|
Server : Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.17 System : Linux localhost 2.6.18-419.el5 #1 SMP Fri Feb 24 22:47:42 UTC 2017 x86_64 User : nobody ( 99) PHP Version : 5.2.17 Disable Function : NONE Directory : /proc/21585/root/usr/share/doc/m2crypto-0.16/ |
Upload File : |
0.16
----
- Minimum requirements updated: Python 2.3+, OpenSSL 0.9.7+, SWIG 1.3.24+
- Optional features from OpenSSL 0.9.8 and newer
- Enhancements to EVP and X509 to allow proxy certificate handling,
by Matt Rodriguez
- SSLBio and related additions to help do SSL with BIOs directly,
by Matt Rodriguez
- Added --openssl option to build command which can be used to specify
where OpenSSL is installed, by Matt Rodriguez
- Added sign and verify to RSA class, and get_rsa to PKey class,
by Matt Rodriguez
- ECDSA signatures and ECDH key agreement, requires OpenSSL 0.9.8+,
by Arno Bakker
- Fix non-hashable type problems in SSL._ctxmap and users,
by Michael Weiser
- Fixed SSLServer.handle_error to take the correct number of
arguments, by Dan Williams
- Various DSA enhancements by Larry Bugbee
- Added sha224, sha256, sha384 and sha512, by Larry Bugbee
- Added serialNumber, SN, surname, GN and givenName fields to X509_Name,
by Martin Paljak
- m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT is the fourth certificate
verification error that will be allowed when unknown CAs are allowed
- post connection checks in Connection.accept() and connect() fixed (these
were broken in 0.15)
- Fixed EVP.Cipher to work with aes_* ciphers (used to crash Python).
The actual problem was in m2.bytes_to_key.
- SMIME methods and functions raise correct exceptions
- Raise ValueError instead of AttributeError when a non-existing hash
algorithm or SSL version is asked for
- ssl_ctx_set_tmp_(dh|rsa) now return value, and the rsa version calls
the rsa function instead of the dh function
- digest_update and verify_update return type changed to int, which allows
better error reporting; EVP.MessageDigest.update and
EVP.PKey.verify_update likewise changed
- X509_Name and ASN1_String as_text (new for ASN1_String) take optional
parameters to control formatting.
- Cipher_Stack, X509_Stack and X509_Extension_Stack are iterable
- EVP.MessageDigest now properly cleans up the underlying data when the object
gets deleted
- It is now possible to set and get non-nid values to X509_Name (previously
only set worked)
- SSL.Connection.set_client_CA_list_from_file now uses the actual implementd
function instead of raising exception
- Multithreaded SSL no longer uses the SSL_set/get_app_data to set and
restore thread state, but uses the standard PyGILState_STATE instead.
- m2urllib no longer outputs the HTTP headers (there was an erronous call
to set_debuglevel(1))
- Removed RCS_id, RCS_ID and _RCS_id from Python files
- All known memory leaks fixed
- SWIG and compiler warning fixes
- More and better Epydoc formatted docstrings
- More than doubled the number of unit tests, also made many demos into tests
0.15
----
- Support OpenSSL 0.9.8, Python 2.4.1, SWIG 1.3.24
- Fixed multiple memory leaks
- Twisted integration
- Safer defaults for SSL context and post connection check for clients
- Eliminated C pointers from interfaces (some may still remain in callbacks)
- Many cases where Python interpreter crashed have been fixed
- Improved thread safety of many callbacks
- And of course more of the OpenSSL API is covered, new docstrings and
tests have been written
Changes since 0.13
--------------------
- Fixed memory leak due to circular reference in SSL.Connection.
Thanks to Michael Dunstan. Oops, patch is ZServerSSL-specific.
Andre Reitz provided a generalised fix. Thanks Andre.
- Fixed __getattr__ error in DSA. Thanks to Igor Belyi.
- Added rand_poll, rand_screen and rand_win32_event functions to
M2Crypto.Rand.
- Updated ZServerSSL files to match Zope 2.7.0 versions.
- Integrated (overlapping) patches by Peter Teniz and Heikki Toivonen
covering operations on X.509-related structures that gives M2Crypto
PKI functionality. Thanks Peter and Heikki.
- Peter Teniz contributed demo2004/pki/x509auth.py.
- Created demo2004/ directory that will contain new or updated demos.
- Added verify_[init|update|final] in _evp.i. Patch by Zachery Corbiere.
Thanks Zac.
Changes since 0.12/0.11
-------------------------
- Patches from Artur Frysiak <wiget@pld-linux.org>. Thanks Artur.
= Allow using a passphrase callback in class SMIME.
= Added method get0_signers to class PKCS7, which retrieves signers'
certificates from a PKCS7 blob.
