid key is correctly detected as
invalid. However, in doing so, it also asserts that the invalid key is
considered *valid* at parse time.
Ideally, the underlying cryptography library would just call
RSA_check_key during parsing, but it would then fail this test. Make the
test more tolerant by allow either parsing or checking to throw an
error.
* Review comments, and also update the other test
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* OpenSSL/crypto: make X509StoreContextError's message friendlier
Closes #1132.
Signed-off-by: William Woodruff <william@trailofbits.com>
* tests: update exception tests
Signed-off-by: William Woodruff <william@trailofbits.com>
* OpenSSL/crypto: blacken
Signed-off-by: William Woodruff <william@trailofbits.com>
* CHANGELOG: record changes
Signed-off-by: William Woodruff <william@trailofbits.com>
|
| |
|
|
|
| |
This was added to pyca/cryptography at https://github.com/pyca/cryptography/commit/0fe4583d40b0a99feecc1dc33f96fa15002b443f
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 3 to 4.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v3...v4)
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* crypto: Add type annotations
* Don’t redefine var
mypy complains about the redefinition
* _util: Add type annotations
* rand: Add type annotations
* Prepare package & CI for running mypy
* fix toxenv name
Co-authored-by: Maximilian Hils <github@maximilianhils.com>
|
|
|
|
|
|
| |
get_notAfter() can return None.
Instead of raising a NoneType error, raise a ValueError which tells
us why it failed.
|
|
|
|
|
|
|
|
|
|
|
| |
* add `Connection.set_verify`, fix #255
* show that it works with cryptography main
* Revert "show that it works with cryptography main"
This reverts commit fb0136a8e5aa5d2c6e0c16f8f4ecee2f3c72a16b.
* make it black
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Certificate versions go up to v3 (numeric value 2), CRLs go up to v2
(numeric value 1), and CSRs go up to v1 (numeric value 0). This CL fixes
the following issues:
- Add a missing check to the return value of X509_set_version
- Fix crlDataUnsupportedExtension which had an invalid CRL version.
- Switch TestX509.test_version to test valid versions, so it doesn't
prevent OpenSSL or an OpenSSL derivative from checking for invalid
versions.
- Make TestX509Req.test_version tolerate set_version(1) failing on CSRs.
Since there's nothing useful to test otherwise, I've made the test
work for either possible backend behavior.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* repair CI
* more fixes
* pypy39 requires latest cryptography
* Apply suggestions from code review
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* use constant
* bump minimum version
* remove unneeded try
* fix
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
|
|
|
|
| |
a) It's already called by initializing the Bindings in cryptography
b) I'm pretty sure it's not actually necessary at all
|
| |
|
| |
|
| |
|
| |
|