All Versions
14
Latest Version
Avg Release Cycle
133 days
Latest Release
313 days ago
Changelog History
Page 1
Changelog History
Page 1
-
v20.0.1 Changes
December 15, 2020Backward-incompatible changes:
๐ Deprecations: ^
๐ Changes: ^
- ๐ Fixed compatibility with OpenSSL 1.1.0.
-
v20.0.0 Changes
November 27, 2020Backward-incompatible changes:
- The minimum
cryptographyversion is now 3.2. - โ Remove deprecated
OpenSSL.tsafemodule. - Removed deprecated
OpenSSL.SSL.Context.set_npn_advertise_callback,OpenSSL.SSL.Context.set_npn_select_callback, andOpenSSL.SSL.Connection.get_next_proto_negotiated. - โฌ๏ธ Drop support for Python 3.4
- โฌ๏ธ Drop support for OpenSSL 1.0.1 and 1.0.2
๐ Deprecations: ^
- Deprecated
OpenSSL.crypto.loads_pkcs7andOpenSSL.crypto.loads_pkcs12.
๐ Changes: ^
- โ Added a new optional
chainparameter toOpenSSL.crypto.X509StoreContext()where additional untrusted certificates can be specified to help chain building.#948 <https://github.com/pyca/pyopenssl/pull/948>_ - โ Added
OpenSSL.crypto.X509Store.load_locationsto set trusted certificate file bundles and/or directories for verification.#943 <https://github.com/pyca/pyopenssl/pull/943>_ - Added
Context.set_keylog_callbackto log key material.#910 <https://github.com/pyca/pyopenssl/pull/910>_ - Added
OpenSSL.SSL.Connection.get_verified_chainto retrieve the verified certificate chain of the peer.#894 <https://github.com/pyca/pyopenssl/pull/894>_. - ๐ Make verification callback optional in
Context.set_verify. If omitted, OpenSSL's default verification is used.#933 <https://github.com/pyca/pyopenssl/pull/933>_ - ๐ Fixed a bug that could truncate or cause a zero-length key error due to a
null byte in private key passphrase in
OpenSSL.crypto.load_privatekeyandOpenSSL.crypto.dump_privatekey.#947 <https://github.com/pyca/pyopenssl/pull/947>_
- The minimum
-
v19.1.0 Changes
November 18, 2019Backward-incompatible changes:
- โ Removed deprecated
ContextType,ConnectionType,PKeyType,X509NameType,X509ReqType,X509Type,X509StoreType,CRLType,PKCS7Type,PKCS12Type, andNetscapeSPKITypealiases. Use the classes without theTypesuffix instead.#814 <https://github.com/pyca/pyopenssl/pull/814>_ - ๐ The minimum
cryptographyversion is now 2.8 due to issues on macOS with a transitive dependency.#875 <https://github.com/pyca/pyopenssl/pull/875>_
๐ Deprecations: ^
- Deprecated
OpenSSL.SSL.Context.set_npn_advertise_callback,OpenSSL.SSL.Context.set_npn_select_callback, andOpenSSL.SSL.Connection.get_next_proto_negotiated. ALPN should be used instead.#820 <https://github.com/pyca/pyopenssl/pull/820>_
๐ Changes: ^
- ๐ Support
bytearrayinSSL.Connection.send()by using cffi's from_buffer.#852 <https://github.com/pyca/pyopenssl/pull/852>_ - The
OpenSSL.SSL.Context.set_alpn_select_callbackcan return a newNO_OVERLAPPING_PROTOCOLSsentinel value to allow a TLS handshake to complete without an application protocol.
- โ Removed deprecated
-
v19.0.0 Changes
January 21, 2019Backward-incompatible changes:
X509Store.add_certno longer raises an error if you add a duplicate cert.#787 <https://github.com/pyca/pyopenssl/pull/787>_
๐ Deprecations: ^
none
๐ Changes: ^
- pyOpenSSL now works with OpenSSL 1.1.1.
#805 <https://github.com/pyca/pyopenssl/pull/805>_ - pyOpenSSL now handles NUL bytes in
X509Name.get_components()#804 <https://github.com/pyca/pyopenssl/pull/804>_
-
v18.0.0 Changes
May 16, 2018Backward-incompatible changes:
- The minimum
cryptographyversion is now 2.2.1. - ๐ Support for Python 2.6 has been dropped.
๐ Deprecations: ^
none
๐ Changes: ^
- โ Added
Connection.get_certificateto retrieve the local certificate.#733 <https://github.com/pyca/pyopenssl/pull/733>_ OpenSSL.SSL.Connectionnow setsSSL_MODE_AUTO_RETRYby default.#753 <https://github.com/pyca/pyopenssl/pull/753>_- Added
Context.set_tlsext_use_srtpto enable negotiation of SRTP keying material.#734 <https://github.com/pyca/pyopenssl/pull/734>_
- The minimum
-
v17.5.0 Changes
November 30, 2017Backward-incompatible changes:
- The minimum
cryptographyversion is now 2.1.4.
