Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 1 | Changelog |
| 2 | ========= |
| 3 | |
Hynek Schlawack | 65e4def | 2016-03-13 15:07:52 +0100 | [diff] [blame] | 4 | Versions are year-based with a strict backward-compatibility policy. |
Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 5 | The third digit is only for regressions. |
| 6 | |
Alex Gaynor | f0a59cd | 2019-01-21 14:53:36 -0500 | [diff] [blame] | 7 | 19.1.0 (UNRELEASED) |
| 8 | ------------------- |
| 9 | |
| 10 | |
| 11 | Backward-incompatible changes: |
| 12 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 13 | |
Alex Gaynor | 01f90a1 | 2019-02-07 09:14:48 -0500 | [diff] [blame^] | 14 | - Removed deprecated ``ContextType``, ``ConnectionType``, ``PKeyType``, ``X509NameType``, ``X509ReqType``, ``X509Type``, ``X509StoreType``, ``CRLType``, ``PKCS7Type``, ``PKCS12Type``, and ``NetscapeSPKIType`` aliases. |
| 15 | Use the classes without the ``Type`` suffix instead. |
| 16 | `#814 <https://github.com/pyca/pyopenssl/pull/814>`_ |
Alex Gaynor | f0a59cd | 2019-01-21 14:53:36 -0500 | [diff] [blame] | 17 | |
| 18 | Deprecations: |
| 19 | ^^^^^^^^^^^^^ |
| 20 | |
| 21 | *none* |
| 22 | |
| 23 | |
| 24 | Changes: |
| 25 | ^^^^^^^^ |
| 26 | |
| 27 | *none* |
| 28 | |
| 29 | |
| 30 | ---- |
| 31 | |
Paul Kehrer | c9a71e1 | 2019-01-21 13:22:19 -0600 | [diff] [blame] | 32 | 19.0.0 (2019-01-21) |
Paul Kehrer | a40e861 | 2018-05-16 17:23:50 -0400 | [diff] [blame] | 33 | ------------------- |
| 34 | |
| 35 | |
| 36 | Backward-incompatible changes: |
| 37 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 38 | |
Paul Kehrer | 0e6c553 | 2018-08-23 10:52:15 -0500 | [diff] [blame] | 39 | - ``X509Store.add_cert`` no longer raises an error if you add a duplicate cert. |
| 40 | `#787 <https://github.com/pyca/pyopenssl/pull/787>`_ |
Paul Kehrer | a40e861 | 2018-05-16 17:23:50 -0400 | [diff] [blame] | 41 | |
| 42 | |
| 43 | Deprecations: |
| 44 | ^^^^^^^^^^^^^ |
| 45 | |
| 46 | *none* |
| 47 | |
| 48 | |
| 49 | Changes: |
| 50 | ^^^^^^^^ |
| 51 | |
Paul Kehrer | fd70632 | 2019-01-21 12:58:35 -0600 | [diff] [blame] | 52 | - pyOpenSSL now works with OpenSSL 1.1.1. |
| 53 | `#805 <https://github.com/pyca/pyopenssl/pull/805>`_ |
| 54 | - pyOpenSSL now handles NUL bytes in ``X509Name.get_components()`` |
| 55 | `#804 <https://github.com/pyca/pyopenssl/pull/804>`_ |
| 56 | |
Paul Kehrer | a40e861 | 2018-05-16 17:23:50 -0400 | [diff] [blame] | 57 | |
| 58 | |
| 59 | ---- |
| 60 | |
Paul Kehrer | 74de8a1 | 2018-05-16 15:12:28 -0400 | [diff] [blame] | 61 | 18.0.0 (2018-05-16) |
Paul Kehrer | 3d231f0 | 2017-12-01 20:31:06 +0800 | [diff] [blame] | 62 | ------------------- |
| 63 | |
| 64 | |
| 65 | Backward-incompatible changes: |
| 66 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 67 | |
Alex Gaynor | 4f9b706 | 2018-05-14 13:25:05 -0400 | [diff] [blame] | 68 | - The minimum ``cryptography`` version is now 2.2.1. |
| 69 | - Support for Python 2.6 has been dropped. |
Paul Kehrer | 3d231f0 | 2017-12-01 20:31:06 +0800 | [diff] [blame] | 70 | |
| 71 | |
| 72 | Deprecations: |
| 73 | ^^^^^^^^^^^^^ |
| 74 | |
| 75 | *none* |
| 76 | |
| 77 | |
| 78 | Changes: |
