pyOpenSSL


NamepyOpenSSL JSON
Version 24.3.0 PyPI version JSON
download
home_pagehttps://pyopenssl.org/
SummaryPython wrapper module around the OpenSSL library
upload_time2024-11-27 20:43:12
maintainerNone
docs_urlhttps://pythonhosted.org/pyOpenSSL/
authorThe pyOpenSSL developers
requires_python>=3.7
licenseApache License, Version 2.0
keywords
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            ========================================================
pyOpenSSL -- A Python wrapper around the OpenSSL library
========================================================

.. image:: https://readthedocs.org/projects/pyopenssl/badge/?version=stable
   :target: https://pyopenssl.org/en/stable/
   :alt: Stable Docs

.. image:: https://github.com/pyca/pyopenssl/workflows/CI/badge.svg?branch=main
   :target: https://github.com/pyca/pyopenssl/actions?query=workflow%3ACI+branch%3Amain

**Note:** The Python Cryptographic Authority **strongly suggests** the use of `pyca/cryptography`_
where possible. If you are using pyOpenSSL for anything other than making a TLS connection
**you should move to cryptography and drop your pyOpenSSL dependency**.

High-level wrapper around a subset of the OpenSSL library. Includes

* ``SSL.Connection`` objects, wrapping the methods of Python's portable sockets
* Callbacks written in Python
* Extensive error-handling mechanism, mirroring OpenSSL's error codes

... and much more.

You can find more information in the documentation_.
Development takes place on GitHub_.


Discussion
==========

If you run into bugs, you can file them in our `issue tracker`_.

We maintain a cryptography-dev_ mailing list for both user and development discussions.

You can also join ``#pyca`` on ``irc.libera.chat`` to ask questions or get involved.


.. _documentation: https://pyopenssl.org/
.. _`issue tracker`: https://github.com/pyca/pyopenssl/issues
.. _cryptography-dev: https://mail.python.org/mailman/listinfo/cryptography-dev
.. _GitHub: https://github.com/pyca/pyopenssl
.. _`pyca/cryptography`: https://github.com/pyca/cryptography


Release Information
===================

24.3.0 (2024-11-27)
-------------------

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- Removed the deprecated ``OpenSSL.crypto.CRL``, ``OpenSSL.crypto.Revoked``, ``OpenSSL.crypto.dump_crl``, and ``OpenSSL.crypto.load_crl``. ``cryptography.x509``'s CRL functionality should be used instead.
- Removed the deprecated ``OpenSSL.crypto.sign`` and ``OpenSSL.crypto.verify``. ``cryptography.hazmat.primitives.asymmetric``'s signature APIs should be used instead.

Deprecations:
^^^^^^^^^^^^^

- Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead.
- Deprecated ``add_extensions`` and ``get_extensions`` on ``OpenSSL.crypto.X509Req`` and ``OpenSSL.crypto.X509``. These should have been deprecated at the same time ``X509Extension`` was. Users should use pyca/cryptography's X.509 APIs instead.
- Deprecated ``OpenSSL.crypto.get_elliptic_curves`` and ``OpenSSL.crypto.get_elliptic_curve``, as well as passing the reult of them to ``OpenSSL.SSL.Context.set_tmp_ecdh``, users should instead pass curves from ``cryptography``.
- Deprecated passing ``X509`` objects to ``OpenSSL.SSL.Context.use_certificate``, ``OpenSSL.SSL.Connection.use_certificate``, ``OpenSSL.SSL.Context.add_extra_chain_cert``, and ``OpenSSL.SSL.Context.add_client_ca``, users should instead pass ``cryptography.x509.Certificate`` instances. This is in preparation for deprecating pyOpenSSL's ``X509`` entirely.
- Deprecated passing ``PKey`` objects to ``OpenSSL.SSL.Context.use_privatekey`` and ``OpenSSL.SSL.Connection.use_privatekey``, users should instead pass ``cryptography`` priate key instances. This is in preparation for deprecating pyOpenSSL's ``PKey`` entirely.

Changes:
^^^^^^^^

* ``cryptography`` maximum version has been increased to 44.0.x.
* ``OpenSSL.SSL.Connection.get_certificate``, ``OpenSSL.SSL.Connection.get_peer_certificate``, ``OpenSSL.SSL.Connection.get_peer_cert_chain``, and ``OpenSSL.SSL.Connection.get_verified_chain`` now take an ``as_cryptography`` keyword-argument. When ``True`` is passed then ``cryptography.x509.Certificate`` are returned, instead of ``OpenSSL.crypto.X509``. In the future, passing ``False`` (the default) will be deprecated.


