diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/ChangeLog_old.txt | 833 | ||||
-rw-r--r-- | doc/backward-compatibility.rst | 11 | ||||
-rw-r--r-- | doc/changelog.rst | 1 | ||||
-rw-r--r-- | doc/index.rst | 11 |
4 files changed, 856 insertions, 0 deletions
diff --git a/doc/ChangeLog_old.txt b/doc/ChangeLog_old.txt new file mode 100644 index 0000000..88174d5 --- /dev/null +++ b/doc/ChangeLog_old.txt @@ -0,0 +1,833 @@ +This file only contains the changes up to release 0.15.1. Newer changes can be +found at <https://pyopenssl.readthedocs.org/en/latest/changelog.html>. + +*** + +2015-04-14 Hynek Schlawack <hs@ox.cx> + + * Release 0.15.1 + +2015-04-14 Glyph Lefkowitz <glyph@twistedmatrix.com> + + * OpenSSL/SSL.py, OpenSSL/test/test_ssl.py: Fix a regression + present in 0.15, where when an error occurs and no errno() is set, + a KeyError is raised. This happens, for example, if + Connection.shutdown() is called when the underlying transport has + gone away. + +2015-04-14 Hynek Schlawack <hs@ox.cx> + + * Release 0.15 + +2015-04-12 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * OpenSSL/rand.py, OpenSSL/SSL.py: APIs which previously accepted + filenames only as bytes now accept them as either bytes or + unicode (and respect sys.getfilesystemencoding()). + +2015-03-23 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * OpenSSL/SSL.py: Add Cory Benfield's next-protocol-negotiation + (NPN) bindings. + +2015-03-15 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * OpenSSL/SSL.py: Add ``Connection.recv_into``, mirroring the + builtin ``socket.recv_into``. Based on work from Cory Benfield. + * OpenSSL/test/test_ssl.py: Add tests for ``recv_into``. + +2015-01-30 Stephen Holsapple <sholsapp@gmail.com> + + * OpenSSL/crypto.py: Expose ``X509StoreContext`` for verifying certificates. + * OpenSSL/test/test_crypto.py: Add intermediate certificates for + +2015-01-08 Paul Aurich <paul@darkrain42.org> + + * OpenSSL/SSL.py: ``Connection.shutdown`` now propagates errors from the + underlying socket. + +2014-12-11 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * OpenSSL/SSL.py: Fixed a regression ``Context.check_privatekey`` + causing it to always succeed - even if it should fail. + +2014-08-21 Alex Gaynor <alex.gaynor@gmail.com> + + * OpenSSL/crypto.py: Fixed a regression where calling ``load_pkcs7_data`` + with ``FILETYPE_ASN1`` would fail with a ``NameError``. + +2014-05-05 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * OpenSSL/SSL.py: Fix a regression in which the first argument of + the "verify" callback was incorrectly passed a ``Context`` instance + instead of the ``Connection`` instance. + * OpenSSL/test/test_ssl.py: Add a test for the value passed as the + first argument of the "verify" callback. + +2014-04-19 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * OpenSSL/crypto.py: Based on work from Alex Gaynor, Andrew + Lutomirski, Tobias Oberstein, Laurens Van Houtven, and Hynek + Schlawack, add ``get_elliptic_curve`` and ``get_elliptic_curves`` + to support TLS ECDHE modes. + * OpenSSL/SSL.py: Add ``Context.set_tmp_ecdh`` to configure a TLS + context with a particular elliptic curve for ECDHE modes. + +2014-04-19 Markus Unterwaditzer <markus@unterwaditzer.net> + + * OpenSSL/SSL.py: ``Connection.send`` and ``Connection.sendall`` + now also accept the ``buffer`` type as data. + +2014-04-05 Stephen Holsapple <sholsapp@gmail.com> + + * OpenSSL/crypto.py: Make ``load_pkcs12`` backwards compatible with + pyOpenSSL 0.13 by making passphrase optional. + +2014-03-30 Fedor Brunner <fedor.brunner@azet.sk> + + * OpenSSL/SSL.py: Add ``get_finished``, ``get_peer_finished`` + methods to ``Connection``. If you use these methods to + implement TLS channel binding (RFC 5929) disable session + resumption because triple handshake attacks against TLS. + <https://www.ietf.org/mail-archive/web/tls/current/msg11337.html> + <https://secure-resumption.com/tlsauth.pdf> + +2014-03-29 Fedor Brunner <fedor.brunner@azet.sk> + + * OpenSSL/SSL.py: Add ``get_cipher_name``, ``get_cipher_bits``, + and ``get_cipher_version`` to ``Connection``. + +2014-03-28 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * OpenSSL/tsafe.py: Replace the use of ``apply`` (which has been + removed in Python 3) with the equivalent syntax. + +2014-03-28 Jonathan Giannuzzi <jonathan@giannuzzi.be> + + * OpenSSL/crypto.py: Fix memory leak in _X509_REVOKED_dup. + * leakcheck/crypto.py: Add checks for _X509_REVOKED_dup, CRL.add_revoked + and CRL.get_revoked. + * setup.py: Require cryptography 0.3 to have the ASN1_TIME_free binding. + +2014-03-02 Stephen Holsapple <sholsapp@gmail.com> + + * OpenSSL/crypto.py: Add ``get_extensions`` method to ``X509Req``. + +2014-02-23 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * Release 0.14 + +2014-01-09 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * OpenSSL: Port to the cffi-based OpenSSL bindings provided by + <https://github.com/pyca/cryptography> + +2013-10-06 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * OpenSSL/ssl/context.c: Add support for negotiating TLS v1.1 or + v1.2. + +2013-10-03 Christian Heimes <christian@python.org> + + * OpenSSL/crypto/x509.c: Fix an inconsistency in memory management + in X509.get_serial_number which leads to crashes on some runtimes + (certain Windows/Python 3.3 environments, at least). + +2013-08-11 Christian Heimes <christian@python.org> + + * OpenSSL/crypto/x509ext.c: Fix handling of NULL bytes inside + subjectAltName general names when formatting an X509 extension + as a string. + * OpenSSL/crypto/x509.c: Fix memory leak in get_extension(). + +2012-04-03 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * OpenSSL/crypto/pkey.c: Release the GIL around RSA and DSA key + generation, based on code from INADA Naoki. + +2012-02-13 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * OpenSSL/ssl/ssl.c: Add session cache related constants for use + with the new Context.set_session_cache_mode method. + + * OpenSSL/ssl/context.c: Add new Context methods + set_session_cache_mode and get_session_cache_mode. + +2011-11-01 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * OpenSSL/crypto/pkey.c: Raise TypeError when trying to check a + PKey instance which has no private component, instead of crashing. + Based on fix by <lp:~dataway>. + +2011-09-14 Žiga Seilnacht <lp:ziga-seilnacht> + + * OpenSSL/crypto/crypto.c: Allow exceptions from passphrase + callbacks to propagate up out of load_privatekey + * OpenSSL/crypto/crypto.c: Raise an exception when a too-long + passphrase is returned from a passphrase callback, instead of + silently truncating it. + * OpenSSL/crypto/crypto.c: Fix a memory leak when a passphrase + callback returns the wrong type. + +2011-09-13 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * OpenSSL/crypto/crl.c: Add error handling for the use of + X509_CRL_sign. + +2011-09-11 Jonathan Ballet <lp:multani> + + * doc/: Convert the LaTeX documentation to Sphinx-using ReST. + * OpenSSL/: Convert the epytext API documentation to Sphinx-using ReST. + +2011-09-08 Guillermo Gonzalez <guillermo.gonzalez@canonical.com> + + * OpenSSL/ssl/context.c: Add Context.set_mode method. + * OpenSSL/ssl/ssl.c: Add MODE_RELEASE_BUFFERS and OP_NO_COMPRESSION + constants. + +2011-09-02 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * Release 0.13 + +2011-06-12 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * OpenSSL/crypto/pkey.c: Add the PKey.check method, mostly + implemented by Rick Dean, to verify the internal consistency of a + PKey instance. + +2011-06-12 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * OpenSSL/crypto/crypto.c: Fix the sign and verify functions so + they handle data with embedded NULs. Fix by David Brodsky + <lp:~lihalla>. + +2011-05-20 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * OpenSSL/ssl/connection.c, OpenSSL/test/test_ssl.py: Add a new + method to the Connection type, get_peer_cert_chain, for retrieving + the peer's certificate chain. + +2011-05-19 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * OpenSSL/crypto/x509.c, OpenSSL/test/test_crypto.py: Add a new + method to the X509 type, get_signature_algorithm, for inspecting + the signature algorithm field of the certificate. Based on a + patch from <lp:~okuda>. + +2011-05-10 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * OpenSSL/crypto/crypto.h: Work around a Windows/OpenSSL 1.0 issue + explicitly including a Windows header before any OpenSSL headers. + + * OpenSSL/crypto/pkcs12.c: Work around an OpenSSL 1.0 issue by + explicitly flushing errors known to be uninteresting after calling + PKCS12_parse. + + * OpenSSL/ssl/context.c: Remove SSLv2 support if the underlying + OpenSSL library does not provide it. + + * OpenSSL/test/test_crypto.py: Support an OpenSSL 1.0 change from + MD5 to SHA1 by allowing either hash algorithm's result as the + return value of X509.subject_name_hash. + + * OpenSSL/test/test_ssl.py: Support an OpenSSL 1.0 change from MD5 + to SHA1 by constructing certificate files named using both hash + algorithms' results when testing Context.load_verify_locations. + + * Support OpenSSL 1.0.0a. + +2011-04-15 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * OpenSSL/ssl/ssl.c: Add OPENSSL_VERSION_NUMBER, SSLeay_version + and related constants for retrieving version information about the + underlying OpenSSL library. + +2011-04-07 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * Release 0.12 + +2011-04-06 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * OpenSSL/crypto/x509.c: Add get_extension_count and get_extension + to the X509 type, allowing read access to certificate extensions. + + * OpenSSL/crypto/x509ext.c: Add get_short_name and get_data to the + X509Extension type, allowing read access to the contents of an + extension. + +2011-03-21 Olivier Hervieu <lp:~ohe> + + * OpenSSL/ssl/ssl.c: Expose a number of symbolic constants for + values passed to the connection "info" callback. + +2011-01-22 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * OpenSSL/ssl/connection.py: Add support for new-style + buffers (primarily memoryviews) to Connection.send and + Connection.sendall. + +2010-11-01 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * Release 0.11 + +2010-10-07 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * Initial support for Python 3.x throughout the codebase. + +2010-09-14 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * OpenSSL/crypto/netscape_spki.c: Fix an off-by-one mistake in the + error handling for NetscapeSPKI.verify. Add additional error + checking to NetscapeSPKI.sign to handle the case where there is no + private key. + + * OpenSSL/crypto/x509.c: Fix an overflow bug in the subject_name_hash + method of the X509 type which would cause it to return negative + values on 32 bit systems. + + * OpenSSL/crypto/x509req.c: Fix an off-by-one mistake in the error + handling for X509Req.verify. + + * OpenSSL/ssl/context.c: Fix the error handling in the load_tmp_dh + method of the Context type which would cause it to always raise + MemoryError, regardless of the actual error (such as a bad file + name). + + * OpenSSL/test/: Numerous unit tests added, both for above fixes + and for other previously untested code paths. + +2010-07-27 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * Re-arrange the repository so that the package can be built and + used in-place without requiring installation. + +2010-02-27 James Yonan <james@openvpn.net> + + * src/crypto/crypto.c: Added crypto.sign and crypto.verify methods + that wrap EVP_Sign and EVP_Verify function families, using code + derived from Dave Cridland's PyOpenSSL branch. + + * test/test_crypto.py: Added unit tests for crypto.sign and + crypto.verify. + +2010-01-27 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * src/ssl/connection.c, src/util.h: Apply patch from Sandro Tosi to + fix misspellings of "compatibility". + +2009-11-13 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * Release 0.10 + +2009-11-07 Žiga Seilnacht, Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * src/ssl/connection.c, src/ssl/context.c: Add set_client_ca_list, + add_client_ca, and get_client_ca_list to Context for manipulating + the list of certificate authority names which are sent by servers + with the certificate request