Commit graph

68 commits

Author SHA1 Message Date
wiz
bb579283d0 *: bump PKGREVISION for egg.mk users
They now have a tool dependency on py-setuptools instead of a DEPENDS
2022-01-04 20:53:26 +00:00
adam
86e7f89fee py-OpenSSL: updated to 21.0.0
21.0.0

Backward-incompatible changes:
- The minimum ``cryptography`` version is now 3.3.
- Drop support for Python 3.5

Changes:
- Raise an error when an invalid ALPN value is set.
- Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version``
  to set the minimum and maximum supported TLS version
- Updated ``to_cryptography`` and ``from_cryptography`` methods to support an upcoming release of ``cryptography`` without raising deprecation warnings.
2021-11-02 09:45:53 +00:00
nia
3df0f20e22 security: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
2021-10-26 11:16:56 +00:00
nia
fa4b2904a6 security: Remove SHA1 hashes for distfiles 2021-10-07 14:53:40 +00:00
leot
80944b237e py-OpenSSL: Update to 20.0.1
Changes:
20.0.1 (2020-12-15)
-------------------
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Deprecations:
^^^^^^^^^^^^^

Changes:
^^^^^^^^
- Fixed compatibility with OpenSSL 1.1.0.

20.0.0 (2020-11-27)
-------------------
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- The minimum ``cryptography`` version is now 3.2.
- Remove deprecated ``OpenSSL.tsafe`` module.
- Removed deprecated ``OpenSSL.SSL.Context.set_npn_advertise_callback``, ``OpenSSL.SSL.Context.set_npn_select_callback``, and ``OpenSSL.SSL.Connection.get_next_proto_negotiated``.
- Drop support for Python 3.4
- Drop support for OpenSSL 1.0.1 and 1.0.2

Deprecations:
^^^^^^^^^^^^^
- Deprecated ``OpenSSL.crypto.loads_pkcs7`` and ``OpenSSL.crypto.loads_pkcs12``.

Changes:
^^^^^^^^
- Added a new optional ``chain`` parameter to ``OpenSSL.crypto.X509StoreContext()``
  where additional untrusted certificates can be specified to help chain building.
  `#948 <https://github.com/pyca/pyopenssl/pull/948>`_
- Added ``OpenSSL.crypto.X509Store.load_locations`` to set trusted
  certificate file bundles and/or directories for verification.
  `#943 <https://github.com/pyca/pyopenssl/pull/943>`_
- Added ``Context.set_keylog_callback`` to log key material.
  `#910 <https://github.com/pyca/pyopenssl/pull/910>`_
- Added ``OpenSSL.SSL.Connection.get_verified_chain`` to retrieve the
  verified certificate chain of the peer.
  `#894 <https://github.com/pyca/pyopenssl/pull/894>`_.
- Make verification callback optional in ``Context.set_verify``.
  If omitted, OpenSSL's default verification is used.
  `#933 <https://github.com/pyca/pyopenssl/pull/933>`_
- Fixed a bug that could truncate or cause a zero-length key error due to a
  null byte in private key passphrase in ``OpenSSL.crypto.load_privatekey``
  and ``OpenSSL.crypto.dump_privatekey``.
  `#947 <https://github.com/pyca/pyopenssl/pull/947>`_
2020-12-19 11:52:26 +00:00
adam
f403dc5552 pytest from versioned depends 2020-05-17 19:34:12 +00:00
jperkin
26c1bffc9f *: Recursive revision bump for openssl 1.1.1. 2020-01-18 21:48:19 +00:00
adam
75e4c8d2cb py-OpenSSL: updated to 19.1.0
19.1.0:
Backward-incompatible changes:
- Removed deprecated ContextType, ConnectionType, PKeyType, X509NameType, X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, and NetscapeSPKIType aliases.
  Use the classes without the Type suffix instead.
- The minimum cryptography version is now 2.8 due to issues on macOS with a transitive dependency.