24.2.1 (2024-07-20)
-------------------

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Deprecations:
^^^^^^^^^^^^^

Changes:
^^^^^^^^

- Fixed changelog to remove sphinx specific restructured text strings.


24.2.0 (2024-07-20)
-------------------

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Deprecations:
^^^^^^^^^^^^^

- Deprecated ``OpenSSL.crypto.X509Req``, ``OpenSSL.crypto.load_certificate_request``, ``OpenSSL.crypto.dump_certificate_request``. Instead, ``cryptography.x509.CertificateSigningRequest``, ``cryptography.x509.CertificateSigningRequestBuilder``, ``cryptography.x509.load_der_x509_csr``, or ``cryptography.x509.load_pem_x509_csr`` should be used.

Changes:
^^^^^^^^

- Added type hints for the ``SSL`` module.
  `#1308 <https://github.com/pyca/pyopenssl/pull/1308>`_.
- Changed ``OpenSSL.crypto.PKey.from_cryptography_key`` to accept public and private EC, ED25519, ED448 keys.
  `#1310 <https://github.com/pyca/pyopenssl/pull/1310>`_.

24.1.0 (2024-03-09)
-------------------

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Removed the deprecated ``OpenSSL.crypto.PKCS12`` and
  ``OpenSSL.crypto.NetscapeSPKI``. ``OpenSSL.crypto.PKCS12`` may be replaced
  by the PKCS#12 APIs in the ``cryptography`` package.

Deprecations:
^^^^^^^^^^^^^

Changes:
^^^^^^^^

24.0.0 (2024-01-22)
-------------------

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Deprecations:
^^^^^^^^^^^^^

Changes:
^^^^^^^^

- Added ``OpenSSL.SSL.Connection.get_selected_srtp_profile`` to determine which SRTP profile was negotiated.
  `#1279 <https://github.com/pyca/pyopenssl/pull/1279>`_.

23.3.0 (2023-10-25)
-------------------

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- Dropped support for Python 3.6.
- The minimum ``cryptography`` version is now 41.0.5.
- Removed ``OpenSSL.crypto.load_pkcs7`` and ``OpenSSL.crypto.load_pkcs12`` which had been deprecated for 3 years.
- Added ``OpenSSL.SSL.OP_LEGACY_SERVER_CONNECT`` to allow legacy insecure renegotiation between OpenSSL and unpatched servers.
  `#1234 <https://github.com/pyca/pyopenssl/pull/1234>`_.

Deprecations:
^^^^^^^^^^^^^

- Deprecated ``OpenSSL.crypto.PKCS12`` (which was intended to have been deprecated at the same time as ``OpenSSL.crypto.load_pkcs12``).
- Deprecated ``OpenSSL.crypto.NetscapeSPKI``.
- Deprecated ``OpenSSL.crypto.CRL``
- Deprecated ``OpenSSL.crypto.Revoked``
- Deprecated ``OpenSSL.crypto.load_crl`` and ``OpenSSL.crypto.dump_crl``
- Deprecated ``OpenSSL.crypto.sign`` and ``OpenSSL.crypto.verify``
- Deprecated ``OpenSSL.crypto.X509Extension``

Changes:
^^^^^^^^

- Changed ``OpenSSL.crypto.X509Store.add_crl`` to also accept
  ``cryptography``'s ``x509.CertificateRevocationList`` arguments in addition
  to the now deprecated ``OpenSSL.crypto.CRL`` arguments.
- Fixed ``test_set_default_verify_paths`` test so that it is skipped if no
  network connection is available.

23.2.0 (2023-05-30)
-------------------

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- Removed ``X509StoreFlags.NOTIFY_POLICY``.
  `#1213 <https://github.com/pyca/pyopenssl/pull/1213>`_.

Deprecations:
^^^^^^^^^^^^^

Changes:
^^^^^^^^

- ``cryptography`` maximum version has been increased to 41.0.x.
- Invalid versions are now rejected in ``OpenSSL.crypto.X509Req.set_version``.
- Added ``X509VerificationCodes`` to ``OpenSSL.SSL``.
  `#1202 <https://github.com/pyca/pyopenssl/pull/1202>`_.

23.1.1 (2023-03-28)
-------------------

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Deprecations:
^^^^^^^^^^^^^

Changes:
^^^^^^^^

- Worked around an issue in OpenSSL 3.1.0 which caused `X509Extension.get_short_name` to raise an exception when no short name was known to OpenSSL.
  `#1204 <https://github.com/pyca/pyopenssl/pull/1204>`_.

