| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
* remove X509StoreFlags.NOTIFY_POLICY
fixes #1212
* also fix twisted
* more CI fixes, sigh
|
| |
|
|
|
| |
* fix testing against cryptography main branch and improve twisted
* oops
|
| |
|
|
|
| |
* parallel twisted tests and newer mypy
* update mypy env
|
| |
|
|
|
| |
* Reformat code using black 23.x
* fix compat with tox 4
|
| |
|
|
|
| |
* fixes for tox4
* Update tox.ini
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* add `Connection.use_(certificate|privatekey)`
* bump minimum cryptography version
* deduplicate tests
* black!
* max line length
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* crypto: Add type annotations
* Don’t redefine var
mypy complains about the redefinition
* _util: Add type annotations
* rand: Add type annotations
* Prepare package & CI for running mypy
* fix toxenv name
Co-authored-by: Maximilian Hils <github@maximilianhils.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* repair CI
* more fixes
* pypy39 requires latest cryptography
* Apply suggestions from code review
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* use constant
* bump minimum version
* remove unneeded try
* fix
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* flake8-import-order
* make sure bad import orders fail
* flake8-import-order
* add application name to flake8 section
* correct import order for openssl as application
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Expose DTLS_METHOD and friends
* Expose OP_NO_RENEGOTIATION
* Expose DTLS MTU-related functions
* Expose DTLSv1_listen and associated callbacks
* Add a basic DTLS test
* Cope with old versions of openssl/libressl
* blacken
* Soothe flake8
* Add temporary hack to skip DTLS test on old cryptography versions
* Update for cryptography v35 release
* Add changelog entry
* Fix versionadded::
* get_cleartext_mtu doesn't exist on decrepit old openssl
* Rewrite DTLS test to work around stupid OpenSSL misbehavior
* flake8 go away
* minor tidying
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Misc CI cleanups
- Update branch names to match upstream
- Drop py2 testing
* Appease stricter checking in latest Sphinx to get CI passing again
* Don't accidentally delete an important line from tox.ini
* Give py2 support a brief stay of execution
As requested by @reaperhulk on IRC
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add Context.set_*_proto_version, fix #860
* docs: add new openssl tls methods
* accept the fact that nothing can be taken for granted
* bump minimum required cryptography version to 3.3
* drop support for Python 3.5
* use binary wheels for cryptography
* Revert "use binary wheels for cryptography"
This reverts commit 91a04c612ed1d0dd9fd541dfefe21cac7c25b1c1.
* docker ci: compile cryptography with rust
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Tox.ini; Test on Python 3.9 and make flake8 stricter
* max-line-length = 88
* Remove unused import
* Update tox.ini
* Use PEP8 line length
* Use PEP8 line length
|
| |
|
|
|
|
|
| |
* Drop CI for OpenSSL 1.0.2
* Delete code for coverage reasons
* Bump minimum cryptography version
|
| |
|
| |
* fixed tests for twisted change
|
| | |
|
| | |
|
| |
|
|
|
| |
* Uhhh, fix twisted tests to actually run twisted (wat)
* Update tox.ini
|
| | |
|
| |
|
|
|
|
|
| |
Users with older cryptography (and hence potentially older asn1crypto, a
transitive dependency) are seeing a serious bug on macOS catalina due to
the way older asn1crypto loads a shared library. While this isn't a
pyOpenSSL bug bumping this dep might prevent the bug from impacting
some users.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* fix openssl CLI testing for 1.1.1
* various 1.1.1 related fixes
some of which are just admitting TLS 1.3 is fundamentally different and
pinning the tests to TLS 1.2
* flake8 fixes
* allow travis_infra env var through
* fix twisted
|
| | |
|
| |
|
|
|
|
|
|
| |
* Added py37 to travis
* Added py37 trove classifier
* Added py37 to tox
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* fix a memory leak and a potential UAF and also #722
* sanity check
* bump cryptography minimum version, add changelog
|
| | |
|
| |
|
|
|
|
| |
* move deps to extras
* this file is gone
|
| |
|
|
|
|
| |
* FIxed #266 -- attempt to deflake our tests
* typo
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* try loading trusted certs from a list of fallbacks
pyca/cryptography will shortly begin shipping a wheel. Since
SSL_CTX_set_default_verify_paths uses a hardcoded path compiled into the
library, this will start failing to load the proper certificates for
users on many linux distributions. To avoid this we can use the Go
solution of iterating over a list of potential candidates and loading
it when found.
* capath is lazy loaded so we need to do a lot more checks
This now checks to see if env vars are set as well as seeing if the
dir exists and has valid certs in it. If either of those are true (or
the number of certs is > 0) it won't load the fallback. If it does do
the fallback it will also attempt to load certs from a dir as a final
fallback
* remove an early return
* this shouldn't be commented out
* oops
* very limited testing
* sigh, can't use these py3 exceptions of course
* expand the tests a bit
* coverage!
* don't need this now
* change the approach to use a pyca/cryptography guard value
* test fix
* older python sometimes calls itself linux2
* flake8
* add changelog
* coverage
* slash opt
|
| |
|
|
|
|
| |
* Fix invalid cast from ASN1_TIME to ASN1_GENERALIZEDTIME, which ends up with an error with LibreSSL.
* Require cryptography >= 1.9
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* urllib3 uses pytest now, also use trusty
* more improvements
* keep modernizing
* try trusty later.
* revert
* still try for trusty, back to the right pypy
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add an informative __main__.py
Give users an easy way to figure out what versions they're running.
* Why not more info!
* Add test
* No empty last line
* Make @alex happy
* DIAF Python 2.6
* Add cffi's version
* Make debug a module
* Add cryptography's compile-time OpenSSL
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Define the OCSPCallbackHelper.
* Define set_ocsp_status_callback function.
* Reframe this as the "server" helper.
* Add OCSP helper.
* Allow clients to request OCSP
* Some tests for OCSP.
* Don't forget to throw callback errors.
* Add changelog entry for OCSP stapling.
* Require at least cryptography 1.7
* Sorry Flake8, won't happen again.
* How does spelling work?
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Convert NextProtoNegotiationTests to use pytest-style tests
Addresses #340.
* Fix Twisted test suite
See https://twistedmatrix.com/trac/ticket/8876
* Remove tests for OpenSSL with no NPN support
NPN was added in OpenSSL 1.0.1. As of version 16.1.0, PyOpenSSL
only supports OpenSSL 1.0.1 or later, so this test is:
1. Testing a use case that's no longer supported.
2. Dead code in CI.
|
| |
|
|
|
|
|
|
|
|
| |
Fix up the assert helpers, subclass form `object` rather than test case,
and use parametrization where appropriate.
One helper method on the original `TestCase` was the ability to create
temporary directories that were cleaned up at the end of the test --
now we use a pytest fixture instead: http://doc.pytest.org/en/latest/tmpdir.html
Addresses #340.
|
| |
|
|
|
|
| |
* Avoid pytest warning
* Upgrade pytest min version in tox.ini
|
| |
|
|
|
|
| |
* coverage 4.2 doesn't need the clean step anymore
* Set version for report too
|
| | |
|
| | |
|
| | |
|