| 79 | ^^^^^^^^ |
| 80 | |
Jeremy Lainé | 460a19d | 2018-05-16 19:44:19 +0200 | [diff] [blame] | 81 | - Added ``Connection.get_certificate`` to retrieve the local certificate. |
| 82 | `#733 <https://github.com/pyca/pyopenssl/pull/733>`_ |
Paul Kehrer | 15c2935 | 2018-05-14 13:31:27 -0400 | [diff] [blame] | 83 | - ``OpenSSL.SSL.Connection`` now sets ``SSL_MODE_AUTO_RETRY`` by default. |
| 84 | `#753 <https://github.com/pyca/pyopenssl/pull/753>`_ |
Jeremy Lainé | 02261ad | 2018-05-16 18:33:25 +0200 | [diff] [blame] | 85 | - Added ``Context.set_tlsext_use_srtp`` to enable negotiation of SRTP keying material. |
| 86 | `#734 <https://github.com/pyca/pyopenssl/pull/734>`_ |
Paul Kehrer | 3d231f0 | 2017-12-01 20:31:06 +0800 | [diff] [blame] | 87 | |
| 88 | |
| 89 | ---- |
| 90 | |
Paul Kehrer | d21fcd8 | 2017-12-01 10:13:50 +0800 | [diff] [blame] | 91 | 17.5.0 (2017-11-30) |
Paul Kehrer | 57051a5 | 2017-11-22 11:40:12 +0800 | [diff] [blame] | 92 | ------------------- |
| 93 | |
| 94 | |
| 95 | Backward-incompatible changes: |
| 96 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 97 | |
Alex Gaynor | 4f9b706 | 2018-05-14 13:25:05 -0400 | [diff] [blame] | 98 | - The minimum ``cryptography`` version is now 2.1.4. |
Paul Kehrer | 57051a5 | 2017-11-22 11:40:12 +0800 | [diff] [blame] | 99 | |
| 100 | |
| 101 | Deprecations: |
| 102 | ^^^^^^^^^^^^^ |
| 103 | |
| 104 | *none* |
| 105 | |
| 106 | |
| 107 | Changes: |
| 108 | ^^^^^^^^ |
| 109 | |
Paul Kehrer | e738186 | 2017-11-30 20:55:25 +0800 | [diff] [blame] | 110 | - Fixed a potential use-after-free in the verify callback and resolved a memory leak when loading PKCS12 files with ``cacerts``. |
| 111 | `#723 <https://github.com/pyca/pyopenssl/pull/723>`_ |
Paul Kehrer | bdb7639 | 2017-12-01 04:54:32 +0800 | [diff] [blame] | 112 | - Added ``Connection.export_keying_material`` for RFC 5705 compatible export of keying material. |
| 113 | `#725 <https://github.com/pyca/pyopenssl/pull/725>`_ |
Paul Kehrer | 57051a5 | 2017-11-22 11:40:12 +0800 | [diff] [blame] | 114 | |
| 115 | ---- |
| 116 | |
| 117 | |
| 118 | |
Paul Kehrer | 5a3fb40 | 2017-11-22 02:20:14 +0800 | [diff] [blame] | 119 | 17.4.0 (2017-11-21) |
Paul Kehrer | 1eac0e8 | 2017-09-14 11:28:15 +0800 | [diff] [blame] | 120 | ------------------- |
| 121 | |
| 122 | |
| 123 | Backward-incompatible changes: |
| 124 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 125 | |
| 126 | *none* |
| 127 | |
| 128 | |
| 129 | Deprecations: |
| 130 | ^^^^^^^^^^^^^ |
| 131 | |
| 132 | *none* |
| 133 | |
| 134 | |
| 135 | Changes: |
| 136 | ^^^^^^^^ |
| 137 | |
Paul Kehrer | 1eac0e8 | 2017-09-14 11:28:15 +0800 | [diff] [blame] | 138 | |
Paul Kehrer | acbd662 | 2017-11-20 22:25:18 +0800 | [diff] [blame] | 139 | - Re-added a subset of the ``OpenSSL.rand`` module. |
| 140 | This subset allows conscientious users to reseed the OpenSSL CSPRNG after fork. |
| 141 | `#708 <https://github.com/pyca/pyopenssl/pull/708>`_ |
Alex Gaynor | 4aa52c3 | 2017-11-20 09:04:08 -0500 | [diff] [blame] | 142 | - Corrected a use-after-free when reusing an issuer or subject from an ``X509`` object after the underlying object has been mutated. |
| 143 | `#709 <https://github.com/pyca/pyopenssl/pull/709>`_ |
Paul Kehrer | 1eac0e8 | 2017-09-14 11:28:15 +0800 | [diff] [blame] | 144 | |
| 145 | ---- |
| 146 | |
Hynek Schlawack | 29add1d | 2016-10-16 11:20:04 +0200 | [diff] [blame] | 147 | |
Paul Kehrer | 9bd33dc | 2017-09-14 10:53:56 +0800 | [diff] [blame] | 148 | 17.3.0 (2017-09-14) |
Hynek Schlawack | a723ba2 | 2017-07-20 12:22:01 +0200 | [diff] [blame] | 149 | ------------------- |
| 150 | |
| 151 | |
| 152 | Backward-incompatible changes: |
| 153 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 154 | |
Alex Gaynor | 209de94 | 2017-07-25 09:08:05 -0400 | [diff] [blame] | 155 | - Dropped support for Python 3.3. |
| 156 | `#677 <https://github.com/pyca/pyopenssl/pull/677>`_ |
Alex Gaynor | 23c965e | 2017-07-25 10:33:17 -0400 | [diff] [blame] | 157 | - Removed the deprecated ``OpenSSL.rand`` module. |
| 158 | This is being done ahead of our normal deprecation schedule due to its lack of use and the fact that it was becoming a maintenance burden. |
| 159 | ``os.urandom()`` should be used instead. |
| 160 | `#675 <https://github.com/pyca/pyopenssl/pull/675>`_ |
Hynek Schlawack | a723ba2 | 2017-07-20 12:22:01 +0200 | [diff] [blame] | 161 | |
| 162 | |
| 163 | Deprecations: |
| 164 | ^^^^^^^^^^^^^ |
| 165 | |
Alex Gaynor | a079213 | 2017-07-22 09:13:57 -0400 | [diff] [blame] | 166 | - Deprecated ``OpenSSL.tsafe``. |
| 167 | `#673 <https://github.com/pyca/pyopenssl/pull/673>`_ |
Hynek Schlawack | a723ba2 | 2017-07-20 12:22:01 +0200 | [diff] [blame] | 168 | |
| 169 | Changes: |
| 170 | ^^^^^^^^ |
| 171 | |
Paul Kehrer | 9bd33dc | 2017-09-14 10:53:56 +0800 | [diff] [blame] | 172 | - Fixed a memory leak in ``OpenSSL.crypto.CRL``. |
| 173 | `#690 <https://github.com/pyca/pyopenssl/pull/690>`_ |
| 174 | - Fixed a memory leak when verifying certificates with ``OpenSSL.crypto.X509StoreContext``. |
| 175 | `#691 <https://github.com/pyca/pyopenssl/pull/691>`_ |
Hynek Schlawack | a723ba2 | 2017-07-20 12:22:01 +0200 | [diff] [blame] | 176 | |
| 177 | |
| 178 | ---- |
| 179 | |
| 180 | |
Hynek Schlawack | dd44662 | 2017-07-20 11:39:51 +0200 | [diff] [blame] | 181 | 17.2.0 (2017-07-20) |
Hynek Schlawack | a421276 | 2017-06-30 18:28:08 +0200 | [diff] [blame] | 182 | ------------------- |
| 183 | |
| 184 | |
| 185 | Backward-incompatible changes: |
| 186 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 187 | |
| 188 | *none* |
| 189 | |
| 190 | |
| 191 | Deprecations: |
| 192 | ^^^^^^^^^^^^^ |
| 193 | |
Alex Gaynor | 8a1de8d | 2017-07-06 22:40:07 -0400 | [diff] [blame] | 194 | - Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead. |
| 195 | `#658 <https://github.com/pyca/pyopenssl/pull/658>`_ |
Hynek Schlawack | a421276 | 2017-06-30 18:28:08 +0200 | [diff] [blame] | 196 | |
| 197 | |
| 198 | Changes: |
| 199 | ^^^^^^^^ |
| 200 | |
Hynek Schlawack | 8102128 | 2017-07-20 10:32:37 +0200 | [diff] [blame] | 201 | - Fixed a bug causing ``Context.set_default_verify_paths()`` to not work with cryptography ``manylinux1`` wheels on Python 3.x. |
Paul Kehrer | a92a1a7 | 2017-07-19 15:53:23 +0200 | [diff] [blame] | 202 | `#665 <https://github.com/pyca/pyopenssl/pull/665>`_ |
Paul Kehrer | 59d2625 | 2017-07-20 10:45:54 +0200 | [diff] [blame] | 203 | - Fixed a crash with (EC)DSA signatures in some cases. |
| 204 | `#670 <https://github.com/pyca/pyopenssl/pull/670>`_ |
Paul Kehrer | a92a1a7 | 2017-07-19 15:53:23 +0200 | [diff] [blame] | 205 | |
Hynek Schlawack | a421276 | 2017-06-30 18:28:08 +0200 | [diff] [blame] | 206 | |
| 207 | ---- |
| 208 | |
| 209 | |
Hynek Schlawack | a46d234 | 2017-06-30 17:33:08 +0200 | [diff] [blame] | 210 | 17.1.0 (2017-06-30) |
Hynek Schlawack | 7706e14 | 2017-04-20 14:54:05 +0200 | [diff] [blame] | 211 | ------------------- |
| 212 | |
| 213 | |
| 214 | Backward-incompatible changes: |
| 215 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 216 | |
Hynek Schlawack | 941f903 | 2017-06-30 16:20:00 +0200 | [diff] [blame] | 217 | - Removed the deprecated ``OpenSSL.rand.egd()`` function. |
Alex Gaynor | 3ed6273 | 2017-05-31 05:03:27 -0400 | [diff] [blame] | 218 | Applications should prefer ``os.urandom()`` for random number generation. |
| 219 | `#630 <https://github.com/pyca/pyopenssl/pull/630>`_ |
Alex Gaynor | 173e4ba | 2017-06-30 08:01:12 -0700 | [diff] [blame] | 220 | - Removed the deprecated default ``digest`` argument to ``OpenSSL.crypto.CRL.export()``. |
| 221 | Callers must now always pass an explicit ``digest``. |
| 222 | `#652 <https://github.com/pyca/pyopenssl/pull/652>`_ |
Hynek Schlawack | 941f903 | 2017-06-30 16:20:00 +0200 | [diff] [blame] | 223 | - Fixed a bug with ``ASN1_TIME`` casting in ``X509.set_notBefore()``, |
| 224 | ``X509.set_notAfter()``, ``Revoked.set_rev_date()``, ``Revoked.set_nextUpdate()``, |
| 225 | and ``Revoked.set_lastUpdate()``. You must now pass times in the form |
Paul Kehrer | ce98ee6 | 2017-06-21 06:59:58 -1000 | [diff] [blame] | 226 | ``YYYYMMDDhhmmssZ``. ``YYYYMMDDhhmmss+hhmm`` and ``YYYYMMDDhhmmss-hhmm`` |
| 227 | will no longer work. `#612 <https://github.com/pyca/pyopenssl/pull/612>`_ |
Hynek Schlawack | 7706e14 | 2017-04-20 14:54:05 +0200 | [diff] [blame] | 228 | |
| 229 | |
| 230 | Deprecations: |
| 231 | ^^^^^^^^^^^^^ |
| 232 | |
Alex Gaynor | 10d3083 | 2017-06-29 15:31:39 -0700 | [diff] [blame] | 233 | |
Hynek Schlawack | 941f903 | 2017-06-30 16:20:00 +0200 | [diff] [blame] | 234 | - Deprecated the legacy "Type" aliases: ``ContextType``, ``ConnectionType``, ``PKeyType``, ``X509NameType``, ``X509ExtensionType``, ``X509ReqType``, ``X509Type``, ``X509StoreType``, ``CRLType``, ``PKCS7Type``, ``PKCS12Type``, ``NetscapeSPKIType``. |
| 235 | The names without the "Type"-suffix should be used instead. |
Hynek Schlawack | 7706e14 | 2017-04-20 14:54:05 +0200 | [diff] [blame] | 236 | |
| 237 | |
| 238 | Changes: |
| 239 | ^^^^^^^^ |
| 240 | |
Hynek Schlawack | 941f903 | 2017-06-30 16:20:00 +0200 | [diff] [blame] | 241 | - Added ``OpenSSL.crypto.X509.from_cryptography()`` and ``OpenSSL.crypto.X509.to_cryptography()`` for converting X.509 certificate to and from pyca/cryptography objects. |
| 242 | `#640 <https://github.com/pyca/pyopenssl/pull/640>`_ |
| 243 | - Added ``OpenSSL.crypto.X509Req.from_cryptography()``, ``OpenSSL.crypto.X509Req.to_cryptography()``, ``OpenSSL.crypto.CRL.from_cryptography()``, and ``OpenSSL.crypto.CRL.to_cryptography()`` for converting X.509 CSRs and CRLs to and from pyca/cryptography objects. |
| 244 | `#645 <https://github.com/pyca/pyopenssl/pull/645>`_ |
Hynek Schlawack | d52975c | 2017-05-13 17:44:27 +0200 | [diff] [blame] | 245 | - Added ``OpenSSL.debug`` that allows to get an overview of used library versions (including linked OpenSSL) and other useful runtime information using ``python -m OpenSSL.debug``. |
| 246 | `#620 <https://github.com/pyca/pyopenssl/pull/620>`_ |
Hynek Schlawack | a46d234 | 2017-06-30 17:33:08 +0200 | [diff] [blame] | 247 | - Added a fallback path to ``Context.set_default_verify_paths()`` to accommodate the upcoming release of ``cryptography`` ``manylinux1`` wheels. |
Hynek Schlawack | 941f903 | 2017-06-30 16:20:00 +0200 | [diff] [blame] | 248 | `#633 <https://github.com/pyca/pyopenssl/pull/633>`_ |
Hynek Schlawack | 7706e14 | 2017-04-20 14:54:05 +0200 | [diff] [blame] | 249 | |
| 250 | |
| 251 | ---- |
| 252 | |
| 253 | |
Hynek Schlawack | 7970508 | 2017-04-20 13:32:49 +0200 | [diff] [blame] | 254 | 17.0.0 (2017-04-20) |
Hynek Schlawack | 29add1d | 2016-10-16 11:20:04 +0200 | [diff] [blame] | 255 | ------------------- |
| 256 | |
| 257 | Backward-incompatible changes: |
| 258 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 259 | |
| 260 | *none* |
| 261 | |
| 262 | |
| 263 | Deprecations: |
| 264 | ^^^^^^^^^^^^^ |
| 265 | |
| 266 | *none* |
| 267 | |
| 268 | |
| 269 | Changes: |
| 270 | ^^^^^^^^ |
| 271 | |
Thomas Sileo | e15e60a | 2016-11-22 18:13:30 +0100 | [diff] [blame] | 272 | - Added ``OpenSSL.X509Store.set_time()`` to set a custom verification time when verifying certificate chains. |
| 273 | `#567 <https://github.com/pyca/pyopenssl/pull/567>`_ |
Cory Benfield | 496652a | 2017-01-24 11:42:56 +0000 | [diff] [blame] | 274 | - Added a collection of functions for working with OCSP stapling. |
| 275 | None of these functions make it possible to validate OCSP assertions, only to staple them into the handshake and to retrieve the stapled assertion if provided. |
| 276 | Users will need to write their own code to handle OCSP assertions. |
Hynek Schlawack | 941f903 | 2017-06-30 16:20:00 +0200 | [diff] [blame] | 277 | We specifically added: ``Context.set_ocsp_server_callback()``, ``Context.set_ocsp_client_callback()``, and ``Connection.request_ocsp()``. |
Cory Benfield | 685483b | 2017-01-24 14:00:45 +0000 | [diff] [blame] | 278 | `#580 <https://github.com/pyca/pyopenssl/pull/580>`_ |
Cory Benfield | e62840e | 2016-11-28 12:17:08 +0000 | [diff] [blame] | 279 | - Changed the ``SSL`` module's memory allocation policy to avoid zeroing memory it allocates when unnecessary. |
| 280 | This reduces CPU usage and memory allocation time by an amount proportional to the size of the allocation. |
| 281 | For applications that process a lot of TLS data or that use very lage allocations this can provide considerable performance improvements. |
| 282 | `#578 <https://github.com/pyca/pyopenssl/pull/578>`_ |
Paul Kehrer | 6c6bf86 | 2016-12-19 06:03:48 -0600 | [diff] [blame] | 283 | - Automatically set ``SSL_CTX_set_ecdh_auto()`` on ``OpenSSL.SSL.Context``. |
| 284 | `#575 <https://github.com/pyca/pyopenssl/pull/575>`_ |
Greg Bowser | 36eb2de | 2017-01-24 11:38:55 -0500 | [diff] [blame] | 285 | - Fix empty exceptions from ``OpenSSL.crypto.load_privatekey()``. |
| 286 | `#581 <https://github.com/pyca/pyopenssl/pull/581>`_ |
Hynek Schlawack | 29add1d | 2016-10-16 11:20:04 +0200 | [diff] [blame] | 287 | |
| 288 | |
| 289 | ---- |
| 290 | |
| 291 | |
Hynek Schlawack | c3b38e5 | 2016-10-15 14:56:14 +0200 | [diff] [blame] | 292 | 16.2.0 (2016-10-15) |
Paul Kehrer | 8e99fef | 2016-08-26 19:36:46 +0800 | [diff] [blame] | 293 | ------------------- |
| 294 | |
| 295 | Backward-incompatible changes: |
| 296 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 297 | |
| 298 | *none* |
| 299 | |
| 300 | |
| 301 | Deprecations: |
| 302 | ^^^^^^^^^^^^^ |
| 303 | |
| 304 | *none* |
| 305 | |
| 306 | |
| 307 | Changes: |
| 308 | ^^^^^^^^ |
| 309 | |
Alex Gaynor | 0cc5637 | 2016-09-24 11:15:55 -0400 | [diff] [blame] | 310 | - Fixed compatibility errors with OpenSSL 1.1.0. |
Paul Kehrer | fe2a0a1 | 2016-10-06 12:00:54 +0200 | [diff] [blame] | 311 | - Fixed an issue that caused failures with subinterpreters and embedded Pythons. |
| 312 | `#552 <https://github.com/pyca/pyopenssl/pull/552>`_ |
Paul Kehrer | 8e99fef | 2016-08-26 19:36:46 +0800 | [diff] [blame] | 313 | |
Hynek Schlawack | c3b38e5 | 2016-10-15 14:56:14 +0200 | [diff] [blame] | 314 | |
Paul Kehrer | 8e99fef | 2016-08-26 19:36:46 +0800 | [diff] [blame] | 315 | ---- |
| 316 | |
Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 317 | |
Paul Kehrer | d0513ab | 2016-08-26 16:33:23 +0800 | [diff] [blame] | 318 | 16.1.0 (2016-08-26) |
Hynek Schlawack | 156f174 | 2016-03-19 12:37:12 +0100 | [diff] [blame] | 319 | ------------------- |
| 320 | |
| 321 | Backward-incompatible changes: |
| 322 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 323 | |
| 324 | *none* |
| 325 | |
| 326 | |
| 327 | Deprecations: |
| 328 | ^^^^^^^^^^^^^ |
| 329 | |
Alex Gaynor | 2a52285 | 2016-08-31 12:17:55 -0400 | [diff] [blame] | 330 | - Dropped support for OpenSSL 0.9.8. |
Hynek Schlawack | 156f174 | 2016-03-19 12:37:12 +0100 | [diff] [blame] | 331 | |
| 332 | |
| 333 | Changes: |
| 334 | ^^^^^^^^ |
| 335 | |
Hynek Schlawack | 11e43ad | 2016-07-03 14:40:20 +0200 | [diff] [blame] | 336 | - Fix memory leak in ``OpenSSL.crypto.dump_privatekey()`` with ``FILETYPE_TEXT``. |
| 337 | `#496 <https://github.com/pyca/pyopenssl/pull/496>`_ |
Dan Sully | 44e767a | 2016-06-04 18:05:27 -0700 | [diff] [blame] | 338 | - Enable use of CRL (and more) in verify context. |
| 339 | `#483 <https://github.com/pyca/pyopenssl/pull/483>`_ |
Paul Kehrer | 72d968b | 2016-07-29 15:31:04 +0800 | [diff] [blame] | 340 | - ``OpenSSL.crypto.PKey`` can now be constructed from ``cryptography`` objects and also exported as such. |
| 341 | `#439 <https://github.com/pyca/pyopenssl/pull/439>`_ |
Paul Kehrer | d0513ab | 2016-08-26 16:33:23 +0800 | [diff] [blame] | 342 | - Support newer versions of ``cryptography`` which use opaque structs for OpenSSL 1.1.0 compatibility. |
Hynek Schlawack | 156f174 | 2016-03-19 12:37:12 +0100 | [diff] [blame] | 343 | |
