Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: pyca/pyopenssl
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 24.0.0
Choose a base ref
...
head repository: pyca/pyopenssl
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 24.1.0
Choose a head ref
  • 6 commits
  • 11 files changed
  • 2 contributors

Commits on Jan 26, 2024

  1. fix for E721 errors raised by flake8 (#1289)

    @julianz-
    julianz- authored Jan 26, 2024
    Copy the full SHA
    1508c4b View commit details

Commits on Jan 28, 2024

  1. Removed redundant code in SSL.py that depended on old version of cryp… 

    …tography (#1290)
    @julianz-
    julianz- authored Jan 28, 2024

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    482b95e View commit details

Commits on Feb 18, 2024

  1. Fixed typos in CHANGELOG.rst (#1293)

    @alex
    alex authored Feb 18, 2024
    Copy the full SHA
    a972ea4 View commit details

Commits on Mar 4, 2024

  1. Stop using flaky lib, use pytest-rerunfailures instead (#1296) 

    * Stop using flaky lib, use pytest-rerunfailures instead

flaky is not compatible with the latest pytest release and appears unmaintained, while pytest-rerunfailures is maintained by the pytest team

* ruff
    @alex
    alex authored Mar 4, 2024

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    510b0e5 View commit details

Commits on Mar 9, 2024

  1. Remove deprecated PKCS12 and NetscapeSPKI classes (#1288)

    @alex
    alex authored Mar 9, 2024

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    cea1f2e View commit details

  2. Bump version for 24.1.0 release (#1297) 

    * Bump version for 24.1.0 release

* ruff updates
    @alex
    alex authored Mar 9, 2024
    Copy the full SHA
    d9f2c46 View commit details
Showing with 55 additions and 679 deletions.
  1. +18 −2 CHANGELOG.rst
  2. +0 −18 doc/api/crypto.rst
  3. +2 −2 pyproject.toml
  4. +1 −1 setup.py
  5. +7 −16 src/OpenSSL/SSL.py
  6. +2 −303 src/OpenSSL/crypto.py
  7. +1 −1 src/OpenSSL/version.py
  8. +3 −3 tests/conftest.py
  9. +13 −325 tests/test_crypto.py
  10. +8 −7 tests/test_ssl.py
  11. +0 −1 tests/util.py
20 changes: 18 additions & 2 deletions CHANGELOG.rst
View file
Original file line number Diff line number Diff line change
@@ -4,6 +4,22 @@ Changelog
Versions are year-based with a strict backward-compatibility policy.
The third digit is only for regressions.

24.1.0 (2024-03-09)
-------------------

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Removed the deprecated ``OpenSSL.crypto.PKCS12`` and
``OpenSSL.crypto.NetscapeSPKI``. ``OpenSSL.crypto.PKCS12`` may be replaced
by the PKCS#12 APIs in the ``cryptography`` package.

Deprecations:
^^^^^^^^^^^^^

Changes:
^^^^^^^^

24.0.0 (2024-01-22)
-------------------

@@ -27,7 +43,7 @@ Backward-incompatible changes:

- Dropped support for Python 3.6.
- The minimum ``cryptography`` version is now 41.0.5.
- Removed ``OpenSSL.crypto.loads_pkcs7`` and ``OpenSSL.crypto.loads_pkcs12`` which had been deprecated for 3 years.
- Removed ``OpenSSL.crypto.load_pkcs7`` and ``OpenSSL.crypto.load_pkcs12`` which had been deprecated for 3 years.
- Added ``OpenSSL.SSL.OP_LEGACY_SERVER_CONNECT`` to allow legacy insecure renegotiation between OpenSSL and unpatched servers.
`#1234 <https://github.com/pyca/pyopenssl/pull/1234>`_.

@@ -220,7 +236,7 @@ Backward-incompatible changes:
Deprecations:
^^^^^^^^^^^^^

- Deprecated ``OpenSSL.crypto.loads_pkcs7`` and ``OpenSSL.crypto.loads_pkcs12``.
- Deprecated ``OpenSSL.crypto.load_pkcs7`` and ``OpenSSL.crypto.load_pkcs12``.

Changes:
^^^^^^^^
18 changes: 0 additions & 18 deletions doc/api/crypto.rst
View file
Original file line number Diff line number Diff line change
@@ -160,14 +160,6 @@ PKey objects
Key type constants.

.. _openssl-pkcs12:

PKCS12 objects
--------------

.. autoclass:: PKCS12
:members:

.. _openssl-509ext:

X509Extension objects
@@ -178,16 +170,6 @@ X509Extension objects
:special-members:
:exclude-members: __weakref__

.. _openssl-netscape-spki:

NetscapeSPKI objects
--------------------

.. autoclass:: NetscapeSPKI
:members:
:special-members:
:exclude-members: __weakref__

.. _crl:

CRL objects
4 changes: 2 additions & 2 deletions pyproject.toml
View file
Original file line number Diff line number Diff line change
@@ -44,8 +44,8 @@ addopts = "-r s --strict-markers"
testpaths = ["tests"]

[tool.ruff]
select = ['E', 'F', 'I', 'W', 'UP', 'RUF']
lint.select = ['E', 'F', 'I', 'W', 'UP', 'RUF']
line-length = 79

[tool.ruff.isort]
[tool.ruff.lint.isort]
known-first-party = ["OpenSSL", "tests"]
2 changes: 1 addition & 1 deletion setup.py
View file
Original file line number Diff line number Diff line change
@@ -96,7 +96,7 @@ def find_meta(meta):
"cryptography>=41.0.5,<43",
],
extras_require={
"test": ["flaky", "pretend", "pytest>=3.0.1"],
"test": ["pytest-rerunfailures", "pretend", "pytest>=3.0.1"],
"docs": [
"sphinx!=5.2.0,!=5.2.0.post0,!=7.2.5",
"sphinx_rtd_theme",
23 changes: 7 additions & 16 deletions src/OpenSSL/SSL.py
View file
Original file line number Diff line number Diff line change
@@ -163,20 +163,11 @@
DTLS_SERVER_METHOD = 11
DTLS_CLIENT_METHOD = 12

try:
SSL3_VERSION = _lib.SSL3_VERSION
TLS1_VERSION = _lib.TLS1_VERSION
TLS1_1_VERSION = _lib.TLS1_1_VERSION
TLS1_2_VERSION = _lib.TLS1_2_VERSION
TLS1_3_VERSION = _lib.TLS1_3_VERSION
except AttributeError:
# Hardcode constants for cryptography < 3.4, see
# https://github.com/pyca/pyopenssl/pull/985#issuecomment-775186682
SSL3_VERSION = 768
TLS1_VERSION = 769
TLS1_1_VERSION = 770
TLS1_2_VERSION = 771
TLS1_3_VERSION = 772
SSL3_VERSION = _lib.SSL3_VERSION
TLS1_VERSION = _lib.TLS1_VERSION
TLS1_1_VERSION = _lib.TLS1_1_VERSION
TLS1_2_VERSION = _lib.TLS1_2_VERSION
TLS1_3_VERSION = _lib.TLS1_3_VERSION

OP_NO_SSLv2 = _lib.SSL_OP_NO_SSLv2
OP_NO_SSLv3 = _lib.SSL_OP_NO_SSLv3
@@ -1388,8 +1379,8 @@ def set_client_ca_list(self, certificate_authorities):
for ca_name in certificate_authorities:
if not isinstance(ca_name, X509Name):
raise TypeError(
"client CAs must be X509Name objects, not {} "
"objects".format(type(ca_name).__name__)
f"client CAs must be X509Name objects, not "
f"{type(ca_name).__name__} objects"
)
copy = _lib.X509_NAME_dup(ca_name._name)
_openssl_assert(copy != _ffi.NULL)
Loading