pyOpenSSL -- A Python wrapper around the OpenSSL library changelog

Changelog History

Page 1

• v22.1.0 Changes

  September 25, 2022

  Backward-incompatible changes:

  • ✂ Remove support for SSLv2 and SSLv3.
  • 🚀 The minimum cryptography version is now 38.0.x (and we now pin releases against cryptography major versions to prevent future breakage)
  • 🔨 The OpenSSL.crypto.X509StoreContextError exception has been refactored, changing its internal attributes. #1133 <https://github.com/pyca/pyopenssl/pull/1133>_

  🗄 Deprecations: ^{^}

  • 🗄 OpenSSL.SSL.SSLeay_version is deprecated in favor of OpenSSL.SSL.OpenSSL_version. The constants OpenSSL.SSL.SSLEAY_* are deprecated in favor of OpenSSL.SSL.OPENSSL_*.

  🔄 Changes: ^{^}

  • 👌 Add OpenSSL.SSL.Connection.set_verify and OpenSSL.SSL.Connection.get_verify_mode to override the context object's verification flags. #1073 <https://github.com/pyca/pyopenssl/pull/1073>_
  • Add OpenSSL.SSL.Connection.use_certificate and OpenSSL.SSL.Connection.use_privatekey to set a certificate per connection (and not just per context) #1121 <https://github.com/pyca/pyopenssl/pull/1121>_.

• v22.0.0 Changes

  January 29, 2022

  Backward-incompatible changes:

  • ⬇️ Drop support for Python 2.7. #1047 <https://github.com/pyca/pyopenssl/pull/1047>_
  • The minimum cryptography version is now 35.0.

  🗄 Deprecations: ^{^}

  🔄 Changes: ^{^}

  • 🔦 Expose wrappers for some DTLS <https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security>_ primitives. #1026 <https://github.com/pyca/pyopenssl/pull/1026>_

• v21.0.0 Changes

  September 28, 2021

  Backward-incompatible changes:

  • The minimum cryptography version is now 3.3.
  • ⬇️ Drop support for Python 3.5

  🗄 Deprecations: ^{^}

  🔄 Changes: ^{^}

  • Raise an error when an invalid ALPN value is set. #993 <https://github.com/pyca/pyopenssl/pull/993>_
  • Added OpenSSL.SSL.Context.set_min_proto_version and OpenSSL.SSL.Context.set_max_proto_version to set the minimum and maximum supported TLS version #985 <https://github.com/pyca/pyopenssl/pull/985>_.
  • Updated to_cryptography and from_cryptography methods to support an upcoming release of cryptography without raising deprecation warnings. #1030 <https://github.com/pyca/pyopenssl/pull/1030>_

• v20.0.1 Changes

  December 15, 2020

  Backward-incompatible changes:

  🗄 Deprecations: ^{^}

  🔄 Changes: ^{^}

  • 🛠 Fixed compatibility with OpenSSL 1.1.0.

• v20.0.0 Changes

  November 27, 2020

  Backward-incompatible changes:

  • The minimum cryptography version is now 3.2.
  • ✂ Remove deprecated OpenSSL.tsafe module.
  • Removed deprecated OpenSSL.SSL.Context.set_npn_advertise_callback, OpenSSL.SSL.Context.set_npn_select_callback, and OpenSSL.SSL.Connection.get_next_proto_negotiated.
  • ⬇️ Drop support for Python 3.4
  • ⬇️ Drop support for OpenSSL 1.0.1 and 1.0.2

  🗄 Deprecations: ^{^}

  • Deprecated OpenSSL.crypto.loads_pkcs7 and OpenSSL.crypto.loads_pkcs12.

  🔄 Changes: ^{^}

  • ➕ Added a new optional chain parameter to OpenSSL.crypto.X509StoreContext() where additional untrusted certificates can be specified to help chain building. #948 <https://github.com/pyca/pyopenssl/pull/948>_
  • ➕ Added OpenSSL.crypto.X509Store.load_locations to set trusted certificate file bundles and/or directories for verification. #943 <https://github.com/pyca/pyopenssl/pull/943>_
  • Added Context.set_keylog_callback to log key material. #910 <https://github.com/pyca/pyopenssl/pull/910>_
  • Added OpenSSL.SSL.Connection.get_verified_chain to retrieve the verified certificate chain of the peer. #894 <https://github.com/pyca/pyopenssl/pull/894>_.
  • 👉 Make verification callback optional in Context.set_verify. If omitted, OpenSSL's default verification is used. #933 <https://github.com/pyca/pyopenssl/pull/933>_
  • 🛠 Fixed a bug that could truncate or cause a zero-length key error due to a null byte in private key passphrase in OpenSSL.crypto.load_privatekey and OpenSSL.crypto.dump_privatekey. #947 <https://github.com/pyca/pyopenssl/pull/947>_

