All Versions
17
Latest Version
Avg Release Cycle
149 days
Latest Release
743 days ago

Changelog History
Page 1

  • v22.1.0 Changes

    September 25, 2022

    Backward-incompatible changes:

    • โœ‚ Remove support for SSLv2 and SSLv3.
    • ๐Ÿš€ The minimum cryptography version is now 38.0.x (and we now pin releases against cryptography major versions to prevent future breakage)
    • ๐Ÿ”จ The OpenSSL.crypto.X509StoreContextError exception has been refactored, changing its internal attributes. #1133 <https://github.com/pyca/pyopenssl/pull/1133>_

    ๐Ÿ—„ Deprecations: ^

    • ๐Ÿ—„ OpenSSL.SSL.SSLeay_version is deprecated in favor of OpenSSL.SSL.OpenSSL_version. The constants OpenSSL.SSL.SSLEAY_* are deprecated in favor of OpenSSL.SSL.OPENSSL_*.

    ๐Ÿ”„ Changes: ^

    • ๐Ÿ‘Œ Add OpenSSL.SSL.Connection.set_verify and OpenSSL.SSL.Connection.get_verify_mode to override the context object's verification flags. #1073 <https://github.com/pyca/pyopenssl/pull/1073>_
    • Add OpenSSL.SSL.Connection.use_certificate and OpenSSL.SSL.Connection.use_privatekey to set a certificate per connection (and not just per context) #1121 <https://github.com/pyca/pyopenssl/pull/1121>_.
  • v22.0.0 Changes

    January 29, 2022

    Backward-incompatible changes:

    • โฌ‡๏ธ Drop support for Python 2.7. #1047 <https://github.com/pyca/pyopenssl/pull/1047>_
    • The minimum cryptography version is now 35.0.

    ๐Ÿ—„ Deprecations: ^

    ๐Ÿ”„ Changes: ^

    • ๐Ÿ”ฆ Expose wrappers for some DTLS <https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security>_ primitives. #1026 <https://github.com/pyca/pyopenssl/pull/1026>_
  • v21.0.0 Changes

    September 28, 2021

    Backward-incompatible changes:

    • The minimum cryptography version is now 3.3.
    • โฌ‡๏ธ Drop support for Python 3.5

    ๐Ÿ—„ Deprecations: ^

    ๐Ÿ”„ Changes: ^

    • Raise an error when an invalid ALPN value is set. #993 <https://github.com/pyca/pyopenssl/pull/993>_
    • Added OpenSSL.SSL.Context.set_min_proto_version and OpenSSL.SSL.Context.set_max_proto_version to set the minimum and maximum supported TLS version #985 <https://github.com/pyca/pyopenssl/pull/985>_.
    • Updated to_cryptography and from_cryptography methods to support an upcoming release of cryptography without raising deprecation warnings. #1030 <https://github.com/pyca/pyopenssl/pull/1030>_
  • v20.0.1 Changes

    December 15, 2020

    Backward-incompatible changes:

    ๐Ÿ—„ Deprecations: ^

    ๐Ÿ”„ Changes: ^

    • ๐Ÿ›  Fixed compatibility with OpenSSL 1.1.0.
  • v20.0.0 Changes

    November 27, 2020

    Backward-incompatible changes:

    • The minimum cryptography version is now 3.2.
    • โœ‚ Remove deprecated OpenSSL.tsafe module.
    • Removed deprecated OpenSSL.SSL.Context.set_npn_advertise_callback, OpenSSL.SSL.Context.set_npn_select_callback, and OpenSSL.SSL.Connection.get_next_proto_negotiated.
    • โฌ‡๏ธ Drop support for Python 3.4
    • โฌ‡๏ธ Drop support for OpenSSL 1.0.1 and 1.0.2

    ๐Ÿ—„ Deprecations: ^

    • Deprecated OpenSSL.crypto.loads_pkcs7 and OpenSSL.crypto.loads_pkcs12.

