Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency pyOpenSSL to v25 #244

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

Update dependency pyOpenSSL to v25 #244

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jan 17, 2025

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
pyOpenSSL (source) ==22.1.0 -> ==25.0.0 age adoption passing confidence

Release Notes

pyca/pyopenssl (pyOpenSSL)

v25.0.0

Compare Source

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Deprecations:
^^^^^^^^^^^^^

Changes:
^^^^^^^^

  • Corrected type annotations on Context.set_alpn_select_callback, Context.set_session_cache_mode, Context.set_options, Context.set_mode, X509.subject_name_hash, and X509Store.load_locations.
  • Deprecated APIs are now marked using warnings.deprecated. mypy will emit deprecation notices for them when used with --enable-error-code deprecated.

v24.3.0

Compare Source

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Removed the deprecated OpenSSL.crypto.CRL, OpenSSL.crypto.Revoked, OpenSSL.crypto.dump_crl, and OpenSSL.crypto.load_crl. cryptography.x509's CRL functionality should be used instead.
  • Removed the deprecated OpenSSL.crypto.sign and OpenSSL.crypto.verify. cryptography.hazmat.primitives.asymmetric's signature APIs should be used instead.

Deprecations:
^^^^^^^^^^^^^

  • Deprecated OpenSSL.rand - callers should use os.urandom() instead.
  • Deprecated add_extensions and get_extensions on OpenSSL.crypto.X509Req and OpenSSL.crypto.X509. These should have been deprecated at the same time X509Extension was. Users should use pyca/cryptography's X.509 APIs instead.
  • Deprecated OpenSSL.crypto.get_elliptic_curves and OpenSSL.crypto.get_elliptic_curve, as well as passing the reult of them to OpenSSL.SSL.Context.set_tmp_ecdh, users should instead pass curves from cryptography.
  • Deprecated passing X509 objects to OpenSSL.SSL.Context.use_certificate, OpenSSL.SSL.Connection.use_certificate, OpenSSL.SSL.Context.add_extra_chain_cert, and OpenSSL.SSL.Context.add_client_ca, users should instead pass cryptography.x509.Certificate instances. This is in preparation for deprecating pyOpenSSL's X509 entirely.
  • Deprecated passing PKey objects to OpenSSL.SSL.Context.use_privatekey and OpenSSL.SSL.Connection.use_privatekey, users should instead pass cryptography priate key instances. This is in preparation for deprecating pyOpenSSL's PKey entirely.

Changes:
^^^^^^^^

  • cryptography maximum version has been increased to 44.0.x.
  • OpenSSL.SSL.Connection.get_certificate, OpenSSL.SSL.Connection.get_peer_certificate, OpenSSL.SSL.Connection.get_peer_cert_chain, and OpenSSL.SSL.Connection.get_verified_chain now take an as_cryptography keyword-argument. When True is passed then cryptography.x509.Certificate are returned, instead of OpenSSL.crypto.X509. In the future, passing False (the default) will be deprecated.

v24.2.1

Compare Source

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Deprecations:
^^^^^^^^^^^^^

Changes:
^^^^^^^^

  • Fixed changelog to remove sphinx specific restructured text strings.

v24.1.0

Compare Source

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Removed the deprecated OpenSSL.crypto.PKCS12 and
    OpenSSL.crypto.NetscapeSPKI. OpenSSL.crypto.PKCS12 may be replaced
    by the PKCS#12 APIs in the cryptography package.

Deprecations:
^^^^^^^^^^^^^

Changes:
^^^^^^^^

v24.0.0

Compare Source

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Deprecations:
^^^^^^^^^^^^^

Changes:
^^^^^^^^

  • Added OpenSSL.SSL.Connection.get_selected_srtp_profile to determine which SRTP profile was negotiated.
    #&#8203;1279 <https://github.com/pyca/pyopenssl/pull/1279>_.

v23.3.0

Compare Source

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Dropped support for Python 3.6.
  • The minimum cryptography version is now 41.0.5.
  • Removed OpenSSL.crypto.loads_pkcs7 and OpenSSL.crypto.loads_pkcs12 which had been deprecated for 3 years.
  • Added OpenSSL.SSL.OP_LEGACY_SERVER_CONNECT to allow legacy insecure renegotiation between OpenSSL and unpatched servers.
    #&#8203;1234 <https://github.com/pyca/pyopenssl/pull/1234>_.

Deprecations:
^^^^^^^^^^^^^

  • Deprecated OpenSSL.crypto.PKCS12 (which was intended to have been deprecated at the same time as OpenSSL.crypto.load_pkcs12).
  • Deprecated OpenSSL.crypto.NetscapeSPKI.
  • Deprecated OpenSSL.crypto.CRL
  • Deprecated OpenSSL.crypto.Revoked
  • Deprecated OpenSSL.crypto.load_crl and OpenSSL.crypto.dump_crl
  • Deprecated OpenSSL.crypto.sign and OpenSSL.crypto.verify
  • Deprecated OpenSSL.crypto.X509Extension

Changes:
^^^^^^^^

  • Changed OpenSSL.crypto.X509Store.add_crl to also accept
    cryptography's x509.CertificateRevocationList arguments in addition
    to the now deprecated OpenSSL.crypto.CRL arguments.
  • Fixed test_set_default_verify_paths test so that it is skipped if no
    network connection is available.

v23.2.0

Compare Source

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Removed X509StoreFlags.NOTIFY_POLICY.
    #&#8203;1213 <https://github.com/pyca/pyopenssl/pull/1213>_.

Deprecations:
^^^^^^^^^^^^^

Changes:
^^^^^^^^

  • cryptography maximum version has been increased to 41.0.x.
  • Invalid versions are now rejected in OpenSSL.crypto.X509Req.set_version.
  • Added X509VerificationCodes to OpenSSL.SSL.
    #&#8203;1202 <https://github.com/pyca/pyopenssl/pull/1202>_.

v23.1.1

Compare Source

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Deprecations:
^^^^^^^^^^^^^

Changes:
^^^^^^^^

  • Worked around an issue in OpenSSL 3.1.0 which caused X509Extension.get_short_name to raise an exception when no short name was known to OpenSSL.
    #&#8203;1204 <https://github.com/pyca/pyopenssl/pull/1204>_.

v23.1.0

Compare Source

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Deprecations:
^^^^^^^^^^^^^

Changes:
^^^^^^^^

  • cryptography maximum version has been increased to 40.0.x.
  • Add OpenSSL.SSL.Connection.DTLSv1_get_timeout and OpenSSL.SSL.Connection.DTLSv1_handle_timeout
    to support DTLS timeouts #&#8203;1180 <https://github.com/pyca/pyopenssl/pull/1180>_.

v23.0.0

Compare Source

Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Deprecations:
^^^^^^^^^^^^^

Changes:
^^^^^^^^

  • Add OpenSSL.SSL.X509StoreFlags.PARTIAL_CHAIN constant to allow for users
    to perform certificate verification on partial certificate chains.
    #&#8203;1166 <https://github.com/pyca/pyopenssl/pull/1166>_
  • cryptography maximum version has been increased to 39.0.x.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants