Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / pyopenssl / 2a522859d9bad74c91d7a0e5b5ccd18211dafeb5 / . / CHANGELOG.rst
blob: 8afa44819494fc0f3c96609c9c1958b90320f14f [file] [log] [blame]
Hynek Schlawack682443f2015-10-25 16:15:12 +0100[diff] [blame]1Changelog
2=========
3
Hynek Schlawack65e4def2016-03-13 15:07:52 +0100[diff] [blame]4Versions are year-based with a strict backward-compatibility policy.
Hynek Schlawack682443f2015-10-25 16:15:12 +0100[diff] [blame]5The third digit is only for regressions.
6
Paul Kehrer8e99fef2016-08-26 19:36:46 +0800[diff] [blame]716.2.0 (UNRELEASED)
8-------------------
9
10Backward-incompatible changes:
11^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
12
13*none*
14
15
16Deprecations:
17^^^^^^^^^^^^^
18
19*none*
20
21
22Changes:
23^^^^^^^^
24
25*none*
26
27
28----
29
Hynek Schlawack682443f2015-10-25 16:15:12 +0100[diff] [blame]30
Paul Kehrerd0513ab2016-08-26 16:33:23 +0800[diff] [blame]3116.1.0 (2016-08-26)
Hynek Schlawack156f1742016-03-19 12:37:12 +0100[diff] [blame]32-------------------
33
34Backward-incompatible changes:
35^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
36
37*none*
38
39
40Deprecations:
41^^^^^^^^^^^^^
42
Alex Gaynor2a522852016-08-31 12:17:55 -0400[diff] [blame^]43- Dropped support for OpenSSL 0.9.8.
Hynek Schlawack156f1742016-03-19 12:37:12 +0100[diff] [blame]44
45
46Changes:
47^^^^^^^^
48
Hynek Schlawack11e43ad2016-07-03 14:40:20 +0200[diff] [blame]49- Fix memory leak in ``OpenSSL.crypto.dump_privatekey()`` with ``FILETYPE_TEXT``.
50 `#496 <https://github.com/pyca/pyopenssl/pull/496>`_
Dan Sully44e767a2016-06-04 18:05:27 -0700[diff] [blame]51- Enable use of CRL (and more) in verify context.
52 `#483 <https://github.com/pyca/pyopenssl/pull/483>`_
Paul Kehrer72d968b2016-07-29 15:31:04 +0800[diff] [blame]53- ``OpenSSL.crypto.PKey`` can now be constructed from ``cryptography`` objects and also exported as such.
54 `#439 <https://github.com/pyca/pyopenssl/pull/439>`_
Paul Kehrerd0513ab2016-08-26 16:33:23 +0800[diff] [blame]55- Support newer versions of ``cryptography`` which use opaque structs for OpenSSL 1.1.0 compatibility.
Hynek Schlawack156f1742016-03-19 12:37:12 +0100[diff] [blame]56
57
58----
59
60
Hynek Schlawackb62041b2016-03-19 10:00:09 +0100[diff] [blame]6116.0.0 (2016-03-19)
Hynek Schlawack682443f2015-10-25 16:15:12 +0100[diff] [blame]62-------------------
63
64This is the first release under full stewardship of PyCA.
65We have made *many* changes to make local development more pleasing.
66The test suite now passes both on Linux and OS X with OpenSSL 0.9.8, 1.0.1, and 1.0.2.
Hynek Schlawackc3b8fba2016-04-28 07:59:38 +0200[diff] [blame]67It has been moved to `py.test <https://pytest.org/>`_, all CI test runs are part of `tox <https://testrun.org/tox/>`_ and the source code has been made fully `flake8 <https://flake8.readthedocs.io/>`_ compliant.
Hynek Schlawack682443f2015-10-25 16:15:12 +0100[diff] [blame]68
Cory Benfield0820ac22015-10-28 17:39:28 +0900[diff] [blame]69We hope to have lowered the barrier for contributions significantly but are open to hear about any remaining frustrations.
Hynek Schlawack682443f2015-10-25 16:15:12 +0100[diff] [blame]70
71
72Backward-incompatible changes:
73^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
74
75- Python 3.2 support has been dropped.
76 It never had significant real world usage and has been dropped by our main dependency ``cryptography``.
77 Affected users should upgrade to Python 3.3 or later.
78
79
80Deprecations:
81^^^^^^^^^^^^^
82
83- The support for EGD has been removed.
Hynek Schlawack65e4def2016-03-13 15:07:52 +0100[diff] [blame]84 The only affected function ``OpenSSL.rand.egd()`` now uses ``os.urandom()`` to seed the internal PRNG instead.
Hynek Schlawack682443f2015-10-25 16:15:12 +0100[diff] [blame]85 Please see `pyca/cryptography#1636 <https://github.com/pyca/cryptography/pull/1636>`_ for more background information on this decision.
