| This file only contains the changes up to release 0.15.1. Newer changes can be |
| found at <https://pyopenssl.readthedocs.io/en/latest/changelog.html>. |
| |
| *** |
| |
| 2015-04-14 Hynek Schlawack <hs@ox.cx> |
| |
| * Release 0.15.1 |
| |
| 2015-04-14 Glyph Lefkowitz <glyph@twistedmatrix.com> |
| |
| * OpenSSL/SSL.py, OpenSSL/test/test_ssl.py: Fix a regression |
| present in 0.15, where when an error occurs and no errno() is set, |
| a KeyError is raised. This happens, for example, if |
| Connection.shutdown() is called when the underlying transport has |
| gone away. |
| |
| 2015-04-14 Hynek Schlawack <hs@ox.cx> |
| |
| * Release 0.15 |
| |
| 2015-04-12 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * OpenSSL/rand.py, OpenSSL/SSL.py: APIs which previously accepted |
| filenames only as bytes now accept them as either bytes or |
| unicode (and respect sys.getfilesystemencoding()). |
| |
| 2015-03-23 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * OpenSSL/SSL.py: Add Cory Benfield's next-protocol-negotiation |
| (NPN) bindings. |
| |
| 2015-03-15 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * OpenSSL/SSL.py: Add ``Connection.recv_into``, mirroring the |
| builtin ``socket.recv_into``. Based on work from Cory Benfield. |
| * OpenSSL/test/test_ssl.py: Add tests for ``recv_into``. |
| |
| 2015-01-30 Stephen Holsapple <sholsapp@gmail.com> |
| |
| * OpenSSL/crypto.py: Expose ``X509StoreContext`` for verifying certificates. |
| * OpenSSL/test/test_crypto.py: Add intermediate certificates for |
| |
| 2015-01-08 Paul Aurich <paul@darkrain42.org> |
| |
| * OpenSSL/SSL.py: ``Connection.shutdown`` now propagates errors from the |
| underlying socket. |
| |
| 2014-12-11 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * OpenSSL/SSL.py: Fixed a regression ``Context.check_privatekey`` |
| causing it to always succeed - even if it should fail. |
| |
| 2014-08-21 Alex Gaynor <alex.gaynor@gmail.com> |
| |
| * OpenSSL/crypto.py: Fixed a regression where calling ``load_pkcs7_data`` |
| with ``FILETYPE_ASN1`` would fail with a ``NameError``. |
| |
| 2014-05-05 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * OpenSSL/SSL.py: Fix a regression in which the first argument of |
| the "verify" callback was incorrectly passed a ``Context`` instance |
| instead of the ``Connection`` instance. |
| * OpenSSL/test/test_ssl.py: Add a test for the value passed as the |
| first argument of the "verify" callback. |
| |
| 2014-04-19 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * OpenSSL/crypto.py: Based on work from Alex Gaynor, Andrew |
| Lutomirski, Tobias Oberstein, Laurens Van Houtven, and Hynek |
| Schlawack, add ``get_elliptic_curve`` and ``get_elliptic_curves`` |
| to support TLS ECDHE modes. |
| * OpenSSL/SSL.py: Add ``Context.set_tmp_ecdh`` to configure a TLS |
| context with a particular elliptic curve for ECDHE modes. |
| |
| 2014-04-19 Markus Unterwaditzer <markus@unterwaditzer.net> |
| |
| * OpenSSL/SSL.py: ``Connection.send`` and ``Connection.sendall`` |
| now also accept the ``buffer`` type as data. |
| |
| 2014-04-05 Stephen Holsapple <sholsapp@gmail.com> |
| |
| * OpenSSL/crypto.py: Make ``load_pkcs12`` backwards compatible with |
| pyOpenSSL 0.13 by making passphrase optional. |
| |
| 2014-03-30 Fedor Brunner <fedor.brunner@azet.sk> |
| |
| * OpenSSL/SSL.py: Add ``get_finished``, ``get_peer_finished`` |
| methods to ``Connection``. If you use these methods to |
| implement TLS channel binding (RFC 5929) disable session |
| resumption because triple handshake attacks against TLS. |
| <https://www.ietf.org/mail-archive/web/tls/current/msg11337.html> |
| <https://secure-resumption.com/tlsauth.pdf> |
| |
| 2014-03-29 Fedor Brunner <fedor.brunner@azet.sk> |
| |
| * OpenSSL/SSL.py: Add ``get_cipher_name``, ``get_cipher_bits``, |
| and ``get_cipher_version`` to ``Connection``. |
| |
| 2014-03-28 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * OpenSSL/tsafe.py: Replace the use of ``apply`` (which has been |
| removed in Python 3) with the equivalent syntax. |
| |