    ๐Ÿ”„ Changes: ^

    • โž• Added a new optional chain parameter to OpenSSL.crypto.X509StoreContext() where additional untrusted certificates can be specified to help chain building. #948 <https://github.com/pyca/pyopenssl/pull/948>_
    • โž• Added OpenSSL.crypto.X509Store.load_locations to set trusted certificate file bundles and/or directories for verification. #943 <https://github.com/pyca/pyopenssl/pull/943>_
    • Added Context.set_keylog_callback to log key material. #910 <https://github.com/pyca/pyopenssl/pull/910>_
    • Added OpenSSL.SSL.Connection.get_verified_chain to retrieve the verified certificate chain of the peer. #894 <https://github.com/pyca/pyopenssl/pull/894>_.
    • ๐Ÿ‘‰ Make verification callback optional in Context.set_verify. If omitted, OpenSSL's default verification is used. #933 <https://github.com/pyca/pyopenssl/pull/933>_
    • ๐Ÿ›  Fixed a bug that could truncate or cause a zero-length key error due to a null byte in private key passphrase in OpenSSL.crypto.load_privatekey and OpenSSL.crypto.dump_privatekey. #947 <https://github.com/pyca/pyopenssl/pull/947>_
  • v19.1.0 Changes

    November 18, 2019

    Backward-incompatible changes:

    • โœ‚ Removed deprecated ContextType, ConnectionType, PKeyType, X509NameType, X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, and NetscapeSPKIType aliases. Use the classes without the Type suffix instead. #814 <https://github.com/pyca/pyopenssl/pull/814>_
    • ๐ŸŽ The minimum cryptography version is now 2.8 due to issues on macOS with a transitive dependency. #875 <https://github.com/pyca/pyopenssl/pull/875>_

    ๐Ÿ—„ Deprecations: ^

    • Deprecated OpenSSL.SSL.Context.set_npn_advertise_callback, OpenSSL.SSL.Context.set_npn_select_callback, and OpenSSL.SSL.Connection.get_next_proto_negotiated. ALPN should be used instead. #820 <https://github.com/pyca/pyopenssl/pull/820>_

    ๐Ÿ”„ Changes: ^

    • ๐Ÿ‘Œ Support bytearray in SSL.Connection.send() by using cffi's from_buffer. #852 <https://github.com/pyca/pyopenssl/pull/852>_
    • The OpenSSL.SSL.Context.set_alpn_select_callback can return a new NO_OVERLAPPING_PROTOCOLS sentinel value to allow a TLS handshake to complete without an application protocol.

  • v19.0.0 Changes

    January 21, 2019

    Backward-incompatible changes:

    • X509Store.add_cert no longer raises an error if you add a duplicate cert. #787 <https://github.com/pyca/pyopenssl/pull/787>_

    ๐Ÿ—„ Deprecations: ^

    none

    ๐Ÿ”„ Changes: ^

    • pyOpenSSL now works with OpenSSL 1.1.1. #805 <https://github.com/pyca/pyopenssl/pull/805>_
    • pyOpenSSL now handles NUL bytes in X509Name.get_components() #804 <https://github.com/pyca/pyopenssl/pull/804>_

  • v18.0.0 Changes

    May 16, 2018

    Backward-incompatible changes:

    • The minimum cryptography version is now 2.2.1.
    • ๐Ÿ‘Œ Support for Python 2.6 has been dropped.

    ๐Ÿ—„ Deprecations: ^

    none

    ๐Ÿ”„ Changes: ^

    • โž• Added Connection.get_certificate to retrieve the local certificate. #733 <https://github.com/pyca/pyopenssl/pull/733>_
    • OpenSSL.SSL.Connection now sets SSL_MODE_AUTO_RETRY by default. #753 <https://github.com/pyca/pyopenssl/pull/753>_
    • Added Context.set_tlsext_use_srtp to enable negotiation of SRTP keying material. #734 <https://github.com/pyca/pyopenssl/pull/734>_

  • v17.5.0 Changes

    November 30, 2017

    Backward-incompatible changes:

    • The minimum cryptography version is now 2.1.4.

    ๐Ÿ—„ Deprecations: ^

    none

    ๐Ÿ”„ Changes: ^

    • ๐Ÿ›  Fixed a potential use-after-free in the verify callback and resolved a memory leak when loading PKCS12 files with cacerts. #723 <https://github.com/pyca/pyopenssl/pull/723>_
    • Added Connection.export_keying_material for RFC 5705 compatible export of keying material. #725 <https://github.com/pyca/pyopenssl/pull/725>_

  • v17.4.0 Changes

    November 21, 2017

    Backward-incompatible changes:

    none

    ๐Ÿ—„ Deprecations: ^

    none

    ๐Ÿ”„ Changes: ^

    • Re-added a subset of the OpenSSL.rand module. This subset allows conscientious users to reseed the OpenSSL CSPRNG after fork. #708 <https://github.com/pyca/pyopenssl/pull/708>_
    • ๐Ÿ†“ Corrected a use-after-free when reusing an issuer or subject from an X509 object after the underlying object has been mutated. #709 <https://github.com/pyca/pyopenssl/pull/709>_