Switch to a nicer changelog format
diff --git a/doc/ChangeLog_old.txt b/doc/ChangeLog_old.txt
new file mode 100644
index 0000000..88174d5
--- /dev/null
+++ b/doc/ChangeLog_old.txt
@@ -0,0 +1,833 @@
+This file only contains the changes up to release 0.15.1. Newer changes can be
+found at <https://pyopenssl.readthedocs.org/en/latest/changelog.html>.
+
+***
+
+2015-04-14 Hynek Schlawack <hs@ox.cx>
+
+ * Release 0.15.1
+
+2015-04-14 Glyph Lefkowitz <glyph@twistedmatrix.com>
+
+ * OpenSSL/SSL.py, OpenSSL/test/test_ssl.py: Fix a regression
+ present in 0.15, where when an error occurs and no errno() is set,
+ a KeyError is raised. This happens, for example, if
+ Connection.shutdown() is called when the underlying transport has
+ gone away.
+
+2015-04-14 Hynek Schlawack <hs@ox.cx>
+
+ * Release 0.15
+
+2015-04-12 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * OpenSSL/rand.py, OpenSSL/SSL.py: APIs which previously accepted
+ filenames only as bytes now accept them as either bytes or
+ unicode (and respect sys.getfilesystemencoding()).
+
+2015-03-23 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * OpenSSL/SSL.py: Add Cory Benfield's next-protocol-negotiation
+ (NPN) bindings.
+
+2015-03-15 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * OpenSSL/SSL.py: Add ``Connection.recv_into``, mirroring the
+ builtin ``socket.recv_into``. Based on work from Cory Benfield.
+ * OpenSSL/test/test_ssl.py: Add tests for ``recv_into``.
+
+2015-01-30 Stephen Holsapple <sholsapp@gmail.com>
+
+ * OpenSSL/crypto.py: Expose ``X509StoreContext`` for verifying certificates.
+ * OpenSSL/test/test_crypto.py: Add intermediate certificates for
+
+2015-01-08 Paul Aurich <paul@darkrain42.org>
+
+ * OpenSSL/SSL.py: ``Connection.shutdown`` now propagates errors from the
+ underlying socket.
+
+2014-12-11 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * OpenSSL/SSL.py: Fixed a regression ``Context.check_privatekey``
+ causing it to always succeed - even if it should fail.
+
+2014-08-21 Alex Gaynor <alex.gaynor@gmail.com>
+
+ * OpenSSL/crypto.py: Fixed a regression where calling ``load_pkcs7_data``
+ with ``FILETYPE_ASN1`` would fail with a ``NameError``.
+
+2014-05-05 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * OpenSSL/SSL.py: Fix a regression in which the first argument of
+ the "verify" callback was incorrectly passed a ``Context`` instance
+ instead of the ``Connection`` instance.
+ * OpenSSL/test/test_ssl.py: Add a test for the value passed as the
+ first argument of the "verify" callback.
+
+2014-04-19 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * OpenSSL/crypto.py: Based on work from Alex Gaynor, Andrew
+ Lutomirski, Tobias Oberstein, Laurens Van Houtven, and Hynek
+ Schlawack, add ``get_elliptic_curve`` and ``get_elliptic_curves``
+ to support TLS ECDHE modes.
+ * OpenSSL/SSL.py: Add ``Context.set_tmp_ecdh`` to configure a TLS
+ context with a particular elliptic curve for ECDHE modes.
+
+2014-04-19 Markus Unterwaditzer <markus@unterwaditzer.net>
+
+ * OpenSSL/SSL.py: ``Connection.send`` and ``Connection.sendall``
+ now also accept the ``buffer`` type as data.
+
+2014-04-05 Stephen Holsapple <sholsapp@gmail.com>
+
+ * OpenSSL/crypto.py: Make ``load_pkcs12`` backwards compatible with
+ pyOpenSSL 0.13 by making passphrase optional.
+
+2014-03-30 Fedor Brunner <fedor.brunner@azet.sk>
+
+ * OpenSSL/SSL.py: Add ``get_finished``, ``get_peer_finished``
+ methods to ``Connection``. If you use these methods to
+ implement TLS channel binding (RFC 5929) disable session
+ resumption because triple handshake attacks against TLS.
