========================================================
pyOpenSSL -- A Python wrapper around the OpenSSL library
========================================================
.. image:: https://readthedocs.org/projects/pyopenssl/badge/?version=stable
:target: https://pyopenssl.org/en/stable/
:alt: Stable Docs
.. image:: https://github.com/pyca/pyopenssl/workflows/CI/badge.svg?branch=main
:target: https://github.com/pyca/pyopenssl/actions?query=workflow%3ACI+branch%3Amain
**Note:** The Python Cryptographic Authority **strongly suggests** the use of `pyca/cryptography`_
where possible. If you are using pyOpenSSL for anything other than making a TLS connection
**you should move to cryptography and drop your pyOpenSSL dependency**.
High-level wrapper around a subset of the OpenSSL library. Includes
* ``SSL.Connection`` objects, wrapping the methods of Python's portable sockets
* Callbacks written in Python
* Extensive error-handling mechanism, mirroring OpenSSL's error codes
... and much more.
You can find more information in the documentation_.
Development takes place on GitHub_.
Discussion
==========
If you run into bugs, you can file them in our `issue tracker`_.
We maintain a cryptography-dev_ mailing list for both user and development discussions.
You can also join ``#pyca`` on ``irc.libera.chat`` to ask questions or get involved.
.. _documentation: https://pyopenssl.org/
.. _`issue tracker`: https://github.com/pyca/pyopenssl/issues
.. _cryptography-dev: https://mail.python.org/mailman/listinfo/cryptography-dev
.. _GitHub: https://github.com/pyca/pyopenssl
.. _`pyca/cryptography`: https://github.com/pyca/cryptography
Release Information
===================
24.3.0 (2024-11-27)
-------------------
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Removed the deprecated ``OpenSSL.crypto.CRL``, ``OpenSSL.crypto.Revoked``, ``OpenSSL.crypto.dump_crl``, and ``OpenSSL.crypto.load_crl``. ``cryptography.x509``'s CRL functionality should be used instead.
- Removed the deprecated ``OpenSSL.crypto.sign`` and ``OpenSSL.crypto.verify``. ``cryptography.hazmat.primitives.asymmetric``'s signature APIs should be used instead.
Deprecations:
^^^^^^^^^^^^^
- Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead.
- Deprecated ``add_extensions`` and ``get_extensions`` on ``OpenSSL.crypto.X509Req`` and ``OpenSSL.crypto.X509``. These should have been deprecated at the same time ``X509Extension`` was. Users should use pyca/cryptography's X.509 APIs instead.
- Deprecated ``OpenSSL.crypto.get_elliptic_curves`` and ``OpenSSL.crypto.get_elliptic_curve``, as well as passing the reult of them to ``OpenSSL.SSL.Context.set_tmp_ecdh``, users should instead pass curves from ``cryptography``.
- Deprecated passing ``X509`` objects to ``OpenSSL.SSL.Context.use_certificate``, ``OpenSSL.SSL.Connection.use_certificate``, ``OpenSSL.SSL.Context.add_extra_chain_cert``, and ``OpenSSL.SSL.Context.add_client_ca``, users should instead pass ``cryptography.x509.Certificate`` instances. This is in preparation for deprecating pyOpenSSL's ``X509`` entirely.
- Deprecated passing ``PKey`` objects to ``OpenSSL.SSL.Context.use_privatekey`` and ``OpenSSL.SSL.Connection.use_privatekey``, users should instead pass ``cryptography`` priate key instances. This is in preparation for deprecating pyOpenSSL's ``PKey`` entirely.
Changes:
^^^^^^^^
* ``cryptography`` maximum version has been increased to 44.0.x.
* ``OpenSSL.SSL.Connection.get_certificate``, ``OpenSSL.SSL.Connection.get_peer_certificate``, ``OpenSSL.SSL.Connection.get_peer_cert_chain``, and ``OpenSSL.SSL.Connection.get_verified_chain`` now take an ``as_cryptography`` keyword-argument. When ``True`` is passed then ``cryptography.x509.Certificate`` are returned, instead of ``OpenSSL.crypto.X509``. In the future, passing ``False`` (the default) will be deprecated.
24.2.1 (2024-07-20)
-------------------
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Deprecations:
^^^^^^^^^^^^^
Changes:
^^^^^^^^
- Fixed changelog to remove sphinx specific restructured text strings.