= Added methods as_pem and save_pem to class X509.
= Added file version.py.
= Allow SSL.Context.load_verify_locations to accept both 'cafile' and
'capath'.
- Fixed BIO.read() not reading until EOF. Thanks to Egil Muller
<redhog@redhog.org> for suggestion.
- Honour 'mode' parameter in SSL.Connection.makefile. Thanks again to Egil
Muller.
- Roger Binns contributed epydoc-generated docs for M2Crypto. Thanks Roger.
- Peter Teniz contributed patches to create X.509 requests and certificates.
Thanks Peter.
- Updated Medusa to 0.54.
- Make various OpenSSL bignum functions (written long ago) available to Python.
Changes since 0.11
--------------------
- ZServerSSL with client certificate-based authentication rides again.
- Created Makefile for Python 2.3.
- Modified LICENCE: changed my name to the generic "the author" in the
all-caps disclaimer paragraph.
- Allow to save RSA key pair in the clear.
- ZServerSSL for Zope 2.7.
- Excluded RC5. IDEA was taken out several releases ago. This should
allow M2Crypto to build with stock OpenSSL on various Linuxen.
- Added ssl_set_tmp_dh_callback.
- Added ssl_set_tmp_rsa and ssl_set_tmp_rsa_callback to support weak-cipher
browsers.
- ZServerSSL exports SSL_CIPHER request header (a la mod_ssl) to Zope
applications.
- Perform distutils's SWIG .i search path tweaking within setup.py. setup.py
should now work "out of the box".
- Added contrib/smimeplus.py, a high-level S/MIME interface, contributed by
Bernard Yue <bernie@3captus.com>. Thanks Bernard.
- Added in long forms of nid's in X509_Name. Thanks to William K Volkman
<development@netshark.com> for patch.
- Updated Mac OS X build instructions. Thanks to Larry Bugbee
<bugbee@seanet.com>.
Changes since 0.10
--------------------
- Dave Berkeley <dave@rotwang.freeserve.co.uk> contributed fixes to
SSL.Context-related memory leaks and code to set the size of the SSL
session cache.
- Brent Chun <bnc@intel-research.net> contributed the following:
+ Fixes to memory leaks.
+ Code to expose X.509 certificate chain operations.
+ Code to expose set/get operations on the SSL session cache.
- Changed swig/ to SWIG/, for the convenience of people who don't read
INSTALL. Some Makefiles may break because of this. setup.py continues
to work, of course.
- ZServerSSL tested with Zope 2.6.1. There is now a HOWTO.
- Updated README and INSTALL.
- Filled doc/ with stuff that went missing in several past releases.
Changes since 0.09
--------------------
- Updated to OpenSSL 0.9.7. Thanks to Toby Allsopp <toby@MI6.GEN.NZ> for
patches.
- Added functionality to create a basic certificate request. Also
contributed by Toby Allsopp.
- Finally, AES!
Changes since 0.08
--------------------
- Replaced demo/Zope/ZServer/__init__.py with the correct version
for Zope 2.6.0.
- Added a sample starts.bat for ZServerSSL.
- Incoporated a patch by prashanth@jibe.biz that handled the
new-in-Python-2.2.2 "strict" parameter for the various HTTP[S] connection
classes in httplib.py. Thanks prashanth. This fixes M2Crypto's XMLRPC
support for Python 2.2.2. (Apparently it was working for Python 2.2.1.)
- Incorporated some cosmetic patches from Adam Karpierz <karpierz@zope.pl>.
Thanks Adam.
Changes since 0.07 snapshot #3
--------------------------------
- Updated to SWIG 1.3.17.
- Excluded IDEA.
- Tested with OpenSSL 0.9.6h.
- ZServerSSL rides again for Zope 2.6.0.
- setup.py does!
- Removed Makefiles for Windows and Unix. (Makefile.osx remains.)
- Included in contrib/ Isaac Salzberg's application of Mihai Ibanescu's
patch that allows IIS interoperability thru an authenticating proxy.
Thanks Isaac.
- Included in contrib/ patch by Dave Brueck <dave@pythonaprocrypha.com>
that has smarter non-blocking behaviour. Thanks Dave.
Changes since 0.06
-----------------------
- test_ssl_win.py. (Requires Mark Hammond's Win32 extensions.)
- Renamed demo/https to demo/medusa; updated Medusa to 2001 Jun release.
- Improved _ssl.i's and M2Crypto.SSL.Connection's accept/connect methods.
- M2Crypto.ftpslib for client-side FTP/TLS.
- demo/medusa/ftps_server.py for server-side FTP/TLS.
- Improved thread-safety.
- Cleaned up echo client and servers.
