* check for invalid keys that RSA_check_key misses
RSA_check_key checks for primality but that fails to catch this case
since 2 is prime. Instead we fetch p and q and verify that they are odd
and if not reject the key as invalid.
* circleci sucks
* Initial tests
* Implement.
Required updating many many tests based on my read of the RFC. Should be reviewed closely.
* Fix for py36
* flake8
* Improve coverage on hypothesis test
* Remove bad assertion in hypothesis test
* Update docs
* fix docs
* Fixed unicode support
* review
* docs review
* support 12-15 byte nonce sizes in OCB3
* Update tests/hazmat/primitives/test_aead.py
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* PKCS12 serialization wrapper supports PKCS12Certificate cas
* Added code from Felix's gist to serialize_key_and_certificate_to_pkcs12. Doesn't break current behaviour/tests, need to write validate new behaviour, write tests, and format code.
* Simplified instance check
* Tried to write tests, but I cannot figure out how to read the friendlyName from parsed_more_certs.
* Fixed test function and renamed it.
* Fixed formatting.
* Commiting before trying black
* Formatted updates to make flake8 and black happy.
* Fixed first review comments.
* remove forgotten print statement
* use backend.openssl_assert instead of if ...
* Documented changes.
* Updated documentation.
* Added OID
* Added to docuemntation for IPSec SAs
* Update docs/x509/reference.rst to correct the version change.
Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
* OCSP responses can contain multiple SINGLERESPs
Instead of throwing an exception when encountering a OCSP
response with multiple SINGLERESPs, throw the exception when
attempting to pull a single structure if multiple are present.
Add a response_iter property to the OCSP Response object, which
allows for iteration through all the SINGLERESPs, and properties
to be individually accessed for each.
* Small fixes to OCSP multiple response handling. Squash eventually
* Docs updates. Should be squashed
* Get rid of mutating iterator, replace with separate return object
* Fix versionadded strings in docs
* Cleanup docs & python bindings.
* support bitstring values in DNs
parsing is limited to x500UniqueIdentifier only
* Update src/cryptography/x509/name.py
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
The spec requires both of these to be exactly two characters to
correspond with ISO country codes. Reality is sometimes messier, so this
allows parsing (but not encoding) of this invalid data. Parsing will
raise a UserWarning if incorrect lengths are detected.
`rfc4514_string()` and related methods now have an optional
`attr_name_overrides` parameter to supply custom OID to name mappings,
which can be used to match vendor-specific extensions.
**BACKWARDS INCOMPATIBLE:** Reverted the nonstandard formatting of email
address fields as `E` in `rfc4514_string()` methods from version 35.0.
The previous behavior can be restored with:
`name.rfc4514_string({NameOID.EMAIL_ADDRESS: "E"})`
Expanded documentation of `Name.rfc4514_string`.
