forked from mcepl/M2Crypto
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGES
676 lines (605 loc) · 28.3 KB
/
CHANGES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
0.35.1 - 2019-06-08
-------------------
- Actually, really fix compatibility with OpenSSL 1.1.1c. Thank you,
Sebastian Andrzej Siewior from the Debian team for resolving it.
0.34.0 - 2019-05-30
-------------------
- Use more recent version of OpenSSL on Windows
- Be resilient against the situation when no erorr happened.
- Correct URL of https://www.schneier.com/academic/smime/
- Use shlex.split() for CPP
0.33.0 - 2019-04-26
-------------------
- eb4525c - Stop pretending to support Python 3.4. <Matěj Cepl>
- 6a89548 - Fix use of urlunsplit (25 hours ago) <Andreas Schwab>
- 0a5a356 - tests/test_ssl: use -ciphercuites for TLS1.3 cipher in
openssl1.1 <Sebastian Andrzej Siewior>
- 8a0a3e3 - There are apparently multiword CPP variables. Taking that
into account. <Matěj Cepl>
0.32.0 - 2019-03-04
-------------------
- 471582f - setup.py: use ${CPP} as path to cpp <Duncan Macleod>
- efb1580 - Bump pipeline OpenSSL from 1.1.0i to 1.1.0j
- 35bb71b - Stub wchar_t helpers and ignore unused WCHAR defs <makepost>
- effc7be - Add type comment to setup.py <Matěj Cepl>
0.31.0 - 2018-11-08
-------------------
- Compatibility with OpenSSL 1.1.1 (partly workaround, maybe requires
further investigation)
- Fixes for Windows builds
- Fixes of installs on AWS Lambda
- Fixes of Mac OS X related failures
- Fix Python 2.6 compatibility issues
0.30.1 - 2018-04-29
-------------------
- Fix packaging (missed packaging testing file)
0.30.0 - 2018-04-25
-------------------
- Various small typos (Windows builds, Fix SSL.Connection.__del__)
- The project is now Linux-distribution agnostic
- Replace all old-style classes with the new ones (it shouldn't cause
any problems, but feel free to file an issue, if it does)
- Do not by-pass a potential transfer decoding in m2urllib2
- Update M2Crypto.six with 1.11.0 and replace our local workarounds with
new functions.
- SSLv3 just removed.
- Don't support Python 2.6 on Windows anymore. Windows users don't have
python as a system package, so they are usually more likely to upgrade
anyway.
0.29.0 - 2018-02-23
-------------------
- Fix building on Windows (all tests fix on Win32 and Win64 on all
supported combinations of versions of OpenSSL and Python)
- Fixes of some small bugs
0.28.0 - 2018-02-08
-------------------
- Mainly port to Python 3 (supporting 2.6, 2.7, 3.3, 3.4, 3.5, 3.6)
- Some lame efforts to make setup.py build --openssl work better (needs
more real testing on Mac OS X)
- Fix licence: it is MIT, not BSD
- Fix and add tests for SWIG/_aes.i module
- Improve somehow situation on Mac OS X (some testing, improve setup.py,
testsuite should fully pass)
- Bundle-in unittest2 for Python 2.6 (dealing with the need for
specific version of unittest2 package was too complicated)
- Remove all PGP modules
0.27.0 - 2017-10-05
-------------------
- Fix licence: it is MIT, not BSD
- At least minimal support of SNI in httpslib.
- Small bugfixes and cleanups.
- More effort to make build system more robust (now should work even on
Debian LTS).
- Restore m2.rsa_set_e() and m2.rsa_set_n().
- Make sure that every exceptional return throws and exception and vice
versa.
0.26.4 - 2017-09-26
-------------------
- Proper fix of deprecation warning for OpenSSL 1.1.0
- Small mostly stylistic bugfixes
- Emergency release to fix FTBFS.
0.26.3 - 2017-09-22
-------------------
- Fix a syntax typo.