- Fixed missing import in m2urllib.
- Fixed m2urllib to handle HTTP redirects.
- Python 2.2 compatibility.
- AuthCookie - secure authenticator cookies.
Changes since 0.05
-----------------------
- Handled the cases where Python callbacks raised exceptions.
- Fixed a NULL-deref bug in _ssl.i which crashes Medusa https when IE
or Opera comes a-calling.
- ZServerSSL rides again - a more robust ZServerSSL for Zope 2.3.0.
- Added the MIME type 'application/x-x509-ca-cert' to
demo/ssl/https_srv.py. This facilitates installing self-generated
certificates into your browser.
- ZSmime and GuardedFile bundled.
- Documentation! A HOWTO on operating your own CA.
- Documentation! A HOWTO on S/MIME. Examples are in demo/smime.howto.
- Python 2.1 compatibility.
- Fixed demo/https/https_server.py's CPU-spinning. (As per ZServerSSL.)
- Fixed m2urllib's unexpected eof - demo/ssl/urllib_cli.py now works.
- Renamed xmlrpclib2.py to m2xmlrpclib.py.
- Kludged SSL.ssl_dispatcher to do blocking connect()'s: see
demo/ssl/https_cli_async.py.
- SWIG 1.3.6 does! Thanks to Keith Jackson <krjackson@lbl.gov>.
Changes since 0.04
-----------------------
- Fixed a silly reversed-logic bug in M2Crypto.SSL.Connection.setblocking().
- Fixed yet more memory leaks. Thanks to Ray Suorsa <res@loudcloud.com>.
- Build instructions for Borland BC++ 5.5 free compiler suite.
- Bundles the June 2000 unencumbered release of Medusa.
- SSL callback thread-safety. Thanks again to Ray Suorsa for insights and
patches.
- Renamed M2Crypto.M2Crypto to M2Crypto.m2 to prevent package/module loading
confusion.
- SSL.Session and a demo in demo/ssl/sess.py.
- https_srv.py, an enhanced, https version of SimpleHTTPServer.py.
- Interface change: SMIME.load_pkcs7_bio() is renamed
SMIME.smime_load_pkcs7_bio(), similarly SMIME.load_pkcs7() to
SMIME.smime_load_pkcs7(); these load PKCS7 objects generated by S/MIME.
- Interface change: SMIME.load_pkcs7_bio() now loads a PKCS7 PEM file, i.e., a
file of the format "-----BEGIN PKCS7-----".
- Works with both Python 2.0 and Python 1.5.2.
- OpenSSL 0.9.6. (Possibly incompatible with earlier OpenSSL releases.)
- Unit tests with PyUnit.
- Improved C code:
= Custom Python exceptions.
= Diligent error checking.
= Fixed memory leaks.
- Renamed M2Crypto.urllib2 to M2Crypto.m2urllib.
- HTTPS clients of Python 1.5.2's and Python 2.0's httplib and urllib.
Changes since 0.03
-----------------------
- SSL certificate-based authentication with Python callback.
- More robust SSL.Connection - raises exceptions, not dumps core.
- Fixed (some) memory leaks and multiple-free()s.
- Cleaned up EVP.HMAC and EVP.PKey.
- More X.509 certificate manipulation.
- An interface to create SSL sessions.
- Unified SSL read() and write() for synchronous and asynchronous operation.
- S/MIME and PKCS #7.
- Integrated with OpenSSL 0.9.5.
- Enhanced the PRNG interface.
Changes since 0.02
-----------------------
1. Ephemeral DH for SSL.
2. ThreadingSSLServer now does.
3. XMLrpc over https.
4. ZServerSSL for Zope 2.1.3.
5. Encrypting monitor for Zope 2.1.3.
6. Beginnings of PGP2 support.
7. Replaced eval() calls with other (hopefully) safe ones.
8. Miscellaneous enhancements and bug fixes.
Changes since 0.01
-----------------------
1. Beginnings of SSL support.
For building servers, blocking i/o:
- An SSLServer modeled after SocketServer.
- A ForkingSSLServer that seems to work well.
- A ThreadingSSLServer that runs one thread at a time. (!) ;-)
For building servers, nonblocking i/o:
- An ssl_dispatcher modeled after asyncore.dispatcher.
A HTTPS server based on Medusa.
For client-side web programming:
- httpslib
- urllib2
2. Support for some BIO objects.
3. Reduced per-module name space pollution.
4. Have Swig check for NULL pointers: reduced .i cut-&-paste.
5. Standardise on MPINT for passing big integers between Python and OpenSSL.
6. Removed MD5, SHA1, RIPEMD160. Just use EVP.MessageDigest.
7. Removed HMAC. Just use EVP.HMAC.