<!DOCTYPE html> <!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]--> <!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]--> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Changelog — pyOpenSSL 16.1.0 documentation</title> <link rel="stylesheet" href="_static/css/theme.css" type="text/css" /> <link rel="index" title="Index" href="genindex.html"/> <link rel="search" title="Search" href="search.html"/> <link rel="top" title="pyOpenSSL 16.1.0 documentation" href="index.html"/> <link rel="prev" title="Backward Compatibility" href="backward-compatibility.html"/> <script src="_static/js/modernizr.min.js"></script> </head> <body class="wy-body-for-nav" role="document"> <div class="wy-grid-for-nav"> <nav data-toggle="wy-nav-shift" class="wy-nav-side"> <div class="wy-side-scroll"> <div class="wy-side-nav-search"> <a href="index.html" class="icon icon-home"> pyOpenSSL </a> <div class="version"> 16.1.0 </div> <div role="search"> <form id="rtd-search-form" class="wy-form" action="search.html" method="get"> <input type="text" name="q" placeholder="Search docs" /> <input type="hidden" name="check_keywords" value="yes" /> <input type="hidden" name="area" value="default" /> </form> </div> </div> <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation"> <ul> <li class="toctree-l1"><a class="reference internal" href="introduction.html">Introduction</a></li> <li class="toctree-l1"><a class="reference internal" href="install.html">Installation</a></li> <li class="toctree-l1"><a class="reference internal" href="api.html"><code class="docutils literal"><span class="pre">OpenSSL</span></code> — Python interface to OpenSSL</a></li> <li class="toctree-l1"><a class="reference internal" href="internals.html">Internals</a></li> </ul> <ul class="current"> <li class="toctree-l1"><a class="reference internal" href="backward-compatibility.html">Backward Compatibility</a></li> <li class="toctree-l1 current"><a class="current reference internal" href="#">Changelog</a><ul> <li class="toctree-l2"><a class="reference internal" href="#id1">16.1.0 (2016-08-26)</a><ul> <li class="toctree-l3"><a class="reference internal" href="#backward-incompatible-changes">Backward-incompatible changes:</a></li> <li class="toctree-l3"><a class="reference internal" href="#deprecations">Deprecations:</a></li> <li class="toctree-l3"><a class="reference internal" href="#changes">Changes:</a></li> </ul> </li> <li class="toctree-l2"><a class="reference internal" href="#id5">16.0.0 (2016-03-19)</a><ul> <li class="toctree-l3"><a class="reference internal" href="#id6">Backward-incompatible changes:</a></li> <li class="toctree-l3"><a class="reference internal" href="#id7">Deprecations:</a></li> <li class="toctree-l3"><a class="reference internal" href="#id8">Changes:</a></li> </ul> </li> <li class="toctree-l2"><a class="reference internal" href="#older-changelog-entries">Older Changelog Entries</a></li> </ul> </li> </ul> </div> </div> </nav> <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"> <nav class="wy-nav-top" role="navigation" aria-label="top navigation"> <i data-toggle="wy-nav-top" class="fa fa-bars"></i> <a href="index.html">pyOpenSSL</a> </nav> <div class="wy-nav-content"> <div class="rst-content"> <div role="navigation" aria-label="breadcrumbs navigation"> <ul class="wy-breadcrumbs"> <li><a href="index.html">Docs</a> »</li> <li>Changelog</li> <li class="wy-breadcrumbs-aside"> <a href="_sources/changelog.txt" rel="nofollow"> View page source</a> </li> </ul> <hr/> </div> <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article"> <div itemprop="articleBody"> <div class="section" id="changelog"> <h1>Changelog<a class="headerlink" href="#changelog" title="Permalink to this headline">¶</a></h1> <p>Versions are year-based with a strict backward-compatibility policy. The third digit is only for regressions.