| 2014-03-28 Jonathan Giannuzzi <jonathan@giannuzzi.be> |
| |
| * OpenSSL/crypto.py: Fix memory leak in _X509_REVOKED_dup. |
| * leakcheck/crypto.py: Add checks for _X509_REVOKED_dup, CRL.add_revoked |
| and CRL.get_revoked. |
| * setup.py: Require cryptography 0.3 to have the ASN1_TIME_free binding. |
| |
| 2014-03-02 Stephen Holsapple <sholsapp@gmail.com> |
| |
| * OpenSSL/crypto.py: Add ``get_extensions`` method to ``X509Req``. |
| |
| 2014-02-23 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * Release 0.14 |
| |
| 2014-01-09 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * OpenSSL: Port to the cffi-based OpenSSL bindings provided by |
| <https://github.com/pyca/cryptography> |
| |
| 2013-10-06 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * OpenSSL/ssl/context.c: Add support for negotiating TLS v1.1 or |
| v1.2. |
| |
| 2013-10-03 Christian Heimes <christian@python.org> |
| |
| * OpenSSL/crypto/x509.c: Fix an inconsistency in memory management |
| in X509.get_serial_number which leads to crashes on some runtimes |
| (certain Windows/Python 3.3 environments, at least). |
| |
| 2013-08-11 Christian Heimes <christian@python.org> |
| |
| * OpenSSL/crypto/x509ext.c: Fix handling of NULL bytes inside |
| subjectAltName general names when formatting an X509 extension |
| as a string. |
| * OpenSSL/crypto/x509.c: Fix memory leak in get_extension(). |
| |
| 2012-04-03 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * OpenSSL/crypto/pkey.c: Release the GIL around RSA and DSA key |
| generation, based on code from INADA Naoki. |
| |
| 2012-02-13 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * OpenSSL/ssl/ssl.c: Add session cache related constants for use |
| with the new Context.set_session_cache_mode method. |
| |
| * OpenSSL/ssl/context.c: Add new Context methods |
| set_session_cache_mode and get_session_cache_mode. |
| |
| 2011-11-01 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * OpenSSL/crypto/pkey.c: Raise TypeError when trying to check a |
| PKey instance which has no private component, instead of crashing. |
| Based on fix by <lp:~dataway>. |
| |
| 2011-09-14 Žiga Seilnacht <lp:ziga-seilnacht> |
| |
| * OpenSSL/crypto/crypto.c: Allow exceptions from passphrase |
| callbacks to propagate up out of load_privatekey |
| * OpenSSL/crypto/crypto.c: Raise an exception when a too-long |
| passphrase is returned from a passphrase callback, instead of |
| silently truncating it. |
| * OpenSSL/crypto/crypto.c: Fix a memory leak when a passphrase |
| callback returns the wrong type. |
| |
| 2011-09-13 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * OpenSSL/crypto/crl.c: Add error handling for the use of |
| X509_CRL_sign. |
| |
| 2011-09-11 Jonathan Ballet <lp:multani> |
| |
| * doc/: Convert the LaTeX documentation to Sphinx-using ReST. |
| * OpenSSL/: Convert the epytext API documentation to Sphinx-using ReST. |
| |
| 2011-09-08 Guillermo Gonzalez <guillermo.gonzalez@canonical.com> |
| |
| * OpenSSL/ssl/context.c: Add Context.set_mode method. |
| * OpenSSL/ssl/ssl.c: Add MODE_RELEASE_BUFFERS and OP_NO_COMPRESSION |
| constants. |
| |
| 2011-09-02 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * Release 0.13 |
| |
| 2011-06-12 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * OpenSSL/crypto/pkey.c: Add the PKey.check method, mostly |
| implemented by Rick Dean, to verify the internal consistency of a |
| PKey instance. |
| |
| 2011-06-12 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * OpenSSL/crypto/crypto.c: Fix the sign and verify functions so |
| they handle data with embedded NULs. Fix by David Brodsky |
| <lp:~lihalla>. |
| |
| 2011-05-20 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * OpenSSL/ssl/connection.c, OpenSSL/test/test_ssl.py: Add a new |
| method to the Connection type, get_peer_cert_chain, for retrieving |
| the peer's certificate chain. |
| |
| 2011-05-19 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * OpenSSL/crypto/x509.c, OpenSSL/test/test_crypto.py: Add a new |
| method to the X509 type, get_signature_algorithm, for inspecting |