+ <https://www.ietf.org/mail-archive/web/tls/current/msg11337.html>
+ <https://secure-resumption.com/tlsauth.pdf>
+
+2014-03-29 Fedor Brunner <fedor.brunner@azet.sk>
+
+ * OpenSSL/SSL.py: Add ``get_cipher_name``, ``get_cipher_bits``,
+ and ``get_cipher_version`` to ``Connection``.
+
+2014-03-28 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * OpenSSL/tsafe.py: Replace the use of ``apply`` (which has been
+ removed in Python 3) with the equivalent syntax.
+
+2014-03-28 Jonathan Giannuzzi <jonathan@giannuzzi.be>
+
+ * OpenSSL/crypto.py: Fix memory leak in _X509_REVOKED_dup.
+ * leakcheck/crypto.py: Add checks for _X509_REVOKED_dup, CRL.add_revoked
+ and CRL.get_revoked.
+ * setup.py: Require cryptography 0.3 to have the ASN1_TIME_free binding.
+
+2014-03-02 Stephen Holsapple <sholsapp@gmail.com>
+
+ * OpenSSL/crypto.py: Add ``get_extensions`` method to ``X509Req``.
+
+2014-02-23 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * Release 0.14
+
+2014-01-09 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * OpenSSL: Port to the cffi-based OpenSSL bindings provided by
+ <https://github.com/pyca/cryptography>
+
+2013-10-06 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * OpenSSL/ssl/context.c: Add support for negotiating TLS v1.1 or
+ v1.2.
+
+2013-10-03 Christian Heimes <christian@python.org>
+
+ * OpenSSL/crypto/x509.c: Fix an inconsistency in memory management
+ in X509.get_serial_number which leads to crashes on some runtimes
+ (certain Windows/Python 3.3 environments, at least).
+
+2013-08-11 Christian Heimes <christian@python.org>
+
+ * OpenSSL/crypto/x509ext.c: Fix handling of NULL bytes inside
+ subjectAltName general names when formatting an X509 extension
+ as a string.
+ * OpenSSL/crypto/x509.c: Fix memory leak in get_extension().
+
+2012-04-03 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * OpenSSL/crypto/pkey.c: Release the GIL around RSA and DSA key
+ generation, based on code from INADA Naoki.
+
+2012-02-13 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * OpenSSL/ssl/ssl.c: Add session cache related constants for use
+ with the new Context.set_session_cache_mode method.
+
+ * OpenSSL/ssl/context.c: Add new Context methods
+ set_session_cache_mode and get_session_cache_mode.
+
+2011-11-01 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * OpenSSL/crypto/pkey.c: Raise TypeError when trying to check a
+ PKey instance which has no private component, instead of crashing.
+ Based on fix by <lp:~dataway>.
+
+2011-09-14 Žiga Seilnacht <lp:ziga-seilnacht>
+
+ * OpenSSL/crypto/crypto.c: Allow exceptions from passphrase
+ callbacks to propagate up out of load_privatekey
+ * OpenSSL/crypto/crypto.c: Raise an exception when a too-long
+ passphrase is returned from a passphrase callback, instead of
+ silently truncating it.
+ * OpenSSL/crypto/crypto.c: Fix a memory leak when a passphrase
+ callback returns the wrong type.
+
+2011-09-13 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * OpenSSL/crypto/crl.c: Add error handling for the use of
+ X509_CRL_sign.
+
+2011-09-11 Jonathan Ballet <lp:multani>
+
+ * doc/: Convert the LaTeX documentation to Sphinx-using ReST.
+ * OpenSSL/: Convert the epytext API documentation to Sphinx-using ReST.
+
+2011-09-08 Guillermo Gonzalez <guillermo.gonzalez@canonical.com>
+
+ * OpenSSL/ssl/context.c: Add Context.set_mode method.
+ * OpenSSL/ssl/ssl.c: Add MODE_RELEASE_BUFFERS and OP_NO_COMPRESSION
+ constants.
+
+2011-09-02 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * Release 0.13
+
+2011-06-12 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * OpenSSL/crypto/pkey.c: Add the PKey.check method, mostly
+ implemented by Rick Dean, to verify the internal consistency of a
+ PKey instance.
+
+2011-06-12 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * OpenSSL/crypto/crypto.c: Fix the sign and verify functions so
+ they handle data with embedded NULs. Fix by David Brodsky
+ <lp:~lihalla>.
+
+2011-05-20 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * OpenSSL/ssl/connection.c, OpenSSL/test/test_ssl.py: Add a new
+ method to the Connection type, get_peer_cert_chain, for retrieving
+ the peer's certificate chain.