23.1.0 (2023-03-24)
-------------------

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Deprecations:
^^^^^^^^^^^^^

Changes:
^^^^^^^^

- ``cryptography`` maximum version has been increased to 40.0.x.
- Add ``OpenSSL.SSL.Connection.DTLSv1_get_timeout`` and ``OpenSSL.SSL.Connection.DTLSv1_handle_timeout``
  to support DTLS timeouts `#1180 <https://github.com/pyca/pyopenssl/pull/1180>`_.

23.0.0 (2023-01-01)
-------------------

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Deprecations:
^^^^^^^^^^^^^

Changes:
^^^^^^^^

- Add ``OpenSSL.SSL.X509StoreFlags.PARTIAL_CHAIN`` constant to allow for users
  to perform certificate verification on partial certificate chains.
  `#1166 <https://github.com/pyca/pyopenssl/pull/1166>`_
- ``cryptography`` maximum version has been increased to 39.0.x.

22.1.0 (2022-09-25)
-------------------

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- Remove support for SSLv2 and SSLv3.
- The minimum ``cryptography`` version is now 38.0.x (and we now pin releases
  against ``cryptography`` major versions to prevent future breakage)
- The ``OpenSSL.crypto.X509StoreContextError`` exception has been refactored,
  changing its internal attributes.
  `#1133 <https://github.com/pyca/pyopenssl/pull/1133>`_

Deprecations:
^^^^^^^^^^^^^

- ``OpenSSL.SSL.SSLeay_version`` is deprecated in favor of
  ``OpenSSL.SSL.OpenSSL_version``. The constants ``OpenSSL.SSL.SSLEAY_*`` are
  deprecated in favor of ``OpenSSL.SSL.OPENSSL_*``.

Changes:
^^^^^^^^

- Add ``OpenSSL.SSL.Connection.set_verify`` and ``OpenSSL.SSL.Connection.get_verify_mode``
  to override the context object's verification flags.
  `#1073 <https://github.com/pyca/pyopenssl/pull/1073>`_
- Add ``OpenSSL.SSL.Connection.use_certificate`` and ``OpenSSL.SSL.Connection.use_privatekey``
  to set a certificate per connection (and not just per context) `#1121 <https://github.com/pyca/pyopenssl/pull/1121>`_.

22.0.0 (2022-01-29)
-------------------

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- Drop support for Python 2.7.
  `#1047 <https://github.com/pyca/pyopenssl/pull/1047>`_
- The minimum ``cryptography`` version is now 35.0.

Deprecations:
^^^^^^^^^^^^^

Changes:
^^^^^^^^

- Expose wrappers for some `DTLS
  <https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security>`_
  primitives. `#1026 <https://github.com/pyca/pyopenssl/pull/1026>`_

21.0.0 (2021-09-28)
-------------------

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- The minimum ``cryptography`` version is now 3.3.
- Drop support for Python 3.5

Deprecations:
^^^^^^^^^^^^^

Changes:
^^^^^^^^

- Raise an error when an invalid ALPN value is set.
  `#993 <https://github.com/pyca/pyopenssl/pull/993>`_
- Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version``
  to set the minimum and maximum supported TLS version `#985 <https://github.com/pyca/pyopenssl/pull/985>`_.
- Updated ``to_cryptography`` and ``from_cryptography`` methods to support an upcoming release of ``cryptography`` without raising deprecation warnings.
  `#1030 <https://github.com/pyca/pyopenssl/pull/1030>`_

20.0.1 (2020-12-15)
-------------------

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Deprecations:
^^^^^^^^^^^^^

Changes:
^^^^^^^^

- Fixed compatibility with OpenSSL 1.1.0.

20.0.0 (2020-11-27)
-------------------


Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- The minimum ``cryptography`` version is now 3.2.
- Remove deprecated ``OpenSSL.tsafe`` module.
- Removed deprecated ``OpenSSL.SSL.Context.set_npn_advertise_callback``, ``OpenSSL.SSL.Context.set_npn_select_callback``, and ``OpenSSL.SSL.Connection.get_next_proto_negotiated``.
- Drop support for Python 3.4
- Drop support for OpenSSL 1.0.1 and 1.0.2

Deprecations:
^^^^^^^^^^^^^

- Deprecated ``OpenSSL.crypto.load_pkcs7`` and ``OpenSSL.crypto.load_pkcs12``.

