summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Update install docs for suppoted versions of OpenSSLalex-patch-2Alex Gaynor2019-02-021-5/+1
|
* Provide a valid digest option (#811)Wayne Werner2019-01-301-1/+1
| | | 2566 is not a valid digest, whoops!
* more infra changes (#809)Paul Kehrer2019-01-211-21/+14
| | | | | | | | | | | | * more infra changes * upgrade pypy * still run a test against 1.0.1 * we don't need this builder * ...
* Reopen master for 19.1 (#810)Alex Gaynor2019-01-212-1/+25
|
* release 19.0.0 (#808)19.0.0Paul Kehrer2019-01-212-2/+2
|
* changelog and call it 19 now (#807)Paul Kehrer2019-01-212-3/+7
|
* upgrade macos builders to newer travis image (#806)Paul Kehrer2019-01-211-2/+2
|
* add key types consts (#776)Igr2019-01-211-0/+2
|
* Fixes incorrect rtype in documentation (#802)Gaurav Malhotra2019-01-211-2/+2
| | | | | rtype for the following was incorrect: X509Req.from_cryptography X509.from_cryptography
* Handle NULL bytes in get_components() values (#804)Romuald Brunet2019-01-212-5/+16
| | | | | | | | | | | * Handle NULL bytes in get_components() values Some old software may generate "bogus" CN with each character preceded by a NULL. This is already handled in commonName, but wasn't in get_components() * review fixes (fix py3 test & avoid unpack/cast)
* Hypothetically fixes pyOpenSSL tests (#805)Paul Kehrer2019-01-215-32/+52
| | | | | | | | | | | | | | | * fix openssl CLI testing for 1.1.1 * various 1.1.1 related fixes some of which are just admitting TLS 1.3 is fundamentally different and pinning the tests to TLS 1.2 * flake8 fixes * allow travis_infra env var through * fix twisted
* Update OpenSSL manpage link to x509v3_config (#789)Cyril Stoller2018-08-271-1/+1
|
* Add note on zero-based certificate version value (#790)Cyril Stoller2018-08-271-1/+2
|
* X509Store.add_cert no longer raises an error on duplicate cert (#787)Paul Kehrer2018-08-233-7/+16
| | | | | | * X509Store.add_cert no longer raises an error on duplicate cert * move changelog entry
* Fixes #784 -- bump minimum cryptography version (#785)Alex Gaynor2018-08-102-2/+2
|
* fix wantWriteError to error even with big socket buffers (#782)catern2018-08-091-1/+1
| | | | | | | My system apparently has larger socket buffers than this test assumes, so it fails. (Debian 9, Linux 4.16, Python 3.7) So let's increase the size of the buffers such that it works for me. This was the smallest power of 2 that worked.
* Added py37 (#772)Alex Gaynor2018-07-043-1/+15
| | | | | | | | * Added py37 to travis * Added py37 trove classifier * Added py37 to tox
* Only allocate exponent in the TYPE_RSA path. (#767)David Benjamin2018-06-051-5/+5
| | | Not much point in making it otherwise.
* Tone down the comment around SSL_set_tlsext_status_ocsp_resp. (#764)David Benjamin2018-05-221-7/+2
| | | | | | | | | The ownership semantics of SSL_set_tlsext_status_ocsp_resp are not as complex as the comment suggests. There's no leak or complex lifetime. It's an ownership transfer of an OPENSSL_malloc'd buffer. The documentation is lacking, and making the copy internally would have been tidier (though less efficient if the OCSP response where generated by i2d_OCSP_RESPONSE), but this sort of thing has precedent in OpenSSL's API.
* Fix SSL_CTX_set_tlsext_servername_callback type signature. (#763)David Benjamin2018-05-221-1/+1
| | | | | | See also https://github.com/pyca/cryptography/pull/4227. I suspect this is a no-op since cffi is probably just generating its own function stubs and every ABI makes const and non-const pointers the same. Still, better to match things.
* reopen master for 18.1 (#761)Paul Kehrer2018-05-162-1/+25
| | | | | | * reopen master for 18.1 * there are four dashes
* 18.0.0 release time (#760)18.0.0Paul Kehrer2018-05-162-2/+2
|
* tell people to stop using this where possible (#759)Paul Kehrer2018-05-161-1/+5
| | | | | | | | * tell people to stop using this where possible * links require actual linking * bolding
* Add Connection.get_certificate method (#733)Jeremy Lainé2018-05-163-0/+39
| | | | | | | | This makes it possible to retrieve the local certificate (if any) for a Connection. An example where this is useful is when negotiating a DTLS-SRTP connection, the fingerprint of the local certificate needs to be communicated to the remote party out-of-band via SDP.
