1This file only contains the changes up to release 0.15.1. Newer changes can be 2found at <https://pyopenssl.readthedocs.io/en/latest/changelog.html>. 3 4*** 5 62015-04-14 Hynek Schlawack <hs@ox.cx> 7 8 * Release 0.15.1 9 102015-04-14 Glyph Lefkowitz <glyph@twistedmatrix.com> 11 12 * OpenSSL/SSL.py, OpenSSL/test/test_ssl.py: Fix a regression 13 present in 0.15, where when an error occurs and no errno() is set, 14 a KeyError is raised. This happens, for example, if 15 Connection.shutdown() is called when the underlying transport has 16 gone away. 17 182015-04-14 Hynek Schlawack <hs@ox.cx> 19 20 * Release 0.15 21 222015-04-12 Jean-Paul Calderone <exarkun@twistedmatrix.com> 23 24 * OpenSSL/rand.py, OpenSSL/SSL.py: APIs which previously accepted 25 filenames only as bytes now accept them as either bytes or 26 unicode (and respect sys.getfilesystemencoding()). 27 282015-03-23 Jean-Paul Calderone <exarkun@twistedmatrix.com> 29 30 * OpenSSL/SSL.py: Add Cory Benfield's next-protocol-negotiation 31 (NPN) bindings. 32 332015-03-15 Jean-Paul Calderone <exarkun@twistedmatrix.com> 34 35 * OpenSSL/SSL.py: Add ``Connection.recv_into``, mirroring the 36 builtin ``socket.recv_into``. Based on work from Cory Benfield. 37 * OpenSSL/test/test_ssl.py: Add tests for ``recv_into``. 38 392015-01-30 Stephen Holsapple <sholsapp@gmail.com> 40 41 * OpenSSL/crypto.py: Expose ``X509StoreContext`` for verifying certificates. 42 * OpenSSL/test/test_crypto.py: Add intermediate certificates for 43 442015-01-08 Paul Aurich <paul@darkrain42.org> 45 46 * OpenSSL/SSL.py: ``Connection.shutdown`` now propagates errors from the 47 underlying socket. 48 492014-12-11 Jean-Paul Calderone <exarkun@twistedmatrix.com> 50 51 * OpenSSL/SSL.py: Fixed a regression ``Context.check_privatekey`` 52 causing it to always succeed - even if it should fail. 53 542014-08-21 Alex Gaynor <alex.gaynor@gmail.com> 55 56 * OpenSSL/crypto.py: Fixed a regression where calling ``load_pkcs7_data`` 57 with ``FILETYPE_ASN1`` would fail with a ``NameError``. 58 592014-05-05 Jean-Paul Calderone <exarkun@twistedmatrix.com> 60 61 * OpenSSL/SSL.py: Fix a regression in which the first argument of 62 the "verify" callback was incorrectly passed a ``Context`` instance 63 instead of the ``Connection`` instance. 64 * OpenSSL/test/test_ssl.py: Add a test for the value passed as the 65 first argument of the "verify" callback. 66 672014-04-19 Jean-Paul Calderone <exarkun@twistedmatrix.com> 68 69 * OpenSSL/crypto.py: Based on work from Alex Gaynor, Andrew 70 Lutomirski, Tobias Oberstein, Laurens Van Houtven, and Hynek 71 Schlawack, add ``get_elliptic_curve`` and ``get_elliptic_curves`` 72 to support TLS ECDHE modes. 73 * OpenSSL/SSL.py: Add ``Context.set_tmp_ecdh`` to configure a TLS 74 context with a particular elliptic curve for ECDHE modes. 75 762014-04-19 Markus Unterwaditzer <markus@unterwaditzer.net> 77 78 * OpenSSL/SSL.py: ``Connection.send`` and ``Connection.sendall`` 79 now also accept the ``buffer`` type as data. 80 812014-04-05 Stephen Holsapple <sholsapp@gmail.com> 82 83 * OpenSSL/crypto.py: Make ``load_pkcs12`` backwards compatible with 84 pyOpenSSL 0.13 by making passphrase optional. 85 862014-03-30 Fedor Brunner <fedor.brunner@azet.sk> 87 88 * OpenSSL/SSL.py: Add ``get_finished``, ``get_peer_finished`` 89 methods to ``Connection``. If you use these methods to 90 implement TLS channel binding (RFC 5929) disable session 91 resumption because triple handshake attacks against TLS. 92 <https://www.ietf.org/mail-archive/web/tls/current/msg11337.html> 93 <https://secure-resumption.com/tlsauth.pdf> 94 952014-03-29 Fedor Brunner <fedor.brunner@azet.sk> 96 97 * OpenSSL/SSL.py: Add ``get_cipher_name``, ``get_cipher_bits``, 98 and ``get_cipher_version`` to ``Connection``. 99 1002014-03-28 Jean-Paul Calderone <exarkun@twistedmatrix.com> 101 102 * OpenSSL/tsafe.py: Replace the use of ``apply`` (which has been 103 removed in Python 3) with the equivalent syntax. 104 1052014-03-28 Jonathan Giannuzzi <jonathan@giannuzzi.be> 106 107 * OpenSSL/crypto.py: Fix memory leak in _X509_REVOKED_dup. 108 * leakcheck/crypto.py: Add checks for _X509_REVOKED_dup, CRL.add_revoked 109 and CRL.get_revoked. 