delta/python-packages/pyopenssl.git/src/OpenSSL/crypto.py, branch master github.com: pyca/pyopenssl.git fix a memleak (#967) 2020-11-27T21:22:30+00:00 Paul Kehrer paul.l.kehrer@gmail.com 2020-11-27T21:22:30+00:00 09b5d7071846a7abdb8061711ac0d2e561f7260a * fix a memleak * black 
* fix a memleak

* black
 Drop CI for OpenSSL 1.0.2 (#953) 2020-10-27T04:15:17+00:00 Alex Gaynor alex.gaynor@gmail.com 2020-10-27T04:15:17+00:00 124a0134fdb7decb0136b4b6f7892b87b919e74e * Drop CI for OpenSSL 1.0.2 * Delete code for coverage reasons * Bump minimum cryptography version 
* Drop CI for OpenSSL 1.0.2

* Delete code for coverage reasons

* Bump minimum cryptography version
 Fixing issue #798 (#907) 2020-10-18T15:55:40+00:00 jalberdi004 joseba.alberdi@ehu.eus 2020-10-18T15:55:40+00:00 669dcc3488a4803b2c321218def6554805940c48 * Fixing issue #798, thanks to @reaperhulk; removing undocumented '%s' option and getting the date in a more robust way Co-authored-by: Joseba Alberdi <j.alberdi@simuneatomistics.com> Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com> 
* Fixing issue #798, thanks to @reaperhulk; removing undocumented '%s' option and getting the date in a more robust way

Co-authored-by: Joseba Alberdi <j.alberdi@simuneatomistics.com>
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
 Correct typos in crypto.py (#949) 2020-10-14T19:41:20+00:00 Felix Yan felixonmars@archlinux.org 2020-10-14T19:41:20+00:00 3db93f1ad0c3e6f0e3dc5773b492a932b4d6e84a 






crypto._PassphraseHelper: pass non-callable passphrase using callback (#947)
2020-10-13T04:14:19+00:00

Huw Jones
huw@huwcbjones.co.uk

2020-10-13T04:14:19+00:00

cdd6696025b997646497b85cc0db6b27db12f92b

* crypto._PassphraseHelper: pass non-callable passphrase using callback
Fixes #945

Before this commit, we would pass a bytes passphrase as a null terminated string.
This causes issue when a randomly generated key's first byte is null because
OpenSSL rightly determines the key length is 0.
This commit modifies the passphrase helper to pass the passphrase via the
 callback

* Update changelog to document bug fix




* crypto._PassphraseHelper: pass non-callable passphrase using callback
Fixes #945

Before this commit, we would pass a bytes passphrase as a null terminated string.
This causes issue when a randomly generated key's first byte is null because
OpenSSL rightly determines the key length is 0.
This commit modifies the passphrase helper to pass the passphrase via the
 callback

* Update changelog to document bug fix






Allow using additional untrusted certificates for chain building in X509StoreContext (#948)
2020-10-12T13:42:23+00:00

Sándor Oroszi
oroszisam@gmail.com

2020-10-12T13:42:23+00:00

83ef2306a1481e0cf7f53899c390497256711e29

The additional certificates provided in the new `chain` parameter will be
untrusted but may be used to build the chain.

This makes it easier to validate a certificate against a store which
contains only root ca certificates, and the intermediates come from e.g.
the same untrusted source as the certificate to be verified.

Co-authored-by: Sandor Oroszi <sandor.oroszi@balabit.com>




The additional certificates provided in the new `chain` parameter will be
untrusted but may be used to build the chain.

This makes it easier to validate a certificate against a store which
contains only root ca certificates, and the intermediates come from e.g.
the same untrusted source as the certificate to be verified.

Co-authored-by: Sandor Oroszi <sandor.oroszi@balabit.com>






Allow using an OpenSSL hashed directory for verification in X509Store (#943)
2020-09-11T15:17:31+00:00

Sándor Oroszi
oroszisam@gmail.com

2020-09-11T15:17:31+00:00

43c97767afe7aa1dccefec35946dbc8b9cde73a4

Add X509Store.load_locations() to set a CA bundle file and/or an OpenSSL-
style hashed CA/CRL lookup directory, similar to the already existing
SSL.Context.load_verify_locations().

Co-authored-by: Sandor Oroszi <sandor.oroszi@balabit.com>




Add X509Store.load_locations() to set a CA bundle file and/or an OpenSSL-
style hashed CA/CRL lookup directory, similar to the already existing
SSL.Context.load_verify_locations().

Co-authored-by: Sandor Oroszi <sandor.oroszi@balabit.com>






Switch to new notBefore/After APIs (#843)
2020-08-13T19:07:12+00:00

Rosen Penev
rosenp@gmail.com

2020-08-13T19:07:12+00:00

43a23a313ae475310ee0e9734e083de145893c7a

Signed-off-by: Rosen Penev <rosenp@gmail.com>




Signed-off-by: Rosen Penev <rosenp@gmail.com>






Allow accessing a connection's verfied certificate chain (#894)
2020-08-05T23:48:51+00:00

Shane Harvey
shane.harvey@mongodb.com

2020-08-05T23:48:51+00:00

33c5499ce34f5e1c7c2630c6a1446353eee31755

* Allow accessing a connection's verfied certificate chain

Add X509StoreContext.get_verified_chain using X509_STORE_CTX_get1_chain.
Add Connection.get_verified_chain using SSL_get0_verified_chain if
available (ie OpenSSL 1.1+) and X509StoreContext.get_verified_chain
otherwise.
Fixes #740.

* TLSv1_METHOD -> SSLv23_METHOD

* Use X509_up_ref instead of X509_dup

* Add _openssl_assert where appropriate

* SSL_get_peer_cert_chain should not be null

* Reformat with black

* Fix <OpenSSL.crypto.X509 object at 0x7fdbb59e8050> != <OpenSSL.crypto.X509 object at 0x7fdbb59daad0>

* Add Changelog entry

* Remove _add_chain




* Allow accessing a connection's verfied certificate chain

Add X509StoreContext.get_verified_chain using X509_STORE_CTX_get1_chain.
Add Connection.get_verified_chain using SSL_get0_verified_chain if
available (ie OpenSSL 1.1+) and X509StoreContext.get_verified_chain
otherwise.
Fixes #740.

* TLSv1_METHOD -> SSLv23_METHOD

* Use X509_up_ref instead of X509_dup

* Add _openssl_assert where appropriate

* SSL_get_peer_cert_chain should not be null

* Reformat with black

* Fix <OpenSSL.crypto.X509 object at 0x7fdbb59e8050> != <OpenSSL.crypto.X509 object at 0x7fdbb59daad0>

* Add Changelog entry

* Remove _add_chain






Deprecated pkcs7 and pkcs12 support (#921)
2020-08-05T05:14:16+00:00

Alex Gaynor
alex.gaynor@gmail.com

2020-08-05T05:14:16+00:00

bb971ae935059b73830ea2abe3f66391125b2bfb