* Make sure a NotImplementedError is always raised on Connection.makefile() (#744)Ayke2018-05-161-1/+1
| | | | | | | | | | | * Make sure a NotImplementedError is always raised on Connection.makefile With this patch, code which calls (for example) conn.makefile('rb') will get a NotImplementedError instead of a confusing TypeError: TypeError: makefile() takes 1 positional argument but 2 were given * ignore any args/kwargs passed
* Add Context.set_tlsext_use_srtp (#734)Jeremy Lainé2018-05-163-0/+46
| | | | This allows negotiating SRTP keying material, which is useful when using DTLS-SRTP, as WebRTC does for example.
* make codecov stop commenting (#756)Paul Kehrer2018-05-142-1/+2
| | | | | | * make codecov stop commenting * *shakes fist at manifest.in*
* Fixed a handful of typos (#755)Alex Gaynor2018-05-142-2/+2
|
* Always enable auto retry (#753)Paul Kehrer2018-05-142-2/+8
| | | | | | | | | | | | * test using auto retry * add/update changelog and add comment * wordsmithing * Update CHANGELOG.rst * Update CHANGELOG.rst
* Make the changelog consistent (#754)Alex Gaynor2018-05-141-3/+3
|
* Increase the size of RSA key used in tests for OpenSSL 1.1.1 (#750)Alex Gaynor2018-05-122-5/+5
| | | | | | | | * Increase the size of RSA key used in tests for OpenSSL 1.1.1 * here too * In test_ssl.py as well
* fixed tests that want SNI (#751)Alex Gaynor2018-05-121-0/+1
|
* Switch to xcode_image 9.3 (#752)Alex Gaynor2018-05-121-2/+2
|
* Run tests against pypy3, use travis's pypy/pypy3 (#743)Jeremy Lainé2018-03-212-20/+14
|
* Raise minimum cryptography version to 2.2.1, drop python 2.6 (#742)Jeremy Lainé2018-03-218-47/+13
|
* Don't add not supported SSL_ST_* into _all_, fixies #738 (#739)Ondřej Nový2018-03-011-4/+6
| | | | | | | | | Without this patch this fails: >>> from OpenSSL.SSL import * Traceback (most recent call last): File "<string>", line 1, in <module> File "/usr/lib/python2.7/dist-packages/cryptography/utils.py", line 124, in __getattr__ obj = getattr(self._module, attr) AttributeError: 'module' object has no attribute 'SSL_ST_INIT'
* Use autofocus for all module documentation/docstrings (#737)Alex Chan2018-02-154-881/+282
| | | | | | | | * Use autodoc for OpenSSL.crypto * Use autodoc for the SSL.Context class * Use autodoc for SSL.Connection
* open for 17.6.0 (#727)Paul Kehrer2017-12-012-1/+25
|
* 17.5.0 version bump (#726)17.5.0Paul Kehrer2017-11-302-2/+2
|
* Export keying material support (#725)Paul Kehrer2017-11-303-0/+48
| | | | | | | | | | | | | | * added method to export keying material from an ssl connection * updated tests to use bytestrings to avoid breaking python3 tests * added additional comments to test * simplify export_keying_material * add changelog * address review feedback
* fix a memory leak and a potential UAF and also #722 (#723)Paul Kehrer2017-11-306-11/+36
| | | | | | | | * fix a memory leak and a potential UAF and also #722 * sanity check * bump cryptography minimum version, add changelog
* Pin pytest until we drop 2.6 (#721)Hynek Schlawack2017-11-281-1/+3
|
* define __all__ to make wildcard import work (#719)Nicolas Karolak2017-11-262-0/+128
|
* reopen master (#718)Paul Kehrer2017-11-212-1/+27
|
* Require urllib3 tests to pass; fixes #712 (#716)Alex Gaynor2017-11-221-3/+0
|
* bump to 17.4.0 (#714)17.4.0Paul Kehrer2017-11-212-2/+2
|
* restore a subset of the rand module (#708)Paul Kehrer2017-11-203-0/+81
| | | | | | | | | | * restore a subset of the rand module * flake * remove cleanup, go ahead and assume status will always be 1 * lighten and add power
* Don't use things after they're freed...duh (#709)Alex Gaynor2017-11-203-15/+40
| | | | | | | | * Don't use things after they're freed...duh * changelog * more details
* fix errors with latest flake8 (#710)Alex Gaynor2017-11-204-11/+15
| | | | | | | | | | * fix errors with latest flake8 * Also fix the macOS builds * fix? * allow urllib3 to fail for now
* Improve documentation for passphrase callback (#703)Diego Fernandez2017-10-122-3/+4
| | | Address issue #701
View Lorry Controller Status