110 * setup.py: Require cryptography 0.3 to have the ASN1_TIME_free binding. 111 1122014-03-02 Stephen Holsapple <sholsapp@gmail.com> 113 114 * OpenSSL/crypto.py: Add ``get_extensions`` method to ``X509Req``. 115 1162014-02-23 Jean-Paul Calderone <exarkun@twistedmatrix.com> 117 118 * Release 0.14 119 1202014-01-09 Jean-Paul Calderone <exarkun@twistedmatrix.com> 121 122 * OpenSSL: Port to the cffi-based OpenSSL bindings provided by 123 <https://github.com/pyca/cryptography> 124 1252013-10-06 Jean-Paul Calderone <exarkun@twistedmatrix.com> 126 127 * OpenSSL/ssl/context.c: Add support for negotiating TLS v1.1 or 128 v1.2. 129 1302013-10-03 Christian Heimes <christian@python.org> 131 132 * OpenSSL/crypto/x509.c: Fix an inconsistency in memory management 133 in X509.get_serial_number which leads to crashes on some runtimes 134 (certain Windows/Python 3.3 environments, at least). 135 1362013-08-11 Christian Heimes <christian@python.org> 137 138 * OpenSSL/crypto/x509ext.c: Fix handling of NULL bytes inside 139 subjectAltName general names when formatting an X509 extension 140 as a string. 141 * OpenSSL/crypto/x509.c: Fix memory leak in get_extension(). 142 1432012-04-03 Jean-Paul Calderone <exarkun@twistedmatrix.com> 144 145 * OpenSSL/crypto/pkey.c: Release the GIL around RSA and DSA key 146 generation, based on code from INADA Naoki. 147 1482012-02-13 Jean-Paul Calderone <exarkun@twistedmatrix.com> 149 150 * OpenSSL/ssl/ssl.c: Add session cache related constants for use 151 with the new Context.set_session_cache_mode method. 152 153 * OpenSSL/ssl/context.c: Add new Context methods 154 set_session_cache_mode and get_session_cache_mode. 155 1562011-11-01 Jean-Paul Calderone <exarkun@twistedmatrix.com> 157 158 * OpenSSL/crypto/pkey.c: Raise TypeError when trying to check a 159 PKey instance which has no private component, instead of crashing. 160 Based on fix by <lp:~dataway>. 161 1622011-09-14 Žiga Seilnacht <lp:ziga-seilnacht> 163 164 * OpenSSL/crypto/crypto.c: Allow exceptions from passphrase 165 callbacks to propagate up out of load_privatekey 166 * OpenSSL/crypto/crypto.c: Raise an exception when a too-long 167 passphrase is returned from a passphrase callback, instead of 168 silently truncating it. 169 * OpenSSL/crypto/crypto.c: Fix a memory leak when a passphrase 170 callback returns the wrong type. 171 1722011-09-13 Jean-Paul Calderone <exarkun@twistedmatrix.com> 173 174 * OpenSSL/crypto/crl.c: Add error handling for the use of 175 X509_CRL_sign. 176 1772011-09-11 Jonathan Ballet <lp:multani> 178 179 * doc/: Convert the LaTeX documentation to Sphinx-using ReST. 180 * OpenSSL/: Convert the epytext API documentation to Sphinx-using ReST. 181 1822011-09-08 Guillermo Gonzalez <guillermo.gonzalez@canonical.com> 183 184 * OpenSSL/ssl/context.c: Add Context.set_mode method. 185 * OpenSSL/ssl/ssl.c: Add MODE_RELEASE_BUFFERS and OP_NO_COMPRESSION 186 constants. 187 1882011-09-02 Jean-Paul Calderone <exarkun@twistedmatrix.com> 189 190 * Release 0.13 191 1922011-06-12 Jean-Paul Calderone <exarkun@twistedmatrix.com> 193 194 * OpenSSL/crypto/pkey.c: Add the PKey.check method, mostly 195 implemented by Rick Dean, to verify the internal consistency of a 196 PKey instance. 197 1982011-06-12 Jean-Paul Calderone <exarkun@twistedmatrix.com> 199 200 * OpenSSL/crypto/crypto.c: Fix the sign and verify functions so 201 they handle data with embedded NULs. Fix by David Brodsky 202 <lp:~lihalla>. 203 2042011-05-20 Jean-Paul Calderone <exarkun@twistedmatrix.com> 205 206 * OpenSSL/ssl/connection.c, OpenSSL/test/test_ssl.py: Add a new 207 method to the Connection type, get_peer_cert_chain, for retrieving 208 the peer's certificate chain. 209 2102011-05-19 Jean-Paul Calderone <exarkun@twistedmatrix.com> 211 212 * OpenSSL/crypto/x509.c, OpenSSL/test/test_crypto.py: Add a new 213 method to the X509 type, get_signature_algorithm, for inspecting 214 the signature algorithm field of the certificate. Based on a 215 patch from <lp:~okuda>. 