* Update docs and changelog for URI, RFC822Name, and DNSName
As of 2.1 we want users to pass A-label strings, but we still accept
U-label strings and auto-encode on their behalf (with a deprecation
warning). However, we do not return U-label in the value attribute so
we are making a backwards incompatible change for users that utilize
internationalized domain names.
* language updates
* add presentational to the word list
* the linux dictionary is pathetic
* backwards incompatible change to UniformResourceIdentifier
During this release cycle we decided to officially deprecate passing
U-labels to our GeneralName constructors. At first we tried changing
this in a purely backwards compatible way but get_values_for_type made
that untenable. This PR modifies URI to accept two types:
U-label strings (which raises a deprecation warning) and A-label strings
(the new preferred type). There is also a constructor for URI
that bypasses validation so we can parse garbage out of certificates
(and round trip it if necessary)
* nonsense empty commit 2.6 and codecov are the worst
* backwards incompatible change to RFC822Name
During this release cycle we decided to officially deprecate passing
U-labels to our GeneralName constructors. At first we tried changing
this in a purely backwards compatible way but get_values_for_type made
that untenable. This PR modifies RFC822Name to accept two types:
U-label strings (which raises a deprecation warning) and A-label strings
(the new preferred type). There is also a constructor for RFC822Name
that bypasses validation so we can parse garbage out of certificates
(and round trip it if necessary)
* whoops
* Backwards incompatible change to DNSName
During this release cycle we decided to officially deprecate passing
U-labels to our GeneralName constructors. At first we tried changing
this in a purely backwards compatible way but get_values_for_type made
that untenable. This PR modifies DNSName to take three different types.
U-label strings (which raises a deprecation warning), A-label strings
(the new preferred type), and bytes (which are assumed to be decodable
to unicode strings). The latter, while supported, is primarily intended
for use by our parser and allows us to return the actual encoded data in
a certificate even if it has not been properly encoded to A-label before
the certificate is created. (Of course, if the certificate contains
invalid utf8 sequences this will still fail, but let's handle one
catastrophic failure at a time).
* coverage
* don't delete that asterisk from a test. it does things.
* no bytes in DNSName. Private constructor for bypassing validation
* test unicode in dnsname (yuck)
* fix docs
* empty commit, you disappoint me codecov
* CI is the worst
* Add support for AES XTS
We drop the non-byte aligned test vectors because according to NIST
http://csrc.nist.gov/groups/STM/cavp/documents/aes/XTSVS.pdf
"An implementation may support a data unit length that is not a
multiple of 8 bits." OpenSSL does not support this, so we can't
use those test vectors.
* fix docs and pep8
* docs fix
* the spellchecker is so frustrating
* add note about AES 192 for XTS (it's not supported)
* docs work
* enforce key length on ECB mode in AES as well (thanks XTS)
* a few more words about why we exclude some test vectors for XTS
* Expose FIPS funcs for OpenSSL.
* Remove FIPS customization / conditionals.
It seems that the FIPS functions are always defined, regardless of if
the FIPS module is present.
* Do not include FIPS_selftest_check func.
* Libressl does not have FIPS.
* both parse and encode the ASN1 string type for Name attributes
Previously cryptography encoded everything (except country names) as
UTF8String. This caused problems with chain building in libraries like
NSS where the subject and issuer are expected to match byte-for-byte.
With this change we now parse and store the ASN1 string type as a
private _type in NameAttribute. We then use this to encode when issuing
a new certificate. This allows the CertificateBuilder to properly
construct an identical issuer and fixes the issue with NSS.
* make the sentinel private too
* Implement __hash__ on AuthorityKeyIdentifier
* Adding dirname to fix build issue on AuthorityKeyIdentifier test
* .authority_cert_issuer to str
* use a tuple and not a str repr
