* CHANGELOG: record past changes
Signed-off-by: William Woodruff <william@trailofbits.com>
* Update CHANGELOG.rst
Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
* CHANGELOG: feedback
Signed-off-by: William Woodruff <william@trailofbits.com>
* Update CHANGELOG.rst
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* syntax fix for boring action
* also link the right hash in boring PRs
* Bump BoringSSL version to 49350b22bebe0f0ec4d6279f268b19b612abba68 (#7297)
Co-authored-by: BoringSSL Bot <pyca-boringbot@users.noreply.github.com>
Co-authored-by: pyca-boringbot[bot] <106132319+pyca-boringbot[bot]@users.noreply.github.com>
Co-authored-by: BoringSSL Bot <pyca-boringbot@users.noreply.github.com>
* Add `tbs_precertificate_bytes` property
* docs/x509: document `tbs_precertificate_bytes`
Signed-off-by: William Woodruff <william@trailofbits.com>
* tests/x509: add two trivial tests
Signed-off-by: William Woodruff <william@trailofbits.com>
* x509/base: fix lint
Signed-off-by: William Woodruff <william@trailofbits.com>
* oid: add CERTIFICATE_TRANSPARENCY (1.3.6.1.4.1.11129.2.4.4)
Signed-off-by: William Woodruff <william@trailofbits.com>
* hazmat/oid: rehome CERTIFICATE_TRANSPARENCY under ExtendedKeyUsageOID
Signed-off-by: William Woodruff <william@trailofbits.com>
* docs/x509: fix link, help the spellchecker
Signed-off-by: William Woodruff <william@trailofbits.com>
* x509: Raise ValueError when we can't filter SCT list extension
* tests: Expect a `ValueError` when accessing `tbs_precertificate_bytes`
in default example
* tests, vectors: Add TBS precert vector for test comparison
* docs/x509: document the `CERTIFICATE_TRANSPARENCY` OID
Signed-off-by: William Woodruff <william@trailofbits.com>
* docs/x509: elaborate `tbs_precertificate_bytes`
Signed-off-by: William Woodruff <william@trailofbits.com>
* rust/x509: remove unused OID
Signed-off-by: William Woodruff <william@trailofbits.com>
* x509/certificate: tweak error
Signed-off-by: William Woodruff <william@trailofbits.com>
* tests/x509: reorganize
Signed-off-by: William Woodruff <william@trailofbits.com>
* Update src/rust/src/x509/certificate.rs
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* tests/x509: more reorg, rename
Signed-off-by: William Woodruff <william@trailofbits.com>
* docs: document new testvector
Signed-off-by: William Woodruff <william@trailofbits.com>
* docs: coax the spellchecker
Signed-off-by: William Woodruff <william@trailofbits.com>
* tests/x509: use a cert that doesn't require SHA-1
Signed-off-by: William Woodruff <william@trailofbits.com>
* tests/x509: test for no extensions at all
Signed-off-by: William Woodruff <william@trailofbits.com>
Co-authored-by: Alex Cameron <asc@tetsuo.sh>
Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
* always compute coverage data even if CI failed
it's useful to compute coverage data in many cases even if some jobs
failed (most notably flake).
This also adds some more visual flair for success/failure of the sum of
jobs, why not
* don't exit early on error so we can output the step summary
* automate boringssl update PRs
This switches to a GH app + dynamically created token from that app to
auto-submit PRs. We can avoid the app if we want to just use a PAT, but
I don't really love that solution either.
This also uses ls-remote to avoid cloning the entire boring repo, which
is much faster.
* pin directly to hash. apparently dependabot can handle this now?
* limit permissions of the workflow itself
* use refs/heads/master instead of HEAD
* Added more assertions to backend tests
* Update tests/hazmat/backends/test_openssl.py
Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
* Update install docs now that we test on Windows 2022
* Update installation.rst
* Update spelling_wordlist.txt
* Update docs/installation.rst
Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
Co-authored-by: Paul Kehrer <paul.l.kehrer@gmail.com>