216 2172011-05-10 Jean-Paul Calderone <exarkun@twistedmatrix.com> 218 219 * OpenSSL/crypto/crypto.h: Work around a Windows/OpenSSL 1.0 issue 220 explicitly including a Windows header before any OpenSSL headers. 221 222 * OpenSSL/crypto/pkcs12.c: Work around an OpenSSL 1.0 issue by 223 explicitly flushing errors known to be uninteresting after calling 224 PKCS12_parse. 225 226 * OpenSSL/ssl/context.c: Remove SSLv2 support if the underlying 227 OpenSSL library does not provide it. 228 229 * OpenSSL/test/test_crypto.py: Support an OpenSSL 1.0 change from 230 MD5 to SHA1 by allowing either hash algorithm's result as the 231 return value of X509.subject_name_hash. 232 233 * OpenSSL/test/test_ssl.py: Support an OpenSSL 1.0 change from MD5 234 to SHA1 by constructing certificate files named using both hash 235 algorithms' results when testing Context.load_verify_locations. 236 237 * Support OpenSSL 1.0.0a. 238 2392011-04-15 Jean-Paul Calderone <exarkun@twistedmatrix.com> 240 241 * OpenSSL/ssl/ssl.c: Add OPENSSL_VERSION_NUMBER, SSLeay_version 242 and related constants for retrieving version information about the 243 underlying OpenSSL library. 244 2452011-04-07 Jean-Paul Calderone <exarkun@twistedmatrix.com> 246 247 * Release 0.12 248 2492011-04-06 Jean-Paul Calderone <exarkun@twistedmatrix.com> 250 251 * OpenSSL/crypto/x509.c: Add get_extension_count and get_extension 252 to the X509 type, allowing read access to certificate extensions. 253 254 * OpenSSL/crypto/x509ext.c: Add get_short_name and get_data to the 255 X509Extension type, allowing read access to the contents of an 256 extension. 257 2582011-03-21 Olivier Hervieu <lp:~ohe> 259 260 * OpenSSL/ssl/ssl.c: Expose a number of symbolic constants for 261 values passed to the connection "info" callback. 262 2632011-01-22 Jean-Paul Calderone <exarkun@twistedmatrix.com> 264 265 * OpenSSL/ssl/connection.py: Add support for new-style 266 buffers (primarily memoryviews) to Connection.send and 267 Connection.sendall. 268 2692010-11-01 Jean-Paul Calderone <exarkun@twistedmatrix.com> 270 271 * Release 0.11 272 2732010-10-07 Jean-Paul Calderone <exarkun@twistedmatrix.com> 274 275 * Initial support for Python 3.x throughout the codebase. 276 2772010-09-14 Jean-Paul Calderone <exarkun@twistedmatrix.com> 278 279 * OpenSSL/crypto/netscape_spki.c: Fix an off-by-one mistake in the 280 error handling for NetscapeSPKI.verify. Add additional error 281 checking to NetscapeSPKI.sign to handle the case where there is no 282 private key. 283 284 * OpenSSL/crypto/x509.c: Fix an overflow bug in the subject_name_hash 285 method of the X509 type which would cause it to return negative 286 values on 32 bit systems. 287 288 * OpenSSL/crypto/x509req.c: Fix an off-by-one mistake in the error 289 handling for X509Req.verify. 290 291 * OpenSSL/ssl/context.c: Fix the error handling in the load_tmp_dh 292 method of the Context type which would cause it to always raise 293 MemoryError, regardless of the actual error (such as a bad file 294 name). 295 296 * OpenSSL/test/: Numerous unit tests added, both for above fixes 297 and for other previously untested code paths. 298 2992010-07-27 Jean-Paul Calderone <exarkun@twistedmatrix.com> 300 301 * Re-arrange the repository so that the package can be built and 302 used in-place without requiring installation. 303 3042010-02-27 James Yonan <james@openvpn.net> 305 306 * src/crypto/crypto.c: Added crypto.sign and crypto.verify methods 307 that wrap EVP_Sign and EVP_Verify function families, using code 308 derived from Dave Cridland's PyOpenSSL branch. 309 310 * test/test_crypto.py: Added unit tests for crypto.sign and 311 crypto.verify. 312 3132010-01-27 Jean-Paul Calderone <exarkun@twistedmatrix.com> 314 315 * src/ssl/connection.c, src/util.h: Apply patch from Sandro Tosi to 316 fix misspellings of "compatibility". 317 3182009-11-13 Jean-Paul Calderone <exarkun@twistedmatrix.com> 319 320 * Release 0.10 321 3222009-11-07 Žiga Seilnacht, Jean-Paul Calderone <exarkun@twistedmatrix.com> 323 324 * src/ssl/connection.c, src/ssl/context.c: Add set_client_ca_list, 325 add_client_ca, and get_client_ca_list to Context for manipulating 326 the list of certificate authority names which are sent by servers 327 with the certificate request message. 