0.13.0 - 2018-10-25

Add TLS support

Both client side and server side are implemented.

• SSLv3 is not supported.
• Session management and SNI callbacks are not implemented.

API Changes

• x509: ca and max_path_length basic constraints are now
  grouped into a BasicConstraints namedtuple. It is possible
  to leave the basic constraints unset by passing None
  to CRT.new(..., basic_constraints=None).
• random: random module renamed _random.

Bugfixes

• mpi: GC now actually overwrites keys with random data.

0.12.2 - 2018-09-10

Misc.

• New property syntax from Cython 0.24.
• Fixup rendering on Pypi.
• Update required deps.

0.12.1 - 2018-08-27

Merge branch 'develop'

0.12.0 - 2018-08-27

X.509 Parser and writer

• x509: Add accessors to most fields of CRT, CSR, and CRL.
  The x509 module can now be used to inspect existing certificates.
• x509: The module now offers basic signing and
  verification capabilities.

API Changes

• pk: from_{PEM,DER,buffer} are now classmethods to
  comply with PEP 543.
• x509: Certificate class renamed CRT.
• x509: start and end arguments renamed not_before and
  not_after; md_alg argument is now digestmod.
• x509: Re-order the arguments of the new() methods.
• exceptions: Rename MbedTLSError -> TLSError to comply
  with PEP 543.

Misc

• pk: __eq__() now also accepts DER (bytes) or PEM (str) formats.
• x509: __bytes__() returns the certificates in the DER format.
• x509: __str__() now returns a human-readable string.

0.11.1 - 2018-07-04

Update changelog. No change to the code.

0.11.0 - 2018-07-04

Support Diffie-Hellman-Merkle key exchange and secure numbers

• Support Diffie-Hellman-Merkle key exchange.
• MPIs (multi-precision integers) now implement the full
  numbers.Integral API.
• MPIs are erased from memory upon garbage collection.
• The mpi library is now public (renamed _mpi -> mpi).

API Changes

• pk: Methods that were previously returning a long integer now
  return an MPI.
• exceptions: Rename _ErrorBase -> MbedTLSError. It is now
  the only new exception.
• exceptions: mbedtls_strerror() generates the error message.

0.10.0 - 2018-05-07

Support elliptic curve cryptography

• pk/ECC: Elliptic curve digital signature algorithm.
• pk/ECDHServer, pk/ECDHClient: Elliptic curve Diffie-Hellman.
  The two classes together support ECDHE (ephemeral) as well.

API Changes

• pk/RSA: generate() returns the private key.
• pk/RSA: to_DER() and to_PEM() are obsolete and will be removed.
  Users should call export_key() and export_public_key() instead.
• pk/RSA: has_public() and has_private() are now private.
  Test if export_key() and export_public_key() are truthy or falsy instead.
• pk/RSA: __str__() now returns the private key in PEM format.
• pk/RSA: to_bytes() and __bytes__() now return the private key in DER format.

Bugfix

• pk: Increase the size of the buffer for sign(), encrypt(), decrypt()

Misc.

• Use const memoryviews supported by Cython 0.28.0.
• pk: pk is now a module instead of a package.

0.9.0 - 2018-03-14

API Changes

• x509/Certificate: next() returns the next certificate in a chain.
• md: Implement block_size property.

Misc.

• Clean up imports.
• Fix tests and packaging.
• Add pxd files to source distribution.
• Change git merge policy to fast-forward on develop.
• Switch to semantic versioning.

0.9 - 2018-03-13

Merge branch 'develop'

0.8 withdrawn - 2018-02-24

Support X.509 Certificates

• x509/Certificate: X.509 certificate writer and parser.
• x509/CSR: X.509 certificate signing request writer and parser.
• x509/CRL: X.509 certificate revocation list and validation.

API Changes

• CipherBase/RSA: import_() method renamed from_buffer() for PEP 543.
• CipherBase/RSA: export(format="PEM") method renamed to_PEM()
• CipherBase/RSA: export(format="DER") method renamed to_DER()
• CipherBase/RSA: from_DER(), from_PEM() to import from DER or PEM.
• CipherBase/RSA: to_bytes() aliases to_DER()