![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / security / py-OpenSSL
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.32 / (download) - annotate - [select for diffs], Thu Oct 26 06:32:57 2023 UTC (5 weeks ago) by adam
Branch: MAIN
CVS Tags: HEAD
Changes since 1.31: +5 -5
lines
Diff to previous 1.31 (colored)
py-OpenSSL: updated to 23.3.0 23.3.0 (2023-10-25) ------------------- Backward-incompatible changes: - Dropped support for Python 3.6. - The minimum ``cryptography`` version is now 41.0.5. - Removed ``OpenSSL.crypto.loads_pkcs7`` and ``OpenSSL.crypto.loads_pkcs12`` which had been deprecated for 3 years. - Added ``OpenSSL.SSL.OP_LEGACY_SERVER_CONNECT`` to allow legacy insecure renegotiation between OpenSSL and unpatched servers. Deprecations: - Deprecated ``OpenSSL.crypto.PKCS12`` (which was intended to have been deprecated at the same time as ``OpenSSL.crypto.load_pkcs12``). - Deprecated ``OpenSSL.crypto.NetscapeSPKI``. - Deprecated ``OpenSSL.crypto.CRL`` - Deprecated ``OpenSSL.crypto.Revoked`` - Deprecated ``OpenSSL.crypto.load_crl`` and ``OpenSSL.crypto.dump_crl`` - Deprecated ``OpenSSL.crypto.sign`` and ``OpenSSL.crypto.verify`` - Deprecated ``OpenSSL.crypto.X509Extension`` Changes: - Changed ``OpenSSL.crypto.X509Store.add_crl`` to also accept ``cryptography``'s ``x509.CertificateRevocationList`` arguments in addition to the now deprecated ``OpenSSL.crypto.CRL`` arguments. - Fixed ``test_set_default_verify_paths`` test so that it is skipped if no network connection is available.
Revision 1.31 / (download) - annotate - [select for diffs], Wed May 31 12:58:48 2023 UTC (6 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2023Q3-base,
pkgsrc-2023Q3,
pkgsrc-2023Q2-base,
pkgsrc-2023Q2
Changes since 1.30: +4 -4
lines
Diff to previous 1.30 (colored)
py-OpenSSL: updated to 23.2.0 23.2.0 (2023-05-30) Backward-incompatible changes: - Removed ``X509StoreFlags.NOTIFY_POLICY``. Changes: - ``cryptography`` maximum version has been increased to 41.0.x. - Invalid versions are now rejected in ``OpenSSL.crypto.X509Req.set_version``. - Added ``X509VerificationCodes`` to ``OpenSSL.SSL``.
Revision 1.30 / (download) - annotate - [select for diffs], Tue Apr 18 17:17:39 2023 UTC (7 months, 1 week ago) by adam
Branch: MAIN
Changes since 1.29: +4 -4
lines
Diff to previous 1.29 (colored)
py-OpenSSL: updated to 23.1.1 23.1.1 (2023-03-28) Changes: - Worked around an issue in OpenSSL 3.1.0 which caused `X509Extension.get_short_name` to raise an exception when no short name was known to OpenSSL. 23.1.0 (2023-03-24) Changes: - ``cryptography`` maximum version has been increased to 40.0.x. - Add ``OpenSSL.SSL.Connection.DTLSv1_get_timeout`` and ``OpenSSL.SSL.Connection.DTLSv1_handle_timeout`` to support DTLS timeouts
Revision 1.29 / (download) - annotate - [select for diffs], Sun Jan 15 19:40:14 2023 UTC (10 months, 2 weeks ago) by abs
Branch: MAIN
CVS Tags: pkgsrc-2023Q1-base,
pkgsrc-2023Q1
Changes since 1.28: +4 -4
lines
Diff to previous 1.28 (colored)
Updated security/py-OpenSSL to 23.0.0 The previous py-OpenSSL-22.1.0 would abort at runtime against py-cryptography-39.0.x which broke py-certbot and similar. changes: - Add OpenSSL.SSL.X509StoreFlags.PARTIAL_CHAIN constant to allow for users to perform certificate verification on partial certificate chains. #1166 - cryptography maximum version has been increased to 39.0.x.
Revision 1.28 / (download) - annotate - [select for diffs], Mon Sep 26 17:57:07 2022 UTC (14 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2022Q4-base,
pkgsrc-2022Q4
Changes since 1.27: +4 -4
lines
Diff to previous 1.27 (colored)
py-OpenSSL: updated to 22.1.0 22.1.0: Backward-incompatible changes: Remove support for SSLv2 and SSLv3. The minimum cryptography version is now 37.0.2. The OpenSSL.crypto.X509StoreContextError exception has been refactored, changing its internal attributes. Deprecations: OpenSSL.SSL.SSLeay_version is deprecated in favor of OpenSSL.SSL.OpenSSL_version. The constants OpenSSL.SSL.SSLEAY_* are deprecated in favor of OpenSSL.SSL.OPENSSL_*. Changes: Add OpenSSL.SSL.Connection.set_verify and OpenSSL.SSL.Connection.get_verify_mode to override the context objectãàÑÔ verification flags. Add OpenSSL.SSL.Connection.use_certificate and OpenSSL.SSL.Connection.use_privatekey to set a certificate per connection (and not just per context)
Revision 1.27 / (download) - annotate - [select for diffs], Sun Sep 11 18:15:07 2022 UTC (14 months, 2 weeks ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2022Q3-base,
pkgsrc-2022Q3
Changes since 1.26: +4 -4
lines
Diff to previous 1.26 (colored)
py-OpenSSL: update to 22.0.0. 22.0.0 (2022-01-29) ------------------- Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Drop support for Python 2.7. `#1047 <https://github.com/pyca/pyopenssl/pull/1047>`_ - The minimum ``cryptography`` version is now 35.0. Deprecations: ^^^^^^^^^^^^^ Changes: ^^^^^^^^ - Expose wrappers for some `DTLS <https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security>`_ primitives. `#1026 <https://github.com/pyca/pyopenssl/pull/1026>`_
Revision 1.26 / (download) - annotate - [select for diffs], Tue Nov 2 09:45:53 2021 UTC (2 years ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base,
pkgsrc-2022Q2,
pkgsrc-2022Q1-base,
pkgsrc-2022Q1,
pkgsrc-2021Q4-base,
pkgsrc-2021Q4
Changes since 1.25: +4 -4
lines
Diff to previous 1.25 (colored)
py-OpenSSL: updated to 21.0.0 21.0.0 Backward-incompatible changes: - The minimum ``cryptography`` version is now 3.3. - Drop support for Python 3.5 Changes: - Raise an error when an invalid ALPN value is set. - Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version`` to set the minimum and maximum supported TLS version - Updated ``to_cryptography`` and ``from_cryptography`` methods to support an upcoming release of ``cryptography`` without raising deprecation warnings.
Revision 1.25 / (download) - annotate - [select for diffs], Tue Oct 26 11:17:40 2021 UTC (2 years, 1 month ago) by nia
Branch: MAIN
Changes since 1.24: +2 -2
lines
Diff to previous 1.24 (colored)
security: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Unfetchable distfiles (fetched conditionally?): ./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
Revision 1.24 / (download) - annotate - [select for diffs], Thu Oct 7 14:54:24 2021 UTC (2 years, 1 month ago) by nia
Branch: MAIN
Changes since 1.23: +1 -2
lines
Diff to previous 1.23 (colored)
security: Remove SHA1 hashes for distfiles
Revision 1.23 / (download) - annotate - [select for diffs], Sat Dec 19 11:52:26 2020 UTC (2 years, 11 months ago) by leot
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base,
pkgsrc-2021Q3,
pkgsrc-2021Q2-base,
pkgsrc-2021Q2,
pkgsrc-2021Q1-base,
pkgsrc-2021Q1,
pkgsrc-2020Q4-base,
pkgsrc-2020Q4
Changes since 1.22: +6 -6
lines
Diff to previous 1.22 (colored)
py-OpenSSL: Update to 20.0.1 Changes: 20.0.1 (2020-12-15) ------------------- Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Deprecations: ^^^^^^^^^^^^^ Changes: ^^^^^^^^ - Fixed compatibility with OpenSSL 1.1.0. 20.0.0 (2020-11-27) ------------------- Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - The minimum ``cryptography`` version is now 3.2. - Remove deprecated ``OpenSSL.tsafe`` module. - Removed deprecated ``OpenSSL.SSL.Context.set_npn_advertise_callback``, ``OpenSSL.SSL.Context.set_npn_select_callback``, and ``OpenSSL.SSL.Connection.get_next_proto_negotiated``. - Drop support for Python 3.4 - Drop support for OpenSSL 1.0.1 and 1.0.2 Deprecations: ^^^^^^^^^^^^^ - Deprecated ``OpenSSL.crypto.loads_pkcs7`` and ``OpenSSL.crypto.loads_pkcs12``. Changes: ^^^^^^^^ - Added a new optional ``chain`` parameter to ``OpenSSL.crypto.X509StoreContext()`` where additional untrusted certificates can be specified to help chain building. `#948 <https://github.com/pyca/pyopenssl/pull/948>`_ - Added ``OpenSSL.crypto.X509Store.load_locations`` to set trusted certificate file bundles and/or directories for verification. `#943 <https://github.com/pyca/pyopenssl/pull/943>`_ - Added ``Context.set_keylog_callback`` to log key material. `#910 <https://github.com/pyca/pyopenssl/pull/910>`_ - Added ``OpenSSL.SSL.Connection.get_verified_chain`` to retrieve the verified certificate chain of the peer. `#894 <https://github.com/pyca/pyopenssl/pull/894>`_. - Make verification callback optional in ``Context.set_verify``. If omitted, OpenSSL's default verification is used. `#933 <https://github.com/pyca/pyopenssl/pull/933>`_ - Fixed a bug that could truncate or cause a zero-length key error due to a null byte in private key passphrase in ``OpenSSL.crypto.load_privatekey`` and ``OpenSSL.crypto.dump_privatekey``. `#947 <https://github.com/pyca/pyopenssl/pull/947>`_
Revision 1.22 / (download) - annotate - [select for diffs], Mon Nov 18 10:51:31 2019 UTC (4 years ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base,
pkgsrc-2020Q3,
pkgsrc-2020Q2-base,
pkgsrc-2020Q2,
pkgsrc-2020Q1-base,
pkgsrc-2020Q1,
pkgsrc-2019Q4-base,
pkgsrc-2019Q4
Changes since 1.21: +5 -5
lines
Diff to previous 1.21 (colored)
py-OpenSSL: updated to 19.1.0 19.1.0: Backward-incompatible changes: - Removed deprecated ContextType, ConnectionType, PKeyType, X509NameType, X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, and NetscapeSPKIType aliases. Use the classes without the Type suffix instead. - The minimum cryptography version is now 2.8 due to issues on macOS with a transitive dependency. Deprecations: - Deprecated OpenSSL.SSL.Context.set_npn_advertise_callback, OpenSSL.SSL.Context.set_npn_select_callback, and OpenSSL.SSL.Connection.get_next_proto_negotiated. ALPN should be used instead. Changes: - Support bytearray in SSL.Connection.send() by using cffi's from_buffer. - The OpenSSL.SSL.Context.set_alpn_select_callback can return a new NO_OVERLAPPING_PROTOCOLS sentinel value to allow a TLS handshake to complete without an application protocol.