24.2.0 (2024-07-20)
-------------------
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Deprecations:
^^^^^^^^^^^^^
- Deprecated ``OpenSSL.crypto.X509Req``, ``OpenSSL.crypto.load_certificate_request``, ``OpenSSL.crypto.dump_certificate_request``. Instead, ``cryptography.x509.CertificateSigningRequest``, ``cryptography.x509.CertificateSigningRequestBuilder``, ``cryptography.x509.load_der_x509_csr``, or ``cryptography.x509.load_pem_x509_csr`` should be used.
Changes:
^^^^^^^^
- Added type hints for the ``SSL`` module.
`#1308 <https://github.com/pyca/pyopenssl/pull/1308>`_.
- Changed ``OpenSSL.crypto.PKey.from_cryptography_key`` to accept public and private EC, ED25519, ED448 keys.
`#1310 <https://github.com/pyca/pyopenssl/pull/1310>`_.
24.1.0 (2024-03-09)
-------------------
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Removed the deprecated ``OpenSSL.crypto.PKCS12`` and
``OpenSSL.crypto.NetscapeSPKI``. ``OpenSSL.crypto.PKCS12`` may be replaced
by the PKCS#12 APIs in the ``cryptography`` package.
Deprecations:
^^^^^^^^^^^^^
Changes:
^^^^^^^^
24.0.0 (2024-01-22)
-------------------
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Deprecations:
^^^^^^^^^^^^^
Changes:
^^^^^^^^
- Added ``OpenSSL.SSL.Connection.get_selected_srtp_profile`` to determine which SRTP profile was negotiated.
`#1279 <https://github.com/pyca/pyopenssl/pull/1279>`_.
23.3.0 (2023-10-25)
-------------------
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Dropped support for Python 3.6.
- The minimum ``cryptography`` version is now 41.0.5.
- Removed ``OpenSSL.crypto.load_pkcs7`` and ``OpenSSL.crypto.load_pkcs12`` which had been deprecated for 3 years.
- Added ``OpenSSL.SSL.OP_LEGACY_SERVER_CONNECT`` to allow legacy insecure renegotiation between OpenSSL and unpatched servers.
`#1234 <https://github.com/pyca/pyopenssl/pull/1234>`_.
Deprecations:
^^^^^^^^^^^^^
- Deprecated ``OpenSSL.crypto.PKCS12`` (which was intended to have been deprecated at the same time as ``OpenSSL.crypto.load_pkcs12``).
- Deprecated ``OpenSSL.crypto.NetscapeSPKI``.
- Deprecated ``OpenSSL.crypto.CRL``
- Deprecated ``OpenSSL.crypto.Revoked``
- Deprecated ``OpenSSL.crypto.load_crl`` and ``OpenSSL.crypto.dump_crl``
- Deprecated ``OpenSSL.crypto.sign`` and ``OpenSSL.crypto.verify``
- Deprecated ``OpenSSL.crypto.X509Extension``
Changes:
^^^^^^^^
- Changed ``OpenSSL.crypto.X509Store.add_crl`` to also accept
``cryptography``'s ``x509.CertificateRevocationList`` arguments in addition
to the now deprecated ``OpenSSL.crypto.CRL`` arguments.
- Fixed ``test_set_default_verify_paths`` test so that it is skipped if no
network connection is available.
23.2.0 (2023-05-30)
-------------------
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Removed ``X509StoreFlags.NOTIFY_POLICY``.
`#1213 <https://github.com/pyca/pyopenssl/pull/1213>`_.
Deprecations:
^^^^^^^^^^^^^
Changes:
^^^^^^^^
- ``cryptography`` maximum version has been increased to 41.0.x.
- Invalid versions are now rejected in ``OpenSSL.crypto.X509Req.set_version``.
- Added ``X509VerificationCodes`` to ``OpenSSL.SSL``.
`#1202 <https://github.com/pyca/pyopenssl/pull/1202>`_.
23.1.1 (2023-03-28)
-------------------
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Deprecations:
^^^^^^^^^^^^^
Changes:
^^^^^^^^
- Worked around an issue in OpenSSL 3.1.0 which caused `X509Extension.get_short_name` to raise an exception when no short name was known to OpenSSL.
`#1204 <https://github.com/pyca/pyopenssl/pull/1204>`_.
23.1.0 (2023-03-24)
-------------------
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Deprecations:
^^^^^^^^^^^^^
Changes:
^^^^^^^^
- ``cryptography`` maximum version has been increased to 40.0.x.