0.26.2 - 2017-09-20
-------------------
- port to support OpenSSL 1.1.0 API
- add generated Sphinx documentation
- another set of cleanups
0.26.0 - 2017-03-21
-------------------
- Fix packaging on RHEL-6
- Replace ASN1_UTCTIME with ASN1_TIME which supports both UTCTime and
GeneralizedTime
- Add possibility to sign PKCS7 with a non-default digest.
- Add possibility to set custom callback for X509 verification.
- Clean up imports and PEP8ization
- A lot of cleanups on the way towards Python 3
- Other small bugfixes
0.25.1 - 2016-07-25
-------------------
- Actually do check, whether we have SSLv2 compiled in, and don't run
test for it.
0.25.0 - 2016-03-21
-------------------
- More cleanups, removal of obsolete stuff, and moves towards py3k
compatibility.
- Add support for EC.get_builtin_curves() and use it for testing.
- Enable AES CTR mode
- Bundle-in six module v. 1.10.0
- add rand_file_name and rand_status
- remove all LHASH fiddling
- Extend Travis and GitLab CI configuration to test also py3k (with
allowed_failures) and CentOS6 (on GitLab CI).
- Add CONTRIBUTORS.rst. Thank you!
- Add PEP-484 type hints in comments to all Python files (except for
tests)
- Use context managers for file handling wherever possible instead of
leaking open file descriptors.
- Improve defaults handling for SSL_CTX_new().
- Fix PGP tests to actually run
0.24.0 - 2016-03-21
-------------------
- More cleanups, removal of obsolete stuff, and moves towards py3k
compatibility.
- Add DSA.pub_key_from_params() factory function (and m2.dsa_set_pub()).
- Allow import/export of EC public key with binary values
- Add EVP.load_key_string_pubkey() function, as well as helper functions
- Add EVP.get_digestbyname() functionality.
- Convert documentation to rST (and add instructions for building on Mac
OS X)
- Another round of fixing multiarch building.
- Disable tests with weak ciphers on some platforms (Debain)
0.23.0 - 2016-01-29
-------------------
- Add Travis and GitLab CI configurations
- Allow building without SSLv2
- More cleanups and removing obsolete code
- Fix README
- Fix buffer overflow in pkcs5_pbkdf2_hmac_sha1
- First moves towards Python 3 compatibility
- Removed rather large and completely unmaintained demo/ subdirectory
(now in a separate repo https://gitlab.com/m2crypto/m2crypto_demo)
- Automatically generated test data files
- Finally fix building on multiarch systems
- All objects derived from BIO.BIO now could work as context managers
- Switch setup.py to setuptools
0.22.5 - 2015-10-13
-------------------
- Add forgoteen SWIG/*.h among distributed files.
0.22.4 - 2015-10-13
-------------------
- Matěj Cepl takes over leadership of the upstream maintenance
- Fedora/RHEL distribution patches merged to the main development
(mainly, but not only, upgrading to the more recent versions of
OpenSSL, swig which is now at 3.0.5, but anything above 2.0.4 is
supported as well, and python which now has to be at least 2.6).
- Tons of cleaning up the code for obsolete constructs, PEP8ization,
etc.