+
+2011-05-19 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * OpenSSL/crypto/x509.c, OpenSSL/test/test_crypto.py: Add a new
+ method to the X509 type, get_signature_algorithm, for inspecting
+ the signature algorithm field of the certificate. Based on a
+ patch from <lp:~okuda>.
+
+2011-05-10 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * OpenSSL/crypto/crypto.h: Work around a Windows/OpenSSL 1.0 issue
+ explicitly including a Windows header before any OpenSSL headers.
+
+ * OpenSSL/crypto/pkcs12.c: Work around an OpenSSL 1.0 issue by
+ explicitly flushing errors known to be uninteresting after calling
+ PKCS12_parse.
+
+ * OpenSSL/ssl/context.c: Remove SSLv2 support if the underlying
+ OpenSSL library does not provide it.
+
+ * OpenSSL/test/test_crypto.py: Support an OpenSSL 1.0 change from
+ MD5 to SHA1 by allowing either hash algorithm's result as the
+ return value of X509.subject_name_hash.
+
+ * OpenSSL/test/test_ssl.py: Support an OpenSSL 1.0 change from MD5
+ to SHA1 by constructing certificate files named using both hash
+ algorithms' results when testing Context.load_verify_locations.
+
+ * Support OpenSSL 1.0.0a.
+
+2011-04-15 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * OpenSSL/ssl/ssl.c: Add OPENSSL_VERSION_NUMBER, SSLeay_version
+ and related constants for retrieving version information about the
+ underlying OpenSSL library.
+
+2011-04-07 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * Release 0.12
+
+2011-04-06 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * OpenSSL/crypto/x509.c: Add get_extension_count and get_extension
+ to the X509 type, allowing read access to certificate extensions.
+
+ * OpenSSL/crypto/x509ext.c: Add get_short_name and get_data to the
+ X509Extension type, allowing read access to the contents of an
+ extension.
+
+2011-03-21 Olivier Hervieu <lp:~ohe>
+
+ * OpenSSL/ssl/ssl.c: Expose a number of symbolic constants for
+ values passed to the connection "info" callback.
+
+2011-01-22 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * OpenSSL/ssl/connection.py: Add support for new-style
+ buffers (primarily memoryviews) to Connection.send and
+ Connection.sendall.
+
+2010-11-01 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * Release 0.11
+
+2010-10-07 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * Initial support for Python 3.x throughout the codebase.
+
+2010-09-14 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * OpenSSL/crypto/netscape_spki.c: Fix an off-by-one mistake in the
+ error handling for NetscapeSPKI.verify. Add additional error
+ checking to NetscapeSPKI.sign to handle the case where there is no
+ private key.
+
+ * OpenSSL/crypto/x509.c: Fix an overflow bug in the subject_name_hash
+ method of the X509 type which would cause it to return negative
+ values on 32 bit systems.
+
+ * OpenSSL/crypto/x509req.c: Fix an off-by-one mistake in the error
+ handling for X509Req.verify.
+
+ * OpenSSL/ssl/context.c: Fix the error handling in the load_tmp_dh
+ method of the Context type which would cause it to always raise
+ MemoryError, regardless of the actual error (such as a bad file
+ name).
+
+ * OpenSSL/test/: Numerous unit tests added, both for above fixes
+ and for other previously untested code paths.
+
+2010-07-27 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * Re-arrange the repository so that the package can be built and
+ used in-place without requiring installation.
+
+2010-02-27 James Yonan <james@openvpn.net>
+
+ * src/crypto/crypto.c: Added crypto.sign and crypto.verify methods
+ that wrap EVP_Sign and EVP_Verify function families, using code
+ derived from Dave Cridland's PyOpenSSL branch.
+
+ * test/test_crypto.py: Added unit tests for crypto.sign and
+ crypto.verify.
+
+2010-01-27 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * src/ssl/connection.c, src/util.h: Apply patch from Sandro Tosi to
+ fix misspellings of "compatibility".
+
+2009-11-13 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * Release 0.10
+
+2009-11-07 Žiga Seilnacht, Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * src/ssl/connection.c, src/ssl/context.c: Add set_client_ca_list,
+ add_client_ca, and get_client_ca_list to Context for manipulating
+ the list of certificate authority names which are sent by servers
+ with the certificate request message.
+ * src/util.h: Add ssize-related defines if the version of Python
+ being used does not have them.
