All Versions
16
Latest Version
Avg Release Cycle
143 days
Latest Release
151 days ago

Changelog History
Page 2

  • v17.2.0 Changes

    July 20, 2017

    Backward-incompatible changes:

    none

    ๐Ÿ—„ Deprecations: ^

    • ๐Ÿ—„ Deprecated OpenSSL.rand - callers should use os.urandom() instead. #658 <https://github.com/pyca/pyopenssl/pull/658>_

    ๐Ÿ”„ Changes: ^

    • 0๏ธโƒฃ Fixed a bug causing Context.set_default_verify_paths() to not work with cryptography manylinux1 wheels on Python 3.x. #665 <https://github.com/pyca/pyopenssl/pull/665>_
    • ๐Ÿ›  Fixed a crash with (EC)DSA signatures in some cases. #670 <https://github.com/pyca/pyopenssl/pull/670>_

  • v17.1.0 Changes

    June 30, 2017

    Backward-incompatible changes:

    • โœ‚ Removed the deprecated OpenSSL.rand.egd() function. Applications should prefer os.urandom() for random number generation. #630 <https://github.com/pyca/pyopenssl/pull/630>_
    • โœ‚ Removed the deprecated default digest argument to OpenSSL.crypto.CRL.export(). Callers must now always pass an explicit digest. #652 <https://github.com/pyca/pyopenssl/pull/652>_
    • Fixed a bug with ASN1_TIME casting in X509.set_notBefore(), X509.set_notAfter(), Revoked.set_rev_date(), Revoked.set_nextUpdate(), and Revoked.set_lastUpdate(). You must now pass times in the form YYYYMMDDhhmmssZ. YYYYMMDDhhmmss+hhmm and YYYYMMDDhhmmss-hhmm will no longer work. #612 <https://github.com/pyca/pyopenssl/pull/612>_

    ๐Ÿ—„ Deprecations: ^

    • ๐Ÿ—„ Deprecated the legacy "Type" aliases: ContextType, ConnectionType, PKeyType, X509NameType, X509ExtensionType, X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, NetscapeSPKIType. The names without the "Type"-suffix should be used instead.

    ๐Ÿ”„ Changes: ^

    • Added OpenSSL.crypto.X509.from_cryptography() and OpenSSL.crypto.X509.to_cryptography() for converting X.509 certificate to and from pyca/cryptography objects. #640 <https://github.com/pyca/pyopenssl/pull/640>_
    • Added OpenSSL.crypto.X509Req.from_cryptography(), OpenSSL.crypto.X509Req.to_cryptography(), OpenSSL.crypto.CRL.from_cryptography(), and OpenSSL.crypto.CRL.to_cryptography() for converting X.509 CSRs and CRLs to and from pyca/cryptography objects. #645 <https://github.com/pyca/pyopenssl/pull/645>_
    • โž• Added OpenSSL.debug that allows to get an overview of used library versions (including linked OpenSSL) and other useful runtime information using python -m OpenSSL.debug. #620 <https://github.com/pyca/pyopenssl/pull/620>_
    • 0๏ธโƒฃ Added a fallback path to Context.set_default_verify_paths() to accommodate the upcoming release of cryptography manylinux1 wheels. #633 <https://github.com/pyca/pyopenssl/pull/633>_

  • v17.0.0 Changes

    April 20, 2017

    Backward-incompatible changes:

    none

    ๐Ÿ—„ Deprecations: ^

    none

    ๐Ÿ”„ Changes: ^

    • โž• Added OpenSSL.X509Store.set_time() to set a custom verification time when verifying certificate chains. #567 <https://github.com/pyca/pyopenssl/pull/567>_
    • โž• Added a collection of functions for working with OCSP stapling. None of these functions make it possible to validate OCSP assertions, only to staple them into the handshake and to retrieve the stapled assertion if provided. Users will need to write their own code to handle OCSP assertions. We specifically added: Context.set_ocsp_server_callback(), Context.set_ocsp_client_callback(), and Connection.request_ocsp(). #580 <https://github.com/pyca/pyopenssl/pull/580>_
    • ๐Ÿ”„ Changed the SSL module's memory allocation policy to avoid zeroing memory it allocates when unnecessary. This reduces CPU usage and memory allocation time by an amount proportional to the size of the allocation. For applications that process a lot of TLS data or that use very lage allocations this can provide considerable performance improvements. #578 <https://github.com/pyca/pyopenssl/pull/578>_
    • Automatically set SSL_CTX_set_ecdh_auto() on OpenSSL.SSL.Context. #575 <https://github.com/pyca/pyopenssl/pull/575>_
    • ๐Ÿ›  Fix empty exceptions from OpenSSL.crypto.load_privatekey(). #581 <https://github.com/pyca/pyopenssl/pull/581>_

  • v16.2.0 Changes

    October 15, 2016

    Backward-incompatible changes:

    none

    ๐Ÿ—„ Deprecations: ^

    none

    ๐Ÿ”„ Changes: ^

    • ๐Ÿ›  Fixed compatibility errors with OpenSSL 1.1.0.
    • ๐Ÿ›  Fixed an issue that caused failures with subinterpreters and embedded Pythons. #552 <https://github.com/pyca/pyopenssl/pull/552>_

  • v16.1.0 Changes

    August 26, 2016

    Backward-incompatible changes:

    none

    ๐Ÿ—„ Deprecations: ^

    • โฌ‡๏ธ Dropped support for OpenSSL 0.9.8.

