| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* X509Store.add_cert no longer raises an error on duplicate cert
* move changelog entry
|
| |
|
|
|
|
| |
* reopen master for 18.1
* there are four dashes
|
| | |
|
| |
|
|
|
|
|
|
| |
This makes it possible to retrieve the local certificate (if any)
for a Connection.
An example where this is useful is when negotiating a DTLS-SRTP
connection, the fingerprint of the local certificate needs to be
communicated to the remote party out-of-band via SDP.
|
| |
|
|
| |
This allows negotiating SRTP keying material, which is useful when using
DTLS-SRTP, as WebRTC does for example.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* test using auto retry
* add/update changelog and add comment
* wordsmithing
* Update CHANGELOG.rst
* Update CHANGELOG.rst
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* added method to export keying material from an ssl connection
* updated tests to use bytestrings to avoid breaking python3 tests
* added additional comments to test
* simplify export_keying_material
* add changelog
* address review feedback
|
| |
|
|
|
|
|
|
| |
* fix a memory leak and a potential UAF and also #722
* sanity check
* bump cryptography minimum version, add changelog
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* restore a subset of the rand module
* flake
* remove cleanup, go ahead and assume status will always be 1
* lighten and add power
|
| |
|
|
|
|
|
|
| |
* Don't use things after they're freed...duh
* changelog
* more details
|
| | |
|
| |
|
|
|
|
|
|
| |
* bump version and update changelog
* add changelog entries for the memory leak fixes
* backticks
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* Fixes #655 -- deprecate OpenSSL.tsafe
* changelog
|
| | |
|
| |
|
|
|
|
| |
* Fix version
* Prepare 17.2.0
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Write a test - signatures with EC keys (#609)
* Ask for signature length before allocating a buffer.
This fixes a potential heap buffer overflow that may happen when a signature
is longer than the private key, as with X9.62 ECDSA (#609).
* change approach to EVP_PKEY_size and add changelog
* add a small assert
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* fix #664
bytes and strings are different things.
* update changelog
* let's just make the sentinel values byte strings
* flake8
|
| |
|
|
|
|
|
|
| |
* Fixed #631 -- deprecate all of OpenSSL.rand
* syntax fix
* flake8
|
| | |
|
| |
|
|
|
|
| |
* Prepare 17.1.0
* Fix changelog markup
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Removed the deprecated md5 default on CRL.export()
* Doh
* unused import
* fixed tests
* last one
* py3k!!!!!
|
| |
|
| |
Add semantic newlines and parens that make functions and methods more obvious.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* try loading trusted certs from a list of fallbacks
pyca/cryptography will shortly begin shipping a wheel. Since
SSL_CTX_set_default_verify_paths uses a hardcoded path compiled into the
library, this will start failing to load the proper certificates for
users on many linux distributions. To avoid this we can use the Go
solution of iterating over a list of potential candidates and loading
it when found.
* capath is lazy loaded so we need to do a lot more checks
This now checks to see if env vars are set as well as seeing if the
dir exists and has valid certs in it. If either of those are true (or
the number of certs is > 0) it won't load the fallback. If it does do
the fallback it will also attempt to load certs from a dir as a final
fallback
* remove an early return
* this shouldn't be commented out
* oops
* very limited testing
* sigh, can't use these py3 exceptions of course
* expand the tests a bit
* coverage!
* don't need this now
* change the approach to use a pyca/cryptography guard value
* test fix
* older python sometimes calls itself linux2
* flake8
* add changelog
* coverage
* slash opt
|
| |
|
|
|
|
| |
* add to_cryptography/from_cryptography on CRL and X509Req
* add changelog entry
|
| |
|
|
|
|
|
|
| |
* Fixed #486 -- deprecate the backwards compat names
* remove the docs for these, pretend they don't exist
* CHANGELOG
|
| |
|
|
|
|
| |
* Added an API for converting X509 to/from cryptography
* changelog
|
| |
|
|
|
|
|
|
| |
* update docs and and changelog for #612
* update changelog
* more detail
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Drop the deprecated rand.egd function
* Removed egd tests
* Removed egd docs
* Document the removal
* unused imports
* Update CHANGELOG.rst
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add an informative __main__.py
Give users an easy way to figure out what versions they're running.
* Why not more info!
* Add test
* No empty last line
* Make @alex happy
* DIAF Python 2.6
* Add cffi's version
* Make debug a module
* Add cryptography's compile-time OpenSSL
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* Prepare for 17.0.0
Fix a bunch URLs and account for the non-existance of 16.3.
* Fix codecov link
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Modify tests to detect empty crypto.Errors from load_privatekey
This reproduces #119 and #456.
* Prevent _PassphraseHelper.raise_if_problem() from eating exceptions.
This resolves #119, resolves #456.
`_PassphraseHelper.raise_if_problem()` always flushes the OpenSSL
exception queue, but does not always raise an exception. In some cases,
other code attempts to raise an error from OpenSSL after
`raise_if_problem()` has flushed the queue, thus causing an empty
exception to be raised (i.e. `raise Error([])`).
This commit modifies `_PassphraseHelper.raise_if_problem` to flush the
OpenSSL error queue only if it has en exception to raise. Subsequent
code that detects an error should now be able to raise an non-empty
exception.
* Add CHANGELOG entry for #581.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Define the OCSPCallbackHelper.
* Define set_ocsp_status_callback function.
* Reframe this as the "server" helper.
* Add OCSP helper.
* Allow clients to request OCSP
* Some tests for OCSP.
* Don't forget to throw callback errors.
* Add changelog entry for OCSP stapling.
* Require at least cryptography 1.7
* Sorry Flake8, won't happen again.
* How does spelling work?
|
| | |
|
| | |
|
| | |
|
