| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
| |
2566 is not a valid digest, whoops!
|
|
|
|
|
|
|
|
|
|
|
|
| |
* more infra changes
* upgrade pypy
* still run a test against 1.0.1
* we don't need this builder
* ...
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
rtype for the following was incorrect:
X509Req.from_cryptography
X509.from_cryptography
|
|
|
|
|
|
|
|
|
|
|
| |
* Handle NULL bytes in get_components() values
Some old software may generate "bogus" CN with each character preceded
by a NULL.
This is already handled in commonName, but wasn't in get_components()
* review fixes (fix py3 test & avoid unpack/cast)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* fix openssl CLI testing for 1.1.1
* various 1.1.1 related fixes
some of which are just admitting TLS 1.3 is fundamentally different and
pinning the tests to TLS 1.2
* flake8 fixes
* allow travis_infra env var through
* fix twisted
|
| |
|
| |
|
|
|
|
|
|
| |
* X509Store.add_cert no longer raises an error on duplicate cert
* move changelog entry
|
| |
|
|
|
|
|
|
|
| |
My system apparently has larger socket buffers than this test assumes,
so it fails. (Debian 9, Linux 4.16, Python 3.7)
So let's increase the size of the buffers such that it works for me.
This was the smallest power of 2 that worked.
|
|
|
|
|
|
|
|
| |
* Added py37 to travis
* Added py37 trove classifier
* Added py37 to tox
|
|
|
| |
Not much point in making it otherwise.
|
|
|
|
|
|
|
|
|
| |
The ownership semantics of SSL_set_tlsext_status_ocsp_resp are not as
complex as the comment suggests. There's no leak or complex lifetime.
It's an ownership transfer of an OPENSSL_malloc'd buffer. The
documentation is lacking, and making the copy internally would have been
tidier (though less efficient if the OCSP response where generated by
i2d_OCSP_RESPONSE), but this sort of thing has precedent in OpenSSL's
API.
|
|
|
|
|
|
| |
See also https://github.com/pyca/cryptography/pull/4227. I suspect this
is a no-op since cffi is probably just generating its own function
stubs and every ABI makes const and non-const pointers the same. Still,
better to match things.
|
|
|
|
|
|
| |
* reopen master for 18.1
* there are four dashes
|
| |
|
|
|
|
|
|
|
|
| |
* tell people to stop using this where possible
* links require actual linking
* bolding
|
|
|
|
|
|
|
|
| |
This makes it possible to retrieve the local certificate (if any)
for a Connection.
An example where this is useful is when negotiating a DTLS-SRTP
connection, the fingerprint of the local certificate needs to be
communicated to the remote party out-of-band via SDP.
|
|
|
|
|
|
|
|
|
|
|
| |
* Make sure a NotImplementedError is always raised on Connection.makefile
With this patch, code which calls (for example) conn.makefile('rb') will
get a NotImplementedError instead of a confusing TypeError:
TypeError: makefile() takes 1 positional argument but 2 were given
* ignore any args/kwargs passed
|
|
|
|
| |
This allows negotiating SRTP keying material, which is useful when using
DTLS-SRTP, as WebRTC does for example.
|
|
|
|
|
|
| |
* make codecov stop commenting
* *shakes fist at manifest.in*
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* test using auto retry
* add/update changelog and add comment
* wordsmithing
* Update CHANGELOG.rst
* Update CHANGELOG.rst
|
| |
|
|
|
|
|
|
|
|
| |
* Increase the size of RSA key used in tests for OpenSSL 1.1.1
* here too
* In test_ssl.py as well
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
Without this patch this fails:
>>> from OpenSSL.SSL import *
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/usr/lib/python2.7/dist-packages/cryptography/utils.py", line 124, in __getattr__
obj = getattr(self._module, attr)
AttributeError: 'module' object has no attribute 'SSL_ST_INIT'
|
|
|
|
|
|
|
|
| |
* Use autodoc for OpenSSL.crypto
* Use autodoc for the SSL.Context class
* Use autodoc for SSL.Connection
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* added method to export keying material from an ssl connection
* updated tests to use bytestrings to avoid breaking python3 tests
* added additional comments to test
* simplify export_keying_material
* add changelog
* address review feedback
|
|
|
|
|
|
|
|
| |
* fix a memory leak and a potential UAF and also #722
* sanity check
* bump cryptography minimum version, add changelog
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* restore a subset of the rand module
* flake
* remove cleanup, go ahead and assume status will always be 1
* lighten and add power
|
|
|
|
|
|
|
|
| |
* Don't use things after they're freed...duh
* changelog
* more details
|
|
|
|
|
|
|
|
|
|
| |
* fix errors with latest flake8
* Also fix the macOS builds
* fix?
* allow urllib3 to fail for now
|
|
|
| |
Address issue #701
|