Changes:
^^^^^^^^

- Added a new optional ``chain`` parameter to ``OpenSSL.crypto.X509StoreContext()``
  where additional untrusted certificates can be specified to help chain building.
  `#948 <https://github.com/pyca/pyopenssl/pull/948>`_
- Added ``OpenSSL.crypto.X509Store.load_locations`` to set trusted
  certificate file bundles and/or directories for verification.
  `#943 <https://github.com/pyca/pyopenssl/pull/943>`_
- Added ``Context.set_keylog_callback`` to log key material.
  `#910 <https://github.com/pyca/pyopenssl/pull/910>`_
- Added ``OpenSSL.SSL.Connection.get_verified_chain`` to retrieve the
  verified certificate chain of the peer.
  `#894 <https://github.com/pyca/pyopenssl/pull/894>`_.
- Make verification callback optional in ``Context.set_verify``.
  If omitted, OpenSSL's default verification is used.
  `#933 <https://github.com/pyca/pyopenssl/pull/933>`_
- Fixed a bug that could truncate or cause a zero-length key error due to a
  null byte in private key passphrase in ``OpenSSL.crypto.load_privatekey``
  and ``OpenSSL.crypto.dump_privatekey``.
  `#947 <https://github.com/pyca/pyopenssl/pull/947>`_

19.1.0 (2019-11-18)
-------------------


Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- Removed deprecated ``ContextType``, ``ConnectionType``, ``PKeyType``, ``X509NameType``, ``X509ReqType``, ``X509Type``, ``X509StoreType``, ``CRLType``, ``PKCS7Type``, ``PKCS12Type``, and ``NetscapeSPKIType`` aliases.
  Use the classes without the ``Type`` suffix instead.
  `#814 <https://github.com/pyca/pyopenssl/pull/814>`_
- The minimum ``cryptography`` version is now 2.8 due to issues on macOS with a transitive dependency.
  `#875 <https://github.com/pyca/pyopenssl/pull/875>`_

Deprecations:
^^^^^^^^^^^^^

- Deprecated ``OpenSSL.SSL.Context.set_npn_advertise_callback``, ``OpenSSL.SSL.Context.set_npn_select_callback``, and ``OpenSSL.SSL.Connection.get_next_proto_negotiated``.
  ALPN should be used instead.
  `#820 <https://github.com/pyca/pyopenssl/pull/820>`_


Changes:
^^^^^^^^

- Support ``bytearray`` in ``SSL.Connection.send()`` by using cffi's from_buffer.
  `#852 <https://github.com/pyca/pyopenssl/pull/852>`_
- The ``OpenSSL.SSL.Context.set_alpn_select_callback`` can return a new ``NO_OVERLAPPING_PROTOCOLS`` sentinel value
  to allow a TLS handshake to complete without an application protocol.

`Full changelog <https://pyopenssl.org/en/stable/changelog.html>`_.


            