| the signature algorithm field of the certificate. Based on a |
| patch from <lp:~okuda>. |
| |
| 2011-05-10 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * OpenSSL/crypto/crypto.h: Work around a Windows/OpenSSL 1.0 issue |
| explicitly including a Windows header before any OpenSSL headers. |
| |
| * OpenSSL/crypto/pkcs12.c: Work around an OpenSSL 1.0 issue by |
| explicitly flushing errors known to be uninteresting after calling |
| PKCS12_parse. |
| |
| * OpenSSL/ssl/context.c: Remove SSLv2 support if the underlying |
| OpenSSL library does not provide it. |
| |
| * OpenSSL/test/test_crypto.py: Support an OpenSSL 1.0 change from |
| MD5 to SHA1 by allowing either hash algorithm's result as the |
| return value of X509.subject_name_hash. |
| |
| * OpenSSL/test/test_ssl.py: Support an OpenSSL 1.0 change from MD5 |
| to SHA1 by constructing certificate files named using both hash |
| algorithms' results when testing Context.load_verify_locations. |
| |
| * Support OpenSSL 1.0.0a. |
| |
| 2011-04-15 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * OpenSSL/ssl/ssl.c: Add OPENSSL_VERSION_NUMBER, SSLeay_version |
| and related constants for retrieving version information about the |
| underlying OpenSSL library. |
| |
| 2011-04-07 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * Release 0.12 |
| |
| 2011-04-06 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * OpenSSL/crypto/x509.c: Add get_extension_count and get_extension |
| to the X509 type, allowing read access to certificate extensions. |
| |
| * OpenSSL/crypto/x509ext.c: Add get_short_name and get_data to the |
| X509Extension type, allowing read access to the contents of an |
| extension. |
| |
| 2011-03-21 Olivier Hervieu <lp:~ohe> |
| |
| * OpenSSL/ssl/ssl.c: Expose a number of symbolic constants for |
| values passed to the connection "info" callback. |
| |
| 2011-01-22 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * OpenSSL/ssl/connection.py: Add support for new-style |
| buffers (primarily memoryviews) to Connection.send and |
| Connection.sendall. |
| |
| 2010-11-01 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * Release 0.11 |
| |
| 2010-10-07 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * Initial support for Python 3.x throughout the codebase. |
| |
| 2010-09-14 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * OpenSSL/crypto/netscape_spki.c: Fix an off-by-one mistake in the |
| error handling for NetscapeSPKI.verify. Add additional error |
| checking to NetscapeSPKI.sign to handle the case where there is no |
| private key. |
| |
| * OpenSSL/crypto/x509.c: Fix an overflow bug in the subject_name_hash |
| method of the X509 type which would cause it to return negative |
| values on 32 bit systems. |
| |
| * OpenSSL/crypto/x509req.c: Fix an off-by-one mistake in the error |
| handling for X509Req.verify. |
| |
| * OpenSSL/ssl/context.c: Fix the error handling in the load_tmp_dh |
| method of the Context type which would cause it to always raise |
| MemoryError, regardless of the actual error (such as a bad file |
| name). |
| |
| * OpenSSL/test/: Numerous unit tests added, both for above fixes |
| and for other previously untested code paths. |
| |
| 2010-07-27 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * Re-arrange the repository so that the package can be built and |
| used in-place without requiring installation. |
| |
| 2010-02-27 James Yonan <james@openvpn.net> |
| |
| * src/crypto/crypto.c: Added crypto.sign and crypto.verify methods |
| that wrap EVP_Sign and EVP_Verify function families, using code |
| derived from Dave Cridland's PyOpenSSL branch. |
| |
| * test/test_crypto.py: Added unit tests for crypto.sign and |
| crypto.verify. |
| |
| 2010-01-27 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * src/ssl/connection.c, src/util.h: Apply patch from Sandro Tosi to |
| fix misspellings of "compatibility". |
| |
| 2009-11-13 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * Release 0.10 |
| |
| 2009-11-07 Žiga Seilnacht, Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * src/ssl/connection.c, src/ssl/context.c: Add set_client_ca_list, |
