./security/py-tlslite, SSL 3.0, TLS 1.0, and TLS 1.1 in Python

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 0.4.8, Package name: py27-tlslite-0.4.8, Maintainer: schmonz

TLS Lite is a free python library that implements SSL 3.0, TLS 1.0,
and TLS 1.1. TLS Lite supports non-traditional authentication methods
such as SRP, shared keys, and cryptoIDs in addition to X.509
certificates. TLS Lite is pure Python, however it can access OpenSSL,
cryptlib, pycrypto, and GMPY for faster crypto operations. TLS Lite
integrates with httplib, xmlrpclib, poplib, imaplib, smtplib,
SocketServer, asyncore, and Twisted.


Required to run:
[lang/python27]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: b20f2a35fe0510a8ee9d1fed2bc1ed6a03a8baba
RMD160: 8d470941fe4cabd714b12c76a681d19450c3be1d
Filesize: 91.07 KB

Version history: (Expand)


CVS history: (Expand)


   2017-01-01 23:01:45 by Amitai Schleier | Files touched by this commit (1)
Log message:
Indent.
   2017-01-01 22:50:31 by Amitai Schleier | Files touched by this commit (6) | Package updated
Log message:
Update to 0.4.8. From the changelog:

0.4.8 - 11/12/2014
 - Added more acknowledgements and security considerations
0.4.7 - 11/12/2014
 - Added TLS 1.2 support (Yngve Pettersen and Paul Sokolovsky)
 - Don't offer SSLv3 by default (e.g. POODLE)
 - Fixed bug with PyCrypto_RSA integration
 - Fixed harmless bug that added non-prime into sieves list
 - Added "make test" and "make test-dev" targets (Hubert Kario)
0.4.5 - 3/20/2013
 - **API CHANGE**: TLSClosedConnectionError instead of ValueError when writing
   to a closed connection.  This inherits from socket.error, so should
   interact better with SocketServer (see http://bugs.python.org/issue14574)
   and other things expecting a socket.error in this situation.
 - Added support for RC4-MD5 ciphersuite (if enabled in settings)
   - This is allegedly necessary to connect to some Internet servers.
 - Added TLSConnection.unread() function
 - Switched to New-style classes (inherit from 'object')
 - Minor cleanups
0.4.4 - 2/25/2013
 - Added Python 3 support (Martin von Loewis)
 - Added NPN client support (Marcelo Fernandez)
 - Switched to RC4 as preferred cipher
   - faster in Python, avoids "Lucky 13" timing attacks
 - Fixed bug when specifying ciphers for anon ciphersuites
 - Made RSA hashAndVerify() tolerant of sigs w/o encoded NULL AlgorithmParam
   - (this function is not used for TLS currently, and this tolerance may
      not even be necessary)
0.4.3 - 9/27/2012
 - Minor bugfix (0.4.2 doesn't load tackpy)
0.4.2 - 9/25/2012
 - Updated TACK (compatible with tackpy 0.9.9)
0.4.1 - 5/22/2012
 - Fixed RSA padding bugs (w/help from John Randolph)
 - Updated TACK (compatible with tackpy 0.9.7)
 - Added SNI
 - Added NPN server support (Sam Rushing/Google)
 - Added AnonDH (Dimitris Moraitis)
 - Added X509CertChain.parsePemList
 - Improved XML-RPC (Kees Bos)

0.4.0 - 2/11/2012
 - Fixed pycrypto support
 - Fixed python 2.6 problems

0.3.9.x - 2/7/2012

Much code cleanup, in particular decomposing the handshake functions so they
are readable. The main new feature is support for TACK, an experimental
authentication method that provides a new way to pin server certificates (See
https://github.com/moxie0/Convergence/wiki/TACK ).

Also:

 - Security Fixes
   - Sends SCSV ciphersuite as per RFC 5746, to signal non-renegotiated
     Client Hello.  Does not support renegotiation (never has).
   - Change from e=3 to e=65537 for generated RSA keys, not strictly
     necessary but mitigates risk of sloppy verifier.
   - 1/(n-1) countermeasure for BEAST.

 - Behavior changes:
   - Split cmdline into tls.py and tlstest.py, improved options.
   - Formalized LICENSE.
   - Defaults to closing socket after sending close_notify, fixes hanging.
     problem that would occur sometime when waiting for other party's
     close_notify.
   - Update SRP to RFC 5054 compliance.
   - Removed client handshake "callbacks", no longer support the SRP
     re-handshake idiom within a single handshake function.

 - Bugfixes
   - Added hashlib support, removes Deprecation Warning due to sha and md5.
   - Handled GeneratorExit exceptions that are a new Python feature, and
     interfere with the async code if not handled.

 - Removed:
   - Shared keys (it was based on an ancient I-D, not TLS-PSK).
   - cryptlib support, it wasn't used much, we have enough other options.
   - cryptoIDs (TACK is better).
   - win32prng extension module, as os.urandom is now available.
   - Twisted integration (unused?, slowed down loading).
   - Jython code (ancient, didn't work).
   - Compat support for python versions < 2.7.

 - Additions
   - Support for TACK via TACKpy.
   - Support for CertificateRequest.certificate_authorities ("reqCAs")
   - Added TLSConnection.shutdown() to better mimic socket.
   - Enabled Session resumption for XMLRPCTransport.
   2017-01-01 15:44:09 by Thomas Klausner | Files touched by this commit (577)
Log message:
Add python-3.6 to incompatible versions.
   2016-07-09 15:04:18 by Thomas Klausner | Files touched by this commit (599)
Log message:
Remove python33: adapt all packages that refer to it.
   2015-12-05 22:26:09 by Adam Ciarcinski | Files touched by this commit (578)
Log message:
Extend PYTHON_VERSIONS_INCOMPATIBLE to 35
   2015-11-04 02:18:12 by Alistair G. Crooks | Files touched by this commit (434)
Log message:
Add SHA512 digests for distfiles for security category

Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2014-05-09 09:37:28 by Thomas Klausner | Files touched by this commit (553)
Log message:
Mark packages that are not ready for python-3.3 also not ready for 3.4,
until proven otherwise.
   2014-01-25 11:30:32 by Thomas Klausner | Files touched by this commit (533) | Package updated
Log message:
Mark packages as not ready for python-3.x where applicable;
either because they themselves are not ready or because a
dependency isn't. This is annotated by
PYTHON_VERSIONS_INCOMPATIBLE=  33 # not yet ported as of x.y.z
or
PYTHON_VERSIONS_INCOMPATIBLE=  33 # py-foo, py-bar
respectively, please use the same style for other packages,
and check during updates.

Use versioned_dependencies.mk where applicable.
Use REPLACE_PYTHON instead of handcoded alternatives, where applicable.
Reorder Makefile sections into standard order, where applicable.

Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default
with the next commit.

Whitespace cleanups and other nits corrected, where necessary.