Raw data

            {
    "_id": null,
    "home_page": "https://pyopenssl.org/",
    "name": "pyOpenSSL",
    "maintainer": null,
    "docs_url": "https://pythonhosted.org/pyOpenSSL/",
    "requires_python": ">=3.7",
    "maintainer_email": null,
    "keywords": null,
    "author": "The pyOpenSSL developers",
    "author_email": "cryptography-dev@python.org",
    "download_url": "https://files.pythonhosted.org/packages/c1/d4/1067b82c4fc674d6f6e9e8d26b3dff978da46d351ca3bac171544693e085/pyopenssl-24.3.0.tar.gz",
    "platform": null,
    "description": "========================================================\npyOpenSSL -- A Python wrapper around the OpenSSL library\n========================================================\n\n.. image:: https://readthedocs.org/projects/pyopenssl/badge/?version=stable\n   :target: https://pyopenssl.org/en/stable/\n   :alt: Stable Docs\n\n.. image:: https://github.com/pyca/pyopenssl/workflows/CI/badge.svg?branch=main\n   :target: https://github.com/pyca/pyopenssl/actions?query=workflow%3ACI+branch%3Amain\n\n**Note:** The Python Cryptographic Authority **strongly suggests** the use of `pyca/cryptography`_\nwhere possible. If you are using pyOpenSSL for anything other than making a TLS connection\n**you should move to cryptography and drop your pyOpenSSL dependency**.\n\nHigh-level wrapper around a subset of the OpenSSL library. Includes\n\n* ``SSL.Connection`` objects, wrapping the methods of Python's portable sockets\n* Callbacks written in Python\n* Extensive error-handling mechanism, mirroring OpenSSL's error codes\n\n... and much more.\n\nYou can find more information in the documentation_.\nDevelopment takes place on GitHub_.\n\n\nDiscussion\n==========\n\nIf you run into bugs, you can file them in our `issue tracker`_.\n\nWe maintain a cryptography-dev_ mailing list for both user and development discussions.\n\nYou can also join ``#pyca`` on ``irc.libera.chat`` to ask questions or get involved.\n\n\n.. _documentation: https://pyopenssl.org/\n.. _`issue tracker`: https://github.com/pyca/pyopenssl/issues\n.. _cryptography-dev: https://mail.python.org/mailman/listinfo/cryptography-dev\n.. _GitHub: https://github.com/pyca/pyopenssl\n.. _`pyca/cryptography`: https://github.com/pyca/cryptography\n\n\nRelease Information\n===================\n\n24.3.0 (2024-11-27)\n-------------------\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\n- Removed the deprecated ``OpenSSL.crypto.CRL``, ``OpenSSL.crypto.Revoked``, ``OpenSSL.crypto.dump_crl``, and ``OpenSSL.crypto.load_crl``. ``cryptography.x509``'s CRL functionality should be used instead.\n- Removed the deprecated ``OpenSSL.crypto.sign`` and ``OpenSSL.crypto.verify``. ``cryptography.hazmat.primitives.asymmetric``'s signature APIs should be used instead.\n\nDeprecations:\n^^^^^^^^^^^^^\n\n- Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead.\n- Deprecated ``add_extensions`` and ``get_extensions`` on ``OpenSSL.crypto.X509Req`` and ``OpenSSL.crypto.X509``. These should have been deprecated at the same time ``X509Extension`` was. Users should use pyca/cryptography's X.509 APIs instead.\n- Deprecated ``OpenSSL.crypto.get_elliptic_curves`` and ``OpenSSL.crypto.get_elliptic_curve``, as well as passing the reult of them to ``OpenSSL.SSL.Context.set_tmp_ecdh``, users should instead pass curves from ``cryptography``.\n- Deprecated passing ``X509`` objects to ``OpenSSL.SSL.Context.use_certificate``, ``OpenSSL.SSL.Connection.use_certificate``, ``OpenSSL.SSL.Context.add_extra_chain_cert``, and ``OpenSSL.SSL.Context.add_client_ca``, users should instead pass ``cryptography.x509.Certificate`` instances. This is in preparation for deprecating pyOpenSSL's ``X509`` entirely.\n- Deprecated passing ``PKey`` objects to ``OpenSSL.SSL.Context.use_privatekey`` and ``OpenSSL.SSL.Connection.use_privatekey``, users should instead pass ``cryptography`` priate key instances. This is in preparation for deprecating pyOpenSSL's ``PKey`` entirely.\n\nChanges:\n^^^^^^^^\n\n* ``cryptography`` maximum version has been increased to 44.0.x.