Paul Kehrer
cea8a236ae
i grow weary of www.cosic.esat.kuleuven.be ( #10045 )
2023-12-23 15:58:41 +00:00
Alex Gaynor
eb06a6a83d
Added a benchmark for x.509 verification ( #10042 )
2023-12-23 12:55:21 -03:00
Paul Kehrer
957e65e48e
add automatic PRs for new commits on x509-limbo and wycheproof ( #10044 )
2023-12-23 15:49:12 +00:00
Alex Gaynor
c9578f28a1
Fixed a typo in test-vectors documentation ( #10041 )
2023-12-23 12:45:31 -03:00
Alex Gaynor
135050a5c1
Added certifi to test dependencies ( #10043 )
...
Needed for https://github.com/pyca/cryptography/pull/10042
2023-12-23 12:42:56 -03:00
Paul Kehrer
eac469a5c0
we call it unstable in the changelog and not experimental ( #10040 )
...
let's be consistent
2023-12-23 13:51:26 +00:00
Alex Gaynor
0d3af2266e
Rename x509-validation crate to verification for consistency with the Python API ( #10039 )
2023-12-23 09:37:48 -03:00
Alex Gaynor
6f77f13e16
Use non-deprecated name ( #10038 )
2023-12-23 09:35:59 -03:00
pyca-boringbot[bot]
b67066662a
Bump BoringSSL and/or OpenSSL in CI ( #10037 )
...
Co-authored-by: pyca-boringbot[bot] <pyca-boringbot[bot]+106132319@users.noreply.github.com>
2023-12-22 19:16:16 -05:00
William Woodruff
d3f28d3ad8
x509/verification: add an API usage example ( #10036 )
...
* x509/verification: add an API usage example
Signed-off-by: William Woodruff <william@yossarian.net>
* Apply suggestions from code review
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
---------
Signed-off-by: William Woodruff <william@yossarian.net>
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
2023-12-22 19:15:56 -05:00
William Woodruff
38461e1c6d
CHANGELOG: record #8873 ( #10035 )
...
* CHANGELOG: record #8873
Signed-off-by: William Woodruff <william@yossarian.net>
* docs/x509/verification: clean up, update note
Signed-off-by: William Woodruff <william@yossarian.net>
* add module ref
Signed-off-by: William Woodruff <william@yossarian.net>
* CHANGELOG: Cryptograpy's -> our
Signed-off-by: William Woodruff <william@yossarian.net>
* CHANGELOG: reflow, better linkage
Signed-off-by: William Woodruff <william@yossarian.net>
---------
Signed-off-by: William Woodruff <william@yossarian.net>
2023-12-22 22:48:13 +00:00
William Woodruff
3763aa79b6
add initial X.509 path validation implementation ( #8873 )
2023-12-22 16:40:08 -05:00
pyca-boringbot[bot]
a47bfb6737
Bump BoringSSL and/or OpenSSL in CI ( #9968 )
...
Co-authored-by: pyca-boringbot[bot] <pyca-boringbot[bot]+106132319@users.noreply.github.com>
2023-12-22 13:55:09 +00:00
dependabot[bot]
58de809f6d
Bump openssl from 0.10.61 to 0.10.62 in /src/rust ( #10031 )
...
Bumps [openssl](https://github.com/sfackler/rust-openssl ) from 0.10.61 to 0.10.62.
- [Release notes](https://github.com/sfackler/rust-openssl/releases )
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.61...openssl-v0.10.62 )
---
updated-dependencies:
- dependency-name: openssl
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-22 13:42:31 +00:00
dependabot[bot]
7b3e3e5247
Bump openssl-sys from 0.9.97 to 0.9.98 in /src/rust ( #10030 )
...
Bumps [openssl-sys](https://github.com/sfackler/rust-openssl ) from 0.9.97 to 0.9.98.
- [Release notes](https://github.com/sfackler/rust-openssl/releases )
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-sys-v0.9.97...openssl-sys-v0.9.98 )
---
updated-dependencies:
- dependency-name: openssl-sys
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-22 13:29:26 +00:00
dependabot[bot]
ea5cfdad49
Bump mypy from 1.7.1 to 1.8.0 ( #10028 )
...
Bumps [mypy](https://github.com/python/mypy ) from 1.7.1 to 1.8.0.
