Jean-Paul Calderone | 56b2fb8 | 2011-09-14 11:23:38 -0400 | [diff] [blame^] | 1 | 2011-09-14 Žiga Seilnacht <lp:ziga-seilnacht> |
| 2 | |
| 3 | * OpenSSL/crypto/crypto.c: Allow exceptions from passphrase |
| 4 | callbacks to propagate up out of load_privatekey |
| 5 | * OpenSSL/crypto/crypto.c: Raise an exception when a too-long |
| 6 | passphrase is returned from a passphrase callback, instead of |
| 7 | silently truncating it. |
| 8 | * OpenSSL/crypto/crypto.c: Fix a memory leak when a passphrase |
| 9 | callback returns the wrong type. |
| 10 | |
Jean-Paul Calderone | c7293bc | 2011-09-13 15:24:38 -0400 | [diff] [blame] | 11 | 2011-09-13 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 12 | |
| 13 | * OpenSSL/crypto/crl.c: Add error handling for the use of |
| 14 | X509_CRL_sign. |
| 15 | |
Jean-Paul Calderone | 54d99bc | 2011-09-11 15:49:43 -0400 | [diff] [blame] | 16 | 2011-09-11 Jonathan Ballet <lp:multani> |
| 17 | |
| 18 | * doc/: Convert the LaTeX documentation to Sphinx-using ReST. |
| 19 | * OpenSSL/: Convert the epytext API documentation to Sphinx-using ReST. |
| 20 | |
Jean-Paul Calderone | 8afc7fc | 2011-09-08 18:42:51 -0400 | [diff] [blame] | 21 | 2011-09-08 Guillermo Gonzalez <guillermo.gonzalez@canonical.com> |
Guillermo Gonzalez | 74a2c29 | 2011-08-29 16:16:58 -0300 | [diff] [blame] | 22 | |
| 23 | * OpenSSL/ssl/context.c: Add Context.set_mode method. |
| 24 | * OpenSSL/ssl/ssl.c: Add MODE_RELEASE_BUFFERS and OP_NO_COMPRESSION |
| 25 | constants. |
| 26 | |
Jean-Paul Calderone | bb960a6 | 2011-09-02 11:43:50 -0400 | [diff] [blame] | 27 | 2011-09-02 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
Jean-Paul Calderone | 9695e8a | 2011-08-14 18:10:06 -0400 | [diff] [blame] | 28 | |
| 29 | * Release 0.13 |
| 30 | |
Jean-Paul Calderone | eecb198 | 2011-06-12 17:34:44 -0400 | [diff] [blame] | 31 | 2011-06-12 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 32 | |
Jean-Paul Calderone | 042b66d | 2011-06-12 21:56:13 -0400 | [diff] [blame] | 33 | * OpenSSL/crypto/pkey.c: Add the PKey.check method, mostly |
| 34 | implemented by Rick Dean, to verify the internal consistency of a |
| 35 | PKey instance. |
| 36 | |
| 37 | 2011-06-12 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 38 | |
Jean-Paul Calderone | eecb198 | 2011-06-12 17:34:44 -0400 | [diff] [blame] | 39 | * OpenSSL/crypto/crypto.c: Fix the sign and verify functions so |
| 40 | they handle data with embedded NULs. Fix by David Brodsky |
| 41 | <lp:~lihalla>. |
| 42 | |
Jean-Paul Calderone | ee6532d | 2011-05-20 20:10:39 -0400 | [diff] [blame] | 43 | 2011-05-20 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 44 | |
| 45 | * OpenSSL/ssl/connection.c, OpenSSL/test/test_ssl.py: Add a new |
| 46 | method to the Connection type, get_peer_cert_chain, for retrieving |
| 47 | the peer's certificate chain. |
| 48 | |
Jean-Paul Calderone | 9c77167 | 2011-05-19 17:54:07 -0400 | [diff] [blame] | 49 | 2011-05-19 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 50 | |
| 51 | * OpenSSL/crypto/x509.c, OpenSSL/test/test_crypto.py: Add a new |
| 52 | method to the X509 type, get_signature_algorithm, for inspecting |
| 53 | the signature algorithm field of the certificate. Based on a |
| 54 | patch from <lp:~okuda>. |
| 55 | |
Jean-Paul Calderone | 9eff569 | 2011-05-10 20:24:34 -0400 | [diff] [blame] | 56 | 2011-05-10 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 57 | |
| 58 | * OpenSSL/crypto/crypto.h: Work around a Windows/OpenSSL 1.0 issue |
| 59 | explicitly including a Windows header before any OpenSSL headers. |
| 60 | |
| 61 | * OpenSSL/crypto/pkcs12.c: Work around an OpenSSL 1.0 issue by |
| 62 | explicitly flushing errors known to be uninteresting after calling |
| 63 | PKCS12_parse. |
| 64 | |
| 65 | * OpenSSL/ssl/context.c: Remove SSLv2 support if the underlying |
| 66 | OpenSSL library does not provide it. |
| 67 | |
| 68 | * OpenSSL/test/test_crypto.py: Support an OpenSSL 1.0 change from |
| 69 | MD5 to SHA1 by allowing either hash algorithm's result as the |
| 70 | return value of X509.subject_name_hash. |
| 71 | |
| 72 | * OpenSSL/test/test_ssl.py: Support an OpenSSL 1.0 change from MD5 |
| 73 | to SHA1 by constructing certificate files named using both hash |
| 74 | algorithms' results when testing Context.load_verify_locations. |
| 75 | |
| 76 | * Support OpenSSL 1.0.0a. |
| 77 | |
| 78 | 2011-04-15 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
Jean-Paul Calderone | 2309cd6 | 2011-04-15 12:17:53 -0400 | [diff] [blame] | 79 | |
| 80 | * OpenSSL/ssl/ssl.c: Add OPENSSL_VERSION_NUMBER, SSLeay_version |
| 81 | and related constants for retrieving version information about the |
| 82 | underlying OpenSSL library. |