+ * setup.py: Significant changes to the way Windows builds are done,
+ particularly the way OpenSSL headers and libraries are found (with
+ the new --with-openssl argument to build_ext).
+
+2009-08-27 Rick Dean <rick@fdd.com>, Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * src/crypto/pkcs12.c: Add setters to the PKCS12 type for the
+ certificate, private key, ca certificate list, and friendly
+ name, and add a getter for the friendly name. Also add a method
+ for exporting a PKCS12 object as a string.
+ * test/test_crypto.py: Add lots of additional tests for the PKCS12
+ type.
+ * doc/pyOpenSSL.tex: Documentation for the new PKCS12 methods.
+
+2009-07-17 Rick Dean <rick@fdd.com>, Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * src/crypto/x509ext.c: Add subject and issuer parameters to
+ X509Extension, allowing creation of extensions which require that
+ information. Fixes LP#322813.
+
+2009-07-16 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * test/util.py: Changed the base TestCase's tearDown to assert that
+ no errors were left in the OpenSSL error queue by the test.
+ * src/crypto/crypto.c: Add a private helper in support of the
+ TestCase.tearDown change.
+ * src/crypto/x509name.c: Changed X509Name's getattr implementation
+ to clean up the error queue. Fixes LP#314814.
+ * test/util.c: Changed flush_error_queue to avoid a reference
+ counting bug caused by macro expansion.
+
+2009-07-16 Rick Dean <rick@fdd.com>
+
+ * src/rand.c: Added OpenSSL.rand.bytes to get random bytes directly.
+ * src/util.c: Added generic exceptions_from_error_queue to replace
+ the various other implementations of this function. Also updated
+ the rest of the codebase to use this version instead.
+
+2009-07-05 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * test/util.py, test/test_ssl.py, test/test_crypto.py: Fold the
+ Python 2.3 compatibility TestCase mixin into the TestCase defined
+ in util.py.
+
+2009-07-05 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * test/util.py, test/test_ssl.py, test/test_crypto.py: Stop trying
+ to use Twisted's TestCase even when it's available. Instead,
+ always use the stdlib TestCase with a few enhancements.
+
+2009-07-04 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * Changed most extension types so that they can be instantiated
+ using the type object rather than a factory function. The old
+ factory functions are now aliases for the type objects.
+ Fixes LP#312786.
+
+2009-05-27 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * Changed all docstrings in extension modules to be friendlier
+ towards Python programmers. Fixes LP#312787.
+
+2009-05-27 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * src/crypto/x509ext.c: Correctly deallocate the new Extension
+ instance when there is an error initializing it and it is not
+ going to be returned. Resolves LP#368043.
+
+2009-05-11 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * test/test_crypto.py: Use binary mode for the pipe to talk to the
+ external openssl binary. The data being transported over this
+ pipe is indeed binary, so previously it would often be truncated
+ or otherwise mangled.
+
+ * src/ssl/connection.h, src/ssl/connection.c, test/test_ssl.py:
+ Extend the Connection class with support for in-memory BIOs. This
+ allows SSL to be run without a real socket, useful for
+ implementing EAP-TLS or using SSL with Windows IO completion
+ ports, for example. Based heavily on contributions from Rick
+ Dean.
+
+2009-04-25 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * Release 0.9
+
+2009-04-01 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+ Samuele Pedroni <pedronis@openend.se>
+
+ * src/util.h: Delete the TLS key before trying to set a new value
+ for it in case the current thread identifier is a recycled one (if
+ it is recycled, the key won't be set because there is already a
+ value from the previous thread to have this identifier and to use
+ the pyOpenSSL API).
+
+2009-04-01 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * src/crypto/crypto.c: Add FILETYPE_TEXT for dumping keys and
+ certificates and certificate signature requests to a text format.
+
+2008-12-31 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * src/crypto/x509ext.c, test/test_crypto.py: Add the get_short_name
+ method to X509Extension based on patch from Alex Stapleton.
+
+2008-12-31 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * src/crypto/x509ext.c, test/test_crypto.py: Fix X509Extension so
+ that it is possible to instantiate extensions which use s2i or r2i
+ instead of v2i (an extremely obscure extension implementation
+ detail).
+
+2008-12-30 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * MANIFEST.in, src/crypto/crypto.c, src/crypto/x509.c,
+ src/crypto/x509name.c, src/rand/rand.c, src/ssl/context.c: Changes
+ which eliminate compiler warnings but should not change any
+ behavior.
