- update to 1.1:
* Added support for Elliptic Curve Diffie-Hellman with
:class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDH`.
* Added :class:`~cryptography.hazmat.primitives.kdf.x963kdf.X963KDF`.
* Added support for parsing certificate revocation lists (CRLs) using
:func:`~cryptography.x509.load_pem_x509_crl` and
:func:`~cryptography.x509.load_der_x509_crl`.
* Add support for AES key wrapping with
:func:`~cryptography.hazmat.primitives.keywrap.aes_key_wrap` and
:func:`~cryptography.hazmat.primitives.keywrap.aes_key_unwrap`.
* Added a ``__hash__`` method to :class:`~cryptography.x509.Name`.
* Add support for encoding and decoding elliptic curve points to a byte string
form using
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.encode_point`
and
:meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.from_encoded_point`.
* Added :meth:`~cryptography.x509.Extensions.get_extension_for_class`.
* :class:`~cryptography.x509.CertificatePolicies` are now supported in the
:class:`~cryptography.x509.CertificateBuilder`.
* ``countryName`` is now encoded as a ``PrintableString`` when creating subject
and issuer distinguished names with the Certificate and CSR builder classes.
* **SECURITY ISSUE**: The OpenSSL backend prior to 1.0.2 made extensive use
of assertions to check response codes where our tests could not trigger a
failure. However, when Python is run with ``-O`` these asserts are optimized
away. If a user ran Python with this flag and got an invalid response code
this could result in undefined behavior or worse. Accordingly, all response
checks from the OpenSSL backend have been converted from ``assert``
to a true function call. Credit **Emilia Käsper (Google Security Team)**
for the report.
* We now ship OS X wheels that statically link OpenSSL by default. When
OBS-URL: https://build.opensuse.org/request/show/343324
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-cryptography?expand=0&rev=23