| 83 | |
Jean-Paul Calderone | fc572cf | 2011-04-07 15:48:16 -0400 | [diff] [blame] | 84 | 2011-04-07 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 85 | |
| 86 | * Release 0.12 |
| 87 | |
Jean-Paul Calderone | c2d2bdb | 2011-04-06 22:19:52 -0400 | [diff] [blame] | 88 | 2011-04-06 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 89 | |
| 90 | * OpenSSL/crypto/x509.c: Add get_extension_count and get_extension |
| 91 | to the X509 type, allowing read access to certificate extensions. |
| 92 | |
| 93 | * OpenSSL/crypto/x509ext.c: Add get_short_name and get_data to the |
| 94 | X509Extension type, allowing read access to the contents of an |
| 95 | extension. |
| 96 | |
Jean-Paul Calderone | f65fe48 | 2011-03-21 19:16:40 -0400 | [diff] [blame] | 97 | 2011-03-21 Olivier Hervieu <lp:~ohe> |
| 98 | |
| 99 | * OpenSSL/ssl/ssl.c: Expose a number of symbolic constants for |
| 100 | values passed to the connection "info" callback. |
| 101 | |
Jean-Paul Calderone | f6a4a7c | 2011-01-22 10:04:48 -0500 | [diff] [blame] | 102 | 2011-01-22 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 103 | |
| 104 | * OpenSSL/ssl/connection.py: Add support for new-style |
| 105 | buffers (primarily memoryviews) to Connection.send and |
| 106 | Connection.sendall. |
| 107 | |
Jean-Paul Calderone | 8e1716f | 2010-11-01 17:43:15 -0400 | [diff] [blame] | 108 | 2010-11-01 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
Jean-Paul Calderone | 7cb3f6d | 2010-10-31 10:36:23 -0400 | [diff] [blame] | 109 | |
| 110 | * Release 0.11 |
| 111 | |
Jean-Paul Calderone | d16a364 | 2010-10-07 22:19:58 -0400 | [diff] [blame] | 112 | 2010-10-07 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 113 | |
| 114 | * Initial support for Python 3.x throughout the codebase. |
| 115 | |
Jean-Paul Calderone | 84fd374 | 2010-09-14 18:05:45 -0400 | [diff] [blame] | 116 | 2010-09-14 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 117 | |
| 118 | * OpenSSL/crypto/netscape_spki.c: Fix an off-by-one mistake in the |
| 119 | error handling for NetscapeSPKI.verify. Add additional error |
| 120 | checking to NetscapeSPKI.sign to handle the case where there is no |
| 121 | private key. |
| 122 | |
| 123 | * OpenSSL/crypto/x509.c: Fix an overflow bug in the subject_name_hash |
| 124 | method of the X509 type which would cause it to return negative |
| 125 | values on 32 bit systems. |
| 126 | |
| 127 | * OpenSSL/crypto/x509req.c: Fix an off-by-one mistake in the error |
| 128 | handling for X509Req.verify. |
| 129 | |
| 130 | * OpenSSL/ssl/context.c: Fix the error handling in the load_tmp_dh |
| 131 | method of the Context type which would cause it to always raise |
| 132 | MemoryError, regardless of the actual error (such as a bad file |
| 133 | name). |
| 134 | |
| 135 | * OpenSSL/test/: Numerous unit tests added, both for above fixes |
| 136 | and for other previously untested code paths. |
| 137 | |
Jean-Paul Calderone | 6d78fed | 2010-07-27 21:47:22 -0400 | [diff] [blame] | 138 | 2010-07-27 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 139 | |
| 140 | * Re-arrange the repository so that the package can be built and |
| 141 | used in-place without requiring installation. |
| 142 | |
James Yonan | 7c2e5d3 | 2010-02-27 05:45:50 -0700 | [diff] [blame] | 143 | 2010-02-27 James Yonan <james@openvpn.net> |
| 144 | |
| 145 | * src/crypto/crypto.c: Added crypto.sign and crypto.verify methods |
| 146 | that wrap EVP_Sign and EVP_Verify function families, using code |
| 147 | derived from Dave Cridland's PyOpenSSL branch. |
| 148 | |
| 149 | * test/test_crypto.py: Added unit tests for crypto.sign and |
| 150 | crypto.verify. |
| 151 | |
Jean-Paul Calderone | 40b32a2 | 2010-01-27 16:56:44 -0500 | [diff] [blame] | 152 | 2010-01-27 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 153 | |
| 154 | * src/ssl/connection.c, src/util.h: Apply patch from Sandro Tosi to |
| 155 | fix misspellings of "compatibility". |
| 156 | |
Jean-Paul Calderone | 5cc6197 | 2009-11-13 09:16:32 -0500 | [diff] [blame] | 157 | 2009-11-13 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 158 | |
| 159 | * Release 0.10 |
| 160 | |
Jean-Paul Calderone | 7675191 | 2009-11-12 07:51:04 -0500 | [diff] [blame] | 161 | 2009-11-07 Žiga Seilnacht, Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 162 | |
| 163 | * src/ssl/connection.c, src/ssl/context.c: Add set_client_ca_list, |
| 164 | add_client_ca, and get_client_ca_list to Context for manipulating |
| 165 | the list of certificate authority names which are sent by servers |
| 166 | with the certificate request message. |
| 167 | * src/util.h: Add ssize-related defines if the version of Python |
