./security/py-OpenSSL, Python interface to the OpenSSL library

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 17.2.0, Package name: py27-OpenSSL-17.2.0, Maintainer: pkgsrc-users

pyOpenSSL is a Python module that is a rather thin wrapper around (a
subset of) the OpenSSL library. A lot of the object methods do
nothing more than call a corresponding function in the OpenSSL

Required to run:
[devel/py-setuptools] [lang/python27] [lang/py-six] [security/py-cryptography]

Required to build:
[devel/py-test] [devel/py-pretend] [pkgtools/cwrappers]

Master sites:

SHA1: ab5454f2d297c642c7c3dffeeca359f914a11dd3
RMD160: aa13f01db65c365a0a05843c49bc7dad76511b7a
Filesize: 166.813 KB

Version history: (Expand)

CVS history: (Expand)

   2017-07-20 18:52:16 by Adam Ciarcinski | Files touched by this commit (2)
Log message:

- Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead.

- Fixed a bug causing ``Context.set_default_verify_paths()`` to not work with \ 
cryptography ``manylinux1`` wheels on Python 3.x.
- Fixed a crash with (EC)DSA signatures in some cases.
   2017-07-03 23:37:29 by Thomas Klausner | Files touched by this commit (1)
Log message:
Simplify testing part. Ok adam@
   2017-07-03 22:56:04 by Thomas Klausner | Files touched by this commit (1) | Package updated
Log message:
Add missing py-pretend test dependency.
Update upstream bug report URLs.
   2017-07-03 22:25:05 by Adam Ciarcinski | Files touched by this commit (1)
Log message:
Restored bug-report comments
   2017-07-03 21:37:52 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:

Backward-incompatible changes:
- Removed the deprecated OpenSSL.rand.egd() function.
  Applications should prefer os.urandom() for random number generation.
- Removed the deprecated default digest argument to OpenSSL.crypto.CRL.export().
  Callers must now always pass an explicit digest.
- Fixed a bug with ASN1_TIME casting in X509.set_notBefore(),
  X509.set_notAfter(), Revoked.set_rev_date(), Revoked.set_nextUpdate(),
  and Revoked.set_lastUpdate(). You must now pass times in the form
  YYYYMMDDhhmmssZ. YYYYMMDDhhmmss+hhmm and YYYYMMDDhhmmss-hhmm
  will no longer work.

- Deprecated the legacy "Type" aliases: ContextType, ConnectionType, \ 
PKeyType, X509NameType, X509ExtensionType, X509ReqType, X509Type, X509StoreType, \ 
CRLType, PKCS7Type, PKCS12Type, NetscapeSPKIType.
  The names without the "Type"-suffix should be used instead.

- Added OpenSSL.crypto.X509.from_cryptography() and \ 
OpenSSL.crypto.X509.to_cryptography() for converting X.509 certificate to and \ 
from pyca/cryptography objects.
- Added OpenSSL.crypto.X509Req.from_cryptography(), \ 
OpenSSL.crypto.X509Req.to_cryptography(), \ 
OpenSSL.crypto.CRL.from_cryptography(), and OpenSSL.crypto.CRL.to_cryptography() \ 
for converting X.509 CSRs and CRLs to and from pyca/cryptography objects.
- Added OpenSSL.debug that allows to get an overview of used library versions \ 
(including linked OpenSSL) and other useful runtime information using python -m \ 
- Added a fallback path to Context.set_default_verify_paths() to accommodate the \ 
upcoming release of cryptography manylinux1 wheels.
   2017-07-03 13:07:59 by Thomas Klausner | Files touched by this commit (1)
Log message:
Do not run tests that core dump on NetBSD, add upstream bug report URLs.
   2017-05-09 18:49:07 by Adam Ciarcinski | Files touched by this commit (3)
Log message:
Changes 17.0.0:
- Added ``OpenSSL.X509Store.set_time()`` to set a custom verification time when \ 
verifying certificate chains.
- Added a collection of functions for working with OCSP stapling.
  None of these functions make it possible to validate OCSP assertions, only to \ 
staple them into the handshake and to retrieve the stapled assertion if \ 
  Users will need to write their own code to handle OCSP assertions.
  We specifically added: ``Context.set_ocsp_server_callback``, \ 
``Context.set_ocsp_client_callback``, and ``Connection.request_ocsp``.
- Changed the ``SSL`` module's memory allocation policy to avoid zeroing memory \ 
it allocates when unnecessary.
  This reduces CPU usage and memory allocation time by an amount proportional to \ 
the size of the allocation.
  For applications that process a lot of TLS data or that use very lage \ 
allocations this can provide considerable performance improvements.
- Automatically set ``SSL_CTX_set_ecdh_auto()`` on ``OpenSSL.SSL.Context``.
- Fix empty exceptions from ``OpenSSL.crypto.load_privatekey()``.
   2017-01-28 13:09:14 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
Updated py-OpenSSL to 16.2.0.

Add patch that makes tests on NetBSD progress further.
But then there's a segfault. See

16.2.0 (2016-10-15)


- Fixed compatibility errors with OpenSSL 1.1.0.
- Fixed an issue that caused failures with subinterpreters and embedded Pythons.
  `#552 <https://github.com/pyca/pyopenssl/pull/552>`_

16.1.0 (2016-08-26)


- Dropped support for OpenSSL 0.9.8.


- Fix memory leak in ``OpenSSL.crypto.dump_privatekey()`` with ``FILETYPE_TEXT``.
  `#496 <https://github.com/pyca/pyopenssl/pull/496>`_
- Enable use of CRL (and more) in verify context.
  `#483 <https://github.com/pyca/pyopenssl/pull/483>`_
- ``OpenSSL.crypto.PKey`` can now be constructed from ``cryptography`` objects \ 
and also exported as such.
  `#439 <https://github.com/pyca/pyopenssl/pull/439>`_
- Support newer versions of ``cryptography`` which use opaque structs for \ 
OpenSSL 1.1.0 compatibility.