message. + * src/util.h: Add ssize-related defines if the version of Python + being used does not have them. + * setup.py: Significant changes to the way Windows builds are done, + particularly the way OpenSSL headers and libraries are found (with + the new --with-openssl argument to build_ext). + +2009-08-27 Rick Dean <rick@fdd.com>, Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * src/crypto/pkcs12.c: Add setters to the PKCS12 type for the + certificate, private key, ca certificate list, and friendly + name, and add a getter for the friendly name. Also add a method + for exporting a PKCS12 object as a string. + * test/test_crypto.py: Add lots of additional tests for the PKCS12 + type. + * doc/pyOpenSSL.tex: Documentation for the new PKCS12 methods. + +2009-07-17 Rick Dean <rick@fdd.com>, Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * src/crypto/x509ext.c: Add subject and issuer parameters to + X509Extension, allowing creation of extensions which require that + information. Fixes LP#322813. + +2009-07-16 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * test/util.py: Changed the base TestCase's tearDown to assert that + no errors were left in the OpenSSL error queue by the test. + * src/crypto/crypto.c: Add a private helper in support of the + TestCase.tearDown change. + * src/crypto/x509name.c: Changed X509Name's getattr implementation + to clean up the error queue. Fixes LP#314814. + * test/util.c: Changed flush_error_queue to avoid a reference + counting bug caused by macro expansion. + +2009-07-16 Rick Dean <rick@fdd.com> + + * src/rand.c: Added OpenSSL.rand.bytes to get random bytes directly. + * src/util.c: Added generic exceptions_from_error_queue to replace + the various other implementations of this function. Also updated + the rest of the codebase to use this version instead. + +2009-07-05 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * test/util.py, test/test_ssl.py, test/test_crypto.py: Fold the + Python 2.3 compatibility TestCase mixin into the TestCase defined + in util.py. + +2009-07-05 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * test/util.py, test/test_ssl.py, test/test_crypto.py: Stop trying + to use Twisted's TestCase even when it's available. Instead, + always use the stdlib TestCase with a few enhancements. + +2009-07-04 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * Changed most extension types so that they can be instantiated + using the type object rather than a factory function. The old + factory functions are now aliases for the type objects. + Fixes LP#312786. + +2009-05-27 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * Changed all docstrings in extension modules to be friendlier + towards Python programmers. Fixes LP#312787. + +2009-05-27 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * src/crypto/x509ext.c: Correctly deallocate the new Extension + instance when there is an error initializing it and it is not + going to be returned. Resolves LP#368043. + +2009-05-11 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * test/test_crypto.py: Use binary mode for the pipe to talk to the + external openssl binary. The data being transported over this + pipe is indeed binary, so previously it would often be truncated + or otherwise mangled. + + * src/ssl/connection.h, src/ssl/connection.c, test/test_ssl.py: + Extend the Connection class with support for in-memory BIOs. This + allows SSL to be run without a real socket, useful for + implementing EAP-TLS or using SSL with Windows IO completion + ports, for example. Based heavily on contributions from Rick + Dean. + +2009-04-25 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * Release 0.9 + +2009-04-01 Jean-Paul Calderone <exarkun@twistedmatrix.com> + Samuele Pedroni <pedronis@openend.se> + + * src/util.h: Delete the TLS key before trying to set a new value + for it in case the current thread identifier is a recycled one (if + it is recycled, the key won't be set because there is already a + value from the previous thread to have this identifier and to use + the pyOpenSSL API). + +2009-04-01 