saymrwulf/cryptography
1
0
Fork 0
mirror of https://github.com/saymrwulf/cryptography.git synced 2026-05-14 20:37:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
cryptography/tests
History
William Woodruff 4a3e7dcc97
verification: client verification APIs (#10345) 
* verification: WIP client verification skeleton

Signed-off-by: William Woodruff <william@yossarian.net>

* verify: fill in build_client_verifier

Signed-off-by: William Woodruff <william@yossarian.net>

* implement ClientVerifier.verify

Signed-off-by: William Woodruff <william@yossarian.net>

* verification: make Python 3.8 happy

Signed-off-by: William Woodruff <william@yossarian.net>

* switch to a full VerifiedClient type

Signed-off-by: William Woodruff <william@yossarian.net>

* remove the SubjectOwner::None hack

Signed-off-by: William Woodruff <william@yossarian.net>

* docs: fix ClientVerifier

Signed-off-by: William Woodruff <william@yossarian.net>

* verification: replace match with if

Signed-off-by: William Woodruff <william@yossarian.net>

* return GNs directly, not whole extension

Signed-off-by: William Woodruff <william@yossarian.net>

* docs/verification: document UnsupportedGeneralNameType raise

Signed-off-by: William Woodruff <william@yossarian.net>

* lib: RFC822 checks on NCs

* test_limbo: enable client tests

* tests: flake

* test_verification: more Python API coverage

* verification: filter GNs by NC support

* verification: forbid unsupported NC GNs

This is what we should have been doing originally, per
RFC 5280 4.2.1.10:

> If a name constraints extension that is marked as critical
> imposes constraints on a particular name form, and an instance of
> that name form appears in the subject field or subjectAltName
> extension of a subsequent certificate, then the application MUST
> either process the constraint or reject the certificate.

* docs/verification: remove old sentence

Signed-off-by: William Woodruff <william@yossarian.net>

* verification: ensure the right EKU for client/server paths

Signed-off-by: William Woodruff <william@yossarian.net>

* test_limbo: fixup EKU assertion

* verification: feedback

---------

Signed-off-by: William Woodruff <william@yossarian.net>
2024-03-20 21:00:00 -04:00
..
bench fix a typo in a benchmark name (#10122) 2024-01-04 00:55:02 +00:00
hazmat Additional type asserts for latest mypy (#10560) 2024-03-09 17:24:00 -06:00
wycheproof Updates for ruff 0.3.1 (#10548) 2024-03-07 10:57:37 -08:00
x509 verification: client verification APIs (#10345) 2024-03-20 21:00:00 -04:00
__init__.py
conftest.py tests, ci: plumb x509-limbo-root (#9871) 2023-11-13 19:48:28 +00:00
deprecated_module.py refactor utils.deprecated to be more mypy friendly (#6923) 2022-03-03 03:46:30 +08:00
doubles.py type a test double (#6723) 2021-12-21 21:10:54 -05:00
test_cryptography_utils.py Update CI for py3.11 release (#7743) 2022-10-26 14:44:03 +09:00
test_fernet.py Upgraded version of ruff (#10509) 2024-02-29 17:54:19 +00:00
test_meta.py add some more mypy flags (#6751) 2021-12-23 07:55:23 -05:00
test_utils.py Switch from flake8 to ruff (#7920) 2022-12-21 09:44:47 +07:00
test_warnings.py refactor utils.deprecated to be more mypy friendly (#6923) 2022-03-03 03:46:30 +08:00
utils.py Support for ECDSA deterministic signing (RFC 6979) (#10369) 2024-02-26 19:13:47 +00:00