![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / security / py-OpenSSL
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
py-OpenSSL: fix for setuptools>=78
py-OpenSSL: fix wheel name for latest setuptools and depend on it Bump PKGREVISION.
py-OpenSSL: updated to 25.0.0 25.0.0 (2025-01-12) Changes: - Corrected type annotations on ``Context.set_alpn_select_callback``, ``Context.set_session_cache_mode``, ``Context.set_options``, ``Context.set_mode``, ``X509.subject_name_hash``, and ``X509Store.load_locations``. - Deprecated APIs are now marked using ``warnings.deprecated``. ``mypy`` will emit deprecation notices for them when used with ``--enable-error-code deprecated``.
py-OpenSSL: updated to 24.3.0 24.3.0 (2024-11-27) Backward-incompatible changes: - Removed the deprecated ``OpenSSL.crypto.CRL``, ``OpenSSL.crypto.Revoked``, ``OpenSSL.crypto.dump_crl``, and ``OpenSSL.crypto.load_crl``. ``cryptography.x509``'s CRL functionality should be used instead. - Removed the deprecated ``OpenSSL.crypto.sign`` and ``OpenSSL.crypto.verify``. ``cryptography.hazmat.primitives.asymmetric``'s signature APIs should be used instead. Deprecations: - Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead. - Deprecated ``add_extensions`` and ``get_extensions`` on ``OpenSSL.crypto.X509Req`` and ``OpenSSL.crypto.X509``. These should have been deprecated at the same time ``X509Extension`` was. Users should use pyca/cryptography's X.509 APIs instead. - Deprecated ``OpenSSL.crypto.get_elliptic_curves`` and ``OpenSSL.crypto.get_elliptic_curve``, as well as passing the reult of them to ``OpenSSL.SSL.Context.set_tmp_ecdh``, users should instead pass curves from ``cryptography``. - Deprecated passing ``X509`` objects to ``OpenSSL.SSL.Context.use_certificate``, ``OpenSSL.SSL.Connection.use_certificate``, ``OpenSSL.SSL.Context.add_extra_chain_cert``, and ``OpenSSL.SSL.Context.add_client_ca``, users should instead pass ``cryptography.x509.Certificate`` instances. This is in preparation for deprecating pyOpenSSL's ``X509`` entirely. - Deprecated passing ``PKey`` objects to ``OpenSSL.SSL.Context.use_privatekey`` and ``OpenSSL.SSL.Connection.use_privatekey``, users should instead pass ``cryptography`` priate key instances. This is in preparation for deprecating pyOpenSSL's ``PKey`` entirely. Changes: * ``cryptography`` maximum version has been increased to 44.0.x. * ``OpenSSL.SSL.Connection.get_certificate``, ``OpenSSL.SSL.Connection.get_peer_certificate``, ``OpenSSL.SSL.Connection.get_peer_cert_chain``, and ``OpenSSL.SSL.Connection.get_verified_chain`` now take an ``as_cryptography`` keyword-argument. When ``True`` is passed then ``cryptography.x509.Certificate`` are returned, instead of ``OpenSSL.crypto.X509``. In the future, passing ``False`` (the default) will be deprecated.
py-*: remove unused tool dependency py-setuptools includes the py-wheel functionality nowadays
py-OpenSSL: update to 24.2.1. 24.2.1 (2024-07-20) ------------------- Changes: ^^^^^^^^ - Fixed changelog to remove sphinx specific restructured text strings. 24.2.0 (2024-07-20) ------------------- Deprecations: ^^^^^^^^^^^^^ - Deprecated ``OpenSSL.crypto.X509Req``, ``OpenSSL.crypto.load_certificate_request``, ``OpenSSL.crypto.dump_certificate_request``. Instead, ``cryptography.x509.CertificateSigningRequest``, ``cryptography.x509.CertificateSigningRequestBuilder``, ``cryptography.x509.load_der_x509_csr``, or ``cryptography.x509.load_pem_x509_csr`` should be used. Changes: ^^^^^^^^ - Added type hints for the ``SSL`` module. `#1308 <https://github.com/pyca/pyopenssl/pull/1308>`_. - Changed ``OpenSSL.crypto.PKey.from_cryptography_key`` to accept public and private EC, ED25519, ED448 keys. `#1310 <https://github.com/pyca/pyopenssl/pull/1310>`_.
py-OpenSSL: updated to 24.1.0 24.1.0 (2024-03-09) Backward-incompatible changes: * Removed the deprecated ``OpenSSL.crypto.PKCS12`` and ``OpenSSL.crypto.NetscapeSPKI``. ``OpenSSL.crypto.PKCS12`` may be replaced by the PKCS#12 APIs in the ``cryptography`` package.