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md )
- [Commits](https://github.com/python/mypy/compare/v1.7.1...v1.8.0 )
---
updated-dependencies:
- dependency-name: mypy
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-21 20:36:46 +00:00
dependabot[bot]
b63c0f40e2
Bump proc-macro2 from 1.0.70 to 1.0.71 in /src/rust ( #10027 )
...
Bumps [proc-macro2](https://github.com/dtolnay/proc-macro2 ) from 1.0.70 to 1.0.71.
- [Release notes](https://github.com/dtolnay/proc-macro2/releases )
- [Commits](https://github.com/dtolnay/proc-macro2/compare/1.0.70...1.0.71 )
---
updated-dependencies:
- dependency-name: proc-macro2
dependency-type: indirect
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-21 20:32:44 +00:00
dependabot[bot]
3ecbf8ea87
Bump ruff from 0.1.8 to 0.1.9 ( #10026 )
...
Bumps [ruff](https://github.com/astral-sh/ruff ) from 0.1.8 to 0.1.9.
- [Release notes](https://github.com/astral-sh/ruff/releases )
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md )
- [Commits](https://github.com/astral-sh/ruff/compare/v0.1.8...v0.1.9 )
---
updated-dependencies:
- dependency-name: ruff
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-21 20:27:57 +00:00
Alex Gaynor
d844fd4556
Split wycheproof tests up by file ( #10025 )
...
This provides greater parallelism. 25% faster at running wycheproof tests locally
2023-12-21 12:16:49 -06:00
Alex Gaynor
fb4c72c8bf
Added wycheproof vectors for pbkdf2 ( #10024 )
2023-12-21 08:30:36 -06:00
dependabot[bot]
ac6497f6f0
Bump syn from 2.0.41 to 2.0.42 in /src/rust ( #10022 )
...
Bumps [syn](https://github.com/dtolnay/syn ) from 2.0.41 to 2.0.42.
- [Release notes](https://github.com/dtolnay/syn/releases )
- [Commits](https://github.com/dtolnay/syn/compare/2.0.41...2.0.42 )
---
updated-dependencies:
- dependency-name: syn
dependency-type: indirect
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-21 07:10:10 -05:00
dependabot[bot]
dd4df8912d
Bump coverage from 7.3.3 to 7.3.4 ( #10023 )
...
Bumps [coverage](https://github.com/nedbat/coveragepy ) from 7.3.3 to 7.3.4.
- [Release notes](https://github.com/nedbat/coveragepy/releases )
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst )
- [Commits](https://github.com/nedbat/coveragepy/compare/7.3.3...7.3.4 )
---
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-21 07:10:01 -05:00
Alex Gaynor
a2ddd9607c
Try enabling X25519 with FIPS ( #10017 )
...
* Try enabling X25519 with FIPS
* Added version check
2023-12-20 12:52:08 -06:00
dependabot[bot]
34b2ee3268
Bump self_cell from 1.0.2 to 1.0.3 in /src/rust ( #10021 )
...
Bumps [self_cell](https://github.com/Voultapher/self_cell ) from 1.0.2 to 1.0.3.
- [Release notes](https://github.com/Voultapher/self_cell/releases )
- [Commits](https://github.com/Voultapher/self_cell/compare/v1.0.2...v1.0.3 )
---
updated-dependencies:
- dependency-name: self_cell
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-20 17:14:00 +00:00
dependabot[bot]
d6a9343614
Bump pkg-config from 0.3.27 to 0.3.28 in /src/rust ( #10020 )
...
Bumps [pkg-config](https://github.com/rust-lang/pkg-config-rs ) from 0.3.27 to 0.3.28.
- [Changelog](https://github.com/rust-lang/pkg-config-rs/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rust-lang/pkg-config-rs/compare/0.3.27...0.3.28 )
---
updated-dependencies:
- dependency-name: pkg-config
dependency-type: indirect
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-20 17:11:35 +00:00
Alex Gaynor
7b55917097
re-enable twisted downstream ( #10019 )
2023-12-20 04:18:43 +00:00
Alex Gaynor
9b83ac5e6f
Remove unused attribute ( #10018 )
2023-12-19 22:14:27 -06:00
Alex Gaynor
a9a4f5df1d
Build cp39 wheels in addition to cp37 ones ( #9998 )
2023-12-18 21:38:18 -06:00
Paul Kehrer
2525eb048a
support RSA PSS for CRLs ( #10013 )
...
adds rsa_padding kwarg to sign and also adds
signature_algorithm_parameters as a method to CRLs
2023-12-18 17:54:38 -05:00
Alex Gaynor
9ca6fd1e15
Remove unused argument ( #10012 )
2023-12-18 08:26:51 -06:00
David Benjamin
57e0d44008
Remove unused X509_STORE_set_get_issuer bindings ( #10011 )
...