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * src/crypto/crypto.c: Add FILETYPE_TEXT for dumping keys and + certificates and certificate signature requests to a text format. + +2008-12-31 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * src/crypto/x509ext.c, test/test_crypto.py: Add the get_short_name + method to X509Extension based on patch from Alex Stapleton. + +2008-12-31 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * src/crypto/x509ext.c, test/test_crypto.py: Fix X509Extension so + that it is possible to instantiate extensions which use s2i or r2i + instead of v2i (an extremely obscure extension implementation + detail). + +2008-12-30 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * MANIFEST.in, src/crypto/crypto.c, src/crypto/x509.c, + src/crypto/x509name.c, src/rand/rand.c, src/ssl/context.c: Changes + which eliminate compiler warnings but should not change any + behavior. + +2008-12-28 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * test/test_ssl.py, src/ssl/ssl.c: Expose DTLS-related constants, + OP_NO_QUERY_MTU, OP_COOKIE_EXCHANGE, and OP_NO_TICKET. + +2008-12-28 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * src/ssl/context.c: Add a capath parameter to + Context.load_verify_locations to allow Python code to specify + either or both arguments to the underlying + SSL_CTX_load_verify_locations API. + * src/ssl/context.c: Add Context.set_default_verify_paths, a wrapper + around SSL_CTX_set_default_verify_paths. + +2008-12-28 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * test/test_crypto.py, src/crypto/x509req.c: Added get_version and + set_version_methods to X509ReqType based on patch from Wouter van + Bommel. Resolves LP#274418. + +2008-09-22 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * Release 0.8 + +2008-10-19 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * tsafe.py: Revert the deprecation of the thread-safe Connection + wrapper. The Connection class should not segfault if used from + multiple threads now, but it generally cannot be relied on to + produce correct results if used without the thread-safe wrapper. + * doc/pyOpenSSL.tex: Correct the documentation for the set_passwd_cb + callback parameter so that it accurately describes the required + signature. + +2008-09-22 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * Release 0.8a1 + +2008-09-21 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * src/ssl/ssl.h, src/ssl/ssl.c: Add a thread-local storage key + which will be used to store and retrieve PyThreadState pointers + whenever it is necessary to release or re-acquire the GIL. + + * src/ssl/context.c: Change global_verify_callback so that it + unconditionally manipulates the Python threadstate, rather than + checking the tstate field which is now always NULL. + +2008-04-26 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * src/ssl/context.c: Change global_passphrase_callback and + global_info_callback so that they acquire the GIL before + invoking any CPython APIs and do not release it until after they + are finished invoking all of them (based heavily on on patch + from Dan Williams). + * src/ssl/crypto.c: Initialize OpenSSL thread support so that it + is valid to use OpenSSL APIs from more than one thread (based on + patch from Dan Williams). + * test/test_crypto.py: Add tests for load_privatekey and + dump_privatekey when a passphrase or a passphrase callback is + supplied. + * test/test_ssl.py: Add tests for Context.set_passwd_cb and + Context.set_info_callback. + +2008-04-11 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * Release 0.7 + +2008-03-26 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * src/crypto/x509name.c: Add X509Name.get_components + +2008-03-25 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * src/crypto/x509name.c: Add hash and der methods to X509Name. + * src/crypto/x509.c: Fix a bug in X509.get_notBefore and + X509.get_notAfter preventing UTCTIME format timestamps from + working. + +2008-03-12 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * Fix coding problems in examples/. Remove keys and certificates + and add a