Changelog History
Page 2
-
v17.3.0 Changes
September 14, 2017Backward-incompatible changes:
- โฌ๏ธ Dropped support for Python 3.3.
#677 <https://github.com/pyca/pyopenssl/pull/677>
_ - โ Removed the deprecated
OpenSSL.rand
module. This is being done ahead of our normal deprecation schedule due to its lack of use and the fact that it was becoming a maintenance burden.os.urandom()
should be used instead.#675 <https://github.com/pyca/pyopenssl/pull/675>
_
๐ Deprecations: ^
- ๐ Deprecated
OpenSSL.tsafe
.#673 <https://github.com/pyca/pyopenssl/pull/673>
_
๐ Changes: ^
- ๐ Fixed a memory leak in
OpenSSL.crypto.CRL
.#690 <https://github.com/pyca/pyopenssl/pull/690>
_ - ๐ Fixed a memory leak when verifying certificates with
OpenSSL.crypto.X509StoreContext
.#691 <https://github.com/pyca/pyopenssl/pull/691>
_
- โฌ๏ธ Dropped support for Python 3.3.
-
v17.2.0 Changes
July 20, 2017Backward-incompatible changes:
none
๐ Deprecations: ^
- ๐ Deprecated
OpenSSL.rand
- callers should useos.urandom()
instead.#658 <https://github.com/pyca/pyopenssl/pull/658>
_
๐ Changes: ^
- 0๏ธโฃ Fixed a bug causing
Context.set_default_verify_paths()
to not work with cryptographymanylinux1
wheels on Python 3.x.#665 <https://github.com/pyca/pyopenssl/pull/665>
_ - ๐ Fixed a crash with (EC)DSA signatures in some cases.
#670 <https://github.com/pyca/pyopenssl/pull/670>
_
- ๐ Deprecated
-
v17.1.0 Changes
June 30, 2017Backward-incompatible changes:
- โ Removed the deprecated
OpenSSL.rand.egd()
function. Applications should preferos.urandom()
for random number generation.#630 <https://github.com/pyca/pyopenssl/pull/630>
_ - โ Removed the deprecated default
digest
argument toOpenSSL.crypto.CRL.export()
. Callers must now always pass an explicitdigest
.#652 <https://github.com/pyca/pyopenssl/pull/652>
_ - Fixed a bug with
ASN1_TIME
casting inX509.set_notBefore()
,X509.set_notAfter()
,Revoked.set_rev_date()
,Revoked.set_nextUpdate()
, andRevoked.set_lastUpdate()
. You must now pass times in the formYYYYMMDDhhmmssZ
.YYYYMMDDhhmmss+hhmm
andYYYYMMDDhhmmss-hhmm
will no longer work.#612 <https://github.com/pyca/pyopenssl/pull/612>
_
๐ Deprecations: ^
- ๐ Deprecated the legacy "Type" aliases:
ContextType
,ConnectionType
,PKeyType
,X509NameType
,X509ExtensionType
,X509ReqType
,X509Type
,X509StoreType
,CRLType
,PKCS7Type
,PKCS12Type
,NetscapeSPKIType
. The names without the "Type"-suffix should be used instead.
๐ Changes: ^
- Added
OpenSSL.crypto.X509.from_cryptography()
andOpenSSL.crypto.X509.to_cryptography()
for converting X.509 certificate to and from pyca/cryptography objects.#640 <https://github.com/pyca/pyopenssl/pull/640>
_ - Added
OpenSSL.crypto.X509Req.from_cryptography()
,OpenSSL.crypto.X509Req.to_cryptography()
,OpenSSL.crypto.CRL.from_cryptography()
, andOpenSSL.crypto.CRL.to_cryptography()
for converting X.509 CSRs and CRLs to and from pyca/cryptography objects.#645 <https://github.com/pyca/pyopenssl/pull/645>
_ - โ Added
OpenSSL.debug
that allows to get an overview of used library versions (including linked OpenSSL) and other useful runtime information usingpython -m OpenSSL.debug
.#620 <https://github.com/pyca/pyopenssl/pull/620>
_ - 0๏ธโฃ Added a fallback path to
Context.set_default_verify_paths()
to accommodate the upcoming release ofcryptography
manylinux1
wheels.#633 <https://github.com/pyca/pyopenssl/pull/633>
_
- โ Removed the deprecated
-
v17.0.0 Changes
April 20, 2017Backward-incompatible changes:
none
๐ Deprecations: ^
none
๐ Changes: ^
- โ Added
OpenSSL.X509Store.set_time()
to set a custom verification time when verifying certificate chains.#567 <https://github.com/pyca/pyopenssl/pull/567>
_ - โ Added a collection of functions for working with OCSP stapling.
None of these functions make it possible to validate OCSP assertions, only to staple them into the handshake and to retrieve the stapled assertion if provided.
Users will need to write their own code to handle OCSP assertions.
We specifically added:
Context.set_ocsp_server_callback()
,Context.set_ocsp_client_callback()
, andConnection.request_ocsp()
.#580 <https://github.com/pyca/pyopenssl/pull/580>
_ - ๐ Changed the
SSL
module's memory allocation policy to avoid zeroing memory it allocates when unnecessary. This reduces CPU usage and memory allocation time by an amount proportional to the size of the allocation. For applications that process a lot of TLS data or that use very lage allocations this can provide considerable performance improvements.#578 <https://github.com/pyca/pyopenssl/pull/578>
_ - Automatically set
SSL_CTX_set_ecdh_auto()
onOpenSSL.SSL.Context
.#575 <https://github.com/pyca/pyopenssl/pull/575>
_ - ๐ Fix empty exceptions from
OpenSSL.crypto.load_privatekey()
.#581 <https://github.com/pyca/pyopenssl/pull/581>
_
- โ Added
-
v16.2.0 Changes
October 15, 2016Backward-incompatible changes:
none
๐ Deprecations: ^
none
๐ Changes: ^
- ๐ Fixed compatibility errors with OpenSSL 1.1.0.
