summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* merge masterremove-rationaleJean-Paul Calderone2015-03-159-22/+479
|\
| * The message is not a basestring and basestring is an awful type anyway.verify-chainJean-Paul Calderone2015-03-151-3/+5
| |
| * Fix trivial rst syntax errors.Jean-Paul Calderone2015-03-151-2/+2
| |
| * Tweaks to the X509StoreContextError docstring.Jean-Paul Calderone2015-03-151-2/+2
| |
| * Give this new top-level function a docstring.Jean-Paul Calderone2015-03-151-0/+7
| |
| * Initialize a context at instantiation timeStephen Holsapple2015-02-122-1/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | To maintain a Pythonic API, we need to initialize the store context object at object instantiation time so that it is possible to modify the trust store (a legitable use case) after the object is created. As the store context implementation becomes more featureful, this will become more important. E.g., when we add support for `X509_STORE_CTX_get0_param` and X509_STORE_CTX_set0_param` to change verification parameters, we'll want to do this. This change also adds a very simple `set_store` method mostly to make the initialization and modification changes easier to test.
| * Add documentation for X509StoreContextErrorStephen Holsapple2015-02-091-0/+12
| | | | | | | | | | | | | | I'm not sure if it is customary to provide documentation for exceptions or not, but because this exception provides an additional meaningful attribute on the exception base class, I figured it would be helpful to document.
| * Trust return value in context errorStephen Holsapple2015-02-091-4/+5
| | | | | | | | | | | | | | | | | | | | The function X509_STORE_CTX_get_current_cert seems to always return a certificate. After reviewing upstream OpenSSL package, it seems they do no error checking on this function either, so I think this approach should be safe. Worst case scenario, for a case I think is impossible, we'll get a AttributeError or TypeError.
| * Refactoring verify_certStephen Holsapple2015-01-303-71/+82
| | | | | | | | | | | | | | | | | | | | | | Apply the changes that we've been talking about in https://github.com/pyca/pyopenssl/pull/155 regarding the placement of verify_cert, viz., moving verify_cert from top level of crypto into X509StoreContext. This makes the pyOpenSSL API slightly different than the OpenSSL API, but the plan will be to add back a verify_cert to the top level that is nice to use.
| * ChangeLogJean-Paul Calderone2015-01-301-3/+8
| |
| * Make a more specific assertion about where the failure reason shows up.Jean-Paul Calderone2015-01-301-3/+3
| |
| * remove unused importJean-Paul Calderone2015-01-301-1/+0
| |
| * A little bit more explanation of what "context" means here.Jean-Paul Calderone2015-01-301-4/+6
| |
| * Small test method docstring fixes and fixes for tests of exceptional cases.Jean-Paul Calderone2015-01-301-20/+14
| |
| * Four space indentation and other whitespace fixes.Jean-Paul Calderone2015-01-301-10/+17
| |
| * Whitespace and X509StoreContext documentation cleanups.Jean-Paul Calderone2015-01-301-5/+18
| |
| * four space indentJean-Paul Calderone2015-01-301-1/+1
| |
| * Consistent a/an for x509.Jean-Paul Calderone2015-01-301-2/+2
| |
| * wrap long lineJean-Paul Calderone2015-01-301-1/+2
| |
| * I think this word choice makes more sense.Jean-Paul Calderone2015-01-301-1/+1
| |
| * Add OpenSSL.crypto.verify_chain method.Stephen Holsapple2015-01-305-8/+277
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change adds support for verifying a certificate or a certificate chain. This implementation uses OpenSSL's underlying X509_STORE_CTX_* class of functions to accomplish this. This change also adds an intermediate signing certificate/key and a service certificate/key signed with the intermediate signing certificate, to make testing the OpenSSL.crypto.verify_chain method easier to test. I figured I would add it to the top level module so other people can use an intermediate signing certificate in their own tests. Issue: https://github.com/pyca/pyopenssl/issues/154
| * Merge pull request #179 from exarkun/Context.check_privatekeyJean-Paul Calderone2015-01-195-5/+50
| |\ | | | | | | Fix a regression in Context.check_privatekey which caused it to always succeed.