| add_client_ca, and get_client_ca_list to Context for manipulating |
| the list of certificate authority names which are sent by servers |
| with the certificate request message. |
| * src/util.h: Add ssize-related defines if the version of Python |
| being used does not have them. |
| * setup.py: Significant changes to the way Windows builds are done, |
| particularly the way OpenSSL headers and libraries are found (with |
| the new --with-openssl argument to build_ext). |
| |
| 2009-08-27 Rick Dean <rick@fdd.com>, Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * src/crypto/pkcs12.c: Add setters to the PKCS12 type for the |
| certificate, private key, ca certificate list, and friendly |
| name, and add a getter for the friendly name. Also add a method |
| for exporting a PKCS12 object as a string. |
| * test/test_crypto.py: Add lots of additional tests for the PKCS12 |
| type. |
| * doc/pyOpenSSL.tex: Documentation for the new PKCS12 methods. |
| |
| 2009-07-17 Rick Dean <rick@fdd.com>, Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * src/crypto/x509ext.c: Add subject and issuer parameters to |
| X509Extension, allowing creation of extensions which require that |
| information. Fixes LP#322813. |
| |
| 2009-07-16 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * test/util.py: Changed the base TestCase's tearDown to assert that |
| no errors were left in the OpenSSL error queue by the test. |
| * src/crypto/crypto.c: Add a private helper in support of the |
| TestCase.tearDown change. |
| * src/crypto/x509name.c: Changed X509Name's getattr implementation |
| to clean up the error queue. Fixes LP#314814. |
| * test/util.c: Changed flush_error_queue to avoid a reference |
| counting bug caused by macro expansion. |
| |
| 2009-07-16 Rick Dean <rick@fdd.com> |
| |
| * src/rand.c: Added OpenSSL.rand.bytes to get random bytes directly. |
| * src/util.c: Added generic exceptions_from_error_queue to replace |
| the various other implementations of this function. Also updated |
| the rest of the codebase to use this version instead. |
| |
| 2009-07-05 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * test/util.py, test/test_ssl.py, test/test_crypto.py: Fold the |
| Python 2.3 compatibility TestCase mixin into the TestCase defined |
| in util.py. |
| |
| 2009-07-05 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * test/util.py, test/test_ssl.py, test/test_crypto.py: Stop trying |
| to use Twisted's TestCase even when it's available. Instead, |
| always use the stdlib TestCase with a few enhancements. |
| |
| 2009-07-04 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * Changed most extension types so that they can be instantiated |
| using the type object rather than a factory function. The old |
| factory functions are now aliases for the type objects. |
| Fixes LP#312786. |
| |
| 2009-05-27 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * Changed all docstrings in extension modules to be friendlier |
| towards Python programmers. Fixes LP#312787. |
| |
| 2009-05-27 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * src/crypto/x509ext.c: Correctly deallocate the new Extension |
| instance when there is an error initializing it and it is not |
| going to be returned. Resolves LP#368043. |
| |
| 2009-05-11 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * test/test_crypto.py: Use binary mode for the pipe to talk to the |
| external openssl binary. The data being transported over this |
| pipe is indeed binary, so previously it would often be truncated |
| or otherwise mangled. |
| |
| * src/ssl/connection.h, src/ssl/connection.c, test/test_ssl.py: |
| Extend the Connection class with support for in-memory BIOs. This |
| allows SSL to be run without a real socket, useful for |
| implementing EAP-TLS or using SSL with Windows IO completion |
| ports, for example. Based heavily on contributions from Rick |
| Dean. |
| |
| 2009-04-25 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * Release 0.9 |
| |