328 * src/util.h: Add ssize-related defines if the version of Python 329 being used does not have them. 330 * setup.py: Significant changes to the way Windows builds are done, 331 particularly the way OpenSSL headers and libraries are found (with 332 the new --with-openssl argument to build_ext). 333 3342009-08-27 Rick Dean <rick@fdd.com>, Jean-Paul Calderone <exarkun@twistedmatrix.com> 335 336 * src/crypto/pkcs12.c: Add setters to the PKCS12 type for the 337 certificate, private key, ca certificate list, and friendly 338 name, and add a getter for the friendly name. Also add a method 339 for exporting a PKCS12 object as a string. 340 * test/test_crypto.py: Add lots of additional tests for the PKCS12 341 type. 342 * doc/pyOpenSSL.tex: Documentation for the new PKCS12 methods. 343 3442009-07-17 Rick Dean <rick@fdd.com>, Jean-Paul Calderone <exarkun@twistedmatrix.com> 345 346 * src/crypto/x509ext.c: Add subject and issuer parameters to 347 X509Extension, allowing creation of extensions which require that 348 information. Fixes LP#322813. 349 3502009-07-16 Jean-Paul Calderone <exarkun@twistedmatrix.com> 351 352 * test/util.py: Changed the base TestCase's tearDown to assert that 353 no errors were left in the OpenSSL error queue by the test. 354 * src/crypto/crypto.c: Add a private helper in support of the 355 TestCase.tearDown change. 356 * src/crypto/x509name.c: Changed X509Name's getattr implementation 357 to clean up the error queue. Fixes LP#314814. 358 * test/util.c: Changed flush_error_queue to avoid a reference 359 counting bug caused by macro expansion. 360 3612009-07-16 Rick Dean <rick@fdd.com> 362 363 * src/rand.c: Added OpenSSL.rand.bytes to get random bytes directly. 364 * src/util.c: Added generic exceptions_from_error_queue to replace 365 the various other implementations of this function. Also updated 366 the rest of the codebase to use this version instead. 367 3682009-07-05 Jean-Paul Calderone <exarkun@twistedmatrix.com> 369 370 * test/util.py, test/test_ssl.py, test/test_crypto.py: Fold the 371 Python 2.3 compatibility TestCase mixin into the TestCase defined 372 in util.py. 373 3742009-07-05 Jean-Paul Calderone <exarkun@twistedmatrix.com> 375 376 * test/util.py, test/test_ssl.py, test/test_crypto.py: Stop trying 377 to use Twisted's TestCase even when it's available. Instead, 378 always use the stdlib TestCase with a few enhancements. 379 3802009-07-04 Jean-Paul Calderone <exarkun@twistedmatrix.com> 381 382 * Changed most extension types so that they can be instantiated 383 using the type object rather than a factory function. The old 384 factory functions are now aliases for the type objects. 385 Fixes LP#312786. 386 3872009-05-27 Jean-Paul Calderone <exarkun@twistedmatrix.com> 388 389 * Changed all docstrings in extension modules to be friendlier 390 towards Python programmers. Fixes LP#312787. 391 3922009-05-27 Jean-Paul Calderone <exarkun@twistedmatrix.com> 393 394 * src/crypto/x509ext.c: Correctly deallocate the new Extension 395 instance when there is an error initializing it and it is not 396 going to be returned. Resolves LP#368043. 397 3982009-05-11 Jean-Paul Calderone <exarkun@twistedmatrix.com> 399 400 * test/test_crypto.py: Use binary mode for the pipe to talk to the 401 external openssl binary. The data being transported over this 402 pipe is indeed binary, so previously it would often be truncated 403 or otherwise mangled. 404 405 * src/ssl/connection.h, src/ssl/connection.c, test/test_ssl.py: 406 Extend the Connection class with support for in-memory BIOs. This 407 allows SSL to be run without a real socket, useful for 408 implementing EAP-TLS or using SSL with Windows IO completion 409 ports, for example. Based heavily on contributions from Rick 410 Dean. 411 4122009-04-25 Jean-Paul Calderone <exarkun@twistedmatrix.com> 413 414 * Release 0.9 415 4162009-04-01 Jean-Paul Calderone <exarkun@twistedmatrix.com> 417 Samuele Pedroni <pedronis@openend.se> 418 419 * src/util.h: Delete the TLS key before trying to set a new value 420 for it in case the current thread identifier is a recycled one (if 421 it is recycled, the key won't be set because there is already a 422 value from the previous thread to have this identifier and to use 423 the pyOpenSSL API). 