Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 1 | Changelog |
| 2 | ========= |
| 3 | |
Hynek Schlawack | 65e4def | 2016-03-13 15:07:52 +0100 | [diff] [blame] | 4 | Versions are year-based with a strict backward-compatibility policy. |
Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 5 | The third digit is only for regressions. |
| 6 | |
Hynek Schlawack | 29add1d | 2016-10-16 11:20:04 +0200 | [diff] [blame] | 7 | |
| 8 | 16.3.0 (UNRELEASED) |
| 9 | ------------------- |
| 10 | |
| 11 | Backward-incompatible changes: |
| 12 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 13 | |
| 14 | *none* |
| 15 | |
| 16 | |
| 17 | Deprecations: |
| 18 | ^^^^^^^^^^^^^ |
| 19 | |
| 20 | *none* |
| 21 | |
| 22 | |
| 23 | Changes: |
| 24 | ^^^^^^^^ |
| 25 | |
Thomas Sileo | e15e60a | 2016-11-22 18:13:30 +0100 | [diff] [blame] | 26 | - Added ``OpenSSL.X509Store.set_time()`` to set a custom verification time when verifying certificate chains. |
| 27 | `#567 <https://github.com/pyca/pyopenssl/pull/567>`_ |
Cory Benfield | e62840e | 2016-11-28 12:17:08 +0000 | [diff] [blame] | 28 | - Changed the ``SSL`` module's memory allocation policy to avoid zeroing memory it allocates when unnecessary. |
| 29 | This reduces CPU usage and memory allocation time by an amount proportional to the size of the allocation. |
| 30 | For applications that process a lot of TLS data or that use very lage allocations this can provide considerable performance improvements. |
| 31 | `#578 <https://github.com/pyca/pyopenssl/pull/578>`_ |
Paul Kehrer | 6c6bf86 | 2016-12-19 06:03:48 -0600 | [diff] [blame^] | 32 | - Automatically set ``SSL_CTX_set_ecdh_auto()`` on ``OpenSSL.SSL.Context``. |
| 33 | `#575 <https://github.com/pyca/pyopenssl/pull/575>`_ |
Hynek Schlawack | 29add1d | 2016-10-16 11:20:04 +0200 | [diff] [blame] | 34 | |
| 35 | |
| 36 | ---- |
| 37 | |
| 38 | |
Hynek Schlawack | c3b38e5 | 2016-10-15 14:56:14 +0200 | [diff] [blame] | 39 | 16.2.0 (2016-10-15) |
Paul Kehrer | 8e99fef | 2016-08-26 19:36:46 +0800 | [diff] [blame] | 40 | ------------------- |
| 41 | |
| 42 | Backward-incompatible changes: |
| 43 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 44 | |
| 45 | *none* |
| 46 | |
| 47 | |
| 48 | Deprecations: |
| 49 | ^^^^^^^^^^^^^ |
| 50 | |
| 51 | *none* |
| 52 | |
| 53 | |
| 54 | Changes: |
| 55 | ^^^^^^^^ |
| 56 | |
Alex Gaynor | 0cc5637 | 2016-09-24 11:15:55 -0400 | [diff] [blame] | 57 | - Fixed compatibility errors with OpenSSL 1.1.0. |
Paul Kehrer | fe2a0a1 | 2016-10-06 12:00:54 +0200 | [diff] [blame] | 58 | - Fixed an issue that caused failures with subinterpreters and embedded Pythons. |
| 59 | `#552 <https://github.com/pyca/pyopenssl/pull/552>`_ |
Paul Kehrer | 8e99fef | 2016-08-26 19:36:46 +0800 | [diff] [blame] | 60 | |
Hynek Schlawack | c3b38e5 | 2016-10-15 14:56:14 +0200 | [diff] [blame] | 61 | |
Paul Kehrer | 8e99fef | 2016-08-26 19:36:46 +0800 | [diff] [blame] | 62 | ---- |
| 63 | |
Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 64 | |
Paul Kehrer | d0513ab | 2016-08-26 16:33:23 +0800 | [diff] [blame] | 65 | 16.1.0 (2016-08-26) |
Hynek Schlawack | 156f174 | 2016-03-19 12:37:12 +0100 | [diff] [blame] | 66 | ------------------- |
| 67 | |
| 68 | Backward-incompatible changes: |
| 69 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 70 | |
| 71 | *none* |
| 72 | |
| 73 | |
| 74 | Deprecations: |
| 75 | ^^^^^^^^^^^^^ |
| 76 | |
Alex Gaynor | 2a52285 | 2016-08-31 12:17:55 -0400 | [diff] [blame] | 77 | - Dropped support for OpenSSL 0.9.8. |
Hynek Schlawack | 156f174 | 2016-03-19 12:37:12 +0100 | [diff] [blame] | 78 | |
| 79 | |
| 80 | Changes: |
| 81 | ^^^^^^^^ |
| 82 | |
Hynek Schlawack | 11e43ad | 2016-07-03 14:40:20 +0200 | [diff] [blame] | 83 | - Fix memory leak in ``OpenSSL.crypto.dump_privatekey()`` with ``FILETYPE_TEXT``. |
| 84 | `#496 <https://github.com/pyca/pyopenssl/pull/496>`_ |
Dan Sully | 44e767a | 2016-06-04 18:05:27 -0700 | [diff] [blame] | 85 | - Enable use of CRL (and more) in verify context. |
| 86 | `#483 <https://github.com/pyca/pyopenssl/pull/483>`_ |
Paul Kehrer | 72d968b | 2016-07-29 15:31:04 +0800 | [diff] [blame] | 87 | - ``OpenSSL.crypto.PKey`` can now be constructed from ``cryptography`` objects and also exported as such. |
| 88 | `#439 <https://github.com/pyca/pyopenssl/pull/439>`_ |
Paul Kehrer | d0513ab | 2016-08-26 16:33:23 +0800 | [diff] [blame] | 89 | - Support newer versions of ``cryptography`` which use opaque structs for OpenSSL 1.1.0 compatibility. |
Hynek Schlawack | 156f174 | 2016-03-19 12:37:12 +0100 | [diff] [blame] | 90 | |
| 91 | |
| 92 | ---- |
| 93 | |
| 94 | |
Hynek Schlawack | b62041b | 2016-03-19 10:00:09 +0100 | [diff] [blame] | 95 | 16.0.0 (2016-03-19) |
Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 96 | ------------------- |
| 97 | |
| 98 | This is the first release under full stewardship of PyCA. |
| 99 | We have made *many* changes to make local development more pleasing. |
| 100 | The test suite now passes both on Linux and OS X with OpenSSL 0.9.8, 1.0.1, and 1.0.2. |
Hynek Schlawack | c3b38e5 | 2016-10-15 14:56:14 +0200 | [diff] [blame] | 101 | It has been moved to `pytest <https://pytest.org/>`_, all CI test runs are part of `tox <https://testrun.org/tox/>`_ and the source code has been made fully `flake8 <https://flake8.readthedocs.io/>`_ compliant. |
Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 102 | |
Cory Benfield | 0820ac2 | 2015-10-28 17:39:28 +0900 | [diff] [blame] | 103 | We hope to have lowered the barrier for contributions significantly but are open to hear about any remaining frustrations. |
Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 104 | |
| 105 | |
| 106 | Backward-incompatible changes: |
| 107 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 108 | |
| 109 | - Python 3.2 support has been dropped. |
| 110 | It never had significant real world usage and has been dropped by our main dependency ``cryptography``. |
| 111 | Affected users should upgrade to Python 3.3 or later. |
| 112 | |
| 113 | |
| 114 | Deprecations: |
| 115 | ^^^^^^^^^^^^^ |
| 116 | |
| 117 | - The support for EGD has been removed. |
Hynek Schlawack | 65e4def | 2016-03-13 15:07:52 +0100 | [diff] [blame] | 118 | The only affected function ``OpenSSL.rand.egd()`` now uses ``os.urandom()`` to seed the internal PRNG instead. |
Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 119 | Please see `pyca/cryptography#1636 <https://github.com/pyca/cryptography/pull/1636>`_ for more background information on this decision. |
Hynek Schlawack | 65e4def | 2016-03-13 15:07:52 +0100 | [diff] [blame] | 120 | In accordance with our backward compatibility policy ``OpenSSL.rand.egd()`` will be *removed* no sooner than a year from the release of 16.0.0. |
Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 121 | |
Hynek Schlawack | c3b38e5 | 2016-10-15 14:56:14 +0200 | [diff] [blame] | 122 | Please note that you should `use urandom <https://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/>`_ for all your secure random number needs. |
Hynek Schlawack | 046d3f4 | 2016-03-13 08:33:04 +0100 | [diff] [blame] | 123 | - Python 2.6 support has been deprecated. |
| 124 | Our main dependency ``cryptography`` deprecated 2.6 in version 0.9 (2015-05-14) with no time table for actually dropping it. |
| 125 | pyOpenSSL will drop Python 2.6 support once ``cryptography`` does. |
Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 126 | |
| 127 | |
| 128 | Changes: |
| 129 | ^^^^^^^^ |
| 130 | |
Hynek Schlawack | b875d51 | 2016-03-16 13:56:33 +0100 | [diff] [blame] | 131 | - Fixed ``OpenSSL.SSL.Context.set_session_id``, ``OpenSSL.SSL.Connection.renegotiate``, ``OpenSSL.SSL.Connection.renegotiate_pending``, and ``OpenSSL.SSL.Context.load_client_ca``. |
Hynek Schlawack | b1f3ca8 | 2016-02-13 09:10:04 +0100 | [diff] [blame] | 132 | They were lacking an implementation since 0.14. |
Hynek Schlawack | b875d51 | 2016-03-16 13:56:33 +0100 | [diff] [blame] | 133 | `#422 <https://github.com/pyca/pyopenssl/pull/422>`_ |
Paul Kehrer | 8fc6ec0 | 2016-03-02 13:20:58 -0600 | [diff] [blame] | 134 | - Fixed segmentation fault when using keys larger than 4096-bit to sign data. |
Hynek Schlawack | 65e4def | 2016-03-13 15:07:52 +0100 | [diff] [blame] | 135 | `#428 <https://github.com/pyca/pyopenssl/pull/428>`_ |
| 136 | - Fixed ``AttributeError`` when ``OpenSSL.SSL.Connection.get_app_data()`` was called before setting any app data. |
| 137 | `#304 <https://github.com/pyca/pyopenssl/pull/304>`_ |
| 138 | - Added ``OpenSSL.crypto.dump_publickey()`` to dump ``OpenSSL.crypto.PKey`` objects that represent public keys, and ``OpenSSL.crypto.load_publickey()`` to load such objects from serialized representations. |
| 139 | `#382 <https://github.com/pyca/pyopenssl/pull/382>`_ |
| 140 | - Added ``OpenSSL.crypto.dump_crl()`` to dump a certificate revocation list out to a string buffer. |
| 141 | `#368 <https://github.com/pyca/pyopenssl/pull/368>`_ |
Hynek Schlawack | ea94f2b | 2016-03-13 16:17:53 +0100 | [diff] [blame] | 142 | - Added ``OpenSSL.SSL.Connection.get_state_string()`` using the OpenSSL binding ``state_string_long``. |
Hynek Schlawack | 65e4def | 2016-03-13 15:07:52 +0100 | [diff] [blame] | 143 | `#358 <https://github.com/pyca/pyopenssl/pull/358>`_ |
| 144 | - Added support for the ``socket.MSG_PEEK`` flag to ``OpenSSL.SSL.Connection.recv()`` and ``OpenSSL.SSL.Connection.recv_into()``. |
| 145 | `#294 <https://github.com/pyca/pyopenssl/pull/294>`_ |
| 146 | - Added ``OpenSSL.SSL.Connection.get_protocol_version()`` and ``OpenSSL.SSL.Connection.get_protocol_version_name()``. |
| 147 | `#244 <https://github.com/pyca/pyopenssl/pull/244>`_ |
| 148 | - Switched to ``utf8string`` mask by default. |
| 149 | OpenSSL formerly defaulted to a ``T61String`` if there were UTF-8 characters present. |
| 150 | This was changed to default to ``UTF8String`` in the config around 2005, but the actual code didn't change it until late last year. |
Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 151 | This will default us to the setting that actually works. |
| 152 | To revert this you can call ``OpenSSL.crypto._lib.ASN1_STRING_set_default_mask_asc(b"default")``. |
Hynek Schlawack | 65e4def | 2016-03-13 15:07:52 +0100 | [diff] [blame] | 153 | `#234 <https://github.com/pyca/pyopenssl/pull/234>`_ |
Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 154 | |
| 155 | |
Hynek Schlawack | 65e4def | 2016-03-13 15:07:52 +0100 | [diff] [blame] | 156 | ---- |
| 157 | |
Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 158 | |
| 159 | Older Changelog Entries |
| 160 | ----------------------- |
| 161 | |
Hynek Schlawack | 0cc6154 | 2016-01-19 14:09:32 +0100 | [diff] [blame] | 162 | The changes from before release 16.0.0 are preserved in the `repository <https://github.com/pyca/pyopenssl/blob/master/doc/ChangeLog_old.txt>`_. |