\n* ``OpenSSL.SSL.Connection.get_certificate``, ``OpenSSL.SSL.Connection.get_peer_certificate``, ``OpenSSL.SSL.Connection.get_peer_cert_chain``, and ``OpenSSL.SSL.Connection.get_verified_chain`` now take an ``as_cryptography`` keyword-argument. When ``True`` is passed then ``cryptography.x509.Certificate`` are returned, instead of ``OpenSSL.crypto.X509``. In the future, passing ``False`` (the default) will be deprecated.\n\n\n24.2.1 (2024-07-20)\n-------------------\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\nDeprecations:\n^^^^^^^^^^^^^\n\nChanges:\n^^^^^^^^\n\n- Fixed changelog to remove sphinx specific restructured text strings.\n\n\n24.2.0 (2024-07-20)\n-------------------\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\nDeprecations:\n^^^^^^^^^^^^^\n\n- Deprecated ``OpenSSL.crypto.X509Req``, ``OpenSSL.crypto.load_certificate_request``, ``OpenSSL.crypto.dump_certificate_request``. Instead, ``cryptography.x509.CertificateSigningRequest``, ``cryptography.x509.CertificateSigningRequestBuilder``, ``cryptography.x509.load_der_x509_csr``, or ``cryptography.x509.load_pem_x509_csr`` should be used.\n\nChanges:\n^^^^^^^^\n\n- Added type hints for the ``SSL`` module.\n  `#1308 <https://github.com/pyca/pyopenssl/pull/1308>`_.\n- Changed ``OpenSSL.crypto.PKey.from_cryptography_key`` to accept public and private EC, ED25519, ED448 keys.\n  `#1310 <https://github.com/pyca/pyopenssl/pull/1310>`_.\n\n24.1.0 (2024-03-09)\n-------------------\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\n* Removed the deprecated ``OpenSSL.crypto.PKCS12`` and\n  ``OpenSSL.crypto.NetscapeSPKI``. ``OpenSSL.crypto.PKCS12`` may be replaced\n  by the PKCS#12 APIs in the ``cryptography`` package.\n\nDeprecations:\n^^^^^^^^^^^^^\n\nChanges:\n^^^^^^^^\n\n24.0.0 (2024-01-22)\n-------------------\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\nDeprecations:\n^^^^^^^^^^^^^\n\nChanges:\n^^^^^^^^\n\n- Added ``OpenSSL.SSL.Connection.get_selected_srtp_profile`` to determine which SRTP profile was negotiated.\n  `#1279 <https://github.com/pyca/pyopenssl/pull/1279>`_.\n\n23.3.0 (2023-10-25)\n-------------------\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\n- Dropped support for Python 3.6.\n- The minimum ``cryptography`` version is now 41.0.5.\n- Removed ``OpenSSL.crypto.load_pkcs7`` and ``OpenSSL.crypto.load_pkcs12`` which had been deprecated for 3 years.\n- Added ``OpenSSL.SSL.OP_LEGACY_SERVER_CONNECT`` to allow legacy insecure renegotiation between OpenSSL and unpatched servers.\n  `#1234 <https://github.com/pyca/pyopenssl/pull/1234>`_.\n\nDeprecations:\n^^^^^^^^^^^^^\n\n- Deprecated ``OpenSSL.crypto.PKCS12`` (which was intended to have been deprecated at the same time as ``OpenSSL.crypto.load_pkcs12``).\n- Deprecated ``OpenSSL.crypto.NetscapeSPKI``.\n- Deprecated ``OpenSSL.crypto.CRL``\n- Deprecated ``OpenSSL.crypto.Revoked``\n- Deprecated ``OpenSSL.crypto.load_crl`` and ``OpenSSL.crypto.dump_crl``\n- Deprecated ``OpenSSL.crypto.sign`` and ``OpenSSL.crypto.verify``\n- Deprecated ``OpenSSL.crypto.X509Extension``\n\nChanges:\n^^^^^^^^\n\n- Changed ``OpenSSL.crypto.X509Store.add_crl`` to also accept\n  ``cryptography``'s ``x509.CertificateRevocationList`` arguments in addition\n  to the now deprecated ``OpenSSL.crypto.CRL`` arguments.\n- Fixed ``test_set_default_verify_paths`` test so that it is skipped if no\n  network connection is available.\n\n23.2.0 (2023-05-30)\n-------------------\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\n- Removed ``X509StoreFlags.NOTIFY_POLICY``.\n  `#1213 <https://github.com/pyca/pyopenssl/pull/1213>`_.\n\nDeprecations:\n^^^^^^^^^^^^^\n\nChanges:\n^^^^^^^^\n\n- ``cryptography`` maximum version has been increased to 41.0.x.\n- Invalid versions are now rejected in ``OpenSSL.crypto.X509Req.set_version``.\n- Added ``X509VerificationCodes`` to ``OpenSSL.SSL``.\n  `#1202 <https://github.com/pyca/pyopenssl/pull/1202>`_.\n\n23.1.1 (2023-03-28)\n-------------------\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\nDeprecations:\n^^^^^^^^^^^^^\n\nChanges:\n^^^^^^^^\n\n- Worked around an issue in OpenSSL 3.1.0 which caused `X509Extension.get_short_name` to raise an exception when no short name was known to OpenSSL.\n  `#1204 <https://github.com/pyca/pyopenssl/pull/1204>`_.\n\n23.1.0 (2023-03-24)\n-------------------\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\nDeprecations:\n^^^^^^^^^^^^^\n\nChanges:\n^^^^^^^^\n\n- ``cryptography`` maximum version has been increased to 40.0.x.