Revision 1.21 / (download) - annotate - [select for diffs], Tue Jan 22 09:12:09 2019 UTC (4 years, 10 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base,
pkgsrc-2019Q3,
pkgsrc-2019Q2-base,
pkgsrc-2019Q2,
pkgsrc-2019Q1-base,
pkgsrc-2019Q1
Changes since 1.20: +5 -5
lines
Diff to previous 1.20 (colored)
py-OpenSSL: updated to 19.0.0 19.0.0: Backward-incompatible changes: - X509Store.add_cert no longer raises an error if you add a duplicate cert. Changes: - pyOpenSSL now works with OpenSSL 1.1.1. - pyOpenSSL now handles NUL bytes in X509Name.get_components()
Revision 1.20 / (download) - annotate - [select for diffs], Wed May 23 09:40:52 2018 UTC (5 years, 6 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2018Q4-base,
pkgsrc-2018Q4,
pkgsrc-2018Q3-base,
pkgsrc-2018Q3,
pkgsrc-2018Q2-base,
pkgsrc-2018Q2
Changes since 1.19: +5 -5
lines
Diff to previous 1.19 (colored)
py-OpenSSL: updated to 18.0.0 18.0.0: Backward-incompatible changes: - The minimum cryptography version is now 2.2.1. - Support for Python 2.6 has been dropped. Changes: - Added Connection.get_certificate to retrieve the local certificate. - OpenSSL.SSL.Connection now sets SSL_MODE_AUTO_RETRY by default. - Added Context.set_tlsext_use_srtp to enable negotiation of SRTP keying material.
Revision 1.19 / (download) - annotate - [select for diffs], Fri Dec 1 08:53:17 2017 UTC (6 years ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2018Q1-base,
pkgsrc-2018Q1,
pkgsrc-2017Q4-base,
pkgsrc-2017Q4
Changes since 1.18: +5 -5
lines
Diff to previous 1.18 (colored)
pyOpenSSL: updated to 17.5.0 17.5.0: Backward-incompatible changes: * The minimum cryptography version is now 2.1.4. Changes: * Fixed a potential use-after-free in the verify callback and resolved a memory leak when loading PKCS12 files with cacerts. * Added Connection.export_keying_material for RFC 5705 compatible export of keying material.
Revision 1.18 / (download) - annotate - [select for diffs], Thu Nov 23 10:12:33 2017 UTC (6 years ago) by adam
Branch: MAIN
Changes since 1.17: +5 -5
lines
Diff to previous 1.17 (colored)
py-OpenSSL: updated to 17.4.0 17.4.0: Re-added a subset of the OpenSSL.rand module. This subset allows conscientious users to reseed the OpenSSL CSPRNG after fork. Corrected a use-after-free when reusing an issuer or subject from an X509 object after the underlying object has been mutated.
Revision 1.17 / (download) - annotate - [select for diffs], Sat Sep 16 06:47:52 2017 UTC (6 years, 2 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base,
pkgsrc-2017Q3
Changes since 1.16: +5 -5
lines
Diff to previous 1.16 (colored)
py-OpenSSL: update to 17.3.0 17.3.0 Backward-incompatible changes: * Dropped support for Python 3.3. * Removed the deprecated OpenSSL.rand module. This is being done ahead of our normal deprecation schedule due to its lack of use and the fact that it was becoming a maintenance burden. os.urandom() should be used instead. Deprecations: * Deprecated OpenSSL.tsafe. Changes: * Fixed a memory leak in OpenSSL.crypto.CRL. * Fixed a memory leak when verifying certificates with OpenSSL.crypto.X509StoreContext.
