./security/py-OpenSSL, Python interface to the OpenSSL library

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 17.3.0, Package name: py27-OpenSSL-17.3.0, Maintainer: pkgsrc-users

pyOpenSSL is a Python module that is a rather thin wrapper around (a
subset of) the OpenSSL library. A lot of the object methods do
nothing more than call a corresponding function in the OpenSSL
library.


Required to run:
[devel/py-setuptools] [lang/python27] [lang/py-six] [security/py-cryptography]

Required to build:
[devel/py-test] [devel/py-pretend] [pkgtools/cwrappers] [devel/py-flaky]

Master sites:

SHA1: 159d940d5140b76d5add0fbe65e1de9ac366e465
RMD160: 5127de5b44fc35b2658c63ec799daece55c0be99
Filesize: 164.179 KB

Version history: (Expand)


CVS history: (Expand)


   2017-09-16 08:47:52 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
py-OpenSSL: update to 17.3.0

17.3.0
Backward-incompatible changes:
* Dropped support for Python 3.3.
* Removed the deprecated OpenSSL.rand module. This is being done ahead of our \ 
normal deprecation schedule due to its lack of use and the fact that it was \ 
becoming a maintenance burden. os.urandom() should be used instead.

Deprecations:
* Deprecated OpenSSL.tsafe.

Changes:
* Fixed a memory leak in OpenSSL.crypto.CRL.
* Fixed a memory leak when verifying certificates with \ 
OpenSSL.crypto.X509StoreContext.
   2017-07-20 18:52:16 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
17.2.0:

Deprecations:
- Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead.

Changes:
- Fixed a bug causing ``Context.set_default_verify_paths()`` to not work with \ 
cryptography ``manylinux1`` wheels on Python 3.x.
- Fixed a crash with (EC)DSA signatures in some cases.
   2017-07-03 23:37:29 by Thomas Klausner | Files touched by this commit (1)
Log message:
Simplify testing part. Ok adam@
   2017-07-03 22:56:04 by Thomas Klausner | Files touched by this commit (1) | Package updated
Log message:
Add missing py-pretend test dependency.
Update upstream bug report URLs.
   2017-07-03 22:25:05 by Adam Ciarcinski | Files touched by this commit (1)
Log message:
Restored bug-report comments
   2017-07-03 21:37:52 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
17.1.0:

Backward-incompatible changes:
- Removed the deprecated OpenSSL.rand.egd() function.
  Applications should prefer os.urandom() for random number generation.
- Removed the deprecated default digest argument to OpenSSL.crypto.CRL.export().
  Callers must now always pass an explicit digest.
- Fixed a bug with ASN1_TIME casting in X509.set_notBefore(),
  X509.set_notAfter(), Revoked.set_rev_date(), Revoked.set_nextUpdate(),
  and Revoked.set_lastUpdate(). You must now pass times in the form
  YYYYMMDDhhmmssZ. YYYYMMDDhhmmss+hhmm and YYYYMMDDhhmmss-hhmm
  will no longer work.

Deprecations:
- Deprecated the legacy "Type" aliases: ContextType, ConnectionType, \ 
PKeyType, X509NameType, X509ExtensionType, X509ReqType, X509Type, X509StoreType, \ 
CRLType, PKCS7Type, PKCS12Type, NetscapeSPKIType.
  The names without the "Type"-suffix should be used instead.

Changes:
- Added OpenSSL.crypto.X509.from_cryptography() and \ 
OpenSSL.crypto.X509.to_cryptography() for converting X.509 certificate to and \ 
from pyca/cryptography objects.
- Added OpenSSL.crypto.X509Req.from_cryptography(), \ 
OpenSSL.crypto.X509Req.to_cryptography(), \ 
OpenSSL.crypto.CRL.from_cryptography(), and OpenSSL.crypto.CRL.to_cryptography() \ 
for converting X.509 CSRs and CRLs to and from pyca/cryptography objects.
- Added OpenSSL.debug that allows to get an overview of used library versions \ 
(including linked OpenSSL) and other useful runtime information using python -m \ 
OpenSSL.debug.
- Added a fallback path to Context.set_default_verify_paths() to accommodate the \ 
upcoming release of cryptography manylinux1 wheels.
   2017-07-03 13:07:59 by Thomas Klausner | Files touched by this commit (1)
Log message:
Do not run tests that core dump on NetBSD, add upstream bug report URLs.
   2017-05-09 18:49:07 by Adam Ciarcinski | Files touched by this commit (3)
Log message:
Changes 17.0.0:
- Added ``OpenSSL.X509Store.set_time()`` to set a custom verification time when \ 
verifying certificate chains.
- Added a collection of functions for working with OCSP stapling.
  None of these functions make it possible to validate OCSP assertions, only to \ 
staple them into the handshake and to retrieve the stapled assertion if \ 
provided.
  Users will need to write their own code to handle OCSP assertions.
  We specifically added: ``Context.set_ocsp_server_callback``, \ 
``Context.set_ocsp_client_callback``, and ``Connection.request_ocsp``.
- Changed the ``SSL`` module's memory allocation policy to avoid zeroing memory \ 
it allocates when unnecessary.
  This reduces CPU usage and memory allocation time by an amount proportional to \ 
the size of the allocation.
  For applications that process a lot of TLS data or that use very lage \ 
allocations this can provide considerable performance improvements.
- Automatically set ``SSL_CTX_set_ecdh_auto()`` on ``OpenSSL.SSL.Context``.
- Fix empty exceptions from ``OpenSSL.crypto.load_privatekey()``.