+
+2008-12-28 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * test/test_ssl.py, src/ssl/ssl.c: Expose DTLS-related constants,
+ OP_NO_QUERY_MTU, OP_COOKIE_EXCHANGE, and OP_NO_TICKET.
+
+2008-12-28 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * src/ssl/context.c: Add a capath parameter to
+ Context.load_verify_locations to allow Python code to specify
+ either or both arguments to the underlying
+ SSL_CTX_load_verify_locations API.
+ * src/ssl/context.c: Add Context.set_default_verify_paths, a wrapper
+ around SSL_CTX_set_default_verify_paths.
+
+2008-12-28 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * test/test_crypto.py, src/crypto/x509req.c: Added get_version and
+ set_version_methods to X509ReqType based on patch from Wouter van
+ Bommel. Resolves LP#274418.
+
+2008-09-22 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * Release 0.8
+
+2008-10-19 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * tsafe.py: Revert the deprecation of the thread-safe Connection
+ wrapper. The Connection class should not segfault if used from
+ multiple threads now, but it generally cannot be relied on to
+ produce correct results if used without the thread-safe wrapper.
+ * doc/pyOpenSSL.tex: Correct the documentation for the set_passwd_cb
+ callback parameter so that it accurately describes the required
+ signature.
+
+2008-09-22 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * Release 0.8a1
+
+2008-09-21 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * src/ssl/ssl.h, src/ssl/ssl.c: Add a thread-local storage key
+ which will be used to store and retrieve PyThreadState pointers
+ whenever it is necessary to release or re-acquire the GIL.
+
+ * src/ssl/context.c: Change global_verify_callback so that it
+ unconditionally manipulates the Python threadstate, rather than
+ checking the tstate field which is now always NULL.
+
+2008-04-26 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * src/ssl/context.c: Change global_passphrase_callback and
+ global_info_callback so that they acquire the GIL before
+ invoking any CPython APIs and do not release it until after they
+ are finished invoking all of them (based heavily on on patch
+ from Dan Williams).
+ * src/ssl/crypto.c: Initialize OpenSSL thread support so that it
+ is valid to use OpenSSL APIs from more than one thread (based on
+ patch from Dan Williams).
+ * test/test_crypto.py: Add tests for load_privatekey and
+ dump_privatekey when a passphrase or a passphrase callback is
+ supplied.
+ * test/test_ssl.py: Add tests for Context.set_passwd_cb and
+ Context.set_info_callback.
+
+2008-04-11 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * Release 0.7
+
+2008-03-26 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * src/crypto/x509name.c: Add X509Name.get_components
+
+2008-03-25 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * src/crypto/x509name.c: Add hash and der methods to X509Name.
+ * src/crypto/x509.c: Fix a bug in X509.get_notBefore and
+ X509.get_notAfter preventing UTCTIME format timestamps from
+ working.
+
+2008-03-12 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * Fix coding problems in examples/. Remove keys and certificates
+ and add a note about how to generate new ones.
+
+2008-03-09 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * src/crypto/x509.c: Add getters and setters for the notBefore and
+ notAfter attributes of X509s.
+ * src/crypto/pkey.h, src/crypto/pkey.c, src/crypto/x509req.c,
+ src/crypto/x509.c: Track the initialized and public/private state
+ of EVP_PKEY structures underlying the crypto_PKeyObj type and
+ reject X509Req signature operations on keys not suitable for the
+ task.
+
+2008-03-06 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * src/crypto/x509name.c: Fix tp_compare so it only returns -1, 0, or
+ 1. This eliminates a RuntimeWarning emitted by Python.
+ * src/crypto/x509req.c: Fix reference counting for X509Name returned
+ by X509Req.get_subject. This removes a segfault when the subject
+ name outlives the request object.
+ * src/crypto/x509.c: Change get_serial_number and set_serial_number
+ to accept Python longs.
+ * doc/pyOpenSSL.tex: A number of minor corrections.
+
+2008-03-03 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * src/crypto/crypto.c: Expose X509_verify_cert_error_string. (patch
+ from Victor Stinner)
+
+2008-02-22 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * src/ssl/connection.c src/ssl/context.c src/ssl/ssl.c: Fix
+ compilation on Windows. (patch from Michael Schneider)
+
+2008-02-21 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * src/ssl/connection.c: Expose SSL_get_shutdown and
+ SSL_set_shutdown. (patch from James Knight)
+ * src/ssl/ssl.c: Expose SSL_SENT_SHUTDOWN and SSL_RECEIVED_SHUTDOWN.
