| Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 1 | Changelog |
| 2 | ========= |
| 3 | |
| Hynek Schlawack | 65e4def | 2016-03-13 15:07:52 +0100 | [diff] [blame] | 4 | Versions are year-based with a strict backward-compatibility policy. |
| Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 5 | The third digit is only for regressions. |
| 6 | |
| 7 | |
| Hynek Schlawack | 156f174 | 2016-03-19 12:37:12 +0100 | [diff] [blame] | 8 | 16.1.0 (UNRELEASED) |
| 9 | ------------------- |
| 10 | |
| 11 | Backward-incompatible changes: |
| 12 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 13 | |
| 14 | *none* |
| 15 | |
| 16 | |
| 17 | Deprecations: |
| 18 | ^^^^^^^^^^^^^ |
| 19 | |
| 20 | *none* |
| 21 | |
| 22 | |
| 23 | Changes: |
| 24 | ^^^^^^^^ |
| 25 | |
| Hynek Schlawack | 11e43ad | 2016-07-03 14:40:20 +0200 | [diff] [blame^] | 26 | - Fix memory leak in ``OpenSSL.crypto.dump_privatekey()`` with ``FILETYPE_TEXT``. |
| 27 | `#496 <https://github.com/pyca/pyopenssl/pull/496>`_ |
| Dan Sully | 44e767a | 2016-06-04 18:05:27 -0700 | [diff] [blame] | 28 | - Enable use of CRL (and more) in verify context. |
| 29 | `#483 <https://github.com/pyca/pyopenssl/pull/483>`_ |
| Hynek Schlawack | 156f174 | 2016-03-19 12:37:12 +0100 | [diff] [blame] | 30 | |
| 31 | |
| 32 | ---- |
| 33 | |
| 34 | |
| Hynek Schlawack | b62041b | 2016-03-19 10:00:09 +0100 | [diff] [blame] | 35 | 16.0.0 (2016-03-19) |
| Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 36 | ------------------- |
| 37 | |
| 38 | This is the first release under full stewardship of PyCA. |
| 39 | We have made *many* changes to make local development more pleasing. |
| 40 | The test suite now passes both on Linux and OS X with OpenSSL 0.9.8, 1.0.1, and 1.0.2. |
| Hynek Schlawack | c3b8fba | 2016-04-28 07:59:38 +0200 | [diff] [blame] | 41 | It has been moved to `py.test <https://pytest.org/>`_, all CI test runs are part of `tox <https://testrun.org/tox/>`_ and the source code has been made fully `flake8 <https://flake8.readthedocs.io/>`_ compliant. |
| Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 42 | |
| Cory Benfield | 0820ac2 | 2015-10-28 17:39:28 +0900 | [diff] [blame] | 43 | We hope to have lowered the barrier for contributions significantly but are open to hear about any remaining frustrations. |
| Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 44 | |
| 45 | |
| 46 | Backward-incompatible changes: |
| 47 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 48 | |
| 49 | - Python 3.2 support has been dropped. |
| 50 | It never had significant real world usage and has been dropped by our main dependency ``cryptography``. |
| 51 | Affected users should upgrade to Python 3.3 or later. |
| 52 | |
| 53 | |
| 54 | Deprecations: |
| 55 | ^^^^^^^^^^^^^ |
| 56 | |
| 57 | - The support for EGD has been removed. |
| Hynek Schlawack | 65e4def | 2016-03-13 15:07:52 +0100 | [diff] [blame] | 58 | The only affected function ``OpenSSL.rand.egd()`` now uses ``os.urandom()`` to seed the internal PRNG instead. |
| Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 59 | Please see `pyca/cryptography#1636 <https://github.com/pyca/cryptography/pull/1636>`_ for more background information on this decision. |
| Hynek Schlawack | 65e4def | 2016-03-13 15:07:52 +0100 | [diff] [blame] | 60 | In accordance with our backward compatibility policy ``OpenSSL.rand.egd()`` will be *removed* no sooner than a year from the release of 16.0.0. |
| Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 61 | |
| 62 | Please note that you should `use urandom <http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/>`_ for all your secure random number needs. |
| Hynek Schlawack | 046d3f4 | 2016-03-13 08:33:04 +0100 | [diff] [blame] | 63 | - Python 2.6 support has been deprecated. |
