All Versions
14
Latest Version
Avg Release Cycle
133 days
Latest Release
313 days ago

Changelog History
Page 1

  • v20.0.1 Changes

    December 15, 2020

    Backward-incompatible changes:

    ๐Ÿ—„ Deprecations: ^

    ๐Ÿ”„ Changes: ^

    • ๐Ÿ›  Fixed compatibility with OpenSSL 1.1.0.
  • v20.0.0 Changes

    November 27, 2020

    Backward-incompatible changes:

    • The minimum cryptography version is now 3.2.
    • โœ‚ Remove deprecated OpenSSL.tsafe module.
    • Removed deprecated OpenSSL.SSL.Context.set_npn_advertise_callback, OpenSSL.SSL.Context.set_npn_select_callback, and OpenSSL.SSL.Connection.get_next_proto_negotiated.
    • โฌ‡๏ธ Drop support for Python 3.4
    • โฌ‡๏ธ Drop support for OpenSSL 1.0.1 and 1.0.2

    ๐Ÿ—„ Deprecations: ^

    • Deprecated OpenSSL.crypto.loads_pkcs7 and OpenSSL.crypto.loads_pkcs12.

    ๐Ÿ”„ Changes: ^

    • โž• Added a new optional chain parameter to OpenSSL.crypto.X509StoreContext() where additional untrusted certificates can be specified to help chain building. #948 <https://github.com/pyca/pyopenssl/pull/948>_
    • โž• Added OpenSSL.crypto.X509Store.load_locations to set trusted certificate file bundles and/or directories for verification. #943 <https://github.com/pyca/pyopenssl/pull/943>_
    • Added Context.set_keylog_callback to log key material. #910 <https://github.com/pyca/pyopenssl/pull/910>_
    • Added OpenSSL.SSL.Connection.get_verified_chain to retrieve the verified certificate chain of the peer. #894 <https://github.com/pyca/pyopenssl/pull/894>_.
    • ๐Ÿ‘‰ Make verification callback optional in Context.set_verify. If omitted, OpenSSL's default verification is used. #933 <https://github.com/pyca/pyopenssl/pull/933>_
    • ๐Ÿ›  Fixed a bug that could truncate or cause a zero-length key error due to a null byte in private key passphrase in OpenSSL.crypto.load_privatekey and OpenSSL.crypto.dump_privatekey. #947 <https://github.com/pyca/pyopenssl/pull/947>_
  • v19.1.0 Changes

    November 18, 2019

    Backward-incompatible changes:

    • โœ‚ Removed deprecated ContextType, ConnectionType, PKeyType, X509NameType, X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, and NetscapeSPKIType aliases. Use the classes without the Type suffix instead. #814 <https://github.com/pyca/pyopenssl/pull/814>_
    • ๐ŸŽ The minimum cryptography version is now 2.8 due to issues on macOS with a transitive dependency. #875 <https://github.com/pyca/pyopenssl/pull/875>_

    ๐Ÿ—„ Deprecations: ^

    • Deprecated OpenSSL.SSL.Context.set_npn_advertise_callback, OpenSSL.SSL.Context.set_npn_select_callback, and OpenSSL.SSL.Connection.get_next_proto_negotiated. ALPN should be used instead. #820 <https://github.com/pyca/pyopenssl/pull/820>_

    ๐Ÿ”„ Changes: ^

    • ๐Ÿ‘Œ Support bytearray in SSL.Connection.send() by using cffi's from_buffer. #852 <https://github.com/pyca/pyopenssl/pull/852>_
    • The OpenSSL.SSL.Context.set_alpn_select_callback can return a new NO_OVERLAPPING_PROTOCOLS sentinel value to allow a TLS handshake to complete without an application protocol.

  • v19.0.0 Changes

    January 21, 2019

    Backward-incompatible changes:

    • X509Store.add_cert no longer raises an error if you add a duplicate cert. #787 <https://github.com/pyca/pyopenssl/pull/787>_

    ๐Ÿ—„ Deprecations: ^

    none

    ๐Ÿ”„ Changes: ^

    • pyOpenSSL now works with OpenSSL 1.1.1. #805 <https://github.com/pyca/pyopenssl/pull/805>_
    • pyOpenSSL now handles NUL bytes in X509Name.get_components() #804 <https://github.com/pyca/pyopenssl/pull/804>_

  • v18.0.0 Changes

    May 16, 2018

    Backward-incompatible changes:

    • The minimum cryptography version is now 2.2.1.
    • ๐Ÿ‘Œ Support for Python 2.6 has been dropped.

    ๐Ÿ—„ Deprecations: ^

    none

    ๐Ÿ”„ Changes: ^

    • โž• Added Connection.get_certificate to retrieve the local certificate. #733 <https://github.com/pyca/pyopenssl/pull/733>_
    • OpenSSL.SSL.Connection now sets SSL_MODE_AUTO_RETRY by default. #753 <https://github.com/pyca/pyopenssl/pull/753>_
    • Added Context.set_tlsext_use_srtp to enable negotiation of SRTP keying material. #734 <https://github.com/pyca/pyopenssl/pull/734>_

  • v17.5.0 Changes

    November 30, 2017

    Backward-incompatible changes:

    • The minimum cryptography version is now 2.1.4.

