Add set_verify method on Connection #255
Comments
|
|
|
Sorry, what exactly does this do? |
|
That method is on |
|
To elaborate on this a bit further: |
|
Ah gotcha. |
pablosole
pushed a commit
to pablosole/pyopenssl
that referenced
this issue
Jun 5, 2019
pablosole
pushed a commit
to pablosole/pyopenssl
that referenced
this issue
Jun 5, 2019
pablosole
pushed a commit
to pablosole/pyopenssl
that referenced
this issue
Jun 5, 2019
|
We have some renewed interest in this from some folks in mitmproxy/mitmproxy#5019, it also looks like we wouldn't be the only ones for whom this would be useful. I'd be happy to re-add the bindings to cryptography and then update #844. @alex, @reaperhulk et al: Is this something you would be willing to merge, or too much extra complexity for too little value? I don't have strong feelings, we can easily continue to work around this on our end if necessary. |
|
Adding this to Connection + a single additional binding in cryptography seems reasonable to me given that you have people interested in actually using it. |
mhils
added a commit
to mhils/cryptography
that referenced
this issue
Jan 6, 2022
alex
pushed a commit
to pyca/cryptography
that referenced
this issue
Jan 6, 2022
mhils
added a commit
to mhils/pyopenssl
that referenced
this issue
Jan 6, 2022
mhils
added a commit
to mhils/pyopenssl
that referenced
this issue
Jan 6, 2022
clrpackages
pushed a commit
to clearlinux-pkgs/pypi-cryptography_vectors
that referenced
this issue
Apr 28, 2022
…36.0.2 to version 37.0.0
Adrien Ferrand (2):
Pin josepy to 1.13.0 in downstream tests (#7063)
Use poetry directly to test josepy (#7069)
Alex Gaynor (141):
Reopen main for the 37.0.0 release (#6645)
iso8601 is now typed (#6649)
Update comment to reflect new reason this is needed (#6650)
Finally remove deprecated int_from_bytes (#6652)
fixes #6653 -- update boringssl (#6654)
Remove link argument handling that's not required on py3 (#6655)
bumped libressl version in c (#6657)
LibreSSL added support for the required RSA functions in 3.1.0 (#6658)
LibreSSL added support for this X.509 flag in 3.2.2 (#6659)
Drop supported for older LibreSSL (#6660)
Bump the version of the checkout action (#6661)
Remove branches that were no longer useful (#6664)
Use subtests in a few more RSA tests (#6666)
closes #6663 -- deprecate openssl 1.1.0 support (#6667)
Remove read_only_property and precisely type all these getters (#6668)
Remove coverage from dev-requirements.txt (#6674)
fixed out of date error message (#6675)
update urls in readme to avoid redirect (#6683)
Don't mess with the system in macarm cache (#6686)
use canonical url in this error message (#6685)
update upload-artifacts (#6691)
Remove a no-op supported method (#6692)
Remove two passenvs that aren't relevant any longer (#6693)
update to latest OpenSSL releases (#6706)
Fix mypy (#6711)
Factor some regexps into constants (#6713)
Expand typing coverage to exceptions (#6717)
more typing in x963kdf.py (#6720)
Improve typing of ocsp module (#6721)
Properly type Prehashed.digest_size (#6722)
improve typing of x509.bae module (#6727)
clean up some code to not randomly create a dict (#6729)
Improve typing of x509.name module (#6726)
Try including python version in the cache (#6741)
Don't test with coverage on py311 due to segfaults (#6743)
Handle large OIDs cleanly (#6742)
type an extra param (#6748)
Expand typing of DH, DSA, and EC (#6753)
Added additional typing to a few functions (#6754)
Put a timeout on all clones (#6762)
Start typing the internals of the ssh module (#6761)
More typing of the ssh module internals (#6772)
Added some typing for DH and DSA (#6773)
Swap out the struct module for int methods (#6774)
Improve typing in mode code (#6775)
Improve type coverage on some backend internals (#6776)
Improve type coverage for a few backend EC methods (#6777)
Remove Zuul from our CI (#6778)
Fix O(n^2) and excessive copying in OCSPResponseIterator (#6782)