</p> <div class="section" id="id1"> <h2>16.1.0 (2016-08-26)<a class="headerlink" href="#id1" title="Permalink to this headline">¶</a></h2> <div class="section" id="backward-incompatible-changes"> <h3>Backward-incompatible changes:<a class="headerlink" href="#backward-incompatible-changes" title="Permalink to this headline">¶</a></h3> <p><em>none</em></p> </div> <div class="section" id="deprecations"> <h3>Deprecations:<a class="headerlink" href="#deprecations" title="Permalink to this headline">¶</a></h3> <p><em>none</em></p> </div> <div class="section" id="changes"> <h3>Changes:<a class="headerlink" href="#changes" title="Permalink to this headline">¶</a></h3> <ul class="simple"> <li>Fix memory leak in <code class="docutils literal"><span class="pre">OpenSSL.crypto.dump_privatekey()</span></code> with <code class="docutils literal"><span class="pre">FILETYPE_TEXT</span></code>. <a class="reference external" href="https://github.com/pyca/pyopenssl/pull/496">#496</a></li> <li>Enable use of CRL (and more) in verify context. <a class="reference external" href="https://github.com/pyca/pyopenssl/pull/483">#483</a></li> <li><code class="docutils literal"><span class="pre">OpenSSL.crypto.PKey</span></code> can now be constructed from <code class="docutils literal"><span class="pre">cryptography</span></code> objects and also exported as such. <a class="reference external" href="https://github.com/pyca/pyopenssl/pull/439">#439</a></li> <li>Support newer versions of <code class="docutils literal"><span class="pre">cryptography</span></code> which use opaque structs for OpenSSL 1.1.0 compatibility.</li> </ul> </div> </div> <hr class="docutils" /> <div class="section" id="id5"> <h2>16.0.0 (2016-03-19)<a class="headerlink" href="#id5" title="Permalink to this headline">¶</a></h2> <p>This is the first release under full stewardship of PyCA. We have made <em>many</em> changes to make local development more pleasing. The test suite now passes both on Linux and OS X with OpenSSL 0.9.8, 1.0.1, and 1.0.2. It has been moved to <a class="reference external" href="https://pytest.org/">py.test</a>, all CI test runs are part of <a class="reference external" href="https://testrun.org/tox/">tox</a> and the source code has been made fully <a class="reference external" href="https://flake8.readthedocs.io/">flake8</a> compliant.</p> <p>We hope to have lowered the barrier for contributions significantly but are open to hear about any remaining frustrations.</p> <div class="section" id="id6"> <h3>Backward-incompatible changes:<a class="headerlink" href="#id6" title="Permalink to this headline">¶</a></h3> <ul class="simple"> <li>Python 3.2 support has been dropped. It never had significant real world usage and has been dropped by our main dependency <code class="docutils literal"><span class="pre">cryptography</span></code>. Affected users should upgrade to Python 3.3 or later.</li> </ul> </div> <div class="section" id="id7"> <h3>Deprecations:<a class="headerlink" href="#id7" title="Permalink to this headline">¶</a></h3> <ul> <li><p class="first">The support for EGD has been removed. The only affected function <code class="docutils literal"><span class="pre">OpenSSL.rand.egd()</span></code> now uses <code class="docutils literal"><span class="pre">os.urandom()</span></code> to seed the internal PRNG instead. Please see <a class="reference external" href="https://github.com/pyca/cryptography/pull/1636">pyca/cryptography#1636</a> for more background information on this decision. In accordance with our backward compatibility policy <code class="docutils literal"><span class="pre">OpenSSL.rand.egd()</span></code> will be <em>removed</em> no sooner than a year from the release of 16.0.0.</p> <p>Please note that you should <a class="reference external" href="http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/">use urandom</a> for all your secure random number needs.</p> </li> <li><p class="first">Python 2.6 support has been deprecated. Our main dependency <code class="docutils literal"><span class="pre">cryptography</span></code> deprecated 2.6 in version 0.9 (2015-05-14) with no time table for actually dropping it. pyOpenSSL will drop Python 2.6 support once <code class="docutils literal"><span class="pre">cryptography</span></code> does.</p> </li> </ul> </div> <div class="section" id="id8"> <h3>Changes:<a class="headerlink" href="#id8" title="Permalink to this headline">¶</a></h3> <ul class="simple"> <li>Fixed <code class="docutils literal"><span class="pre">OpenSSL.SSL.Context.set_session_id</span></code>, <code class="docutils literal"><span class="pre">OpenSSL.SSL.Connection.renegotiate</span></code>, <code class="docutils literal"><span class="pre">OpenSSL.SSL.Connection.renegotiate_pending</span></code>, and <code class="docutils literal"><span class="pre">OpenSSL.SSL.Context.load_client_ca</span></code>. They were lacking an implementation since 0.14. <a class="reference external" href="https://github.com/pyca/pyopenssl/pull/422">#422</a></li> <li>Fixed