Update dependency pyopenssl to v23
This MR contains the following updates:
Package | Update | Change |
---|---|---|
pyopenssl (source) | major |
==19.0.0 -> ==23.0.0
|
Release Notes
pyca/pyopenssl
v23.0.0
Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Deprecations: ^^^^^^^^^^^^^
Changes: ^^^^^^^^
- Add
OpenSSL.SSL.X509StoreFlags.PARTIAL_CHAIN
constant to allow for users to perform certificate verification on partial certificate chains.#​1166 <https://github.com/pyca/pyopenssl/pull/1166>
_ -
cryptography
maximum version has been increased to 39.0.x.
v22.1.0
Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Remove support for SSLv2 and SSLv3.
- The minimum
cryptography
version is now 38.0.x (and we now pin releases againstcryptography
major versions to prevent future breakage) - The
OpenSSL.crypto.X509StoreContextError
exception has been refactored, changing its internal attributes.#​1133 <https://github.com/pyca/pyopenssl/pull/1133>
_
Deprecations: ^^^^^^^^^^^^^
-
OpenSSL.SSL.SSLeay_version
is deprecated in favor ofOpenSSL.SSL.OpenSSL_version
. The constantsOpenSSL.SSL.SSLEAY_*
are deprecated in favor ofOpenSSL.SSL.OPENSSL_*
.
Changes: ^^^^^^^^
- Add
OpenSSL.SSL.Connection.set_verify
andOpenSSL.SSL.Connection.get_verify_mode
to override the context object's verification flags.#​1073 <https://github.com/pyca/pyopenssl/pull/1073>
_ - Add
OpenSSL.SSL.Connection.use_certificate
andOpenSSL.SSL.Connection.use_privatekey
to set a certificate per connection (and not just per context)#​1121 <https://github.com/pyca/pyopenssl/pull/1121>
_.
v22.0.0
Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Drop support for Python 2.7.
#​1047 <https://github.com/pyca/pyopenssl/pull/1047>
_ - The minimum
cryptography
version is now 35.0.
Deprecations: ^^^^^^^^^^^^^
Changes: ^^^^^^^^
- Expose wrappers for some
DTLS <https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security>
_ primitives.#​1026 <https://github.com/pyca/pyopenssl/pull/1026>
_
v21.0.0
Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- The minimum
cryptography
version is now 3.3. - Drop support for Python 3.5
Deprecations: ^^^^^^^^^^^^^
Changes: ^^^^^^^^
- Raise an error when an invalid ALPN value is set.
#​993 <https://github.com/pyca/pyopenssl/pull/993>
_ - Added
OpenSSL.SSL.Context.set_min_proto_version
andOpenSSL.SSL.Context.set_max_proto_version
to set the minimum and maximum supported TLS version#​985 <https://github.com/pyca/pyopenssl/pull/985>
_. - Updated
to_cryptography
andfrom_cryptography
methods to support an upcoming release ofcryptography
without raising deprecation warnings.#​1030 <https://github.com/pyca/pyopenssl/pull/1030>
_
v20.0.1
Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Deprecations: ^^^^^^^^^^^^^
Changes: ^^^^^^^^
- Fixed compatibility with OpenSSL 1.1.0.
v20.0.0
Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- The minimum
cryptography
version is now 3.2. - Remove deprecated
OpenSSL.tsafe
module. - Removed deprecated
OpenSSL.SSL.Context.set_npn_advertise_callback
,OpenSSL.SSL.Context.set_npn_select_callback
, andOpenSSL.SSL.Connection.get_next_proto_negotiated
. - Drop support for Python 3.4
- Drop support for OpenSSL 1.0.1 and 1.0.2
Deprecations: ^^^^^^^^^^^^^
- Deprecated
OpenSSL.crypto.loads_pkcs7
andOpenSSL.crypto.loads_pkcs12
.
Changes: ^^^^^^^^
- Added a new optional
chain
parameter toOpenSSL.crypto.X509StoreContext()
where additional untrusted certificates can be specified to help chain building.#​948 <https://github.com/pyca/pyopenssl/pull/948>
_ - Added
OpenSSL.crypto.X509Store.load_locations
to set trusted certificate file bundles and/or directories for verification.#​943 <https://github.com/pyca/pyopenssl/pull/943>
_ - Added
Context.set_keylog_callback
to log key material.#​910 <https://github.com/pyca/pyopenssl/pull/910>
_ - Added
OpenSSL.SSL.Connection.get_verified_chain
to retrieve the verified certificate chain of the peer.#​894 <https://github.com/pyca/pyopenssl/pull/894>
_. - Make verification callback optional in
Context.set_verify
. If omitted, OpenSSL's default verification is used.#​933 <https://github.com/pyca/pyopenssl/pull/933>
_ - Fixed a bug that could truncate or cause a zero-length key error due to a
null byte in private key passphrase in
OpenSSL.crypto.load_privatekey
andOpenSSL.crypto.dump_privatekey
.#​947 <https://github.com/pyca/pyopenssl/pull/947>
_
v19.1.0
Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Removed deprecated
ContextType
,ConnectionType
,PKeyType
,X509NameType
,X509ReqType
,X509Type
,X509StoreType
,CRLType
,PKCS7Type
,PKCS12Type
, andNetscapeSPKIType
aliases. Use the classes without theType
suffix instead.#​814 <https://github.com/pyca/pyopenssl/pull/814>
_ - The minimum
cryptography
version is now 2.8 due to issues on macOS with a transitive dependency.#​875 <https://github.com/pyca/pyopenssl/pull/875>
_
Deprecations: ^^^^^^^^^^^^^
- Deprecated
OpenSSL.SSL.Context.set_npn_advertise_callback
,OpenSSL.SSL.Context.set_npn_select_callback
, andOpenSSL.SSL.Connection.get_next_proto_negotiated
. ALPN should be used instead.#​820 <https://github.com/pyca/pyopenssl/pull/820>
_
Changes: ^^^^^^^^
- Support
bytearray
inSSL.Connection.send()
by using cffi's from_buffer.#​852 <https://github.com/pyca/pyopenssl/pull/852>
_ - The
OpenSSL.SSL.Context.set_alpn_select_callback
can return a newNO_OVERLAPPING_MROTOCOLS
sentinel value to allow a TLS handshake to complete without an application protocol.
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.