+ (patch from James Knight)
+
+2008-02-19 Jean-Paul Calderone <exarkun@twistedmatrix.com>
+
+ * src/ssl/context.c: Expose SSL_CTX_add_extra_chain_cert.
+ * src/crypto/x509name.c: Fix memory leaks in __getattr__ and
+ __setattr_ implementations.
+ * src/crypto/x509.c: Fix memory leak in X509.get_pubkey().
+ * leakcheck/: An attempt at a systematic approach to leak
+ elimination.
+
+2004-08-13 Martin Sjögren <msjogren@gmail.com>
+
+ * Released version 0.6.
+
+2004-08-11 Martin Sjögren <msjogren@gmail.com>
+
+ * doc/pyOpenSSL.tex: Updates to the docs.
+
+2004-08-10 Martin Sjögren <msjogren@gmail.com>
+
+ * src/crypto/x509.c: Add X509.add_extensions based on a patch
+ from Han S. Lee.
+ * src/ssl/ssl.c: Add more SSL_OP_ constants. Patch from Mihai
+ Ibanescu.
+
+2004-08-09 Martin Sjögren <msjogren@gmail.com>
+
+ * setup.py src/crypto/: Add support for Netscape SPKI extensions
+ based on a patch from Tollef Fog Heen.
+ * src/crypto/crypto.c: Add support for python passphrase callbacks
+ based on a patch from Robert Olson.
+
+2004-08-03 Martin Sjögren <msjogren@gmail.com>
+
+ * src/ssl/context.c: Applied patch from Frederic Peters to add
+ Context.use_certificate_chain_file.
+ * src/crypto/x509.c: Applid patch from Tollef Fog Heen to add
+ X509.subject_name_hash and X509.digest.
+
+2004-08-02 Martin Sjögren <msjogren@gmail.com>
+
+ * src/crypto/crypto.c src/ssl/ssl.c: Applied patch from Bastian
+ Kleineidam to fix full names of exceptions.
+
+2004-07-19 Martin Sjögren <msjogren@gmail.com>
+
+ * doc/pyOpenSSL.tex: Fix the errors regarding X509Name's field names.
+
+2004-07-18 Martin Sjögren <msjogren@gmail.com>
+
+ * examples/certgen.py: Fixed wrong attributes in doc string, thanks
+ Remy. (SFbug#913315)
+ * __init__.py, setup.py, version.py: Add __version__, as suggested by
+ Ronald Oussoren in SFbug#888729.
+ * examples/proxy.py: Fix typos, thanks Mihai Ibanescu. (SFpatch#895820)
+
+2003-01-09 Martin Sjögren <martin@strakt.com>
+
+ * Use cyclic GC protocol in SSL.Connection, SSL.Context, crypto.PKCS12
+ and crypto.X509Name.
+
+2002-12-02 Martin Sjögren <martin@strakt.com>
+
+ * tsafe.py: Add some missing methods.
+
+2002-10-06 Martin Sjögren <martin@strakt.com>
+
+ * __init__.py: Import tsafe too!
+
+2002-10-05 Martin Sjögren <martin@strakt.com>
+
+ * src/crypto/x509name.c: Use unicode strings instead of ordinary
+ strings in getattr/setattr. Note that plain ascii strings should
+ still work.
+
+2002-09-17 Martin Sjögren <martin@strakt.com>
+
+ * Released version 0.5.1.
+
+2002-09-09 Martin Sjögren <martin@strakt.com>
+
+ * setup.cfg: Fixed build requirements for rpms.
+
+2002-09-07 Martin Sjögren <martin@strakt.com>
+
+ * src/ssl/connection.c: Fix sendall() method. It segfaulted because
+ it was too generous about giving away the GIL.
+ * Added SecureXMLRPCServer example, contributed by Michal Wallace.
+
+2002-09-06 Martin Sjögren <martin@strakt.com>
+
+ * setup.cfg: Updated the build requirements.
+ * src/ssl/connection.c: Fix includes for AIX.
+
+2002-09-04 Anders Hammarquist <iko@strakt.com>
+
+ * Added type checks in all the other places where we expect
+ specific types of objects passed.