Revision 1.16 / (download) - annotate - [select for diffs], Thu Jul 20 16:52:16 2017 UTC (6 years, 4 months ago) by adam
Branch: MAIN
Changes since 1.15: +5 -5
lines
Diff to previous 1.15 (colored)
17.2.0: Deprecations: - Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead. Changes: - Fixed a bug causing ``Context.set_default_verify_paths()`` to not work with cryptography ``manylinux1`` wheels on Python 3.x. - Fixed a crash with (EC)DSA signatures in some cases.
Revision 1.15 / (download) - annotate - [select for diffs], Mon Jul 3 19:37:52 2017 UTC (6 years, 4 months ago) by adam
Branch: MAIN
Changes since 1.14: +5 -5
lines
Diff to previous 1.14 (colored)
17.1.0: Backward-incompatible changes: - Removed the deprecated OpenSSL.rand.egd() function. Applications should prefer os.urandom() for random number generation. - Removed the deprecated default digest argument to OpenSSL.crypto.CRL.export(). Callers must now always pass an explicit digest. - Fixed a bug with ASN1_TIME casting in X509.set_notBefore(), X509.set_notAfter(), Revoked.set_rev_date(), Revoked.set_nextUpdate(), and Revoked.set_lastUpdate(). You must now pass times in the form YYYYMMDDhhmmssZ. YYYYMMDDhhmmss+hhmm and YYYYMMDDhhmmss-hhmm will no longer work. Deprecations: - Deprecated the legacy "Type" aliases: ContextType, ConnectionType, PKeyType, X509NameType, X509ExtensionType, X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, NetscapeSPKIType. The names without the "Type"-suffix should be used instead. Changes: - Added OpenSSL.crypto.X509.from_cryptography() and OpenSSL.crypto.X509.to_cryptography() for converting X.509 certificate to and from pyca/cryptography objects. - Added OpenSSL.crypto.X509Req.from_cryptography(), OpenSSL.crypto.X509Req.to_cryptography(), OpenSSL.crypto.CRL.from_cryptography(), and OpenSSL.crypto.CRL.to_cryptography() for converting X.509 CSRs and CRLs to and from pyca/cryptography objects. - Added OpenSSL.debug that allows to get an overview of used library versions (including linked OpenSSL) and other useful runtime information using python -m OpenSSL.debug. - Added a fallback path to Context.set_default_verify_paths() to accommodate the upcoming release of cryptography manylinux1 wheels.
Revision 1.14 / (download) - annotate - [select for diffs], Tue May 9 16:49:07 2017 UTC (6 years, 6 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base,
pkgsrc-2017Q2
Changes since 1.13: +6 -6
lines
Diff to previous 1.13 (colored)
Changes 17.0.0: - Added ``OpenSSL.X509Store.set_time()`` to set a custom verification time when verifying certificate chains. - Added a collection of functions for working with OCSP stapling. None of these functions make it possible to validate OCSP assertions, only to staple them into the handshake and to retrieve the stapled assertion if provided. Users will need to write their own code to handle OCSP assertions. We specifically added: ``Context.set_ocsp_server_callback``, ``Context.set_ocsp_client_callback``, and ``Connection.request_ocsp``. - Changed the ``SSL`` module's memory allocation policy to avoid zeroing memory it allocates when unnecessary. This reduces CPU usage and memory allocation time by an amount proportional to the size of the allocation. For applications that process a lot of TLS data or that use very lage allocations this can provide considerable performance improvements. - Automatically set ``SSL_CTX_set_ecdh_auto()`` on ``OpenSSL.SSL.Context``. - Fix empty exceptions from ``OpenSSL.crypto.load_privatekey()``.
Revision 1.13 / (download) - annotate - [select for diffs], Sat Jan 28 12:09:14 2017 UTC (6 years, 10 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base,
pkgsrc-2017Q1
Changes since 1.12: +6 -5
lines
Diff to previous 1.12 (colored)
Updated py-OpenSSL to 16.2.0. Add patch that makes tests on NetBSD progress further. But then there's a segfault. See https://github.com/pyca/pyopenssl/issues/596 16.2.0 (2016-10-15) ------------------- Changes: ^^^^^^^^ - Fixed compatibility errors with OpenSSL 1.1.0. - Fixed an issue that caused failures with subinterpreters and embedded Pythons. `#552 <https://github.com/pyca/pyopenssl/pull/552>`_ 16.1.0 (2016-08-26) ------------------- Deprecations: ^^^^^^^^^^^^^ - Dropped support for OpenSSL 0.9.8. Changes: ^^^^^^^^ - Fix memory leak in ``OpenSSL.crypto.dump_privatekey()`` with ``FILETYPE_TEXT``. `#496 <https://github.com/pyca/pyopenssl/pull/496>`_ - Enable use of CRL (and more) in verify context. `#483 <https://github.com/pyca/pyopenssl/pull/483>`_ - ``OpenSSL.crypto.PKey`` can now be constructed from ``cryptography`` objects and also exported as such. `#439 <https://github.com/pyca/pyopenssl/pull/439>`_ - Support newer versions of ``cryptography`` which use opaque structs for OpenSSL 1.1.0 compatibility.
Revision 1.12 / (download) - annotate - [select for diffs], Wed Apr 20 16:05:57 2016 UTC (7 years, 7 months ago) by leot
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base,
pkgsrc-2016Q4,
pkgsrc-2016Q3-base,
pkgsrc-2016Q3,
pkgsrc-2016Q2-base,
pkgsrc-2016Q2
Changes since 1.11: +5 -5
lines
Diff to previous 1.11 (colored)
Update security/py-OpenSSL to 16.0.0. Changes: 16.0.0 (2016-03-19) ------------------- This is the first release under full stewardship of PyCA. We have made *many* changes to make local development more pleasing. The test suite now passes both on Linux and OS X with OpenSSL 0.9.8, 1.0.1, and 1.0.2. It has been moved to `py.test <https://pytest.org/>`_, all CI test runs are part of `tox <https://testrun.org/tox/>`_ and the source code has been made fully `flake8 <https://flake8.readthedocs.org/>`_ compliant. We hope to have lowered the barrier for contributions significantly but are open to hear about any remaining frustrations. Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Python 3.2 support has been dropped. It never had significant real world usage and has been dropped by our main dependency ``cryptography``. Affected users should upgrade to Python 3.3 or later. Deprecations: ^^^^^^^^^^^^^ - The support for EGD has been removed. The only affected function ``OpenSSL.rand.egd()`` now uses ``os.urandom()`` to seed the internal PRNG instead. Please see `pyca/cryptography#1636 <https://github.com/pyca/cryptography/pull/1636>`_ for more background information on this decision. In accordance with our backward compatibility policy ``OpenSSL.rand.egd()`` will be *removed* no sooner than a year from the release of 16.0.0. Please note that you should `use urandom <http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/>`_ for all your secure random number needs. - Python 2.6 support has been deprecated. Our main dependency ``cryptography`` deprecated 2.6 in version 0.9 (2015-05-14) with no time table for actually dropping it. pyOpenSSL will drop Python 2.6 support once ``cryptography`` does. Changes: ^^^^^^^^ - Fixed ``OpenSSL.SSL.Context.set_session_id``, ``OpenSSL.SSL.Connection.renegotiate``, ``OpenSSL.SSL.Connection.renegotiate_pending``, and ``OpenSSL.SSL.Context.load_client_ca``. They were lacking an implementation since 0.14. `#422 <https://github.com/pyca/pyopenssl/pull/422>`_ - Fixed segmentation fault when using keys larger than 4096-bit to sign data. `#428 <https://github.com/pyca/pyopenssl/pull/428>`_ - Fixed ``AttributeError`` when ``OpenSSL.SSL.Connection.get_app_data()`` was called before setting any app data. `#304 <https://github.com/pyca/pyopenssl/pull/304>`_ - Added ``OpenSSL.crypto.dump_publickey()`` to dump ``OpenSSL.crypto.PKey`` objects that represent public keys, and ``OpenSSL.crypto.load_publickey()`` to load such objects from serialized representations. `#382 <https://github.com/pyca/pyopenssl/pull/382>`_ - Added ``OpenSSL.crypto.dump_crl()`` to dump a certificate revocation list out to a string buffer. `#368 <https://github.com/pyca/pyopenssl/pull/368>`_ - Added ``OpenSSL.SSL.Connection.get_state_string()`` using the OpenSSL binding ``state_string_long``. `#358 <https://github.com/pyca/pyopenssl/pull/358>`_ - Added support for the ``socket.MSG_PEEK`` flag to ``OpenSSL.SSL.Connection.recv()`` and ``OpenSSL.SSL.Connection.recv_into()``. `#294 <https://github.com/pyca/pyopenssl/pull/294>`_ - Added ``OpenSSL.SSL.Connection.get_protocol_version()`` and ``OpenSSL.SSL.Connection.get_protocol_version_name()``. `#244 <https://github.com/pyca/pyopenssl/pull/244>`_ - Switched to ``utf8string`` mask by default. OpenSSL formerly defaulted to a ``T61String`` if there were UTF-8 characters present. This was changed to default to ``UTF8String`` in the config around 2005, but the actual code didn't change it until late last year. This will default us to the setting that actually works. To revert this you can call ``OpenSSL.crypto._lib.ASN1_STRING_set_default_mask_asc(b"default")``. `#234 <https://github.com/pyca/pyopenssl/pull/234>`_
Revision 1.11 / (download) - annotate - [select for diffs], Wed Nov 4 01:18:03 2015 UTC (8 years ago) by agc
Branch: MAIN
CVS Tags: pkgsrc-2016Q1-base,
pkgsrc-2016Q1,
pkgsrc-2015Q4-base,
pkgsrc-2015Q4
Changes since 1.10: +2 -1
lines
Diff to previous 1.10 (colored)
Add SHA512 digests for distfiles for security category Problems found locating distfiles: Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz Package libidea: missing distfile libidea-0.8.2b.tar.gz Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2 Package uvscan: missing distfile vlp4510e.tar.Z Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail.
Revision 1.10 / (download) - annotate - [select for diffs], Sun Aug 23 10:10:26 2015 UTC (8 years, 3 months ago) by leot
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base,
pkgsrc-2015Q3
Changes since 1.9: +4 -4
lines
Diff to previous 1.9 (colored)
Update security/py-OpenSSL to py-OpenSSL-0.15.1. pkgsrc changes: * Update HOMEPAGE Changes: 0.15.1: * OpenSSL/SSL.py, OpenSSL/test/test_ssl.py: Fix a regression present in 0.15, where when an error occurs and no errno() is set, a KeyError is raised. This happens, for example, if Connection.shutdown() is called when the underlying transport has gone away. 0.15: * OpenSSL/rand.py, OpenSSL/SSL.py: APIs which previously accepted filenames only as bytes now accept them as either bytes or unicode (and respect sys.getfilesystemencoding()). * OpenSSL/SSL.py: Add Cory Benfield's next-protocol-negotiation (NPN) bindings. * OpenSSL/SSL.py: Add ``Connection.recv_into``, mirroring the builtin ``socket.recv_into``. Based on work from Cory Benfield. * OpenSSL/test/test_ssl.py: Add tests for ``recv_into``. * OpenSSL/crypto.py: Expose ``X509StoreContext`` for verifying certificates. * OpenSSL/test/test_crypto.py: Add intermediate certificates for * OpenSSL/SSL.py: ``Connection.shutdown`` now propagates errors from the underlying socket. * OpenSSL/SSL.py: Fixed a regression ``Context.check_privatekey`` causing it to always succeed - even if it should fail. * OpenSSL/crypto.py: Fixed a regression where calling ``load_pkcs7_data`` with ``FILETYPE_ASN1`` would fail with a ``NameError``. * OpenSSL/SSL.py: Fix a regression in which the first argument of the "verify" callback was incorrectly passed a ``Context`` instance instead of the ``Connection`` instance. * OpenSSL/test/test_ssl.py: Add a test for the value passed as the first argument of the "verify" callback. * OpenSSL/crypto.py: Based on work from Alex Gaynor, Andrew Lutomirski, Tobias Oberstein, Laurens Van Houtven, and Hynek Schlawack, add ``get_elliptic_curve`` and ``get_elliptic_curves`` to support TLS ECDHE modes. * OpenSSL/SSL.py: Add ``Context.set_tmp_ecdh`` to configure a TLS context with a particular elliptic curve for ECDHE modes. * OpenSSL/SSL.py: ``Connection.send`` and ``Connection.sendall`` now also accept the ``buffer`` type as data. * OpenSSL/crypto.py: Make ``load_pkcs12`` backwards compatible with pyOpenSSL 0.13 by making passphrase optional. * OpenSSL/SSL.py: Add ``get_finished``, ``get_peer_finished`` methods to ``Connection``. If you use these methods to implement TLS channel binding (RFC 5929) disable session resumption because triple handshake attacks against TLS. <https://www.ietf.org/mail-archive/web/tls/current/msg11337.html> <https://secure-resumption.com/tlsauth.pdf> * OpenSSL/SSL.py: Add ``get_cipher_name``, ``get_cipher_bits``, and ``get_cipher_version`` to ``Connection``. * OpenSSL/tsafe.py: Replace the use of ``apply`` (which has been removed in Python 3) with the equivalent syntax. * OpenSSL/crypto.py: Fix memory leak in _X509_REVOKED_dup. * leakcheck/crypto.py: Add checks for _X509_REVOKED_dup, CRL.add_revoked and CRL.get_revoked. * setup.py: Require cryptography 0.3 to have the ASN1_TIME_free binding. * OpenSSL/crypto.py: Add ``get_extensions`` method to ``X509Req``.
Revision 1.9 / (download) - annotate - [select for diffs], Mon Feb 24 11:47:03 2014 UTC (9 years, 9 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base,
pkgsrc-2015Q2,
pkgsrc-2015Q1-base,
pkgsrc-2015Q1,
pkgsrc-2014Q4-base,
pkgsrc-2014Q4,
pkgsrc-2014Q3-base,
pkgsrc-2014Q3,
pkgsrc-2014Q2-base,
pkgsrc-2014Q2,
pkgsrc-2014Q1-base,
pkgsrc-2014Q1
Changes since 1.8: +4 -4
lines
Diff to previous 1.8 (colored)
Update to 0.14: 2014-01-09 Jean-Paul Calderone <exarkun@twistedmatrix.com> * OpenSSL: Port to the cffi-based OpenSSL bindings provided by <https://github.com/pyca/cryptography> 2013-10-06 Jean-Paul Calderone <exarkun@twistedmatrix.com> * OpenSSL/ssl/context.c: Add support for negotiating TLS v1.1 or v1.2. 2013-10-03 Christian Heimes <christian@python.org> * OpenSSL/crypto/x509.c: Fix an inconsistency in memory management in X509.get_serial_number which leads to crashes on some runtimes (certain Windows/Python 3.3 environments, at least).
Revision 1.8 / (download) - annotate - [select for diffs], Mon Sep 9 17:49:08 2013 UTC (10 years, 2 months ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base,
pkgsrc-2013Q4,
pkgsrc-2013Q3-base,
pkgsrc-2013Q3
Changes since 1.7: +4 -4
lines
Diff to previous 1.7 (colored)
update to 0.13.1 This fixes a hostname check bypassing vulnerability (truncation on NULL-bytes, as seen in other implementations) (CVE-2013-4314)
Revision 1.7 / (download) - annotate - [select for diffs], Sat Feb 18 20:40:40 2012 UTC (11 years, 9 months ago) by gls
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base,
pkgsrc-2013Q2,
pkgsrc-2013Q1-base,
pkgsrc-2013Q1,
pkgsrc-2012Q4-base,
pkgsrc-2012Q4,
pkgsrc-2012Q3-base,
pkgsrc-2012Q3,
pkgsrc-2012Q2-base,
pkgsrc-2012Q2,
pkgsrc-2012Q1-base,
pkgsrc-2012Q1
Changes since 1.6: +4 -4
lines
Diff to previous 1.6 (colored)
Update security/py-OpenSSL to 0.13.
Upstream changes:
2011-09-02 Jean-Paul Calderone <exarkun@twistedmatrix.com>
* Release 0.13
2011-06-12 Jean-Paul Calderone <exarkun@twistedmatrix.com>
* OpenSSL/crypto/pkey.c: Add the PKey.check method, mostly
implemented by Rick Dean, to verify the internal consistency of a
PKey instance.
2011-06-12 Jean-Paul Calderone <exarkun@twistedmatrix.com>
* OpenSSL/crypto/crypto.c: Fix the sign and verify functions so
they handle data with embedded NULs. Fix by David Brodsky
<lp:~lihalla>.
2011-05-20 Jean-Paul Calderone <exarkun@twistedmatrix.com>
* OpenSSL/ssl/connection.c, OpenSSL/test/test_ssl.py: Add a new
method to the Connection type, get_peer_cert_chain, for retrieving
the peer's certificate chain.
2011-05-19 Jean-Paul Calderone <exarkun@twistedmatrix.com>
* OpenSSL/crypto/x509.c, OpenSSL/test/test_crypto.py: Add a new
method to the X509 type, get_signature_algorithm, for inspecting
the signature algorithm field of the certificate. Based on a
patch from <lp:~okuda>.
2011-05-10 Jean-Paul Calderone <exarkun@twistedmatrix.com>
* OpenSSL/crypto/crypto.h: Work around a Windows/OpenSSL 1.0 issue
explicitly including a Windows header before any OpenSSL headers.
* OpenSSL/crypto/pkcs12.c: Work around an OpenSSL 1.0 issue by
explicitly flushing errors known to be uninteresting after calling
PKCS12_parse.
* OpenSSL/ssl/context.c: Remove SSLv2 support if the underlying
OpenSSL library does not provide it.
* OpenSSL/test/test_crypto.py: Support an OpenSSL 1.0 change from
MD5 to SHA1 by allowing either hash algorithm's result as the
return value of X509.subject_name_hash.
* OpenSSL/test/test_ssl.py: Support an OpenSSL 1.0 change from MD5
to SHA1 by constructing certificate files named using both hash
algorithms' results when testing Context.load_verify_locations.
* Support OpenSSL 1.0.0a.
2011-04-15 Jean-Paul Calderone <exarkun@twistedmatrix.com>
* OpenSSL/ssl/ssl.c: Add OPENSSL_VERSION_NUMBER, SSLeay_version
and related constants for retrieving version information about the
underlying OpenSSL library.
Revision 1.6 / (download) - annotate - [select for diffs], Fri May 20 11:05:33 2011 UTC (12 years, 6 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2011Q4-base,
pkgsrc-2011Q4,
pkgsrc-2011Q3-base,
pkgsrc-2011Q3,
pkgsrc-2011Q2-base,
pkgsrc-2011Q2
Changes since 1.5: +4 -4
lines
Diff to previous 1.5 (colored)
Changes 0.12: * OpenSSL/crypto/x509.c: Add get_extension_count and get_extension to the X509 type, allowing read access to certificate extensions. * OpenSSL/crypto/x509ext.c: Add get_short_name and get_data to the X509Extension type, allowing read access to the contents of an extension. * OpenSSL/ssl/ssl.c: Expose a number of symbolic constants for values passed to the connection "info" callback. * OpenSSL/ssl/connection.py: Add support for new-style buffers (primarily memoryviews) to Connection.send and Connection.sendall.
Revision 1.5 / (download) - annotate - [select for diffs], Mon Jul 19 16:46:48 2010 UTC (13 years, 4 months ago) by ver
Branch: MAIN
CVS Tags: pkgsrc-2011Q1-base,
pkgsrc-2011Q1,
pkgsrc-2010Q4-base,
pkgsrc-2010Q4,
pkgsrc-2010Q3-base,
pkgsrc-2010Q3
Changes since 1.4: +4 -4
lines
Diff to previous 1.4 (colored)
Upgrade py-OpenSSL to 0.10 from 0.7 for feature enhancements.
Revision 1.4 / (download) - annotate - [select for diffs], Thu Aug 21 10:29:32 2008 UTC (15 years, 3 months ago) by tonnerre
Branch: MAIN
CVS Tags: pkgsrc-2010Q2-base,
pkgsrc-2010Q2,
pkgsrc-2010Q1-base,
pkgsrc-2010Q1,
pkgsrc-2009Q4-base,
pkgsrc-2009Q4,
pkgsrc-2009Q3-base,
pkgsrc-2009Q3,
pkgsrc-2009Q2-base,
pkgsrc-2009Q2,
pkgsrc-2009Q1-base,
pkgsrc-2009Q1,
pkgsrc-2008Q4-base,
pkgsrc-2008Q4,
pkgsrc-2008Q3-base,
pkgsrc-2008Q3,
cube-native-xorg-base,
cube-native-xorg
Changes since 1.3: +4 -4
lines
Diff to previous 1.3 (colored)
Push new Python OpenSSL module. Changes since version 0.6: - Removed some unused variables. - Improved Python 2.3 compatibility. - Fixed various threading bugs. - Some improvements in the test suite.
Revision 1.3 / (download) - annotate - [select for diffs], Thu Feb 24 13:10:12 2005 UTC (18 years, 9 months ago) by agc
Branch: MAIN
CVS Tags: pkgsrc-2008Q2-base,
pkgsrc-2008Q2,
pkgsrc-2008Q1-base,
pkgsrc-2008Q1,
pkgsrc-2007Q4-base,
pkgsrc-2007Q4,
pkgsrc-2007Q3-base,
pkgsrc-2007Q3,
pkgsrc-2007Q2-base,
pkgsrc-2007Q2,
pkgsrc-2007Q1-base,
pkgsrc-2007Q1,
pkgsrc-2006Q4-base,
pkgsrc-2006Q4,
pkgsrc-2006Q3-base,
pkgsrc-2006Q3,
pkgsrc-2006Q2-base,
pkgsrc-2006Q2,
pkgsrc-2006Q1-base,
pkgsrc-2006Q1,
pkgsrc-2005Q4-base,
pkgsrc-2005Q4,
pkgsrc-2005Q3-base,
pkgsrc-2005Q3,
pkgsrc-2005Q2-base,
pkgsrc-2005Q2,
pkgsrc-2005Q1-base,
pkgsrc-2005Q1,
cwrapper
Changes since 1.2: +2 -1
lines
Diff to previous 1.2 (colored)
Add RMD160 digests.
Revision 1.2 / (download) - annotate - [select for diffs], Mon Dec 27 23:35:54 2004 UTC (18 years, 11 months ago) by minskim
Branch: MAIN
Changes since 1.1: +3 -3
lines
Diff to previous 1.1 (colored)
Update py-OpenSSL to 0.6. Patch provided by Rui Paulo. Changes: * doc/pyOpenSSL.tex: Updates to the docs. * src/crypto/x509.c: Add X509.add_extensions based on a patch from Han S. Lee. * src/ssl/ssl.c: Add more SSL_OP_ constants. Patch from Mihai Ibanescu. * setup.py src/crypto/: Add support for Netscape SPKI extensions based on a patch from Tollef Fog Heen. * src/crypto/crypto.c: Add support for python passphrase callbacks based on a patch from Robert Olson. * src/ssl/context.c: Applied patch from Frederic Peters to add Context.use_certificate_chain_file. * src/crypto/x509.c: Applid patch from Tollef Fog Heen to add X509.subject_name_hash and X509.digest. * src/crypto/crypto.c src/ssl/ssl.c: Applied patch from Bastian Kleineidam to fix full names of exceptions. * doc/pyOpenSSL.tex: Fix the errors regarding X509Name's field names. * examples/certgen.py: Fixed wrong attributes in doc string, thanks Remy. (SFbug#913315) * __init__.py, setup.py, version.py: Add __version__, as suggested by Ronald Oussoren in SFbug#888729. * examples/proxy.py: Fix typos, thanks Mihai Ibanescu. (SFpatch#895820) * Use cyclic GC protocol in SSL.Connection, SSL.Context, crypto.PKCS12 and crypto.X509Name. * tsafe.py: Add some missing methods. * __init__.py: Import tsafe too! * src/crypto/x509name.c: Use unicode strings instead of ordinary strings in getattr/setattr. Note that plain ascii strings should still work.
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Thu Feb 19 01:18:52 2004 UTC (19 years, 9 months ago) by minskim
Branch: TNF
CVS Tags: pkgsrc-base,
pkgsrc-2004Q4-base,
pkgsrc-2004Q4,
pkgsrc-2004Q3-base,
pkgsrc-2004Q3,
pkgsrc-2004Q2-base,
pkgsrc-2004Q2,
pkgsrc-2004Q1-base,
pkgsrc-2004Q1
Changes since 1.1: +0 -0
lines
Diff to previous 1.1 (colored)
Import py-OpenSSL from pkgsrc-wip. Packaged by mjasm at users dot sourceforge dot net, cleaned by cjep@, and modified by me. pyOpenSSL is a Python module that is a rather think wrapper around (a subset of) the OpenSSL library. A lot of the object methods do nothing more than call a corresponding function in the OpenSSL library.
Revision 1.1 / (download) - annotate - [select for diffs], Thu Feb 19 01:18:52 2004 UTC (19 years, 9 months ago) by minskim
Branch: MAIN
Initial revision