Changelog¶
Versions are year-based with a strict backward-compatibility policy. The third digit is only for regressions.
16.0.0 (2016-03-19)¶
This is the first release under full stewardship of PyCA. We have made many changes to make local development more pleasing. The test suite now passes both on Linux and OS X with OpenSSL 0.9.8, 1.0.1, and 1.0.2. It has been moved to py.test, all CI test runs are part of tox and the source code has been made fully flake8 compliant.
We hope to have lowered the barrier for contributions significantly but are open to hear about any remaining frustrations.
Backward-incompatible changes:¶
- Python 3.2 support has been dropped.
It never had significant real world usage and has been dropped by our main dependency
cryptography
. Affected users should upgrade to Python 3.3 or later.
Deprecations:¶
The support for EGD has been removed. The only affected function
OpenSSL.rand.egd()
now usesos.urandom()
to seed the internal PRNG instead. Please see pyca/cryptography#1636 for more background information on this decision. In accordance with our backward compatibility policyOpenSSL.rand.egd()
will be removed no sooner than a year from the release of 16.0.0.Please note that you should use urandom for all your secure random number needs.
Python 2.6 support has been deprecated. Our main dependency
cryptography
deprecated 2.6 in version 0.9 (2015-05-14) with no time table for actually dropping it. pyOpenSSL will drop Python 2.6 support oncecryptography
does.
Changes:¶
- Fixed
OpenSSL.SSL.Context.set_session_id
,OpenSSL.SSL.Connection.renegotiate
,OpenSSL.SSL.Connection.renegotiate_pending
, andOpenSSL.SSL.Context.load_client_ca
. They were lacking an implementation since 0.14. #422 - Fixed segmentation fault when using keys larger than 4096-bit to sign data. #428
- Fixed
AttributeError
whenOpenSSL.SSL.Connection.get_app_data()
was called before setting any app data. #304 - Added
OpenSSL.crypto.dump_publickey()
to dumpOpenSSL.crypto.PKey
objects that represent public keys, andOpenSSL.crypto.load_publickey()
to load such objects from serialized representations. #382 - Added
OpenSSL.crypto.dump_crl()
to dump a certificate revocation list out to a string buffer. #368 - Added
OpenSSL.SSL.Connection.get_state_string()
using the OpenSSL bindingstate_string_long
. #358 - Added support for the
socket.MSG_PEEK
flag toOpenSSL.SSL.Connection.recv()
andOpenSSL.SSL.Connection.recv_into()
. #294 - Added
OpenSSL.SSL.Connection.get_protocol_version()
andOpenSSL.SSL.Connection.get_protocol_version_name()
. #244 - Switched to
utf8string
mask by default. OpenSSL formerly defaulted to aT61String
if there were UTF-8 characters present. This was changed to default toUTF8String
in the config around 2005, but the actual code didn’t change it until late last year. This will default us to the setting that actually works. To revert this you can callOpenSSL.crypto._lib.ASN1_STRING_set_default_mask_asc(b"default")
. #234
Older Changelog Entries¶
The changes from before release 16.0.0 are preserved in the repository.