1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
|
Changes since 0.12/0.11
-------------------------
- Patches from Artur Frysiak <wiget@pld-linux.org>. Thanks Artur.
= Allow using a passphrase callback in class SMIME.
= Added method get0_signers to class PKCS7, which retrieves signers'
certificates from a PKCS7 blob.
= Added methods as_pem and save_pem to class X509.
= Added file version.py.
= Allow SSL.Context.load_verify_locations to accept both 'cafile' and
'capath'.
- Fixed BIO.read() not reading until EOF. Thanks to Egil Muller
<redhog@redhog.org> for suggestion.
- Honour 'mode' parameter in SSL.Connection.makefile. Thanks again to Egil
Muller.
- Roger Binns contributed epydoc-generated docs for M2Crypto. Thanks Roger.
- Peter Teniz contributed patches to create X.509 requests and certificates.
Thanks Peter.
- Updated Medusa to 0.54.
- Make various OpenSSL bignum functions (written long ago) available to Python.
Changes since 0.11
--------------------
- ZServerSSL with client certificate-based authentication rides again.
- Created Makefile for Python 2.3.
- Modified LICENCE: changed my name to the generic "the author" in the
all-caps disclaimer paragraph.
- Allow to save RSA key pair in the clear.
- ZServerSSL for Zope 2.7.
- Excluded RC5. IDEA was taken out several releases ago. This should
allow M2Crypto to build with stock OpenSSL on various Linuxen.
- Added ssl_set_tmp_dh_callback.
- Added ssl_set_tmp_rsa and ssl_set_tmp_rsa_callback to support weak-cipher
browsers.
- ZServerSSL exports SSL_CIPHER request header (a la mod_ssl) to Zope
applications.
- Perform distutils's SWIG .i search path tweaking within setup.py. setup.py
should now work "out of the box".
- Added contrib/smimeplus.py, a high-level S/MIME interface, contributed by
Bernard Yue <bernie@3captus.com>. Thanks Bernard.
- Added in long forms of nid's in X509_Name. Thanks to William K Volkman
<development@netshark.com> for patch.
- Updated Mac OS X build instructions. Thanks to Larry Bugbee
<bugbee@seanet.com>.
Changes since 0.10
--------------------
- Dave Berkeley <dave@rotwang.freeserve.co.uk> contributed fixes to
SSL.Context-related memory leaks and code to set the size of the SSL
session cache.
- Brent Chun <bnc@intel-research.net> contributed the following:
+ Fixes to memory leaks.
+ Code to expose X.509 certificate chain operations.
+ Code to expose set/get operations on the SSL session cache.
- Changed swig/ to SWIG/, for the convenience of people who don't read
INSTALL. Some Makefiles may break because of this. setup.py continues
to work, of course.
- ZServerSSL tested with Zope 2.6.1. There is now a HOWTO.
- Updated README and INSTALL.
- Filled doc/ with stuff that went missing in several past releases.
Changes since 0.09
--------------------
- Updated to OpenSSL 0.9.7. Thanks to Toby Allsopp <toby@MI6.GEN.NZ> for
patches.
- Added functionality to create a basic certificate request. Also
contributed by Toby Allsopp.
- Finally, AES!
Changes since 0.08
--------------------
- Replaced demo/Zope/ZServer/__init__.py with the correct version
for Zope 2.6.0.
- Added a sample starts.bat for ZServerSSL.
- Incoporated a patch by prashanth@jibe.biz that handled the
new-in-Python-2.2.2 "strict" parameter for the various HTTP[S] connection
classes in httplib.py. Thanks prashanth. This fixes M2Crypto's XMLRPC
support for Python 2.2.2. (Apparently it was working for Python 2.2.1.)
- Incorporated some cosmetic patches from Adam Karpierz <karpierz@zope.pl>.
Thanks Adam.
Changes since 0.07 snapshot #3
--------------------------------
- Updated to SWIG 1.3.17.
- Excluded IDEA.
- Tested with OpenSSL 0.9.6h.
- ZServerSSL rides again for Zope 2.6.0.
- setup.py does!
- Removed Makefiles for Windows and Unix. (Makefile.osx remains.)
- Included in contrib/ Isaac Salzberg's application of Mihai Ibanescu's
patch that allows IIS interoperability thru an authenticating proxy.
Thanks Isaac.
- Included in contrib/ patch by Dave Brueck <dave@pythonaprocrypha.com>
that has smarter non-blocking behaviour. Thanks Dave.
Changes since 0.06
-----------------------
- test_ssl_win.py. (Requires Mark Hammond's Win32 extensions.)
- Renamed demo/https to demo/medusa; updated Medusa to 2001 Jun release.
- Improved _ssl.i's and M2Crypto.SSL.Connection's accept/connect methods.
- M2Crypto.ftpslib for client-side FTP/TLS.
