* Dropped support for Python 3.6.
* The minimum ``cryptography`` version is now 41.0.5.
* Removed ``OpenSSL.crypto.loads_pkcs7`` and
``OpenSSL.crypto.loads_pkcs12`` which had been deprecated for
3 years.
* Added ``OpenSSL.SSL.OP_LEGACY_SERVER_CONNECT`` to allow
legacy insecure renegotiation between OpenSSL and unpatched
servers.
* Deprecated ``OpenSSL.crypto.PKCS12`` (which was intended to
have been deprecated at the same time as
``OpenSSL.crypto.load_pkcs12``).
* Deprecated ``OpenSSL.crypto.NetscapeSPKI``.
* Deprecated ``OpenSSL.crypto.CRL``
* Deprecated ``OpenSSL.crypto.Revoked``
* Deprecated ``OpenSSL.crypto.load_crl`` and
``OpenSSL.crypto.dump_crl``
* Deprecated ``OpenSSL.crypto.sign`` and
``OpenSSL.crypto.verify``
* Deprecated ``OpenSSL.crypto.X509Extension``
* Changed ``OpenSSL.crypto.X509Store.add_crl`` to also accept
* ``cryptography``'s ``x509.CertificateRevocationList``
arguments in addition
* to the now deprecated ``OpenSSL.crypto.CRL`` arguments.
* Fixed ``test_set_default_verify_paths`` test so that it is
skipped if no network connection is available.
- Inject multibuild to avoid a build loop.
python-pyOpenSSL-always-overflow.patch
- fixed doc generation
-Add bug-lp-1265482.diff; fix testsuite for SLE11 (bnc#855666)
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=108
* Remove support for SSLv2 and SSLv3.
* The minimum ``cryptography`` version is now 37.0.2.
* The ``OpenSSL.crypto.X509StoreContextError`` exception has been refactored,
changing its internal attributes.
* Add ``OpenSSL.SSL.Connection.set_verify`` and ``OpenSSL.SSL.Connection.get_verify_mode``
to override the context object's verification flags.
* Add ``OpenSSL.SSL.Connection.use_certificate`` and
``OpenSSL.SSL.Connection.use_privatekey``
to set a certificate per connection (and not just per context)
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=95
- The minimum ``cryptography`` version is now 3.3.
- Drop support for Python 3.5
- Raise an error when an invalid ALPN value is set.
- Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version``
- Updated ``to_cryptography`` and ``from_cryptography`` methods to support an
upcoming release of ``cryptography`` without raising deprecation warnings.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=83
- Update to v20.0.0
- Backward-incompatible changes:
- The minimum cryptography version is now 3.2.
- Remove deprecated OpenSSL.tsafe module.
- Removed deprecated
OpenSSL.SSL.Context.set_npn_advertise_callback,
OpenSSL.SSL.Context.set_npn_select_callback, and
OpenSSL.SSL.Connection.get_next_proto_negotiated.
- Drop support for Python 3.4
- Drop support for OpenSSL 1.0.1 and 1.0.2
- Deprecations:
- Deprecated OpenSSL.crypto.loads_pkcs7 and
OpenSSL.crypto.loads_pkcs12.
- Changes:
- Added a new optional chain parameter to
OpenSSL.crypto.X509StoreContext() where additional untrusted
certificates can be specified to help chain building. #948
- Added OpenSSL.crypto.X509Store.load_locations to set trusted
certificate file bundles and/or directories for verification.
#943
- Added Context.set_keylog_callback to log key material. #910
- Added OpenSSL.SSL.Connection.get_verified_chain to retrieve
the verified certificate chain of the peer. #894.
- Make verification callback optional in Context.set_verify. If
omitted, OpenSSL’s default verification is used. #933
- Fixed a bug that could truncate or cause a zero-length key
error due to a null byte in private key passphrase in
OpenSSL.crypto.load_privatekey and
OpenSSL.crypto.dump_privatekey. #947
- drop patch fix-compilation-2020.patch: no longer needed
OBS-URL: https://build.opensuse.org/request/show/854315
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=72
- Update to v19.1
* Removed deprecated aliases ContextType, ConnectionType, PKeyType, X509NameType,
X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, and NetscapeSPKIType.
Use the classes without the ``Type`` suffix instead.
* The minimum ``cryptography`` version is now 2.8
* Deprecated ``OpenSSL.SSL.Context.set_npn_advertise_callback,
OpenSSL.SSL.Context.set_npn_select_callback, and
OpenSSL.SSL.Connection.get_next_proto_negotiated
ALPN should be used instead.
* Support bytearray in SSL.Connection.send() by using cffi's from_buffer
* The OpenSSL.SSL.Context.set_alpn_select_callback can return a new
NO_OVERLAPPING_PROTOCOLS sentinel value to allow a TLS handshake
to complete without an application protocol.
OBS-URL: https://build.opensuse.org/request/show/775308
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=69
- fixed build deps.
- drop patches: openssl-1.1.0i.patch
openssl-1.1.1.patch
opensuse_ca.patch
tls13-renegotiation.patch
* X509Store.add_cert no longer raises an error if you add a duplicate cert.
* pyOpenSSL now works with OpenSSL 1.1.1.
* pyOpenSSL now handles NUL bytes in X509Name.get_components()
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=58
- update to 17.2.0:
- Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead.
- Fixed a bug causing ``Context.set_default_verify_paths()`` to not work with
cryptography ``manylinux1`` wheels on Python 3.x.
- Fixed a crash with (EC)DSA signatures in some cases.
- Removed the deprecated ``OpenSSL.rand.egd()`` function.
Applications should prefer ``os.urandom()`` for random number generation.
- Removed the deprecated default ``digest`` argument to ``OpenSSL.crypto.CRL.export()``.
Callers must now always pass an explicit ``digest``.
- Fixed a bug with ``ASN1_TIME`` casting in ``X509.set_notBefore()``,
``X509.set_notAfter()``, ``Revoked.set_rev_date()``, ``Revoked.set_nextUpdate()``,
and ``Revoked.set_lastUpdate()``. You must now pass times in the form
``YYYYMMDDhhmmssZ``. ``YYYYMMDDhhmmss+hhmm`` and ``YYYYMMDDhhmmss-hhmm``
will no longer work. `#612 <https://github.com/pyca/pyopenssl/pull/612>`_
- Deprecated the legacy "Type" aliases: ``ContextType``, ``ConnectionType``,
``PKeyType``, ``X509NameType``, ``X509ExtensionType``, ``X509ReqType``,
``X509Type``, ``X509StoreType``, ``CRLType``, ``PKCS7Type``, ``PKCS12Type``,
``NetscapeSPKIType``.
The names without the "Type"-suffix should be used instead.
- Added ``OpenSSL.crypto.X509.from_cryptography()`` and ``OpenSSL.crypto.X509.to_cryptography()``
for converting X.509 certificate to and from pyca/cryptography objects.
- Added ``OpenSSL.crypto.X509Req.from_cryptography()``, ``OpenSSL.crypto.X509Req.to_cryptography()``,
``OpenSSL.crypto.CRL.from_cryptography()``, and ``OpenSSL.crypto.CRL.to_cryptography()``
for converting X.509 CSRs and CRLs to and from pyca/cryptography objects.
- Added ``OpenSSL.debug`` that allows to get an overview of used library versions
(including linked OpenSSL) and other useful runtime information using
``python -m OpenSSL.debug``.
- Added a fallback path to ``Context.set_default_verify_paths()`` to accommodate
the upcoming release of ``cryptography`` ``manylinux1`` wheels.
- Drop python-pyOpenSSL=replace-expired-cert.patch . Applied upstream.
OBS-URL: https://build.opensuse.org/request/show/518329
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=42