| 2009-04-01 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| Samuele Pedroni <pedronis@openend.se> |
| |
| * src/util.h: Delete the TLS key before trying to set a new value |
| for it in case the current thread identifier is a recycled one (if |
| it is recycled, the key won't be set because there is already a |
| value from the previous thread to have this identifier and to use |
| the pyOpenSSL API). |
| |
| 2009-04-01 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * src/crypto/crypto.c: Add FILETYPE_TEXT for dumping keys and |
| certificates and certificate signature requests to a text format. |
| |
| 2008-12-31 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * src/crypto/x509ext.c, test/test_crypto.py: Add the get_short_name |
| method to X509Extension based on patch from Alex Stapleton. |
| |
| 2008-12-31 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * src/crypto/x509ext.c, test/test_crypto.py: Fix X509Extension so |
| that it is possible to instantiate extensions which use s2i or r2i |
| instead of v2i (an extremely obscure extension implementation |
| detail). |
| |
| 2008-12-30 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * MANIFEST.in, src/crypto/crypto.c, src/crypto/x509.c, |
| src/crypto/x509name.c, src/rand/rand.c, src/ssl/context.c: Changes |
| which eliminate compiler warnings but should not change any |
| behavior. |
| |
| 2008-12-28 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * test/test_ssl.py, src/ssl/ssl.c: Expose DTLS-related constants, |
| OP_NO_QUERY_MTU, OP_COOKIE_EXCHANGE, and OP_NO_TICKET. |
| |
| 2008-12-28 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * src/ssl/context.c: Add a capath parameter to |
| Context.load_verify_locations to allow Python code to specify |
| either or both arguments to the underlying |
| SSL_CTX_load_verify_locations API. |
| * src/ssl/context.c: Add Context.set_default_verify_paths, a wrapper |
| around SSL_CTX_set_default_verify_paths. |
| |
| 2008-12-28 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * test/test_crypto.py, src/crypto/x509req.c: Added get_version and |
| set_version_methods to X509ReqType based on patch from Wouter van |
| Bommel. Resolves LP#274418. |
| |
| 2008-09-22 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * Release 0.8 |
| |
| 2008-10-19 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * tsafe.py: Revert the deprecation of the thread-safe Connection |
| wrapper. The Connection class should not segfault if used from |
| multiple threads now, but it generally cannot be relied on to |
| produce correct results if used without the thread-safe wrapper. |
| * doc/pyOpenSSL.tex: Correct the documentation for the set_passwd_cb |
| callback parameter so that it accurately describes the required |
| signature. |
| |
| 2008-09-22 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * Release 0.8a1 |
| |
| 2008-09-21 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * src/ssl/ssl.h, src/ssl/ssl.c: Add a thread-local storage key |
| which will be used to store and retrieve PyThreadState pointers |
| whenever it is necessary to release or re-acquire the GIL. |
| |
| * src/ssl/context.c: Change global_verify_callback so that it |
| unconditionally manipulates the Python threadstate, rather than |
| checking the tstate field which is now always NULL. |
| |
| 2008-04-26 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * src/ssl/context.c: Change global_passphrase_callback and |
| global_info_callback so that they acquire the GIL before |
| invoking any CPython APIs and do not release it until after they |
| are finished invoking all of them (based heavily on on patch |
| from Dan Williams). |
| * src/ssl/crypto.c: Initialize OpenSSL thread support so that it |
| is valid to use OpenSSL APIs from more than one thread (based on |
| patch from Dan Williams). |
| * test/test_crypto.py: Add tests for load_privatekey and |
| dump_privatekey when a passphrase or a passphrase callback is |
| supplied. |
| * test/test_ssl.py: Add tests for Context.set_passwd_cb and |
| Context.set_info_callback. |