• v19.1.0 Changes

  November 18, 2019

  Backward-incompatible changes:

  • ✂ Removed deprecated ContextType, ConnectionType, PKeyType, X509NameType, X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, and NetscapeSPKIType aliases. Use the classes without the Type suffix instead. #814 <https://github.com/pyca/pyopenssl/pull/814>_
  • 🍎 The minimum cryptography version is now 2.8 due to issues on macOS with a transitive dependency. #875 <https://github.com/pyca/pyopenssl/pull/875>_

  🗄 Deprecations: ^{^}

  • Deprecated OpenSSL.SSL.Context.set_npn_advertise_callback, OpenSSL.SSL.Context.set_npn_select_callback, and OpenSSL.SSL.Connection.get_next_proto_negotiated. ALPN should be used instead. #820 <https://github.com/pyca/pyopenssl/pull/820>_

  🔄 Changes: ^{^}

  • 👌 Support bytearray in SSL.Connection.send() by using cffi's from_buffer. #852 <https://github.com/pyca/pyopenssl/pull/852>_
  • The OpenSSL.SSL.Context.set_alpn_select_callback can return a new NO_OVERLAPPING_PROTOCOLS sentinel value to allow a TLS handshake to complete without an application protocol.

  ---

• v19.0.0 Changes

  January 21, 2019

  Backward-incompatible changes:

  • X509Store.add_cert no longer raises an error if you add a duplicate cert. #787 <https://github.com/pyca/pyopenssl/pull/787>_

  🗄 Deprecations: ^{^}

  none

  🔄 Changes: ^{^}

  • pyOpenSSL now works with OpenSSL 1.1.1. #805 <https://github.com/pyca/pyopenssl/pull/805>_
  • pyOpenSSL now handles NUL bytes in X509Name.get_components() #804 <https://github.com/pyca/pyopenssl/pull/804>_

  ---

• v18.0.0 Changes

  May 16, 2018

  Backward-incompatible changes:

  • The minimum cryptography version is now 2.2.1.
  • 👌 Support for Python 2.6 has been dropped.

  🗄 Deprecations: ^{^}

  none

  🔄 Changes: ^{^}

  • ➕ Added Connection.get_certificate to retrieve the local certificate. #733 <https://github.com/pyca/pyopenssl/pull/733>_
  • OpenSSL.SSL.Connection now sets SSL_MODE_AUTO_RETRY by default. #753 <https://github.com/pyca/pyopenssl/pull/753>_
  • Added Context.set_tlsext_use_srtp to enable negotiation of SRTP keying material. #734 <https://github.com/pyca/pyopenssl/pull/734>_

  ---

• v17.5.0 Changes

  November 30, 2017

  Backward-incompatible changes:

  • The minimum cryptography version is now 2.1.4.

  🗄 Deprecations: ^{^}

  none

  🔄 Changes: ^{^}

  • 🛠 Fixed a potential use-after-free in the verify callback and resolved a memory leak when loading PKCS12 files with cacerts. #723 <https://github.com/pyca/pyopenssl/pull/723>_
  • Added Connection.export_keying_material for RFC 5705 compatible export of keying material. #725 <https://github.com/pyca/pyopenssl/pull/725>_

  ---

• v17.4.0 Changes

  November 21, 2017

  Backward-incompatible changes:

  none

  🗄 Deprecations: ^{^}

  none

  🔄 Changes: ^{^}

  • Re-added a subset of the OpenSSL.rand module. This subset allows conscientious users to reseed the OpenSSL CSPRNG after fork. #708 <https://github.com/pyca/pyopenssl/pull/708>_
  • 🆓 Corrected a use-after-free when reusing an issuer or subject from an X509 object after the underlying object has been mutated. #709 <https://github.com/pyca/pyopenssl/pull/709>_

  ---

• 1
• 2
• Next ›
• Last »