| 168 | being used does not have them. |
| 169 | * setup.py: Significant changes to the way Windows builds are done, |
| 170 | particularly the way OpenSSL headers and libraries are found (with |
| 171 | the new --with-openssl argument to build_ext). |
| 172 | |
Jean-Paul Calderone | 2953db8 | 2009-08-27 13:20:38 -0400 | [diff] [blame] | 173 | 2009-08-27 Rick Dean <rick@fdd.com>, Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 174 | |
| 175 | * src/crypto/pkcs12.c: Add setters to the PKCS12 type for the |
| 176 | certificate, private key, ca certificate list, and friendly |
| 177 | name, and add a getter for the friendly name. Also add a method |
| 178 | for exporting a PKCS12 object as a string. |
Jean-Paul Calderone | 2953db8 | 2009-08-27 13:20:38 -0400 | [diff] [blame] | 179 | * test/test_crypto.py: Add lots of additional tests for the PKCS12 |
| 180 | type. |
Jean-Paul Calderone | 2953db8 | 2009-08-27 13:20:38 -0400 | [diff] [blame] | 181 | * doc/pyOpenSSL.tex: Documentation for the new PKCS12 methods. |
| 182 | |
| 183 | 2009-07-17 Rick Dean <rick@fdd.com>, Jean-Paul Calderone <exarkun@twistedmatrix.com> |
Jean-Paul Calderone | 9ac425c | 2009-07-17 16:06:12 -0400 | [diff] [blame] | 184 | |
| 185 | * src/crypto/x509ext.c: Add subject and issuer parameters to |
| 186 | X509Extension, allowing creation of extensions which require that |
| 187 | information. Fixes LP#322813. |
| 188 | |
Jean-Paul Calderone | 8b32799 | 2009-07-16 18:52:14 -0400 | [diff] [blame] | 189 | 2009-07-16 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 190 | |
| 191 | * test/util.py: Changed the base TestCase's tearDown to assert that |
| 192 | no errors were left in the OpenSSL error queue by the test. |
| 193 | * src/crypto/crypto.c: Add a private helper in support of the |
| 194 | TestCase.tearDown change. |
| 195 | * src/crypto/x509name.c: Changed X509Name's getattr implementation |
| 196 | to clean up the error queue. Fixes LP#314814. |
| 197 | * test/util.c: Changed flush_error_queue to avoid a reference |
| 198 | counting bug caused by macro expansion. |
| 199 | |
Jean-Paul Calderone | b3b94e0 | 2009-07-16 14:07:28 -0400 | [diff] [blame] | 200 | 2009-07-16 Rick Dean <rick@fdd.com> |
| 201 | |
| 202 | * src/rand.c: Added OpenSSL.rand.bytes to get random bytes directly. |
| 203 | * src/util.c: Added generic exceptions_from_error_queue to replace |
| 204 | the various other implementations of this function. Also updated |
| 205 | the rest of the codebase to use this version instead. |
| 206 | |
Jean-Paul Calderone | 0b88b6a | 2009-07-05 12:44:41 -0400 | [diff] [blame] | 207 | 2009-07-05 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 208 | |
Jean-Paul Calderone | 1880865 | 2009-07-05 12:54:05 -0400 | [diff] [blame] | 209 | * test/util.py, test/test_ssl.py, test/test_crypto.py: Fold the |
| 210 | Python 2.3 compatibility TestCase mixin into the TestCase defined |
| 211 | in util.py. |
| 212 | |
| 213 | 2009-07-05 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 214 | |
Jean-Paul Calderone | 0b88b6a | 2009-07-05 12:44:41 -0400 | [diff] [blame] | 215 | * test/util.py, test/test_ssl.py, test/test_crypto.py: Stop trying |
| 216 | to use Twisted's TestCase even when it's available. Instead, |
| 217 | always use the stdlib TestCase with a few enhancements. |
| 218 | |
Jean-Paul Calderone | fdc5a0a | 2009-07-04 15:48:42 -0400 | [diff] [blame] | 219 | 2009-07-04 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 220 | |
| 221 | * Changed most extension types so that they can be instantiated |
| 222 | using the type object rather than a factory function. The old |
| 223 | factory functions are now aliases for the type objects. |
| 224 | Fixes LP#312786. |
| 225 | |
Jean-Paul Calderone | a96bfed | 2009-05-27 08:47:34 -0400 | [diff] [blame] | 226 | 2009-05-27 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 227 | |
Jean-Paul Calderone | 54bcc83 | 2009-05-27 14:06:48 -0400 | [diff] [blame] | 228 | * Changed all docstrings in extension modules to be friendlier |
| 229 | towards Python programmers. Fixes LP#312787. |
| 230 | |
| 231 | 2009-05-27 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 232 | |
Jean-Paul Calderone | a96bfed | 2009-05-27 08:47:34 -0400 | [diff] [blame] | 233 | * src/crypto/x509ext.c: Correctly deallocate the new Extension |
| 234 | instance when there is an error initializing it and it is not |
| 235 | going to be returned. Resolves LP#368043. |
| 236 | |
Jean-Paul Calderone | d683f2d | 2009-05-11 10:47:42 -0400 | [diff] [blame] | 237 | 2009-05-11 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 238 | |
| 239 | * test/test_crypto.py: Use binary mode for the pipe to talk to the |
| 240 | external openssl binary. The data being transported over this |
| 241 | pipe is indeed binary, so previously it would often be truncated |
| 242 | or otherwise mangled. |
| 243 | |
| 244 | * src/ssl/connection.h, src/ssl/connection.c, test/test_ssl.py: |
| 245 | Extend the Connection class with support for in-memory BIOs. This |
| 246 | allows SSL to be run without a real socket, useful for |
| 247 | implementing EAP-TLS or using SSL with Windows IO completion |
Jean-Paul Calderone | b092159 | 2009-05-11 10:48:41 -0400 | [diff] [blame] | 248 | ports, for example. Based heavily on contributions from Rick |
| 249 | Dean. |
Jean-Paul Calderone | d683f2d | 2009-05-11 10:47:42 -0400 | [diff] [blame] | 250 | |
Jean-Paul Calderone | 71ff368 | 2009-04-25 08:30:11 -0400 | [diff] [blame] | 251 | 2009-04-25 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 252 | |
| 253 | * Release 0.9 |
| 254 | |
Jean-Paul Calderone | b8a7073 | 2009-04-01 14:49:13 -0400 | [diff] [blame] | 255 | 2009-04-01 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
Jean-Paul Calderone | ec48cd5 | 2009-04-01 19:01:41 -0400 | [diff] [blame] | 256 | Samuele Pedroni <pedronis@openend.se> |
| 257 | |
| 258 | * src/util.h: Delete the TLS key before trying to set a new value |
| 259 | for it in case the current thread identifier is a recycled one (if |
| 260 | it is recycled, the key won't be set because there is already a |
| 261 | value from the previous thread to have this identifier and to use |
| 262 | the pyOpenSSL API). |
| 263 | |
| 264 | 2009-04-01 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
Jean-Paul Calderone | b8a7073 | 2009-04-01 14:49:13 -0400 | [diff] [blame] | 265 | |
| 266 | * src/crypto/crypto.c: Add FILETYPE_TEXT for dumping keys and |
| 267 | certificates and certificate signature requests to a text format. |
| 268 | |
Jean-Paul Calderone | e7db4b4 | 2008-12-31 13:39:24 -0500 | [diff] [blame] | 269 | 2008-12-31 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 270 | |
Jean-Paul Calderone | f8c5fab | 2008-12-31 15:53:48 -0500 | [diff] [blame] | 271 | * src/crypto/x509ext.c, test/test_crypto.py: Add the get_short_name |
| 272 | method to X509Extension based on patch from Alex Stapleton. |
Jean-Paul Calderone | 2953db8 | 2009-08-27 13:20:38 -0400 | [diff] [blame] | 273 | |
Jean-Paul Calderone | f8c5fab | 2008-12-31 15:53:48 -0500 | [diff] [blame] | 274 | 2008-12-31 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 275 | |
Jean-Paul Calderone | e7db4b4 | 2008-12-31 13:39:24 -0500 | [diff] [blame] | 276 | * src/crypto/x509ext.c, test/test_crypto.py: Fix X509Extension so |
| 277 | that it is possible to instantiate extensions which use s2i or r2i |
| 278 | instead of v2i (an extremely obscure extension implementation |
| 279 | detail). |
| 280 | |
Jean-Paul Calderone | 24e2b0b | 2008-12-30 15:12:11 -0500 | [diff] [blame] | 281 | 2008-12-30 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 282 | |
| 283 | * MANIFEST.in, src/crypto/crypto.c, src/crypto/x509.c, |
| 284 | src/crypto/x509name.c, src/rand/rand.c, src/ssl/context.c: Changes |
| 285 | which eliminate compiler warnings but should not change any |
| 286 | behavior. |
| 287 | |
Jean-Paul Calderone | 8dd19b8 | 2008-12-28 20:41:16 -0500 | [diff] [blame] | 288 | 2008-12-28 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 289 | |
Jean-Paul Calderone | 327d8f9 | 2008-12-28 21:55:56 -0500 | [diff] [blame] | 290 | * test/test_ssl.py, src/ssl/ssl.c: Expose DTLS-related constants, |
| 291 | OP_NO_QUERY_MTU, OP_COOKIE_EXCHANGE, and OP_NO_TICKET. |
| 292 | |
| 293 | 2008-12-28 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 294 | |
Jean-Paul Calderone | aa9c797 | 2008-09-07 21:27:49 -0400 | [diff] [blame] | 295 | * src/ssl/context.c: Add a capath parameter to |
| 296 | Context.load_verify_locations to allow Python code to specify |
| 297 | either or both arguments to the underlying |
| 298 | SSL_CTX_load_verify_locations API. |
| 299 | * src/ssl/context.c: Add Context.set_default_verify_paths, a wrapper |
| 300 | around SSL_CTX_set_default_verify_paths. |
| 301 | |
Jean-Paul Calderone | 5b000d7 | 2008-12-28 21:09:53 -0500 | [diff] [blame] | 302 | 2008-12-28 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 303 | |
Jean-Paul Calderone | 8dd19b8 | 2008-12-28 20:41:16 -0500 | [diff] [blame] | 304 | * test/test_crypto.py, src/crypto/x509req.c: Added get_version and |
| 305 | set_version_methods to X509ReqType based on patch from Wouter van |
| 306 | Bommel. Resolves LP#274418. |
| 307 | |
Jean-Paul Calderone | f7f0fb4 | 2008-10-19 11:55:13 -0400 | [diff] [blame] | 308 | 2008-09-22 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 309 | |
| 310 | * Release 0.8 |
| 311 | |
Jean-Paul Calderone | 002bf46 | 2008-10-19 11:35:40 -0400 | [diff] [blame] | 312 | 2008-10-19 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 313 | |
| 314 | * tsafe.py: Revert the deprecation of the thread-safe Connection |
| 315 | wrapper. The Connection class should not segfault if used from |
| 316 | multiple threads now, but it generally cannot be relied on to |
| 317 | produce correct results if used without the thread-safe wrapper. |
Jean-Paul Calderone | 1eeb29e | 2008-10-19 11:50:53 -0400 | [diff] [blame] | 318 | * doc/pyOpenSSL.tex: Correct the documentation for the set_passwd_cb |
| 319 | callback parameter so that it accurately describes the required |
| 320 | signature. |
Jean-Paul Calderone | 002bf46 | 2008-10-19 11:35:40 -0400 | [diff] [blame] | 321 | |
Jean-Paul Calderone | a319ca9 | 2008-09-22 08:45:40 -0400 | [diff] [blame] | 322 | 2008-09-22 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 323 | |
Jean-Paul Calderone | b5fdbbf | 2008-09-22 09:04:09 -0400 | [diff] [blame] | 324 | * Release 0.8a1 |
| 325 | |
Jean-Paul Calderone | b7d6db2 | 2008-09-21 18:57:56 -0400 | [diff] [blame] | 326 | 2008-09-21 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 327 | |
| 328 | * src/ssl/ssl.h, src/ssl/ssl.c: Add a thread-local storage key |
Jean-Paul Calderone | 002bf46 | 2008-10-19 11:35:40 -0400 | [diff] [blame] | 329 | which will be used to store and retrieve PyThreadState pointers |
| 330 | whenever it is necessary to release or re-acquire the GIL. |
Jean-Paul Calderone | b7d6db2 | 2008-09-21 18:57:56 -0400 | [diff] [blame] | 331 | |
| 332 | * src/ssl/context.c: Change global_verify_callback so that it |
Jean-Paul Calderone | 002bf46 | 2008-10-19 11:35:40 -0400 | [diff] [blame] | 333 | unconditionally manipulates the Python threadstate, rather than |
| 334 | checking the tstate field which is now always NULL. |
Jean-Paul Calderone | b7d6db2 | 2008-09-21 18:57:56 -0400 | [diff] [blame] | 335 | |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 336 | 2008-04-26 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 337 | |
Jean-Paul Calderone | 5ef8651 | 2008-04-26 19:06:28 -0400 | [diff] [blame] | 338 | * src/ssl/context.c: Change global_passphrase_callback and |
| 339 | global_info_callback so that they acquire the GIL before |
| 340 | invoking any CPython APIs and do not release it until after they |
| 341 | are finished invoking all of them (based heavily on on patch |
| 342 | from Dan Williams). |
Jean-Paul Calderone | aea5d90 | 2008-04-26 19:53:39 -0400 | [diff] [blame] | 343 | * src/ssl/crypto.c: Initialize OpenSSL thread support so that it |
| 344 | is valid to use OpenSSL APIs from more than one thread (based on |
| 345 | patch from Dan Williams). |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 346 | * test/test_crypto.py: Add tests for load_privatekey and |
| 347 | dump_privatekey when a passphrase or a passphrase callback is |
| 348 | supplied. |
Jean-Paul Calderone | 5ef8651 | 2008-04-26 19:06:28 -0400 | [diff] [blame] | 349 | * test/test_ssl.py: Add tests for Context.set_passwd_cb and |
| 350 | Context.set_info_callback. |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 351 | |
Jean-Paul Calderone | e53ccf7 | 2008-04-11 11:40:39 -0400 | [diff] [blame] | 352 | 2008-04-11 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 353 | |
| 354 | * Release 0.7 |
| 355 | |
Jean-Paul Calderone | c54cc18 | 2008-03-26 21:11:07 -0400 | [diff] [blame] | 356 | 2008-03-26 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 357 | |
| 358 | * src/crypto/x509name.c: Add X509Name.get_components |
| 359 | |
Jean-Paul Calderone | 9ab16c0 | 2008-03-25 15:22:47 -0400 | [diff] [blame] | 360 | 2008-03-25 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 361 | |
| 362 | * src/crypto/x509name.c: Add hash and der methods to X509Name. |
Jean-Paul Calderone | c821543 | 2008-03-25 15:34:21 -0400 | [diff] [blame] | 363 | * src/crypto/x509.c: Fix a bug in X509.get_notBefore and |
| 364 | X509.get_notAfter preventing UTCTIME format timestamps from |
| 365 | working. |
Jean-Paul Calderone | 9ab16c0 | 2008-03-25 15:22:47 -0400 | [diff] [blame] | 366 | |
Jean-Paul Calderone | 3de9f62 | 2008-03-12 14:12:19 -0400 | [diff] [blame] | 367 | 2008-03-12 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 368 | |
| 369 | * Fix coding problems in examples/. Remove keys and certificates |
| 370 | and add a note about how to generate new ones. |
| 371 | |
Jean-Paul Calderone | 525ef80 | 2008-03-09 20:39:42 -0400 | [diff] [blame] | 372 | 2008-03-09 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 373 | |
| 374 | * src/crypto/x509.c: Add getters and setters for the notBefore and |
| 375 | notAfter attributes of X509s. |
Jean-Paul Calderone | ac0d95f | 2008-03-10 00:00:42 -0400 | [diff] [blame] | 376 | * src/crypto/pkey.h, src/crypto/pkey.c, src/crypto/x509req.c, |
| 377 | src/crypto/x509.c: Track the initialized and public/private state |
| 378 | of EVP_PKEY structures underlying the crypto_PKeyObj type and |
| 379 | reject X509Req signature operations on keys not suitable for the |
| 380 | task. |
Jean-Paul Calderone | 525ef80 | 2008-03-09 20:39:42 -0400 | [diff] [blame] | 381 | |
Jean-Paul Calderone | da92ccc | 2008-03-06 23:48:12 -0500 | [diff] [blame] | 382 | 2008-03-06 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 383 | |
| 384 | * src/crypto/x509name.c: Fix tp_compare so it only returns -1, 0, or |
| 385 | 1. This eliminates a RuntimeWarning emitted by Python. |
| 386 | * src/crypto/x509req.c: Fix reference counting for X509Name returned |
| 387 | by X509Req.get_subject. This removes a segfault when the subject |
| 388 | name outlives the request object. |
| 389 | * src/crypto/x509.c: Change get_serial_number and set_serial_number |
| 390 | to accept Python longs. |
| 391 | * doc/pyOpenSSL.tex: A number of minor corrections. |
| 392 | |
Jean-Paul Calderone | 7df40db | 2008-03-03 15:12:42 -0500 | [diff] [blame] | 393 | 2008-03-03 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 394 | |
| 395 | * src/crypto/crypto.c: Expose X509_verify_cert_error_string. (patch |
| 396 | from Victor Stinner) |
| 397 | |
Jean-Paul Calderone | 12ea9a0 | 2008-02-22 12:24:39 -0500 | [diff] [blame] | 398 | 2008-02-22 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 399 | |
| 400 | * src/ssl/connection.c src/ssl/context.c src/ssl/ssl.c: Fix |
| 401 | compilation on Windows. (patch from Michael Schneider) |
| 402 | |
Jean-Paul Calderone | 72b8f0f | 2008-02-21 23:57:40 -0500 | [diff] [blame] | 403 | 2008-02-21 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 404 | |
| 405 | * src/ssl/connection.c: Expose SSL_get_shutdown and |
| 406 | SSL_set_shutdown. (patch from James Knight) |
| 407 | * src/ssl/ssl.c: Expose SSL_SENT_SHUTDOWN and SSL_RECEIVED_SHUTDOWN. |
| 408 | (patch from James Knight) |
| 409 | |
Jean-Paul Calderone | 779db6b | 2008-02-19 21:00:37 -0500 | [diff] [blame] | 410 | 2008-02-19 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| 411 | |
| 412 | * src/ssl/context.c: Expose SSL_CTX_add_extra_chain_cert. |
| 413 | * src/crypto/x509name.c: Fix memory leaks in __getattr__ and |
| 414 | __setattr_ implementations. |
Jean-Paul Calderone | 19555b9 | 2008-02-19 22:29:57 -0500 | [diff] [blame] | 415 | * src/crypto/x509.c: Fix memory leak in X509.get_pubkey(). |
| 416 | * leakcheck/: An attempt at a systematic approach to leak |
| 417 | elimination. |
Jean-Paul Calderone | 779db6b | 2008-02-19 21:00:37 -0500 | [diff] [blame] | 418 | |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 419 | 2004-08-13 Martin Sjögren <msjogren@gmail.com> |
| 420 | |
| 421 | * Released version 0.6. |
| 422 | |
| 423 | 2004-08-11 Martin Sjögren <msjogren@gmail.com> |
| 424 | |
| 425 | * doc/pyOpenSSL.tex: Updates to the docs. |
| 426 | |
| 427 | 2004-08-10 Martin Sjögren <msjogren@gmail.com> |
| 428 | |
| 429 | * src/crypto/x509.c: Add X509.add_extensions based on a patch |
| 430 | from Han S. Lee. |
| 431 | * src/ssl/ssl.c: Add more SSL_OP_ constants. Patch from Mihai |
| 432 | Ibanescu. |
| 433 | |
| 434 | 2004-08-09 Martin Sjögren <msjogren@gmail.com> |
| 435 | |
| 436 | * setup.py src/crypto/: Add support for Netscape SPKI extensions |
| 437 | based on a patch from Tollef Fog Heen. |
| 438 | * src/crypto/crypto.c: Add support for python passphrase callbacks |
| 439 | based on a patch from Robert Olson. |
| 440 | |
| 441 | 2004-08-03 Martin Sjögren <msjogren@gmail.com> |
| 442 | |
| 443 | * src/ssl/context.c: Applied patch from Frederic Peters to add |
| 444 | Context.use_certificate_chain_file. |
| 445 | * src/crypto/x509.c: Applid patch from Tollef Fog Heen to add |
| 446 | X509.subject_name_hash and X509.digest. |
| 447 | |
| 448 | 2004-08-02 Martin Sjögren <msjogren@gmail.com> |
| 449 | |
| 450 | * src/crypto/crypto.c src/ssl/ssl.c: Applied patch from Bastian |
| 451 | Kleineidam to fix full names of exceptions. |
| 452 | |
| 453 | 2004-07-19 Martin Sjögren <msjogren@gmail.com> |
| 454 | |
| 455 | * doc/pyOpenSSL.tex: Fix the errors regarding X509Name's field names. |
Jean-Paul Calderone | 828c9cb | 2008-04-26 18:06:54 -0400 | [diff] [blame] | 456 | |
Jean-Paul Calderone | 897bc25 | 2008-02-18 20:50:23 -0500 | [diff] [blame] | 457 | 2004-07-18 Martin Sjögren <msjogren@gmail.com> |
| 458 | |
| 459 | * examples/certgen.py: Fixed wrong attributes in doc string, thanks |
| 460 | Remy. (SFbug#913315) |