Run tox in verbose mode (#6785)
More v! We need more v! (#6786)
link to classes in changelog (#6788)
Drop the OCI arm64 builder, we're on CircleCI now (#6789)
cache the cargo src dir in CI (#6791)
Cache pip downloads in CI (#6798)
Document M1 CI (#6799)
Update circleci images (#6808)
Clean up the language in the docs now that 3.6 is the minimum we support (#6825)
Random cleanups (#6824)
Build BoringSSL from the master branch rather than the main-with-bazel branch (#6826)
Format for new black (#6828)
Remove explicit subclassing of object now that all classes are new-style (#6830)
Pre-announce that this will be the last release with manylinux2010 wheels (#6831)
point to the AEAD version of GCM in the FAQ (#6832)
Remove FAQ that's no longer relevant (#6833)
fixes #6840 - update boringssl (#6841)
instrument-coverage is being stabalized, switch to stable flag (#6842)
Switch from centos to rhel in CI (#6844)
Timeout fetching from cache (#6845)
fixes #6804 -- improve error message quality with invalid characters in name attributes (#6843)
Test against Alpine on aarch64 (#6846)
fixes #6848 -- bump boringssl version used in ci (#6849)
refs #6835 -- added oid constants for SHA3 signatures (#6850)
Run 3.11-dev a bunch to see if it still crashes (#6847)
fixes #6835 -- add signatures with sha3 for rsa and ecdsa (#6852)
fixes #6580 -- allow serializing SCT extension (#6853)
fixes #6855 -- update boringssl in CI (#6856)
Bump BoringSSL in CI (#6861)
fixes #6862 -- added a test case for pkcs12 serialization with an RSA key (#6864)
Don't generate subtests for KBKDF vectors that are always skipped (#6866)
Pin setuptools to fix build failure on pypy (#6868)
fixed #6869 - bump boringssl version in ci (#6870)
fixes #6873 -- bump boringssl version (#6874)
Make a branch more specific now that libressl 3.4 is out (#6876)
fixes #6877 -- bump boringssl (#6878)
fixes #6885 -- update boringssl in ci (#6886)
fixes #6890 -- bumped boringssl version (#6891)
bump boringssl (#6900)
Rust beta now supports coverage (#6907)
Don't explicitly define __ne__ any longer (#6908)
handle connection timeouts in download_openssl.py (#6909)
Begin deprecation process for Python 3.6 (#6913)
refactor utils.deprecated to be more mypy friendly (#6923)
fixes #6809 -- deprecate 4 legacy ciphers (#6922)
fixes #6927 -- handle negative return values from openssl (#6928)
Fixed serialization of keyusage ext with no bits (#6930)
update boringssl used in ci (#6938)
update boringssl in ci (#6940)
Convert some old-style formatting to f strings (#6945)
Don't reference unsupported version in installation docs (#6946)
Update skip string that's no longer accurate (#6947)
remove unused deprecated bindings (#6951)
Remove initialization call that's not required in 1.1.0+ (#6952)
Try using FromPyObject for X.509 extension encoding (#6953)
Forward port changelog for 36.0.2 (#6965)
bump boringssl (#6967)
fixes #6970 -- improve error message when OtherName.value isn't DER (#6971)
bump libressl versions in ci (#6975)
enforce that GeneralSubtrees for NameConstraints must be None or non-empty (#6983)
Load test params inside test function instead of at collection time (#6980)
Remove unused bindings (#6984)
Try removing the SSL_library_init call in initialization (#6986)
fixes #6767 -- use current image in circleci (#6991)
update boringssl in ci (#6994)
fixes #6917 -- simplify assertions to in a test to make more portable (#7004)
bump boringssl used in ci (#7008)
fixes #7005 -- check if public keys are at infinity earlier (#7020)
Move linkcheck back into ci.yml (#7017)
Added a non-public API for setting the tag on an attribute (#7038)
Added Ubuntu Jammy to CI (#7047)
bump boringssl in ci (#7054)
bump boringssl in ci (#7060)
Update pyo3 to 0.15.2 (#7068)
begin testing on pypy 3.9 (#6887)
version isn't required in wheel builder (#7071)
Drop manylinux2010 wheels for PyPy (#7072)