\n- Add ``OpenSSL.SSL.Connection.DTLSv1_get_timeout`` and ``OpenSSL.SSL.Connection.DTLSv1_handle_timeout``\n  to support DTLS timeouts `#1180 <https://github.com/pyca/pyopenssl/pull/1180>`_.\n\n23.0.0 (2023-01-01)\n-------------------\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\nDeprecations:\n^^^^^^^^^^^^^\n\nChanges:\n^^^^^^^^\n\n- Add ``OpenSSL.SSL.X509StoreFlags.PARTIAL_CHAIN`` constant to allow for users\n  to perform certificate verification on partial certificate chains.\n  `#1166 <https://github.com/pyca/pyopenssl/pull/1166>`_\n- ``cryptography`` maximum version has been increased to 39.0.x.\n\n22.1.0 (2022-09-25)\n-------------------\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\n- Remove support for SSLv2 and SSLv3.\n- The minimum ``cryptography`` version is now 38.0.x (and we now pin releases\n  against ``cryptography`` major versions to prevent future breakage)\n- The ``OpenSSL.crypto.X509StoreContextError`` exception has been refactored,\n  changing its internal attributes.\n  `#1133 <https://github.com/pyca/pyopenssl/pull/1133>`_\n\nDeprecations:\n^^^^^^^^^^^^^\n\n- ``OpenSSL.SSL.SSLeay_version`` is deprecated in favor of\n  ``OpenSSL.SSL.OpenSSL_version``. The constants ``OpenSSL.SSL.SSLEAY_*`` are\n  deprecated in favor of ``OpenSSL.SSL.OPENSSL_*``.\n\nChanges:\n^^^^^^^^\n\n- Add ``OpenSSL.SSL.Connection.set_verify`` and ``OpenSSL.SSL.Connection.get_verify_mode``\n  to override the context object's verification flags.\n  `#1073 <https://github.com/pyca/pyopenssl/pull/1073>`_\n- Add ``OpenSSL.SSL.Connection.use_certificate`` and ``OpenSSL.SSL.Connection.use_privatekey``\n  to set a certificate per connection (and not just per context) `#1121 <https://github.com/pyca/pyopenssl/pull/1121>`_.\n\n22.0.0 (2022-01-29)\n-------------------\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\n- Drop support for Python 2.7.\n  `#1047 <https://github.com/pyca/pyopenssl/pull/1047>`_\n- The minimum ``cryptography`` version is now 35.0.\n\nDeprecations:\n^^^^^^^^^^^^^\n\nChanges:\n^^^^^^^^\n\n- Expose wrappers for some `DTLS\n  <https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security>`_\n  primitives. `#1026 <https://github.com/pyca/pyopenssl/pull/1026>`_\n\n21.0.0 (2021-09-28)\n-------------------\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\n- The minimum ``cryptography`` version is now 3.3.\n- Drop support for Python 3.5\n\nDeprecations:\n^^^^^^^^^^^^^\n\nChanges:\n^^^^^^^^\n\n- Raise an error when an invalid ALPN value is set.\n  `#993 <https://github.com/pyca/pyopenssl/pull/993>`_\n- Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version``\n  to set the minimum and maximum supported TLS version `#985 <https://github.com/pyca/pyopenssl/pull/985>`_.\n- Updated ``to_cryptography`` and ``from_cryptography`` methods to support an upcoming release of ``cryptography`` without raising deprecation warnings.\n  `#1030 <https://github.com/pyca/pyopenssl/pull/1030>`_\n\n20.0.1 (2020-12-15)\n-------------------\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\nDeprecations:\n^^^^^^^^^^^^^\n\nChanges:\n^^^^^^^^\n\n- Fixed compatibility with OpenSSL 1.1.0.\n\n20.0.0 (2020-11-27)\n-------------------\n\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\n- The minimum ``cryptography`` version is now 3.2.\n- Remove deprecated ``OpenSSL.tsafe`` module.\n- Removed deprecated ``OpenSSL.SSL.Context.set_npn_advertise_callback``, ``OpenSSL.SSL.Context.set_npn_select_callback``, and ``OpenSSL.SSL.Connection.get_next_proto_negotiated``.\n- Drop support for Python 3.4\n- Drop support for OpenSSL 1.0.1 and 1.0.2\n\nDeprecations:\n^^^^^^^^^^^^^\n\n- Deprecated ``OpenSSL.crypto.load_pkcs7`` and ``OpenSSL.crypto.load_pkcs12``.\n\nChanges:\n^^^^^^^^\n\n- Added a new optional ``chain`` parameter to ``OpenSSL.crypto.X509StoreContext()``\n  where additional untrusted certificates can be specified to help chain building.\n  `#948 <https://github.com/pyca/pyopenssl/pull/948>`_\n- Added ``OpenSSL.crypto.X509Store.load_locations`` to set trusted\n  certificate file bundles and/or directories for verification.\n  `#943 <https://github.com/pyca/pyopenssl/pull/943>`_\n- Added ``Context.set_keylog_callback`` to log key material.