- fixed build deps.
- drop patches: openssl-1.1.0i.patch
openssl-1.1.1.patch
opensuse_ca.patch
tls13-renegotiation.patch
* X509Store.add_cert no longer raises an error if you add a duplicate cert.
* pyOpenSSL now works with OpenSSL 1.1.1.
* pyOpenSSL now handles NUL bytes in X509Name.get_components()
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=58
- update to 17.2.0:
- Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead.
- Fixed a bug causing ``Context.set_default_verify_paths()`` to not work with
cryptography ``manylinux1`` wheels on Python 3.x.
- Fixed a crash with (EC)DSA signatures in some cases.
- Removed the deprecated ``OpenSSL.rand.egd()`` function.
Applications should prefer ``os.urandom()`` for random number generation.
- Removed the deprecated default ``digest`` argument to ``OpenSSL.crypto.CRL.export()``.
Callers must now always pass an explicit ``digest``.
- Fixed a bug with ``ASN1_TIME`` casting in ``X509.set_notBefore()``,
``X509.set_notAfter()``, ``Revoked.set_rev_date()``, ``Revoked.set_nextUpdate()``,
and ``Revoked.set_lastUpdate()``. You must now pass times in the form
``YYYYMMDDhhmmssZ``. ``YYYYMMDDhhmmss+hhmm`` and ``YYYYMMDDhhmmss-hhmm``
will no longer work. `#612 <https://github.com/pyca/pyopenssl/pull/612>`_
- Deprecated the legacy "Type" aliases: ``ContextType``, ``ConnectionType``,
``PKeyType``, ``X509NameType``, ``X509ExtensionType``, ``X509ReqType``,
``X509Type``, ``X509StoreType``, ``CRLType``, ``PKCS7Type``, ``PKCS12Type``,
``NetscapeSPKIType``.
The names without the "Type"-suffix should be used instead.
- Added ``OpenSSL.crypto.X509.from_cryptography()`` and ``OpenSSL.crypto.X509.to_cryptography()``
for converting X.509 certificate to and from pyca/cryptography objects.
- Added ``OpenSSL.crypto.X509Req.from_cryptography()``, ``OpenSSL.crypto.X509Req.to_cryptography()``,
``OpenSSL.crypto.CRL.from_cryptography()``, and ``OpenSSL.crypto.CRL.to_cryptography()``
for converting X.509 CSRs and CRLs to and from pyca/cryptography objects.
- Added ``OpenSSL.debug`` that allows to get an overview of used library versions
(including linked OpenSSL) and other useful runtime information using
``python -m OpenSSL.debug``.
- Added a fallback path to ``Context.set_default_verify_paths()`` to accommodate
the upcoming release of ``cryptography`` ``manylinux1`` wheels.
- Drop python-pyOpenSSL=replace-expired-cert.patch . Applied upstream.
OBS-URL: https://build.opensuse.org/request/show/518329
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=42
- update to 16.0.0
Backward-incompatible changes:
* Python 3.2 support has been dropped. It never had significant real world
usage and has been dropped by our main dependency cryptography. Affected
users should upgrade to Python 3.3 or later.
Deprecations:
* The support for EGD has been removed. The only affected function
OpenSSL.rand.egd() now uses os.urandom() to seed the internal PRNG instead.
Please see pyca/cryptography#1636 for more background information on this
decision. In accordance with our backward compatibility policy
OpenSSL.rand.egd() will be removed no sooner than a year from the release of
16.0.0.
* Please note that you should use urandom for all your secure random number
needs.
* Python 2.6 support has been deprecated. Our main dependency cryptography
deprecated 2.6 in version 0.9 (2015-05-14) with no time table for actually
dropping it. pyOpenSSL will drop Python 2.6 support once cryptography does.
Changes:
* Fixed OpenSSL.SSL.Context.set_session_id, OpenSSL.SSL.Connection.renegotiate,
OpenSSL.SSL.Connection.renegotiate_pending, and
OpenSSL.SSL.Context.load_client_ca. They were lacking an implementation since
0.14. #422
* Fixed segmentation fault when using keys larger than 4096-bit to sign data.
#428
* Fixed AttributeError when OpenSSL.SSL.Connection.get_app_data() was called
before setting any app data. #304
* Added OpenSSL.crypto.dump_publickey() to dump OpenSSL.crypto.PKey objects
that represent public keys, and OpenSSL.crypto.load_publickey() to load such
objects from serialized representations. #382
* Added OpenSSL.crypto.dump_crl() to dump a certificate revocation list out to
OBS-URL: https://build.opensuse.org/request/show/394332
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=33
- udapte to 0.15.1
* OpenSSL/SSL.py, OpenSSL/test/test_ssl.py: Fix a regression
present in 0.15, where when an error occurs and no errno() is set,
a KeyError is raised. This happens, for example, if
Connection.shutdown() is called when the underlying transport has
gone away.
* OpenSSL/rand.py, OpenSSL/SSL.py: APIs which previously accepted
filenames only as bytes now accept them as either bytes or
unicode (and respect sys.getfilesystemencoding()).
* OpenSSL/SSL.py: Add Cory Benfield's next-protocol-negotiation
(NPN) bindings.
* OpenSSL/SSL.py: Add ``Connection.recv_into``, mirroring the
builtin ``socket.recv_into``. Based on work from Cory Benfield.
* OpenSSL/test/test_ssl.py: Add tests for ``recv_into``.
* OpenSSL/crypto.py: Expose ``X509StoreContext`` for verifying certificates.
* OpenSSL/test/test_crypto.py: Add intermediate certificates for
* OpenSSL/SSL.py: ``Connection.shutdown`` now propagates errors from the
underlying socket.
* OpenSSL/SSL.py: Fixed a regression ``Context.check_privatekey``
causing it to always succeed - even if it should fail.
* OpenSSL/crypto.py: Fixed a regression where calling ``load_pkcs7_data``
with ``FILETYPE_ASN1`` would fail with a ``NameError``.
* OpenSSL/SSL.py: Fix a regression in which the first argument of
- Do not hardcode version in file list
OBS-URL: https://build.opensuse.org/request/show/298537
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=31