Bump actions/checkout due to changes in git in some containers (#7075)
bump boringssl version in ci (#7074)
Build wheels for PyPy 3.9. (#7070)
fix comment for find_in_pem (#7078)
Implement a parser for RFC4514 strings (#7055)
fixes #7081 -- correctly handle escape sequences in RFC4514 strings (#7083)
Refs #7079 -- added basic scaffholding for benchmarks (#7087)
fixes #6681 -- document that we now link against 3.0.2 (#7093)
bump boringssl in ci (#7095)
bump boringssl in ci (#7097)
bump boringssl in ci (#7101)
added octet string tag (#7106)
Be clear that OpenSSL 1.1.0 is going bye bye (#7108)
boringssl ci bump (#7111)
Remove trailing white space in docs (#7115)
April King (1):
Found another place where ancient PBKDF2 iterations were listed (#6816)
Bar Harel (1):
Informative error on incompatible Fernet key (#6768)
Charlie Li (1):
Support LibreSSL 3.5.0 (#6919)
Christian Heimes (3):
Block TripleDES in FIPS mode (#6879)
Disable DSA tests in FIPS mode (#6916)
Dedicated check for signature hash algorithms (#6931)
Duncan Macleod (1):
setup.cfg: use SPDX license expression (#7050)
Dustin Ingram (1):
Fix indentation in docs/x509/reference.rst (#7044)
Jonathan Slenders (1):
Add types for padding.PSS class. (#6882)
Mathias Ertl (1):
make ExtensionTypeVar covariant (#7033)
Maximilian Hils (1):
add `SSL_set_verify` binding for pyca/pyopenssl#255 (#6797)
Natalia Maximo (1):
fix: fixed confusing typo on DSA docs (#6662)
Paul Kehrer (72):
switch to .tar.xz for the vectors (#6646)
support parsing bitstring values in DNs (#6629)
add macos arm64 self-hosted CI (#6672)
build a universal2 wheel (#6565)
remove signer/verifier as they've been deprecated for 4.25 years (#6639)
limit actions token permissions more (#6696)
port 36.0.1 changelog (#6705)
type pkcs7 padder/unpadder return type (#6718)
simplify _calculate_digest_and_algorithm (#6719)
type the pkcs7signaturebuilder init (#6724)
type a test double (#6723)
type some of the private interfaces of poly1305 (#6725)
more internal typing. supported methods, hash, hmac (#6728)
type _conditional to lower the untyped percentage (#6730)
more backend typing (#6731)
type more things by removing our property one-liners (#6732)
incrementally type backend part n of m (#6733)
some dh typing and a refactor to inline a single call (#6735)
simple internal aead typing (#6736)
improve types in the binding (#6737)
remove a pointless test (#6746)
add some missing pkcs12 tests to cover more of our behavior (#6745)
more cipher typing (#6738)
improvements to public/private key types and misc backend typing (#6734)
dsa and hashes internal typing (#6747)
more type annotations for internal rsa (#6749)
add some more mypy flags (#6751)
type encryptor/decryptor (#6744)
remove the backend interfaces (#6750)
consistently use object for other in eq/ne types (#6756)
improve typing for internal cmac code (#6757)
type more asym internals (#6758)
We don't pass the cffi buffer from any other method like this (#6759)
add circleci for arm64 linux (#6763)
more internal typing for ssh (#6779)
more pointless typing to improve metrics (#6780)
type a context manager and its helper (#6781)
make the pip cache work in docker containers (#6793)
boring bump (#6893)
new rust, new clippy, new warnings (#6898)
bump boring (#6905)
bump boring (#6915)
use new windows openssl builds (#6954)
update boring (#6958)
test against 1.1.1n (#6963)
updating boring (#6978)
bump boring (#6990)
update boring in ci (#6997)
bump boring for ci (#7001)
OCB3 test vectors for 104, 112, and 120-bit nonces (#7009)
support 12-15 byte nonce sizes in OCB3 (#7011)
bump boring in ci (#7016)
switch to using venvs in our containers (#7023)
bump boring in CI (#7024)
we documented this as 2**31 - 1, enforce it at the right spot (#7025)
our NIST vector loader needs unique keys (#7026)
add new bindings for OpenSSL 3.0.0 cipher fetching/freeing (#7027)
small refactors for upcoming SIV support (#7028)