| |
| 2008-04-11 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * Release 0.7 |
| |
| 2008-03-26 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * src/crypto/x509name.c: Add X509Name.get_components |
| |
| 2008-03-25 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * src/crypto/x509name.c: Add hash and der methods to X509Name. |
| * src/crypto/x509.c: Fix a bug in X509.get_notBefore and |
| X509.get_notAfter preventing UTCTIME format timestamps from |
| working. |
| |
| 2008-03-12 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * Fix coding problems in examples/. Remove keys and certificates |
| and add a note about how to generate new ones. |
| |
| 2008-03-09 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * src/crypto/x509.c: Add getters and setters for the notBefore and |
| notAfter attributes of X509s. |
| * src/crypto/pkey.h, src/crypto/pkey.c, src/crypto/x509req.c, |
| src/crypto/x509.c: Track the initialized and public/private state |
| of EVP_PKEY structures underlying the crypto_PKeyObj type and |
| reject X509Req signature operations on keys not suitable for the |
| task. |
| |
| 2008-03-06 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * src/crypto/x509name.c: Fix tp_compare so it only returns -1, 0, or |
| 1. This eliminates a RuntimeWarning emitted by Python. |
| * src/crypto/x509req.c: Fix reference counting for X509Name returned |
| by X509Req.get_subject. This removes a segfault when the subject |
| name outlives the request object. |
| * src/crypto/x509.c: Change get_serial_number and set_serial_number |
| to accept Python longs. |
| * doc/pyOpenSSL.tex: A number of minor corrections. |
| |
| 2008-03-03 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * src/crypto/crypto.c: Expose X509_verify_cert_error_string. (patch |
| from Victor Stinner) |
| |
| 2008-02-22 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * src/ssl/connection.c src/ssl/context.c src/ssl/ssl.c: Fix |
| compilation on Windows. (patch from Michael Schneider) |
| |
| 2008-02-21 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * src/ssl/connection.c: Expose SSL_get_shutdown and |
| SSL_set_shutdown. (patch from James Knight) |
| * src/ssl/ssl.c: Expose SSL_SENT_SHUTDOWN and SSL_RECEIVED_SHUTDOWN. |
| (patch from James Knight) |
| |
| 2008-02-19 Jean-Paul Calderone <exarkun@twistedmatrix.com> |
| |
| * src/ssl/context.c: Expose SSL_CTX_add_extra_chain_cert. |
| * src/crypto/x509name.c: Fix memory leaks in __getattr__ and |
| __setattr_ implementations. |
| * src/crypto/x509.c: Fix memory leak in X509.get_pubkey(). |
| * leakcheck/: An attempt at a systematic approach to leak |
| elimination. |
| |
| 2004-08-13 Martin Sjögren <msjogren@gmail.com> |
| |
| * Released version 0.6. |
| |
| 2004-08-11 Martin Sjögren <msjogren@gmail.com> |
| |
| * doc/pyOpenSSL.tex: Updates to the docs. |
| |
| 2004-08-10 Martin Sjögren <msjogren@gmail.com> |
| |
| * src/crypto/x509.c: Add X509.add_extensions based on a patch |
| from Han S. Lee. |
| * src/ssl/ssl.c: Add more SSL_OP_ constants. Patch from Mihai |
| Ibanescu. |
| |
| 2004-08-09 Martin Sjögren <msjogren@gmail.com> |
| |
| * setup.py src/crypto/: Add support for Netscape SPKI extensions |
| based on a patch from Tollef Fog Heen. |
| * src/crypto/crypto.c: Add support for python passphrase callbacks |
| based on a patch from Robert Olson. |
| |
| 2004-08-03 Martin Sjögren <msjogren@gmail.com> |
| |
| * src/ssl/context.c: Applied patch from Frederic Peters to add |
| Context.use_certificate_chain_file. |
| * src/crypto/x509.c: Applid patch from Tollef Fog Heen to add |
| X509.subject_name_hash and X509.digest. |
| |
| 2004-08-02 Martin Sjögren <msjogren@gmail.com> |
| |
| * src/crypto/crypto.c src/ssl/ssl.c: Applied patch from Bastian |
| Kleineidam to fix full names of exceptions. |
| |
| 2004-07-19 Martin Sjögren <msjogren@gmail.com> |
| |
| * doc/pyOpenSSL.tex: Fix the errors regarding X509Name's field names. |
| |
| 2004-07-18 Martin Sjögren <msjogren@gmail.com> |
| |
| * examples/certgen.py: Fixed wrong attributes in doc string, thanks |