    ๐Ÿ—„ Deprecations: ^

    none

    ๐Ÿ”„ Changes: ^

    • ๐Ÿ›  Fixed a potential use-after-free in the verify callback and resolved a memory leak when loading PKCS12 files with cacerts. #723 <https://github.com/pyca/pyopenssl/pull/723>_
    • Added Connection.export_keying_material for RFC 5705 compatible export of keying material. #725 <https://github.com/pyca/pyopenssl/pull/725>_

  • v17.4.0 Changes

    November 21, 2017

    Backward-incompatible changes:

    none

    ๐Ÿ—„ Deprecations: ^

    none

    ๐Ÿ”„ Changes: ^

    • Re-added a subset of the OpenSSL.rand module. This subset allows conscientious users to reseed the OpenSSL CSPRNG after fork. #708 <https://github.com/pyca/pyopenssl/pull/708>_
    • ๐Ÿ†“ Corrected a use-after-free when reusing an issuer or subject from an X509 object after the underlying object has been mutated. #709 <https://github.com/pyca/pyopenssl/pull/709>_

  • v17.3.0 Changes

    September 14, 2017

    Backward-incompatible changes:

    • โฌ‡๏ธ Dropped support for Python 3.3. #677 <https://github.com/pyca/pyopenssl/pull/677>_
    • โœ‚ Removed the deprecated OpenSSL.rand module. This is being done ahead of our normal deprecation schedule due to its lack of use and the fact that it was becoming a maintenance burden. os.urandom() should be used instead. #675 <https://github.com/pyca/pyopenssl/pull/675>_

    ๐Ÿ—„ Deprecations: ^

    • ๐Ÿ—„ Deprecated OpenSSL.tsafe. #673 <https://github.com/pyca/pyopenssl/pull/673>_

    ๐Ÿ”„ Changes: ^

    • ๐Ÿ›  Fixed a memory leak in OpenSSL.crypto.CRL. #690 <https://github.com/pyca/pyopenssl/pull/690>_
    • ๐Ÿ›  Fixed a memory leak when verifying certificates with OpenSSL.crypto.X509StoreContext. #691 <https://github.com/pyca/pyopenssl/pull/691>_

  • v17.2.0 Changes

    July 20, 2017

    Backward-incompatible changes:

    none

    ๐Ÿ—„ Deprecations: ^

    • ๐Ÿ—„ Deprecated OpenSSL.rand - callers should use os.urandom() instead. #658 <https://github.com/pyca/pyopenssl/pull/658>_

    ๐Ÿ”„ Changes: ^

    • 0๏ธโƒฃ Fixed a bug causing Context.set_default_verify_paths() to not work with cryptography manylinux1 wheels on Python 3.x. #665 <https://github.com/pyca/pyopenssl/pull/665>_
    • ๐Ÿ›  Fixed a crash with (EC)DSA signatures in some cases. #670 <https://github.com/pyca/pyopenssl/pull/670>_

  • v17.1.0 Changes

    June 30, 2017

    Backward-incompatible changes:

    • โœ‚ Removed the deprecated OpenSSL.rand.egd() function. Applications should prefer os.urandom() for random number generation. #630 <https://github.com/pyca/pyopenssl/pull/630>_
    • โœ‚ Removed the deprecated default digest argument to OpenSSL.crypto.CRL.export(). Callers must now always pass an explicit digest. #652 <https://github.com/pyca/pyopenssl/pull/652>_
    • Fixed a bug with ASN1_TIME casting in X509.set_notBefore(), X509.set_notAfter(), Revoked.set_rev_date(), Revoked.set_nextUpdate(), and Revoked.set_lastUpdate(). You must now pass times in the form YYYYMMDDhhmmssZ. YYYYMMDDhhmmss+hhmm and YYYYMMDDhhmmss-hhmm will no longer work. #612 <https://github.com/pyca/pyopenssl/pull/612>_

    ๐Ÿ—„ Deprecations: ^

    • ๐Ÿ—„ Deprecated the legacy "Type" aliases: ContextType, ConnectionType, PKeyType, X509NameType, X509ExtensionType, X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, NetscapeSPKIType. The names without the "Type"-suffix should be used instead.

    ๐Ÿ”„ Changes: ^

    • Added OpenSSL.crypto.X509.from_cryptography() and OpenSSL.crypto.X509.to_cryptography() for converting X.509 certificate to and from pyca/cryptography objects. #640 <https://github.com/pyca/pyopenssl/pull/640>_
    • Added OpenSSL.crypto.X509Req.from_cryptography(), OpenSSL.crypto.X509Req.to_cryptography(), OpenSSL.crypto.CRL.from_cryptography(), and OpenSSL.crypto.CRL.to_cryptography() for converting X.509 CSRs and CRLs to and from pyca/cryptography objects. #645 <https://github.com/pyca/pyopenssl/pull/645>_
    • โž• Added OpenSSL.debug that allows to get an overview of used library versions (including linked OpenSSL) and other useful runtime information using python -m OpenSSL.debug. #620 <https://github.com/pyca/pyopenssl/pull/620>_
    • 0๏ธโƒฃ Added a fallback path to Context.set_default_verify_paths() to accommodate the upcoming release of cryptography manylinux1 wheels. #633 <https://github.com/pyca/pyopenssl/pull/633>_