segmentation fault when using keys larger than 4096-bit to sign data. <a class="reference external" href="https://github.com/pyca/pyopenssl/pull/428">#428</a></li> <li>Fixed <code class="docutils literal"><span class="pre">AttributeError</span></code> when <code class="docutils literal"><span class="pre">OpenSSL.SSL.Connection.get_app_data()</span></code> was called before setting any app data. <a class="reference external" href="https://github.com/pyca/pyopenssl/pull/304">#304</a></li> <li>Added <code class="docutils literal"><span class="pre">OpenSSL.crypto.dump_publickey()</span></code> to dump <code class="docutils literal"><span class="pre">OpenSSL.crypto.PKey</span></code> objects that represent public keys, and <code class="docutils literal"><span class="pre">OpenSSL.crypto.load_publickey()</span></code> to load such objects from serialized representations. <a class="reference external" href="https://github.com/pyca/pyopenssl/pull/382">#382</a></li> <li>Added <code class="docutils literal"><span class="pre">OpenSSL.crypto.dump_crl()</span></code> to dump a certificate revocation list out to a string buffer. <a class="reference external" href="https://github.com/pyca/pyopenssl/pull/368">#368</a></li> <li>Added <code class="docutils literal"><span class="pre">OpenSSL.SSL.Connection.get_state_string()</span></code> using the OpenSSL binding <code class="docutils literal"><span class="pre">state_string_long</span></code>. <a class="reference external" href="https://github.com/pyca/pyopenssl/pull/358">#358</a></li> <li>Added support for the <code class="docutils literal"><span class="pre">socket.MSG_PEEK</span></code> flag to <code class="docutils literal"><span class="pre">OpenSSL.SSL.Connection.recv()</span></code> and <code class="docutils literal"><span class="pre">OpenSSL.SSL.Connection.recv_into()</span></code>. <a class="reference external" href="https://github.com/pyca/pyopenssl/pull/294">#294</a></li> <li>Added <code class="docutils literal"><span class="pre">OpenSSL.SSL.Connection.get_protocol_version()</span></code> and <code class="docutils literal"><span class="pre">OpenSSL.SSL.Connection.get_protocol_version_name()</span></code>. <a class="reference external" href="https://github.com/pyca/pyopenssl/pull/244">#244</a></li> <li>Switched to <code class="docutils literal"><span class="pre">utf8string</span></code> mask by default. OpenSSL formerly defaulted to a <code class="docutils literal"><span class="pre">T61String</span></code> if there were UTF-8 characters present. This was changed to default to <code class="docutils literal"><span class="pre">UTF8String</span></code> in the config around 2005, but the actual code didn’t change it until late last year. This will default us to the setting that actually works. To revert this you can call <code class="docutils literal"><span class="pre">OpenSSL.crypto._lib.ASN1_STRING_set_default_mask_asc(b"default")</span></code>. <a class="reference external" href="https://github.com/pyca/pyopenssl/pull/234">#234</a></li> </ul> </div> </div> <hr class="docutils" /> <div class="section" id="older-changelog-entries"> <h2>Older Changelog Entries<a class="headerlink" href="#older-changelog-entries" title="Permalink to this headline">¶</a></h2> <p>The changes from before release 16.0.0 are preserved in the <a class="reference external" href="https://github.com/pyca/pyopenssl/blob/master/doc/ChangeLog_old.txt">repository</a>.</p> </div> </div> </div> </div> <footer> <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation"> <a href="backward-compatibility.html" class="btn btn-neutral" title="Backward Compatibility" accesskey="p"><span class="fa fa-arrow-circle-left"></span> Previous</a> </div> <hr/> <div role="contentinfo"> <p> © Copyright 2001-2017, The pyOpenSSL developers. </p> </div> Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>. </footer> </div> </div> </section> </div> <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT:'./', VERSION:'16.1.0', COLLAPSE_INDEX:false, FILE_SUFFIX:'.html', HAS_SOURCE: true }; </script> <script type="text/javascript" src="_static/jquery.js"></script> <script type="text/javascript" src="_static/underscore.js"></script> <script type="text/javascript" src="_static/doctools.js"></script> <script type="text/javascript" src="_static/js/theme.js"></script> <script type="text/javascript"> jQuery(function () { SphinxRtdTheme.StickyNav.enable(); }); </script> </body> </html>