| Remy. (SFbug#913315) |
| * __init__.py, setup.py, version.py: Add __version__, as suggested by |
| Ronald Oussoren in SFbug#888729. |
| * examples/proxy.py: Fix typos, thanks Mihai Ibanescu. (SFpatch#895820) |
| |
| 2003-01-09 Martin Sjögren <martin@strakt.com> |
| |
| * Use cyclic GC protocol in SSL.Connection, SSL.Context, crypto.PKCS12 |
| and crypto.X509Name. |
| |
| 2002-12-02 Martin Sjögren <martin@strakt.com> |
| |
| * tsafe.py: Add some missing methods. |
| |
| 2002-10-06 Martin Sjögren <martin@strakt.com> |
| |
| * __init__.py: Import tsafe too! |
| |
| 2002-10-05 Martin Sjögren <martin@strakt.com> |
| |
| * src/crypto/x509name.c: Use unicode strings instead of ordinary |
| strings in getattr/setattr. Note that plain ascii strings should |
| still work. |
| |
| 2002-09-17 Martin Sjögren <martin@strakt.com> |
| |
| * Released version 0.5.1. |
| |
| 2002-09-09 Martin Sjögren <martin@strakt.com> |
| |
| * setup.cfg: Fixed build requirements for rpms. |
| |
| 2002-09-07 Martin Sjögren <martin@strakt.com> |
| |
| * src/ssl/connection.c: Fix sendall() method. It segfaulted because |
| it was too generous about giving away the GIL. |
| * Added SecureXMLRPCServer example, contributed by Michal Wallace. |
| |
| 2002-09-06 Martin Sjögren <martin@strakt.com> |
| |
| * setup.cfg: Updated the build requirements. |
| * src/ssl/connection.c: Fix includes for AIX. |
| |
| 2002-09-04 Anders Hammarquist <iko@strakt.com> |
| |
| * Added type checks in all the other places where we expect |
| specific types of objects passed. |
| |
| 2002-09-04 Martin Sjögren <martin@strakt.com> |
| |
| * src/crypto/crypto.c: Added an explicit type check in the dump_* |
| functions, so that they won't die when e.g. None is passed in. |
| |
| 2002-08-25 Martin Sjögren <martin@strakt.com> |
| |
| * doc/pyOpenSSL.tex: Docs for PKCS12. |
| |
| 2002-08-24 Martin Sjögren <martin@strakt.com> |
| |
| * src/crypto: Added basic PKCS12 support, thanks to Mark Welch |
| <mark@collab.net> |
| |
| 2002-08-16 Martin Sjögren <martin@strakt.com> |
| |
| * D'oh! Fixes for python 1.5 and python 2.1. |
| |
| 2002-08-15 Martin Sjögren <martin@strakt.com> |
| |
| * Version 0.5. Yay! |
| |
| 2002-07-25 Martin Sjögren <martin@strakt.com> |
| |
| * src/ssl/context.c: Added set_options method. |
| * src/ssl/ssl.c: Added constants for Context.set_options method. |
| |
| 2002-07-23 Martin Sjögren <martin@strakt.com> |
| |
| * Updated docs |
| * src/ssl/connection.c: Changed the get_cipher_list method to actually |
| return a list! WARNING: This change makes the API incompatible with |
| earlier versions! |
| |
| 2002-07-15 Martin Sjögren <martin@strakt.com> |
| |
| * src/ssl/connection.[ch]: Removed the fileno method, it uses the |
| transport object's fileno instead. |
| |
| 2002-07-09 Martin Sjögren <martin@strakt.com> |
| |
| * src/crypto/x509.c src/crypto/x509name.c: Fixed segfault bug where |
| you used an X509Name after its X509 had been destroyed. |
| * src/crypto/crypto.[ch] src/crypto/x509req.c src/crypto/x509ext.[ch]: |
| Added X509 Extension support. Thanks to maas-Maarten Zeeman |
| <maas@awanim.com> |
| * src/crypto/pkey.c: Added bits() and type() methods. |
| |
| 2002-07-08 Martin Sjögren <martin@strakt.com> |
| |
| * src/ssl/connection.c: Moved the contents of setup_ssl into the |
| constructor, thereby fixing some segfault bugs :) |
| * src/ssl/connection.c: Added connect_ex and sendall methods. |
| * src/crypto/x509name.c: Cleaned up comparisons and NID lookup. |
| Thank you Maas-Maarten Zeeman <maas@awanim.com> |
| * src/rand/rand.c: Fix RAND_screen import. |
| * src/crypto/crypto.c src/crypto/pkcs7.[ch]: Added PKCS7 management, |
| courtesy of Maas-Maarten Zeeman <maas@awanim.com> |
| * src/crypto/x509req.c: Added verify method. |
| |
| 2002-06-17 Martin Sjögren <martin@strakt.com> |
| |
| * rpm/, setup.cfg: Added improved RPM-building stuff, thanks to |
| Mihai Ibanescu <misa@redhat.com> |
| |
| 2002-06-14 Martin Sjögren <martin@strakt.com> |
| |
| * examples/proxy.py: Example code for using OpenSSL through a proxy |
| contributed by Mihai Ibanescu <misa@redhat.com> |
