All Versions
17
Latest Version
Avg Release Cycle
149 days
Latest Release
743 days ago
Changelog History
Page 1
Changelog History
Page 1
-
v22.1.0 Changes
September 25, 2022Backward-incompatible changes:
- โ Remove support for SSLv2 and SSLv3.
- ๐ The minimum
cryptography
version is now 38.0.x (and we now pin releases againstcryptography
major versions to prevent future breakage) - ๐จ The
OpenSSL.crypto.X509StoreContextError
exception has been refactored, changing its internal attributes.#1133 <https://github.com/pyca/pyopenssl/pull/1133>
_
๐ Deprecations: ^
- ๐
OpenSSL.SSL.SSLeay_version
is deprecated in favor ofOpenSSL.SSL.OpenSSL_version
. The constantsOpenSSL.SSL.SSLEAY_*
are deprecated in favor ofOpenSSL.SSL.OPENSSL_*
.
๐ Changes: ^
- ๐ Add
OpenSSL.SSL.Connection.set_verify
andOpenSSL.SSL.Connection.get_verify_mode
to override the context object's verification flags.#1073 <https://github.com/pyca/pyopenssl/pull/1073>
_ - Add
OpenSSL.SSL.Connection.use_certificate
andOpenSSL.SSL.Connection.use_privatekey
to set a certificate per connection (and not just per context)#1121 <https://github.com/pyca/pyopenssl/pull/1121>
_.
-
v22.0.0 Changes
January 29, 2022Backward-incompatible changes:
- โฌ๏ธ Drop support for Python 2.7.
#1047 <https://github.com/pyca/pyopenssl/pull/1047>
_ - The minimum
cryptography
version is now 35.0.
๐ Deprecations: ^
๐ Changes: ^
- ๐ฆ Expose wrappers for some
DTLS <https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security>
_ primitives.#1026 <https://github.com/pyca/pyopenssl/pull/1026>
_
- โฌ๏ธ Drop support for Python 2.7.
-
v21.0.0 Changes
September 28, 2021Backward-incompatible changes:
- The minimum
cryptography
version is now 3.3. - โฌ๏ธ Drop support for Python 3.5
๐ Deprecations: ^
๐ Changes: ^
- Raise an error when an invalid ALPN value is set.
#993 <https://github.com/pyca/pyopenssl/pull/993>
_ - Added
OpenSSL.SSL.Context.set_min_proto_version
andOpenSSL.SSL.Context.set_max_proto_version
to set the minimum and maximum supported TLS version#985 <https://github.com/pyca/pyopenssl/pull/985>
_. - Updated
to_cryptography
andfrom_cryptography
methods to support an upcoming release ofcryptography
without raising deprecation warnings.#1030 <https://github.com/pyca/pyopenssl/pull/1030>
_
- The minimum
-
v20.0.1 Changes
December 15, 2020Backward-incompatible changes:
๐ Deprecations: ^
๐ Changes: ^
- ๐ Fixed compatibility with OpenSSL 1.1.0.
-
v20.0.0 Changes
November 27, 2020Backward-incompatible changes:
- The minimum
cryptography
version is now 3.2. - โ Remove deprecated
OpenSSL.tsafe
module. - Removed deprecated
OpenSSL.SSL.Context.set_npn_advertise_callback
,OpenSSL.SSL.Context.set_npn_select_callback
, andOpenSSL.SSL.Connection.get_next_proto_negotiated
. - โฌ๏ธ Drop support for Python 3.4
- โฌ๏ธ Drop support for OpenSSL 1.0.1 and 1.0.2
๐ Deprecations: ^
- Deprecated
OpenSSL.crypto.loads_pkcs7
andOpenSSL.crypto.loads_pkcs12
.