| 344 | |
| 345 | ---- |
| 346 | |
| 347 | |
Hynek Schlawack | b62041b | 2016-03-19 10:00:09 +0100 | [diff] [blame] | 348 | 16.0.0 (2016-03-19) |
Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 349 | ------------------- |
| 350 | |
| 351 | This is the first release under full stewardship of PyCA. |
| 352 | We have made *many* changes to make local development more pleasing. |
| 353 | The test suite now passes both on Linux and OS X with OpenSSL 0.9.8, 1.0.1, and 1.0.2. |
Hynek Schlawack | f6c96af | 2017-04-20 12:34:58 +0200 | [diff] [blame] | 354 | It has been moved to `pytest <https://docs.pytest.org/>`_, all CI test runs are part of `tox <https://tox.readthedocs.io/>`_ and the source code has been made fully `flake8 <https://flake8.readthedocs.io/>`_ compliant. |
Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 355 | |
Cory Benfield | 0820ac2 | 2015-10-28 17:39:28 +0900 | [diff] [blame] | 356 | We hope to have lowered the barrier for contributions significantly but are open to hear about any remaining frustrations. |
Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 357 | |
| 358 | |
| 359 | Backward-incompatible changes: |
| 360 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 361 | |
| 362 | - Python 3.2 support has been dropped. |
| 363 | It never had significant real world usage and has been dropped by our main dependency ``cryptography``. |
| 364 | Affected users should upgrade to Python 3.3 or later. |
| 365 | |
| 366 | |
| 367 | Deprecations: |
| 368 | ^^^^^^^^^^^^^ |
| 369 | |
| 370 | - The support for EGD has been removed. |
Hynek Schlawack | 65e4def | 2016-03-13 15:07:52 +0100 | [diff] [blame] | 371 | The only affected function ``OpenSSL.rand.egd()`` now uses ``os.urandom()`` to seed the internal PRNG instead. |
Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 372 | Please see `pyca/cryptography#1636 <https://github.com/pyca/cryptography/pull/1636>`_ for more background information on this decision. |
Hynek Schlawack | 65e4def | 2016-03-13 15:07:52 +0100 | [diff] [blame] | 373 | In accordance with our backward compatibility policy ``OpenSSL.rand.egd()`` will be *removed* no sooner than a year from the release of 16.0.0. |
Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 374 | |
Hynek Schlawack | c3b38e5 | 2016-10-15 14:56:14 +0200 | [diff] [blame] | 375 | Please note that you should `use urandom <https://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/>`_ for all your secure random number needs. |
Hynek Schlawack | 046d3f4 | 2016-03-13 08:33:04 +0100 | [diff] [blame] | 376 | - Python 2.6 support has been deprecated. |
| 377 | Our main dependency ``cryptography`` deprecated 2.6 in version 0.9 (2015-05-14) with no time table for actually dropping it. |
| 378 | pyOpenSSL will drop Python 2.6 support once ``cryptography`` does. |
Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 379 | |
| 380 | |
| 381 | Changes: |
| 382 | ^^^^^^^^ |
| 383 | |
Hynek Schlawack | b875d51 | 2016-03-16 13:56:33 +0100 | [diff] [blame] | 384 | - Fixed ``OpenSSL.SSL.Context.set_session_id``, ``OpenSSL.SSL.Connection.renegotiate``, ``OpenSSL.SSL.Connection.renegotiate_pending``, and ``OpenSSL.SSL.Context.load_client_ca``. |
