- Switch to pyproject macros.
- Add typing-extensions to Requires for 3.11 and 3.12.
- Update to 25.0.0
* Backward-incompatible changes: -
* Deprecations: -
* Changes:
- Corrected type annotations on Context.set_alpn_select_callback,
Context.set_session_cache_mode, Context.set_options, Context.set_mode,
X509.subject_name_hash, and X509Store.load_locations.
- Deprecated APIs are now marked using warnings.deprecated. mypy will emit deprecation notices
for them when used with --enable-error-code deprecated.
- Changes from 24.3.0
* Backward-incompatible changes:
- Removed the deprecated OpenSSL.crypto.CRL, OpenSSL.crypto.Revoked, OpenSSL.crypto.dump_crl,
and OpenSSL.crypto.load_crl. cryptography.x509's CRL functionality should be used instead.
- Removed the deprecated OpenSSL.crypto.sign and OpenSSL.crypto.verify.
cryptography.hazmat.primitives.asymmetric's signature APIs should be used instead.
* Deprecations:
- Deprecated OpenSSL.rand - callers should use os.urandom() instead.
- Deprecated add_extensions and get_extensions on OpenSSL.crypto.X509Req and OpenSSL.crypto.X509.
These should have been deprecated at the same time X509Extension was. Users should use pyca/cryptography's X.509 APIs instead.
- Deprecated OpenSSL.crypto.get_elliptic_curves and OpenSSL.crypto.get_elliptic_curve,
as well as passing the reult of them to OpenSSL.SSL.Context.set_tmp_ecdh,
users should instead pass curves from cryptography.
- Deprecated passing X509 objects to OpenSSL.SSL.Context.use_certificate, OpenSSL.SSL.Connection.use_certificate,
OpenSSL.SSL.Context.add_extra_chain_cert, and OpenSSL.SSL.Context.add_client_ca, users should instead
pass cryptography.x509.Certificate instances. This is in preparation for deprecating pyOpenSSL's X509 entirely.
- Deprecated passing PKey objects to OpenSSL.SSL.Context.use_privatekey and OpenSSL.SSL.Connection.use_privatekey,
users should instead pass cryptography priate key instances. This is in preparation for deprecating pyOpenSSL's PKey entirely.
OBS-URL: https://build.opensuse.org/request/show/1243130
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-pyOpenSSL?expand=0&rev=57
* Deprecated OpenSSL.crypto.X509Req,
OpenSSL.crypto.load_certificate_request,
OpenSSL.crypto.dump_certificate_request.
Instead, cryptography.x509.CertificateSigningRequest,s
cryptography.x509.CertificateSigningRequestBuilder,s
cryptography.x509.load_der_x509_csr,s
or cryptography.x509.load_pem_x509_csr should be used.
* Added type hints for the SSL module. #1308.
* Changed OpenSSL.crypto.PKey.from_cryptography_key to accept public and private EC, ED25519, ED448 keys
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=114
- update to 23.3.0:
* Dropped support for Python 3.6.
* The minimum ``cryptography`` version is now 41.0.5.
* Removed ``OpenSSL.crypto.loads_pkcs7`` and
``OpenSSL.crypto.loads_pkcs12`` which had been deprecated for
3 years.
* Added ``OpenSSL.SSL.OP_LEGACY_SERVER_CONNECT`` to allow
legacy insecure renegotiation between OpenSSL and unpatched
servers.
* Deprecated ``OpenSSL.crypto.PKCS12`` (which was intended to
have been deprecated at the same time as
``OpenSSL.crypto.load_pkcs12``).
* Deprecated ``OpenSSL.crypto.NetscapeSPKI``.
* Deprecated ``OpenSSL.crypto.CRL``
* Deprecated ``OpenSSL.crypto.Revoked``
* Deprecated ``OpenSSL.crypto.load_crl`` and
``OpenSSL.crypto.dump_crl``
* Deprecated ``OpenSSL.crypto.sign`` and
``OpenSSL.crypto.verify``
* Deprecated ``OpenSSL.crypto.X509Extension``
* Changed ``OpenSSL.crypto.X509Store.add_crl`` to also accept
* ``cryptography``'s ``x509.CertificateRevocationList``
arguments in addition
* to the now deprecated ``OpenSSL.crypto.CRL`` arguments.
* Fixed ``test_set_default_verify_paths`` test so that it is
skipped if no network connection is available.