- Add ``OpenSSL.SSL.Connection.DTLSv1_get_timeout`` and ``OpenSSL.SSL.Connection.DTLSv1_handle_timeout``
to support DTLS timeouts `#1180 <https://github.com/pyca/pyopenssl/pull/1180>`_.
23.0.0 (2023-01-01)
-------------------
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Deprecations:
^^^^^^^^^^^^^
Changes:
^^^^^^^^
- Add ``OpenSSL.SSL.X509StoreFlags.PARTIAL_CHAIN`` constant to allow for users
to perform certificate verification on partial certificate chains.
`#1166 <https://github.com/pyca/pyopenssl/pull/1166>`_
- ``cryptography`` maximum version has been increased to 39.0.x.
22.1.0 (2022-09-25)
-------------------
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Remove support for SSLv2 and SSLv3.
- The minimum ``cryptography`` version is now 38.0.x (and we now pin releases
against ``cryptography`` major versions to prevent future breakage)
- The ``OpenSSL.crypto.X509StoreContextError`` exception has been refactored,
changing its internal attributes.
`#1133 <https://github.com/pyca/pyopenssl/pull/1133>`_
Deprecations:
^^^^^^^^^^^^^
- ``OpenSSL.SSL.SSLeay_version`` is deprecated in favor of
``OpenSSL.SSL.OpenSSL_version``. The constants ``OpenSSL.SSL.SSLEAY_*`` are
deprecated in favor of ``OpenSSL.SSL.OPENSSL_*``.
Changes:
^^^^^^^^
- Add ``OpenSSL.SSL.Connection.set_verify`` and ``OpenSSL.SSL.Connection.get_verify_mode``
to override the context object's verification flags.
`#1073 <https://github.com/pyca/pyopenssl/pull/1073>`_
- Add ``OpenSSL.SSL.Connection.use_certificate`` and ``OpenSSL.SSL.Connection.use_privatekey``
to set a certificate per connection (and not just per context) `#1121 <https://github.com/pyca/pyopenssl/pull/1121>`_.
22.0.0 (2022-01-29)
-------------------
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Drop support for Python 2.7.
`#1047 <https://github.com/pyca/pyopenssl/pull/1047>`_
- The minimum ``cryptography`` version is now 35.0.
Deprecations:
^^^^^^^^^^^^^
Changes:
^^^^^^^^
- Expose wrappers for some `DTLS
<https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security>`_
primitives. `#1026 <https://github.com/pyca/pyopenssl/pull/1026>`_
21.0.0 (2021-09-28)
-------------------
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- The minimum ``cryptography`` version is now 3.3.
- Drop support for Python 3.5
Deprecations:
^^^^^^^^^^^^^
Changes:
^^^^^^^^
- Raise an error when an invalid ALPN value is set.
`#993 <https://github.com/pyca/pyopenssl/pull/993>`_
- Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version``
to set the minimum and maximum supported TLS version `#985 <https://github.com/pyca/pyopenssl/pull/985>`_.
- Updated ``to_cryptography`` and ``from_cryptography`` methods to support an upcoming release of ``cryptography`` without raising deprecation warnings.
`#1030 <https://github.com/pyca/pyopenssl/pull/1030>`_
20.0.1 (2020-12-15)
-------------------
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Deprecations:
^^^^^^^^^^^^^
Changes:
^^^^^^^^
- Fixed compatibility with OpenSSL 1.1.0.
20.0.0 (2020-11-27)
-------------------
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- The minimum ``cryptography`` version is now 3.2.
- Remove deprecated ``OpenSSL.tsafe`` module.
- Removed deprecated ``OpenSSL.SSL.Context.set_npn_advertise_callback``, ``OpenSSL.SSL.Context.set_npn_select_callback``, and ``OpenSSL.SSL.Connection.get_next_proto_negotiated``.
- Drop support for Python 3.4
- Drop support for OpenSSL 1.0.1 and 1.0.2
Deprecations:
^^^^^^^^^^^^^
- Deprecated ``OpenSSL.crypto.load_pkcs7`` and ``OpenSSL.crypto.load_pkcs12``.
Changes:
^^^^^^^^
- Added a new optional ``chain`` parameter to ``OpenSSL.crypto.X509StoreContext()``
where additional untrusted certificates can be specified to help chain building.
`#948 <https://github.com/pyca/pyopenssl/pull/948>`_
- Added ``OpenSSL.crypto.X509Store.load_locations`` to set trusted
certificate file bundles and/or directories for verification.