\n  `#910 <https://github.com/pyca/pyopenssl/pull/910>`_\n- Added ``OpenSSL.SSL.Connection.get_verified_chain`` to retrieve the\n  verified certificate chain of the peer.\n  `#894 <https://github.com/pyca/pyopenssl/pull/894>`_.\n- Make verification callback optional in ``Context.set_verify``.\n  If omitted, OpenSSL's default verification is used.\n  `#933 <https://github.com/pyca/pyopenssl/pull/933>`_\n- Fixed a bug that could truncate or cause a zero-length key error due to a\n  null byte in private key passphrase in ``OpenSSL.crypto.load_privatekey``\n  and ``OpenSSL.crypto.dump_privatekey``.\n  `#947 <https://github.com/pyca/pyopenssl/pull/947>`_\n\n19.1.0 (2019-11-18)\n-------------------\n\n\nBackward-incompatible changes:\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\n- Removed deprecated ``ContextType``, ``ConnectionType``, ``PKeyType``, ``X509NameType``, ``X509ReqType``, ``X509Type``, ``X509StoreType``, ``CRLType``, ``PKCS7Type``, ``PKCS12Type``, and ``NetscapeSPKIType`` aliases.\n  Use the classes without the ``Type`` suffix instead.\n  `#814 <https://github.com/pyca/pyopenssl/pull/814>`_\n- The minimum ``cryptography`` version is now 2.8 due to issues on macOS with a transitive dependency.\n  `#875 <https://github.com/pyca/pyopenssl/pull/875>`_\n\nDeprecations:\n^^^^^^^^^^^^^\n\n- Deprecated ``OpenSSL.SSL.Context.set_npn_advertise_callback``, ``OpenSSL.SSL.Context.set_npn_select_callback``, and ``OpenSSL.SSL.Connection.get_next_proto_negotiated``.\n  ALPN should be used instead.\n  `#820 <https://github.com/pyca/pyopenssl/pull/820>`_\n\n\nChanges:\n^^^^^^^^\n\n- Support ``bytearray`` in ``SSL.Connection.send()`` by using cffi's from_buffer.\n  `#852 <https://github.com/pyca/pyopenssl/pull/852>`_\n- The ``OpenSSL.SSL.Context.set_alpn_select_callback`` can return a new ``NO_OVERLAPPING_PROTOCOLS`` sentinel value\n  to allow a TLS handshake to complete without an application protocol.\n\n`Full changelog <https://pyopenssl.org/en/stable/changelog.html>`_.\n\n",
    "bugtrack_url": null,
    "license": "Apache License, Version 2.0",
    "summary": "Python wrapper module around the OpenSSL library",
    "version": "24.3.0",
    "project_urls": {
        "Homepage": "https://pyopenssl.org/",
        "Source": "https://github.com/pyca/pyopenssl"
    },
    "split_keywords": [],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "422240f9162e943f86f0fc927ebc648078be87def360d9d8db346619fb97df2b",
                "md5": "08cb480a2f2b3688a93162bc4383c114",
                "sha256": "e474f5a473cd7f92221cc04976e48f4d11502804657a08a989fb3be5514c904a"
            },
            "downloads": -1,
            "filename": "pyOpenSSL-24.3.0-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "08cb480a2f2b3688a93162bc4383c114",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.7",
            "size": 56111,
            "upload_time": "2024-11-27T20:43:21",
            "upload_time_iso_8601": "2024-11-27T20:43:21.112477Z",
            "url": "https://files.pythonhosted.org/packages/42/22/40f9162e943f86f0fc927ebc648078be87def360d9d8db346619fb97df2b/pyOpenSSL-24.3.0-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "c1d41067b82c4fc674d6f6e9e8d26b3dff978da46d351ca3bac171544693e085",
                "md5": "2c94bb542cd351fe103d72dca07ca7a1",
                "sha256": "49f7a019577d834746bc55c5fce6ecbcec0f2b4ec5ce1cf43a9a173b8138bb36"
            },
            "downloads": -1,
            "filename": "pyopenssl-24.3.0.tar.gz",
            "has_sig": false,
            "md5_digest": "2c94bb542cd351fe103d72dca07ca7a1",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.7",
            "size": 178944,
            "upload_time": "2024-11-27T20:43:12",
            "upload_time_iso_8601": "2024-11-27T20:43:12.755726Z",
            "url": "https://files.pythonhosted.org/packages/c1/d4/1067b82c4fc674d6f6e9e8d26b3dff978da46d351ca3bac171544693e085/pyopenssl-24.3.0.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-11-27 20:43:12",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "pyca",
    "github_project": "pyopenssl",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": true,
    "tox": true,
    "lcname": "pyopenssl"
}
        
Elapsed time: 1.21682s