py-OpenSSL: updated to 24.0.0 24.0.0 (2024-01-22) Changes: - Added ``OpenSSL.SSL.Connection.get_selected_srtp_profile`` to determine which SRTP profile was negotiated.
py-OpenSSL: updated to 23.3.0 23.3.0 (2023-10-25) ------------------- Backward-incompatible changes: - Dropped support for Python 3.6. - The minimum ``cryptography`` version is now 41.0.5. - Removed ``OpenSSL.crypto.loads_pkcs7`` and ``OpenSSL.crypto.loads_pkcs12`` which had been deprecated for 3 years. - Added ``OpenSSL.SSL.OP_LEGACY_SERVER_CONNECT`` to allow legacy insecure renegotiation between OpenSSL and unpatched servers. Deprecations: - Deprecated ``OpenSSL.crypto.PKCS12`` (which was intended to have been deprecated at the same time as ``OpenSSL.crypto.load_pkcs12``). - Deprecated ``OpenSSL.crypto.NetscapeSPKI``. - Deprecated ``OpenSSL.crypto.CRL`` - Deprecated ``OpenSSL.crypto.Revoked`` - Deprecated ``OpenSSL.crypto.load_crl`` and ``OpenSSL.crypto.dump_crl`` - Deprecated ``OpenSSL.crypto.sign`` and ``OpenSSL.crypto.verify`` - Deprecated ``OpenSSL.crypto.X509Extension`` Changes: - Changed ``OpenSSL.crypto.X509Store.add_crl`` to also accept ``cryptography``'s ``x509.CertificateRevocationList`` arguments in addition to the now deprecated ``OpenSSL.crypto.CRL`` arguments. - Fixed ``test_set_default_verify_paths`` test so that it is skipped if no network connection is available.
*: bump for openssl 3
py-OpenSSL: updated to 23.2.0 23.2.0 (2023-05-30) Backward-incompatible changes: - Removed ``X509StoreFlags.NOTIFY_POLICY``. Changes: - ``cryptography`` maximum version has been increased to 41.0.x. - Invalid versions are now rejected in ``OpenSSL.crypto.X509Req.set_version``. - Added ``X509VerificationCodes`` to ``OpenSSL.SSL``.
py-OpenSSL: updated to 23.1.1 23.1.1 (2023-03-28) Changes: - Worked around an issue in OpenSSL 3.1.0 which caused `X509Extension.get_short_name` to raise an exception when no short name was known to OpenSSL. 23.1.0 (2023-03-24) Changes: - ``cryptography`` maximum version has been increased to 40.0.x. - Add ``OpenSSL.SSL.Connection.DTLSv1_get_timeout`` and ``OpenSSL.SSL.Connection.DTLSv1_handle_timeout`` to support DTLS timeouts
py-OpenSSL: update test status
Updated security/py-OpenSSL to 23.0.0 The previous py-OpenSSL-22.1.0 would abort at runtime against py-cryptography-39.0.x which broke py-certbot and similar. changes: - Add OpenSSL.SSL.X509StoreFlags.PARTIAL_CHAIN constant to allow for users to perform certificate verification on partial certificate chains. #1166 - cryptography maximum version has been increased to 39.0.x.
py-OpenSSL: updated to 22.1.0 22.1.0: Backward-incompatible changes: Remove support for SSLv2 and SSLv3. The minimum cryptography version is now 37.0.2. The OpenSSL.crypto.X509StoreContextError exception has been refactored, changing its internal attributes. Deprecations: OpenSSL.SSL.SSLeay_version is deprecated in favor of OpenSSL.SSL.OpenSSL_version. The constants OpenSSL.SSL.SSLEAY_* are deprecated in favor of OpenSSL.SSL.OPENSSL_*. Changes: Add OpenSSL.SSL.Connection.set_verify and OpenSSL.SSL.Connection.get_verify_mode to override the context object’s verification flags. Add OpenSSL.SSL.Connection.use_certificate and OpenSSL.SSL.Connection.use_privatekey to set a certificate per connection (and not just per context)
py-OpenSSL: update to 22.0.0. 22.0.0 (2022-01-29) ------------------- Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Drop support for Python 2.7. `#1047 <https://github.com/pyca/pyopenssl/pull/1047>`_ - The minimum ``cryptography`` version is now 35.0. Deprecations: ^^^^^^^^^^^^^ Changes: ^^^^^^^^ - Expose wrappers for some `DTLS <https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security>`_ primitives. `#1026 <https://github.com/pyca/pyopenssl/pull/1026>`_
*: convert to versioned_dependencies for py-cryptography
*: bump PKGREVISION for egg.mk users They now have a tool dependency on py-setuptools instead of a DEPENDS
py-OpenSSL: updated to 21.0.0 21.0.0 Backward-incompatible changes: - The minimum ``cryptography`` version is now 3.3. - Drop support for Python 3.5 Changes: - Raise an error when an invalid ALPN value is set. - Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version`` to set the minimum and maximum supported TLS version - Updated ``to_cryptography`` and ``from_cryptography`` methods to support an upcoming release of ``cryptography`` without raising deprecation warnings.
