Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | merge masterremove-rationale | Jean-Paul Calderone | 2015-03-15 | 9 | -22/+479 |
|\ | |||||
| * | The message is not a basestring and basestring is an awful type anyway.verify-chain | Jean-Paul Calderone | 2015-03-15 | 1 | -3/+5 |
| | | |||||
| * | Fix trivial rst syntax errors. | Jean-Paul Calderone | 2015-03-15 | 1 | -2/+2 |
| | | |||||
| * | Tweaks to the X509StoreContextError docstring. | Jean-Paul Calderone | 2015-03-15 | 1 | -2/+2 |
| | | |||||
| * | Give this new top-level function a docstring. | Jean-Paul Calderone | 2015-03-15 | 1 | -0/+7 |
| | | |||||
| * | Initialize a context at instantiation time | Stephen Holsapple | 2015-02-12 | 2 | -1/+35 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | To maintain a Pythonic API, we need to initialize the store context object at object instantiation time so that it is possible to modify the trust store (a legitable use case) after the object is created. As the store context implementation becomes more featureful, this will become more important. E.g., when we add support for `X509_STORE_CTX_get0_param` and X509_STORE_CTX_set0_param` to change verification parameters, we'll want to do this. This change also adds a very simple `set_store` method mostly to make the initialization and modification changes easier to test. | ||||
| * | Add documentation for X509StoreContextError | Stephen Holsapple | 2015-02-09 | 1 | -0/+12 |
| | | | | | | | | | | | | | | I'm not sure if it is customary to provide documentation for exceptions or not, but because this exception provides an additional meaningful attribute on the exception base class, I figured it would be helpful to document. | ||||
| * | Trust return value in context error | Stephen Holsapple | 2015-02-09 | 1 | -4/+5 |
| | | | | | | | | | | | | | | | | | | | | The function X509_STORE_CTX_get_current_cert seems to always return a certificate. After reviewing upstream OpenSSL package, it seems they do no error checking on this function either, so I think this approach should be safe. Worst case scenario, for a case I think is impossible, we'll get a AttributeError or TypeError. | ||||
| * | Refactoring verify_cert | Stephen Holsapple | 2015-01-30 | 3 | -71/+82 |
| | | | | | | | | | | | | | | | | | | | | | | Apply the changes that we've been talking about in https://github.com/pyca/pyopenssl/pull/155 regarding the placement of verify_cert, viz., moving verify_cert from top level of crypto into X509StoreContext. This makes the pyOpenSSL API slightly different than the OpenSSL API, but the plan will be to add back a verify_cert to the top level that is nice to use. | ||||
| * | ChangeLog | Jean-Paul Calderone | 2015-01-30 | 1 | -3/+8 |
| | | |||||
| * | Make a more specific assertion about where the failure reason shows up. | Jean-Paul Calderone | 2015-01-30 | 1 | -3/+3 |
| | | |||||
| * | remove unused import | Jean-Paul Calderone | 2015-01-30 | 1 | -1/+0 |
| | | |||||
| * | A little bit more explanation of what "context" means here. | Jean-Paul Calderone | 2015-01-30 | 1 | -4/+6 |
| | | |||||
| * | Small test method docstring fixes and fixes for tests of exceptional cases. | Jean-Paul Calderone | 2015-01-30 | 1 | -20/+14 |
| | | |||||
| * | Four space indentation and other whitespace fixes. | Jean-Paul Calderone | 2015-01-30 | 1 | -10/+17 |
| | | |||||
| * | Whitespace and X509StoreContext documentation cleanups. | Jean-Paul Calderone | 2015-01-30 | 1 | -5/+18 |
| | | |||||
| * | four space indent | Jean-Paul Calderone | 2015-01-30 | 1 | -1/+1 |
| | | |||||
| * | Consistent a/an for x509. | Jean-Paul Calderone | 2015-01-30 | 1 | -2/+2 |
| | | |||||
| * | wrap long line | Jean-Paul Calderone | 2015-01-30 | 1 | -1/+2 |
| | | |||||
| * | I think this word choice makes more sense. | Jean-Paul Calderone | 2015-01-30 | 1 | -1/+1 |
| | | |||||
| * | Add OpenSSL.crypto.verify_chain method. | Stephen Holsapple | 2015-01-30 | 5 | -8/+277 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change adds support for verifying a certificate or a certificate chain. This implementation uses OpenSSL's underlying X509_STORE_CTX_* class of functions to accomplish this. This change also adds an intermediate signing certificate/key and a service certificate/key signed with the intermediate signing certificate, to make testing the OpenSSL.crypto.verify_chain method easier to test. I figured I would add it to the top level module so other people can use an intermediate signing certificate in their own tests. Issue: https://github.com/pyca/pyopenssl/issues/154 | ||||