SIV support (#7029)
update pkcs7 test vectors (#7030)
increase default python version for testing (#7032)
serialize certs to pkcs7 (#7034)
fix two compiler warnings (#7036)
check for invalid keys that RSA_check_key misses (#7080)
Add support for PSS.AUTO and PSS.DIGEST_LENGTH (#7082)
MSRV bump warning (#7084)
add RSA PSS test vectors (#7086)
1.48.0 will be our next MSRV (#7092)
upgrade bookworm and ubuntu rolling to py310 (#7103)
bump boring in ci (#7114)
Load RSA PSS keys as regular RSA keys (#7112)
version bump for 37 release (#7085)
ajoino (2):
Added X509_alias_set1 to the ffi (#6897)
Serialize PKCS12 CA alias/friendlyName (#6910)
dependabot[bot] (59):
Bump libc from 0.2.107 to 0.2.108 in /src/rust (#6647)
Bump actions/cache from 2.1.6 to 2.1.7 (#6648)
Bump syn from 1.0.81 to 1.0.82 in /src/rust (#6656)
Bump actions/setup-python from 2.3.0 to 2.3.1 (#6670)
Bump libc from 0.2.108 to 0.2.109 in /src/rust (#6677)
Bump proc-macro2 from 1.0.32 to 1.0.33 in /src/rust (#6678)
Bump libc from 0.2.109 to 0.2.110 in /src/rust (#6690)
Bump libc from 0.2.110 to 0.2.111 in /src/rust (#6698)
Bump libc from 0.2.111 to 0.2.112 in /src/rust (#6701)
Bump once_cell from 1.8.0 to 1.9.0 in /src/rust (#6707)
Bump proc-macro2 from 1.0.33 to 1.0.34 in /src/rust (#6708)
Bump syn from 1.0.82 to 1.0.83 in /src/rust (#6752)
Bump syn from 1.0.83 to 1.0.84 in /src/rust (#6764)
Bump proc-macro2 from 1.0.34 to 1.0.36 in /src/rust (#6766)
Bump quote from 1.0.10 to 1.0.14 in /src/rust (#6769)
Bump version_check from 0.9.3 to 0.9.4 in /src/rust (#6770)
Bump pem from 1.0.1 to 1.0.2 in /src/rust (#6784)
Bump syn from 1.0.84 to 1.0.85 in /src/rust (#6795)
Bump smallvec from 1.7.0 to 1.8.0 in /src/rust (#6807)
Bump syn from 1.0.85 to 1.0.86 in /src/rust (#6811)
Bump libc from 0.2.112 to 0.2.113 in /src/rust (#6812)
Bump quote from 1.0.14 to 1.0.15 in /src/rust (#6814)
Bump libc from 0.2.113 to 0.2.114 in /src/rust (#6817)
Bump libc from 0.2.114 to 0.2.115 in /src/rust (#6819)
Bump lock_api from 0.4.5 to 0.4.6 in /src/rust (#6822)
Bump libc from 0.2.115 to 0.2.116 in /src/rust (#6823)
Bump actions/setup-python from 2.3.1 to 2.3.2 (#6839)
Bump libc from 0.2.116 to 0.2.117 in /src/rust (#6837)
Bump autocfg from 1.0.1 to 1.1.0 in /src/rust (#6851)
Bump ouroboros from 0.13.0 to 0.14.2 in /src/rust (#6863)
Bump actions/github-script from 5 to 6 (#6867)
Bump libc from 0.2.117 to 0.2.118 in /src/rust (#6871)
Bump unindent from 0.1.7 to 0.1.8 in /src/rust (#6881)
Bump libc from 0.2.118 to 0.2.119 in /src/rust (#6884)
Bump actions/setup-python from 2.3.2 to 3.0.0 (#6911)
Bump redox_syscall from 0.2.10 to 0.2.11 in /src/rust (#6918)
Bump once_cell from 1.9.0 to 1.10.0 in /src/rust (#6934)
Bump syn from 1.0.86 to 1.0.87 in /src/rust (#6956)
Bump syn from 1.0.87 to 1.0.88 in /src/rust (#6959)
Bump libc from 0.2.119 to 0.2.120 in /src/rust (#6960)
Bump syn from 1.0.88 to 1.0.89 in /src/rust (#6972)
Bump quote from 1.0.15 to 1.0.16 in /src/rust (#6974)
Bump libc from 0.2.120 to 0.2.121 in /src/rust (#6979)
Bump ouroboros from 0.14.2 to 0.15.0 in /src/rust (#6985)
Bump actions/cache from 2.1.7 to 3 (#6988)
Bump redox_syscall from 0.2.11 to 0.2.12 in /src/rust (#6999)
Bump quote from 1.0.16 to 1.0.17 in /src/rust (#7003)
Bump syn from 1.0.89 to 1.0.90 in /src/rust (#7012)
Bump lock_api from 0.4.6 to 0.4.7 in /src/rust (#7014)
Bump redox_syscall from 0.2.12 to 0.2.13 in /src/rust (#7013)
Bump actions/setup-python from 3.0.0 to 3.1.0 (#7019)
Bump syn from 1.0.90 to 1.0.91 in /src/rust (#7045)
Bump libc from 0.2.121 to 0.2.122 in /src/rust (#7048)
Bump proc-macro2 from 1.0.36 to 1.0.37 in /src/rust (#7046)
Bump actions/setup-python from 3.1.0 to 3.1.1 (#7049)
Bump quote from 1.0.17 to 1.0.18 in /src/rust (#7058)
Bump actions/setup-python from 3.1.1 to 3.1.2 (#7061)
Bump libc from 0.2.122 to 0.2.123 in /src/rust (#7066)
Bump libc from 0.2.123 to 0.2.124 in /src/rust (#7090)
sanchayanghosh (1):
