Age | Commit message (Collapse) | Author |
|
This commit put those gnupg operations to be run on external threads
limited by the amount of cores present on user machine.
Some gnupg calls spawn processes and communicating to them is a
synchronous operation, so running outside of a reactor should improve
response time by avoiding reactor locking.
|
|
|
|
This commit adapts code to use HTTPClient instead of requests.
requests library receives a certificate as parameter during requests
while HTTPClient recelives a cert only on constructor. In order to have
both types (leap cert and commercial certs) working together we
introduced two clients on constructor.
|
|
Isolate requests lib related code and update docstrings.
|
|
In some cases in the past keys got stored twice in different documents.
Hopefully this issue is solved now, this tries to self-repair the keyring
if encounters that. This is not really solving the problem, if it keeps
happening we need to investigate the source.
- Resolves: #7498
|
|
|
|
|
|
In previous commit 9546348c, the combined bundle ca
was not long enough in scope and was therefore deleted
when it actually was used.
Adopted test to check whether file is deleted.
|
|
Fails if wrong address is passed to the put_key method,
or wrong key is marked as sign_used.
- Related: #7420
|
|
During decryption the signing public key was getting repush with a
different address as part of the verify usage flagging.
- Resolves: https://github.com/pixelated/pixelated-user-agent/issues/466
- Related: #7420
|
|
Fixup for 9546348c36. This problem only occurs in
test setups where '' is passed to ca_cert_path.
|
|
|
|
This is necessary as a fetch by url will talk to remote
sites or, for providers with a commercial cert, with
a cert that had not been signed with the provider CA.
- support lookup of local keys by url for providers
with a commercial cert
- combine ca_bundle with ca_cert_path if specified
- close soledad after each test
|
|
Fixed pep8 warnings to prepare the keymanager for CI
|
|
|
|
* Resolves: #7188
|
|
Nicknym server is authoritative for its own domain, but for others it might
retrieve keys from key servers. On keys from the same domain we set the
validation level to 'Provider Trust'. For other domains in the email
address we set it to 'Weak Chain' as we don't have info about its source.
Resolves: #6815
Related: #6718
Releases: 0.4.0
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Don't throw an exception if verification fails
|
|
|
|
|
|
|
|
|
|
|
|
This is needed to prevent roll back attacks where the attacker push us
to accept a key with an old expiration date that could be use to push an
untrusted key when after it's expiration.
|
|
|
|
binary keys support is still missing
|
|
|
|
|
|
We only need to cache the fetch with a sort timeout. The tests that
fetches keys now have to use different keys or will be cached.
|
|
Never should be done a bulk upload of keys. The updating of the keys
should not be a task for the user of the keymanager. Keys will be updated
by the keymanager in a background worker one per one.
|
|
|
|
Add missing MockSharedDB.
Update Soledad parameters.
|
|
|
|
|
|
|
|
- Move openpgp encrypt/decrypt/sign/verify API to inside OpenPGP class.
- Add encrypt/decrypt/sign/verify API to KeyManager.
- Add possibility of passing custom gpg binary to KeyManager and
OpenPGPScheme.
- Remove "_asym" suffix from method names.
- Bump version to 0.2.1. New API is *not* backwards compatible.
|
|
|