| * Updated installation instruction and added them to the TeX manual. |
| |
| 2002-06-13 Martin Sjögren <martin@strakt.com> |
| |
| * src/ssl/context.c: Changed global_verify_callback so that it uses |
| PyObject_IsTrue instead of requiring ints. |
| * Added pymemcompat.h to make the memory management uniform and |
| backwards-compatible. |
| * src/util.h: Added conditional definition of PyModule_AddObject and |
| PyModule_AddIntConstant |
| * src/ssl/connection.c: Socket methods are no longer explicitly |
| wrapped. fileno() is the only method the transport layer object HAS |
| to support, but if you want to use connect, accept or sock_shutdown, |
| then the transport layer object has to supply connect, accept |
| and shutdown respectively. |
| |
| 2002-06-12 Martin Sjögren <martin@strakt.com> |
| |
| * Changed comments to docstrings that are visible in Python. |
| * src/ssl/connection.c: Added set_connect_state and set_accept_state |
| methods. Thanks to Mark Welch <mark@collab.net> for this. |
| |
| 2002-06-11 Martin Sjögren <martin@strakt.com> |
| |
| * src/ssl/connection.c: accept and connect now use SSL_set_accept_state |
| and SSL_set_connect_state respectively, instead of SSL_accept and |
| SSL_connect. |
| * src/ssl/connection.c: Added want_read and want_write methods. |
| |
| 2002-06-05 Martin Sjögren <martin@strakt.com> |
| |
| * src/ssl/connection.c: Added error messages for windows. The code is |
| copied from Python's socketmodule.c. Ick. |
| * src/ssl/connection.c: Changed the parameters to the SysCallError. It |
| always has a tuple (number, string) now, even though the number |
| might not always be useful. |
| |
| 2002-04-05 Martin Sjögren <md9ms@mdstud.chalmers.se> |
| |
| * Worked more on the Debian packaging, hopefully the packages |
| are getting into the main Debian archive soon. |
| |
| 2002-01-10 Martin Sjögren <martin@strakt.com> |
| |
| * Worked some more on the Debian packaging, it's turning out real |
| nice. |
| * Changed format on this file, I'm going to try to be a bit more |
| verbose about my changes, and this format makes it easier. |
| |
| 2002-01-08 Martin Sjögren <martin@strakt.com> |
| |
| * Version 0.4.1 |
| * Added some example code |
| * Added the thread safe Connection object in the 'tsafe' submodule |
| * New Debian packaging |
| |
| 2001-08-09 Martin Sjögren <martin@strakt.com> |
| |
| * Version 0.4 |
| * Added a compare function for X509Name structures. |
| * Moved the submodules to separate .so files, with tiny C APIs so they |
| can communicate |
| * Skeletal OpenSSL/__init__.py |
| * Removed the err submodule, use crypto.Error and SSL.Error instead |
| |
| 2001-08-06 Martin Sjögren <martin@strakt.com> |
| |
| * Version 0.3 |
| * Added more types for dealing with certificates (X509Store, X509Req, |
| PKey) |
| * Functionality to load private keys, certificates and certificate |
| requests from memory buffers, and store them too |
| * X509 and X509Name objects can now be modified as well, very neat when |
| creating certificates ;) |
| * Added SSL_MODE_AUTO_RETRY to smooth things for blocking sockets |
| * Added a sock_shutdown() method to the Connection type |
| * I don't understand why, but I can't use Py_InitModule() to create |
| submodules in Python 2.0, the interpreter segfaults on the cleanup |
| process when I do. I added a conditional compile on the version |
| number, falling back to my own routine. It would of course be nice to |
| investigate what is happening, but I don't have the time to do so |
| * Do INCREF on the type objects before inserting them in the |
| dictionary, so they will never reach refcount 0 (they are, after all, |
| statically allocated) |
| |
| 2001-07-30 Martin Sjögren <martin@strakt.com> |
| |
| * Version 0.2 |
| * Lots of tweaking and comments in the code |
| * Now uses distutils instead of the stupid Setup file |
| * Hacked doc/tools/mkhowto, html generation should now work |
| |
| 2001-07-16 Martin Sjögren <martin@strakt.com> |
| |
| * Initial release (0.1, don't expect much from this one :-) |
| |