Added OID for #6920 (#6925)
turettn (1):
Basic support for multiple SINGLERESP messages in one OCSP response, take 2 (#6410)
whiteowl3 (1):
allow ed pk12, better tests (#6865)
可可熊 (1):
add TLSv1.3 PSKs function bindings (#7002)
clrpackages
pushed a commit
to clearlinux-pkgs/pypi-cryptography
that referenced
this issue
May 5, 2022
…o version 37.0.1
Adrien Ferrand (2):
Pin josepy to 1.13.0 in downstream tests (#7063)
Use poetry directly to test josepy (#7069)
Alex Gaynor (141):
Reopen main for the 37.0.0 release (#6645)
iso8601 is now typed (#6649)
Update comment to reflect new reason this is needed (#6650)
Finally remove deprecated int_from_bytes (#6652)
fixes #6653 -- update boringssl (#6654)
Remove link argument handling that's not required on py3 (#6655)
bumped libressl version in c (#6657)
LibreSSL added support for the required RSA functions in 3.1.0 (#6658)
LibreSSL added support for this X.509 flag in 3.2.2 (#6659)
Drop supported for older LibreSSL (#6660)
Bump the version of the checkout action (#6661)
Remove branches that were no longer useful (#6664)
Use subtests in a few more RSA tests (#6666)
closes #6663 -- deprecate openssl 1.1.0 support (#6667)
Remove read_only_property and precisely type all these getters (#6668)
Remove coverage from dev-requirements.txt (#6674)
fixed out of date error message (#6675)
update urls in readme to avoid redirect (#6683)
Don't mess with the system in macarm cache (#6686)
use canonical url in this error message (#6685)
update upload-artifacts (#6691)
Remove a no-op supported method (#6692)
Remove two passenvs that aren't relevant any longer (#6693)
update to latest OpenSSL releases (#6706)
Fix mypy (#6711)
Factor some regexps into constants (#6713)
Expand typing coverage to exceptions (#6717)
more typing in x963kdf.py (#6720)
Improve typing of ocsp module (#6721)
Properly type Prehashed.digest_size (#6722)
improve typing of x509.bae module (#6727)
clean up some code to not randomly create a dict (#6729)
Improve typing of x509.name module (#6726)
Try including python version in the cache (#6741)
Don't test with coverage on py311 due to segfaults (#6743)
Handle large OIDs cleanly (#6742)
type an extra param (#6748)
Expand typing of DH, DSA, and EC (#6753)
Added additional typing to a few functions (#6754)
Put a timeout on all clones (#6762)
Start typing the internals of the ssh module (#6761)
More typing of the ssh module internals (#6772)
Added some typing for DH and DSA (#6773)
Swap out the struct module for int methods (#6774)
Improve typing in mode code (#6775)
Improve type coverage on some backend internals (#6776)
Improve type coverage for a few backend EC methods (#6777)
Remove Zuul from our CI (#6778)
Fix O(n^2) and excessive copying in OCSPResponseIterator (#6782)
Run tox in verbose mode (#6785)
More v! We need more v! (#6786)
link to classes in changelog (#6788)
Drop the OCI arm64 builder, we're on CircleCI now (#6789)
cache the cargo src dir in CI (#6791)
Cache pip downloads in CI (#6798)
Document M1 CI (#6799)
Update circleci images (#6808)
Clean up the language in the docs now that 3.6 is the minimum we support (#6825)
Random cleanups (#6824)
Build BoringSSL from the master branch rather than the main-with-bazel branch (#6826)
Format for new black (#6828)
Remove explicit subclassing of object now that all classes are new-style (#6830)
Pre-announce that this will be the last release with manylinux2010 wheels (#6831)
point to the AEAD version of GCM in the FAQ (#6832)
Remove FAQ that's no longer relevant (#6833)
fixes #6840 - update boringssl (#6841)
instrument-coverage is being stabalized, switch to stable flag (#6842)
Switch from centos to rhel in CI (#6844)
Timeout fetching from cache (#6845)
fixes #6804 -- improve error message quality with invalid characters in name attributes (#6843)
Test against Alpine on aarch64 (#6846)
fixes #6848 -- bump boringssl version used in ci (#6849)