This was added in https://github.com/pyca/cryptography/pull/3546 for AIA
chasing, but it doesn't seem to have ever been used. Moreover, I'm not sure
this is safe for use with AIA chasing anyway. This callback replaces the
built-in lookup within an X509_STORE, but certificates from an X509_STORE are
"trusted" certificates:
https://github.com/openssl/openssl/blob/openssl-3.2.0/crypto/x509/x509_vfy.c#L3184-L3198
While this does not automatically make it a trust anchor, it makes it eligible
for being a trust anchor. Trust anchors are determined by some combination of
out-of-band metadata (X509_add1_trust_object) and a "compatibility" step of
whether the certificate is self-signed:
https://man.openbsd.org/X509_check_trust.3
This means, if an application uses this callback to implement AIA fetching, in
most configurations, if the (should be untrusted) AIA fetch returned any
self-signed certificate, it would automatically be treated as a trust anchor!
Remove this binding before someone inadvertently does this.
2023-12-17 17:20:15 -05:00
Alex Gaynor
783803d676
Various (pedantic) clippy cleanups ( #10010 )
2023-12-17 15:23:51 -06:00
Alex Gaynor
58f2483f78
Use newer upload-artifacts action in one place ( #10008 )
2023-12-16 13:48:19 +00:00
dependabot[bot]
e0d18129b4
Bump coverage from 7.3.2 to 7.3.3 ( #10001 )
...
Bumps [coverage](https://github.com/nedbat/coveragepy ) from 7.3.2 to 7.3.3.
- [Release notes](https://github.com/nedbat/coveragepy/releases )
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst )
- [Commits](https://github.com/nedbat/coveragepy/compare/7.3.2...7.3.3 )
---
updated-dependencies:
- dependency-name: coverage
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-15 06:54:45 -05:00
dependabot[bot]
e27b956ff6
Bump ruff from 0.1.7 to 0.1.8 ( #10000 )
...
Bumps [ruff](https://github.com/astral-sh/ruff ) from 0.1.7 to 0.1.8.
- [Release notes](https://github.com/astral-sh/ruff/releases )
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md )
- [Commits](https://github.com/astral-sh/ruff/compare/v0.1.7...v0.1.8 )
---
updated-dependencies:
- dependency-name: ruff
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-14 07:04:20 -05:00
Alex Gaynor
bbf3003f51
Disable twisted downstream tests for now ( #9999 )
2023-12-13 21:46:40 -06:00
dependabot[bot]
68efdda008
Bump sigstore from 2.0.1 to 2.1.0 in /.github/requirements ( #9995 )
...
Bumps [sigstore](https://github.com/sigstore/sigstore-python ) from 2.0.1 to 2.1.0.
- [Release notes](https://github.com/sigstore/sigstore-python/releases )
- [Changelog](https://github.com/sigstore/sigstore-python/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sigstore/sigstore-python/compare/v2.0.1...v2.1.0 )
---
updated-dependencies:
- dependency-name: sigstore
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-13 12:29:44 +00:00
dependabot[bot]
414ec22fec
Bump pem from 3.0.2 to 3.0.3 in /src/rust ( #9997 )
...
Bumps [pem](https://github.com/jcreekmore/pem-rs ) from 3.0.2 to 3.0.3.
- [Changelog](https://github.com/jcreekmore/pem-rs/blob/master/CHANGELOG.md )
- [Commits](https://github.com/jcreekmore/pem-rs/compare/v3.0.2...v3.0.3 )
---
updated-dependencies:
- dependency-name: pem
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-13 12:21:00 +00:00
dependabot[bot]
2657f1eb84
Bump syn from 2.0.40 to 2.0.41 in /src/rust ( #9996 )
...
Bumps [syn](https://github.com/dtolnay/syn ) from 2.0.40 to 2.0.41.
- [Release notes](https://github.com/dtolnay/syn/releases )
- [Commits](https://github.com/dtolnay/syn/compare/2.0.40...2.0.41 )
---
updated-dependencies:
- dependency-name: syn
dependency-type: indirect
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-13 07:16:17 -05:00
dependabot[bot]
c56d7d56b7
Bump id from 1.1.0 to 1.2.1 in /.github/requirements ( #9994 )
...
