ChangeLog

2015-04-15  Paul Kehrer <paul.l.kehrer@gmail.com>

	* OpenSSL/crypto.py, OpenSSL/test/test_crypto.py: Switch to utf8string
	  mask by default. OpenSSL formerly defaulted to a T61String if there
	  were UTF-8 characters present.  This was changed to default to
	  UTF8String in the config around 2005, but the actual code didn't
	  change it until late last year. This will default us to the setting
	  that actually works. To revert this you can call
	  crypto._lib.ASN1_STRING_set_default_mask_asc(b"default")

2015-04-14  Hynek Schlawack  <hs@ox.cx>

	* Release 0.15.1

2015-04-14  Glyph Lefkowitz  <glyph@twistedmatrix.com>

	* OpenSSL/SSL.py, OpenSSL/test/test_ssl.py: Fix a regression
	  present in 0.15, where when an error occurs and no errno() is set,
	  a KeyError is raised.  This happens, for example, if
	  Connection.shutdown() is called when the underlying transport has
	  gone away.

2011-09-02  Hynek Schlawack  <hs@ox.cx>

	* Release 0.15

2015-04-12  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* OpenSSL/rand.py, OpenSSL/SSL.py: APIs which previously accepted
	  filenames only as bytes now accept them as either bytes or
	  unicode (and respect sys.getfilesystemencoding()).

2015-03-23  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* OpenSSL/SSL.py: Add Cory Benfield's next-protocol-negotiation
	  (NPN) bindings.

2015-03-15  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* OpenSSL/SSL.py: Add ``Connection.recv_into``, mirroring the
	  builtin ``socket.recv_into``.  Based on work from Cory Benfield.
	* OpenSSL/test/test_ssl.py: Add tests for ``recv_into``.

2015-01-30  Stephen Holsapple <sholsapp@gmail.com>

	* OpenSSL/crypto.py: Expose ``X509StoreContext`` for verifying certificates.
	* OpenSSL/test/test_crypto.py: Add intermediate certificates for

2015-01-08  Paul Aurich <paul@darkrain42.org>

	* OpenSSL/SSL.py: ``Connection.shutdown`` now propagates errors from the
	  underlying socket.

2014-12-11  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* OpenSSL/SSL.py: Fixed a regression ``Context.check_privatekey``
	  causing it to always succeed - even if it should fail.

2014-08-21  Alex Gaynor  <alex.gaynor@gmail.com>

	* OpenSSL/crypto.py: Fixed a regression where calling ``load_pkcs7_data``
	  with ``FILETYPE_ASN1`` would fail with a ``NameError``.

2014-05-05  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* OpenSSL/SSL.py: Fix a regression in which the first argument of
	  the "verify" callback was incorrectly passed a ``Context`` instance
	  instead of the ``Connection`` instance.
	* OpenSSL/test/test_ssl.py: Add a test for the value passed as the
	  first argument of the "verify" callback.

2014-04-19  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* OpenSSL/crypto.py: Based on work from Alex Gaynor, Andrew
	  Lutomirski, Tobias Oberstein, Laurens Van Houtven, and Hynek
	  Schlawack, add ``get_elliptic_curve`` and ``get_elliptic_curves``
	  to support TLS ECDHE modes.
	* OpenSSL/SSL.py: Add ``Context.set_tmp_ecdh`` to configure a TLS
	  context with a particular elliptic curve for ECDHE modes.

2014-04-19  Markus Unterwaditzer <markus@unterwaditzer.net>

	* OpenSSL/SSL.py: ``Connection.send`` and ``Connection.sendall``
	  now also accept the ``buffer`` type as data.

2014-04-05  Stephen Holsapple <sholsapp@gmail.com>

	* OpenSSL/crypto.py: Make ``load_pkcs12`` backwards compatible with
	  pyOpenSSL 0.13 by making passphrase optional.

2014-03-30  Fedor Brunner  <fedor.brunner@azet.sk>

	* OpenSSL/SSL.py: Add ``get_finished``, ``get_peer_finished``
	  methods to ``Connection``. If you use these methods to
	  implement TLS channel binding (RFC 5929) disable session
	  resumption because triple handshake attacks against TLS.
	  <https://www.ietf.org/mail-archive/web/tls/current/msg11337.html>
	  <https://secure-resumption.com/tlsauth.pdf>

2014-03-29  Fedor Brunner  <fedor.brunner@azet.sk>

	* OpenSSL/SSL.py: Add ``get_cipher_name``, ``get_cipher_bits``,
	  and ``get_cipher_version`` to ``Connection``.

2014-03-28  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* OpenSSL/tsafe.py: Replace the use of ``apply`` (which has been
	  removed in Python 3) with the equivalent syntax.

2014-03-28  Jonathan Giannuzzi  <jonathan@giannuzzi.be>

	* OpenSSL/crypto.py: Fix memory leak in _X509_REVOKED_dup.
	* leakcheck/crypto.py: Add checks for _X509_REVOKED_dup, CRL.add_revoked
	  and CRL.get_revoked.
	* setup.py: Require cryptography 0.3 to have the ASN1_TIME_free binding.

2014-03-02  Stephen Holsapple  <sholsapp@gmail.com>

	* OpenSSL/crypto.py: Add ``get_extensions`` method to ``X509Req``.

2014-02-23  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* Release 0.14

2014-01-09  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* OpenSSL: Port to the cffi-based OpenSSL bindings provided by
	  <https://github.com/pyca/cryptography>

2013-10-06  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* OpenSSL/ssl/context.c: Add support for negotiating TLS v1.1 or
	  v1.2.

2013-10-03  Christian Heimes  <christian@python.org>

	* OpenSSL/crypto/x509.c: Fix an inconsistency in memory management
	  in X509.get_serial_number which leads to crashes on some runtimes
	  (certain Windows/Python 3.3 environments, at least).

2013-08-11  Christian Heimes  <christian@python.org>

	* OpenSSL/crypto/x509ext.c: Fix handling of NULL bytes inside
	  subjectAltName general names when formatting an X509 extension
	  as a string.
	* OpenSSL/crypto/x509.c: Fix memory leak in get_extension().

2012-04-03  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* OpenSSL/crypto/pkey.c: Release the GIL around RSA and DSA key
	  generation, based on code from INADA Naoki.

2012-02-13  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* OpenSSL/ssl/ssl.c: Add session cache related constants for use
	  with the new Context.set_session_cache_mode method.

	* OpenSSL/ssl/context.c: Add new Context methods
	  set_session_cache_mode and get_session_cache_mode.

2011-11-01  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* OpenSSL/crypto/pkey.c: Raise TypeError when trying to check a
	  PKey instance which has no private component, instead of crashing.
	  Based on fix by <lp:~dataway>.

2011-09-14  Žiga Seilnacht <lp:ziga-seilnacht>

	* OpenSSL/crypto/crypto.c: Allow exceptions from passphrase
	  callbacks to propagate up out of load_privatekey
	* OpenSSL/crypto/crypto.c: Raise an exception when a too-long
	  passphrase is returned from a passphrase callback, instead of
	  silently truncating it.
	* OpenSSL/crypto/crypto.c: Fix a memory leak when a passphrase
	  callback returns the wrong type.

2011-09-13  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* OpenSSL/crypto/crl.c: Add error handling for the use of
	  X509_CRL_sign.

2011-09-11  Jonathan Ballet  <lp:multani>

	* doc/: Convert the LaTeX documentation to Sphinx-using ReST.
	* OpenSSL/: Convert the epytext API documentation to Sphinx-using ReST.

2011-09-08  Guillermo Gonzalez  <guillermo.gonzalez@canonical.com>

	* OpenSSL/ssl/context.c: Add Context.set_mode method.
	* OpenSSL/ssl/ssl.c: Add MODE_RELEASE_BUFFERS and OP_NO_COMPRESSION
	  constants.

2011-09-02  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* Release 0.13

2011-06-12  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* OpenSSL/crypto/pkey.c: Add the PKey.check method, mostly
	  implemented by Rick Dean, to verify the internal consistency of a
	  PKey instance.

2011-06-12  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* OpenSSL/crypto/crypto.c: Fix the sign and verify functions so
	  they handle data with embedded NULs.  Fix by David Brodsky
	  <lp:~lihalla>.

2011-05-20  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* OpenSSL/ssl/connection.c, OpenSSL/test/test_ssl.py: Add a new
          method to the Connection type, get_peer_cert_chain, for retrieving
          the peer's certificate chain.

2011-05-19  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* OpenSSL/crypto/x509.c, OpenSSL/test/test_crypto.py: Add a new
          method to the X509 type, get_signature_algorithm, for inspecting
          the signature algorithm field of the certificate.  Based on a
          patch from <lp:~okuda>.

2011-05-10  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* OpenSSL/crypto/crypto.h: Work around a Windows/OpenSSL 1.0 issue
	  explicitly including a Windows header before any OpenSSL headers.

	* OpenSSL/crypto/pkcs12.c: Work around an OpenSSL 1.0 issue by
	  explicitly flushing errors known to be uninteresting after calling
	  PKCS12_parse.

	* OpenSSL/ssl/context.c: Remove SSLv2 support if the underlying
	  OpenSSL library does not provide it.

	* OpenSSL/test/test_crypto.py: Support an OpenSSL 1.0 change from
	  MD5 to SHA1 by allowing either hash algorithm's result as the
	  return value of X509.subject_name_hash.

	* OpenSSL/test/test_ssl.py: Support an OpenSSL 1.0 change from MD5
	  to SHA1 by constructing certificate files named using both hash
	  algorithms' results when testing Context.load_verify_locations.

	* Support OpenSSL 1.0.0a.

2011-04-15  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* OpenSSL/ssl/ssl.c: Add OPENSSL_VERSION_NUMBER, SSLeay_version
	  and related constants for retrieving version information about the
	  underlying OpenSSL library.

2011-04-07  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* Release 0.12

2011-04-06  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* OpenSSL/crypto/x509.c: Add get_extension_count and get_extension
	  to the X509 type, allowing read access to certificate extensions.

	* OpenSSL/crypto/x509ext.c: Add get_short_name and get_data to the
	  X509Extension type, allowing read access to the contents of an
	  extension.

2011-03-21  Olivier Hervieu <lp:~ohe>

	* OpenSSL/ssl/ssl.c: Expose a number of symbolic constants for
	  values passed to the connection "info" callback.

2011-01-22  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* OpenSSL/ssl/connection.py: Add support for new-style
	  buffers (primarily memoryviews) to Connection.send and
	  Connection.sendall.

2010-11-01  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* Release 0.11

2010-10-07  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* Initial support for Python 3.x throughout the codebase.

2010-09-14  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* OpenSSL/crypto/netscape_spki.c: Fix an off-by-one mistake in the
	  error handling for NetscapeSPKI.verify.  Add additional error
          checking to NetscapeSPKI.sign to handle the case where there is no
          private key.

	* OpenSSL/crypto/x509.c: Fix an overflow bug in the subject_name_hash
	  method of the X509 type which would cause it to return negative
	  values on 32 bit systems.

	* OpenSSL/crypto/x509req.c: Fix an off-by-one mistake in the error
	  handling for X509Req.verify.

	* OpenSSL/ssl/context.c: Fix the error handling in the load_tmp_dh
	  method of the Context type which would cause it to always raise
	  MemoryError, regardless of the actual error (such as a bad file
	  name).

	* OpenSSL/test/: Numerous unit tests added, both for above fixes
	  and for other previously untested code paths.

2010-07-27  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* Re-arrange the repository so that the package can be built and
	  used in-place without requiring installation.

2010-02-27  James Yonan <james@openvpn.net>

	* src/crypto/crypto.c: Added crypto.sign and crypto.verify methods
	  that wrap EVP_Sign and EVP_Verify function families, using code
	  derived from Dave Cridland's PyOpenSSL branch.

	* test/test_crypto.py: Added unit tests for crypto.sign and
	  crypto.verify.

2010-01-27  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* src/ssl/connection.c, src/util.h: Apply patch from Sandro Tosi to
	  fix misspellings of "compatibility".

2009-11-13  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* Release 0.10

2009-11-07  Žiga Seilnacht, Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* src/ssl/connection.c, src/ssl/context.c: Add set_client_ca_list,
	  add_client_ca, and get_client_ca_list to Context for manipulating
	  the list of certificate authority names which are sent by servers
	  with the certificate request message.
	* src/util.h: Add ssize-related defines if the version of Python
	  being used does not have them.
	* setup.py: Significant changes to the way Windows builds are done,
	  particularly the way OpenSSL headers and libraries are found (with
	  the new --with-openssl argument to build_ext).

2009-08-27  Rick Dean  <rick@fdd.com>, Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* src/crypto/pkcs12.c: Add setters to the PKCS12 type for the
	  certificate, private key, ca certificate list, and friendly
	  name, and add a getter for the friendly name.  Also add a method
	  for exporting a PKCS12 object as a string.
	* test/test_crypto.py: Add lots of additional tests for the PKCS12
	  type.
	* doc/pyOpenSSL.tex: Documentation for the new PKCS12 methods.

2009-07-17  Rick Dean  <rick@fdd.com>, Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* src/crypto/x509ext.c: Add subject and issuer parameters to
	  X509Extension, allowing creation of extensions which require that
	  information.  Fixes LP#322813.

2009-07-16  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* test/util.py: Changed the base TestCase's tearDown to assert that
	  no errors were left in the OpenSSL error queue by the test.
	* src/crypto/crypto.c: Add a private helper in support of the
	  TestCase.tearDown change.
	* src/crypto/x509name.c: Changed X509Name's getattr implementation
	  to clean up the error queue.  Fixes LP#314814.
	* test/util.c: Changed flush_error_queue to avoid a reference
	  counting bug caused by macro expansion.

2009-07-16  Rick Dean  <rick@fdd.com>

	* src/rand.c: Added OpenSSL.rand.bytes to get random bytes directly.
	* src/util.c: Added generic exceptions_from_error_queue to replace
	  the various other implementations of this function.  Also updated
	  the rest of the codebase to use this version instead.

2009-07-05  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* test/util.py, test/test_ssl.py, test/test_crypto.py: Fold the
	  Python 2.3 compatibility TestCase mixin into the TestCase defined
	  in util.py.

2009-07-05  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* test/util.py, test/test_ssl.py, test/test_crypto.py: Stop trying
	  to use Twisted's TestCase even when it's available.  Instead,
	  always use the stdlib TestCase with a few enhancements.

2009-07-04  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* Changed most extension types so that they can be instantiated
	  using the type object rather than a factory function.  The old
	  factory functions are now aliases for the type objects.
	  Fixes LP#312786.

2009-05-27  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* Changed all docstrings in extension modules to be friendlier
	  towards Python programmers.  Fixes LP#312787.

2009-05-27  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* src/crypto/x509ext.c: Correctly deallocate the new Extension
	  instance when there is an error initializing it and it is not
	  going to be returned.  Resolves LP#368043.

2009-05-11  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* test/test_crypto.py: Use binary mode for the pipe to talk to the
	  external openssl binary.  The data being transported over this
	  pipe is indeed binary, so previously it would often be truncated
	  or otherwise mangled.

	* src/ssl/connection.h, src/ssl/connection.c, test/test_ssl.py:
	  Extend the Connection class with support for in-memory BIOs.  This
	  allows SSL to be run without a real socket, useful for
	  implementing EAP-TLS or using SSL with Windows IO completion
	  ports, for example.  Based heavily on contributions from Rick
	  Dean.

2009-04-25  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* Release 0.9

2009-04-01  Jean-Paul Calderone  <exarkun@twistedmatrix.com>
            Samuele Pedroni  <pedronis@openend.se>

	* src/util.h: Delete the TLS key before trying to set a new value
	  for it in case the current thread identifier is a recycled one (if
	  it is recycled, the key won't be set because there is already a
	  value from the previous thread to have this identifier and to use
	  the pyOpenSSL API).

2009-04-01  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* src/crypto/crypto.c: Add FILETYPE_TEXT for dumping keys and
	  certificates and certificate signature requests to a text format.

2008-12-31  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* src/crypto/x509ext.c, test/test_crypto.py: Add the get_short_name
	  method to X509Extension based on patch from Alex Stapleton.

2008-12-31  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* src/crypto/x509ext.c, test/test_crypto.py: Fix X509Extension so
	  that it is possible to instantiate extensions which use s2i or r2i
	  instead of v2i (an extremely obscure extension implementation
	  detail).

2008-12-30  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* MANIFEST.in, src/crypto/crypto.c, src/crypto/x509.c,
	  src/crypto/x509name.c, src/rand/rand.c, src/ssl/context.c: Changes
	  which eliminate compiler warnings but should not change any
	  behavior.

2008-12-28  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* test/test_ssl.py, src/ssl/ssl.c: Expose DTLS-related constants,
	  OP_NO_QUERY_MTU, OP_COOKIE_EXCHANGE, and OP_NO_TICKET.

2008-12-28  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* src/ssl/context.c: Add a capath parameter to
	  Context.load_verify_locations to allow Python code to specify
	  either or both arguments to the underlying
	  SSL_CTX_load_verify_locations API.
	* src/ssl/context.c: Add Context.set_default_verify_paths, a wrapper
	  around SSL_CTX_set_default_verify_paths.

2008-12-28  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* test/test_crypto.py, src/crypto/x509req.c: Added get_version and
	  set_version_methods to X509ReqType based on patch from Wouter van
	  Bommel.  Resolves LP#274418.

2008-09-22  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* Release 0.8

2008-10-19  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* tsafe.py: Revert the deprecation of the thread-safe Connection
	  wrapper.  The Connection class should not segfault if used from
	  multiple threads now, but it generally cannot be relied on to
	  produce correct results if used without the thread-safe wrapper.
	* doc/pyOpenSSL.tex: Correct the documentation for the set_passwd_cb
	  callback parameter so that it accurately describes the required
	  signature.

2008-09-22  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* Release 0.8a1

2008-09-21  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* src/ssl/ssl.h, src/ssl/ssl.c: Add a thread-local storage key
	  which will be used to store and retrieve PyThreadState pointers
	  whenever it is necessary to release or re-acquire the GIL.

	* src/ssl/context.c: Change global_verify_callback so that it
	  unconditionally manipulates the Python threadstate, rather than
	  checking the tstate field which is now always NULL.

2008-04-26  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* src/ssl/context.c: Change global_passphrase_callback and
	  global_info_callback so that they acquire the GIL before
	  invoking any CPython APIs and do not release it until after they
	  are finished invoking all of them (based heavily on on patch
	  from Dan Williams).
	* src/ssl/crypto.c: Initialize OpenSSL thread support so that it
	  is valid to use OpenSSL APIs from more than one thread (based on
	  patch from Dan Williams).
	* test/test_crypto.py: Add tests for load_privatekey and
	  dump_privatekey when a passphrase or a passphrase callback is
	  supplied.
	* test/test_ssl.py: Add tests for Context.set_passwd_cb and
	  Context.set_info_callback.

2008-04-11  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* Release 0.7

2008-03-26  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* src/crypto/x509name.c: Add X509Name.get_components

2008-03-25  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* src/crypto/x509name.c: Add hash and der methods to X509Name.
	* src/crypto/x509.c: Fix a bug in X509.get_notBefore and
	  X509.get_notAfter preventing UTCTIME format timestamps from
	  working.

2008-03-12  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* Fix coding problems in examples/.  Remove keys and certificates
	  and add a note about how to generate new ones.

2008-03-09  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* src/crypto/x509.c: Add getters and setters for the notBefore and
	  notAfter attributes of X509s.
	* src/crypto/pkey.h, src/crypto/pkey.c, src/crypto/x509req.c,
	  src/crypto/x509.c: Track the initialized and public/private state
	  of EVP_PKEY structures underlying the crypto_PKeyObj type and
	  reject X509Req signature operations on keys not suitable for the
	  task.

2008-03-06  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* src/crypto/x509name.c: Fix tp_compare so it only returns -1, 0, or
	  1.  This eliminates a RuntimeWarning emitted by Python.
	* src/crypto/x509req.c: Fix reference counting for X509Name returned
	  by X509Req.get_subject.  This removes a segfault when the subject
	  name outlives the request object.
	* src/crypto/x509.c: Change get_serial_number and set_serial_number
	  to accept Python longs.
	* doc/pyOpenSSL.tex: A number of minor corrections.

2008-03-03  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* src/crypto/crypto.c: Expose X509_verify_cert_error_string. (patch
	  from Victor Stinner)

2008-02-22  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* src/ssl/connection.c src/ssl/context.c src/ssl/ssl.c: Fix
	  compilation on Windows.  (patch from Michael Schneider)

2008-02-21  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* src/ssl/connection.c: Expose SSL_get_shutdown and
	  SSL_set_shutdown. (patch from James Knight)
	* src/ssl/ssl.c: Expose SSL_SENT_SHUTDOWN and SSL_RECEIVED_SHUTDOWN.
	  (patch from James Knight)

2008-02-19  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* src/ssl/context.c: Expose SSL_CTX_add_extra_chain_cert.
	* src/crypto/x509name.c: Fix memory leaks in __getattr__ and
	  __setattr_ implementations.
	* src/crypto/x509.c: Fix memory leak in X509.get_pubkey().
	* leakcheck/: An attempt at a systematic approach to leak
	  elimination.

2004-08-13  Martin Sjögren  <msjogren@gmail.com>

	* Released version 0.6.

2004-08-11  Martin Sjögren  <msjogren@gmail.com>

	* doc/pyOpenSSL.tex: Updates to the docs.

2004-08-10  Martin Sjögren  <msjogren@gmail.com>

	* src/crypto/x509.c: Add X509.add_extensions based on a patch
	  from Han S. Lee.
	* src/ssl/ssl.c: Add more SSL_OP_ constants. Patch from Mihai
	  Ibanescu.

2004-08-09  Martin Sjögren  <msjogren@gmail.com>

	* setup.py src/crypto/: Add support for Netscape SPKI extensions
	  based on a patch from Tollef Fog Heen.
	* src/crypto/crypto.c: Add support for python passphrase callbacks
	  based on a patch from Robert Olson.

2004-08-03  Martin Sjögren  <msjogren@gmail.com>

	* src/ssl/context.c: Applied patch from Frederic Peters to add
	  Context.use_certificate_chain_file.
	* src/crypto/x509.c: Applid patch from Tollef Fog Heen to add
	  X509.subject_name_hash and X509.digest.

2004-08-02  Martin Sjögren  <msjogren@gmail.com>

	* src/crypto/crypto.c src/ssl/ssl.c: Applied patch from Bastian
	  Kleineidam to fix full names of exceptions.

2004-07-19  Martin Sjögren  <msjogren@gmail.com>

	* doc/pyOpenSSL.tex: Fix the errors regarding X509Name's field names.

2004-07-18  Martin Sjögren  <msjogren@gmail.com>

	* examples/certgen.py: Fixed wrong attributes in doc string, thanks
	  Remy. (SFbug#913315)
	* __init__.py, setup.py, version.py: Add __version__, as suggested by
	  Ronald Oussoren in SFbug#888729.
	* examples/proxy.py: Fix typos, thanks Mihai Ibanescu. (SFpatch#895820)

2003-01-09  Martin Sjögren  <martin@strakt.com>

	* Use cyclic GC protocol in SSL.Connection, SSL.Context, crypto.PKCS12
	  and crypto.X509Name.

2002-12-02  Martin Sjögren  <martin@strakt.com>

	* tsafe.py: Add some missing methods.

2002-10-06  Martin Sjögren  <martin@strakt.com>

	* __init__.py: Import tsafe too!

2002-10-05  Martin Sjögren  <martin@strakt.com>

	* src/crypto/x509name.c: Use unicode strings instead of ordinary
	  strings in getattr/setattr. Note that plain ascii strings should
	  still work.

2002-09-17  Martin Sjögren  <martin@strakt.com>

	* Released version 0.5.1.

2002-09-09  Martin Sjögren  <martin@strakt.com>

	* setup.cfg: Fixed build requirements for rpms.

2002-09-07  Martin Sjögren  <martin@strakt.com>

	* src/ssl/connection.c: Fix sendall() method. It segfaulted because
	  it was too generous about giving away the GIL.
	* Added SecureXMLRPCServer example, contributed by Michal Wallace.

2002-09-06  Martin Sjögren  <martin@strakt.com>

	* setup.cfg: Updated the build requirements.
	* src/ssl/connection.c: Fix includes for AIX.

2002-09-04  Anders Hammarquist  <iko@strakt.com>

	* Added type checks in all the other places where we expect
	  specific types of objects passed.

2002-09-04  Martin Sjögren  <martin@strakt.com>

	* src/crypto/crypto.c: Added an explicit type check in the dump_*
	  functions, so that they won't die when e.g. None is passed in.

2002-08-25  Martin Sjögren  <martin@strakt.com>

	* doc/pyOpenSSL.tex: Docs for PKCS12.

2002-08-24  Martin Sjögren  <martin@strakt.com>

	* src/crypto: Added basic PKCS12 support, thanks to Mark Welch
	  <mark@collab.net>

2002-08-16  Martin Sjögren  <martin@strakt.com>

	* D'oh! Fixes for python 1.5 and python 2.1.

2002-08-15  Martin Sjögren  <martin@strakt.com>

	* Version 0.5. Yay!

2002-07-25  Martin Sjögren  <martin@strakt.com>

	* src/ssl/context.c: Added set_options method.
	* src/ssl/ssl.c: Added constants for Context.set_options method.

2002-07-23  Martin Sjögren  <martin@strakt.com>

	* Updated docs
	* src/ssl/connection.c: Changed the get_cipher_list method to actually
	  return a list! WARNING: This change makes the API incompatible with
	  earlier versions!

2002-07-15  Martin Sjögren  <martin@strakt.com>

	* src/ssl/connection.[ch]: Removed the fileno method, it uses the
	  transport object's fileno instead.

2002-07-09  Martin Sjögren  <martin@strakt.com>

	* src/crypto/x509.c src/crypto/x509name.c: Fixed segfault bug where
	  you used an X509Name after its X509 had been destroyed.
	* src/crypto/crypto.[ch] src/crypto/x509req.c src/crypto/x509ext.[ch]:
	  Added X509 Extension support. Thanks to maas-Maarten Zeeman
	  <maas@awanim.com>
	* src/crypto/pkey.c: Added bits() and type() methods.

2002-07-08  Martin Sjögren  <martin@strakt.com>

	* src/ssl/connection.c: Moved the contents of setup_ssl into the
	  constructor, thereby fixing some segfault bugs :)
	* src/ssl/connection.c: Added connect_ex and sendall methods.
	* src/crypto/x509name.c: Cleaned up comparisons and NID lookup.
	  Thank you Maas-Maarten Zeeman <maas@awanim.com>
	* src/rand/rand.c: Fix RAND_screen import.
	* src/crypto/crypto.c src/crypto/pkcs7.[ch]: Added PKCS7 management,
	  courtesy of Maas-Maarten Zeeman <maas@awanim.com>
	* src/crypto/x509req.c: Added verify method.

2002-06-17  Martin Sjögren  <martin@strakt.com>

	* rpm/, setup.cfg: Added improved RPM-building stuff, thanks to
	  Mihai Ibanescu <misa@redhat.com>

2002-06-14  Martin Sjögren  <martin@strakt.com>

	* examples/proxy.py: Example code for using OpenSSL through a proxy
	  contributed by Mihai Ibanescu <misa@redhat.com>
	* Updated installation instruction and added them to the TeX manual.

2002-06-13  Martin Sjögren  <martin@strakt.com>

	* src/ssl/context.c: Changed global_verify_callback so that it uses
	  PyObject_IsTrue instead of requring ints.
	* Added pymemcompat.h to make the memory management uniform and
	  backwards-compatible.
	* src/util.h: Added conditional definition of PyModule_AddObject and
	  PyModule_AddIntConstant
	* src/ssl/connection.c: Socket methods are no longer explicitly
	  wrapped. fileno() is the only method the transport layer object HAS
	  to support, but if you want to use connect, accept or sock_shutdown,
	  then the transport layer object has to supply connect, accept
	  and shutdown respectively.

2002-06-12  Martin Sjögren  <martin@strakt.com>

	* Changed comments to docstrings that are visible in Python.
	* src/ssl/connection.c: Added set_connect_state and set_accept_state
	  methods. Thanks to Mark Welch <mark@collab.net> for this.

2002-06-11  Martin Sjögren  <martin@strakt.com>

	* src/ssl/connection.c: accept and connect now use SSL_set_accept_state
	  and SSL_set_connect_state respectively, instead of SSL_accept and
	  SSL_connect.
	* src/ssl/connection.c: Added want_read and want_write methods.

2002-06-05  Martin Sjögren  <martin@strakt.com>

	* src/ssl/connection.c: Added error messages for windows. The code is
	  copied from Python's socketmodule.c. Ick.
	* src/ssl/connection.c: Changed the parameters to the SysCallError. It
	  always has a tuple (number, string) now, even though the number
	  might not always be useful.

2002-04-05  Martin Sjögren  <md9ms@mdstud.chalmers.se>

	* Worked more on the Debian packaging, hopefully the packages
	  are getting into the main Debian archive soon.

2002-01-10  Martin Sjögren  <martin@strakt.com>

	* Worked some more on the Debian packaging, it's turning out real
	  nice.
	* Changed format on this file, I'm going to try to be a bit more
	  verbose about my changes, and this format makes it easier.

2002-01-08  Martin Sjögren  <martin@strakt.com>

	* Version 0.4.1
	* Added some example code
	* Added the thread safe Connection object in the 'tsafe' submodule
	* New Debian packaging

2001-08-09  Martin Sjögren  <martin@strakt.com>

	* Version 0.4
	* Added a compare function for X509Name structures.
	* Moved the submodules to separate .so files, with tiny C APIs so they
	  can communicate
	* Skeletal OpenSSL/__init__.py
	* Removed the err submodule, use crypto.Error and SSL.Error instead

2001-08-06  Martin Sjögren  <martin@strakt.com>

	* Version 0.3
	* Added more types for dealing with certificates (X509Store, X509Req,
	  PKey)
	* Functionality to load private keys, certificates and certificate
	  requests from memory buffers, and store them too
	* X509 and X509Name objects can now be modified as well, very neat when
	  creating certificates ;)
	* Added SSL_MODE_AUTO_RETRY to smooth things for blocking sockets
	* Added a sock_shutdown() method to the Connection type
	* I don't understand why, but I can't use Py_InitModule() to create
	  submodules in Python 2.0, the interpreter segfaults on the cleanup
	  process when I do. I added a conditional compile on the version
	  number, falling back to my own routine. It would of course be nice to
	  investigate what is happening, but I don't have the time to do so
	* Do INCREF on the type objects before inserting them in the
	  dictionary, so they will never reach refcount 0 (they are, after all,
	  statically allocated)

2001-07-30  Martin Sjögren  <martin@strakt.com>

	* Version 0.2
	* Lots of tweaking and comments in the code
	* Now uses distutils instead of the stupid Setup file
	* Hacked doc/tools/mkhowto, html generation should now work

2001-07-16  Martin Sjögren  <martin@strakt.com>

	* Initial release (0.1, don't expect much from this one :-)