pyOpenSSL -- A Python wrapper around the OpenSSL library v20.0.1 Release Notes

Release Date: 2020-12-15 // 10 months ago
  • Backward-incompatible changes:

    ๐Ÿ—„ Deprecations: ^

    ๐Ÿ”„ Changes: ^

    • ๐Ÿ›  Fixed compatibility with OpenSSL 1.1.0.

Previous changes from v20.0.0

  • Backward-incompatible changes:

    • The minimum cryptography version is now 3.2.
    • โœ‚ Remove deprecated OpenSSL.tsafe module.
    • Removed deprecated OpenSSL.SSL.Context.set_npn_advertise_callback, OpenSSL.SSL.Context.set_npn_select_callback, and OpenSSL.SSL.Connection.get_next_proto_negotiated.
    • โฌ‡๏ธ Drop support for Python 3.4
    • โฌ‡๏ธ Drop support for OpenSSL 1.0.1 and 1.0.2

    ๐Ÿ—„ Deprecations: ^

    • Deprecated OpenSSL.crypto.loads_pkcs7 and OpenSSL.crypto.loads_pkcs12.

    ๐Ÿ”„ Changes: ^

    • โž• Added a new optional chain parameter to OpenSSL.crypto.X509StoreContext() where additional untrusted certificates can be specified to help chain building. #948 <https://github.com/pyca/pyopenssl/pull/948>_
    • โž• Added OpenSSL.crypto.X509Store.load_locations to set trusted certificate file bundles and/or directories for verification. #943 <https://github.com/pyca/pyopenssl/pull/943>_
    • Added Context.set_keylog_callback to log key material. #910 <https://github.com/pyca/pyopenssl/pull/910>_
    • Added OpenSSL.SSL.Connection.get_verified_chain to retrieve the verified certificate chain of the peer. #894 <https://github.com/pyca/pyopenssl/pull/894>_.
    • ๐Ÿ‘‰ Make verification callback optional in Context.set_verify. If omitted, OpenSSL's default verification is used. #933 <https://github.com/pyca/pyopenssl/pull/933>_
    • ๐Ÿ›  Fixed a bug that could truncate or cause a zero-length key error due to a null byte in private key passphrase in OpenSSL.crypto.load_privatekey and OpenSSL.crypto.dump_privatekey. #947 <https://github.com/pyca/pyopenssl/pull/947>_