| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
* Fix version
* Prepare 17.2.0
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Write a test - signatures with EC keys (#609)
* Ask for signature length before allocating a buffer.
This fixes a potential heap buffer overflow that may happen when a signature
is longer than the private key, as with X9.62 ECDSA (#609).
* change approach to EVP_PKEY_size and add changelog
* add a small assert
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* document set_default_verify_paths caveats
fixes #642
* add a bit more detail
* weasel words
|
|
|
| |
fixes #663
|
|
|
|
|
|
|
|
|
|
|
|
| |
* fix #664
bytes and strings are different things.
* update changelog
* let's just make the sentinel values byte strings
* flake8
|
| |
|
|
|
|
|
|
| |
* move deps to extras
* this file is gone
|
|
|
|
|
|
| |
* FIxed #266 -- attempt to deflake our tests
* typo
|
|
|
|
|
|
| |
* Fixed #657 -- handle OverflowErrors on large allocation requests
* always be overflowing
|
|
|
|
|
|
|
|
| |
* Fixed #631 -- deprecate all of OpenSSL.rand
* syntax fix
* flake8
|
| |
|
|
|
|
|
|
| |
* Prepare 17.1.0
* Fix changelog markup
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Removed the deprecated md5 default on CRL.export()
* Doh
* unused import
* fixed tests
* last one
* py3k!!!!!
|
|
|
| |
Add semantic newlines and parens that make functions and methods more obvious.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Simplify code
* dead code
* unused...
* write imports normally
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fixed #461 -- make the tests pass when SSLv3 isn't supported
We no longer support OpenSSL 1.0.0, so TLSv1.2 should always be available and this code can be simplified.
* Try the opposite direction?
* Another shot at getting this passing
* uhhh
* grump
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* try loading trusted certs from a list of fallbacks
pyca/cryptography will shortly begin shipping a wheel. Since
SSL_CTX_set_default_verify_paths uses a hardcoded path compiled into the
library, this will start failing to load the proper certificates for
users on many linux distributions. To avoid this we can use the Go
solution of iterating over a list of potential candidates and loading
it when found.
* capath is lazy loaded so we need to do a lot more checks
This now checks to see if env vars are set as well as seeing if the
dir exists and has valid certs in it. If either of those are true (or
the number of certs is > 0) it won't load the fallback. If it does do
the fallback it will also attempt to load certs from a dir as a final
fallback
* remove an early return
* this shouldn't be commented out
* oops
* very limited testing
* sigh, can't use these py3 exceptions of course
* expand the tests a bit
* coverage!
* don't need this now
* change the approach to use a pyca/cryptography guard value
* test fix
* older python sometimes calls itself linux2
* flake8
* add changelog
* coverage
* slash opt
|
|
|
|
|
|
|
|
| |
* dump_privatekey with FILETYPE_TEXT only supports RSA keys
FILETYPE_TEXT is terrible but everyone hold their nose
* also verify it's a pkey
|
|
|
|
|
|
| |
* add to_cryptography/from_cryptography on CRL and X509Req
* add changelog entry
|
|
|
|
|
|
|
|
| |
* Fixed #486 -- deprecate the backwards compat names
* remove the docs for these, pretend they don't exist
* CHANGELOG
|
|
|
|
|
|
| |
* Added an API for converting X509 to/from cryptography
* changelog
|
| |
|
|
|
|
|
|
|
|
| |
* update docs and and changelog for #612
* update changelog
* more detail
|
|
|
|
|
|
| |
* Fix invalid cast from ASN1_TIME to ASN1_GENERALIZEDTIME, which ends up with an error with LibreSSL.
* Require cryptography >= 1.9
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* the root cert expired, make a new one (using the same values)
The new one lasts 20 years. If this project is still in use in 20 years
we have failed.
* this is the same cert. wtf
* replace the other certs we need to replace...
* this too
|
|
|
|
| |
This also gets us a more up-to-date homebrew so it doesn't have to do a
massive migration.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* urllib3 uses pytest now, also use trusty
* more improvements
* keep modernizing
* try trusty later.
* revert
* still try for trusty, back to the right pypy
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Drop the deprecated rand.egd function
* Removed egd tests
* Removed egd docs
* Document the removal
* unused imports
* Update CHANGELOG.rst
|
|
|
| |
We don’t support 0.9.8 anymore.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add an informative __main__.py
Give users an easy way to figure out what versions they're running.
* Why not more info!
* Add test
* No empty last line
* Make @alex happy
* DIAF Python 2.6
* Add cffi's version
* Make debug a module
* Add cryptography's compile-time OpenSSL
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
* Prepare for 17.0.0
Fix a bunch URLs and account for the non-existance of 16.3.
* Fix codecov link
|
| |
|
|
|
|
|
|
| |
* Fix broken link described in #610
* Fix two other broken links
|
| |
|
|
|
|
|
|
| |
* limit SSL_write bufsize to avoid OverflowErrors
* fix .send() truncation, add test
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Modify tests to detect empty crypto.Errors from load_privatekey
This reproduces #119 and #456.
* Prevent _PassphraseHelper.raise_if_problem() from eating exceptions.
This resolves #119, resolves #456.
`_PassphraseHelper.raise_if_problem()` always flushes the OpenSSL
exception queue, but does not always raise an exception. In some cases,
other code attempts to raise an error from OpenSSL after
`raise_if_problem()` has flushed the queue, thus causing an empty
exception to be raised (i.e. `raise Error([])`).
This commit modifies `_PassphraseHelper.raise_if_problem` to flush the
OpenSSL error queue only if it has en exception to raise. Subsequent
code that detects an error should now be able to raise an non-empty
exception.
* Add CHANGELOG entry for #581.
|
| |
|
| |
|