refs #6835 -- added oid constants for SHA3 signatures (#6850)
Run 3.11-dev a bunch to see if it still crashes (#6847)
fixes #6835 -- add signatures with sha3 for rsa and ecdsa (#6852)
fixes #6580 -- allow serializing SCT extension (#6853)
fixes #6855 -- update boringssl in CI (#6856)
Bump BoringSSL in CI (#6861)
fixes #6862 -- added a test case for pkcs12 serialization with an RSA key (#6864)
Don't generate subtests for KBKDF vectors that are always skipped (#6866)
Pin setuptools to fix build failure on pypy (#6868)
fixed #6869 - bump boringssl version in ci (#6870)
fixes #6873 -- bump boringssl version (#6874)
Make a branch more specific now that libressl 3.4 is out (#6876)
fixes #6877 -- bump boringssl (#6878)
fixes #6885 -- update boringssl in ci (#6886)
fixes #6890 -- bumped boringssl version (#6891)
bump boringssl (#6900)
Rust beta now supports coverage (#6907)
Don't explicitly define __ne__ any longer (#6908)
handle connection timeouts in download_openssl.py (#6909)
Begin deprecation process for Python 3.6 (#6913)
refactor utils.deprecated to be more mypy friendly (#6923)
fixes #6809 -- deprecate 4 legacy ciphers (#6922)
fixes #6927 -- handle negative return values from openssl (#6928)
Fixed serialization of keyusage ext with no bits (#6930)
update boringssl used in ci (#6938)
update boringssl in ci (#6940)
Convert some old-style formatting to f strings (#6945)
Don't reference unsupported version in installation docs (#6946)
Update skip string that's no longer accurate (#6947)
remove unused deprecated bindings (#6951)
Remove initialization call that's not required in 1.1.0+ (#6952)
Try using FromPyObject for X.509 extension encoding (#6953)
Forward port changelog for 36.0.2 (#6965)
bump boringssl (#6967)
fixes #6970 -- improve error message when OtherName.value isn't DER (#6971)
bump libressl versions in ci (#6975)
enforce that GeneralSubtrees for NameConstraints must be None or non-empty (#6983)
Load test params inside test function instead of at collection time (#6980)
Remove unused bindings (#6984)
Try removing the SSL_library_init call in initialization (#6986)
fixes #6767 -- use current image in circleci (#6991)
update boringssl in ci (#6994)
fixes #6917 -- simplify assertions to in a test to make more portable (#7004)
bump boringssl used in ci (#7008)
fixes #7005 -- check if public keys are at infinity earlier (#7020)
Move linkcheck back into ci.yml (#7017)
Added a non-public API for setting the tag on an attribute (#7038)
Added Ubuntu Jammy to CI (#7047)
bump boringssl in ci (#7054)
bump boringssl in ci (#7060)
Update pyo3 to 0.15.2 (#7068)
begin testing on pypy 3.9 (#6887)
version isn't required in wheel builder (#7071)
Drop manylinux2010 wheels for PyPy (#7072)
Bump actions/checkout due to changes in git in some containers (#7075)
bump boringssl version in ci (#7074)
Build wheels for PyPy 3.9. (#7070)
fix comment for find_in_pem (#7078)
Implement a parser for RFC4514 strings (#7055)
fixes #7081 -- correctly handle escape sequences in RFC4514 strings (#7083)
Refs #7079 -- added basic scaffholding for benchmarks (#7087)
fixes #6681 -- document that we now link against 3.0.2 (#7093)
bump boringssl in ci (#7095)
bump boringssl in ci (#7097)
bump boringssl in ci (#7101)
added octet string tag (#7106)
Be clear that OpenSSL 1.1.0 is going bye bye (#7108)
boringssl ci bump (#7111)
Remove trailing white space in docs (#7115)
April King (1):
Found another place where ancient PBKDF2 iterations were listed (#6816)
Bar Harel (1):
Informative error on incompatible Fernet key (#6768)
Charlie Li (1):
Support LibreSSL 3.5.0 (#6919)
Christian Heimes (3):
Block TripleDES in FIPS mode (#6879)
Disable DSA tests in FIPS mode (#6916)
Dedicated check for signature hash algorithms (#6931)
Duncan Macleod (1):
setup.cfg: use SPDX license expression (#7050)
Dustin Ingram (1):
Fix indentation in docs/x509/reference.rst (#7044)
Jonathan Slenders (1):