+
+2002-09-04 Martin Sjögren <martin@strakt.com>
+
+ * src/crypto/crypto.c: Added an explicit type check in the dump_*
+ functions, so that they won't die when e.g. None is passed in.
+
+2002-08-25 Martin Sjögren <martin@strakt.com>
+
+ * doc/pyOpenSSL.tex: Docs for PKCS12.
+
+2002-08-24 Martin Sjögren <martin@strakt.com>
+
+ * src/crypto: Added basic PKCS12 support, thanks to Mark Welch
+ <mark@collab.net>
+
+2002-08-16 Martin Sjögren <martin@strakt.com>
+
+ * D'oh! Fixes for python 1.5 and python 2.1.
+
+2002-08-15 Martin Sjögren <martin@strakt.com>
+
+ * Version 0.5. Yay!
+
+2002-07-25 Martin Sjögren <martin@strakt.com>
+
+ * src/ssl/context.c: Added set_options method.
+ * src/ssl/ssl.c: Added constants for Context.set_options method.
+
+2002-07-23 Martin Sjögren <martin@strakt.com>
+
+ * Updated docs
+ * src/ssl/connection.c: Changed the get_cipher_list method to actually
+ return a list! WARNING: This change makes the API incompatible with
+ earlier versions!
+
+2002-07-15 Martin Sjögren <martin@strakt.com>
+
+ * src/ssl/connection.[ch]: Removed the fileno method, it uses the
+ transport object's fileno instead.
+
+2002-07-09 Martin Sjögren <martin@strakt.com>
+
+ * src/crypto/x509.c src/crypto/x509name.c: Fixed segfault bug where
+ you used an X509Name after its X509 had been destroyed.
+ * src/crypto/crypto.[ch] src/crypto/x509req.c src/crypto/x509ext.[ch]:
+ Added X509 Extension support. Thanks to maas-Maarten Zeeman
+ <maas@awanim.com>
+ * src/crypto/pkey.c: Added bits() and type() methods.
+
+2002-07-08 Martin Sjögren <martin@strakt.com>
+
+ * src/ssl/connection.c: Moved the contents of setup_ssl into the
+ constructor, thereby fixing some segfault bugs :)
+ * src/ssl/connection.c: Added connect_ex and sendall methods.
+ * src/crypto/x509name.c: Cleaned up comparisons and NID lookup.
+ Thank you Maas-Maarten Zeeman <maas@awanim.com>
+ * src/rand/rand.c: Fix RAND_screen import.
+ * src/crypto/crypto.c src/crypto/pkcs7.[ch]: Added PKCS7 management,
+ courtesy of Maas-Maarten Zeeman <maas@awanim.com>
+ * src/crypto/x509req.c: Added verify method.
+
+2002-06-17 Martin Sjögren <martin@strakt.com>
+
+ * rpm/, setup.cfg: Added improved RPM-building stuff, thanks to
+ Mihai Ibanescu <misa@redhat.com>
+
+2002-06-14 Martin Sjögren <martin@strakt.com>
+
+ * examples/proxy.py: Example code for using OpenSSL through a proxy
+ contributed by Mihai Ibanescu <misa@redhat.com>
+ * Updated installation instruction and added them to the TeX manual.
+
+2002-06-13 Martin Sjögren <martin@strakt.com>
+
+ * src/ssl/context.c: Changed global_verify_callback so that it uses
+ PyObject_IsTrue instead of requring ints.
+ * Added pymemcompat.h to make the memory management uniform and
+ backwards-compatible.
+ * src/util.h: Added conditional definition of PyModule_AddObject and
+ PyModule_AddIntConstant
+ * src/ssl/connection.c: Socket methods are no longer explicitly
+ wrapped. fileno() is the only method the transport layer object HAS
+ to support, but if you want to use connect, accept or sock_shutdown,
+ then the transport layer object has to supply connect, accept
+ and shutdown respectively.
+
+2002-06-12 Martin Sjögren <martin@strakt.com>
+
+ * Changed comments to docstrings that are visible in Python.
+ * src/ssl/connection.c: Added set_connect_state and set_accept_state
+ methods. Thanks to Mark Welch <mark@collab.net> for this.
+
+2002-06-11 Martin Sjögren <martin@strakt.com>
+
+ * src/ssl/connection.c: accept and connect now use SSL_set_accept_state
+ and SSL_set_connect_state respectively, instead of SSL_accept and
+ SSL_connect.
+ * src/ssl/connection.c: Added want_read and want_write methods.