py-OpenSSL: Update to 20.0.1 Changes: 20.0.1 (2020-12-15) ------------------- Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Deprecations: ^^^^^^^^^^^^^ Changes: ^^^^^^^^ - Fixed compatibility with OpenSSL 1.1.0. 20.0.0 (2020-11-27) ------------------- Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - The minimum ``cryptography`` version is now 3.2. - Remove deprecated ``OpenSSL.tsafe`` module. - Removed deprecated ``OpenSSL.SSL.Context.set_npn_advertise_callback``, ``OpenSSL.SSL.Context.set_npn_select_callback``, and ``OpenSSL.SSL.Connection.get_next_proto_negotiated``. - Drop support for Python 3.4 - Drop support for OpenSSL 1.0.1 and 1.0.2 Deprecations: ^^^^^^^^^^^^^ - Deprecated ``OpenSSL.crypto.loads_pkcs7`` and ``OpenSSL.crypto.loads_pkcs12``. Changes: ^^^^^^^^ - Added a new optional ``chain`` parameter to ``OpenSSL.crypto.X509StoreContext()`` where additional untrusted certificates can be specified to help chain building. `#948 <https://github.com/pyca/pyopenssl/pull/948>`_ - Added ``OpenSSL.crypto.X509Store.load_locations`` to set trusted certificate file bundles and/or directories for verification. `#943 <https://github.com/pyca/pyopenssl/pull/943>`_ - Added ``Context.set_keylog_callback`` to log key material. `#910 <https://github.com/pyca/pyopenssl/pull/910>`_ - Added ``OpenSSL.SSL.Connection.get_verified_chain`` to retrieve the verified certificate chain of the peer. `#894 <https://github.com/pyca/pyopenssl/pull/894>`_. - Make verification callback optional in ``Context.set_verify``. If omitted, OpenSSL's default verification is used. `#933 <https://github.com/pyca/pyopenssl/pull/933>`_ - Fixed a bug that could truncate or cause a zero-length key error due to a null byte in private key passphrase in ``OpenSSL.crypto.load_privatekey`` and ``OpenSSL.crypto.dump_privatekey``. `#947 <https://github.com/pyca/pyopenssl/pull/947>`_
pytest from versioned depends
*: Recursive revision bump for openssl 1.1.1.
py-OpenSSL: updated to 19.1.0 19.1.0: Backward-incompatible changes: - Removed deprecated ContextType, ConnectionType, PKeyType, X509NameType, X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, and NetscapeSPKIType aliases. Use the classes without the Type suffix instead. - The minimum cryptography version is now 2.8 due to issues on macOS with a transitive dependency. Deprecations: - Deprecated OpenSSL.SSL.Context.set_npn_advertise_callback, OpenSSL.SSL.Context.set_npn_select_callback, and OpenSSL.SSL.Connection.get_next_proto_negotiated. ALPN should be used instead. Changes: - Support bytearray in SSL.Connection.send() by using cffi's from_buffer. - The OpenSSL.SSL.Context.set_alpn_select_callback can return a new NO_OVERLAPPING_PROTOCOLS sentinel value to allow a TLS handshake to complete without an application protocol.
security: align variable assignments pkglint -Wall -F --only aligned --only indent -r No manual corrections.
py-OpenSSL: updated to 19.0.0 19.0.0: Backward-incompatible changes: - X509Store.add_cert no longer raises an error if you add a duplicate cert. Changes: - pyOpenSSL now works with OpenSSL 1.1.1. - pyOpenSSL now handles NUL bytes in X509Name.get_components()
py-OpenSSL: updated to 18.0.0 18.0.0: Backward-incompatible changes: - The minimum cryptography version is now 2.2.1. - Support for Python 2.6 has been dropped. Changes: - Added Connection.get_certificate to retrieve the local certificate. - OpenSSL.SSL.Connection now sets SSL_MODE_AUTO_RETRY by default. - Added Context.set_tlsext_use_srtp to enable negotiation of SRTP keying material.