Add types for padding.PSS class. (#6882)
Mathias Ertl (1):
make ExtensionTypeVar covariant (#7033)
Maximilian Hils (1):
add `SSL_set_verify` binding for pyca/pyopenssl#255 (#6797)
Natalia Maximo (1):
fix: fixed confusing typo on DSA docs (#6662)
Nicolas Haller (1):
Add typings to default_backend() (#7133)
Paul Kehrer (77):
switch to .tar.xz for the vectors (#6646)
support parsing bitstring values in DNs (#6629)
add macos arm64 self-hosted CI (#6672)
build a universal2 wheel (#6565)
remove signer/verifier as they've been deprecated for 4.25 years (#6639)
limit actions token permissions more (#6696)
port 36.0.1 changelog (#6705)
type pkcs7 padder/unpadder return type (#6718)
simplify _calculate_digest_and_algorithm (#6719)
type the pkcs7signaturebuilder init (#6724)
type a test double (#6723)
type some of the private interfaces of poly1305 (#6725)
more internal typing. supported methods, hash, hmac (#6728)
type _conditional to lower the untyped percentage (#6730)
more backend typing (#6731)
type more things by removing our property one-liners (#6732)
incrementally type backend part n of m (#6733)
some dh typing and a refactor to inline a single call (#6735)
simple internal aead typing (#6736)
improve types in the binding (#6737)
remove a pointless test (#6746)
add some missing pkcs12 tests to cover more of our behavior (#6745)
more cipher typing (#6738)
improvements to public/private key types and misc backend typing (#6734)
dsa and hashes internal typing (#6747)
more type annotations for internal rsa (#6749)
add some more mypy flags (#6751)
type encryptor/decryptor (#6744)
remove the backend interfaces (#6750)
consistently use object for other in eq/ne types (#6756)
improve typing for internal cmac code (#6757)
type more asym internals (#6758)
We don't pass the cffi buffer from any other method like this (#6759)
add circleci for arm64 linux (#6763)
more internal typing for ssh (#6779)
more pointless typing to improve metrics (#6780)
type a context manager and its helper (#6781)
make the pip cache work in docker containers (#6793)
boring bump (#6893)
new rust, new clippy, new warnings (#6898)
bump boring (#6905)
bump boring (#6915)
use new windows openssl builds (#6954)
update boring (#6958)
test against 1.1.1n (#6963)
updating boring (#6978)
bump boring (#6990)
update boring in ci (#6997)
bump boring for ci (#7001)
OCB3 test vectors for 104, 112, and 120-bit nonces (#7009)
support 12-15 byte nonce sizes in OCB3 (#7011)
bump boring in ci (#7016)
switch to using venvs in our containers (#7023)
bump boring in CI (#7024)
we documented this as 2**31 - 1, enforce it at the right spot (#7025)
our NIST vector loader needs unique keys (#7026)
add new bindings for OpenSSL 3.0.0 cipher fetching/freeing (#7027)
small refactors for upcoming SIV support (#7028)
SIV support (#7029)
update pkcs7 test vectors (#7030)
increase default python version for testing (#7032)
serialize certs to pkcs7 (#7034)
fix two compiler warnings (#7036)
check for invalid keys that RSA_check_key misses (#7080)
Add support for PSS.AUTO and PSS.DIGEST_LENGTH (#7082)
MSRV bump warning (#7084)
add RSA PSS test vectors (#7086)
1.48.0 will be our next MSRV (#7092)
upgrade bookworm and ubuntu rolling to py310 (#7103)
bump boring in ci (#7114)
Load RSA PSS keys as regular RSA keys (#7112)
version bump for 37 release (#7085)
pep 527 actually prohibits xztar (#7121)
update wheel builder for lib64 path (#7122)
Fix parsing of priv keys via pub key APIs to error properly in ossl3 (#7135)
restore some bindings for older pyopenssl temporarily (#7137)
37.0.1 changelog and version bump (#7139)
ajoino (2):
Added X509_alias_set1 to the ffi (#6897)
Serialize PKCS12 CA alias/friendlyName (#6910)
dependabot[bot] (59):
Bump libc from 0.2.107 to 0.2.108 in /src/rust (#6647)
Bump actions/cache from 2.1.6 to 2.1.7 (#6648)
Bump syn from 1.0.81 to 1.0.82 in /src/rust (#6656)
Bump actions/setup-python from 2.3.0 to 2.3.1 (#6670)