424 4252009-04-01 Jean-Paul Calderone <exarkun@twistedmatrix.com> 426 427 * src/crypto/crypto.c: Add FILETYPE_TEXT for dumping keys and 428 certificates and certificate signature requests to a text format. 429 4302008-12-31 Jean-Paul Calderone <exarkun@twistedmatrix.com> 431 432 * src/crypto/x509ext.c, test/test_crypto.py: Add the get_short_name 433 method to X509Extension based on patch from Alex Stapleton. 434 4352008-12-31 Jean-Paul Calderone <exarkun@twistedmatrix.com> 436 437 * src/crypto/x509ext.c, test/test_crypto.py: Fix X509Extension so 438 that it is possible to instantiate extensions which use s2i or r2i 439 instead of v2i (an extremely obscure extension implementation 440 detail). 441 4422008-12-30 Jean-Paul Calderone <exarkun@twistedmatrix.com> 443 444 * MANIFEST.in, src/crypto/crypto.c, src/crypto/x509.c, 445 src/crypto/x509name.c, src/rand/rand.c, src/ssl/context.c: Changes 446 which eliminate compiler warnings but should not change any 447 behavior. 448 4492008-12-28 Jean-Paul Calderone <exarkun@twistedmatrix.com> 450 451 * test/test_ssl.py, src/ssl/ssl.c: Expose DTLS-related constants, 452 OP_NO_QUERY_MTU, OP_COOKIE_EXCHANGE, and OP_NO_TICKET. 453 4542008-12-28 Jean-Paul Calderone <exarkun@twistedmatrix.com> 455 456 * src/ssl/context.c: Add a capath parameter to 457 Context.load_verify_locations to allow Python code to specify 458 either or both arguments to the underlying 459 SSL_CTX_load_verify_locations API. 460 * src/ssl/context.c: Add Context.set_default_verify_paths, a wrapper 461 around SSL_CTX_set_default_verify_paths. 462 4632008-12-28 Jean-Paul Calderone <exarkun@twistedmatrix.com> 464 465 * test/test_crypto.py, src/crypto/x509req.c: Added get_version and 466 set_version_methods to X509ReqType based on patch from Wouter van 467 Bommel. Resolves LP#274418. 468 4692008-09-22 Jean-Paul Calderone <exarkun@twistedmatrix.com> 470 471 * Release 0.8 472 4732008-10-19 Jean-Paul Calderone <exarkun@twistedmatrix.com> 474 475 * tsafe.py: Revert the deprecation of the thread-safe Connection 476 wrapper. The Connection class should not segfault if used from 477 multiple threads now, but it generally cannot be relied on to 478 produce correct results if used without the thread-safe wrapper. 479 * doc/pyOpenSSL.tex: Correct the documentation for the set_passwd_cb 480 callback parameter so that it accurately describes the required 481 signature. 482 4832008-09-22 Jean-Paul Calderone <exarkun@twistedmatrix.com> 484 485 * Release 0.8a1 486 4872008-09-21 Jean-Paul Calderone <exarkun@twistedmatrix.com> 488 489 * src/ssl/ssl.h, src/ssl/ssl.c: Add a thread-local storage key 490 which will be used to store and retrieve PyThreadState pointers 491 whenever it is necessary to release or re-acquire the GIL. 492 493 * src/ssl/context.c: Change global_verify_callback so that it 494 unconditionally manipulates the Python threadstate, rather than 495 checking the tstate field which is now always NULL. 496 4972008-04-26 Jean-Paul Calderone <exarkun@twistedmatrix.com> 498 499 * src/ssl/context.c: Change global_passphrase_callback and 500 global_info_callback so that they acquire the GIL before 501 invoking any CPython APIs and do not release it until after they 502 are finished invoking all of them (based heavily on on patch 503 from Dan Williams). 504 * src/ssl/crypto.c: Initialize OpenSSL thread support so that it 505 is valid to use OpenSSL APIs from more than one thread (based on 506 patch from Dan Williams). 507 * test/test_crypto.py: Add tests for load_privatekey and 508 dump_privatekey when a passphrase or a passphrase callback is 509 supplied. 510 * test/test_ssl.py: Add tests for Context.set_passwd_cb and 511 Context.set_info_callback. 