pyOpenSSL: updated to 17.5.0 17.5.0: Backward-incompatible changes: * The minimum cryptography version is now 2.1.4. Changes: * Fixed a potential use-after-free in the verify callback and resolved a memory leak when loading PKCS12 files with cacerts. * Added Connection.export_keying_material for RFC 5705 compatible export of keying material.
py-OpenSSL: updated to 17.4.0 17.4.0: Re-added a subset of the OpenSSL.rand module. This subset allows conscientious users to reseed the OpenSSL CSPRNG after fork. Corrected a use-after-free when reusing an issuer or subject from an X509 object after the underlying object has been mutated.
py-OpenSSL: update to 17.3.0 17.3.0 Backward-incompatible changes: * Dropped support for Python 3.3. * Removed the deprecated OpenSSL.rand module. This is being done ahead of our normal deprecation schedule due to its lack of use and the fact that it was becoming a maintenance burden. os.urandom() should be used instead. Deprecations: * Deprecated OpenSSL.tsafe. Changes: * Fixed a memory leak in OpenSSL.crypto.CRL. * Fixed a memory leak when verifying certificates with OpenSSL.crypto.X509StoreContext.
17.2.0: Deprecations: - Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead. Changes: - Fixed a bug causing ``Context.set_default_verify_paths()`` to not work with cryptography ``manylinux1`` wheels on Python 3.x. - Fixed a crash with (EC)DSA signatures in some cases.
Simplify testing part. Ok adam@
Add missing py-pretend test dependency. Update upstream bug report URLs.
Restored bug-report comments
17.1.0: Backward-incompatible changes: - Removed the deprecated OpenSSL.rand.egd() function. Applications should prefer os.urandom() for random number generation. - Removed the deprecated default digest argument to OpenSSL.crypto.CRL.export(). Callers must now always pass an explicit digest. - Fixed a bug with ASN1_TIME casting in X509.set_notBefore(), X509.set_notAfter(), Revoked.set_rev_date(), Revoked.set_nextUpdate(), and Revoked.set_lastUpdate(). You must now pass times in the form YYYYMMDDhhmmssZ. YYYYMMDDhhmmss+hhmm and YYYYMMDDhhmmss-hhmm will no longer work. Deprecations: - Deprecated the legacy "Type" aliases: ContextType, ConnectionType, PKeyType, X509NameType, X509ExtensionType, X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, NetscapeSPKIType. The names without the "Type"-suffix should be used instead. Changes: - Added OpenSSL.crypto.X509.from_cryptography() and OpenSSL.crypto.X509.to_cryptography() for converting X.509 certificate to and from pyca/cryptography objects. - Added OpenSSL.crypto.X509Req.from_cryptography(), OpenSSL.crypto.X509Req.to_cryptography(), OpenSSL.crypto.CRL.from_cryptography(), and OpenSSL.crypto.CRL.to_cryptography() for converting X.509 CSRs and CRLs to and from pyca/cryptography objects. - Added OpenSSL.debug that allows to get an overview of used library versions (including linked OpenSSL) and other useful runtime information using python -m OpenSSL.debug. - Added a fallback path to Context.set_default_verify_paths() to accommodate the upcoming release of cryptography manylinux1 wheels.
Do not run tests that core dump on NetBSD, add upstream bug report URLs.
Changes 17.0.0: - Added ``OpenSSL.X509Store.set_time()`` to set a custom verification time when verifying certificate chains. - Added a collection of functions for working with OCSP stapling. None of these functions make it possible to validate OCSP assertions, only to staple them into the handshake and to retrieve the stapled assertion if provided. Users will need to write their own code to handle OCSP assertions. We specifically added: ``Context.set_ocsp_server_callback``, ``Context.set_ocsp_client_callback``, and ``Connection.request_ocsp``. - Changed the ``SSL`` module's memory allocation policy to avoid zeroing memory it allocates when unnecessary. This reduces CPU usage and memory allocation time by an amount proportional to the size of the allocation. For applications that process a lot of TLS data or that use very lage allocations this can provide considerable performance improvements. - Automatically set ``SSL_CTX_set_ecdh_auto()`` on ``OpenSSL.SSL.Context``. - Fix empty exceptions from ``OpenSSL.crypto.load_privatekey()``.
