summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Expose X509_V_* constants (#1202)HEADmainItamar Turner-Trauring2023-04-283-1/+112
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Expose X509_V_* constants. * Switch to strategy where cryptography 40.0.2 exposes the constants. * Fix bad merge. * Fix flake. * Link to PR. * Check availability, rather than versions. * Add namespacing. * Add success code to namespace. * Fix lint. * Remove unnecessary conditional. * Update CHANGELOG.rst Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> --------- Co-authored-by: Itamar Turner-Trauring <itamar@pythonspeed.com> Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* fix sphinx config for new version (#1214)Alex Gaynor2023-04-281-2/+2
|
* remove X509StoreFlags.NOTIFY_POLICY (#1213)Paul Kehrer2023-04-214-2/+5
| | | | | | | | | * remove X509StoreFlags.NOTIFY_POLICY fixes #1212 * also fix twisted * more CI fixes, sigh
* fix testing against cryptography main branch and improve twisted (#1209)Paul Kehrer2023-04-142-6/+5
| | | | | * fix testing against cryptography main branch and improve twisted * oops
* Reject invalid versions in X509Req.set_version (#1208)Alex Gaynor2023-04-013-9/+11
| | | | | | | | | | | * Reject invalid versions in X509Req.set_version * Update CHANGELOG.rst Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com> --------- Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
* port changelog (#1205)Paul Kehrer2023-03-273-2/+32
| | | | | * port changelog * forward port the nid2sn workaround
* reopen main (#1200)Alex Gaynor2023-03-253-2/+13
|
* parallel twisted tests and newer mypy (#1197)Paul Kehrer2023-03-242-5/+5
| | | | | * parallel twisted tests and newer mypy * update mypy env
* 23.1.0 version bump (#1196)23.1.0Alex Gaynor2023-03-244-4/+5
|
* Fix tests on Windows, add Windows CI (#1186)Maximilian Hils2023-02-134-35/+48
| | | | | * fix tests on Windows, add Windows CI * remove test safeguards from coverage
* Add support for DTLS timeouts (#1180)Jeremy Lainé2023-02-133-4/+76
| | | | | | | | | | | | Add support for DTLS timeouts When performing a DTLS handshake, the DTLS state machine may need to be updated based on the passage of time, for instance in response to packet loss. OpenSSL supports this by means of the `DTLSv1_get_timeout` and `DTLSv1_handle_timeout` methods, both of which are included in cryptography's bindings. This change adds Python wrappers for these methods in the `Connection` class.
* Fix CI (#1185)Maximilian Hils2023-02-134-5/+3
| | | | | * Reformat code using black 23.x * fix compat with tox 4
* install tox into venv (#1181)Alex Gaynor2023-01-221-0/+1
|
* Reopen main (#1176)Alex Gaynor2023-01-022-1/+13
|
* 23.0.0 version bump (#1175)23.0.0Alex Gaynor2023-01-023-4/+5
|
* fixes #1173 (#1174)Alex Gaynor2022-12-291-1/+2
| | | | | | | * fixes #1173 make the x509extension docs more clear * Update crypto.py
* Fix CRL nextUpdate handling. (#1169)David Benjamin2022-12-162-10/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Fix CRL nextUpdate handling. When setting the nextUpdate field of a CRL, this code grabbed the nextUpdate ASN1_TIME field from the CRL and set its time. But nextUpdate is optional in a CRL so that field is usually NULL. But OpenSSL's ASN1_TIME_set_string succeeds when the destination argument is NULL, so it was silently a no-op. Given that, the call in a test to set the nextUpdate field suddenly starts working and sets the time to 2018, thus causing the CRL to be considered expired and breaking the test. So this change also changes the expiry year far into the future. Additionally, the other CRL and Revoked setters violate const in the API. Fixes #1168. * Replace self-check with an assert for coverage * Update src/OpenSSL/crypto.py Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* Fix some memory leaks in CRL.export (#1170)David Benjamin2022-12-161-8/+11
| | | | The bio was never freed, or used. sometime is never freed. While I'm here, check return values for all the functions called here.