512 5132008-04-11 Jean-Paul Calderone <exarkun@twistedmatrix.com> 514 515 * Release 0.7 516 5172008-03-26 Jean-Paul Calderone <exarkun@twistedmatrix.com> 518 519 * src/crypto/x509name.c: Add X509Name.get_components 520 5212008-03-25 Jean-Paul Calderone <exarkun@twistedmatrix.com> 522 523 * src/crypto/x509name.c: Add hash and der methods to X509Name. 524 * src/crypto/x509.c: Fix a bug in X509.get_notBefore and 525 X509.get_notAfter preventing UTCTIME format timestamps from 526 working. 527 5282008-03-12 Jean-Paul Calderone <exarkun@twistedmatrix.com> 529 530 * Fix coding problems in examples/. Remove keys and certificates 531 and add a note about how to generate new ones. 532 5332008-03-09 Jean-Paul Calderone <exarkun@twistedmatrix.com> 534 535 * src/crypto/x509.c: Add getters and setters for the notBefore and 536 notAfter attributes of X509s. 537 * src/crypto/pkey.h, src/crypto/pkey.c, src/crypto/x509req.c, 538 src/crypto/x509.c: Track the initialized and public/private state 539 of EVP_PKEY structures underlying the crypto_PKeyObj type and 540 reject X509Req signature operations on keys not suitable for the 541 task. 542 5432008-03-06 Jean-Paul Calderone <exarkun@twistedmatrix.com> 544 545 * src/crypto/x509name.c: Fix tp_compare so it only returns -1, 0, or 546 1. This eliminates a RuntimeWarning emitted by Python. 547 * src/crypto/x509req.c: Fix reference counting for X509Name returned 548 by X509Req.get_subject. This removes a segfault when the subject 549 name outlives the request object. 550 * src/crypto/x509.c: Change get_serial_number and set_serial_number 551 to accept Python longs. 552 * doc/pyOpenSSL.tex: A number of minor corrections. 553 5542008-03-03 Jean-Paul Calderone <exarkun@twistedmatrix.com> 555 556 * src/crypto/crypto.c: Expose X509_verify_cert_error_string. (patch 557 from Victor Stinner) 558 5592008-02-22 Jean-Paul Calderone <exarkun@twistedmatrix.com> 560 561 * src/ssl/connection.c src/ssl/context.c src/ssl/ssl.c: Fix 562 compilation on Windows. (patch from Michael Schneider) 563 5642008-02-21 Jean-Paul Calderone <exarkun@twistedmatrix.com> 565 566 * src/ssl/connection.c: Expose SSL_get_shutdown and 567 SSL_set_shutdown. (patch from James Knight) 568 * src/ssl/ssl.c: Expose SSL_SENT_SHUTDOWN and SSL_RECEIVED_SHUTDOWN. 569 (patch from James Knight) 570 5712008-02-19 Jean-Paul Calderone <exarkun@twistedmatrix.com> 572 573 * src/ssl/context.c: Expose SSL_CTX_add_extra_chain_cert. 574 * src/crypto/x509name.c: Fix memory leaks in __getattr__ and 575 __setattr_ implementations. 576 * src/crypto/x509.c: Fix memory leak in X509.get_pubkey(). 577 * leakcheck/: An attempt at a systematic approach to leak 578 elimination. 579 5802004-08-13 Martin Sjögren <msjogren@gmail.com> 581 582 * Released version 0.6. 583 5842004-08-11 Martin Sjögren <msjogren@gmail.com> 585 586 * doc/pyOpenSSL.tex: Updates to the docs. 587 5882004-08-10 Martin Sjögren <msjogren@gmail.com> 589 590 * src/crypto/x509.c: Add X509.add_extensions based on a patch 591 from Han S. Lee. 592 * src/ssl/ssl.c: Add more SSL_OP_ constants. Patch from Mihai 593 Ibanescu. 594 5952004-08-09 Martin Sjögren <msjogren@gmail.com> 596 597 * setup.py src/crypto/: Add support for Netscape SPKI extensions 598 based on a patch from Tollef Fog Heen. 599 * src/crypto/crypto.c: Add support for python passphrase callbacks 600 based on a patch from Robert Olson. 601 6022004-08-03 Martin Sjögren <msjogren@gmail.com> 603 604 * src/ssl/context.c: Applied patch from Frederic Peters to add 605 Context.use_certificate_chain_file. 606 * src/crypto/x509.c: Applid patch from Tollef Fog Heen to add 607 X509.subject_name_hash and X509.digest. 608 6092004-08-02 Martin Sjögren <msjogren@gmail.com> 610 611 * src/crypto/crypto.c src/ssl/ssl.c: Applied patch from Bastian 612 Kleineidam to fix full names of exceptions. 613 6142004-07-19 Martin Sjögren <msjogren@gmail.com> 615 616 * doc/pyOpenSSL.tex: Fix the errors regarding X509Name's field names. 