Updated py-OpenSSL to 16.2.0. Add patch that makes tests on NetBSD progress further. But then there's a segfault. See https://github.com/pyca/pyopenssl/issues/596 16.2.0 (2016-10-15) ------------------- Changes: ^^^^^^^^ - Fixed compatibility errors with OpenSSL 1.1.0. - Fixed an issue that caused failures with subinterpreters and embedded Pythons. `#552 <https://github.com/pyca/pyopenssl/pull/552>`_ 16.1.0 (2016-08-26) ------------------- Deprecations: ^^^^^^^^^^^^^ - Dropped support for OpenSSL 0.9.8. Changes: ^^^^^^^^ - Fix memory leak in ``OpenSSL.crypto.dump_privatekey()`` with ``FILETYPE_TEXT``. `#496 <https://github.com/pyca/pyopenssl/pull/496>`_ - Enable use of CRL (and more) in verify context. `#483 <https://github.com/pyca/pyopenssl/pull/483>`_ - ``OpenSSL.crypto.PKey`` can now be constructed from ``cryptography`` objects and also exported as such. `#439 <https://github.com/pyca/pyopenssl/pull/439>`_ - Support newer versions of ``cryptography`` which use opaque structs for OpenSSL 1.1.0 compatibility.
Switch to MASTER_SITES_PYPI.
Update security/py-OpenSSL to 16.0.0. Changes: 16.0.0 (2016-03-19) ------------------- This is the first release under full stewardship of PyCA. We have made *many* changes to make local development more pleasing. The test suite now passes both on Linux and OS X with OpenSSL 0.9.8, 1.0.1, and 1.0.2. It has been moved to `py.test <https://pytest.org/>`_, all CI test runs are part of `tox <https://testrun.org/tox/>`_ and the source code has been made fully `flake8 <https://flake8.readthedocs.org/>`_ compliant. We hope to have lowered the barrier for contributions significantly but are open to hear about any remaining frustrations. Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Python 3.2 support has been dropped. It never had significant real world usage and has been dropped by our main dependency ``cryptography``. Affected users should upgrade to Python 3.3 or later. Deprecations: ^^^^^^^^^^^^^ - The support for EGD has been removed. The only affected function ``OpenSSL.rand.egd()`` now uses ``os.urandom()`` to seed the internal PRNG instead. Please see `pyca/cryptography#1636 <https://github.com/pyca/cryptography/pull/1636>`_ for more background information on this decision. In accordance with our backward compatibility policy ``OpenSSL.rand.egd()`` will be *removed* no sooner than a year from the release of 16.0.0. Please note that you should `use urandom <http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/>`_ for all your secure random number needs. - Python 2.6 support has been deprecated. Our main dependency ``cryptography`` deprecated 2.6 in version 0.9 (2015-05-14) with no time table for actually dropping it. pyOpenSSL will drop Python 2.6 support once ``cryptography`` does. Changes: ^^^^^^^^ - Fixed ``OpenSSL.SSL.Context.set_session_id``, ``OpenSSL.SSL.Connection.renegotiate``, ``OpenSSL.SSL.Connection.renegotiate_pending``, and ``OpenSSL.SSL.Context.load_client_ca``. They were lacking an implementation since 0.14. `#422 <https://github.com/pyca/pyopenssl/pull/422>`_ - Fixed segmentation fault when using keys larger than 4096-bit to sign data. `#428 <https://github.com/pyca/pyopenssl/pull/428>`_ - Fixed ``AttributeError`` when ``OpenSSL.SSL.Connection.get_app_data()`` was called before setting any app data. `#304 <https://github.com/pyca/pyopenssl/pull/304>`_ - Added ``OpenSSL.crypto.dump_publickey()`` to dump ``OpenSSL.crypto.PKey`` objects that represent public keys, and ``OpenSSL.crypto.load_publickey()`` to load such objects from serialized representations. `#382 <https://github.com/pyca/pyopenssl/pull/382>`_ - Added ``OpenSSL.crypto.dump_crl()`` to dump a certificate revocation list out to a string buffer. `#368 <https://github.com/pyca/pyopenssl/pull/368>`_ - Added ``OpenSSL.SSL.Connection.get_state_string()`` using the OpenSSL binding ``state_string_long``. `#358 <https://github.com/pyca/pyopenssl/pull/358>`_ - Added support for the ``socket.MSG_PEEK`` flag to ``OpenSSL.SSL.Connection.recv()`` and ``OpenSSL.SSL.Connection.recv_into()``. `#294 <https://github.com/pyca/pyopenssl/pull/294>`_ - Added ``OpenSSL.SSL.Connection.get_protocol_version()`` and ``OpenSSL.SSL.Connection.get_protocol_version_name()``. `#244 <https://github.com/pyca/pyopenssl/pull/244>`_ - Switched to ``utf8string`` mask by default. OpenSSL formerly defaulted to a ``T61String`` if there were UTF-8 characters present. This was changed to default to ``UTF8String`` in the config around 2005, but the actual code didn't change it until late last year. This will default us to the setting that actually works. To revert this you can call ``OpenSSL.crypto._lib.ASN1_STRING_set_default_mask_asc(b"default")``. `#234 <https://github.com/pyca/pyopenssl/pull/234>`_
Bump PKGREVISION for security/openssl ABI bump.