0.22.3 - 2014-01-22
-------------------
(released by Martin Paljak, later development started on top of 0.21.1
with his improvements cherry picked to the new development branch)
0.21.1 - 2011-01-15
-------------------
- Distribution fix
0.21 - 2011-01-12
-----------------
- Support OpenSSL 1.0. Thanks to Miloslav Trmac for figuring out how to fix
test_smime.py
- Rename m2.engine_init to engine_init_error so that
ENGINE_init and ENGINE_finish can be exposed, thanks to Erlo
- 0.20 started releasing Python locks even around some operations that
interacted with the Python runtime, potentially causing crashes and other
weirdness, fix by Miloslav Trmac
- Make httpslib.ProxyHTTPSConnection work with Python 2.3
0.20.2 - 2009-10-06
-------------------
- (Re)Enable configuration and use with OpenSSL 0.9.7g and older by disabling
RSA PSS methods when using such old OpenSSL, thanks to Stef Walter
0.20.1 - 2009-08-27
-------------------
- Fix regression in httpslib.ProxyHTTPSConnection, by Miloslav Trmac
0.20 - 2009-08-10
-----------------
- Deprecated M2Crypto.PGP subpackage since nobody seems to be using it nor
is it being maintained (if you do use it, please let me know)
- Added fedora_setup.sh to help work around differences on Fedora Core -based
distributions (RedHat, CentOS, ...); thanks to Miloslav Trmac
- Added X509.load_request_bio and load_request_string, by Hartmut Goebel and
Pavel Shramov
- Added alias X509.Request.set_subject for set_subject_name to match X509.X509,
by Pavel Shramov
- OBJ_* wrappers did not work properly with OpenSSL 0.9.8a and earlier, fix by
Pavel Shramov
- Added ASN1_UTCTIME.get_datetime and set_datetime, by Pavel Shramov
- Fixed obj_obj2txt, which returned nonsense, fix by Barney Stratford
- m2urllib did not close sockets properly, fix by Miloslav Trmac
- Allow SSL peer certificate to have subjectAltName without dNSName and use
commonName for hostname check, fix by Miloslav Trmac
- threading_locking_callback did not block on a lock when the lock
was held by another thread, by Miloslav Trmac
- Allow more blocking OpenSSL functions to run without GIL, by Miloslav Trmac
- Fixed httpslib to send only the path+query+fragment part of the URL when
using CONNECT proxy, by James Bowes
- SSLServer.__init__ now takes optional bind_and_activate parameter and
initializes by calling SocketServer.BaseServer.__init__, which
are Python 2.6 compatibility fixes, by Christian
- ftpslib now works with Python 2.6, by Theodore A. Roth
- httpslib.ProxyHTTPSConnection needs to cast port into integer,
by John M. Schanck
- Added support for RSASSA-PSS signing and verifying, by Chris Collis
- Added support for disabling padding when using RSA encryption,
by Chris Collis
- ASN1_INTEGERs can now be larger than fits in an int, for example to support
X509 certificates with large serial numbers,
patch by Mikhail Vorozhtsov and testcase by Barry G.
- Reverted a change done in 0.17 to m2urllib2 which changed urls to include
host when it should stay as it was
- httpslib no longer uses urllib; instead it uses urlparse for url parsing
- SMIME.text_crlf and text_crlf_bio were always raising TypeError; fixed
- EVP.load_key and load_key_bio fixed to raise EVP.EVPError and BIO.BIOError
instead of str (str exceptions not allowed in Python 2.6 and later)
- SSL.Session.load_session fixed to raise SSL.SSLError instead of str
- SMIME.load_pkcs7, load_pkcs7_bio, smime_load_pkcs7, smime_load_pkcs7_bio,
text_crlf, text_crlf_bio fixed to raise BIO.BIOError, SMIME.PKCS7_Error and
SMIME.SMIME_Error as appropriate instead of str
- Added FIPS mode to unit tests, and used FIPS-compliant key sizes in other
tests, by Miloslav Trmac. Note that tests run much slower because of this!