`#943 <https://github.com/pyca/pyopenssl/pull/943>`_
- Added ``Context.set_keylog_callback`` to log key material.
`#910 <https://github.com/pyca/pyopenssl/pull/910>`_
- Added ``OpenSSL.SSL.Connection.get_verified_chain`` to retrieve the
verified certificate chain of the peer.
`#894 <https://github.com/pyca/pyopenssl/pull/894>`_.
- Make verification callback optional in ``Context.set_verify``.
If omitted, OpenSSL's default verification is used.
`#933 <https://github.com/pyca/pyopenssl/pull/933>`_
- Fixed a bug that could truncate or cause a zero-length key error due to a
null byte in private key passphrase in ``OpenSSL.crypto.load_privatekey``
and ``OpenSSL.crypto.dump_privatekey``.
`#947 <https://github.com/pyca/pyopenssl/pull/947>`_
19.1.0 (2019-11-18)
-------------------
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Removed deprecated ``ContextType``, ``ConnectionType``, ``PKeyType``, ``X509NameType``, ``X509ReqType``, ``X509Type``, ``X509StoreType``, ``CRLType``, ``PKCS7Type``, ``PKCS12Type``, and ``NetscapeSPKIType`` aliases.
Use the classes without the ``Type`` suffix instead.
`#814 <https://github.com/pyca/pyopenssl/pull/814>`_
- The minimum ``cryptography`` version is now 2.8 due to issues on macOS with a transitive dependency.
`#875 <https://github.com/pyca/pyopenssl/pull/875>`_
Deprecations:
^^^^^^^^^^^^^
- Deprecated ``OpenSSL.SSL.Context.set_npn_advertise_callback``, ``OpenSSL.SSL.Context.set_npn_select_callback``, and ``OpenSSL.SSL.Connection.get_next_proto_negotiated``.
ALPN should be used instead.
`#820 <https://github.com/pyca/pyopenssl/pull/820>`_
Changes:
^^^^^^^^
- Support ``bytearray`` in ``SSL.Connection.send()`` by using cffi's from_buffer.
`#852 <https://github.com/pyca/pyopenssl/pull/852>`_
- The ``OpenSSL.SSL.Context.set_alpn_select_callback`` can return a new ``NO_OVERLAPPING_PROTOCOLS`` sentinel value
to allow a TLS handshake to complete without an application protocol.
`Full changelog <https://pyopenssl.org/en/stable/changelog.html>`_.
Raw data
{
"_id": null,
"home_page": "https://pyopenssl.org/",
"name": "pyOpenSSL",
"maintainer": null,
"docs_url": "https://pythonhosted.org/pyOpenSSL/",
"requires_python": ">=3.7",
"maintainer_email": null,
"keywords": null,
"author": "The pyOpenSSL developers",
"author_email": "cryptography-dev@python.org",
"download_url": "https://files.pythonhosted.org/packages/c1/d4/1067b82c4fc674d6f6e9e8d26b3dff978da46d351ca3bac171544693e085/pyopenssl-24.3.0.tar.gz",
"platform": null,
"description": "========================================================\npyOpenSSL -- A Python wrapper around the OpenSSL library\n========================================================\n\n.. image:: https://readthedocs.org/projects/pyopenssl/badge/?version=stable\n :target: https://pyopenssl.org/en/stable/\n :alt: Stable Docs\n\n.. image:: https://github.com/pyca/pyopenssl/workflows/CI/badge.svg?branch=main\n :target: https://github.com/pyca/pyopenssl/actions?query=workflow%3ACI+branch%3Amain\n\n**Note:** The Python Cryptographic Authority **strongly suggests** the use of `pyca/cryptography`_\nwhere possible. If you are using pyOpenSSL for anything other than making a TLS connection\n**you should move to cryptography and drop your pyOpenSSL dependency**.\n\nHigh-level wrapper around a subset of the OpenSSL library. Includes\n\n* ``SSL.Connection`` objects, wrapping the methods of Python's portable sockets\n* Callbacks written in Python\n* Extensive error-handling mechanism, mirroring OpenSSL's error codes\n\n... and much more.\n\nYou can find more information in the documentation_.\nDevelopment takes place on GitHub_.\n\n\nDiscussion\n==========\n\nIf you run into bugs, you can file them in our `issue tracker`_.