๐ Changes: ^
- โ Added a new optional
chain
parameter toOpenSSL.crypto.X509StoreContext()
where additional untrusted certificates can be specified to help chain building.#948 <https://github.com/pyca/pyopenssl/pull/948>
_ - โ Added
OpenSSL.crypto.X509Store.load_locations
to set trusted certificate file bundles and/or directories for verification.#943 <https://github.com/pyca/pyopenssl/pull/943>
_ - Added
Context.set_keylog_callback
to log key material.#910 <https://github.com/pyca/pyopenssl/pull/910>
_ - Added
OpenSSL.SSL.Connection.get_verified_chain
to retrieve the verified certificate chain of the peer.#894 <https://github.com/pyca/pyopenssl/pull/894>
_. - ๐ Make verification callback optional in
Context.set_verify
. If omitted, OpenSSL's default verification is used.#933 <https://github.com/pyca/pyopenssl/pull/933>
_ - ๐ Fixed a bug that could truncate or cause a zero-length key error due to a
null byte in private key passphrase in
OpenSSL.crypto.load_privatekey
andOpenSSL.crypto.dump_privatekey
.#947 <https://github.com/pyca/pyopenssl/pull/947>
_
- The minimum
-
v19.1.0 Changes
November 18, 2019Backward-incompatible changes:
- โ Removed deprecated
ContextType
,ConnectionType
,PKeyType
,X509NameType
,X509ReqType
,X509Type
,X509StoreType
,CRLType
,PKCS7Type
,PKCS12Type
, andNetscapeSPKIType
aliases. Use the classes without theType
suffix instead.#814 <https://github.com/pyca/pyopenssl/pull/814>
_ - ๐ The minimum
cryptography
version is now 2.8 due to issues on macOS with a transitive dependency.#875 <https://github.com/pyca/pyopenssl/pull/875>
_
๐ Deprecations: ^
- Deprecated
OpenSSL.SSL.Context.set_npn_advertise_callback
,OpenSSL.SSL.Context.set_npn_select_callback
, andOpenSSL.SSL.Connection.get_next_proto_negotiated
. ALPN should be used instead.#820 <https://github.com/pyca/pyopenssl/pull/820>
_
๐ Changes: ^
- ๐ Support
bytearray
inSSL.Connection.send()
by using cffi's from_buffer.#852 <https://github.com/pyca/pyopenssl/pull/852>
_ - The
OpenSSL.SSL.Context.set_alpn_select_callback
can return a newNO_OVERLAPPING_PROTOCOLS
sentinel value to allow a TLS handshake to complete without an application protocol.
- โ Removed deprecated
-
v19.0.0 Changes
January 21, 2019Backward-incompatible changes:
X509Store.add_cert
no longer raises an error if you add a duplicate cert.#787 <https://github.com/pyca/pyopenssl/pull/787>
_
๐ Deprecations: ^
none
๐ Changes: ^
- pyOpenSSL now works with OpenSSL 1.1.1.
#805 <https://github.com/pyca/pyopenssl/pull/805>
_ - pyOpenSSL now handles NUL bytes in
X509Name.get_components()
#804 <https://github.com/pyca/pyopenssl/pull/804>
_
-
v18.0.0 Changes
May 16, 2018Backward-incompatible changes:
- The minimum
cryptography
version is now 2.2.1. - ๐ Support for Python 2.6 has been dropped.
๐ Deprecations: ^
none
๐ Changes: ^
- โ Added
Connection.get_certificate
to retrieve the local certificate.#733 <https://github.com/pyca/pyopenssl/pull/733>
_ OpenSSL.SSL.Connection
now setsSSL_MODE_AUTO_RETRY
by default.#753 <https://github.com/pyca/pyopenssl/pull/753>
_- Added
Context.set_tlsext_use_srtp
to enable negotiation of SRTP keying material.#734 <https://github.com/pyca/pyopenssl/pull/734>
_
- The minimum
-
v17.5.0 Changes
November 30, 2017Backward-incompatible changes:
- The minimum
cryptography
version is now 2.1.4.
๐ Deprecations: ^
none
๐ Changes: ^
- ๐ Fixed a potential use-after-free in the verify callback and resolved a memory leak when loading PKCS12 files with
cacerts
.#723 <https://github.com/pyca/pyopenssl/pull/723>
_ - Added
Connection.export_keying_material
for RFC 5705 compatible export of keying material.#725 <https://github.com/pyca/pyopenssl/pull/725>
_
- The minimum
-
v17.4.0 Changes
November 21, 2017Backward-incompatible changes:
none
๐ Deprecations: ^
none
๐ Changes: ^
- Re-added a subset of the
OpenSSL.rand
module. This subset allows conscientious users to reseed the OpenSSL CSPRNG after fork.#708 <https://github.com/pyca/pyopenssl/pull/708>
_ - ๐ Corrected a use-after-free when reusing an issuer or subject from an
X509
object after the underlying object has been mutated.#709 <https://github.com/pyca/pyopenssl/pull/709>
_
- Re-added a subset of the