Deprecations:
- Deprecated OpenSSL.SSL.Context.set_npn_advertise_callback, OpenSSL.SSL.Context.set_npn_select_callback, and OpenSSL.SSL.Connection.get_next_proto_negotiated.
  ALPN should be used instead.

Changes:
- Support bytearray in SSL.Connection.send() by using cffi's from_buffer.
- The OpenSSL.SSL.Context.set_alpn_select_callback can return a new NO_OVERLAPPING_PROTOCOLS sentinel value
  to allow a TLS handshake to complete without an application protocol.
2019-11-18 10:51:31 +00:00
rillig
9fd786bb11 security: align variable assignments
pkglint -Wall -F --only aligned --only indent -r

No manual corrections.
2019-11-04 21:12:51 +00:00
adam
96bc8c839b py-OpenSSL: updated to 19.0.0
19.0.0:

Backward-incompatible changes:
- X509Store.add_cert no longer raises an error if you add a duplicate cert.

Changes:
- pyOpenSSL now works with OpenSSL 1.1.1.
- pyOpenSSL now handles NUL bytes in X509Name.get_components()
2019-01-22 09:12:09 +00:00
adam
bf9b147572 py-OpenSSL: updated to 18.0.0
18.0.0:
Backward-incompatible changes:
- The minimum cryptography version is now 2.2.1.
- Support for Python 2.6 has been dropped.

Changes:
- Added Connection.get_certificate to retrieve the local certificate.
- OpenSSL.SSL.Connection now sets SSL_MODE_AUTO_RETRY by default.
- Added Context.set_tlsext_use_srtp to enable negotiation of SRTP keying material.
2018-05-23 09:40:52 +00:00
adam
baba6f3d16 pyOpenSSL: updated to 17.5.0
17.5.0:
Backward-incompatible changes:
* The minimum cryptography version is now 2.1.4.

Changes:
* Fixed a potential use-after-free in the verify callback and resolved a memory leak when loading PKCS12 files with cacerts.
* Added Connection.export_keying_material for RFC 5705 compatible export of keying material.
2017-12-01 08:53:17 +00:00
adam
9bbf669736 py-OpenSSL: updated to 17.4.0
17.4.0:
Re-added a subset of the OpenSSL.rand module. This subset allows conscientious users to reseed the OpenSSL CSPRNG after fork.
Corrected a use-after-free when reusing an issuer or subject from an X509 object after the underlying object has been mutated.
2017-11-23 10:12:33 +00:00
adam
59ad9558ea py-OpenSSL: update to 17.3.0
17.3.0
Backward-incompatible changes:
* Dropped support for Python 3.3.
* Removed the deprecated OpenSSL.rand module. This is being done ahead of our normal deprecation schedule due to its lack of use and the fact that it was becoming a maintenance burden. os.urandom() should be used instead.

Deprecations:
* Deprecated OpenSSL.tsafe.

Changes:
* Fixed a memory leak in OpenSSL.crypto.CRL.
* Fixed a memory leak when verifying certificates with OpenSSL.crypto.X509StoreContext.
2017-09-16 06:47:52 +00:00
adam
71fccbb0d8 17.2.0:
Deprecations:
- Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead.

Changes:
- Fixed a bug causing ``Context.set_default_verify_paths()`` to not work with cryptography ``manylinux1`` wheels on Python 3.x.
- Fixed a crash with (EC)DSA signatures in some cases.
2017-07-20 16:52:16 +00:00
wiz
a880c86c0a Simplify testing part. Ok adam@ 2017-07-03 21:37:29 +00:00
wiz
75d7e4e108 Add missing py-pretend test dependency.
Update upstream bug report URLs.
2017-07-03 20:56:04 +00:00
adam
722d3e3637 Restored bug-report comments 2017-07-03 20:25:05 +00:00
adam
8c2607f9f7 17.1.0:
Backward-incompatible changes:
- Removed the deprecated OpenSSL.rand.egd() function.
  Applications should prefer os.urandom() for random number generation.
- Removed the deprecated default digest argument to OpenSSL.crypto.CRL.export().
  Callers must now always pass an explicit digest.
- Fixed a bug with ASN1_TIME casting in X509.set_notBefore(),
  X509.set_notAfter(), Revoked.set_rev_date(), Revoked.set_nextUpdate(),
  and Revoked.set_lastUpdate(). You must now pass times in the form
  YYYYMMDDhhmmssZ. YYYYMMDDhhmmss+hhmm and YYYYMMDDhhmmss-hhmm
  will no longer work.

Deprecations:
- Deprecated the legacy "Type" aliases: ContextType, ConnectionType, PKeyType, X509NameType, X509ExtensionType, X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, NetscapeSPKIType.
  The names without the "Type"-suffix should be used instead.

Changes:
- Added OpenSSL.crypto.X509.from_cryptography() and OpenSSL.crypto.X509.to_cryptography() for converting X.509 certificate to and from pyca/cryptography objects.
- Added OpenSSL.crypto.X509Req.from_cryptography(), OpenSSL.crypto.X509Req.to_cryptography(), OpenSSL.crypto.CRL.from_cryptography(), and OpenSSL.crypto.CRL.to_cryptography() for converting X.509 CSRs and CRLs to and from pyca/cryptography objects.
- Added OpenSSL.debug that allows to get an overview of used library versions (including linked OpenSSL) and other useful runtime information using python -m OpenSSL.debug.
- Added a fallback path to Context.set_default_verify_paths() to accommodate the upcoming release of cryptography manylinux1 wheels.
2017-07-03 19:37:52 +00:00
wiz
a5ba9d8d1b Do not run tests that core dump on NetBSD, add upstream bug report URLs. 2017-07-03 11:07:59 +00:00
adam
e6c748cc3a Changes 17.0.0:
- Added ``OpenSSL.X509Store.set_time()`` to set a custom verification time when verifying certificate chains.
- Added a collection of functions for working with OCSP stapling.
  None of these functions make it possible to validate OCSP assertions, only to staple them into the handshake and to retrieve the stapled assertion if provided.
  Users will need to write their own code to handle OCSP assertions.
  We specifically added: ``Context.set_ocsp_server_callback``, ``Context.set_ocsp_client_callback``, and ``Connection.request_ocsp``.
- Changed the ``SSL`` module's memory allocation policy to avoid zeroing memory it allocates when unnecessary.
  This reduces CPU usage and memory allocation time by an amount proportional to the size of the allocation.
  For applications that process a lot of TLS data or that use very lage allocations this can provide considerable performance improvements.
- Automatically set ``SSL_CTX_set_ecdh_auto()`` on ``OpenSSL.SSL.Context``.
- Fix empty exceptions from ``OpenSSL.crypto.load_privatekey()``.
2017-05-09 16:49:07 +00:00
wiz
b9ebc700bb Updated py-OpenSSL to 16.2.0.
Add patch that makes tests on NetBSD progress further.
But then there's a segfault. See
https://github.com/pyca/pyopenssl/issues/596

16.2.0 (2016-10-15)
-------------------

Changes:
^^^^^^^^

- Fixed compatibility errors with OpenSSL 1.1.0.
- Fixed an issue that caused failures with subinterpreters and embedded Pythons.
  `#552 <https://github.com/pyca/pyopenssl/pull/552>`_


16.1.0 (2016-08-26)
-------------------

Deprecations:
^^^^^^^^^^^^^

- Dropped support for OpenSSL 0.9.8.


Changes:
^^^^^^^^

- Fix memory leak in ``OpenSSL.crypto.dump_privatekey()`` with ``FILETYPE_TEXT``.
  `#496 <https://github.com/pyca/pyopenssl/pull/496>`_
- Enable use of CRL (and more) in verify context.
  `#483 <https://github.com/pyca/pyopenssl/pull/483>`_
- ``OpenSSL.crypto.PKey`` can now be constructed from ``cryptography`` objects and also exported as such.
  `#439 <https://github.com/pyca/pyopenssl/pull/439>`_
- Support newer versions of ``cryptography`` which use opaque structs for OpenSSL 1.1.0 compatibility.
2017-01-28 12:09:14 +00:00
wiz
57199de455 Switch to MASTER_SITES_PYPI. 2016-06-08 17:43:20 +00:00
leot
80f1cf36fa Update security/py-OpenSSL to 16.0.0.
Changes:
16.0.0 (2016-03-19)
-------------------
This is the first release under full stewardship of PyCA.
We have made *many* changes to make local development more pleasing.
The test suite now passes both on Linux and OS X with OpenSSL 0.9.8,
1.0.1, and 1.0.2.  It has been moved to `py.test <https://pytest.org/>`_,
all CI test runs are part of `tox <https://testrun.org/tox/>`_ and
the source code has been made fully `flake8
<https://flake8.readthedocs.org/>`_ compliant.

We hope to have lowered the barrier for contributions significantly
but are open to hear about any remaining frustrations.

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Python 3.2 support has been dropped.
  It never had significant real world usage and has been dropped
  by our main dependency ``cryptography``.  Affected users should
  upgrade to Python 3.3 or later.

Deprecations:
^^^^^^^^^^^^^
- The support for EGD has been removed.
  The only affected function ``OpenSSL.rand.egd()`` now uses
  ``os.urandom()`` to seed the internal PRNG instead.  Please see
  `pyca/cryptography#1636
  <https://github.com/pyca/cryptography/pull/1636>`_ for more
  background information on this decision.  In accordance with our
  backward compatibility policy ``OpenSSL.rand.egd()`` will be
  *removed* no sooner than a year from the release of 16.0.0.
  Please note that you should `use urandom
  <http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/>`_
  for all your secure random number needs.
- Python 2.6 support has been deprecated.
  Our main dependency ``cryptography`` deprecated 2.6 in version
  0.9 (2015-05-14) with no time table for actually dropping it.
  pyOpenSSL will drop Python 2.6 support once ``cryptography``
  does.

Changes:
^^^^^^^^
- Fixed ``OpenSSL.SSL.Context.set_session_id``,
  ``OpenSSL.SSL.Connection.renegotiate``,
  ``OpenSSL.SSL.Connection.renegotiate_pending``, and
  ``OpenSSL.SSL.Context.load_client_ca``.
  They were lacking an implementation since 0.14.  `#422
  <https://github.com/pyca/pyopenssl/pull/422>`_
- Fixed segmentation fault when using keys larger than 4096-bit to sign data.
  `#428 <https://github.com/pyca/pyopenssl/pull/428>`_
- Fixed ``AttributeError`` when ``OpenSSL.SSL.Connection.get_app_data()``
  was called before setting any app data.
  `#304 <https://github.com/pyca/pyopenssl/pull/304>`_
- Added ``OpenSSL.crypto.dump_publickey()`` to dump ``OpenSSL.crypto.PKey``
  objects that represent public keys, and ``OpenSSL.crypto.load_publickey()``
  to load such objects from serialized representations.
  `#382 <https://github.com/pyca/pyopenssl/pull/382>`_
- Added ``OpenSSL.crypto.dump_crl()`` to dump a certificate revocation
  list out to a string buffer.
  `#368 <https://github.com/pyca/pyopenssl/pull/368>`_
- Added ``OpenSSL.SSL.Connection.get_state_string()`` using the
  OpenSSL binding ``state_string_long``.
  `#358 <https://github.com/pyca/pyopenssl/pull/358>`_
- Added support for the ``socket.MSG_PEEK`` flag to
  ``OpenSSL.SSL.Connection.recv()`` and
  ``OpenSSL.SSL.Connection.recv_into()``.
  `#294 <https://github.com/pyca/pyopenssl/pull/294>`_
- Added ``OpenSSL.SSL.Connection.get_protocol_version()`` and
  ``OpenSSL.SSL.Connection.get_protocol_version_name()``.
  `#244 <https://github.com/pyca/pyopenssl/pull/244>`_
- Switched to ``utf8string`` mask by default.
  OpenSSL formerly defaulted to a ``T61String`` if there were UTF-8
  characters present.  This was changed to default to ``UTF8String``
  in the config around 2005, but the actual code didn't change it
  until late last year.  This will default us to the setting that
  actually works.  To revert this you can call
  ``OpenSSL.crypto._lib.ASN1_STRING_set_default_mask_asc(b"default")``.
  `#234 <https://github.com/pyca/pyopenssl/pull/234>`_
2016-04-20 16:05:57 +00:00
jperkin
17661ff9a5 Bump PKGREVISION for security/openssl ABI bump. 2016-03-05 11:27:40 +00:00
agc
5293710fb4 Add SHA512 digests for distfiles for security category
Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
2015-11-04 01:17:40 +00:00
leot
0facadece2 Update security/py-OpenSSL to py-OpenSSL-0.15.1.
pkgsrc changes:
 * Update HOMEPAGE

Changes:
0.15.1:
 * OpenSSL/SSL.py, OpenSSL/test/test_ssl.py: Fix a regression
   present in 0.15, where when an error occurs and no errno() is set,
   a KeyError is raised.  This happens, for example, if
   Connection.shutdown() is called when the underlying transport has
   gone away.

0.15:
 * OpenSSL/rand.py, OpenSSL/SSL.py: APIs which previously accepted
   filenames only as bytes now accept them as either bytes or
   unicode (and respect sys.getfilesystemencoding()).
 * OpenSSL/SSL.py: Add Cory Benfield's next-protocol-negotiation
   (NPN) bindings.
 * OpenSSL/SSL.py: Add ``Connection.recv_into``, mirroring the
   builtin ``socket.recv_into``.  Based on work from Cory Benfield.
 * OpenSSL/test/test_ssl.py: Add tests for ``recv_into``.
 * OpenSSL/crypto.py: Expose ``X509StoreContext`` for verifying certificates.
 * OpenSSL/test/test_crypto.py: Add intermediate certificates for
 * OpenSSL/SSL.py: ``Connection.shutdown`` now propagates errors from the
   underlying socket.
 * OpenSSL/SSL.py: Fixed a regression ``Context.check_privatekey``
   causing it to always succeed - even if it should fail.
 * OpenSSL/crypto.py: Fixed a regression where calling ``load_pkcs7_data``
   with ``FILETYPE_ASN1`` would fail with a ``NameError``.
 * OpenSSL/SSL.py: Fix a regression in which the first argument of
   the "verify" callback was incorrectly passed a ``Context`` instance
   instead of the ``Connection`` instance.
 * OpenSSL/test/test_ssl.py: Add a test for the value passed as the
   first argument of the "verify" callback.
 * OpenSSL/crypto.py: Based on work from Alex Gaynor, Andrew
   Lutomirski, Tobias Oberstein, Laurens Van Houtven, and Hynek
   Schlawack, add ``get_elliptic_curve`` and ``get_elliptic_curves``
   to support TLS ECDHE modes.
 * OpenSSL/SSL.py: Add ``Context.set_tmp_ecdh`` to configure a TLS
   context with a particular elliptic curve for ECDHE modes.
 * OpenSSL/SSL.py: ``Connection.send`` and ``Connection.sendall``
   now also accept the ``buffer`` type as data.
 * OpenSSL/crypto.py: Make ``load_pkcs12`` backwards compatible with
   pyOpenSSL 0.13 by making passphrase optional.
 * OpenSSL/SSL.py: Add ``get_finished``, ``get_peer_finished``
   methods to ``Connection``. If you use these methods to
   implement TLS channel binding (RFC 5929) disable session
   resumption because triple handshake attacks against TLS.
   <https://www.ietf.org/mail-archive/web/tls/current/msg11337.html>
   <https://secure-resumption.com/tlsauth.pdf>
 * OpenSSL/SSL.py: Add ``get_cipher_name``, ``get_cipher_bits``,
   and ``get_cipher_version`` to ``Connection``.
 * OpenSSL/tsafe.py: Replace the use of ``apply`` (which has been
   removed in Python 3) with the equivalent syntax.
 * OpenSSL/crypto.py: Fix memory leak in _X509_REVOKED_dup.
 * leakcheck/crypto.py: Add checks for _X509_REVOKED_dup, CRL.add_revoked
   and CRL.get_revoked.
 * setup.py: Require cryptography 0.3 to have the ASN1_TIME_free binding.
 * OpenSSL/crypto.py: Add ``get_extensions`` method to ``X509Req``.
2015-08-23 10:10:26 +00:00
wiz
a6e56d9a3d Depends on six itself as well.
Thanks, gdt.
2014-03-21 13:34:59 +00:00
wiz
cef535152a Depend on py-cryptography instead of py-six (a py-cryptography dependency,
pulled in during an attempt to autobuild it because it was missing).
Ride PKGREVISION bump from a few minutes ago.
2014-03-21 13:23:27 +00:00
gdt
c94d2fb61c Depend on py-six.
py-OpenSSL 0.14 started depending on six, but this package didn't, so
"import OpenSSL" failed.  Confusingly, this led to build failures in
tahoe-lafs because somehow setuptools determined six was needed and
tried to download it.

After this commit, "make test" in py-OpenSSL still fails; it tries to download
"cryptography" and "cffi".
2014-03-21 13:19:02 +00:00
wiz
f60d0f6046 Update to 0.14:
2014-01-09  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* OpenSSL: Port to the cffi-based OpenSSL bindings provided by
	  <https://github.com/pyca/cryptography>

2013-10-06  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

	* OpenSSL/ssl/context.c: Add support for negotiating TLS v1.1 or
	  v1.2.

2013-10-03  Christian Heimes  <christian@python.org>

	* OpenSSL/crypto/x509.c: Fix an inconsistency in memory management
	  in X509.get_serial_number which leads to crashes on some runtimes
	  (certain Windows/Python 3.3 environments, at least).
2014-02-24 11:47:03 +00:00
tron
c64e9eb269 Recursive PKGREVISION bump for OpenSSL API version bump. 2014-02-12 23:18:26 +00:00
wiz
aa67e11089 Mark packages as not ready for python-3.x where applicable;
either because they themselves are not ready or because a
dependency isn't. This is annotated by
PYTHON_VERSIONS_INCOMPATIBLE=  33 # not yet ported as of x.y.z
or
PYTHON_VERSIONS_INCOMPATIBLE=  33 # py-foo, py-bar
respectively, please use the same style for other packages,
and check during updates.

Use versioned_dependencies.mk where applicable.
Use REPLACE_PYTHON instead of handcoded alternatives, where applicable.
Reorder Makefile sections into standard order, where applicable.

Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default
with the next commit.

Whitespace cleanups and other nits corrected, where necessary.
2014-01-25 10:29:56 +00:00
drochner
febe02b8b1 update to 0.13.1
This fixes a hostname check bypassing vulnerability (truncation on
NULL-bytes, as seen in other implementations) (CVE-2013-4314)
2013-09-09 17:49:08 +00:00
jperkin
becd113253 PKGREVISION bumps for the security/openssl 1.0.1d update. 2013-02-06 23:20:50 +00:00
asau
1a433eae91 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-23 18:16:19 +00:00
wiz
c595076396 All supported python versions in pkgsrc support eggs, so remove
${PLIST.eggfile} from PLISTs and support code from lang/python.
2012-04-08 20:21:41 +00:00
gls
bc42ab1c81 Update security/py-OpenSSL to 0.13.
Upstream changes:

2011-09-02  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

        * Release 0.13

2011-06-12  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

        * OpenSSL/crypto/pkey.c: Add the PKey.check method, mostly
          implemented by Rick Dean, to verify the internal consistency of a
          PKey instance.

2011-06-12  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

        * OpenSSL/crypto/crypto.c: Fix the sign and verify functions so
          they handle data with embedded NULs.  Fix by David Brodsky
          <lp:~lihalla>.

2011-05-20  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

        * OpenSSL/ssl/connection.c, OpenSSL/test/test_ssl.py: Add a new
          method to the Connection type, get_peer_cert_chain, for retrieving
          the peer's certificate chain.

2011-05-19  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

        * OpenSSL/crypto/x509.c, OpenSSL/test/test_crypto.py: Add a new
          method to the X509 type, get_signature_algorithm, for inspecting
          the signature algorithm field of the certificate.  Based on a
          patch from <lp:~okuda>.

2011-05-10  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

        * OpenSSL/crypto/crypto.h: Work around a Windows/OpenSSL 1.0 issue
          explicitly including a Windows header before any OpenSSL headers.

        * OpenSSL/crypto/pkcs12.c: Work around an OpenSSL 1.0 issue by
          explicitly flushing errors known to be uninteresting after calling
          PKCS12_parse.

        * OpenSSL/ssl/context.c: Remove SSLv2 support if the underlying
          OpenSSL library does not provide it.

        * OpenSSL/test/test_crypto.py: Support an OpenSSL 1.0 change from
          MD5 to SHA1 by allowing either hash algorithm's result as the
          return value of X509.subject_name_hash.

        * OpenSSL/test/test_ssl.py: Support an OpenSSL 1.0 change from MD5
          to SHA1 by constructing certificate files named using both hash
          algorithms' results when testing Context.load_verify_locations.

        * Support OpenSSL 1.0.0a.

2011-04-15  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

        * OpenSSL/ssl/ssl.c: Add OPENSSL_VERSION_NUMBER, SSLeay_version
          and related constants for retrieving version information about the
          underlying OpenSSL library.
2012-02-18 20:40:40 +00:00
joerg
9a0666357e Tag the 28 locations that result in a Python 3.1 package as supporting so.
Remove it from the default list for the rest.
2011-12-03 00:02:14 +00:00
adam
05cf5d6011 Changes 0.12:
* OpenSSL/crypto/x509.c: Add get_extension_count and get_extension
  to the X509 type, allowing read access to certificate extensions.
* OpenSSL/crypto/x509ext.c: Add get_short_name and get_data to the
  X509Extension type, allowing read access to the contents of an
  extension.
* OpenSSL/ssl/ssl.c: Expose a number of symbolic constants for
  values passed to the connection "info" callback.
* OpenSSL/ssl/connection.py: Add support for new-style
  buffers (primarily memoryviews) to Connection.send and
  Connection.sendall.
2011-05-20 11:05:33 +00:00
gdt
f9ea4ed356 Use distutils.mk, and conditionalize egg file presence.
Fixes build with Python 2.4.
2010-07-24 12:49:25 +00:00
gdt
1d8703d103 Substitute the egg file in PLIST so that the version isn't hardcoded.
(We are missing infrastructure for egg files in non-egg packages.)
Problem pointed out by wiz@.
2010-07-23 23:04:27 +00:00
gdt
d912f24231 Don't suppress egg-info file, so that programs that use requires to
find the Python package contained in this distribution will work.
2010-07-23 21:09:51 +00:00
ver
a6e9424ac2 Upgrade py-OpenSSL to 0.10 from 0.7 for feature enhancements. 2010-07-19 16:46:48 +00:00
wiz
579796a3e5 Recursive PKGREVISION bump for jpeg update to 8. 2010-01-17 12:02:03 +00:00
joerg
52ab88152d Accept Python 2.6 for now until evidence of breakage appears. Fixes
dependencies of some other packages.
2009-06-26 19:44:47 +00:00
joerg
f0bbd1517d Remove @dirrm entries from PLISTs 2009-06-14 18:13:25 +00:00
joerg
25a80fb4ab Remove PYBINMODULE. All it did was mark some packages as not available
on some platforms that lacked shared library support in the past. The
list hasn't been maintained at all and the gain is very limited, so just
get rid of it.
2009-03-05 18:51:26 +00:00
tonnerre
8883df8908 Despite the fact that various Python modules do have buildlink files,
according to Joerg this behavior is wrong. Remove this one again.
2009-01-07 23:00:26 +00:00
tonnerre
7da5df70b0 Add buildlink3.mk file to py-OpenSSL extension so it can be referenced in
other packages.
2009-01-07 22:27:48 +00:00