๐ Deprecations: ^
none
๐ Changes: ^
- ๐ Fixed a potential use-after-free in the verify callback and resolved a memory leak when loading PKCS12 files with
cacerts.#723 <https://github.com/pyca/pyopenssl/pull/723>_ - Added
Connection.export_keying_materialfor RFC 5705 compatible export of keying material.#725 <https://github.com/pyca/pyopenssl/pull/725>_
- The minimum
-
v17.4.0 Changes
November 21, 2017Backward-incompatible changes:
none
๐ Deprecations: ^
none
๐ Changes: ^
- Re-added a subset of the
OpenSSL.randmodule. This subset allows conscientious users to reseed the OpenSSL CSPRNG after fork.#708 <https://github.com/pyca/pyopenssl/pull/708>_ - ๐ Corrected a use-after-free when reusing an issuer or subject from an
X509object after the underlying object has been mutated.#709 <https://github.com/pyca/pyopenssl/pull/709>_
- Re-added a subset of the
-
v17.3.0 Changes
September 14, 2017Backward-incompatible changes:
- โฌ๏ธ Dropped support for Python 3.3.
#677 <https://github.com/pyca/pyopenssl/pull/677>_ - โ Removed the deprecated
OpenSSL.randmodule. This is being done ahead of our normal deprecation schedule due to its lack of use and the fact that it was becoming a maintenance burden.os.urandom()should be used instead.#675 <https://github.com/pyca/pyopenssl/pull/675>_
๐ Deprecations: ^
- ๐ Deprecated
OpenSSL.tsafe.#673 <https://github.com/pyca/pyopenssl/pull/673>_
๐ Changes: ^
- ๐ Fixed a memory leak in
OpenSSL.crypto.CRL.#690 <https://github.com/pyca/pyopenssl/pull/690>_ - ๐ Fixed a memory leak when verifying certificates with
OpenSSL.crypto.X509StoreContext.#691 <https://github.com/pyca/pyopenssl/pull/691>_
- โฌ๏ธ Dropped support for Python 3.3.
-
v17.2.0 Changes
July 20, 2017Backward-incompatible changes:
none
๐ Deprecations: ^
- ๐ Deprecated
OpenSSL.rand- callers should useos.urandom()instead.#658 <https://github.com/pyca/pyopenssl/pull/658>_
๐ Changes: ^
- 0๏ธโฃ Fixed a bug causing
Context.set_default_verify_paths()to not work with cryptographymanylinux1wheels on Python 3.x.#665 <https://github.com/pyca/pyopenssl/pull/665>_ - ๐ Fixed a crash with (EC)DSA signatures in some cases.
#670 <https://github.com/pyca/pyopenssl/pull/670>_
- ๐ Deprecated
-
v17.1.0 Changes
June 30, 2017Backward-incompatible changes:
- โ Removed the deprecated
OpenSSL.rand.egd()function. Applications should preferos.urandom()for random number generation.#630 <https://github.com/pyca/pyopenssl/pull/630>_ - โ Removed the deprecated default
digestargument toOpenSSL.crypto.CRL.export(). Callers must now always pass an explicitdigest.#652 <https://github.com/pyca/pyopenssl/pull/652>_ - Fixed a bug with
ASN1_TIMEcasting inX509.set_notBefore(),X509.set_notAfter(),Revoked.set_rev_date(),Revoked.set_nextUpdate(), andRevoked.set_lastUpdate(). You must now pass times in the formYYYYMMDDhhmmssZ.YYYYMMDDhhmmss+hhmmandYYYYMMDDhhmmss-hhmmwill no longer work.#612 <https://github.com/pyca/pyopenssl/pull/612>_
๐ Deprecations: ^
- ๐ Deprecated the legacy "Type" aliases:
ContextType,ConnectionType,PKeyType,X509NameType,X509ExtensionType,X509ReqType,X509Type,X509StoreType,CRLType,PKCS7Type,PKCS12Type,NetscapeSPKIType. The names without the "Type"-suffix should be used instead.
๐ Changes: ^
- Added
OpenSSL.crypto.X509.from_cryptography()andOpenSSL.crypto.X509.to_cryptography()for converting X.509 certificate to and from pyca/cryptography objects.#640 <https://github.com/pyca/pyopenssl/pull/640>_ - Added
OpenSSL.crypto.X509Req.from_cryptography(),OpenSSL.crypto.X509Req.to_cryptography(),OpenSSL.crypto.CRL.from_cryptography(), andOpenSSL.crypto.CRL.to_cryptography()for converting X.509 CSRs and CRLs to and from pyca/cryptography objects.#645 <https://github.com/pyca/pyopenssl/pull/645>_ - โ Added
OpenSSL.debugthat allows to get an overview of used library versions (including linked OpenSSL) and other useful runtime information usingpython -m OpenSSL.debug.#620 <https://github.com/pyca/pyopenssl/pull/620>_ - 0๏ธโฃ Added a fallback path to
Context.set_default_verify_paths()to accommodate the upcoming release ofcryptographymanylinux1wheels.#633 <https://github.com/pyca/pyopenssl/pull/633>_
- โ Removed the deprecated