- demo/medusa/ftps_server.py for server-side FTP/TLS.
- Improved thread-safety.
- Cleaned up echo client and servers.
- Fixed missing import in m2urllib.
- Fixed m2urllib to handle HTTP redirects.
- Python 2.2 compatibility.
- AuthCookie - secure authenticator cookies.
Changes since 0.05
-----------------------
- Handled the cases where Python callbacks raised exceptions.
- Fixed a NULL-deref bug in _ssl.i which crashes Medusa https when IE
or Opera comes a-calling.
- ZServerSSL rides again - a more robust ZServerSSL for Zope 2.3.0.
- Added the MIME type 'application/x-x509-ca-cert' to
demo/ssl/https_srv.py. This facilitates installing self-generated
certificates into your browser.
- ZSmime and GuardedFile bundled.
- Documentation! A HOWTO on operating your own CA.
- Documentation! A HOWTO on S/MIME. Examples are in demo/smime.howto.
- Python 2.1 compatibility.
- Fixed demo/https/https_server.py's CPU-spinning. (As per ZServerSSL.)
- Fixed m2urllib's unexpected eof - demo/ssl/urllib_cli.py now works.
- Renamed xmlrpclib2.py to m2xmlrpclib.py.
- Kludged SSL.ssl_dispatcher to do blocking connect()'s: see
demo/ssl/https_cli_async.py.
- SWIG 1.3.6 does! Thanks to Keith Jackson <krjackson@lbl.gov>.
Changes since 0.04
-----------------------
- Fixed a silly reversed-logic bug in M2Crypto.SSL.Connection.setblocking().
- Fixed yet more memory leaks. Thanks to Ray Suorsa <res@loudcloud.com>.
- Build instructions for Borland BC++ 5.5 free compiler suite.
- Bundles the June 2000 unencumbered release of Medusa.
- SSL callback thread-safety. Thanks again to Ray Suorsa for insights and
patches.
- Renamed M2Crypto.M2Crypto to M2Crypto.m2 to prevent package/module loading
confusion.
- SSL.Session and a demo in demo/ssl/sess.py.
- https_srv.py, an enhanced, https version of SimpleHTTPServer.py.
- Interface change: SMIME.load_pkcs7_bio() is renamed
SMIME.smime_load_pkcs7_bio(), similarly SMIME.load_pkcs7() to
SMIME.smime_load_pkcs7(); these load PKCS7 objects generated by S/MIME.
- Interface change: SMIME.load_pkcs7_bio() now loads a PKCS7 PEM file, i.e., a
file of the format "-----BEGIN PKCS7-----".
- Works with both Python 2.0 and Python 1.5.2.
- OpenSSL 0.9.6. (Possibly incompatible with earlier OpenSSL releases.)
- Unit tests with PyUnit.
- Improved C code:
= Custom Python exceptions.
= Diligent error checking.
= Fixed memory leaks.
- Renamed M2Crypto.urllib2 to M2Crypto.m2urllib.
- HTTPS clients of Python 1.5.2's and Python 2.0's httplib and urllib.
Changes since 0.03
-----------------------
- SSL certificate-based authentication with Python callback.
- More robust SSL.Connection - raises exceptions, not dumps core.
- Fixed (some) memory leaks and multiple-free()s.
- Cleaned up EVP.HMAC and EVP.PKey.
- More X.509 certificate manipulation.
- An interface to create SSL sessions.
- Unified SSL read() and write() for synchronous and asynchronous operation.
- S/MIME and PKCS #7.
- Integrated with OpenSSL 0.9.5.
- Enhanced the PRNG interface.
Changes since 0.02
-----------------------
1. Ephemeral DH for SSL.
2. ThreadingSSLServer now does.
3. XMLrpc over https.
4. ZServerSSL for Zope 2.1.3.
5. Encrypting monitor for Zope 2.1.3.
6. Beginnings of PGP2 support.
7. Replaced eval() calls with other (hopefully) safe ones.
8. Miscellaneous enhancements and bug fixes.
Changes since 0.01
-----------------------
1. Beginnings of SSL support.
For building servers, blocking i/o:
- An SSLServer modeled after SocketServer.
- A ForkingSSLServer that seems to work well.
- A ThreadingSSLServer that runs one thread at a time. (!) ;-)
For building servers, nonblocking i/o:
- An ssl_dispatcher modeled after asyncore.dispatcher.
A HTTPS server based on Medusa.
For client-side web programming:
- httpslib
- urllib2
2. Support for some BIO objects.
3. Reduced per-module name space pollution.
4. Have Swig check for NULL pointers: reduced .i cut-&-paste.
5. Standardise on MPINT for passing big integers between Python and OpenSSL.
6. Removed MD5, SHA1, RIPEMD160. Just use EVP.MessageDigest.
7. Removed HMAC. Just use EVP.HMAC.
|