    ๐Ÿ”„ Changes: ^

    • Fix memory leak in OpenSSL.crypto.dump_privatekey() with FILETYPE_TEXT. #496 <https://github.com/pyca/pyopenssl/pull/496>_
    • Enable use of CRL (and more) in verify context. #483 <https://github.com/pyca/pyopenssl/pull/483>_
    • OpenSSL.crypto.PKey can now be constructed from cryptography objects and also exported as such. #439 <https://github.com/pyca/pyopenssl/pull/439>_
    • ๐Ÿ‘Œ Support newer versions of cryptography which use opaque structs for OpenSSL 1.1.0 compatibility.

  • v16.0.0 Changes

    March 19, 2016

    ๐Ÿš€ This is the first release under full stewardship of PyCA. We have made many changes to make local development more pleasing. ๐Ÿง The test suite now passes both on Linux and OS X with OpenSSL 0.9.8, 1.0.1, and 1.0.2. ๐Ÿ‘ท It has been moved to pytest <https://docs.pytest.org/>, all CI test runs are part of tox <https://tox.readthedocs.io/> and the source code has been made fully flake8 <https://flake8.readthedocs.io/>_ compliant.

    We hope to have lowered the barrier for contributions significantly but are open to hear about any remaining frustrations.

    Backward-incompatible changes:

    • ๐Ÿ‘ Python 3.2 support has been dropped. It never had significant real world usage and has been dropped by our main dependency cryptography. Affected users should upgrade to Python 3.3 or later.

    ๐Ÿ—„ Deprecations: ^

    • ๐Ÿšš The support for EGD has been removed. The only affected function OpenSSL.rand.egd() now uses os.urandom() to seed the internal PRNG instead. Please see pyca/cryptography#1636 <https://github.com/pyca/cryptography/pull/1636>_ for more background information on this decision. In accordance with our backward compatibility policy OpenSSL.rand.egd() will be removed no sooner than a year from the release of 16.0.0.

    Please note that you should use urandom <https://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/>_ for all your secure random number needs.

    • ๐Ÿ—„ Python 2.6 support has been deprecated. Our main dependency cryptography deprecated 2.6 in version 0.9 (2015-05-14) with no time table for actually dropping it. pyOpenSSL will drop Python 2.6 support once cryptography does.

    ๐Ÿ”„ Changes: ^

    • Fixed OpenSSL.SSL.Context.set_session_id, OpenSSL.SSL.Connection.renegotiate, OpenSSL.SSL.Connection.renegotiate_pending, and OpenSSL.SSL.Context.load_client_ca. They were lacking an implementation since 0.14. #422 <https://github.com/pyca/pyopenssl/pull/422>_
    • ๐Ÿ›  Fixed segmentation fault when using keys larger than 4096-bit to sign data. #428 <https://github.com/pyca/pyopenssl/pull/428>_
    • Fixed AttributeError when OpenSSL.SSL.Connection.get_app_data() was called before setting any app data. #304 <https://github.com/pyca/pyopenssl/pull/304>_
    • Added OpenSSL.crypto.dump_publickey() to dump OpenSSL.crypto.PKey objects that represent public keys, and OpenSSL.crypto.load_publickey() to load such objects from serialized representations. #382 <https://github.com/pyca/pyopenssl/pull/382>_
    • โž• Added OpenSSL.crypto.dump_crl() to dump a certificate revocation list out to a string buffer. #368 <https://github.com/pyca/pyopenssl/pull/368>_
    • Added OpenSSL.SSL.Connection.get_state_string() using the OpenSSL binding state_string_long. #358 <https://github.com/pyca/pyopenssl/pull/358>_
    • Added support for the socket.MSG_PEEK flag to OpenSSL.SSL.Connection.recv() and OpenSSL.SSL.Connection.recv_into(). #294 <https://github.com/pyca/pyopenssl/pull/294>_
    • Added OpenSSL.SSL.Connection.get_protocol_version() and OpenSSL.SSL.Connection.get_protocol_version_name(). #244 <https://github.com/pyca/pyopenssl/pull/244>_
    • 0๏ธโƒฃ Switched to utf8string mask by default. OpenSSL formerly defaulted to a T61String if there were UTF-8 characters present. This was changed to default to UTF8String in the config around 2005, but the actual code didn't change it until late last year. This will default us to the setting that actually works. To revert this you can call OpenSSL.crypto._lib.ASN1_STRING_set_default_mask_asc(b"default"). #234 <https://github.com/pyca/pyopenssl/pull/234>_

    Older Changelog Entries

    The changes from before release 16.0.0 are preserved in the repository <https://github.com/pyca/pyopenssl/blob/master/doc/ChangeLog_old.txt>_.