+
+2002-06-05 Martin Sjögren <martin@strakt.com>
+
+ * src/ssl/connection.c: Added error messages for windows. The code is
+ copied from Python's socketmodule.c. Ick.
+ * src/ssl/connection.c: Changed the parameters to the SysCallError. It
+ always has a tuple (number, string) now, even though the number
+ might not always be useful.
+
+2002-04-05 Martin Sjögren <md9ms@mdstud.chalmers.se>
+
+ * Worked more on the Debian packaging, hopefully the packages
+ are getting into the main Debian archive soon.
+
+2002-01-10 Martin Sjögren <martin@strakt.com>
+
+ * Worked some more on the Debian packaging, it's turning out real
+ nice.
+ * Changed format on this file, I'm going to try to be a bit more
+ verbose about my changes, and this format makes it easier.
+
+2002-01-08 Martin Sjögren <martin@strakt.com>
+
+ * Version 0.4.1
+ * Added some example code
+ * Added the thread safe Connection object in the 'tsafe' submodule
+ * New Debian packaging
+
+2001-08-09 Martin Sjögren <martin@strakt.com>
+
+ * Version 0.4
+ * Added a compare function for X509Name structures.
+ * Moved the submodules to separate .so files, with tiny C APIs so they
+ can communicate
+ * Skeletal OpenSSL/__init__.py
+ * Removed the err submodule, use crypto.Error and SSL.Error instead
+
+2001-08-06 Martin Sjögren <martin@strakt.com>
+
+ * Version 0.3
+ * Added more types for dealing with certificates (X509Store, X509Req,
+ PKey)
+ * Functionality to load private keys, certificates and certificate
+ requests from memory buffers, and store them too
+ * X509 and X509Name objects can now be modified as well, very neat when
+ creating certificates ;)
+ * Added SSL_MODE_AUTO_RETRY to smooth things for blocking sockets
+ * Added a sock_shutdown() method to the Connection type
+ * I don't understand why, but I can't use Py_InitModule() to create
+ submodules in Python 2.0, the interpreter segfaults on the cleanup
+ process when I do. I added a conditional compile on the version
+ number, falling back to my own routine. It would of course be nice to
+ investigate what is happening, but I don't have the time to do so
+ * Do INCREF on the type objects before inserting them in the
+ dictionary, so they will never reach refcount 0 (they are, after all,
+ statically allocated)
+
+2001-07-30 Martin Sjögren <martin@strakt.com>
+
+ * Version 0.2
+ * Lots of tweaking and comments in the code
+ * Now uses distutils instead of the stupid Setup file
+ * Hacked doc/tools/mkhowto, html generation should now work
+
+2001-07-16 Martin Sjögren <martin@strakt.com>
+
+ * Initial release (0.1, don't expect much from this one :-)
+
diff --git a/doc/backward-compatibility.rst b/doc/backward-compatibility.rst
new file mode 100644
index 0000000..446339b
--- /dev/null
+++ b/doc/backward-compatibility.rst
@@ -0,0 +1,11 @@
+Backward Compatibility
+======================
+
+pyOpenSSL has a very strong backward compatibility policy.
+Generally speaking, you shouldn't ever be afraid of updating.
+
+If breaking changes are needed do be done, they are:
+
+#. …announced in the :doc:`changelog`.
+#. …the old behavior raises a :exc:`DeprecationWarning` for a year.
+#. …are done with another announcement in the :doc:`changelog`.
diff --git a/doc/changelog.rst b/doc/changelog.rst
new file mode 100644
index 0000000..565b052
--- /dev/null
+++ b/doc/changelog.rst
@@ -0,0 +1 @@
+.. include:: ../CHANGELOG.rst
diff --git a/doc/index.rst b/doc/index.rst
index 4c15fc8..56d84ea 100644
--- a/doc/index.rst
+++ b/doc/index.rst
@@ -2,6 +2,7 @@
Welcome to pyOpenSSL's documentation!
=====================================
+Release v\ |release| (:doc:`What's new? <changelog>`).
pyOpenSSL is a rather thin wrapper around (a subset of) the OpenSSL library.
With thin wrapper we mean that a lot of the object methods do nothing more than
@@ -20,6 +21,16 @@
internals
+Meta
+----
+
+.. toctree::
+ :maxdepth: 1
+
+ backward-compatibility
+ changelog
+
+
Indices and tables
==================