| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
The bio was never freed, or used. sometime is never freed. While I'm
here, check return values for all the functions called here.
|
|
|
|
|
|
|
|
|
| |
* Add support for X509_V_FLAG_PARTIAL_CHAIN
* Remove unneeded import
* Update changelog to add PR number.
* Fix whitespace issue identified by black
|
|
|
| |
don't leave comment out code, and use append rather than += on lists
|
|
|
|
|
| |
* add attributes only conditionally
* fix flake8
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* add `Connection.use_(certificate|privatekey)`
* bump minimum cryptography version
* deduplicate tests
* black!
* max line length
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Switch to the new utils.deprecation spelling
The new spelling was introduced in
https://github.com/pyca/cryptography/pull/6923 and is more friendly to
type checkers.
Version-wise, that PR appears to be in cryptography 37.0.0, which is now
beyond the minimum version for pyOpenSSL.
* reformat
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* OpenSSL/crypto: make X509StoreContextError's message friendlier
Closes #1132.
Signed-off-by: William Woodruff <william@trailofbits.com>
* tests: update exception tests
Signed-off-by: William Woodruff <william@trailofbits.com>
* OpenSSL/crypto: blacken
Signed-off-by: William Woodruff <william@trailofbits.com>
* CHANGELOG: record changes
Signed-off-by: William Woodruff <william@trailofbits.com>
|
| |
|
|
|
| |
This was added to pyca/cryptography at https://github.com/pyca/cryptography/commit/0fe4583d40b0a99feecc1dc33f96fa15002b443f
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* crypto: Add type annotations
* Don’t redefine var
mypy complains about the redefinition
* _util: Add type annotations
* rand: Add type annotations
* Prepare package & CI for running mypy
* fix toxenv name
Co-authored-by: Maximilian Hils <github@maximilianhils.com>
|
|
|
|
|
|
| |
get_notAfter() can return None.
Instead of raising a NoneType error, raise a ValueError which tells
us why it failed.
|
|
|
|
|
|
|
|
|
|
|
| |
* add `Connection.set_verify`, fix #255
* show that it works with cryptography main
* Revert "show that it works with cryptography main"
This reverts commit fb0136a8e5aa5d2c6e0c16f8f4ecee2f3c72a16b.
* make it black
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Certificate versions go up to v3 (numeric value 2), CRLs go up to v2
(numeric value 1), and CSRs go up to v1 (numeric value 0). This CL fixes
the following issues:
- Add a missing check to the return value of X509_set_version
- Fix crlDataUnsupportedExtension which had an invalid CRL version.
- Switch TestX509.test_version to test valid versions, so it doesn't
prevent OpenSSL or an OpenSSL derivative from checking for invalid
versions.
- Make TestX509Req.test_version tolerate set_version(1) failing on CSRs.
Since there's nothing useful to test otherwise, I've made the test
work for either possible backend behavior.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* repair CI
* more fixes
* pypy39 requires latest cryptography
* Apply suggestions from code review
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* use constant
* bump minimum version
* remove unneeded try
* fix
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
|
|
|
|
| |
a) It's already called by initializing the Bindings in cryptography
b) I'm pretty sure it's not actually necessary at all
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* flake8-import-order
* make sure bad import orders fail
* flake8-import-order
* add application name to flake8 section
* correct import order for openssl as application
|
|
|
|
|
|
|
| |
* don't block ec/ed keys from_cryptography_key()
* clean up test comments
* properly describe test
|
| |
|
| |
|
|
|
|
|
|
|
| |
X509Name does only inherit from object, which has no __getattr__() method.
By accident this also raised an AttributeError but the error message
is confusing.
This commit now raises the AttributeError with a descriptive message.
|
|
|
|
|
|
|
|
|
|
|
| |
* X509Name: Use functools.totalordering for comparisons
- Reduce the magic
- Make it more readable
- Make it easier to add type annotations in the future
* Correctly return NotImplemented
* Add new comparison test case
|
|
|
| |
In python3 all classes inherit by default from object
|
|
|
|
| |
- hex() returns always str
- don’t redefine variable
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
| |
Instead just decode stuff at the call-sites -- 100% of which were passing bytes
|
| |
|
|
|
|
|
| |
And also whatever supports the protocol.
Way more pythonic now!
|
|
|
| |
It has been a no-op (when called from an _instance_ of Binding) since 3.3
|
| |
|
|
|
|
|
| |
* use more functions guaranteed available in cryptography 35.0
* these are also guaranteed
|
|
|
|
| |
They are a noop on 1.1.0+ and pyOpenSSL only supports 1.1.0+ now due to
cryptography versions
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Expose DTLS_METHOD and friends
* Expose OP_NO_RENEGOTIATION
* Expose DTLS MTU-related functions
* Expose DTLSv1_listen and associated callbacks
* Add a basic DTLS test
* Cope with old versions of openssl/libressl
* blacken
* Soothe flake8
* Add temporary hack to skip DTLS test on old cryptography versions
* Update for cryptography v35 release
* Add changelog entry
* Fix versionadded::
* get_cleartext_mtu doesn't exist on decrepit old openssl
* Rewrite DTLS test to work around stupid OpenSSL misbehavior
* flake8 go away
* minor tidying
|
|
|
|
|
|
|
| |
* Check for invalid ALPN lists before calling OpenSSL, for consistency
Fixes gh-1043
* Soothe flake8
|
|
|
|
|
|
|
|
|
|
|
| |
* py27 going, going, gone
* black
* more black
* ok then
* forgot to remove pypy2
|
| |
|
| |
|
| |
|