- Unit tests cover 80% of the code
0.19.1 - 2008-10-12
-------------------
- Re-enable building when OpenSSL built without EC support, by Miloslav Trmac
- Remove shebang from Engine.py since it is not executable, by Miloslav Trmac
0.19 - 2008-10-05
-----------------
- OpenSSL OBJ_* functions wrapped by Pavel Shramov
- OpenSSL ENGINE interface wrapped, providing support for smart cards, by
Martin Paljak and Pavel Shramov
- EVP.PKey.get_rsa() now returns RSA_pub, which fixes segmentation fault
when trying to encrypt using public key from X509 certificate, by Ben Timby
- httpslib.ProxyHTTPSConnection now sends the required Host header,
by Karl Grindley
- Use the proxied User-Agent value in CONNECT requests, by James Antill and
Miloslav Trmac
- Fixed m2urllib.build_opener when optional handlers were in use,
affected Python 2.5 and later, by Miloslav Trmac
- Reverted the incorrect GIL change done in 0.18 to m2.passphrase_callback,
which caused a deadlock when called from mod_python for example. Thanks to
Michal Kochel and Keith Jackson.
- SSL.Connection.accept() passed wrong certificate to postConnectionCheck
callback
- httpslib.HTTPSConnection now raises ValueError for illegal keyword argument
- m2.pkey_write_pem[_no_cipher] changed to use the recommended (more secure)
PEM_write_bio_PKCS8PrivateKey (used by PEM_write_bio_PrivateKey).
- X509.load_cert, load_cert_bio, load_cert_der_string, new_stack_from_der,
load_request and load_crl now raise X509Error for invalid data. Previously
some of these raised a string as an error, some did not raise but caused
strange errors later, for example x509.verify() would return -1.
- Fixed SSL.Connection.get_socket_read_timeout and set_socket_read_timeout on
64bit platforms by adding SSL.timeout.struct_size() and using it instead of
hardcoded size for socket.getsockopt
- X509_Store.load_info now returns the value from the underlying
m2.x509_store_load_locations call, and in case of error raises X509Error
- Fixed SMIME.verify to raise the correct PKCS7_Error (used to raise
SMIME_Error) when verification fails with Python 2.6
0.18.2 - 2007-10-12
-------------------
- typedef Py_ssize_t was insufficiently guarded, now follows PEP 353. This
prevented building on at least Red Hat Linux and Debian Linux (unstable).
0.18.1 - 2007-10-08
-------------------
- Redo build fix when OpenSSL configured without Elliptic Curves (EC), see
also INSTALL file
0.18 - 2007-07-26
-----------------
- Added EVP.pbkdf2 to derive key from password
- X509_Store_Context.get1_chain added
- Added X509_Name.__iter__, __getitem__, get_entries_by_nid which allow
iterating over all X509_Name_Entries or getting just all commonName entries,
for example
- Added X509_Name_Entry.get_object, get_data, set_data
- Added back PKCS7.get0_signers (was removed in 0.16)
- X509_Extension.get_value accepts flag and indent parameters.
- support multiple dNSName fields in subjectAltName
- support multiple commonName fields for SSL peer hostname checking
- Checking for erroneous returns from more OpenSSL EVP_* functions, which
means that certain things that used to fail silently will now raise an
EVP.EVPError; affected m2 functions are: digest_final, cipher_init,
cipher_update, cipher_final and sign_update. sign_final will now raise
EVP.EVPError instead of SystemError as well.
- Fixed Pkey.verify_final to take a sign parameter
- If a subjectAltName extension of type dNSName is present in peer certificate,
use only the dNSNames when checking peer certificate hostname, as specified
by RFC 2818. If no dNSNames are present, use subject commonName.
- Fixed memory leaks in m2 functions ec_key_new_by_curve_name,
pkey_get_modulus, ecdsa_verify, threading_init and
X509.X509.verify, X509.X509_Stack (which manifested for example when
calling X509.new_stack_from_der), SSL.Connection (which manifested with some
connection errors or when connect was never called), twisted wrapper,
SSL.Connection.makefile (in BIO.IOBuffer really)
- Fixed threading regressions introduced in 0.16,
by Aaron Reizes and Keith Jackson
- Added SSL session caching support to HTTPSConnection, by Keith Jackson
- Added the ability to save and load DER formatted X509 certificates and
certificate requests, by Keith Jackson
- m2xmlrpclib.py fixed to work with Python 2.5, by Miloslav Trmac
- 64-bit correctness fixes, by Miloslav Trmac
- Added X509_Name.as_hash, by Thomas Uram
- Moved --openssl option from general setup.py option to build_ext option,
meaning you need to do: python setup.py build build_ext --openssl=/path,
by Philip Kershaw
- Fixed build problem affecting certain systems where OpenSSL was built without
EC support
- M2CRYPTO_TEST_SSL_SLEEP environment variable controls how long to sleep
after starting the test SSL server. Default is 0.5, but 0.1 or even 0.05
might work with modern computers. Makes tests finish significantly faster.
0.17 - 2006-12-20
-----------------
- setup.py has new test command to run unit tests (requires setuptools)
- Added m2urllib2, by James Bowes (python 2.4 and later, at least for now)
- Added CONNECT proxy for httpslib and m2urllib2, by James Bowes
- Added PKey.get_modulus, X509.get_fingerprint, X509_Name.as_der and
m2.bn_to_hex, by Thomas Uram
- Prevent Connection.makefile from freeing bio redundantly, by Thomas Uram
- Added Err.peek_error_code, by Thomas Uram
- Fixed m2urllib.open_https to return the response headers, otherwise code
that relied on that would break (for example msnlib-3.5), by Arno bakker
- Fixed twisted wrapper to work with >16kb BIO buffers, by Martin Paljak
- Added support for remaining ECs, by Larry Bugbee
- Fixed DSA.save_key and DSA_.save_pub_key, by Larry Bugbee
- SSL.Context.load_verify_locations raises ValueError if cafile and capath
are both None
- Fixed X509.check_purpose() (was always raising exceptions)
- smime_read_pkcs7 was changed to automatically call BIO_set_mem_eof_return
on memory BIOs because otherwise the read would fail with
"SMIME_Error: not enough data"
- X509.new_extension('subjectKeyIdentifier', 'hash') raises ValueError instead
of crashing Python
0.16 - 2006-07-05
-----------------
- Minimum requirements updated: Python 2.3+, OpenSSL 0.9.7+, SWIG 1.3.24+
- Optional features from OpenSSL 0.9.8 and newer
- Enhancements to EVP and X509 to allow proxy certificate handling,
by Matt Rodriguez
- SSLBio and related additions to help do SSL with BIOs directly,
by Matt Rodriguez
- Added --openssl option to build command which can be used to specify
where OpenSSL is installed, by Matt Rodriguez
- Added sign and verify to RSA class, and get_rsa to PKey class,
by Matt Rodriguez
- ECDSA signatures and ECDH key agreement, requires OpenSSL 0.9.8+,
by Arno Bakker
- Fix non-hashable type problems in SSL._ctxmap and users,
by Michael Weiser
- Fixed SSLServer.handle_error to take the correct number of
arguments, by Dan Williams
- Various DSA enhancements by Larry Bugbee
- Added sha224, sha256, sha384 and sha512, by Larry Bugbee
- Added serialNumber, SN, surname, GN and givenName fields to X509_Name,
by Martin Paljak
- m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT is the fourth certificate
verification error that will be allowed when unknown CAs are allowed
- post connection checks in Connection.accept() and connect() fixed (these
were broken in 0.15)
- Fixed EVP.Cipher to work with aes_* ciphers (used to crash Python).
The actual problem was in m2.bytes_to_key.
- SMIME methods and functions raise correct exceptions
- Raise ValueError instead of AttributeError when a non-existing hash
algorithm or SSL version is asked for
- ssl_ctx_set_tmp_(dh|rsa) now return value, and the rsa version calls
the rsa function instead of the dh function
- digest_update and verify_update return type changed to int, which allows
better error reporting; EVP.MessageDigest.update and
EVP.PKey.verify_update likewise changed
- X509_Name and ASN1_String as_text (new for ASN1_String) take optional
parameters to control formatting.
- Cipher_Stack, X509_Stack and X509_Extension_Stack are iterable
- EVP.MessageDigest now properly cleans up the underlying data when the object
gets deleted
- It is now possible to set and get non-nid values to X509_Name (previously
only set worked)
- SSL.Connection.set_client_CA_list_from_file now uses the actual implementd
function instead of raising exception
- Multithreaded SSL no longer uses the SSL_set/get_app_data to set and
restore thread state, but uses the standard PyGILState_STATE instead.
- m2urllib no longer outputs the HTTP headers (there was an erronous call
to set_debuglevel(1))
- Removed RCS_id, RCS_ID and _RCS_id from Python files
- All known memory leaks fixed
- SWIG and compiler warning fixes
- More and better Epydoc formatted docstrings
- More than doubled the number of unit tests, also made many demos into tests
0.15 - 2005-08-17
-----------------
- Support OpenSSL 0.9.8, Python 2.4.1, SWIG 1.3.24
- Fixed multiple memory leaks
- Twisted integration
- Safer defaults for SSL context and post connection check for clients
- Eliminated C pointers from interfaces (some may still remain in callbacks)
- Many cases where Python interpreter crashed have been fixed
- Improved thread safety of many callbacks
- And of course more of the OpenSSL API is covered, new docstrings and
tests have been written
Changes since 0.13
--------------------
- Fixed memory leak due to circular reference in SSL.Connection.
Thanks to Michael Dunstan. Oops, patch is ZServerSSL-specific.
Andre Reitz provided a generalised fix. Thanks Andre.
- Fixed __getattr__ error in DSA. Thanks to Igor Belyi.
- Added rand_poll, rand_screen and rand_win32_event functions to
M2Crypto.Rand.
- Updated ZServerSSL files to match Zope 2.7.0 versions.
- Integrated (overlapping) patches by Peter Teniz and Heikki Toivonen
covering operations on X.509-related structures that gives M2Crypto
PKI functionality. Thanks Peter and Heikki.
- Peter Teniz contributed demo2004/pki/x509auth.py.
- Created demo2004/ directory that will contain new or updated demos.
- Added verify_[init|update|final] in _evp.i. Patch by Zachery Corbiere.
Thanks Zac.
Changes since 0.12/0.11
-------------------------
- Patches from Artur Frysiak <[email protected]>. Thanks Artur.
= Allow using a passphrase callback in class SMIME.
= Added method get0_signers to class PKCS7, which retrieves signers'
certificates from a PKCS7 blob.
= Added methods as_pem and save_pem to class X509.
= Added file version.py.
= Allow SSL.Context.load_verify_locations to accept both 'cafile' and
'capath'.
- Fixed BIO.read() not reading until EOF. Thanks to Egil Muller
<[email protected]> for suggestion.
- Honour 'mode' parameter in SSL.Connection.makefile. Thanks again to Egil
Muller.
- Roger Binns contributed epydoc-generated docs for M2Crypto. Thanks Roger.
- Peter Teniz contributed patches to create X.509 requests and certificates.
Thanks Peter.
- Updated Medusa to 0.54.
- Make various OpenSSL bignum functions (written long ago) available to Python.
Changes since 0.11
--------------------
- ZServerSSL with client certificate-based authentication rides again.
- Created Makefile for Python 2.3.
- Modified LICENCE: changed my name to the generic "the author" in the
all-caps disclaimer paragraph.
- Allow to save RSA key pair in the clear.
- ZServerSSL for Zope 2.7.
- Excluded RC5. IDEA was taken out several releases ago. This should
allow M2Crypto to build with stock OpenSSL on various Linuxen.
- Added ssl_set_tmp_dh_callback.
- Added ssl_set_tmp_rsa and ssl_set_tmp_rsa_callback to support weak-cipher
browsers.
- ZServerSSL exports SSL_CIPHER request header (a la mod_ssl) to Zope
applications.
- Perform distutils's SWIG .i search path tweaking within setup.py. setup.py
should now work "out of the box".
- Added contrib/smimeplus.py, a high-level S/MIME interface, contributed by
Bernard Yue <[email protected]>. Thanks Bernard.
- Added in long forms of nid's in X509_Name. Thanks to William K Volkman
<[email protected]> for patch.
- Updated Mac OS X build instructions. Thanks to Larry Bugbee
Changes since 0.10
--------------------
- Dave Berkeley <[email protected]> contributed fixes to
SSL.Context-related memory leaks and code to set the size of the SSL
session cache.
- Brent Chun <[email protected]> contributed the following:
+ Fixes to memory leaks.
+ Code to expose X.509 certificate chain operations.
+ Code to expose set/get operations on the SSL session cache.
- Changed swig/ to SWIG/, for the convenience of people who don't read
INSTALL. Some Makefiles may break because of this. setup.py continues
to work, of course.
- ZServerSSL tested with Zope 2.6.1. There is now a HOWTO.
- Updated README and INSTALL.
- Filled doc/ with stuff that went missing in several past releases.
Changes since 0.09
--------------------
- Updated to OpenSSL 0.9.7. Thanks to Toby Allsopp <[email protected]> for
patches.
- Added functionality to create a basic certificate request. Also
contributed by Toby Allsopp.
- Finally, AES!
Changes since 0.08
--------------------
- Replaced demo/Zope/ZServer/__init__.py with the correct version
for Zope 2.6.0.
- Added a sample starts.bat for ZServerSSL.
- Incoporated a patch by [email protected] that handled the
new-in-Python-2.2.2 "strict" parameter for the various HTTP[S] connection
classes in httplib.py. Thanks prashanth. This fixes M2Crypto's XMLRPC
support for Python 2.2.2. (Apparently it was working for Python 2.2.1.)
- Incorporated some cosmetic patches from Adam Karpierz <[email protected]>.
Thanks Adam.
Changes since 0.07 snapshot #3
--------------------------------
- Updated to SWIG 1.3.17.
- Excluded IDEA.
- Tested with OpenSSL 0.9.6h.
- ZServerSSL rides again for Zope 2.6.0.
- setup.py does!
- Removed Makefiles for Windows and Unix. (Makefile.osx remains.)
- Included in contrib/ Isaac Salzberg's application of Mihai Ibanescu's
patch that allows IIS interoperability thru an authenticating proxy.
Thanks Isaac.
- Included in contrib/ patch by Dave Brueck <[email protected]>
that has smarter non-blocking behaviour. Thanks Dave.
Changes since 0.06
-----------------------
- test_ssl_win.py. (Requires Mark Hammond's Win32 extensions.)
- Renamed demo/https to demo/medusa; updated Medusa to 2001 Jun release.
- Improved _ssl.i's and M2Crypto.SSL.Connection's accept/connect methods.
- M2Crypto.ftpslib for client-side FTP/TLS.
- demo/medusa/ftps_server.py for server-side FTP/TLS.
- Improved thread-safety.
- Cleaned up echo client and servers.
- Fixed missing import in m2urllib.
- Fixed m2urllib to handle HTTP redirects.
- Python 2.2 compatibility.
- AuthCookie - secure authenticator cookies.
Changes since 0.05
-----------------------
- Handled the cases where Python callbacks raised exceptions.
- Fixed a NULL-deref bug in _ssl.i which crashes Medusa https when IE
or Opera comes a-calling.
- ZServerSSL rides again - a more robust ZServerSSL for Zope 2.3.0.
- Added the MIME type 'application/x-x509-ca-cert' to
demo/ssl/https_srv.py. This facilitates installing self-generated
certificates into your browser.
- ZSmime and GuardedFile bundled.
- Documentation! A HOWTO on operating your own CA.
- Documentation! A HOWTO on S/MIME. Examples are in demo/smime.howto.
- Python 2.1 compatibility.
- Fixed demo/https/https_server.py's CPU-spinning. (As per ZServerSSL.)
- Fixed m2urllib's unexpected eof - demo/ssl/urllib_cli.py now works.
- Renamed xmlrpclib2.py to m2xmlrpclib.py.
- Kludged SSL.ssl_dispatcher to do blocking connect()'s: see
demo/ssl/https_cli_async.py.
- SWIG 1.3.6 does! Thanks to Keith Jackson <[email protected]>.
Changes since 0.04
-----------------------
- Fixed a silly reversed-logic bug in M2Crypto.SSL.Connection.setblocking().
- Fixed yet more memory leaks. Thanks to Ray Suorsa <[email protected]>.
- Build instructions for Borland BC++ 5.5 free compiler suite.
- Bundles the June 2000 unencumbered release of Medusa.
- SSL callback thread-safety. Thanks again to Ray Suorsa for insights and
patches.
- Renamed M2Crypto.M2Crypto to M2Crypto.m2 to prevent package/module loading
confusion.
- SSL.Session and a demo in demo/ssl/sess.py.
- https_srv.py, an enhanced, https version of SimpleHTTPServer.py.
- Interface change: SMIME.load_pkcs7_bio() is renamed
SMIME.smime_load_pkcs7_bio(), similarly SMIME.load_pkcs7() to
SMIME.smime_load_pkcs7(); these load PKCS7 objects generated by S/MIME.
- Interface change: SMIME.load_pkcs7_bio() now loads a PKCS7 PEM file, i.e., a
file of the format "-----BEGIN PKCS7-----".
- Works with both Python 2.0 and Python 1.5.2.
- OpenSSL 0.9.6. (Possibly incompatible with earlier OpenSSL releases.)
- Unit tests with PyUnit.
- Improved C code:
= Custom Python exceptions.
= Diligent error checking.
= Fixed memory leaks.
- Renamed M2Crypto.urllib2 to M2Crypto.m2urllib.
- HTTPS clients of Python 1.5.2's and Python 2.0's httplib and urllib.
Changes since 0.03
-----------------------
- SSL certificate-based authentication with Python callback.
- More robust SSL.Connection - raises exceptions, not dumps core.
- Fixed (some) memory leaks and multiple-free()s.
- Cleaned up EVP.HMAC and EVP.PKey.
- More X.509 certificate manipulation.
- An interface to create SSL sessions.
- Unified SSL read() and write() for synchronous and asynchronous operation.
- S/MIME and PKCS #7.
- Integrated with OpenSSL 0.9.5.
- Enhanced the PRNG interface.
Changes since 0.02
-----------------------
1. Ephemeral DH for SSL.
2. ThreadingSSLServer now does.
3. XMLrpc over https.
4. ZServerSSL for Zope 2.1.3.
5. Encrypting monitor for Zope 2.1.3.
6. Beginnings of PGP2 support.
7. Replaced eval() calls with other (hopefully) safe ones.
8. Miscellaneous enhancements and bug fixes.
Changes since 0.01
-----------------------
1. Beginnings of SSL support.
For building servers, blocking i/o:
- An SSLServer modeled after SocketServer.
- A ForkingSSLServer that seems to work well.
- A ThreadingSSLServer that runs one thread at a time. (!) ;-)
For building servers, nonblocking i/o:
- An ssl_dispatcher modeled after asyncore.dispatcher.
A HTTPS server based on Medusa.
For client-side web programming:
- httpslib
- urllib2
2. Support for some BIO objects.
3. Reduced per-module name space pollution.
4. Have Swig check for NULL pointers: reduced .i cut-&-paste.
5. Standardise on MPINT for passing big integers between Python and OpenSSL.
6. Removed MD5, SHA1, RIPEMD160. Just use EVP.MessageDigest.
7. Removed HMAC. Just use EVP.HMAC.