| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
* support bitstring values in DNs
parsing is limited to x500UniqueIdentifier only
* Update src/cryptography/x509/name.py
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
|
| | |
|
| | |
|
| |
|
|
|
|
| |
The spec requires both of these to be exactly two characters to
correspond with ISO country codes. Reality is sometimes messier, so this
allows parsing (but not encoding) of this invalid data. Parsing will
raise a UserWarning if incorrect lengths are detected.
|
| |
|
|
|
| |
* Update fernet docs to use latest Django recommendations
* Err, remember how RST works
|
| | |
|
| |
|
|
|
| |
* OCB3 support in aead package
* improve comment
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
encoded default (#6600)
* Allow parsing CSR extensions with the critical bit having an explicitly encoded default
* Poke for zuul
|
| | |
|
| | |
|
| |
|
|
|
| |
* Allow to serialize extension values as DER bytes string.
* Prepare test for SignedCertificateTimestamps.
|
| |
|
|
| |
also document that we can return these key types in a certificate,
although they can't be self-signed of course
|
| |
|
|
|
| |
this matches our behavior to OpenSSL and allows users to pass a chain to
our PEM loaders. To make this a little less magical it is now
documented.
|
| | |
|
| | |
|
| |
|
|
|
| |
* deprecate backend part 5 of n
* remove doc8
|
| | |
|
| |
|
| |
finish the asymmetric docs
|
| | |
|
| |
|
|
| |
* update all custom vector generation scripts to not use backends
* remove references to backends in test-vectors.rst
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
`rfc4514_string()` and related methods now have an optional
`attr_name_overrides` parameter to supply custom OID to name mappings,
which can be used to match vendor-specific extensions.
**BACKWARDS INCOMPATIBLE:** Reverted the nonstandard formatting of email
address fields as `E` in `rfc4514_string()` methods from version 35.0.
The previous behavior can be restored with:
`name.rfc4514_string({NameOID.EMAIL_ADDRESS: "E"})`
Expanded documentation of `Name.rfc4514_string`.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* Convert CRL creation to Rust
* fixes
* small reflows
* Delete all teh code
* flake8
|
| |
|
|
|
|
|
|
|
| |
* Convert CSR creation to Rust
* put this back
* unused
* coverage
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* Convert x.509 certificate generation to Rust
* flake8
* Coverage shenangins
* moar hashes
* moar hashes
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* Update installation for testing against bookworm
* Try bumping macOS timeout
* Try pinning cffi
* Ban 1.15.0
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Propose a new load_key_and_certificates_with_name API to return the PKCS12 'friendly name' as well.
* Extend load_key_and_certificates_with_name to return friendly names for all certificates; add serialize_key_and_certificates_with_names; add X509_alias_set1 to cffi; add basic tests for all these.
* Add changelog entry and documentation.
* Revert "Extend load_key_and_certificates_with_name to return friendly names for all certificates; add serialize_key_and_certificates_with_names; add X509_alias_set1 to cffi; add basic tests for all these."
This reverts commit 125935e8cf1d27028c5b593bb058e2716311fd72.
* Create new interface.
* Rename load_key_and_certificates_object -> load_pkcs12.
* Add constructor validation, improve repr tests.
* Mention '... or None'.
* Allow all private key types.
* Fix/improve tests.
* Ignore type errors when intentionally passing wrong types.
* Fix type; linting.
* Use correct ignore.
|
| |
|
|
|
|
|
| |
* Add new PKCS12 test vectors for #6348.
* Re-create test certs without DSA.
* Forgot to adjust the docs.
|
| |
|
|
|
| |
* accept combined PEM files with multiple sections
* pass error messages into `find_in_pem`
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* Improve changelog for cryptography.x509 changes
* Update CHANGELOG.rst
* Update CHANGELOG.rst
* Update CHANGELOG.rst
* this is a word
|
| | |
|
| |
|
|
|
| |
* add several OCSP response vectors
* fix naming
|
| |
|
|
|
| |
* add faq entry about why rust
* de facto isn't misspelled
|
| |
|
| |
(Lots of commits that got squashed)
|
| |
|
|
|
| |
* musllinux ftw
* appease the spellchecker
|
| |
|
|
|
|
|
| |
* Don't internal error on CRL with no nextUpdate value
* Fix typing
* docs
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
* add more eku oids
fixes #5892
* kerberos is a word in our world
|
| | |
|
| |
|
|
|
| |
Use always string as output format
Co-authored-by: Baofeng Wang <baofeng.wang67@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Implement KBKDFCMAC
Also adjust KBKDFHMAC to avoid code duplication.
* Add KBKDFCMAC unit tests
* Enable KBKDFCMAC vector tests
* Fix doc8 too long line issue in changelog
Adding bullet list entries after line 30 in the CHANGELOG.rst leads to
doc8 D001 error in line 30. Looks like a doc8 bug. Breaking the line in
the middle of the cross-reference solves the problem for now.
Also replace the trailing comma with a dot.
* Add KBKDFCMAC documentation and update changelog
|