\n\nWe maintain a cryptography-dev_ mailing list for both user and development discussions.\n\nYou can also join ``#pyca`` on ``irc.libera.chat`` to ask questions or get involved.\n\n\n.. _documentation: https://pyopenssl.org/\n.. _`issue tracker`: https://github.com/pyca/pyopenssl/issues\n.. _cryptography-dev: https://mail.python.org/mailman/listinfo/cryptography-dev\n.. _GitHub: https://github.com/pyca/pyopenssl\n.. _`pyca/cryptography`: https://github.com/pyca/cryptography\n\n\nRelease Information\n===================\n\n24.3.0 (2024-11-27)\n-------------------\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\n- Removed the deprecated ``OpenSSL.crypto.CRL``, ``OpenSSL.crypto.Revoked``, ``OpenSSL.crypto.dump_crl``, and ``OpenSSL.crypto.load_crl``. ``cryptography.x509``'s CRL functionality should be used instead.\n- Removed the deprecated ``OpenSSL.crypto.sign`` and ``OpenSSL.crypto.verify``. ``cryptography.hazmat.primitives.asymmetric``'s signature APIs should be used instead.\n\nDeprecations:\n^^^^^^^^^^^^^\n\n- Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead.\n- Deprecated ``add_extensions`` and ``get_extensions`` on ``OpenSSL.crypto.X509Req`` and ``OpenSSL.crypto.X509``. These should have been deprecated at the same time ``X509Extension`` was. Users should use pyca/cryptography's X.509 APIs instead.\n- Deprecated ``OpenSSL.crypto.get_elliptic_curves`` and ``OpenSSL.crypto.get_elliptic_curve``, as well as passing the reult of them to ``OpenSSL.SSL.Context.set_tmp_ecdh``, users should instead pass curves from ``cryptography``.\n- Deprecated passing ``X509`` objects to ``OpenSSL.SSL.Context.use_certificate``, ``OpenSSL.SSL.Connection.use_certificate``, ``OpenSSL.SSL.Context.add_extra_chain_cert``, and ``OpenSSL.SSL.Context.add_client_ca``, users should instead pass ``cryptography.x509.Certificate`` instances. This is in preparation for deprecating pyOpenSSL's ``X509`` entirely.\n- Deprecated passing ``PKey`` objects to ``OpenSSL.SSL.Context.use_privatekey`` and ``OpenSSL.SSL.Connection.use_privatekey``, users should instead pass ``cryptography`` priate key instances. This is in preparation for deprecating pyOpenSSL's ``PKey`` entirely.\n\nChanges:\n^^^^^^^^\n\n* ``cryptography`` maximum version has been increased to 44.0.x.\n* ``OpenSSL.SSL.Connection.get_certificate``, ``OpenSSL.SSL.Connection.get_peer_certificate``, ``OpenSSL.SSL.Connection.get_peer_cert_chain``, and ``OpenSSL.SSL.Connection.get_verified_chain`` now take an ``as_cryptography`` keyword-argument. When ``True`` is passed then ``cryptography.x509.Certificate`` are returned, instead of ``OpenSSL.crypto.X509``. In the future, passing ``False`` (the default) will be deprecated.\n\n\n24.2.1 (2024-07-20)\n-------------------\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\nDeprecations:\n^^^^^^^^^^^^^\n\nChanges:\n^^^^^^^^\n\n- Fixed changelog to remove sphinx specific restructured text strings.\n\n\n24.2.0 (2024-07-20)\n-------------------\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\nDeprecations:\n^^^^^^^^^^^^^\n\n- Deprecated ``OpenSSL.crypto.X509Req``, ``OpenSSL.crypto.load_certificate_request``, ``OpenSSL.crypto.dump_certificate_request``. Instead, ``cryptography.x509.CertificateSigningRequest``, ``cryptography.x509.CertificateSigningRequestBuilder``, ``cryptography.x509.load_der_x509_csr``, or ``cryptography.x509.load_pem_x509_csr`` should be used.\n\nChanges:\n^^^^^^^^\n\n- Added type hints for the ``SSL`` module.\n `#1308 <https://github.com/pyca/pyopenssl/pull/1308>`_.\n- Changed ``OpenSSL.crypto.PKey.from_cryptography_key`` to accept public and private EC, ED25519, ED448 keys.\n `#1310 <https://github.com/pyca/pyopenssl/pull/1310>`_.