saymrwulf/cryptography
1
0
Fork 0
mirror of https://github.com/saymrwulf/cryptography.git synced 2026-05-14 20:37:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
cryptography/docs
History
William Woodruff 4a3e7dcc97
verification: client verification APIs (#10345) 
* verification: WIP client verification skeleton

Signed-off-by: William Woodruff <william@yossarian.net>

* verify: fill in build_client_verifier

Signed-off-by: William Woodruff <william@yossarian.net>

* implement ClientVerifier.verify

Signed-off-by: William Woodruff <william@yossarian.net>

* verification: make Python 3.8 happy

Signed-off-by: William Woodruff <william@yossarian.net>

* switch to a full VerifiedClient type

Signed-off-by: William Woodruff <william@yossarian.net>

* remove the SubjectOwner::None hack

Signed-off-by: William Woodruff <william@yossarian.net>

* docs: fix ClientVerifier

Signed-off-by: William Woodruff <william@yossarian.net>

* verification: replace match with if

Signed-off-by: William Woodruff <william@yossarian.net>

* return GNs directly, not whole extension

Signed-off-by: William Woodruff <william@yossarian.net>

* docs/verification: document UnsupportedGeneralNameType raise

Signed-off-by: William Woodruff <william@yossarian.net>

* lib: RFC822 checks on NCs

* test_limbo: enable client tests

* tests: flake

* test_verification: more Python API coverage

* verification: filter GNs by NC support

* verification: forbid unsupported NC GNs

This is what we should have been doing originally, per
RFC 5280 4.2.1.10:

> If a name constraints extension that is marked as critical
> imposes constraints on a particular name form, and an instance of
> that name form appears in the subject field or subjectAltName
> extension of a subsequent certificate, then the application MUST
> either process the constraint or reject the certificate.

* docs/verification: remove old sentence

Signed-off-by: William Woodruff <william@yossarian.net>

* verification: ensure the right EKU for client/server paths

Signed-off-by: William Woodruff <william@yossarian.net>

* test_limbo: fixup EKU assertion

* verification: feedback

---------

Signed-off-by: William Woodruff <william@yossarian.net>
2024-03-20 21:00:00 -04:00
..
_ext
_static
development Updates for ruff 0.3.1 (#10548) 2024-03-07 10:57:37 -08:00
hazmat Support for ECDSA deterministic signing (RFC 6979) (#10369) 2024-02-26 19:13:47 +00:00
x509 verification: client verification APIs (#10345) 2024-03-20 21:00:00 -04:00
api-stability.rst document that we raise CryptographyDeprecationWarning on deprecation more clearly (#10053) 2023-12-23 14:48:55 -05:00
changelog.rst
community.rst
conf.py Bump copyright years (#10101) 2024-01-01 07:32:57 -03:00
doing-a-release.rst Update various links in the docs for permanent redirects (#10109) 2024-01-02 21:00:20 -03:00
exceptions.rst
faq.rst Remove FAQ that's no longer up to date (#9484) 2023-08-22 07:05:13 -07:00
fernet.rst
glossary.rst Added support for handling python buffers in Rust code (#8556) 2023-03-21 08:16:53 +08:00
index.rst add decrepit namespace and put SEED, IDEA, Blowfish, and CAST5 in it (#10284) 2024-01-28 17:34:33 -05:00
installation.rst Raise MSRV to 1.65 (#10481) 2024-02-25 23:04:40 +00:00
limitations.rst
make.bat
Makefile
openssl.rst drop support for openssl < 1.1.1d (#8449) 2023-03-24 08:36:58 -04:00
random-numbers.rst remove out of date details in random numbers docs (#8482) 2023-03-10 05:19:39 +08:00
security.rst fixes #9048 -- document where to find known vulnerabilities (#9055) 2023-06-10 14:12:44 -06:00
spelling_wordlist.txt add some more EC vectors (#10134) 2024-01-05 18:03:57 +00:00