0.24.0
- `x509.Certificate().self_signed` will no longer return `"yes"` under any
circumstances. This helps prevent confusion since the library does not
verify the signature. Instead a library like oscrypto should be used
to confirm if a certificate is self-signed.
- Added various OIDs to `x509.KeyPurposeId()`
- Added `x509.Certificate().private_key_usage_period_value`
- Added structures for parsing common subject directory attributes for
X.509 certificates, including `x509.SubjectDirectoryAttribute()`
- Added `algos.AnyAlgorithmIdentifier()` for situations where an
algorithm identifier may contain a digest, signed digest or encryption
algorithm OID
- Fixed a bug with `x509.Certificate().subject_directory_attributes_value`
not returning the correct value
- Fixed a bug where explicitly-tagged fields in a `core.Sequence()` would
not function properly when the field had a default value
- Fixed a bug with type checking in `pem.armor()`
0.23.0:
Backwards compatibility break: the tag_type, explicit_tag and explicit_class attributes on core.Asn1Value no longer exist and were replaced by the implicit and explicit attributes. Field param dicts may use the new explicit and implicit keys, or the old tag_type and tag keys. The attribute changes will likely to have little to no impact since they were primarily an implementation detail.
Teletex strings used inside of X.509 certificates are now interpreted using Windows-1252 (a superset of ISO-8859-1). This enables compatibility with certificates generated by OpenSSL. Strict parsing of Teletex strings can be retained by using the x509.strict_teletex() context manager.
Added support for nested explicit tagging, supporting values that are defined with explicit tagging and then added as a field of another structure using explicit tagging.
Fixed a UnicodeDecodeError when trying to find the (optional) dependency OpenSSL on Python 2
Fixed next_update field of crl.TbsCertList to be optional
Added the x509.Certificate.sha256_fingerprint property
x509.Certificate.ocsp_urls and x509.DistributionPoint.url will now return https://, ldap:// and ldaps:// URLs in addition to http://.
Added CMS Attribute Protection definitions from RFC 6211
Added OIDs from RFC 6962
Added parser.peek()
Implemented proper support for BER-encoded indefinite length strings of all kinds - core.BitString, core.OctetString and all of the core classes that are natively represented as Python unicode strings
Fixed a bug with encoding LDAP URLs in x509.URI
Correct x509.DNSName to allow a leading ., such as when used with x509.NameConstraints
Fixed an issue with dumping the parsed contents of core.Any when explicitly tagged
Custom setup.py clean now accepts the short -a flag for compatibility
Fast ASN.1 parser and serializer with definitions for private keys,
public keys, certificates, CRL, OCSP, CMS, PKCS#3, PKCS#7, PKCS#8,
PKCS#12, PKCS#5, X.509 and TSP.