\n\n24.1.0 (2024-03-09)\n-------------------\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\n* Removed the deprecated ``OpenSSL.crypto.PKCS12`` and\n ``OpenSSL.crypto.NetscapeSPKI``. ``OpenSSL.crypto.PKCS12`` may be replaced\n by the PKCS#12 APIs in the ``cryptography`` package.\n\nDeprecations:\n^^^^^^^^^^^^^\n\nChanges:\n^^^^^^^^\n\n24.0.0 (2024-01-22)\n-------------------\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\nDeprecations:\n^^^^^^^^^^^^^\n\nChanges:\n^^^^^^^^\n\n- Added ``OpenSSL.SSL.Connection.get_selected_srtp_profile`` to determine which SRTP profile was negotiated.\n `#1279 <https://github.com/pyca/pyopenssl/pull/1279>`_.\n\n23.3.0 (2023-10-25)\n-------------------\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\n- Dropped support for Python 3.6.\n- The minimum ``cryptography`` version is now 41.0.5.\n- Removed ``OpenSSL.crypto.load_pkcs7`` and ``OpenSSL.crypto.load_pkcs12`` which had been deprecated for 3 years.\n- Added ``OpenSSL.SSL.OP_LEGACY_SERVER_CONNECT`` to allow legacy insecure renegotiation between OpenSSL and unpatched servers.\n `#1234 <https://github.com/pyca/pyopenssl/pull/1234>`_.\n\nDeprecations:\n^^^^^^^^^^^^^\n\n- Deprecated ``OpenSSL.crypto.PKCS12`` (which was intended to have been deprecated at the same time as ``OpenSSL.crypto.load_pkcs12``).\n- Deprecated ``OpenSSL.crypto.NetscapeSPKI``.\n- Deprecated ``OpenSSL.crypto.CRL``\n- Deprecated ``OpenSSL.crypto.Revoked``\n- Deprecated ``OpenSSL.crypto.load_crl`` and ``OpenSSL.crypto.dump_crl``\n- Deprecated ``OpenSSL.crypto.sign`` and ``OpenSSL.crypto.verify``\n- Deprecated ``OpenSSL.crypto.X509Extension``\n\nChanges:\n^^^^^^^^\n\n- Changed ``OpenSSL.crypto.X509Store.add_crl`` to also accept\n ``cryptography``'s ``x509.CertificateRevocationList`` arguments in addition\n to the now deprecated ``OpenSSL.crypto.CRL`` arguments.\n- Fixed ``test_set_default_verify_paths`` test so that it is skipped if no\n network connection is available.\n\n23.2.0 (2023-05-30)\n-------------------\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\n- Removed ``X509StoreFlags.NOTIFY_POLICY``.\n `#1213 <https://github.com/pyca/pyopenssl/pull/1213>`_.\n\nDeprecations:\n^^^^^^^^^^^^^\n\nChanges:\n^^^^^^^^\n\n- ``cryptography`` maximum version has been increased to 41.0.x.\n- Invalid versions are now rejected in ``OpenSSL.crypto.X509Req.set_version``.\n- Added ``X509VerificationCodes`` to ``OpenSSL.SSL``.\n `#1202 <https://github.com/pyca/pyopenssl/pull/1202>`_.\n\n23.1.1 (2023-03-28)\n-------------------\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\nDeprecations:\n^^^^^^^^^^^^^\n\nChanges:\n^^^^^^^^\n\n- Worked around an issue in OpenSSL 3.1.0 which caused `X509Extension.get_short_name` to raise an exception when no short name was known to OpenSSL.\n `#1204 <https://github.com/pyca/pyopenssl/pull/1204>`_.\n\n23.1.0 (2023-03-24)\n-------------------\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\nDeprecations:\n^^^^^^^^^^^^^\n\nChanges:\n^^^^^^^^\n\n- ``cryptography`` maximum version has been increased to 40.0.x.\n- Add ``OpenSSL.SSL.Connection.DTLSv1_get_timeout`` and ``OpenSSL.SSL.Connection.DTLSv1_handle_timeout``\n to support DTLS timeouts `#1180 <https://github.com/pyca/pyopenssl/pull/1180>`_.\n\n23.0.0 (2023-01-01)\n-------------------\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\nDeprecations:\n^^^^^^^^^^^^^\n\nChanges:\n^^^^^^^^\n\n- Add ``OpenSSL.SSL.X509StoreFlags.PARTIAL_CHAIN`` constant to allow for users\n to perform certificate verification on partial certificate chains.\n `#1166 <https://github.com/pyca/pyopenssl/pull/1166>`_\n- ``cryptography`` maximum version has been increased to 39.0.x.