note about how to generate new ones. + +2008-03-09 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * src/crypto/x509.c: Add getters and setters for the notBefore and + notAfter attributes of X509s. + * src/crypto/pkey.h, src/crypto/pkey.c, src/crypto/x509req.c, + src/crypto/x509.c: Track the initialized and public/private state + of EVP_PKEY structures underlying the crypto_PKeyObj type and + reject X509Req signature operations on keys not suitable for the + task. + +2008-03-06 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * src/crypto/x509name.c: Fix tp_compare so it only returns -1, 0, or + 1. This eliminates a RuntimeWarning emitted by Python. + * src/crypto/x509req.c: Fix reference counting for X509Name returned + by X509Req.get_subject. This removes a segfault when the subject + name outlives the request object. + * src/crypto/x509.c: Change get_serial_number and set_serial_number + to accept Python longs. + * doc/pyOpenSSL.tex: A number of minor corrections. + +2008-03-03 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * src/crypto/crypto.c: Expose X509_verify_cert_error_string. (patch + from Victor Stinner) + +2008-02-22 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * src/ssl/connection.c src/ssl/context.c src/ssl/ssl.c: Fix + compilation on Windows. (patch from Michael Schneider) + +2008-02-21 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * src/ssl/connection.c: Expose SSL_get_shutdown and + SSL_set_shutdown. (patch from James Knight) + * src/ssl/ssl.c: Expose SSL_SENT_SHUTDOWN and SSL_RECEIVED_SHUTDOWN. + (patch from James Knight) + +2008-02-19 Jean-Paul Calderone <exarkun@twistedmatrix.com> + + * src/ssl/context.c: Expose SSL_CTX_add_extra_chain_cert. + * src/crypto/x509name.c: Fix memory leaks in __getattr__ and + __setattr_ implementations. + * src/crypto/x509.c: Fix memory leak in X509.get_pubkey(). + * leakcheck/: An attempt at a systematic approach to leak + elimination. + +2004-08-13 Martin Sjögren <msjogren@gmail.com> + + * Released version 0.6. + +2004-08-11 Martin Sjögren <msjogren@gmail.com> + + * doc/pyOpenSSL.tex: Updates to the docs. + +2004-08-10 Martin Sjögren <msjogren@gmail.com> + + * src/crypto/x509.c: Add X509.add_extensions based on a patch + from Han S. Lee. + * src/ssl/ssl.c: Add more SSL_OP_ constants. Patch from Mihai + Ibanescu. + +2004-08-09 Martin Sjögren <msjogren@gmail.com> + + * setup.py src/crypto/: Add support for Netscape SPKI extensions + based on a patch from Tollef Fog Heen. + * src/crypto/crypto.c: Add support for python passphrase callbacks + based on a patch from Robert Olson. + +2004-08-03 Martin Sjögren <msjogren@gmail.com> + + * src/ssl/context.c: Applied patch from Frederic Peters to add + Context.use_certificate_chain_file. + * src/crypto/x509.c: Applid patch from Tollef Fog Heen to add + X509.subject_name_hash and X509.digest. + +2004-08-02 Martin Sjögren <msjogren@gmail.com> + + * src/crypto/crypto.c src/ssl/ssl.c: Applied patch from Bastian + Kleineidam to fix full names of exceptions. + +2004-07-19 Martin Sjögren <msjogren@gmail.com> + + * doc/pyOpenSSL.tex: Fix the errors regarding X509Name's field names. + +2004-07-18 Martin Sjögren <msjogren@gmail.com> + + * examples/certgen.py: Fixed wrong attributes in doc string, thanks + Remy. (SFbug#913315) + * __init__.py, setup.py, version.py: Add __version__, as suggested by + Ronald Oussoren in SFbug#888729. + * examples/proxy.py: Fix typos, thanks Mihai Ibanescu. (SFpatch#895820) + +2003-01-09 Martin Sjögren <martin@strakt.com> + + * Use cyclic GC protocol in SSL.Connection, SSL.Context, crypto.PKCS12 + and crypto.X509Name. + +2002-12-02 Martin Sjögren <martin@strakt.com> + + * tsafe.py: Add some missing methods. + +2002-10-06 Martin Sjögren <martin@strakt.com> + + * __init__.py: Import tsafe too! + +2002-10-05 Martin Sjögren <martin@strakt.com> + + * src/crypto/x509name.c: Use unicode strings instead of ordinary + strings in getattr/setattr. Note that plain ascii strings should + still work. + +2002-09-17 Martin Sjögren <martin@strakt.com> + + * Released version 0.5.1. + +2002-09-09 Martin Sjögren <martin@strakt.com> + + * setup.cfg: Fixed build requirements for rpms. + +2002-09-07 Martin Sjögren <martin@strakt.com> + + * src/ssl/connection.c: Fix sendall() method. It segfaulted because + it was too generous about giving away the GIL. + * Added SecureXMLRPCServer example, contributed by Michal Wallace. + +2002-09-06 Martin Sjögren <martin@strakt.com> + + * setup.cfg: Updated the build requirements. + * src/ssl/connection.c: Fix includes for AIX. + +2002-09-04 Anders Hammarquist <iko@strakt.com> + + * Added type checks in all the other places where we expect + specific types of objects passed. + +2002-09-04 Martin Sjögren <martin@strakt.com> + + * src/crypto/crypto.c: Added an explicit type check in the dump_* + functions, so that they won't die when e.g. None is passed in. + +2002-08-25 Martin Sjögren <martin@strakt.com> + + * doc/pyOpenSSL.tex: Docs for PKCS12. + +2002-08-24 Martin Sjögren <martin@strakt.com> + + * src/crypto: Added basic PKCS12 support, thanks to Mark Welch + <mark@collab.net> + +2002-08-16 Martin Sjögren <martin@strakt.com> + + * D'oh! Fixes for python 1.5 and python 2.1. + +2002-08-15 Martin Sjögren <martin@strakt.com> + + * Version 0.5. Yay! + +2002-07-25 Martin Sjögren <martin@strakt.com> + + * src/ssl/context.c: Added set_options method. + * src/ssl/ssl.c: Added constants for Context.set_options method. + +2002-07-23 Martin Sjögren <martin@strakt.com> + + * Updated docs + * src/ssl/connection.c: Changed the get_cipher_list method to actually + return a list! WARNING: This change makes the API incompatible with + earlier versions! + +2002-07-15 Martin Sjögren <martin@strakt.com> + + * src/ssl/connection.[ch]: Removed the fileno method, it uses the + transport object's fileno instead. + +2002-07-09 Martin Sjögren <martin@strakt.com> + + * src/crypto/x509.c src/crypto/x509name.c: Fixed segfault bug where + you used an X509Name after its X509 had been destroyed. + * src/crypto/crypto.[ch] src/crypto/x509req.c src/crypto/x509ext.[ch]: + Added X509 Extension support. Thanks to maas-Maarten Zeeman + <maas@awanim.com> + * src/crypto/pkey.c: Added bits() and type() methods. + +2002-07-08 Martin Sjögren <martin@strakt.com> + + * src/ssl/connection.c: Moved the contents of setup_ssl into the + constructor, thereby fixing some segfault bugs :) + * src/ssl/connection.c: Added connect_ex and sendall methods. + * src/crypto/x509name.c: Cleaned up comparisons and NID lookup. + Thank you Maas-Maarten Zeeman <maas@awanim.com> + * src/rand/rand.c: Fix RAND_screen import. + * src/crypto/crypto.c src/crypto/pkcs7.[ch]: Added PKCS7 management, + courtesy of Maas-Maarten Zeeman <maas@awanim.com> + * src/crypto/x509req.c: Added verify method. + +2002-06-17 Martin Sjögren <martin@strakt.com> + + * rpm/, setup.cfg: Added improved RPM-building stuff, thanks to + Mihai Ibanescu <misa@redhat.com> + +2002-06-14 Martin Sjögren <martin@strakt.com> + + * examples/proxy.py: Example code for using OpenSSL through a proxy + contributed by Mihai Ibanescu <misa@redhat.com> + * Updated installation instruction and added them to the TeX manual. + +2002-06-13 Martin Sjögren <martin@strakt.com> + + * src/ssl/context.c: Changed global_verify_callback so that it uses + PyObject_IsTrue instead of requring ints. + * Added pymemcompat.h to make the memory management uniform and + backwards-compatible. + * src/util.h: Added conditional definition of PyModule_AddObject and + PyModule_AddIntConstant + * src/ssl/connection.c: Socket methods are no longer explicitly + wrapped. fileno() is the only method the transport layer object HAS + to support, but if you want to use connect, accept or sock_shutdown, + then the transport layer object has to supply connect, accept + and shutdown respectively. + +2002-06-12 Martin Sjögren <martin@strakt.com> + + * Changed comments to docstrings that are visible in Python. + * src/ssl/connection.c: Added set_connect_state and set_accept_state + methods. Thanks to Mark Welch <mark@collab.net> for this. + +2002-06-11 Martin Sjögren <martin@strakt.com> + + * src/ssl/connection.c: accept and connect now use SSL_set_accept_state + and SSL_set_connect_state respectively, instead of SSL_accept and + SSL_connect. + * src/ssl/connection.c: Added want_read and want_write methods. + +2002-06-05 Martin Sjögren <martin@strakt.com> + + * src/ssl/connection.c: Added error messages for windows. The code is + copied from Python's socketmodule.c. Ick. + * src/ssl/connection.c: Changed the parameters to the SysCallError. It + always has a tuple (number, string) now, even though the number + might not always be useful. + +2002-04-05 Martin Sjögren <md9ms@mdstud.chalmers.se> + + * Worked more on the Debian packaging, hopefully the packages + are getting into the main Debian archive soon. + +2002-01-10 Martin Sjögren <martin@strakt.com> + + * Worked some more on the Debian packaging, it's turning out real + nice. + * Changed format on this file, I'm going to try to be a bit more + verbose about my changes, and this format makes it easier. + +2002-01-08 Martin Sjögren <martin@strakt.com> + + * Version 0.4.1 + * Added some example code + * Added the thread safe Connection object in the 'tsafe' submodule + * New Debian packaging + +2001-08-09 Martin Sjögren <martin@strakt.com> + + * Version 0.4 + * Added a compare function for X509Name structures. + * Moved the submodules to separate .so files, with tiny C APIs so they + can communicate + * Skeletal OpenSSL/__init__.py + * Removed the err submodule, use crypto.Error and SSL.Error instead + +2001-08-06 Martin Sjögren <martin@strakt.com> + + * Version 0.3 + * Added more types for dealing with certificates (X509Store, X509Req, + PKey) + * Functionality to load private keys, certificates and certificate + requests from memory buffers, and store them too + * X509 and X509Name objects can now be modified as well, very neat when + creating certificates ;) + * Added SSL_MODE_AUTO_RETRY to smooth things for blocking sockets + * Added a sock_shutdown() method to the Connection type + * I don't understand why, but I can't use Py_InitModule() to create + submodules in Python 2.0, the interpreter segfaults on the cleanup + process when I do. I added a conditional compile on the version + number, falling back to my own routine. It would of course be nice to + investigate what is happening, but I don't have the time to do so + * Do INCREF on the type objects before inserting them in the + dictionary, so they will never reach refcount 0 (they are, after all, + statically allocated) + +2001-07-30 Martin Sjögren <martin@strakt.com> + + * Version 0.2 + * Lots of tweaking and comments in the code + * Now uses distutils instead of the stupid Setup file + * Hacked doc/tools/mkhowto, html generation should now work + +2001-07-16 Martin Sjögren <martin@strakt.com> + + * Initial release (0.1, don't expect much from this one :-) + diff --git a/doc/backward-compatibility.rst b/doc/backward-compatibility.rst new file mode 100644 index 0000000..446339b --- /dev/null +++ b/doc/backward-compatibility.rst @@ -0,0 +1,11 @@ +Backward Compatibility +====================== + +pyOpenSSL has a very strong backward compatibility policy. +Generally speaking, you shouldn't ever be afraid of updating. + +If breaking changes are needed do be done, they are: + +#. …announced in the :doc:`changelog`. +#. …the old behavior raises a :exc:`DeprecationWarning` for a year. +#. …are done with another announcement in the :doc:`changelog`. diff --git a/doc/changelog.rst b/doc/changelog.rst new file mode 100644 index 0000000..565b052 --- /dev/null +++ b/doc/changelog.rst @@ -0,0 +1 @@ +.. include:: ../CHANGELOG.rst diff --git a/doc/index.rst b/doc/index.rst index 4c15fc8..56d84ea 100644 --- a/doc/index.rst +++ b/doc/index.rst @@ -2,6 +2,7 @@ Welcome to pyOpenSSL's documentation! ===================================== +Release v\ |release| (:doc:`What's new? <changelog>`). pyOpenSSL is a rather thin wrapper around (a subset of) the OpenSSL library. With thin wrapper we mean that a lot of the object methods do nothing more than @@ -20,6 +21,16 @@ Contents: internals +Meta +---- + +.. toctree:: + :maxdepth: 1 + + backward-compatibility + changelog + + Indices and tables ================== |