Update security/py-OpenSSL to py-OpenSSL-0.15.1. pkgsrc changes: * Update HOMEPAGE Changes: 0.15.1: * OpenSSL/SSL.py, OpenSSL/test/test_ssl.py: Fix a regression present in 0.15, where when an error occurs and no errno() is set, a KeyError is raised. This happens, for example, if Connection.shutdown() is called when the underlying transport has gone away. 0.15: * OpenSSL/rand.py, OpenSSL/SSL.py: APIs which previously accepted filenames only as bytes now accept them as either bytes or unicode (and respect sys.getfilesystemencoding()). * OpenSSL/SSL.py: Add Cory Benfield's next-protocol-negotiation (NPN) bindings. * OpenSSL/SSL.py: Add ``Connection.recv_into``, mirroring the builtin ``socket.recv_into``. Based on work from Cory Benfield. * OpenSSL/test/test_ssl.py: Add tests for ``recv_into``. * OpenSSL/crypto.py: Expose ``X509StoreContext`` for verifying certificates. * OpenSSL/test/test_crypto.py: Add intermediate certificates for * OpenSSL/SSL.py: ``Connection.shutdown`` now propagates errors from the underlying socket. * OpenSSL/SSL.py: Fixed a regression ``Context.check_privatekey`` causing it to always succeed - even if it should fail. * OpenSSL/crypto.py: Fixed a regression where calling ``load_pkcs7_data`` with ``FILETYPE_ASN1`` would fail with a ``NameError``. * OpenSSL/SSL.py: Fix a regression in which the first argument of the "verify" callback was incorrectly passed a ``Context`` instance instead of the ``Connection`` instance. * OpenSSL/test/test_ssl.py: Add a test for the value passed as the first argument of the "verify" callback. * OpenSSL/crypto.py: Based on work from Alex Gaynor, Andrew Lutomirski, Tobias Oberstein, Laurens Van Houtven, and Hynek Schlawack, add ``get_elliptic_curve`` and ``get_elliptic_curves`` to support TLS ECDHE modes. * OpenSSL/SSL.py: Add ``Context.set_tmp_ecdh`` to configure a TLS context with a particular elliptic curve for ECDHE modes. * OpenSSL/SSL.py: ``Connection.send`` and ``Connection.sendall`` now also accept the ``buffer`` type as data. * OpenSSL/crypto.py: Make ``load_pkcs12`` backwards compatible with pyOpenSSL 0.13 by making passphrase optional. * OpenSSL/SSL.py: Add ``get_finished``, ``get_peer_finished`` methods to ``Connection``. If you use these methods to implement TLS channel binding (RFC 5929) disable session resumption because triple handshake attacks against TLS. <https://www.ietf.org/mail-archive/web/tls/current/msg11337.html> <https://secure-resumption.com/tlsauth.pdf> * OpenSSL/SSL.py: Add ``get_cipher_name``, ``get_cipher_bits``, and ``get_cipher_version`` to ``Connection``. * OpenSSL/tsafe.py: Replace the use of ``apply`` (which has been removed in Python 3) with the equivalent syntax. * OpenSSL/crypto.py: Fix memory leak in _X509_REVOKED_dup. * leakcheck/crypto.py: Add checks for _X509_REVOKED_dup, CRL.add_revoked and CRL.get_revoked. * setup.py: Require cryptography 0.3 to have the ASN1_TIME_free binding. * OpenSSL/crypto.py: Add ``get_extensions`` method to ``X509Req``.
Depends on six itself as well. Thanks, gdt.
Depend on py-cryptography instead of py-six (a py-cryptography dependency, pulled in during an attempt to autobuild it because it was missing). Ride PKGREVISION bump from a few minutes ago.
Depend on py-six. py-OpenSSL 0.14 started depending on six, but this package didn't, so "import OpenSSL" failed. Confusingly, this led to build failures in tahoe-lafs because somehow setuptools determined six was needed and tried to download it. After this commit, "make test" in py-OpenSSL still fails; it tries to download "cryptography" and "cffi".
Update to 0.14: 2014-01-09 Jean-Paul Calderone <exarkun@twistedmatrix.com> * OpenSSL: Port to the cffi-based OpenSSL bindings provided by <https://github.com/pyca/cryptography> 2013-10-06 Jean-Paul Calderone <exarkun@twistedmatrix.com> * OpenSSL/ssl/context.c: Add support for negotiating TLS v1.1 or v1.2. 2013-10-03 Christian Heimes <christian@python.org> * OpenSSL/crypto/x509.c: Fix an inconsistency in memory management in X509.get_serial_number which leads to crashes on some runtimes (certain Windows/Python 3.3 environments, at least).
Recursive PKGREVISION bump for OpenSSL API version bump.
Mark packages as not ready for python-3.x where applicable; either because they themselves are not ready or because a dependency isn't. This is annotated by PYTHON_VERSIONS_INCOMPATIBLE= 33 # not yet ported as of x.y.z or PYTHON_VERSIONS_INCOMPATIBLE= 33 # py-foo, py-bar respectively, please use the same style for other packages, and check during updates. Use versioned_dependencies.mk where applicable. Use REPLACE_PYTHON instead of handcoded alternatives, where applicable. Reorder Makefile sections into standard order, where applicable. Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default with the next commit. Whitespace cleanups and other nits corrected, where necessary.
update to 0.13.1 This fixes a hostname check bypassing vulnerability (truncation on NULL-bytes, as seen in other implementations) (CVE-2013-4314)
PKGREVISION bumps for the security/openssl 1.0.1d update.
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
Update security/py-OpenSSL to 0.13.
Upstream changes:
2011-09-02 Jean-Paul Calderone <exarkun@twistedmatrix.com>
* Release 0.13
2011-06-12 Jean-Paul Calderone <exarkun@twistedmatrix.com>
* OpenSSL/crypto/pkey.c: Add the PKey.check method, mostly
implemented by Rick Dean, to verify the internal consistency of a
PKey instance.
2011-06-12 Jean-Paul Calderone <exarkun@twistedmatrix.com>
* OpenSSL/crypto/crypto.c: Fix the sign and verify functions so
they handle data with embedded NULs. Fix by David Brodsky
<lp:~lihalla>.
2011-05-20 Jean-Paul Calderone <exarkun@twistedmatrix.com>
* OpenSSL/ssl/connection.c, OpenSSL/test/test_ssl.py: Add a new
method to the Connection type, get_peer_cert_chain, for retrieving
the peer's certificate chain.
2011-05-19 Jean-Paul Calderone <exarkun@twistedmatrix.com>
* OpenSSL/crypto/x509.c, OpenSSL/test/test_crypto.py: Add a new
method to the X509 type, get_signature_algorithm, for inspecting
the signature algorithm field of the certificate. Based on a
patch from <lp:~okuda>.
2011-05-10 Jean-Paul Calderone <exarkun@twistedmatrix.com>
* OpenSSL/crypto/crypto.h: Work around a Windows/OpenSSL 1.0 issue
explicitly including a Windows header before any OpenSSL headers.
* OpenSSL/crypto/pkcs12.c: Work around an OpenSSL 1.0 issue by
explicitly flushing errors known to be uninteresting after calling
PKCS12_parse.
* OpenSSL/ssl/context.c: Remove SSLv2 support if the underlying
OpenSSL library does not provide it.
* OpenSSL/test/test_crypto.py: Support an OpenSSL 1.0 change from
MD5 to SHA1 by allowing either hash algorithm's result as the
return value of X509.subject_name_hash.
* OpenSSL/test/test_ssl.py: Support an OpenSSL 1.0 change from MD5
to SHA1 by constructing certificate files named using both hash
algorithms' results when testing Context.load_verify_locations.
* Support OpenSSL 1.0.0a.
2011-04-15 Jean-Paul Calderone <exarkun@twistedmatrix.com>
* OpenSSL/ssl/ssl.c: Add OPENSSL_VERSION_NUMBER, SSLeay_version
and related constants for retrieving version information about the
underlying OpenSSL library.
Tag the 28 locations that result in a Python 3.1 package as supporting so. Remove it from the default list for the rest.
Changes 0.12: * OpenSSL/crypto/x509.c: Add get_extension_count and get_extension to the X509 type, allowing read access to certificate extensions. * OpenSSL/crypto/x509ext.c: Add get_short_name and get_data to the X509Extension type, allowing read access to the contents of an extension. * OpenSSL/ssl/ssl.c: Expose a number of symbolic constants for values passed to the connection "info" callback. * OpenSSL/ssl/connection.py: Add support for new-style buffers (primarily memoryviews) to Connection.send and Connection.sendall.
Use distutils.mk, and conditionalize egg file presence. Fixes build with Python 2.4.
Substitute the egg file in PLIST so that the version isn't hardcoded. (We are missing infrastructure for egg files in non-egg packages.) Problem pointed out by wiz@.
Don't suppress egg-info file, so that programs that use requires to find the Python package contained in this distribution will work.
Upgrade py-OpenSSL to 0.10 from 0.7 for feature enhancements.
Recursive PKGREVISION bump for jpeg update to 8.
Accept Python 2.6 for now until evidence of breakage appears. Fixes dependencies of some other packages.
Remove PYBINMODULE. All it did was mark some packages as not available on some platforms that lacked shared library support in the past. The list hasn't been maintained at all and the gain is very limited, so just get rid of it.
Push new Python OpenSSL module. Changes since version 0.6: - Removed some unused variables. - Improved Python 2.3 compatibility. - Fixed various threading bugs. - Some improvements in the test suite.
Add DESTDIR support.
Update PYTHON_VERSIONS_COMPATIBLE - assume that Python 2.4 and 2.5 are compatible and allow checking for fallout. - remove PYTHON_VERSIONS_COMPATIBLE that are obsoleted by the 2.3+ default. Modify the others to deal with the removals.
Per the process outlined in revbump(1), perform a recursive revbump on packages that are affected by the switch from the openssl 0.9.7 branch to the 0.9.8 branch. ok jlam@
Whitespace cleanup, courtesy of pkglint. Patch provided by Sergey Svishchev in private mail.
I don't use this package anymore.
Needs Python 2.2 or later.
Recursive revision bump / recommended bump for gettext ABI change.
Change the maintainer (me) email address. Approved by hubertf.
Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used.
Update py-OpenSSL to 0.6. Patch provided by Rui Paulo. Changes: * doc/pyOpenSSL.tex: Updates to the docs. * src/crypto/x509.c: Add X509.add_extensions based on a patch from Han S. Lee. * src/ssl/ssl.c: Add more SSL_OP_ constants. Patch from Mihai Ibanescu. * setup.py src/crypto/: Add support for Netscape SPKI extensions based on a patch from Tollef Fog Heen. * src/crypto/crypto.c: Add support for python passphrase callbacks based on a patch from Robert Olson. * src/ssl/context.c: Applied patch from Frederic Peters to add Context.use_certificate_chain_file. * src/crypto/x509.c: Applid patch from Tollef Fog Heen to add X509.subject_name_hash and X509.digest. * src/crypto/crypto.c src/ssl/ssl.c: Applied patch from Bastian Kleineidam to fix full names of exceptions. * doc/pyOpenSSL.tex: Fix the errors regarding X509Name's field names. * examples/certgen.py: Fixed wrong attributes in doc string, thanks Remy. (SFbug#913315) * __init__.py, setup.py, version.py: Add __version__, as suggested by Ronald Oussoren in SFbug#888729. * examples/proxy.py: Fix typos, thanks Mihai Ibanescu. (SFpatch#895820) * Use cyclic GC protocol in SSL.Connection, SSL.Context, crypto.PKCS12 and crypto.X509Name. * tsafe.py: Add some missing methods. * __init__.py: Import tsafe too! * src/crypto/x509name.c: Use unicode strings instead of ordinary strings in getattr/setattr. Note that plain ascii strings should still work.
adam at monkeybyte dot org's mail setup is broken, revert to tech-pkg.
Libtool fix for PR pkg/26633, and other issues. Update libtool to 1.5.10 in the process. (More information on tech-pkg.) Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and installing .la files. Bump PKGREVISION (only) of all packages depending directly on the above via a buildlink3 include.
add python as category ok'd a while back at pkgsrcCon by agc and wiz
PKGREVISION bump after openssl-security-fix-update to 0.9.6m. Buildlink files: RECOMMENDED version changed to current version.
Import py-OpenSSL from pkgsrc-wip. Packaged by mjasm at users dot sourceforge dot net, cleaned by cjep@, and modified by me. pyOpenSSL is a Python module that is a rather think wrapper around (a subset of) the OpenSSL library. A lot of the object methods do nothing more than call a corresponding function in the OpenSSL library.
Initial revision