Age | Commit message (Collapse) | Author |
|
Bug: 180401296
Merged-In: If3eeb5f43ea6e9adf9e1d9d1d7e199c01ec4f1b5
Change-Id: I93cce73e18e634b28995519b6bdb1b9d19608924
|
|
Original change: https://android-review.googlesource.com/c/platform/external/python/pyopenssl/+/1588518
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: I8c0bb8f1cc8c1894a6b343b721fbb7e25d0de755
|
|
Added SPDX-license-identifier-Apache-2.0 to:
Android.bp
src/OpenSSL/Android.bp
Bug: 68860345
Bug: 151177513
Bug: 151953481
Test: m all
Exempt-From-Owner-Approval: janitorial work
Change-Id: Ie0212b5c649e8e7e05eea24d5b3de8732f8017f1
|
|
Original change: https://android-review.googlesource.com/c/platform/external/python/pyopenssl/+/1549738
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: Ibc969a4efaddb8bc50673f15901e90e8ee37b868
|
|
Not needed anymore.
Test: presubmit
Bug: 175408655
Change-Id: I8aa9fd032b6f23352e0e6ee266e968c29b6ff331
|
|
Original change: https://android-review.googlesource.com/c/platform/external/python/pyopenssl/+/1531280
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: If3eeb5f43ea6e9adf9e1d9d1d7e199c01ec4f1b5
|
|
Original change: https://android-review.googlesource.com/c/platform/external/python/pyopenssl/+/1531280
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: I59a4962b74303aa86ba52ff27cddeb957f31d45b
|
|
Test: make
Change-Id: Icdf65bde24f056bd011ee39635e7d66662ef4d4d
|
|
|
|
* Test on OpenSSL 1.1.0 w/ Debian stretch
* Make pyOpenSSL compatible with openssl 1.1.0 again
Co-authored-by: Shane Harvey <shnhrv@gmail.com>
|
|
* remove py2 w/ cryptography master
* Update ci.yml
|
|
* Tox.ini; Test on Python 3.9 and make flake8 stricter
* max-line-length = 88
* Remove unused import
* Update tox.ini
* Use PEP8 line length
* Use PEP8 line length
|
|
|
|
|
|
* fix a memleak
* black
|
|
* Keep reference to SSL verify_call in Connection object
If a set_verify is used on a context before and after a Connection
the reference in the SSL* object still points to the old _verify_helper
object. Since this object has no longer any references to it, the
callback can result in a segfault.
This commit fixes the issues by ensuring that as long as the
Connection object/SSL* object lives a reference to the callback
function is held.
* Add Unit test for set_verify_callback deference
|
|
It's not being run anywhere, and plainly doesn't support py3 so it's clearly not important to anyone.
|
|
|
|
|
|
|
|
|
|
Co-authored-by: Michael Lazar <mlazar@doctorondemand.com>
|
|
* Drop CI for OpenSSL 1.0.2
* Delete code for coverage reasons
* Bump minimum cryptography version
|
|
* Fixing issue #798, thanks to @reaperhulk; removing undocumented '%s' option and getting the date in a more robust way
Co-authored-by: Joseba Alberdi <j.alberdi@simuneatomistics.com>
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
|
|
|
|
* fixed tests for twisted change
|
|
* crypto._PassphraseHelper: pass non-callable passphrase using callback
Fixes #945
Before this commit, we would pass a bytes passphrase as a null terminated string.
This causes issue when a randomly generated key's first byte is null because
OpenSSL rightly determines the key length is 0.
This commit modifies the passphrase helper to pass the passphrase via the
callback
* Update changelog to document bug fix
|
|
X509StoreContext (#948)
The additional certificates provided in the new `chain` parameter will be
untrusted but may be used to build the chain.
This makes it easier to validate a certificate against a store which
contains only root ca certificates, and the intermediates come from e.g.
the same untrusted source as the certificate to be verified.
Co-authored-by: Sandor Oroszi <sandor.oroszi@balabit.com>
|
|
Add X509Store.load_locations() to set a CA bundle file and/or an OpenSSL-
style hashed CA/CRL lookup directory, similar to the already existing
SSL.Context.load_verify_locations().
Co-authored-by: Sandor Oroszi <sandor.oroszi@balabit.com>
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
|
* Context.set_verify: allow omission of callback
* squeeze to 80 chars
* make it clear that default callback is used
|
|
* Allow accessing a connection's verfied certificate chain
Add X509StoreContext.get_verified_chain using X509_STORE_CTX_get1_chain.
Add Connection.get_verified_chain using SSL_get0_verified_chain if
available (ie OpenSSL 1.1+) and X509StoreContext.get_verified_chain
otherwise.
Fixes #740.
* TLSv1_METHOD -> SSLv23_METHOD
* Use X509_up_ref instead of X509_dup
* Add _openssl_assert where appropriate
* SSL_get_peer_cert_chain should not be null
* Reformat with black
* Fix <OpenSSL.crypto.X509 object at 0x7fdbb59e8050> != <OpenSSL.crypto.X509 object at 0x7fdbb59daad0>
* Add Changelog entry
* Remove _add_chain
|
|
|
|
* focal time
* larger dh params, assert on something
* urllib3 fix
* actually check an error
|
|
* remove npn support entirely. you should be using alpn
* flake8
|
|
|
|
|
|
* newer pypy
* missed one
* we don't support ancient cffi any more
|
|
* simplify
* generate new certs and keys with 3072-bit RSA
* black
* add a test to avoid losing coverage
|
|
* make our CI less frustrating
* sigh, even less sensitive
* can we stop doing this on macos now?
|
|
* _only_ update the image
* Update .travis.yml
Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
|
|
|
|
* Remove RPM build script that we have no idea if it works
* MANIFEST.in as well
|
|
* add SSL.Context.set_keylog_callback
* don't fail on missing attribute
* lint!
* make it black
|
|
|
|
* `sudo` key is deprecated
* `os` key is missing
* `matrix` is an alias for `jobs`
|