617 6182004-07-18 Martin Sjögren <msjogren@gmail.com> 619 620 * examples/certgen.py: Fixed wrong attributes in doc string, thanks 621 Remy. (SFbug#913315) 622 * __init__.py, setup.py, version.py: Add __version__, as suggested by 623 Ronald Oussoren in SFbug#888729. 624 * examples/proxy.py: Fix typos, thanks Mihai Ibanescu. (SFpatch#895820) 625 6262003-01-09 Martin Sjögren <martin@strakt.com> 627 628 * Use cyclic GC protocol in SSL.Connection, SSL.Context, crypto.PKCS12 629 and crypto.X509Name. 630 6312002-12-02 Martin Sjögren <martin@strakt.com> 632 633 * tsafe.py: Add some missing methods. 634 6352002-10-06 Martin Sjögren <martin@strakt.com> 636 637 * __init__.py: Import tsafe too! 638 6392002-10-05 Martin Sjögren <martin@strakt.com> 640 641 * src/crypto/x509name.c: Use unicode strings instead of ordinary 642 strings in getattr/setattr. Note that plain ascii strings should 643 still work. 644 6452002-09-17 Martin Sjögren <martin@strakt.com> 646 647 * Released version 0.5.1. 648 6492002-09-09 Martin Sjögren <martin@strakt.com> 650 651 * setup.cfg: Fixed build requirements for rpms. 652 6532002-09-07 Martin Sjögren <martin@strakt.com> 654 655 * src/ssl/connection.c: Fix sendall() method. It segfaulted because 656 it was too generous about giving away the GIL. 657 * Added SecureXMLRPCServer example, contributed by Michal Wallace. 658 6592002-09-06 Martin Sjögren <martin@strakt.com> 660 661 * setup.cfg: Updated the build requirements. 662 * src/ssl/connection.c: Fix includes for AIX. 663 6642002-09-04 Anders Hammarquist <iko@strakt.com> 665 666 * Added type checks in all the other places where we expect 667 specific types of objects passed. 668 6692002-09-04 Martin Sjögren <martin@strakt.com> 670 671 * src/crypto/crypto.c: Added an explicit type check in the dump_* 672 functions, so that they won't die when e.g. None is passed in. 673 6742002-08-25 Martin Sjögren <martin@strakt.com> 675 676 * doc/pyOpenSSL.tex: Docs for PKCS12. 677 6782002-08-24 Martin Sjögren <martin@strakt.com> 679 680 * src/crypto: Added basic PKCS12 support, thanks to Mark Welch 681 <mark@collab.net> 682 6832002-08-16 Martin Sjögren <martin@strakt.com> 684 685 * D'oh! Fixes for python 1.5 and python 2.1. 686 6872002-08-15 Martin Sjögren <martin@strakt.com> 688 689 * Version 0.5. Yay! 690 6912002-07-25 Martin Sjögren <martin@strakt.com> 692 693 * src/ssl/context.c: Added set_options method. 694 * src/ssl/ssl.c: Added constants for Context.set_options method. 695 6962002-07-23 Martin Sjögren <martin@strakt.com> 697 698 * Updated docs 699 * src/ssl/connection.c: Changed the get_cipher_list method to actually 700 return a list! WARNING: This change makes the API incompatible with 701 earlier versions! 702 7032002-07-15 Martin Sjögren <martin@strakt.com> 704 705 * src/ssl/connection.[ch]: Removed the fileno method, it uses the 706 transport object's fileno instead. 707 7082002-07-09 Martin Sjögren <martin@strakt.com> 709 710 * src/crypto/x509.c src/crypto/x509name.c: Fixed segfault bug where 711 you used an X509Name after its X509 had been destroyed. 712 * src/crypto/crypto.[ch] src/crypto/x509req.c src/crypto/x509ext.[ch]: 713 Added X509 Extension support. Thanks to maas-Maarten Zeeman 714 <maas@awanim.com> 715 * src/crypto/pkey.c: Added bits() and type() methods. 716 7172002-07-08 Martin Sjögren <martin@strakt.com> 718 719 * src/ssl/connection.c: Moved the contents of setup_ssl into the 720 constructor, thereby fixing some segfault bugs :) 721 * src/ssl/connection.c: Added connect_ex and sendall methods. 722 * src/crypto/x509name.c: Cleaned up comparisons and NID lookup. 723 Thank you Maas-Maarten Zeeman <maas@awanim.com> 724 * src/rand/rand.c: Fix RAND_screen import. 725 * src/crypto/crypto.c src/crypto/pkcs7.[ch]: Added PKCS7 management, 726 courtesy of Maas-Maarten Zeeman <maas@awanim.com> 727 * src/crypto/x509req.c: Added verify method. 728 7292002-06-17 Martin Sjögren <martin@strakt.com> 730 731 * rpm/, setup.cfg: Added improved RPM-building stuff, thanks to 732 Mihai Ibanescu <misa@redhat.com> 733 7342002-06-14 Martin Sjögren <martin@strakt.com> 735 736 * examples/proxy.py: Example code for using OpenSSL through a proxy 737 contributed by Mihai Ibanescu <misa@redhat.com> 738 * Updated installation instruction and added them to the TeX manual. 