| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2017-07-11 | [feat] add fallback on trust sources for ssl verification | Kali Kaneko | |
| With the merge of platformTrust in twisted, the situation for cert chain verification in linux improved a lot. This patch implements fallbacks to do the following: - Try to use whatever trust sources are found in the system. This means that if ca-certificates is installed, pyopenssl will have a valid set of root certificates and verification will likely work (twisted uses platformTrust for this). - If that fails, try to use certifi. We could/should depend on that from now on, *but* it's not packaged before stretch. - So, I'm not deprecating its usage right now, but this one should be the last cacert.pem bundle that we ship with leap.common. - If the cacert.pem from leap.common fails to be found, well, there's nothing you can do. Your TOFU attempt with a cert coming from the CArtel will fail. Most of this MR should be sent as a patch upstream, see https://twistedmatrix.com/trac/ticket/6934 Also related: https://twistedmatrix.com/trac/ticket/9209 I think proper testing will depend on merging https://github.com/pyca/pyopenssl/pull/473 - Resolves: #8958 - Release: 0.6.0 | |||
| 2015-11-12 | [style] fix pep8 | Ruben Pollan | |
| 2015-11-11 | [feature] add variable to skip twisted version | Kali Kaneko | |
| 2015-07-28 | [style] more pep8 cleanup | Kali Kaneko | |
| 2015-06-02 | [bug] Use BrowserLikePolicyForHTTPS for checking | Victor Shyba | |
| While testing the way that its implemented now, I found out that no check is being made on certificate attributes against the host. I found this simple way of creating a BrowserLikePolicyForHTTPS using a self signed cert and it worked on my test. I used test_https from Soledad for checking this (which we are fixing on another branch). Also, we don't want to depend on twisted for other things than leap.common.http. | |||
| 2015-05-21 | [bug] get certificate times as UTC, add tests | Ivan Alejandro | |
| The certificate validity times were converted to local time and later on compared with UTC time, which caused the certificate not being updated at the right times. Add tests to be sure this is not happenning again. Add a joint pem file for the existing cert and key files to ease test. - Resolves: #6994 | |||
| 2013-05-29 | change docstring comments to use sphinx style | Kali Kaneko | |
| 2013-03-14 | initial commit | Kali Kaneko | |
 |
index : leap_pycommon.git | |
| [leap_pycommon] | git repository hosting |
| summaryrefslogtreecommitdiff |