| 64 | Our main dependency ``cryptography`` deprecated 2.6 in version 0.9 (2015-05-14) with no time table for actually dropping it. |
| 65 | pyOpenSSL will drop Python 2.6 support once ``cryptography`` does. |
| Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 66 | |
| 67 | |
| 68 | Changes: |
| 69 | ^^^^^^^^ |
| 70 | |
| Hynek Schlawack | b875d51 | 2016-03-16 13:56:33 +0100 | [diff] [blame] | 71 | - Fixed ``OpenSSL.SSL.Context.set_session_id``, ``OpenSSL.SSL.Connection.renegotiate``, ``OpenSSL.SSL.Connection.renegotiate_pending``, and ``OpenSSL.SSL.Context.load_client_ca``. |
| Hynek Schlawack | b1f3ca8 | 2016-02-13 09:10:04 +0100 | [diff] [blame] | 72 | They were lacking an implementation since 0.14. |
| Hynek Schlawack | b875d51 | 2016-03-16 13:56:33 +0100 | [diff] [blame] | 73 | `#422 <https://github.com/pyca/pyopenssl/pull/422>`_ |
| Paul Kehrer | 8fc6ec0 | 2016-03-02 13:20:58 -0600 | [diff] [blame] | 74 | - Fixed segmentation fault when using keys larger than 4096-bit to sign data. |
| Hynek Schlawack | 65e4def | 2016-03-13 15:07:52 +0100 | [diff] [blame] | 75 | `#428 <https://github.com/pyca/pyopenssl/pull/428>`_ |
| 76 | - Fixed ``AttributeError`` when ``OpenSSL.SSL.Connection.get_app_data()`` was called before setting any app data. |
| 77 | `#304 <https://github.com/pyca/pyopenssl/pull/304>`_ |
| 78 | - Added ``OpenSSL.crypto.dump_publickey()`` to dump ``OpenSSL.crypto.PKey`` objects that represent public keys, and ``OpenSSL.crypto.load_publickey()`` to load such objects from serialized representations. |
| 79 | `#382 <https://github.com/pyca/pyopenssl/pull/382>`_ |
| 80 | - Added ``OpenSSL.crypto.dump_crl()`` to dump a certificate revocation list out to a string buffer. |
| 81 | `#368 <https://github.com/pyca/pyopenssl/pull/368>`_ |
| Hynek Schlawack | ea94f2b | 2016-03-13 16:17:53 +0100 | [diff] [blame] | 82 | - Added ``OpenSSL.SSL.Connection.get_state_string()`` using the OpenSSL binding ``state_string_long``. |
| Hynek Schlawack | 65e4def | 2016-03-13 15:07:52 +0100 | [diff] [blame] | 83 | `#358 <https://github.com/pyca/pyopenssl/pull/358>`_ |
| 84 | - Added support for the ``socket.MSG_PEEK`` flag to ``OpenSSL.SSL.Connection.recv()`` and ``OpenSSL.SSL.Connection.recv_into()``. |
| 85 | `#294 <https://github.com/pyca/pyopenssl/pull/294>`_ |
| 86 | - Added ``OpenSSL.SSL.Connection.get_protocol_version()`` and ``OpenSSL.SSL.Connection.get_protocol_version_name()``. |
| 87 | `#244 <https://github.com/pyca/pyopenssl/pull/244>`_ |
| 88 | - Switched to ``utf8string`` mask by default. |
| 89 | OpenSSL formerly defaulted to a ``T61String`` if there were UTF-8 characters present. |
| 90 | This was changed to default to ``UTF8String`` in the config around 2005, but the actual code didn't change it until late last year. |
| Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 91 | This will default us to the setting that actually works. |
| 92 | To revert this you can call ``OpenSSL.crypto._lib.ASN1_STRING_set_default_mask_asc(b"default")``. |
| Hynek Schlawack | 65e4def | 2016-03-13 15:07:52 +0100 | [diff] [blame] | 93 | `#234 <https://github.com/pyca/pyopenssl/pull/234>`_ |
| Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 94 | |
| 95 | |
| Hynek Schlawack | 65e4def | 2016-03-13 15:07:52 +0100 | [diff] [blame] | 96 | ---- |
| 97 | |
| Hynek Schlawack | 682443f | 2015-10-25 16:15:12 +0100 | [diff] [blame] | 98 | |
| 99 | Older Changelog Entries |
| 100 | ----------------------- |
| 101 | |
| Hynek Schlawack | 0cc6154 | 2016-01-19 14:09:32 +0100 | [diff] [blame] | 102 | The changes from before release 16.0.0 are preserved in the `repository <https://github.com/pyca/pyopenssl/blob/master/doc/ChangeLog_old.txt>`_. |