739 7402002-06-13 Martin Sjögren <martin@strakt.com> 741 742 * src/ssl/context.c: Changed global_verify_callback so that it uses 743 PyObject_IsTrue instead of requiring ints. 744 * Added pymemcompat.h to make the memory management uniform and 745 backwards-compatible. 746 * src/util.h: Added conditional definition of PyModule_AddObject and 747 PyModule_AddIntConstant 748 * src/ssl/connection.c: Socket methods are no longer explicitly 749 wrapped. fileno() is the only method the transport layer object HAS 750 to support, but if you want to use connect, accept or sock_shutdown, 751 then the transport layer object has to supply connect, accept 752 and shutdown respectively. 753 7542002-06-12 Martin Sjögren <martin@strakt.com> 755 756 * Changed comments to docstrings that are visible in Python. 757 * src/ssl/connection.c: Added set_connect_state and set_accept_state 758 methods. Thanks to Mark Welch <mark@collab.net> for this. 759 7602002-06-11 Martin Sjögren <martin@strakt.com> 761 762 * src/ssl/connection.c: accept and connect now use SSL_set_accept_state 763 and SSL_set_connect_state respectively, instead of SSL_accept and 764 SSL_connect. 765 * src/ssl/connection.c: Added want_read and want_write methods. 766 7672002-06-05 Martin Sjögren <martin@strakt.com> 768 769 * src/ssl/connection.c: Added error messages for windows. The code is 770 copied from Python's socketmodule.c. Ick. 771 * src/ssl/connection.c: Changed the parameters to the SysCallError. It 772 always has a tuple (number, string) now, even though the number 773 might not always be useful. 774 7752002-04-05 Martin Sjögren <md9ms@mdstud.chalmers.se> 776 777 * Worked more on the Debian packaging, hopefully the packages 778 are getting into the main Debian archive soon. 779 7802002-01-10 Martin Sjögren <martin@strakt.com> 781 782 * Worked some more on the Debian packaging, it's turning out real 783 nice. 784 * Changed format on this file, I'm going to try to be a bit more 785 verbose about my changes, and this format makes it easier. 786 7872002-01-08 Martin Sjögren <martin@strakt.com> 788 789 * Version 0.4.1 790 * Added some example code 791 * Added the thread safe Connection object in the 'tsafe' submodule 792 * New Debian packaging 793 7942001-08-09 Martin Sjögren <martin@strakt.com> 795 796 * Version 0.4 797 * Added a compare function for X509Name structures. 798 * Moved the submodules to separate .so files, with tiny C APIs so they 799 can communicate 800 * Skeletal OpenSSL/__init__.py 801 * Removed the err submodule, use crypto.Error and SSL.Error instead 802 8032001-08-06 Martin Sjögren <martin@strakt.com> 804 805 * Version 0.3 806 * Added more types for dealing with certificates (X509Store, X509Req, 807 PKey) 808 * Functionality to load private keys, certificates and certificate 809 requests from memory buffers, and store them too 810 * X509 and X509Name objects can now be modified as well, very neat when 811 creating certificates ;) 812 * Added SSL_MODE_AUTO_RETRY to smooth things for blocking sockets 813 * Added a sock_shutdown() method to the Connection type 814 * I don't understand why, but I can't use Py_InitModule() to create 815 submodules in Python 2.0, the interpreter segfaults on the cleanup 816 process when I do. I added a conditional compile on the version 817 number, falling back to my own routine. It would of course be nice to 818 investigate what is happening, but I don't have the time to do so 819 * Do INCREF on the type objects before inserting them in the 820 dictionary, so they will never reach refcount 0 (they are, after all, 821 statically allocated) 822 8232001-07-30 Martin Sjögren <martin@strakt.com> 824 825 * Version 0.2 826 * Lots of tweaking and comments in the code 827 * Now uses distutils instead of the stupid Setup file 828 * Hacked doc/tools/mkhowto, html generation should now work 829 8302001-07-16 Martin Sjögren <martin@strakt.com> 831 832 * Initial release (0.1, don't expect much from this one :-) 833 834