| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
|
| |
* Uhhh, fix twisted tests to actually run twisted (wat)
* Update tox.ini
|
| |
|
|
|
|
|
|
|
|
|
| |
* fix PKey.check for some broken keys
RSA_check_key is documented to return 1 for valid keys.
It (currently) returns 0 or -1 for invalid ones.
The previous code accepted invalid keys if RSA_check_key returns -1!
* add test
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ALPN: complete handshake without accepting a client's protocols.
The callback passed to `SSL_CTX_set_alpn_select_cb` can return
`SSL_TLSEXT_ERR_NOACK` to allow the handshake to continue without
accepting any of the client's offered protocols.
This commit introduces `NO_OVERLAPPING_PROTOCOLS`, which the Python
callback passed to `Context.set_alpn_select_callback` can return to
achieve the same thing.
It does not change the previous meaning of an empty string, which
still terminates the handshake.
* Update src/OpenSSL/SSL.py
Co-Authored-By: Alex Gaynor <alex.gaynor@gmail.com>
* Address @alex's review.
* Use recorded value in test, fix lint error.
* Cover TypeError branch in _ALPNHelper.callback
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* use _ffi.from_buffer(buf) in send, to support bytearray
* add bytearray test
* update CHANGELOG.rst
* move from_buffer before 'buffer too long' check
* context-managed from_buffer + black
* don't shadow buf in send()
* test return count for sendall
* test sending an array
* fix test
* also use from_buffer in bio_write
* de-format _util.py
* formatting
* add simple bio_write tests
* wrap line
|
|
|
|
|
|
|
| |
Users with older cryptography (and hence potentially older asn1crypto, a
transitive dependency) are seeing a serious bug on macOS catalina due to
the way older asn1crypto loads a shared library. While this isn't a
pyOpenSSL bug bumping this dep might prevent the bug from impacting
some users.
|
| |
|
|
|
|
|
|
| |
* Fix for Python 4
* Fix for Python 4
|
|
|
|
|
|
| |
* Expose OP_NO_TLSv1_3
* Support openssl <1.1.1
|
|
|
|
|
|
| |
* Stop lawyers from emailing Hynek
* Update setup.py
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
* Delete README
* Delete client.py
* Delete server.py
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Delete README
* Delete another.invalid.crt
* Delete another.invalid.key
* Delete client.py
* Delete example.invalid.crt
* Delete example.invalid.key
* Delete server.py
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
generate certs (#833)
|
|
|
| |
These don't actually cover any code.
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Make test_ssl pass in an IPv6-only environment
* Review comments
* Update tests/test_ssl.py
Co-Authored-By: davidben <davidben@davidben.net>
* Wrap long line with parens.
|
|
|
|
|
|
| |
* skip NPN tests if NPN is not available
* use the right name
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Deprecated NPN
* arithmetic is hard
* oops
* oops
|
|
|
|
|
|
|
|
|
|
|
| |
* Raise an Error with "no cipher match" even with TLS 1.3
This makes Twisted's OpenSSLAcceptableCiphers.fromOpenSSLCipherString
and seamlessly work with TLS 1.3:
https://github.com/twisted/twisted/pull/1100/files/a5df2fb373ac67b0e3032acc9291ae88dfd0b3b1#diff-df501bac724aab523150498f84749b88R1767
* Split TestContext.test_set_cipher_list_wrong_args into two tests.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Removed deprecated Type aliases
* typo
* typo
* missed this somehow
* Line wrap
|
| |
|
| |
|
|
|
| |
2566 is not a valid digest, whoops!
|
|
|
|
|
|
|
|
|
|
|
|
| |
* more infra changes
* upgrade pypy
* still run a test against 1.0.1
* we don't need this builder
* ...
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
rtype for the following was incorrect:
X509Req.from_cryptography
X509.from_cryptography
|
|
|
|
|
|
|
|
|
|
|
| |
* Handle NULL bytes in get_components() values
Some old software may generate "bogus" CN with each character preceded
by a NULL.
This is already handled in commonName, but wasn't in get_components()
* review fixes (fix py3 test & avoid unpack/cast)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* fix openssl CLI testing for 1.1.1
* various 1.1.1 related fixes
some of which are just admitting TLS 1.3 is fundamentally different and
pinning the tests to TLS 1.2
* flake8 fixes
* allow travis_infra env var through
* fix twisted
|