Hynek Schlawack65e4def2016-03-13 15:07:52 +0100[diff] [blame]86 In accordance with our backward compatibility policy ``OpenSSL.rand.egd()`` will be *removed* no sooner than a year from the release of 16.0.0.
Hynek Schlawack682443f2015-10-25 16:15:12 +0100[diff] [blame]87
88 Please note that you should `use urandom <http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/>`_ for all your secure random number needs.
Hynek Schlawack046d3f42016-03-13 08:33:04 +0100[diff] [blame]89- Python 2.6 support has been deprecated.
90 Our main dependency ``cryptography`` deprecated 2.6 in version 0.9 (2015-05-14) with no time table for actually dropping it.
91 pyOpenSSL will drop Python 2.6 support once ``cryptography`` does.
Hynek Schlawack682443f2015-10-25 16:15:12 +0100[diff] [blame]92
93
94Changes:
95^^^^^^^^
96
Hynek Schlawackb875d512016-03-16 13:56:33 +0100[diff] [blame]97- Fixed ``OpenSSL.SSL.Context.set_session_id``, ``OpenSSL.SSL.Connection.renegotiate``, ``OpenSSL.SSL.Connection.renegotiate_pending``, and ``OpenSSL.SSL.Context.load_client_ca``.
Hynek Schlawackb1f3ca82016-02-13 09:10:04 +0100[diff] [blame]98 They were lacking an implementation since 0.14.
Hynek Schlawackb875d512016-03-16 13:56:33 +0100[diff] [blame]99 `#422 <https://github.com/pyca/pyopenssl/pull/422>`_
Paul Kehrer8fc6ec02016-03-02 13:20:58 -0600[diff] [blame]100- Fixed segmentation fault when using keys larger than 4096-bit to sign data.
Hynek Schlawack65e4def2016-03-13 15:07:52 +0100[diff] [blame]101 `#428 <https://github.com/pyca/pyopenssl/pull/428>`_
102- Fixed ``AttributeError`` when ``OpenSSL.SSL.Connection.get_app_data()`` was called before setting any app data.
103 `#304 <https://github.com/pyca/pyopenssl/pull/304>`_
104- Added ``OpenSSL.crypto.dump_publickey()`` to dump ``OpenSSL.crypto.PKey`` objects that represent public keys, and ``OpenSSL.crypto.load_publickey()`` to load such objects from serialized representations.
105 `#382 <https://github.com/pyca/pyopenssl/pull/382>`_
106- Added ``OpenSSL.crypto.dump_crl()`` to dump a certificate revocation list out to a string buffer.
107 `#368 <https://github.com/pyca/pyopenssl/pull/368>`_
Hynek Schlawackea94f2b2016-03-13 16:17:53 +0100[diff] [blame]108- Added ``OpenSSL.SSL.Connection.get_state_string()`` using the OpenSSL binding ``state_string_long``.
Hynek Schlawack65e4def2016-03-13 15:07:52 +0100[diff] [blame]109 `#358 <https://github.com/pyca/pyopenssl/pull/358>`_
110- Added support for the ``socket.MSG_PEEK`` flag to ``OpenSSL.SSL.Connection.recv()`` and ``OpenSSL.SSL.Connection.recv_into()``.
111 `#294 <https://github.com/pyca/pyopenssl/pull/294>`_
112- Added ``OpenSSL.SSL.Connection.get_protocol_version()`` and ``OpenSSL.SSL.Connection.get_protocol_version_name()``.
113 `#244 <https://github.com/pyca/pyopenssl/pull/244>`_
114- Switched to ``utf8string`` mask by default.
115 OpenSSL formerly defaulted to a ``T61String`` if there were UTF-8 characters present.
116 This was changed to default to ``UTF8String`` in the config around 2005, but the actual code didn't change it until late last year.
Hynek Schlawack682443f2015-10-25 16:15:12 +0100[diff] [blame]117 This will default us to the setting that actually works.
118 To revert this you can call ``OpenSSL.crypto._lib.ASN1_STRING_set_default_mask_asc(b"default")``.
Hynek Schlawack65e4def2016-03-13 15:07:52 +0100[diff] [blame]119 `#234 <https://github.com/pyca/pyopenssl/pull/234>`_
Hynek Schlawack682443f2015-10-25 16:15:12 +0100[diff] [blame]120
121
Hynek Schlawack65e4def2016-03-13 15:07:52 +0100[diff] [blame]122----
123
Hynek Schlawack682443f2015-10-25 16:15:12 +0100[diff] [blame]124
125Older Changelog Entries
126-----------------------
127
Hynek Schlawack0cc61542016-01-19 14:09:32 +0100[diff] [blame]128The changes from before release 16.0.0 are preserved in the `repository <https://github.com/pyca/pyopenssl/blob/master/doc/ChangeLog_old.txt>`_.