Hynek Schlawack | b1f3ca8 | 2016-02-13 09:10:04 +0100 | [diff] [blame] | 385 | They were lacking an implementation since 0.14. |
Hynek Schlawack | b875d51 | 2016-03-16 13:56:33 +0100 | [diff] [blame] | 386 | `#422 <https://github.com/pyca/pyopenssl/pull/422>`_ |
Paul Kehrer | 8fc6ec0 | 2016-03-02 13:20:58 -0600 | [diff] [blame] | 387 | - Fixed segmentation fault when using keys larger than 4096-bit to sign data. |
Hynek Schlawack | 65e4def | 2016-03-13 15:07:52 +0100 | [diff] [blame] | 388 | `#428 <https://github.com/pyca/pyopenssl/pull/428>`_ |
| 389 | - Fixed ``AttributeError`` when ``OpenSSL.SSL.Connection.get_app_data()`` was called before setting any app data. |
| 390 | `#304 <https://github.com/pyca/pyopenssl/pull/304>`_ |
| 391 | - Added ``OpenSSL.crypto.dump_publickey()`` to dump ``OpenSSL.crypto.PKey`` objects that represent public keys, and ``OpenSSL.crypto.load_publickey()`` to load such objects from serialized representations. |
| 392 | `#382 <https://github.com/pyca/pyopenssl/pull/382>`_ |
| 393 | - Added ``OpenSSL.crypto.dump_crl()`` to dump a certificate revocation list out to a string buffer. |
| 394 | `#368 <https://github.com/pyca/pyopenssl/pull/368>`_ |
Hynek Schlawack | ea94f2b | 2016-03-13 16:17:53 +0100 | [diff] [blame] | 395 | - Added ``OpenSSL.SSL.Connection.get_state_string()`` using the OpenSSL binding ``state_string_long``. |
Hynek Schlawack | 65e4def | 2016-03-13 15:07:52 +0100 | [diff] [blame] | 396 | `#358 <https://github.com/pyca/pyopenssl/pull/358>`_ |
| 397 | - Added support for the ``socket.MSG_PEEK`` flag to ``OpenSSL.SSL.Connection.recv()`` and ``OpenSSL.SSL.Connection.recv_into()``. |
| 398 | `#294 <https://github.com/pyca/pyopenssl/pull/294>`_ |
| 399 | - Added ``OpenSSL.SSL.Connection.get_protocol_version()`` and ``OpenSSL.SSL.Connection.get_protocol_version_name()``. |
| 400 | `#244 <https://github.com/pyca/pyopenssl/pull/244>`_ |
| 401 | - Switched to ``utf8string`` mask by default. |
| 402 | OpenSSL formerly defaulted to a ``T61String`` if there were UTF-8 characters present. |
| 403 | This was changed to default to ``UTF8String`` in the config around 2005, but the actual code didn't change it until late last year. |
Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 404 | This will default us to the setting that actually works. |
| 405 | To revert this you can call ``OpenSSL.crypto._lib.ASN1_STRING_set_default_mask_asc(b"default")``. |
Hynek Schlawack | 65e4def | 2016-03-13 15:07:52 +0100 | [diff] [blame] | 406 | `#234 <https://github.com/pyca/pyopenssl/pull/234>`_ |
Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 407 | |
| 408 | |
Hynek Schlawack | 65e4def | 2016-03-13 15:07:52 +0100 | [diff] [blame] | 409 | ---- |
| 410 | |
Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 411 | |
| 412 | Older Changelog Entries |
| 413 | ----------------------- |
| 414 | |
Hynek Schlawack | 0cc6154 | 2016-01-19 14:09:32 +0100 | [diff] [blame] | 415 | The changes from before release 16.0.0 are preserved in the `repository <https://github.com/pyca/pyopenssl/blob/master/doc/ChangeLog_old.txt>`_. |