summaryrefslogtreecommitdiff
path: root/CHANGELOG.rst
Commit message (Collapse)AuthorAgeFilesLines
* py27 going, going, gone (#1047)Paul Kehrer2021-10-041-0/+3
| | | | | | | | | | | * py27 going, going, gone * black * more black * ok then * forgot to remove pypy2
* reopen main for 21.1 dev (#1042)Paul Kehrer2021-09-281-0/+12
|
* 21.0.0 release (#1041)21.0.0Paul Kehrer2021-09-281-1/+3
|
* Add SSL_CTX_set_min_proto_version/SSL_CTX_set_max_proto_version bindings (#985)Maximilian Hils2021-03-101-0/+5
| | | | | | | | | | | | | | | | | | | * add Context.set_*_proto_version, fix #860 * docs: add new openssl tls methods * accept the fact that nothing can be taken for granted * bump minimum required cryptography version to 3.3 * drop support for Python 3.5 * use binary wheels for cryptography * Revert "use binary wheels for cryptography" This reverts commit 91a04c612ed1d0dd9fd541dfefe21cac7c25b1c1. * docker ci: compile cryptography with rust
* Check return code of SSL_[CTX_]set_alpn_protos (#993)Maximilian Hils2021-02-171-0/+3
| | | | | | | * check return code of SSL_CTX_set_alpn_protos, fix #992 * paint it black! * fix line lengths as well :upside_down_face:
* reopen master for dev (#980)Paul Kehrer2020-12-151-0/+12
|
* Prepare for 20.0.1 release (#979)20.0.1Alex Gaynor2020-12-151-1/+3
|
* reopen master for next dev cycle (#969)Paul Kehrer2020-11-271-0/+12
|
* 20.0.0 before 2020 is even over (#968)20.0.0Paul Kehrer2020-11-271-1/+1
|
* Drop CI for OpenSSL 1.0.2 (#953)Alex Gaynor2020-10-261-1/+2
| | | | | | | * Drop CI for OpenSSL 1.0.2 * Delete code for coverage reasons * Bump minimum cryptography version
* crypto._PassphraseHelper: pass non-callable passphrase using callback (#947)Huw Jones2020-10-121-1/+4
| | | | | | | | | | | | * crypto._PassphraseHelper: pass non-callable passphrase using callback Fixes #945 Before this commit, we would pass a bytes passphrase as a null terminated string. This causes issue when a randomly generated key's first byte is null because OpenSSL rightly determines the key length is 0. This commit modifies the passphrase helper to pass the passphrase via the callback * Update changelog to document bug fix
* Allow using additional untrusted certificates for chain building in ↵Sándor Oroszi2020-10-121-0/+3
| | | | | | | | | | | | X509StoreContext (#948) The additional certificates provided in the new `chain` parameter will be untrusted but may be used to build the chain. This makes it easier to validate a certificate against a store which contains only root ca certificates, and the intermediates come from e.g. the same untrusted source as the certificate to be verified. Co-authored-by: Sandor Oroszi <sandor.oroszi@balabit.com>
* Allow using an OpenSSL hashed directory for verification in X509Store (#943)Sándor Oroszi2020-09-111-0/+3
| | | | | | | Add X509Store.load_locations() to set a CA bundle file and/or an OpenSSL- style hashed CA/CRL lookup directory, similar to the already existing SSL.Context.load_verify_locations(). Co-authored-by: Sandor Oroszi <sandor.oroszi@balabit.com>
* Context.set_verify: allow omission of callback (#933)Maximilian Hils2020-08-071-0/+3
| | | | | | | * Context.set_verify: allow omission of callback * squeeze to 80 chars * make it clear that default callback is used
* Allow accessing a connection's verfied certificate chain (#894)Shane Harvey2020-08-051-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | * Allow accessing a connection's verfied certificate chain Add X509StoreContext.get_verified_chain using X509_STORE_CTX_get1_chain. Add Connection.get_verified_chain using SSL_get0_verified_chain if available (ie OpenSSL 1.1+) and X509StoreContext.get_verified_chain otherwise. Fixes #740. * TLSv1_METHOD -> SSLv23_METHOD * Use X509_up_ref instead of X509_dup * Add _openssl_assert where appropriate * SSL_get_peer_cert_chain should not be null * Reformat with black * Fix <OpenSSL.crypto.X509 object at 0x7fdbb59e8050> != <OpenSSL.crypto.X509 object at 0x7fdbb59daad0> * Add Changelog entry * Remove _add_chain
* Deprecated pkcs7 and pkcs12 support (#921)Alex Gaynor2020-08-051-0/+2
|
* remove npn support entirely. you should be using alpn (#932)Paul Kehrer2020-08-031-0/+1
| | | | | * remove npn support entirely. you should be using alpn * flake8
* Add SSL.Context.set_keylog_callback (#910)Maximilian Hils2020-07-281-1/+2
| | | | | | | | | * add SSL.Context.set_keylog_callback * don't fail on missing attribute * lint! * make it black
* Remove deprecated tsafe module. (#913)Benjamin Peterson2020-05-221-0/+1
|
* Drop OpenSSL 1.0.1 (#908)Alex Gaynor2020-04-071-0/+1
|
* Drop support for Python 3.4, since cryptography dropped it (#884)Alex Gaynor2019-12-151-1/+1
|
* reopen master, call it 20.0 because let's be honest with ourselves (#878)Paul Kehrer2019-11-181-0/+21
|
* version bump for 19.1 release (#877)19.1.0Paul Kehrer2019-11-171-1/+1
|