Bumps [id](https://github.com/di/id ) from 1.1.0 to 1.2.1.
- [Release notes](https://github.com/di/id/releases )
- [Changelog](https://github.com/di/id/blob/main/CHANGELOG.md )
- [Commits](https://github.com/di/id/compare/v1.1.0...v1.2.1 )
---
updated-dependencies:
- dependency-name: id
dependency-type: indirect
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-13 07:13:39 -05:00
dependabot[bot]
d4ebfc677a
Bump babel from 2.13.1 to 2.14.0 ( #9993 )
...
Bumps [babel](https://github.com/python-babel/babel ) from 2.13.1 to 2.14.0.
- [Release notes](https://github.com/python-babel/babel/releases )
- [Changelog](https://github.com/python-babel/babel/blob/master/CHANGES.rst )
- [Commits](https://github.com/python-babel/babel/compare/v2.13.1...v2.14.0 )
---
updated-dependencies:
- dependency-name: babel
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-13 07:11:03 -05:00
dependabot[bot]
8f2be00dfe
Bump dawidd6/action-download-artifact from 2.28.0 to 3.0.0 ( #9992 )
...
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact ) from 2.28.0 to 3.0.0.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases )
- [Commits](268677152d...e7466d1a75
2023-12-13 07:05:31 -05:00
Alex Gaynor
70b2bc77ca
Simplify verifying README.rst in CI ( #9991 )
2023-12-12 14:24:27 -06:00
Alex Gaynor
a8b96dab9b
Simplify the release process: No need to pass the version to release.py ( #9990 )
2023-12-12 06:09:51 -08:00
dependabot[bot]
d81fd662f7
Bump distlib from 0.3.7 to 0.3.8 ( #9989 )
...
Bumps [distlib](https://github.com/pypa/distlib ) from 0.3.7 to 0.3.8.
- [Release notes](https://github.com/pypa/distlib/releases )
- [Changelog](https://github.com/pypa/distlib/blob/master/CHANGES.rst )
- [Commits](https://github.com/pypa/distlib/compare/0.3.7...0.3.8 )
---
updated-dependencies:
- dependency-name: distlib
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-12 07:01:30 -05:00
dependabot[bot]
46ce4cc83a
Bump pathspec from 0.12.0 to 0.12.1 ( #9987 )
...
Bumps [pathspec](https://github.com/cpburnz/python-pathspec ) from 0.12.0 to 0.12.1.
- [Release notes](https://github.com/cpburnz/python-pathspec/releases )
- [Changelog](https://github.com/cpburnz/python-pathspec/blob/master/CHANGES.rst )
- [Commits](https://github.com/cpburnz/python-pathspec/compare/v0.12.0...v0.12.1 )
---
updated-dependencies:
- dependency-name: pathspec
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-11 07:05:26 -05:00
dependabot[bot]
81576d362a
Bump syn from 2.0.39 to 2.0.40 in /src/rust ( #9986 )
...
Bumps [syn](https://github.com/dtolnay/syn ) from 2.0.39 to 2.0.40.
- [Release notes](https://github.com/dtolnay/syn/releases )
- [Commits](https://github.com/dtolnay/syn/compare/2.0.39...2.0.40 )
---
updated-dependencies:
- dependency-name: syn
dependency-type: indirect
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-11 07:04:43 -05:00
Alex Gaynor
cd9cb8b488
Remind people about rust in the dev docs ( #9985 )
2023-12-10 17:39:06 +00:00
Alex Gaynor
0a1f26b48f
Document tests-nocoverage in our dev docs ( #9984 )
...
There's limited value in running coverage locally, since no single build produces 100% coverage
2023-12-10 11:29:29 -06:00
dependabot[bot]
6924c25aa6
Bump typing-extensions from 4.8.0 to 4.9.0 in /.github/requirements ( #9982 )
...
Bumps [typing-extensions](https://github.com/python/typing_extensions ) from 4.8.0 to 4.9.0.
- [Release notes](https://github.com/python/typing_extensions/releases )
- [Changelog](https://github.com/python/typing_extensions/blob/main/CHANGELOG.md )
- [Commits](https://github.com/python/typing_extensions/compare/4.8.0...4.9.0 )
---
updated-dependencies:
- dependency-name: typing-extensions
dependency-type: indirect
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-10 11:59:34 -05:00