| 461 | * __init__.py, setup.py, version.py: Add __version__, as suggested by |
| 462 | Ronald Oussoren in SFbug#888729. |
| 463 | * examples/proxy.py: Fix typos, thanks Mihai Ibanescu. (SFpatch#895820) |
| 464 | |
| 465 | 2003-01-09 Martin Sjögren <martin@strakt.com> |
| 466 | |
| 467 | * Use cyclic GC protocol in SSL.Connection, SSL.Context, crypto.PKCS12 |
| 468 | and crypto.X509Name. |
| 469 | |
| 470 | 2002-12-02 Martin Sjögren <martin@strakt.com> |
| 471 | |
| 472 | * tsafe.py: Add some missing methods. |
| 473 | |
| 474 | 2002-10-06 Martin Sjögren <martin@strakt.com> |
| 475 | |
| 476 | * __init__.py: Import tsafe too! |
| 477 | |
| 478 | 2002-10-05 Martin Sjögren <martin@strakt.com> |
| 479 | |
| 480 | * src/crypto/x509name.c: Use unicode strings instead of ordinary |
| 481 | strings in getattr/setattr. Note that plain ascii strings should |
| 482 | still work. |
| 483 | |
| 484 | 2002-09-17 Martin Sjögren <martin@strakt.com> |
| 485 | |
| 486 | * Released version 0.5.1. |
| 487 | |
| 488 | 2002-09-09 Martin Sjögren <martin@strakt.com> |
| 489 | |
| 490 | * setup.cfg: Fixed build requirements for rpms. |
| 491 | |
| 492 | 2002-09-07 Martin Sjögren <martin@strakt.com> |
| 493 | |
| 494 | * src/ssl/connection.c: Fix sendall() method. It segfaulted because |
| 495 | it was too generous about giving away the GIL. |
| 496 | * Added SecureXMLRPCServer example, contributed by Michal Wallace. |
| 497 | |
| 498 | 2002-09-06 Martin Sjögren <martin@strakt.com> |
| 499 | |
| 500 | * setup.cfg: Updated the build requirements. |
| 501 | * src/ssl/connection.c: Fix includes for AIX. |
| 502 | |
| 503 | 2002-09-04 Anders Hammarquist <iko@strakt.com> |
| 504 | |
| 505 | * Added type checks in all the other places where we expect |
| 506 | specific types of objects passed. |
| 507 | |
| 508 | 2002-09-04 Martin Sjögren <martin@strakt.com> |
| 509 | |
| 510 | * src/crypto/crypto.c: Added an explicit type check in the dump_* |
| 511 | functions, so that they won't die when e.g. None is passed in. |
| 512 | |
| 513 | 2002-08-25 Martin Sjögren <martin@strakt.com> |
| 514 | |
| 515 | * doc/pyOpenSSL.tex: Docs for PKCS12. |
| 516 | |
| 517 | 2002-08-24 Martin Sjögren <martin@strakt.com> |
| 518 | |
| 519 | * src/crypto: Added basic PKCS12 support, thanks to Mark Welch |
| 520 | <mark@collab.net> |
| 521 | |
| 522 | 2002-08-16 Martin Sjögren <martin@strakt.com> |
| 523 | |
| 524 | * D'oh! Fixes for python 1.5 and python 2.1. |
| 525 | |
| 526 | 2002-08-15 Martin Sjögren <martin@strakt.com> |
| 527 | |
| 528 | * Version 0.5. Yay! |
| 529 | |
| 530 | 2002-07-25 Martin Sjögren <martin@strakt.com> |
| 531 | |
| 532 | * src/ssl/context.c: Added set_options method. |
| 533 | * src/ssl/ssl.c: Added constants for Context.set_options method. |
| 534 | |
| 535 | 2002-07-23 Martin Sjögren <martin@strakt.com> |
| 536 | |
| 537 | * Updated docs |
| 538 | * src/ssl/connection.c: Changed the get_cipher_list method to actually |
| 539 | return a list! WARNING: This change makes the API incompatible with |
| 540 | earlier versions! |
| 541 | |
| 542 | 2002-07-15 Martin Sjögren <martin@strakt.com> |
| 543 | |
| 544 | * src/ssl/connection.[ch]: Removed the fileno method, it uses the |
| 545 | transport object's fileno instead. |
| 546 | |
| 547 | 2002-07-09 Martin Sjögren <martin@strakt.com> |
| 548 | |
| 549 | * src/crypto/x509.c src/crypto/x509name.c: Fixed segfault bug where |
| 550 | you used an X509Name after its X509 had been destroyed. |
| 551 | * src/crypto/crypto.[ch] src/crypto/x509req.c src/crypto/x509ext.[ch]: |
| 552 | Added X509 Extension support. Thanks to maas-Maarten Zeeman |
| 553 | <maas@awanim.com> |
| 554 | * src/crypto/pkey.c: Added bits() and type() methods. |
| 555 | |
| 556 | 2002-07-08 Martin Sjögren <martin@strakt.com> |
| 557 | |
| 558 | * src/ssl/connection.c: Moved the contents of setup_ssl into the |
| 559 | constructor, thereby fixing some segfault bugs :) |
| 560 | * src/ssl/connection.c: Added connect_ex and sendall methods. |
| 561 | * src/crypto/x509name.c: Cleaned up comparisons and NID lookup. |
| 562 | Thank you Maas-Maarten Zeeman <maas@awanim.com> |
| 563 | * src/rand/rand.c: Fix RAND_screen import. |
| 564 | * src/crypto/crypto.c src/crypto/pkcs7.[ch]: Added PKCS7 management, |
| 565 | courtesy of Maas-Maarten Zeeman <maas@awanim.com> |
| 566 | * src/crypto/x509req.c: Added verify method. |
| 567 | |
| 568 | 2002-06-17 Martin Sjögren <martin@strakt.com> |
| 569 | |
| 570 | * rpm/, setup.cfg: Added improved RPM-building stuff, thanks to |
| 571 | Mihai Ibanescu <misa@redhat.com> |
| 572 | |
| 573 | 2002-06-14 Martin Sjögren <martin@strakt.com> |
| 574 | |
| 575 | * examples/proxy.py: Example code for using OpenSSL through a proxy |