- Inject multibuild to avoid a build loop.
python-pyOpenSSL-always-overflow.patch
- fixed doc generation
OBS-URL: https://build.opensuse.org/request/show/1129059
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-pyOpenSSL?expand=0&rev=52
* Dropped support for Python 3.6.
* The minimum ``cryptography`` version is now 41.0.5.
* Removed ``OpenSSL.crypto.loads_pkcs7`` and
``OpenSSL.crypto.loads_pkcs12`` which had been deprecated for
3 years.
* Added ``OpenSSL.SSL.OP_LEGACY_SERVER_CONNECT`` to allow
legacy insecure renegotiation between OpenSSL and unpatched
servers.
* Deprecated ``OpenSSL.crypto.PKCS12`` (which was intended to
have been deprecated at the same time as
``OpenSSL.crypto.load_pkcs12``).
* Deprecated ``OpenSSL.crypto.NetscapeSPKI``.
* Deprecated ``OpenSSL.crypto.CRL``
* Deprecated ``OpenSSL.crypto.Revoked``
* Deprecated ``OpenSSL.crypto.load_crl`` and
``OpenSSL.crypto.dump_crl``
* Deprecated ``OpenSSL.crypto.sign`` and
``OpenSSL.crypto.verify``
* Deprecated ``OpenSSL.crypto.X509Extension``
* Changed ``OpenSSL.crypto.X509Store.add_crl`` to also accept
* ``cryptography``'s ``x509.CertificateRevocationList``
arguments in addition
* to the now deprecated ``OpenSSL.crypto.CRL`` arguments.
* Fixed ``test_set_default_verify_paths`` test so that it is
skipped if no network connection is available.
- Inject multibuild to avoid a build loop.
python-pyOpenSSL-always-overflow.patch
- fixed doc generation
-Add bug-lp-1265482.diff; fix testsuite for SLE11 (bnc#855666)
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=108
- update to 23.1.1:
* Worked around an issue in OpenSSL 3.1.0 which caused
`X509Extension.get_short_name` to raise an exception when no
short name was known to OpenSSL.
- update to 23.1.0:
* ``cryptography`` maximum version has been increased to
40.0.x.
* Add ``OpenSSL.SSL.Connection.DTLSv1_get_timeout`` and
``OpenSSL.SSL.Connection.DTLSv1_handle_timeout``
to support DTLS timeouts `#1180
OBS-URL: https://build.opensuse.org/request/show/1075038
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-pyOpenSSL?expand=0&rev=49
* Remove support for SSLv2 and SSLv3.
* The minimum ``cryptography`` version is now 37.0.2.
* The ``OpenSSL.crypto.X509StoreContextError`` exception has been refactored,
changing its internal attributes.
* Add ``OpenSSL.SSL.Connection.set_verify`` and ``OpenSSL.SSL.Connection.get_verify_mode``
to override the context object's verification flags.
* Add ``OpenSSL.SSL.Connection.use_certificate`` and
``OpenSSL.SSL.Connection.use_privatekey``
to set a certificate per connection (and not just per context)
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=95
- Add check_inv_ALPN_lists.patch checks for invalid ALPN lists
before calling OpenSSL (gh#pyca/pyopenssl#1056).
- update to 21.0.0:
- The minimum ``cryptography`` version is now 3.3.
- Drop support for Python 3.5
- Raise an error when an invalid ALPN value is set.
- Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version``
- Updated ``to_cryptography`` and ``from_cryptography`` methods to support an
upcoming release of ``cryptography`` without raising deprecation warnings.
OBS-URL: https://build.opensuse.org/request/show/928309
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-pyOpenSSL?expand=0&rev=41
- The minimum ``cryptography`` version is now 3.3.
- Drop support for Python 3.5
- Raise an error when an invalid ALPN value is set.
- Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version``
- Updated ``to_cryptography`` and ``from_cryptography`` methods to support an
upcoming release of ``cryptography`` without raising deprecation warnings.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=83
- Update to v20.0.0
- Backward-incompatible changes:
- The minimum cryptography version is now 3.2.
- Remove deprecated OpenSSL.tsafe module.
- Removed deprecated
OpenSSL.SSL.Context.set_npn_advertise_callback,
OpenSSL.SSL.Context.set_npn_select_callback, and
OpenSSL.SSL.Connection.get_next_proto_negotiated.
- Drop support for Python 3.4
- Drop support for OpenSSL 1.0.1 and 1.0.2
- Deprecations:
- Deprecated OpenSSL.crypto.loads_pkcs7 and
OpenSSL.crypto.loads_pkcs12.
- Changes:
- Added a new optional chain parameter to
OpenSSL.crypto.X509StoreContext() where additional untrusted
certificates can be specified to help chain building. #948
- Added OpenSSL.crypto.X509Store.load_locations to set trusted
certificate file bundles and/or directories for verification.
#943
- Added Context.set_keylog_callback to log key material. #910
- Added OpenSSL.SSL.Connection.get_verified_chain to retrieve
the verified certificate chain of the peer. #894.
- Make verification callback optional in Context.set_verify. If
omitted, OpenSSL’s default verification is used. #933
- Fixed a bug that could truncate or cause a zero-length key
error due to a null byte in private key passphrase in
OpenSSL.crypto.load_privatekey and
OpenSSL.crypto.dump_privatekey. #947
- drop patch fix-compilation-2020.patch: no longer needed
OBS-URL: https://build.opensuse.org/request/show/854315
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=72
- Update to v19.1
* Removed deprecated aliases ContextType, ConnectionType, PKeyType, X509NameType,
X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, and NetscapeSPKIType.
Use the classes without the ``Type`` suffix instead.
* The minimum ``cryptography`` version is now 2.8
* Deprecated ``OpenSSL.SSL.Context.set_npn_advertise_callback,
OpenSSL.SSL.Context.set_npn_select_callback, and
OpenSSL.SSL.Connection.get_next_proto_negotiated
ALPN should be used instead.
* Support bytearray in SSL.Connection.send() by using cffi's from_buffer
* The OpenSSL.SSL.Context.set_alpn_select_callback can return a new
NO_OVERLAPPING_PROTOCOLS sentinel value to allow a TLS handshake
to complete without an application protocol.
OBS-URL: https://build.opensuse.org/request/show/776233
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-pyOpenSSL?expand=0&rev=37
- Update to v19.1
* Removed deprecated aliases ContextType, ConnectionType, PKeyType, X509NameType,
X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, and NetscapeSPKIType.
Use the classes without the ``Type`` suffix instead.
* The minimum ``cryptography`` version is now 2.8
* Deprecated ``OpenSSL.SSL.Context.set_npn_advertise_callback,
OpenSSL.SSL.Context.set_npn_select_callback, and
OpenSSL.SSL.Connection.get_next_proto_negotiated
ALPN should be used instead.
* Support bytearray in SSL.Connection.send() by using cffi's from_buffer
* The OpenSSL.SSL.Context.set_alpn_select_callback can return a new
NO_OVERLAPPING_PROTOCOLS sentinel value to allow a TLS handshake
to complete without an application protocol.
OBS-URL: https://build.opensuse.org/request/show/775308
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=69
update to 19.0
- fixed build deps.
- drop patches: openssl-1.1.0i.patch
openssl-1.1.1.patch
opensuse_ca.patch
tls13-renegotiation.patch
* X509Store.add_cert no longer raises an error if you add a duplicate cert.
* pyOpenSSL now works with OpenSSL 1.1.1.
* pyOpenSSL now handles NUL bytes in X509Name.get_components()
- remove everything to build docs:
- local-intersphinx-inventories.patch
- fetch-intersphinx-inventories.sh
- python3.inv
- crypto.inv
OBS-URL: https://build.opensuse.org/request/show/680975
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-pyOpenSSL?expand=0&rev=33
- fixed build deps.
- drop patches: openssl-1.1.0i.patch
openssl-1.1.1.patch
opensuse_ca.patch
tls13-renegotiation.patch
* X509Store.add_cert no longer raises an error if you add a duplicate cert.
* pyOpenSSL now works with OpenSSL 1.1.1.
* pyOpenSSL now handles NUL bytes in X509Name.get_components()
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=58
- update to 17.2.0:
- Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead.
- Fixed a bug causing ``Context.set_default_verify_paths()`` to not work with
cryptography ``manylinux1`` wheels on Python 3.x.
- Fixed a crash with (EC)DSA signatures in some cases.
- Removed the deprecated ``OpenSSL.rand.egd()`` function.
Applications should prefer ``os.urandom()`` for random number generation.
- Removed the deprecated default ``digest`` argument to ``OpenSSL.crypto.CRL.export()``.
Callers must now always pass an explicit ``digest``.
- Fixed a bug with ``ASN1_TIME`` casting in ``X509.set_notBefore()``,
``X509.set_notAfter()``, ``Revoked.set_rev_date()``, ``Revoked.set_nextUpdate()``,
and ``Revoked.set_lastUpdate()``. You must now pass times in the form
``YYYYMMDDhhmmssZ``. ``YYYYMMDDhhmmss+hhmm`` and ``YYYYMMDDhhmmss-hhmm``
will no longer work. `#612 <https://github.com/pyca/pyopenssl/pull/612>`_
- Deprecated the legacy "Type" aliases: ``ContextType``, ``ConnectionType``,
``PKeyType``, ``X509NameType``, ``X509ExtensionType``, ``X509ReqType``,
``X509Type``, ``X509StoreType``, ``CRLType``, ``PKCS7Type``, ``PKCS12Type``,
``NetscapeSPKIType``.
The names without the "Type"-suffix should be used instead.
- Added ``OpenSSL.crypto.X509.from_cryptography()`` and ``OpenSSL.crypto.X509.to_cryptography()``
for converting X.509 certificate to and from pyca/cryptography objects.
- Added ``OpenSSL.crypto.X509Req.from_cryptography()``, ``OpenSSL.crypto.X509Req.to_cryptography()``,
``OpenSSL.crypto.CRL.from_cryptography()``, and ``OpenSSL.crypto.CRL.to_cryptography()``
for converting X.509 CSRs and CRLs to and from pyca/cryptography objects.
- Added ``OpenSSL.debug`` that allows to get an overview of used library versions
(including linked OpenSSL) and other useful runtime information using
``python -m OpenSSL.debug``.
- Added a fallback path to ``Context.set_default_verify_paths()`` to accommodate
the upcoming release of ``cryptography`` ``manylinux1`` wheels.
- Drop python-pyOpenSSL=replace-expired-cert.patch . Applied upstream.
OBS-URL: https://build.opensuse.org/request/show/527394
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-pyOpenSSL?expand=0&rev=28
- update to 17.2.0:
- Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead.
- Fixed a bug causing ``Context.set_default_verify_paths()`` to not work with
cryptography ``manylinux1`` wheels on Python 3.x.
- Fixed a crash with (EC)DSA signatures in some cases.
- Removed the deprecated ``OpenSSL.rand.egd()`` function.
Applications should prefer ``os.urandom()`` for random number generation.
- Removed the deprecated default ``digest`` argument to ``OpenSSL.crypto.CRL.export()``.
Callers must now always pass an explicit ``digest``.
- Fixed a bug with ``ASN1_TIME`` casting in ``X509.set_notBefore()``,
``X509.set_notAfter()``, ``Revoked.set_rev_date()``, ``Revoked.set_nextUpdate()``,
and ``Revoked.set_lastUpdate()``. You must now pass times in the form
``YYYYMMDDhhmmssZ``. ``YYYYMMDDhhmmss+hhmm`` and ``YYYYMMDDhhmmss-hhmm``
will no longer work. `#612 <https://github.com/pyca/pyopenssl/pull/612>`_
- Deprecated the legacy "Type" aliases: ``ContextType``, ``ConnectionType``,
``PKeyType``, ``X509NameType``, ``X509ExtensionType``, ``X509ReqType``,
``X509Type``, ``X509StoreType``, ``CRLType``, ``PKCS7Type``, ``PKCS12Type``,
``NetscapeSPKIType``.
The names without the "Type"-suffix should be used instead.
- Added ``OpenSSL.crypto.X509.from_cryptography()`` and ``OpenSSL.crypto.X509.to_cryptography()``
for converting X.509 certificate to and from pyca/cryptography objects.
- Added ``OpenSSL.crypto.X509Req.from_cryptography()``, ``OpenSSL.crypto.X509Req.to_cryptography()``,
``OpenSSL.crypto.CRL.from_cryptography()``, and ``OpenSSL.crypto.CRL.to_cryptography()``
for converting X.509 CSRs and CRLs to and from pyca/cryptography objects.
- Added ``OpenSSL.debug`` that allows to get an overview of used library versions
(including linked OpenSSL) and other useful runtime information using
``python -m OpenSSL.debug``.
- Added a fallback path to ``Context.set_default_verify_paths()`` to accommodate
the upcoming release of ``cryptography`` ``manylinux1`` wheels.
- Drop python-pyOpenSSL=replace-expired-cert.patch . Applied upstream.
OBS-URL: https://build.opensuse.org/request/show/518329
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=42
- fix source url
- Change source url to pypi.io
* version 16.2.0 source tarball failed to download from pypi.python.org
- Update to 16.2.0
* Deprecations
** Dropped support for OpenSSL 0.9.8.
* Changes
** Fix memory leak in OpenSSL.crypto.dump_privatekey() with FILETYPE_TEXT. #496
** Enable use of CRL (and more) in verify context. #483
** OpenSSL.crypto.PKey can now be constructed from cryptography objects and also
exported as such. #439
** Support newer versions of cryptography which use opaque structs for OpenSSL
1.1.0 compatibility.
** Fixed compatibility errors with OpenSSL 1.1.0.
** Fixed an issue that caused failures with subinterpreters and embedded Pythons.
#552
OBS-URL: https://build.opensuse.org/request/show/440553
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-pyOpenSSL?expand=0&rev=24
- update to 16.0.0
Backward-incompatible changes:
* Python 3.2 support has been dropped. It never had significant real world
usage and has been dropped by our main dependency cryptography. Affected
users should upgrade to Python 3.3 or later.
Deprecations:
* The support for EGD has been removed. The only affected function
OpenSSL.rand.egd() now uses os.urandom() to seed the internal PRNG instead.
Please see pyca/cryptography#1636 for more background information on this
decision. In accordance with our backward compatibility policy
OpenSSL.rand.egd() will be removed no sooner than a year from the release of
16.0.0.
* Please note that you should use urandom for all your secure random number
needs.
* Python 2.6 support has been deprecated. Our main dependency cryptography
deprecated 2.6 in version 0.9 (2015-05-14) with no time table for actually
dropping it. pyOpenSSL will drop Python 2.6 support once cryptography does.
Changes:
* Fixed OpenSSL.SSL.Context.set_session_id, OpenSSL.SSL.Connection.renegotiate,
OpenSSL.SSL.Connection.renegotiate_pending, and
OpenSSL.SSL.Context.load_client_ca. They were lacking an implementation since
0.14. #422
* Fixed segmentation fault when using keys larger than 4096-bit to sign data.
#428
* Fixed AttributeError when OpenSSL.SSL.Connection.get_app_data() was called
before setting any app data. #304
* Added OpenSSL.crypto.dump_publickey() to dump OpenSSL.crypto.PKey objects
that represent public keys, and OpenSSL.crypto.load_publickey() to load such
objects from serialized representations. #382
* Added OpenSSL.crypto.dump_crl() to dump a certificate revocation list out to
OBS-URL: https://build.opensuse.org/request/show/394332
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=33
- udapte to 0.15.1
* OpenSSL/SSL.py, OpenSSL/test/test_ssl.py: Fix a regression
present in 0.15, where when an error occurs and no errno() is set,
a KeyError is raised. This happens, for example, if
Connection.shutdown() is called when the underlying transport has
gone away.
* OpenSSL/rand.py, OpenSSL/SSL.py: APIs which previously accepted
filenames only as bytes now accept them as either bytes or
unicode (and respect sys.getfilesystemencoding()).
* OpenSSL/SSL.py: Add Cory Benfield's next-protocol-negotiation
(NPN) bindings.
* OpenSSL/SSL.py: Add ``Connection.recv_into``, mirroring the
builtin ``socket.recv_into``. Based on work from Cory Benfield.
* OpenSSL/test/test_ssl.py: Add tests for ``recv_into``.
* OpenSSL/crypto.py: Expose ``X509StoreContext`` for verifying certificates.
* OpenSSL/test/test_crypto.py: Add intermediate certificates for
* OpenSSL/SSL.py: ``Connection.shutdown`` now propagates errors from the
underlying socket.
* OpenSSL/SSL.py: Fixed a regression ``Context.check_privatekey``
causing it to always succeed - even if it should fail.
* OpenSSL/crypto.py: Fixed a regression where calling ``load_pkcs7_data``
with ``FILETYPE_ASN1`` would fail with a ``NameError``.
* OpenSSL/SSL.py: Fix a regression in which the first argument of
- Do not hardcode version in file list
OBS-URL: https://build.opensuse.org/request/show/298537
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=31
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