* ALPN: complete handshake without accepting a client's protocols. (#876)Mark Williams2019-11-181-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | * ALPN: complete handshake without accepting a client's protocols. The callback passed to `SSL_CTX_set_alpn_select_cb` can return `SSL_TLSEXT_ERR_NOACK` to allow the handshake to continue without accepting any of the client's offered protocols. This commit introduces `NO_OVERLAPPING_PROTOCOLS`, which the Python callback passed to `Context.set_alpn_select_callback` can return to achieve the same thing. It does not change the previous meaning of an empty string, which still terminates the handshake. * Update src/OpenSSL/SSL.py Co-Authored-By: Alex Gaynor <alex.gaynor@gmail.com> * Address @alex's review. * Use recorded value in test, fix lint error. * Cover TypeError branch in _ALPNHelper.callback
* use _ffi.from_buffer() to support bytearray (#852)Daniel Holth2019-11-181-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * use _ffi.from_buffer(buf) in send, to support bytearray * add bytearray test * update CHANGELOG.rst * move from_buffer before 'buffer too long' check * context-managed from_buffer + black * don't shadow buf in send() * test return count for sendall * test sending an array * fix test * also use from_buffer in bio_write * de-format _util.py * formatting * add simple bio_write tests * wrap line
* bump the minimum cryptography version (#875)Paul Kehrer2019-11-171-0/+2
| | | | | | | Users with older cryptography (and hence potentially older asn1crypto, a transitive dependency) are seeing a serious bug on macOS catalina due to the way older asn1crypto loads a shared library. While this isn't a pyOpenSSL bug bumping this dep might prevent the bug from impacting some users.
* Deprecated NPN (#820)Alex Gaynor2019-02-221-1/+3
| | | | | | | | | | * Deprecated NPN * arithmetic is hard * oops * oops
* Removed deprecated Type aliases (#814)Alex Gaynor2019-02-071-2/+3
| | | | | | | | | | | | * Removed deprecated Type aliases * typo * typo * missed this somehow * Line wrap
* Reopen master for 19.1 (#810)Alex Gaynor2019-01-211-0/+24
|
* release 19.0.0 (#808)19.0.0Paul Kehrer2019-01-211-1/+1
|
* changelog and call it 19 now (#807)Paul Kehrer2019-01-211-2/+6
|
* X509Store.add_cert no longer raises an error on duplicate cert (#787)Paul Kehrer2018-08-231-1/+2
| | | | | | * X509Store.add_cert no longer raises an error on duplicate cert * move changelog entry
* reopen master for 18.1 (#761)Paul Kehrer2018-05-161-0/+24
| | | | | | * reopen master for 18.1 * there are four dashes
* 18.0.0 release time (#760)18.0.0Paul Kehrer2018-05-161-1/+1
|
* Add Connection.get_certificate method (#733)Jeremy Lainé2018-05-161-0/+2
| | | | | | | | This makes it possible to retrieve the local certificate (if any) for a Connection. An example where this is useful is when negotiating a DTLS-SRTP connection, the fingerprint of the local certificate needs to be communicated to the remote party out-of-band via SDP.
* Add Context.set_tlsext_use_srtp (#734)Jeremy Lainé2018-05-161-0/+2
| | | | This allows negotiating SRTP keying material, which is useful when using DTLS-SRTP, as WebRTC does for example.
* Always enable auto retry (#753)Paul Kehrer2018-05-141-2/+3
| | | | | | | | | | | | * test using auto retry * add/update changelog and add comment * wordsmithing * Update CHANGELOG.rst * Update CHANGELOG.rst
* Make the changelog consistent (#754)Alex Gaynor2018-05-141-3/+3
|
* Raise minimum cryptography version to 2.2.1, drop python 2.6 (#742)Jeremy Lainé2018-03-211-1/+2
|
* open for 17.6.0 (#727)Paul Kehrer2017-12-011-0/+24
|
* 17.5.0 version bump (#726)17.5.0Paul Kehrer2017-11-301-1/+1
|
* Export keying material support (#725)Paul Kehrer2017-11-301-0/+2
| | | | | | | | | | | | | | * added method to export keying material from an ssl connection * updated tests to use bytestrings to avoid breaking python3 tests * added additional comments to test * simplify export_keying_material * add changelog * address review feedback
* fix a memory leak and a potential UAF and also #722 (#723)Paul Kehrer2017-11-301-3/+3
| | | | | | | | * fix a memory leak and a potential UAF and also #722 * sanity check * bump cryptography minimum version, add changelog
* reopen master (#718)Paul Kehrer2017-11-211-0/+26
|
* bump to 17.4.0 (#714)17.4.0Paul Kehrer2017-11-211-1/+1
|
* restore a subset of the rand module (#708)Paul Kehrer2017-11-201-0/+3
| | | | | | | | | | * restore a subset of the rand module * flake * remove cleanup, go ahead and assume status will always be 1 * lighten and add power
* Don't use things after they're freed...duh (#709)Alex Gaynor2017-11-201-1/+2
| | | | | | | | * Don't use things after they're freed...duh * changelog * more details
* 17.4.0.dev0 bump (#694)Paul Kehrer2017-09-131-0/+24
|
* bump version and update changelog (#693)17.3.0Paul Kehrer2017-09-131-2/+5
| | | | | | | | * bump version and update changelog * add changelog entries for the memory leak fixes * backticks
* Delete rand.py (#675)Alex Gaynor2017-07-251-0/+4
|
View Lorry Controller Status