* Add support for X509_V_FLAG_PARTIAL_CHAIN (#1166)vEpiphyte2022-12-154-0/+18
| | | | | | | | | * Add support for X509_V_FLAG_PARTIAL_CHAIN * Remove unneeded import * Update changelog to add PR number. * Fix whitespace issue identified by black
* fixes for tox4 (#1167)Alex Gaynor2022-12-161-3/+9
| | | | | * fixes for tox4 * Update tox.ini
* Bump dessant/lock-threads from 3 to 4 (#1165)dependabot[bot]2022-12-051-1/+1
| | | | | | | | | | | | | | | | | | Bumps [dessant/lock-threads](https://github.com/dessant/lock-threads) from 3 to 4. - [Release notes](https://github.com/dessant/lock-threads/releases) - [Changelog](https://github.com/dessant/lock-threads/blob/master/CHANGELOG.md) - [Commits](https://github.com/dessant/lock-threads/compare/v3...v4) --- updated-dependencies: - dependency-name: dessant/lock-threads dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Make some handshakes in tests less flaky. (#1163)Theodore Ni2022-12-021-12/+13
|
* run Python 3.6 CI on Ubuntu 20.04 (#1164)Maximilian Hils2022-12-021-5/+5
|
* Add support for Python 3.11 (#1161)Hugo van Kemenade2022-11-053-1/+5
|
* style cleanups from recent PR (#1159)Alex Gaynor2022-10-211-6/+3
| | | don't leave comment out code, and use append rather than += on lists
* add attributes only conditionally (#1158)Ben Greiner2022-10-221-3/+6
| | | | | * add attributes only conditionally * fix flake8
* fix changelog for 22.1 release. (#1150)Paul Kehrer2022-09-251-2/+3
|
* Reopen main (#1149)Alex Gaynor2022-09-252-1/+14
|
* Bump for 22.1.0 release (#1148)22.1.0Alex Gaynor2022-09-251-2/+2
|
* disallow latest sphinx release because it doesn't work with sphinx_rtd_theme ↵Alex Gaynor2022-09-252-1/+3
| | | | | | | | | (#1147) * disallow latest sphinx release because it doesn't work with sphinx_rtd_theme * Update test_ssl.py * black
* add `Connection.use_(certificate|privatekey)` (#1121)Maximilian Hils2022-09-165-44/+107
| | | | | | | | | | | * add `Connection.use_(certificate|privatekey)` * bump minimum cryptography version * deduplicate tests * black! * max line length
* fixes #1143 -- pin cryptography max version to prevent future pain (#1145)Alex Gaynor2022-09-161-1/+1
|
* Move away from the SSLEAY name (#1144)Alex Gaynor2022-09-163-17/+35
|
* Switch to the new utils.deprecation spelling (#1140)David Benjamin2022-08-131-2/+4
| | | | | | | | | | | | * Switch to the new utils.deprecation spelling The new spelling was introduced in https://github.com/pyca/cryptography/pull/6923 and is more friendly to type checkers. Version-wise, that PR appears to be in cryptography 37.0.0, which is now beyond the minimum version for pyOpenSSL. * reformat
* Don't test that invalid RSA keys can be imported (#1139)David Benjamin2022-08-121-4/+6
| | | | | | | | | | | | | | * Don't test that invalid RSA keys can be imported test_check_pr_897 asserts that an invalid key is correctly detected as invalid. However, in doing so, it also asserts that the invalid key is considered *valid* at parse time. Ideally, the underlying cryptography library would just call RSA_check_key during parsing, but it would then fail this test. Make the test more tolerant by allow either parsing or checking to throw an error. * Review comments, and also update the other test
* Fix docs in `SSL.Context.get_alpn_proto_negotiated` (#1137)Nikita Sobolev2022-07-231-1/+1
|
* Make `X509StoreContextError`'s message friendlier (#1133)William Woodruff2022-07-073-16/+23
