Support for serializing/deserializing public keys #382
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This needs a changelog entry :) |
Current coverage is
|
|
@hynek Thoughts on how to hit that last line of the diff? It's going to be tricky to feed something that will cause |
|
Covering these failure conditionals is hard and we should really do it with a function like openssl_assert in cryptography :) |
|
You can put a pragma no cover on it for now. Also please get rid of those dreadful |
|
Hooray, all green! \o/ |
|
@hynek Done. |
|
Cory, what was the very first review comment by Paul? ;) |
|
@hynek I don't read Paul's comments. ;) |
| """ | ||
| Dump a public key to a buffer. | ||
|
|
||
| :param type: The file type (one of :py:data:`FILETYPE_PEM` or |
|
Updated. |
|
|
||
| :param type: The file type (one of :data:`FILETYPE_PEM`, | ||
| :data:`FILETYPE_ASN1`). | ||
| :param buffer: The buffer the key is stored in. Must be a Python string |
There was a problem hiding this comment.
This si what we have :type buffer: for fine sir :)
|
| :param type: The file type (one of :data:`FILETYPE_PEM` or | ||
| :data:`FILETYPE_ASN1`). | ||
| :param pkey: The PKey to dump. | ||
| :type pkey: :class:`PKey` |
There was a problem hiding this comment.
How about :param PKey pkey: The public key to dump?
:class: is definitely not necessary if you write type markup (and it's only the one type).
|
And updated again. =D |
hynek
added a commit
that referenced
this pull request
Oct 28, 2015
Support for serializing/deserializing public keys
jsonn
referenced
this pull request
in jsonn/pkgsrc
Apr 20, 2016
Changes: 16.0.0 (2016-03-19) ------------------- This is the first release under full stewardship of PyCA. We have made *many* changes to make local development more pleasing. The test suite now passes both on Linux and OS X with OpenSSL 0.9.8, 1.0.1, and 1.0.2. It has been moved to `py.test <https://pytest.org/>`_, all CI test runs are part of `tox <https://testrun.org/tox/>`_ and the source code has been made fully `flake8 <https://flake8.readthedocs.org/>`_ compliant. We hope to have lowered the barrier for contributions significantly but are open to hear about any remaining frustrations. Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Python 3.2 support has been dropped. It never had significant real world usage and has been dropped by our main dependency ``cryptography``. Affected users should upgrade to Python 3.3 or later. Deprecations: ^^^^^^^^^^^^^ - The support for EGD has been removed. The only affected function ``OpenSSL.rand.egd()`` now uses ``os.urandom()`` to seed the internal PRNG instead. Please see `pyca/cryptography#1636 <https://github.com/pyca/cryptography/pull/1636>`_ for more background information on this decision. In accordance with our backward compatibility policy ``OpenSSL.rand.egd()`` will be *removed* no sooner than a year from the release of 16.0.0. Please note that you should `use urandom <http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/>`_ for all your secure random number needs. - Python 2.6 support has been deprecated. Our main dependency ``cryptography`` deprecated 2.6 in version 0.9 (2015-05-14) with no time table for actually dropping it. pyOpenSSL will drop Python 2.6 support once ``cryptography`` does. Changes: ^^^^^^^^ - Fixed ``OpenSSL.SSL.Context.set_session_id``, ``OpenSSL.SSL.Connection.renegotiate``, ``OpenSSL.SSL.Connection.renegotiate_pending``, and ``OpenSSL.SSL.Context.load_client_ca``. They were lacking an implementation since 0.14. `#422 <https://github.com/pyca/pyopenssl/pull/422>`_ - Fixed segmentation fault when using keys larger than 4096-bit to sign data. `#428 <https://github.com/pyca/pyopenssl/pull/428>`_ - Fixed ``AttributeError`` when ``OpenSSL.SSL.Connection.get_app_data()`` was called before setting any app data. `#304 <https://github.com/pyca/pyopenssl/pull/304>`_ - Added ``OpenSSL.crypto.dump_publickey()`` to dump ``OpenSSL.crypto.PKey`` objects that represent public keys, and ``OpenSSL.crypto.load_publickey()`` to load such objects from serialized representations. `#382 <https://github.com/pyca/pyopenssl/pull/382>`_ - Added ``OpenSSL.crypto.dump_crl()`` to dump a certificate revocation list out to a string buffer. `#368 <https://github.com/pyca/pyopenssl/pull/368>`_ - Added ``OpenSSL.SSL.Connection.get_state_string()`` using the OpenSSL binding ``state_string_long``. `#358 <https://github.com/pyca/pyopenssl/pull/358>`_ - Added support for the ``socket.MSG_PEEK`` flag to ``OpenSSL.SSL.Connection.recv()`` and ``OpenSSL.SSL.Connection.recv_into()``. `#294 <https://github.com/pyca/pyopenssl/pull/294>`_ - Added ``OpenSSL.SSL.Connection.get_protocol_version()`` and ``OpenSSL.SSL.Connection.get_protocol_version_name()``. `#244 <https://github.com/pyca/pyopenssl/pull/244>`_ - Switched to ``utf8string`` mask by default. OpenSSL formerly defaulted to a ``T61String`` if there were UTF-8 characters present. This was changed to default to ``UTF8String`` in the config around 2005, but the actual code didn't change it until late last year. This will default us to the setting that actually works. To revert this you can call ``OpenSSL.crypto._lib.ASN1_STRING_set_default_mask_asc(b"default")``. `#234 <https://github.com/pyca/pyopenssl/pull/234>`_
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is needed for HPKP in urllib3, to avoid using lots of cryptography private functions. It also adds symmetry to the equivalent private key functions.