|
Upgrade to release 20.0.1:
- Fixed compatibility with OpenSSL 1.1.0
- Added a new optional chain parameter to
OpenSSL.crypto.X509StoreContext() where additional untrusted
certificates can be specified to help chain building.
- Added OpenSSL.crypto.X509Store.load_locations to set trusted
certificate file bundles and/or directories for verification.
- Added Context.set_keylog_callback to log key material.
- Added OpenSSL.SSL.Connection.get_verified_chain to retrieve
the verified certificate chain of the peer.
- Make verification callback optional in Context.set_verify. If
omitted, OpenSSL’s default verification is used.
- Fixed a bug that could truncate or cause a zero-length key
error due to a null byte in private key passphrase in
OpenSSL.crypto.load_privatekey and OpenSSL.crypto.dump_privatekey.
- Deprecated OpenSSL.crypto.loads_pkcs7 and
OpenSSL.crypto.loads_pkcs12.
- The minimum cryptography version is now 3.2.
- Remove deprecated OpenSSL.tsafe module.
- Removed deprecated OpenSSL.SSL.Context.set_npn_advertise_callback,
OpenSSL.SSL.Context.set_npn_select_callback, and
OpenSSL.SSL.Connection.get_next_proto_negotiated.
- Drop support for Python 3.4
- Drop support for OpenSSL 1.0.1 and 1.0.2
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Acked-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
Leon Anavi
Derek Straka
Wang Mingyu