| * | Merge pull request #179 from exarkun/Context.check_privatekey | Jean-Paul Calderone | 2015-01-19 | 5 | -5/+50 |
| |\ | | | | | | | Fix a regression in Context.check_privatekey which caused it to always succeed. | ||||
| | * | 0.7 was released. | Jean-Paul Calderone | 2015-01-18 | 1 | -1/+1 |
| | | | |||||
| | * | merge master | Jean-Paul Calderone | 2015-01-18 | 3 | -2/+20 |
| | |\ | |||||
| | * | | Give assertIs and assertIsNot their stdlib-preferred names. | Jean-Paul Calderone | 2014-12-12 | 1 | -4/+4 |
| | | | | |||||
| | * | | Perhaps this is a sensible way to declare a dependency on post-0.6.1 master? ↵ | Jean-Paul Calderone | 2014-12-12 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | | | | | | | | | Perhaps not, I'm not sure. This might be nonsense. | ||||
| | * | | ChangeLog | Jean-Paul Calderone | 2014-12-11 | 1 | -0/+5 |
| | | | | |||||
| | * | | Tentatively bump the required version of cryptography necessary for the new ↵ | Jean-Paul Calderone | 2014-12-11 | 1 | -1/+1 |
| | | | | | | | | | | | | | | | | OpenSSL API. | ||||
| | * | | Add the necessary SSL_CTX_check_private_key call and error handling. | Jean-Paul Calderone | 2014-12-11 | 1 | -0/+3 |
| | | | | |||||
| | * | | Add tests for Context.check_privatekey. | Jean-Paul Calderone | 2014-12-11 | 1 | -0/+37 |
| | | | | |||||
| * | | | Merge pull request #172 from alex/fix-typos | Jean-Paul Calderone | 2015-01-18 | 3 | -4/+4 |
| |\ \ \ | | |_|/ | |/| | | Fix several typos. | ||||
| | * | | Fixed several typos | Alex Gaynor | 2014-11-15 | 3 | -4/+4 |
| | | | | |||||
| * | | | Merge pull request #183 from darkrain42/Connection.shutdown-errors | Jean-Paul Calderone | 2015-01-13 | 3 | -2/+20 |
| |\ \ \ | | |_|/ | |/| | | Fix error handling in Connection.shutdown. | ||||
| | * | | ChangeLog entry | Paul Aurich | 2015-01-08 | 1 | -0/+5 |
| | | | | |||||
| | * | | Fixes #91 -- proper error handling in Connection.shutdown | Paul Aurich | 2015-01-08 | 1 | -2/+1 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | On error (return < 0), the OpenSSL documentation says to call SSL_get_error to discover the cause, as the act of trying to shutdown may raise lower-level errors (e.g. socket errors), or return SSL_ERR_WANT_WRITE or SSL_ERR_WANT_READ. | ||||
| | * | | Add test for Connection.shutdown on closed socket | Paul Aurich | 2015-01-08 | 1 | -0/+14 |
| |/ / | |||||
| * | | Merge pull request #173 from alex/no-more-v3 | Jean-Paul Calderone | 2014-11-17 | 1 | -2/+2 |
| |\ \ | | |/ | |/| | | | | | | | verisign.org turned off SSLv3 (Happy Days!). Change the test suite to use TLSv1 where it talks to verisign.org. This is a terrible test, of course. But at least this makes it a terrible passing test again. | ||||
| | * | verisign.org turned off SSLv3 (Happy Days!) | Alex Gaynor | 2014-11-15 | 1 | -2/+2 |
| |/ | |||||
| * | Merge pull request #148 from alex/pkcs7-stuff | David Reid | 2014-08-26 | 4 | -4/+41 |
| |\ | | | | | | | Fixes #145 -- fixes loading pkcs7 data from ASN1 | ||||
| | * | Added a changelog entry | Alex Gaynor | 2014-08-21 | 1 | -0/+5 |
| | | | |||||
| | * | This needs the latest cryptography | Alex Gaynor | 2014-08-20 | 1 | -1/+1 |
| | | | |||||
| | * | Added a docstring | Alex Gaynor | 2014-08-14 | 1 | -0/+4 |
| | | | |||||
| | * | Py3k fix | Alex Gaynor | 2014-08-14 | 1 | -2/+2 |
| | | | |||||
| | * | Added a test for loading ASN1 data | Alex Gaynor | 2014-08-14 | 1 | -2/+30 |
| | | | |||||
| | * | Fixes #145 -- fixes loading pkcs7 data from ASN1 | Alex Gaynor | 2014-08-13 | 1 | -1/+1 |
| |/ | |||||
* | | Remove RATIONALE | Laurens Van Houtven | 2014-06-17 | 1 | -61/+0 |
|/ | | | | | | | This document is horribly outdated and did more bad than good. It contained about half of something that vaguely resembled an issue tracker, and has otherwise hasn't been touched since the project's inception. | ||||
* | Merge pull request #122 from ekohl/patch-1 | Laurens Van Houtven | 2014-06-16 | 1 | -1/+3 |
|\ | | | | | Add link to documentation to README | ||||
| * | Add link to the documentation on readthedocs.rog | Ewoud Kohl van Wijngaarden | 2014-06-16 | 1 | -1/+3 |
|/ | |||||
* | Merge pull request #88 from exarkun/set_verify-callback-argument | Jean-Paul Calderone | 2014-05-06 | 4 | -3/+60 |
|\ | | | | | | | Fix a regression in which the first argument of the "verify" callback was incorrectly passed a `Context` instance instead of the `Connection` instance. | ||||
| * | add a missing word | Jean-Paul Calderone | 2014-05-06 | 1 | -1/+1 |
| | |