- ๐ Fixed an issue that caused failures with subinterpreters and embedded Pythons.
#552 <https://github.com/pyca/pyopenssl/pull/552>
_
-
v16.1.0 Changes
August 26, 2016Backward-incompatible changes:
none
๐ Deprecations: ^
- โฌ๏ธ Dropped support for OpenSSL 0.9.8.
๐ Changes: ^
- Fix memory leak in
OpenSSL.crypto.dump_privatekey()
withFILETYPE_TEXT
.#496 <https://github.com/pyca/pyopenssl/pull/496>
_ - Enable use of CRL (and more) in verify context.
#483 <https://github.com/pyca/pyopenssl/pull/483>
_ OpenSSL.crypto.PKey
can now be constructed fromcryptography
objects and also exported as such.#439 <https://github.com/pyca/pyopenssl/pull/439>
_- ๐ Support newer versions of
cryptography
which use opaque structs for OpenSSL 1.1.0 compatibility.
-
v16.0.0 Changes
March 19, 2016๐ This is the first release under full stewardship of PyCA. We have made many changes to make local development more pleasing. ๐ง The test suite now passes both on Linux and OS X with OpenSSL 0.9.8, 1.0.1, and 1.0.2. ๐ท It has been moved to
pytest <https://docs.pytest.org/>
, all CI test runs are part oftox <https://tox.readthedocs.io/>
and the source code has been made fullyflake8 <https://flake8.readthedocs.io/>
_ compliant.We hope to have lowered the barrier for contributions significantly but are open to hear about any remaining frustrations.
Backward-incompatible changes:
- ๐ Python 3.2 support has been dropped.
It never had significant real world usage and has been dropped by our main dependency
cryptography
. Affected users should upgrade to Python 3.3 or later.
๐ Deprecations: ^
- ๐ The support for EGD has been removed.
The only affected function
OpenSSL.rand.egd()
now usesos.urandom()
to seed the internal PRNG instead. Please seepyca/cryptography#1636 <https://github.com/pyca/cryptography/pull/1636>
_ for more background information on this decision. In accordance with our backward compatibility policyOpenSSL.rand.egd()
will be removed no sooner than a year from the release of 16.0.0.
Please note that you should
use urandom <https://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/>
_ for all your secure random number needs.- ๐ Python 2.6 support has been deprecated.
Our main dependency
cryptography
deprecated 2.6 in version 0.9 (2015-05-14) with no time table for actually dropping it. pyOpenSSL will drop Python 2.6 support oncecryptography
does.
๐ Changes: ^
- Fixed
OpenSSL.SSL.Context.set_session_id
,OpenSSL.SSL.Connection.renegotiate
,OpenSSL.SSL.Connection.renegotiate_pending
, andOpenSSL.SSL.Context.load_client_ca
. They were lacking an implementation since 0.14.#422 <https://github.com/pyca/pyopenssl/pull/422>
_ - ๐ Fixed segmentation fault when using keys larger than 4096-bit to sign data.
#428 <https://github.com/pyca/pyopenssl/pull/428>
_ - Fixed
AttributeError
whenOpenSSL.SSL.Connection.get_app_data()
was called before setting any app data.#304 <https://github.com/pyca/pyopenssl/pull/304>
_ - Added
OpenSSL.crypto.dump_publickey()
to dumpOpenSSL.crypto.PKey
objects that represent public keys, andOpenSSL.crypto.load_publickey()
to load such objects from serialized representations.#382 <https://github.com/pyca/pyopenssl/pull/382>
_ - โ Added
OpenSSL.crypto.dump_crl()
to dump a certificate revocation list out to a string buffer.#368 <https://github.com/pyca/pyopenssl/pull/368>
_ - Added
OpenSSL.SSL.Connection.get_state_string()
using the OpenSSL bindingstate_string_long
.#358 <https://github.com/pyca/pyopenssl/pull/358>
_ - Added support for the
socket.MSG_PEEK
flag toOpenSSL.SSL.Connection.recv()
andOpenSSL.SSL.Connection.recv_into()
.#294 <https://github.com/pyca/pyopenssl/pull/294>
_ - Added
OpenSSL.SSL.Connection.get_protocol_version()
andOpenSSL.SSL.Connection.get_protocol_version_name()
.#244 <https://github.com/pyca/pyopenssl/pull/244>
_ - 0๏ธโฃ Switched to
utf8string
mask by default. OpenSSL formerly defaulted to aT61String
if there were UTF-8 characters present. This was changed to default toUTF8String
in the config around 2005, but the actual code didn't change it until late last year. This will default us to the setting that actually works. To revert this you can callOpenSSL.crypto._lib.ASN1_STRING_set_default_mask_asc(b"default")
.#234 <https://github.com/pyca/pyopenssl/pull/234>
_
Older Changelog Entries
The changes from before release 16.0.0 are preserved in the
repository <https://github.com/pyca/pyopenssl/blob/master/doc/ChangeLog_old.txt>
_. - ๐ Python 3.2 support has been dropped.
It never had significant real world usage and has been dropped by our main dependency