Age | Commit message (Collapse) | Author |
|
ours am: 8121f60aec -s ours
am skip reason: Change-Id If3eeb5f43ea6e9adf9e1d9d1d7e199c01ec4f1b5 with SHA-1 9aaad515f8 is in history
Original change: undetermined
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: I8f24f8038d640ad629c6eb66054345f5249f22b1
|
|
am skip reason: Change-Id If3eeb5f43ea6e9adf9e1d9d1d7e199c01ec4f1b5 with SHA-1 9aaad515f8 is in history
Original change: undetermined
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: I9826051726a9e1d1242d0d2cc55d52e8d0a50036
|
|
Bug: 180401296
Merged-In: If3eeb5f43ea6e9adf9e1d9d1d7e199c01ec4f1b5
Change-Id: I93cce73e18e634b28995519b6bdb1b9d19608924
|
|
am: ad0a229d9a am: a44c0f0397
Original change: https://android-review.googlesource.com/c/platform/external/python/pyopenssl/+/1588518
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: I368d5aa1847d3e1e0ade6f9f3685bcc87d2f8fa4
|
|
am: ad0a229d9a
Original change: https://android-review.googlesource.com/c/platform/external/python/pyopenssl/+/1588518
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: Idfe08380c627e862f4d288ab6794f1b9a5569432
|
|
Original change: https://android-review.googlesource.com/c/platform/external/python/pyopenssl/+/1588518
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: I8c0bb8f1cc8c1894a6b343b721fbb7e25d0de755
|
|
Added SPDX-license-identifier-Apache-2.0 to:
Android.bp
src/OpenSSL/Android.bp
Bug: 68860345
Bug: 151177513
Bug: 151953481
Test: m all
Exempt-From-Owner-Approval: janitorial work
Change-Id: Ie0212b5c649e8e7e05eea24d5b3de8732f8017f1
|
|
118342836f
Original change: https://android-review.googlesource.com/c/platform/external/python/pyopenssl/+/1549738
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: I17e2ce2692e8e338b68b9506703b0e272660eeca
|
|
Original change: https://android-review.googlesource.com/c/platform/external/python/pyopenssl/+/1549738
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: Ib40bb73342bcfc74ecd4eb48d13f629187788b8a
|
|
Original change: https://android-review.googlesource.com/c/platform/external/python/pyopenssl/+/1549738
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: Ibc969a4efaddb8bc50673f15901e90e8ee37b868
|
|
Not needed anymore.
Test: presubmit
Bug: 175408655
Change-Id: I8aa9fd032b6f23352e0e6ee266e968c29b6ff331
|
|
Original change: https://android-review.googlesource.com/c/platform/external/python/pyopenssl/+/1531280
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: Id48a5ccd69f7eb02985a6fc5f97dc0cee04fee0b
|
|
Original change: https://android-review.googlesource.com/c/platform/external/python/pyopenssl/+/1531280
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: If3eeb5f43ea6e9adf9e1d9d1d7e199c01ec4f1b5
|
|
Original change: https://android-review.googlesource.com/c/platform/external/python/pyopenssl/+/1531280
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: I59a4962b74303aa86ba52ff27cddeb957f31d45b
|
|
Test: make
Change-Id: Icdf65bde24f056bd011ee39635e7d66662ef4d4d
|
|
|
|
* Test on OpenSSL 1.1.0 w/ Debian stretch
* Make pyOpenSSL compatible with openssl 1.1.0 again
Co-authored-by: Shane Harvey <shnhrv@gmail.com>
|
|
* remove py2 w/ cryptography master
* Update ci.yml
|
|
* Tox.ini; Test on Python 3.9 and make flake8 stricter
* max-line-length = 88
* Remove unused import
* Update tox.ini
* Use PEP8 line length
* Use PEP8 line length
|
|
|
|
|
|
* fix a memleak
* black
|
|
* Keep reference to SSL verify_call in Connection object
If a set_verify is used on a context before and after a Connection
the reference in the SSL* object still points to the old _verify_helper
object. Since this object has no longer any references to it, the
callback can result in a segfault.
This commit fixes the issues by ensuring that as long as the
Connection object/SSL* object lives a reference to the callback
function is held.
* Add Unit test for set_verify_callback deference
|
|
It's not being run anywhere, and plainly doesn't support py3 so it's clearly not important to anyone.
|
|
|
|
|
|
|
|
|
|
Co-authored-by: Michael Lazar <mlazar@doctorondemand.com>
|
|
* Drop CI for OpenSSL 1.0.2
* Delete code for coverage reasons
* Bump minimum cryptography version
|
|
* Fixing issue #798, thanks to @reaperhulk; removing undocumented '%s' option and getting the date in a more robust way
Co-authored-by: Joseba Alberdi <j.alberdi@simuneatomistics.com>
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
|
|
|
|
* fixed tests for twisted change
|
|
* crypto._PassphraseHelper: pass non-callable passphrase using callback
Fixes #945
Before this commit, we would pass a bytes passphrase as a null terminated string.
This causes issue when a randomly generated key's first byte is null because
OpenSSL rightly determines the key length is 0.
This commit modifies the passphrase helper to pass the passphrase via the
callback
* Update changelog to document bug fix
|
|
X509StoreContext (#948)
The additional certificates provided in the new `chain` parameter will be
untrusted but may be used to build the chain.
This makes it easier to validate a certificate against a store which
contains only root ca certificates, and the intermediates come from e.g.
the same untrusted source as the certificate to be verified.
Co-authored-by: Sandor Oroszi <sandor.oroszi@balabit.com>
|
|
Add X509Store.load_locations() to set a CA bundle file and/or an OpenSSL-
style hashed CA/CRL lookup directory, similar to the already existing
SSL.Context.load_verify_locations().
Co-authored-by: Sandor Oroszi <sandor.oroszi@balabit.com>
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
|
* Context.set_verify: allow omission of callback
* squeeze to 80 chars
* make it clear that default callback is used
|
|
* Allow accessing a connection's verfied certificate chain
Add X509StoreContext.get_verified_chain using X509_STORE_CTX_get1_chain.
Add Connection.get_verified_chain using SSL_get0_verified_chain if
available (ie OpenSSL 1.1+) and X509StoreContext.get_verified_chain
otherwise.
Fixes #740.
* TLSv1_METHOD -> SSLv23_METHOD
* Use X509_up_ref instead of X509_dup
* Add _openssl_assert where appropriate
* SSL_get_peer_cert_chain should not be null
* Reformat with black
* Fix <OpenSSL.crypto.X509 object at 0x7fdbb59e8050> != <OpenSSL.crypto.X509 object at 0x7fdbb59daad0>
* Add Changelog entry
* Remove _add_chain
|
|
|
|
* focal time
* larger dh params, assert on something
* urllib3 fix
* actually check an error
|
|
* remove npn support entirely. you should be using alpn
* flake8
|
|
|
|
|
|
* newer pypy
* missed one
* we don't support ancient cffi any more
|
|
* simplify
* generate new certs and keys with 3072-bit RSA
* black
* add a test to avoid losing coverage
|