| | * 0.7 was released.Jean-Paul Calderone2015-01-181-1/+1
| | |
| | * merge masterJean-Paul Calderone2015-01-183-2/+20
| | |\
| | * | Give assertIs and assertIsNot their stdlib-preferred names.Jean-Paul Calderone2014-12-121-4/+4
| | | |
| | * | Perhaps this is a sensible way to declare a dependency on post-0.6.1 master? ↵Jean-Paul Calderone2014-12-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Perhaps not, I'm not sure. This might be nonsense.
| | * | ChangeLogJean-Paul Calderone2014-12-111-0/+5
| | | |
| | * | Tentatively bump the required version of cryptography necessary for the new ↵Jean-Paul Calderone2014-12-111-1/+1
| | | | | | | | | | | | | | | | OpenSSL API.
| | * | Add the necessary SSL_CTX_check_private_key call and error handling.Jean-Paul Calderone2014-12-111-0/+3
| | | |
| | * | Add tests for Context.check_privatekey.Jean-Paul Calderone2014-12-111-0/+37
| | | |
| * | | Merge pull request #172 from alex/fix-typosJean-Paul Calderone2015-01-183-4/+4
| |\ \ \ | | |_|/ | |/| | Fix several typos.
| | * | Fixed several typosAlex Gaynor2014-11-153-4/+4
| | | |
| * | | Merge pull request #183 from darkrain42/Connection.shutdown-errorsJean-Paul Calderone2015-01-133-2/+20
| |\ \ \ | | |_|/ | |/| | Fix error handling in Connection.shutdown.
| | * | ChangeLog entryPaul Aurich2015-01-081-0/+5
| | | |
| | * | Fixes #91 -- proper error handling in Connection.shutdownPaul Aurich2015-01-081-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | On error (return < 0), the OpenSSL documentation says to call SSL_get_error to discover the cause, as the act of trying to shutdown may raise lower-level errors (e.g. socket errors), or return SSL_ERR_WANT_WRITE or SSL_ERR_WANT_READ.
| | * | Add test for Connection.shutdown on closed socketPaul Aurich2015-01-081-0/+14
| |/ /
| * | Merge pull request #173 from alex/no-more-v3Jean-Paul Calderone2014-11-171-2/+2
| |\ \ | | |/ | |/| | | | | | | verisign.org turned off SSLv3 (Happy Days!). Change the test suite to use TLSv1 where it talks to verisign.org. This is a terrible test, of course. But at least this makes it a terrible passing test again.
| | * verisign.org turned off SSLv3 (Happy Days!)Alex Gaynor2014-11-151-2/+2
| |/
| * Merge pull request #148 from alex/pkcs7-stuffDavid Reid2014-08-264-4/+41
| |\ | | | | | | Fixes #145 -- fixes loading pkcs7 data from ASN1
| | * Added a changelog entryAlex Gaynor2014-08-211-0/+5
| | |
| | * This needs the latest cryptographyAlex Gaynor2014-08-201-1/+1
| | |
| | * Added a docstringAlex Gaynor2014-08-141-0/+4
| | |
| | * Py3k fixAlex Gaynor2014-08-141-2/+2
| | |
| | * Added a test for loading ASN1 dataAlex Gaynor2014-08-141-2/+30
| | |
| | * Fixes #145 -- fixes loading pkcs7 data from ASN1Alex Gaynor2014-08-131-1/+1
| |/
* | Remove RATIONALELaurens Van Houtven2014-06-171-61/+0
|/ | | | | | | This document is horribly outdated and did more bad than good. It contained about half of something that vaguely resembled an issue tracker, and has otherwise hasn't been touched since the project's inception.
* Merge pull request #122 from ekohl/patch-1Laurens Van Houtven2014-06-161-1/+3
|\ | | | | Add link to documentation to README
| * Add link to the documentation on readthedocs.rogEwoud Kohl van Wijngaarden2014-06-161-1/+3
|/
* Merge pull request #88 from exarkun/set_verify-callback-argumentJean-Paul Calderone2014-05-064-3/+60
|\ | | | | | | Fix a regression in which the first argument of the "verify" callback was incorrectly passed a `Context` instance instead of the `Connection` instance.
| * add a missing wordJean-Paul Calderone2014-05-061-1/+1
| |
View Lorry Controller Status