| | | | | | | | | | | | | | | | | | | * OpenSSL/crypto: make X509StoreContextError's message friendlier Closes #1132. Signed-off-by: William Woodruff <william@trailofbits.com> * tests: update exception tests Signed-off-by: William Woodruff <william@trailofbits.com> * OpenSSL/crypto: blacken Signed-off-by: William Woodruff <william@trailofbits.com> * CHANGELOG: record changes Signed-off-by: William Woodruff <william@trailofbits.com>
* Fix incorrect documentation on X509Req.set_version #1130 (#1131)Amir Omidi2022-06-281-1/+1
|
* Expose SSL_OP_IGNORE_UNEXPECTED_EOF (#1127)dreid2022-06-091-0/+6
| | | This was added to pyca/cryptography at https://github.com/pyca/cryptography/commit/0fe4583d40b0a99feecc1dc33f96fa15002b443f
* Bump actions/setup-python from 3 to 4 (#1126)dependabot[bot]2022-06-091-1/+1
| | | | | | | | | | | | | | | | Bumps [actions/setup-python](https://github.com/actions/setup-python) from 3 to 4. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* add explicit permissions to lock workflow (#1125)Paul Kehrer2022-05-271-0/+3
|
* Update bdist_rpm option build_requires (#1013)陳傑夫2022-05-200-0/+0
|
* Add inline type annotations (#1089)lovetox2022-05-207-203/+319
| | | | | | | | | | | | | | | | | * crypto: Add type annotations * Don’t redefine var mypy complains about the redefinition * _util: Add type annotations * rand: Add type annotations * Prepare package & CI for running mypy * fix toxenv name Co-authored-by: Maximilian Hils <github@maximilianhils.com>
* Handle no expire date in X509.has_expire() (#1083)lovetox2022-05-132-1/+12
| | | | | | get_notAfter() can return None. Instead of raising a NoneType error, raise a ValueError which tells us why it failed.
* add `Connection.set_verify`, fix #255 (#1073)Maximilian Hils2022-05-133-0/+79
| | | | | | | | | | | * add `Connection.set_verify`, fix #255 * show that it works with cryptography main * Revert "show that it works with cryptography main" This reverts commit fb0136a8e5aa5d2c6e0c16f8f4ecee2f3c72a16b. * make it black
* Fix X.509 version handling. (#1123)David Benjamin2022-05-122-9/+16
| | | | | | | | | | | | | | | | | Certificate versions go up to v3 (numeric value 2), CRLs go up to v2 (numeric value 1), and CSRs go up to v1 (numeric value 0). This CL fixes the following issues: - Add a missing check to the return value of X509_set_version - Fix crlDataUnsupportedExtension which had an invalid CRL version. - Switch TestX509.test_version to test valid versions, so it doesn't prevent OpenSSL or an OpenSSL derivative from checking for invalid versions. - Make TestX509Req.test_version tolerate set_version(1) failing on CSRs. Since there's nothing useful to test otherwise, I've made the test work for either possible backend behavior.
* Update README for new IRC channel (#1115)Alex Gaynor2022-05-121-1/+1
|
* repair CI (#1116)Paul Kehrer2022-05-117-30/+56
| | | | | | | | | | | | | | | | | | | | | * repair CI * more fixes * pypy39 requires latest cryptography * Apply suggestions from code review Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> * use constant * bump minimum version * remove unneeded try * fix Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* Remove SSL_library_init call (#1110)Alex Gaynor2022-03-211-5/+0
| | | | a) It's already called by initializing the Bindings in cryptography b) I'm pretty sure it's not actually necessary at all
* Implement Context constructor in terms of new OpenSSL APIs (#1109)Alex Gaynor2022-03-143-25/+17
|
View Lorry Controller Status