Bump libc from 0.2.108 to 0.2.109 in /src/rust (#6677)
Bump proc-macro2 from 1.0.32 to 1.0.33 in /src/rust (#6678)
Bump libc from 0.2.109 to 0.2.110 in /src/rust (#6690)
Bump libc from 0.2.110 to 0.2.111 in /src/rust (#6698)
Bump libc from 0.2.111 to 0.2.112 in /src/rust (#6701)
Bump once_cell from 1.8.0 to 1.9.0 in /src/rust (#6707)
Bump proc-macro2 from 1.0.33 to 1.0.34 in /src/rust (#6708)
Bump syn from 1.0.82 to 1.0.83 in /src/rust (#6752)
Bump syn from 1.0.83 to 1.0.84 in /src/rust (#6764)
Bump proc-macro2 from 1.0.34 to 1.0.36 in /src/rust (#6766)
Bump quote from 1.0.10 to 1.0.14 in /src/rust (#6769)
Bump version_check from 0.9.3 to 0.9.4 in /src/rust (#6770)
Bump pem from 1.0.1 to 1.0.2 in /src/rust (#6784)
Bump syn from 1.0.84 to 1.0.85 in /src/rust (#6795)
Bump smallvec from 1.7.0 to 1.8.0 in /src/rust (#6807)
Bump syn from 1.0.85 to 1.0.86 in /src/rust (#6811)
Bump libc from 0.2.112 to 0.2.113 in /src/rust (#6812)
Bump quote from 1.0.14 to 1.0.15 in /src/rust (#6814)
Bump libc from 0.2.113 to 0.2.114 in /src/rust (#6817)
Bump libc from 0.2.114 to 0.2.115 in /src/rust (#6819)
Bump lock_api from 0.4.5 to 0.4.6 in /src/rust (#6822)
Bump libc from 0.2.115 to 0.2.116 in /src/rust (#6823)
Bump actions/setup-python from 2.3.1 to 2.3.2 (#6839)
Bump libc from 0.2.116 to 0.2.117 in /src/rust (#6837)
Bump autocfg from 1.0.1 to 1.1.0 in /src/rust (#6851)
Bump ouroboros from 0.13.0 to 0.14.2 in /src/rust (#6863)
Bump actions/github-script from 5 to 6 (#6867)
Bump libc from 0.2.117 to 0.2.118 in /src/rust (#6871)
Bump unindent from 0.1.7 to 0.1.8 in /src/rust (#6881)
Bump libc from 0.2.118 to 0.2.119 in /src/rust (#6884)
Bump actions/setup-python from 2.3.2 to 3.0.0 (#6911)
Bump redox_syscall from 0.2.10 to 0.2.11 in /src/rust (#6918)
Bump once_cell from 1.9.0 to 1.10.0 in /src/rust (#6934)
Bump syn from 1.0.86 to 1.0.87 in /src/rust (#6956)
Bump syn from 1.0.87 to 1.0.88 in /src/rust (#6959)
Bump libc from 0.2.119 to 0.2.120 in /src/rust (#6960)
Bump syn from 1.0.88 to 1.0.89 in /src/rust (#6972)
Bump quote from 1.0.15 to 1.0.16 in /src/rust (#6974)
Bump libc from 0.2.120 to 0.2.121 in /src/rust (#6979)
Bump ouroboros from 0.14.2 to 0.15.0 in /src/rust (#6985)
Bump actions/cache from 2.1.7 to 3 (#6988)
Bump redox_syscall from 0.2.11 to 0.2.12 in /src/rust (#6999)
Bump quote from 1.0.16 to 1.0.17 in /src/rust (#7003)
Bump syn from 1.0.89 to 1.0.90 in /src/rust (#7012)
Bump lock_api from 0.4.6 to 0.4.7 in /src/rust (#7014)
Bump redox_syscall from 0.2.12 to 0.2.13 in /src/rust (#7013)
Bump actions/setup-python from 3.0.0 to 3.1.0 (#7019)
Bump syn from 1.0.90 to 1.0.91 in /src/rust (#7045)
Bump libc from 0.2.121 to 0.2.122 in /src/rust (#7048)
Bump proc-macro2 from 1.0.36 to 1.0.37 in /src/rust (#7046)
Bump actions/setup-python from 3.1.0 to 3.1.1 (#7049)
Bump quote from 1.0.17 to 1.0.18 in /src/rust (#7058)
Bump actions/setup-python from 3.1.1 to 3.1.2 (#7061)
Bump libc from 0.2.122 to 0.2.123 in /src/rust (#7066)
Bump libc from 0.2.123 to 0.2.124 in /src/rust (#7090)
sanchayanghosh (1):
Added OID for #6920 (#6925)
turettn (1):
Basic support for multiple SINGLERESP messages in one OCSP response, take 2 (#6410)
whiteowl3 (1):
allow ed pk12, better tests (#6865)
可可熊 (1):
add TLSv1.3 PSKs function bindings (#7002)
mhils
added a commit
to mhils/pyopenssl
that referenced
this issue
May 11, 2022
mhils
added a commit
to mhils/pyopenssl
that referenced
this issue
May 12, 2022
reaperhulk
pushed a commit
that referenced
this issue
May 13, 2022
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
When changing the context with set_context, the verify mode/callback is not updated from the new context, you need to call SSL_set_verify on the connection to update it.
This function is not currently exposed by Cryptography, so it will need to be added there too.
The text was updated successfully, but these errors were encountered: