UNCLASSIFIED - NO CUI

Skip to content

Update dependency pyopenssl to v23

renovate requested to merge renovate/pyopenssl-23.x into development

This MR contains the following updates:

Package Update Change
pyopenssl (source) major ==19.0.0 -> ==23.0.0

Release Notes

pyca/pyopenssl

v23.0.0

Compare Source

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Deprecations: ^^^^^^^^^^^^^

Changes: ^^^^^^^^

  • Add OpenSSL.SSL.X509StoreFlags.PARTIAL_CHAIN constant to allow for users to perform certificate verification on partial certificate chains. #&#8203;1166 <https://github.com/pyca/pyopenssl/pull/1166>_
  • cryptography maximum version has been increased to 39.0.x.

v22.1.0

Compare Source

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Remove support for SSLv2 and SSLv3.
  • The minimum cryptography version is now 38.0.x (and we now pin releases against cryptography major versions to prevent future breakage)
  • The OpenSSL.crypto.X509StoreContextError exception has been refactored, changing its internal attributes. #&#8203;1133 <https://github.com/pyca/pyopenssl/pull/1133>_

Deprecations: ^^^^^^^^^^^^^

  • OpenSSL.SSL.SSLeay_version is deprecated in favor of OpenSSL.SSL.OpenSSL_version. The constants OpenSSL.SSL.SSLEAY_* are deprecated in favor of OpenSSL.SSL.OPENSSL_*.

Changes: ^^^^^^^^

  • Add OpenSSL.SSL.Connection.set_verify and OpenSSL.SSL.Connection.get_verify_mode to override the context object's verification flags. #&#8203;1073 <https://github.com/pyca/pyopenssl/pull/1073>_
  • Add OpenSSL.SSL.Connection.use_certificate and OpenSSL.SSL.Connection.use_privatekey to set a certificate per connection (and not just per context) #&#8203;1121 <https://github.com/pyca/pyopenssl/pull/1121>_.

v22.0.0

Compare Source

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Drop support for Python 2.7. #&#8203;1047 <https://github.com/pyca/pyopenssl/pull/1047>_
  • The minimum cryptography version is now 35.0.

Deprecations: ^^^^^^^^^^^^^

Changes: ^^^^^^^^

  • Expose wrappers for some DTLS <https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security>_ primitives. #&#8203;1026 <https://github.com/pyca/pyopenssl/pull/1026>_

v21.0.0

Compare Source

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • The minimum cryptography version is now 3.3.
  • Drop support for Python 3.5

Deprecations: ^^^^^^^^^^^^^

Changes: ^^^^^^^^

  • Raise an error when an invalid ALPN value is set. #&#8203;993 <https://github.com/pyca/pyopenssl/pull/993>_
  • Added OpenSSL.SSL.Context.set_min_proto_version and OpenSSL.SSL.Context.set_max_proto_version to set the minimum and maximum supported TLS version #&#8203;985 <https://github.com/pyca/pyopenssl/pull/985>_.
  • Updated to_cryptography and from_cryptography methods to support an upcoming release of cryptography without raising deprecation warnings. #&#8203;1030 <https://github.com/pyca/pyopenssl/pull/1030>_

v20.0.1

Compare Source

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Deprecations: ^^^^^^^^^^^^^

Changes: ^^^^^^^^

  • Fixed compatibility with OpenSSL 1.1.0.

v20.0.0

Compare Source

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • The minimum cryptography version is now 3.2.
  • Remove deprecated OpenSSL.tsafe module.
  • Removed deprecated OpenSSL.SSL.Context.set_npn_advertise_callback, OpenSSL.SSL.Context.set_npn_select_callback, and OpenSSL.SSL.Connection.get_next_proto_negotiated.
  • Drop support for Python 3.4
  • Drop support for OpenSSL 1.0.1 and 1.0.2

Deprecations: ^^^^^^^^^^^^^

  • Deprecated OpenSSL.crypto.loads_pkcs7 and OpenSSL.crypto.loads_pkcs12.

Changes: ^^^^^^^^

  • Added a new optional chain parameter to OpenSSL.crypto.X509StoreContext() where additional untrusted certificates can be specified to help chain building. #&#8203;948 <https://github.com/pyca/pyopenssl/pull/948>_
  • Added OpenSSL.crypto.X509Store.load_locations to set trusted certificate file bundles and/or directories for verification. #&#8203;943 <https://github.com/pyca/pyopenssl/pull/943>_
  • Added Context.set_keylog_callback to log key material. #&#8203;910 <https://github.com/pyca/pyopenssl/pull/910>_
  • Added OpenSSL.SSL.Connection.get_verified_chain to retrieve the verified certificate chain of the peer. #&#8203;894 <https://github.com/pyca/pyopenssl/pull/894>_.
  • Make verification callback optional in Context.set_verify. If omitted, OpenSSL's default verification is used. #&#8203;933 <https://github.com/pyca/pyopenssl/pull/933>_
  • Fixed a bug that could truncate or cause a zero-length key error due to a null byte in private key passphrase in OpenSSL.crypto.load_privatekey and OpenSSL.crypto.dump_privatekey. #&#8203;947 <https://github.com/pyca/pyopenssl/pull/947>_

v19.1.0

Compare Source

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Removed deprecated ContextType, ConnectionType, PKeyType, X509NameType, X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, and NetscapeSPKIType aliases. Use the classes without the Type suffix instead. #&#8203;814 <https://github.com/pyca/pyopenssl/pull/814>_
  • The minimum cryptography version is now 2.8 due to issues on macOS with a transitive dependency. #&#8203;875 <https://github.com/pyca/pyopenssl/pull/875>_

Deprecations: ^^^^^^^^^^^^^

  • Deprecated OpenSSL.SSL.Context.set_npn_advertise_callback, OpenSSL.SSL.Context.set_npn_select_callback, and OpenSSL.SSL.Connection.get_next_proto_negotiated. ALPN should be used instead. #&#8203;820 <https://github.com/pyca/pyopenssl/pull/820>_

Changes: ^^^^^^^^

  • Support bytearray in SSL.Connection.send() by using cffi's from_buffer. #&#8203;852 <https://github.com/pyca/pyopenssl/pull/852>_
  • The OpenSSL.SSL.Context.set_alpn_select_callback can return a new NO_OVERLAPPING_MROTOCOLS sentinel value to allow a TLS handshake to complete without an application protocol.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Merge request reports

UNCLASSIFIED - NO CUI