\n\n22.1.0 (2022-09-25)\n-------------------\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\n- Remove support for SSLv2 and SSLv3.\n- The minimum ``cryptography`` version is now 38.0.x (and we now pin releases\n against ``cryptography`` major versions to prevent future breakage)\n- The ``OpenSSL.crypto.X509StoreContextError`` exception has been refactored,\n changing its internal attributes.\n `#1133 <https://github.com/pyca/pyopenssl/pull/1133>`_\n\nDeprecations:\n^^^^^^^^^^^^^\n\n- ``OpenSSL.SSL.SSLeay_version`` is deprecated in favor of\n ``OpenSSL.SSL.OpenSSL_version``. The constants ``OpenSSL.SSL.SSLEAY_*`` are\n deprecated in favor of ``OpenSSL.SSL.OPENSSL_*``.\n\nChanges:\n^^^^^^^^\n\n- Add ``OpenSSL.SSL.Connection.set_verify`` and ``OpenSSL.SSL.Connection.get_verify_mode``\n to override the context object's verification flags.\n `#1073 <https://github.com/pyca/pyopenssl/pull/1073>`_\n- Add ``OpenSSL.SSL.Connection.use_certificate`` and ``OpenSSL.SSL.Connection.use_privatekey``\n to set a certificate per connection (and not just per context) `#1121 <https://github.com/pyca/pyopenssl/pull/1121>`_.\n\n22.0.0 (2022-01-29)\n-------------------\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\n- Drop support for Python 2.7.\n `#1047 <https://github.com/pyca/pyopenssl/pull/1047>`_\n- The minimum ``cryptography`` version is now 35.0.\n\nDeprecations:\n^^^^^^^^^^^^^\n\nChanges:\n^^^^^^^^\n\n- Expose wrappers for some `DTLS\n <https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security>`_\n primitives. `#1026 <https://github.com/pyca/pyopenssl/pull/1026>`_\n\n21.0.0 (2021-09-28)\n-------------------\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\n- The minimum ``cryptography`` version is now 3.3.\n- Drop support for Python 3.5\n\nDeprecations:\n^^^^^^^^^^^^^\n\nChanges:\n^^^^^^^^\n\n- Raise an error when an invalid ALPN value is set.\n `#993 <https://github.com/pyca/pyopenssl/pull/993>`_\n- Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version``\n to set the minimum and maximum supported TLS version `#985 <https://github.com/pyca/pyopenssl/pull/985>`_.\n- Updated ``to_cryptography`` and ``from_cryptography`` methods to support an upcoming release of ``cryptography`` without raising deprecation warnings.\n `#1030 <https://github.com/pyca/pyopenssl/pull/1030>`_\n\n20.0.1 (2020-12-15)\n-------------------\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\nDeprecations:\n^^^^^^^^^^^^^\n\nChanges:\n^^^^^^^^\n\n- Fixed compatibility with OpenSSL 1.1.0.\n\n20.0.0 (2020-11-27)\n-------------------\n\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\n- The minimum ``cryptography`` version is now 3.2.\n- Remove deprecated ``OpenSSL.tsafe`` module.\n- Removed deprecated ``OpenSSL.SSL.Context.set_npn_advertise_callback``, ``OpenSSL.SSL.Context.set_npn_select_callback``, and ``OpenSSL.SSL.Connection.get_next_proto_negotiated``.\n- Drop support for Python 3.4\n- Drop support for OpenSSL 1.0.1 and 1.0.2\n\nDeprecations:\n^^^^^^^^^^^^^\n\n- Deprecated ``OpenSSL.crypto.load_pkcs7`` and ``OpenSSL.crypto.load_pkcs12``.\n\nChanges:\n^^^^^^^^\n\n- Added a new optional ``chain`` parameter to ``OpenSSL.crypto.X509StoreContext()``\n where additional untrusted certificates can be specified to help chain building.\n `#948 <https://github.com/pyca/pyopenssl/pull/948>`_\n- Added ``OpenSSL.crypto.X509Store.load_locations`` to set trusted\n certificate file bundles and/or directories for verification.\n `#943 <https://github.com/pyca/pyopenssl/pull/943>`_\n- Added ``Context.set_keylog_callback`` to log key material.\n `#910 <https://github.com/pyca/pyopenssl/pull/910>`_\n- Added ``OpenSSL.SSL.Connection.get_verified_chain`` to retrieve the\n verified certificate chain of the peer.\n `#894 <https://github.com/pyca/pyopenssl/pull/894>`_.\n- Make verification callback optional in ``Context.set_verify``.\n If omitted, OpenSSL's default verification is used.\n `#933 <https://github.com/pyca/pyopenssl/pull/933>`_\n- Fixed a bug that could truncate or cause a zero-length key error due to a\n null byte in private key passphrase in ``OpenSSL.crypto.load_privatekey``\n and ``OpenSSL.crypto.dump_privatekey``.\n `#947 <https://github.com/pyca/pyopenssl/pull/947>`_\n\n19.1.0 (2019-11-18)\n-------------------\n\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\n- Removed deprecated ``ContextType``, ``ConnectionType``, ``PKeyType``, ``X509NameType``, ``X509ReqType``, ``X509Type``, ``X509StoreType``, ``CRLType``, ``PKCS7Type``, ``PKCS12Type``, and ``NetscapeSPKIType`` aliases.\n Use the classes without the ``Type`` suffix instead.\n `#814 <https://github.com/pyca/pyopenssl/pull/814>`_\n- The minimum ``cryptography`` version is now 2.8 due to issues on macOS with a transitive dependency.\n `#875 <https://github.com/pyca/pyopenssl/pull/875>`_\n\nDeprecations:\n^^^^^^^^^^^^^\n\n- Deprecated ``OpenSSL.SSL.Context.set_npn_advertise_callback``, ``OpenSSL.SSL.Context.set_npn_select_callback``, and ``OpenSSL.SSL.Connection.get_next_proto_negotiated``.\n ALPN should be used instead.\n `#820 <https://github.com/pyca/pyopenssl/pull/820>`_\n\n\nChanges:\n^^^^^^^^\n\n- Support ``bytearray`` in ``SSL.Connection.send()`` by using cffi's from_buffer.\n `#852 <https://github.com/pyca/pyopenssl/pull/852>`_\n- The ``OpenSSL.SSL.Context.set_alpn_select_callback`` can return a new ``NO_OVERLAPPING_PROTOCOLS`` sentinel value\n to allow a TLS handshake to complete without an application protocol.\n\n`Full changelog <https://pyopenssl.org/en/stable/changelog.html>`_.\n\n",
"bugtrack_url": null,
"license": "Apache License, Version 2.0",
"summary": "Python wrapper module around the OpenSSL library",
"version": "24.3.0",
"project_urls": {
"Homepage": "https://pyopenssl.org/",
"Source": "https://github.com/pyca/pyopenssl"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "422240f9162e943f86f0fc927ebc648078be87def360d9d8db346619fb97df2b",
"md5": "08cb480a2f2b3688a93162bc4383c114",
"sha256": "e474f5a473cd7f92221cc04976e48f4d11502804657a08a989fb3be5514c904a"
},
"downloads": -1,
"filename": "pyOpenSSL-24.3.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "08cb480a2f2b3688a93162bc4383c114",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.7",
"size": 56111,
"upload_time": "2024-11-27T20:43:21",
"upload_time_iso_8601": "2024-11-27T20:43:21.112477Z",
"url": "https://files.pythonhosted.org/packages/42/22/40f9162e943f86f0fc927ebc648078be87def360d9d8db346619fb97df2b/pyOpenSSL-24.3.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "c1d41067b82c4fc674d6f6e9e8d26b3dff978da46d351ca3bac171544693e085",
"md5": "2c94bb542cd351fe103d72dca07ca7a1",
"sha256": "49f7a019577d834746bc55c5fce6ecbcec0f2b4ec5ce1cf43a9a173b8138bb36"
},
"downloads": -1,
"filename": "pyopenssl-24.3.0.tar.gz",
"has_sig": false,
"md5_digest": "2c94bb542cd351fe103d72dca07ca7a1",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.7",
"size": 178944,
"upload_time": "2024-11-27T20:43:12",
"upload_time_iso_8601": "2024-11-27T20:43:12.755726Z",
"url": "https://files.pythonhosted.org/packages/c1/d4/1067b82c4fc674d6f6e9e8d26b3dff978da46d351ca3bac171544693e085/pyopenssl-24.3.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-11-27 20:43:12",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "pyca",
"github_project": "pyopenssl",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"tox": true,
"lcname": "pyopenssl"
}