pkgsrc changes:
* Update HOMEPAGE
Changes:
0.15.1:
* OpenSSL/SSL.py, OpenSSL/test/test_ssl.py: Fix a regression
present in 0.15, where when an error occurs and no errno() is set,
a KeyError is raised. This happens, for example, if
Connection.shutdown() is called when the underlying transport has
gone away.
0.15:
* OpenSSL/rand.py, OpenSSL/SSL.py: APIs which previously accepted
filenames only as bytes now accept them as either bytes or
unicode (and respect sys.getfilesystemencoding()).
* OpenSSL/SSL.py: Add Cory Benfield's next-protocol-negotiation
(NPN) bindings.
* OpenSSL/SSL.py: Add ``Connection.recv_into``, mirroring the
builtin ``socket.recv_into``. Based on work from Cory Benfield.
* OpenSSL/test/test_ssl.py: Add tests for ``recv_into``.
* OpenSSL/crypto.py: Expose ``X509StoreContext`` for verifying certificates.
* OpenSSL/test/test_crypto.py: Add intermediate certificates for
* OpenSSL/SSL.py: ``Connection.shutdown`` now propagates errors from the
underlying socket.
* OpenSSL/SSL.py: Fixed a regression ``Context.check_privatekey``
causing it to always succeed - even if it should fail.
* OpenSSL/crypto.py: Fixed a regression where calling ``load_pkcs7_data``
with ``FILETYPE_ASN1`` would fail with a ``NameError``.
* OpenSSL/SSL.py: Fix a regression in which the first argument of
the "verify" callback was incorrectly passed a ``Context`` instance
instead of the ``Connection`` instance.
* OpenSSL/test/test_ssl.py: Add a test for the value passed as the
first argument of the "verify" callback.
* OpenSSL/crypto.py: Based on work from Alex Gaynor, Andrew
Lutomirski, Tobias Oberstein, Laurens Van Houtven, and Hynek
Schlawack, add ``get_elliptic_curve`` and ``get_elliptic_curves``
to support TLS ECDHE modes.
* OpenSSL/SSL.py: Add ``Context.set_tmp_ecdh`` to configure a TLS
context with a particular elliptic curve for ECDHE modes.
* OpenSSL/SSL.py: ``Connection.send`` and ``Connection.sendall``
now also accept the ``buffer`` type as data.
* OpenSSL/crypto.py: Make ``load_pkcs12`` backwards compatible with
pyOpenSSL 0.13 by making passphrase optional.
* OpenSSL/SSL.py: Add ``get_finished``, ``get_peer_finished``
methods to ``Connection``. If you use these methods to
implement TLS channel binding (RFC 5929) disable session
resumption because triple handshake attacks against TLS.
<https://www.ietf.org/mail-archive/web/tls/current/msg11337.html>
<https://secure-resumption.com/tlsauth.pdf>
* OpenSSL/SSL.py: Add ``get_cipher_name``, ``get_cipher_bits``,
and ``get_cipher_version`` to ``Connection``.
* OpenSSL/tsafe.py: Replace the use of ``apply`` (which has been
removed in Python 3) with the equivalent syntax.
* OpenSSL/crypto.py: Fix memory leak in _X509_REVOKED_dup.
* leakcheck/crypto.py: Add checks for _X509_REVOKED_dup, CRL.add_revoked
and CRL.get_revoked.
* setup.py: Require cryptography 0.3 to have the ASN1_TIME_free binding.
* OpenSSL/crypto.py: Add ``get_extensions`` method to ``X509Req``.
0facadece2