| 576 | contributed by Mihai Ibanescu <misa@redhat.com> |
| 577 | * Updated installation instruction and added them to the TeX manual. |
| 578 | |
| 579 | 2002-06-13 Martin Sjögren <martin@strakt.com> |
| 580 | |
| 581 | * src/ssl/context.c: Changed global_verify_callback so that it uses |
| 582 | PyObject_IsTrue instead of requring ints. |
| 583 | * Added pymemcompat.h to make the memory management uniform and |
| 584 | backwards-compatible. |
| 585 | * src/util.h: Added conditional definition of PyModule_AddObject and |
| 586 | PyModule_AddIntConstant |
| 587 | * src/ssl/connection.c: Socket methods are no longer explicitly |
| 588 | wrapped. fileno() is the only method the transport layer object HAS |
| 589 | to support, but if you want to use connect, accept or sock_shutdown, |
| 590 | then the transport layer object has to supply connect, accept |
| 591 | and shutdown respectively. |
| 592 | |
| 593 | 2002-06-12 Martin Sjögren <martin@strakt.com> |
| 594 | |
| 595 | * Changed comments to docstrings that are visible in Python. |
| 596 | * src/ssl/connection.c: Added set_connect_state and set_accept_state |
| 597 | methods. Thanks to Mark Welch <mark@collab.net> for this. |
| 598 | |
| 599 | 2002-06-11 Martin Sjögren <martin@strakt.com> |
| 600 | |
| 601 | * src/ssl/connection.c: accept and connect now use SSL_set_accept_state |
| 602 | and SSL_set_connect_state respectively, instead of SSL_accept and |
| 603 | SSL_connect. |
| 604 | * src/ssl/connection.c: Added want_read and want_write methods. |
| 605 | |
| 606 | 2002-06-05 Martin Sjögren <martin@strakt.com> |
| 607 | |
| 608 | * src/ssl/connection.c: Added error messages for windows. The code is |
| 609 | copied from Python's socketmodule.c. Ick. |
| 610 | * src/ssl/connection.c: Changed the parameters to the SysCallError. It |
| 611 | always has a tuple (number, string) now, even though the number |
| 612 | might not always be useful. |
| 613 | |
| 614 | 2002-04-05 Martin Sjögren <md9ms@mdstud.chalmers.se> |
| 615 | |
| 616 | * Worked more on the Debian packaging, hopefully the packages |
| 617 | are getting into the main Debian archive soon. |
| 618 | |
| 619 | 2002-01-10 Martin Sjögren <martin@strakt.com> |
| 620 | |
| 621 | * Worked some more on the Debian packaging, it's turning out real |
| 622 | nice. |
| 623 | * Changed format on this file, I'm going to try to be a bit more |
| 624 | verbose about my changes, and this format makes it easier. |
| 625 | |
| 626 | 2002-01-08 Martin Sjögren <martin@strakt.com> |
| 627 | |
| 628 | * Version 0.4.1 |
| 629 | * Added some example code |
| 630 | * Added the thread safe Connection object in the 'tsafe' submodule |
| 631 | * New Debian packaging |
| 632 | |
| 633 | 2001-08-09 Martin Sjögren <martin@strakt.com> |
| 634 | |
| 635 | * Version 0.4 |
| 636 | * Added a compare function for X509Name structures. |
| 637 | * Moved the submodules to separate .so files, with tiny C APIs so they |
| 638 | can communicate |
| 639 | * Skeletal OpenSSL/__init__.py |
| 640 | * Removed the err submodule, use crypto.Error and SSL.Error instead |
| 641 | |
| 642 | 2001-08-06 Martin Sjögren <martin@strakt.com> |
| 643 | |
| 644 | * Version 0.3 |
| 645 | * Added more types for dealing with certificates (X509Store, X509Req, |
| 646 | PKey) |
| 647 | * Functionality to load private keys, certificates and certificate |
| 648 | requests from memory buffers, and store them too |
| 649 | * X509 and X509Name objects can now be modified as well, very neat when |
| 650 | creating certificates ;) |
| 651 | * Added SSL_MODE_AUTO_RETRY to smooth things for blocking sockets |
| 652 | * Added a sock_shutdown() method to the Connection type |
| 653 | * I don't understand why, but I can't use Py_InitModule() to create |
| 654 | submodules in Python 2.0, the interpreter segfaults on the cleanup |
| 655 | process when I do. I added a conditional compile on the version |
| 656 | number, falling back to my own routine. It would of course be nice to |
| 657 | investigate what is happening, but I don't have the time to do so |
| 658 | * Do INCREF on the type objects before inserting them in the |
| 659 | dictionary, so they will never reach refcount 0 (they are, after all, |
| 660 | statically allocated) |
| 661 | |
| 662 | 2001-07-30 Martin Sjögren <martin@strakt.com> |
| 663 | |
| 664 | * Version 0.2 |
| 665 | * Lots of tweaking and comments in the code |
| 666 | * Now uses distutils instead of the stupid Setup file |
| 667 | * Hacked doc/tools/mkhowto, html generation should now work |
| 668 | |
| 669 | 2001-07-16 Martin Sjögren <martin@strakt.com> |
| 670 | |
| 671 | * Initial release (0.1, don't expect much from this one :-) |
| 672 | |