source: TI12-security/branches/Dependencies/m2crypto/CHANGES @ 2172

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/branches/Dependencies/m2crypto/CHANGES@2237
Revision 2172, 12.2 KB checked in by pjkersha, 13 years ago (diff)
Line 
10.16
2----
3- Minimum requirements updated: Python 2.3+, OpenSSL 0.9.7+, SWIG 1.3.24+
4- Optional features from OpenSSL 0.9.8 and newer
5- Enhancements to EVP and X509 to allow proxy certificate handling,
6  by Matt Rodriguez
7- SSLBio and related additions to help do SSL with BIOs directly,
8  by Matt Rodriguez
9- Added --openssl option to build command which can be used to specify
10  where OpenSSL is installed, by Matt Rodriguez
11- Added sign and verify to RSA class, and get_rsa to PKey class,
12  by Matt Rodriguez
13- ECDSA signatures and ECDH key agreement, requires OpenSSL 0.9.8+,
14  by Arno Bakker
15- Fix non-hashable type problems in SSL._ctxmap and users,
16  by Michael Weiser
17- Fixed SSLServer.handle_error to take the correct number of
18  arguments, by Dan Williams
19- Added sha224, sha256, sha384 and sha512, by Larry Bugbee
20- Added serialNumber, SN, surname, GN and givenName fields to X509_Name,
21  by Martin Paljak
22- m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT is the fourth certificate
23  verification error that will be allowed when unknown CAs are allowed
24- post connection checks in Connection.accept() and connect() fixed (these
25  were broken in 0.15)
26- Fixed EVP.Cipher to work with aes_* ciphers (used to crash Python).
27  The actual problem was in m2.bytes_to_key.
28- SMIME methods and functions raise correct exceptions
29- Raise ValueError instead of AttributeError when a non-existing hash
30  algorithm or SSL version is asked for
31- ssl_ctx_set_tmp_(dh|rsa) now return value, and the rsa version calls
32  the rsa function instead of the dh function
33- digest_update and verify_update return type changed to int, which allows
34  better error reporting; EVP.MessageDigest.update and
35  EVP.PKey.verify_update likewise changed
36- X509_Name and ASN1_String as_text (new for ASN1_String) take optional
37  parameters to control formatting.
38- Cipher_Stack, X509_Stack and X509_Extension_Stack are iterable
39- EVP.MessageDigest now properly cleans up the underlying data when the object
40  gets deleted
41- It is now possible to set and get non-nid values to X509_Name (previously
42  only set worked)
43- SSL.Connection.set_client_CA_list_from_file now uses the actual implementd
44  function instead of raising exception
45- Multithreaded SSL no longer uses the SSL_set/get_app_data to set and
46  restore thread state, but uses the standard PyGILState_STATE instead.
47- m2urllib no longer outputs the HTTP headers (there was an erronous call
48  to set_debuglevel(1))
49- Removed RCS_id, RCS_ID and _RCS_id from Python files
50- Memory leak fixes
51- SWIG and compiler warning fixes
52- More and better Epydoc formatted docstrings
53- More than doubled the number of unit tests, also made many demos into tests
54
550.15
56----
57- Support OpenSSL 0.9.8, Python 2.4.1, SWIG 1.3.24
58- Fixed multiple memory leaks
59- Twisted integration
60- Safer defaults for SSL context and post connection check for clients
61- Eliminated C pointers from interfaces (some may still remain in callbacks)
62- Many cases where Python interpreter crashed have been fixed
63- Improved thread safety of many callbacks
64- And of course more of the OpenSSL API is covered, new docstrings and
65  tests have been written
66
67 Changes since 0.13
68--------------------
69- Fixed memory leak due to circular reference in SSL.Connection.
70  Thanks to Michael Dunstan. Oops, patch is ZServerSSL-specific.
71  Andre Reitz provided a generalised fix. Thanks Andre.
72- Fixed __getattr__ error in DSA. Thanks to Igor Belyi.
73- Added rand_poll, rand_screen and rand_win32_event functions to
74  M2Crypto.Rand.
75- Updated ZServerSSL files to match Zope 2.7.0 versions.
76- Integrated (overlapping) patches by Peter Teniz and Heikki Toivonen
77  covering operations on X.509-related structures that gives M2Crypto
78  PKI functionality. Thanks Peter and Heikki.
79- Peter Teniz contributed demo2004/pki/x509auth.py.
80- Created demo2004/ directory that will contain new or updated demos.
81- Added verify_[init|update|final] in _evp.i. Patch by Zachery Corbiere.
82  Thanks Zac.
83
84
85 Changes since 0.12/0.11
86-------------------------
87- Patches from Artur Frysiak <wiget@pld-linux.org>. Thanks Artur.
88  = Allow using a passphrase callback in class SMIME.
89  = Added method get0_signers to class PKCS7, which retrieves signers'
90    certificates from a PKCS7 blob.
91  = Added methods as_pem and save_pem to class X509.
92  = Added file version.py.
93  = Allow SSL.Context.load_verify_locations to accept both 'cafile' and
94    'capath'.
95- Fixed BIO.read() not reading until EOF. Thanks to Egil Muller
96  <redhog@redhog.org> for suggestion.
97- Honour 'mode' parameter in SSL.Connection.makefile. Thanks again to Egil
98  Muller.
99- Roger Binns contributed epydoc-generated docs for M2Crypto. Thanks Roger.
100- Peter Teniz contributed patches to create X.509 requests and certificates.
101  Thanks Peter.
102- Updated Medusa to 0.54.
103- Make various OpenSSL bignum functions (written long ago) available to Python.
104
105
106 Changes since 0.11
107--------------------
108- ZServerSSL with client certificate-based authentication rides again.
109- Created Makefile for Python 2.3.
110- Modified LICENCE: changed my name to the generic "the author" in the
111  all-caps disclaimer paragraph.
112- Allow to save RSA key pair in the clear.
113- ZServerSSL for Zope 2.7.
114- Excluded RC5. IDEA was taken out several releases ago. This should
115  allow M2Crypto to build with stock OpenSSL on various Linuxen.
116- Added ssl_set_tmp_dh_callback.
117- Added ssl_set_tmp_rsa and ssl_set_tmp_rsa_callback to support weak-cipher
118  browsers.
119- ZServerSSL exports SSL_CIPHER request header (a la mod_ssl) to Zope
120  applications.
121- Perform distutils's SWIG .i search path tweaking within setup.py. setup.py
122  should now work "out of the box".
123- Added contrib/smimeplus.py, a high-level S/MIME interface, contributed by
124  Bernard Yue <bernie@3captus.com>. Thanks Bernard.
125- Added in long forms of nid's in X509_Name. Thanks to William K Volkman
126  <development@netshark.com> for patch.
127- Updated Mac OS X build instructions. Thanks to Larry Bugbee
128  <bugbee@seanet.com>.
129
130
131 Changes since 0.10
132--------------------
133- Dave Berkeley <dave@rotwang.freeserve.co.uk> contributed fixes to
134  SSL.Context-related memory leaks and code to set the size of the SSL
135  session cache.
136- Brent Chun <bnc@intel-research.net> contributed the following:
137  + Fixes to memory leaks.
138  + Code to expose X.509 certificate chain operations.
139  + Code to expose set/get operations on the SSL session cache.
140- Changed swig/ to SWIG/, for the convenience of people who don't read
141  INSTALL. Some Makefiles may break because of this. setup.py continues
142  to work, of course.
143- ZServerSSL tested with Zope 2.6.1. There is now a HOWTO.
144- Updated README and INSTALL.
145- Filled doc/ with stuff that went missing in several past releases.
146
147
148 Changes since 0.09
149--------------------
150- Updated to OpenSSL 0.9.7. Thanks to Toby Allsopp <toby@MI6.GEN.NZ> for
151  patches.
152- Added functionality to create a basic certificate request. Also
153  contributed by Toby Allsopp.
154- Finally, AES!
155
156
157 Changes since 0.08
158--------------------
159- Replaced demo/Zope/ZServer/__init__.py with the correct version
160  for Zope 2.6.0.
161- Added a sample starts.bat for ZServerSSL.
162- Incoporated a patch by prashanth@jibe.biz that handled the
163  new-in-Python-2.2.2 "strict" parameter for the various HTTP[S] connection
164  classes in httplib.py. Thanks prashanth. This fixes M2Crypto's XMLRPC
165  support for Python 2.2.2. (Apparently it was working for Python 2.2.1.)
166- Incorporated some cosmetic patches from Adam Karpierz <karpierz@zope.pl>.
167  Thanks Adam.
168
169
170 Changes since 0.07 snapshot #3
171--------------------------------
172- Updated to SWIG 1.3.17.
173- Excluded IDEA.
174- Tested with OpenSSL 0.9.6h.
175- ZServerSSL rides again for Zope 2.6.0.
176- setup.py does!
177- Removed Makefiles for Windows and Unix. (Makefile.osx remains.)
178- Included in contrib/ Isaac Salzberg's application of Mihai Ibanescu's
179  patch that allows IIS interoperability thru an authenticating proxy.
180  Thanks Isaac.
181- Included in contrib/ patch by Dave Brueck <dave@pythonaprocrypha.com>
182  that has smarter non-blocking behaviour. Thanks Dave.
183
184
185 Changes since 0.06
186-----------------------
187- test_ssl_win.py. (Requires Mark Hammond's Win32 extensions.)
188- Renamed demo/https to demo/medusa; updated Medusa to 2001 Jun release.
189- Improved _ssl.i's and M2Crypto.SSL.Connection's accept/connect methods.
190- M2Crypto.ftpslib for client-side FTP/TLS.
191- demo/medusa/ftps_server.py for server-side FTP/TLS.
192- Improved thread-safety.
193- Cleaned up echo client and servers.
194- Fixed missing import in m2urllib.
195- Fixed m2urllib to handle HTTP redirects.
196- Python 2.2 compatibility.
197- AuthCookie - secure authenticator cookies.
198
199
200 Changes since 0.05
201-----------------------
202- Handled the cases where Python callbacks raised exceptions.
203- Fixed a NULL-deref bug in _ssl.i which crashes Medusa https when IE
204  or Opera comes a-calling.
205- ZServerSSL rides again - a more robust ZServerSSL for Zope 2.3.0.
206- Added the MIME type 'application/x-x509-ca-cert' to
207  demo/ssl/https_srv.py. This facilitates installing self-generated
208  certificates into your browser.
209- ZSmime and GuardedFile bundled.
210- Documentation! A HOWTO on operating your own CA.
211- Documentation! A HOWTO on S/MIME. Examples are in demo/smime.howto.
212- Python 2.1 compatibility.
213- Fixed demo/https/https_server.py's CPU-spinning. (As per ZServerSSL.)
214- Fixed m2urllib's unexpected eof - demo/ssl/urllib_cli.py now works.
215- Renamed xmlrpclib2.py to m2xmlrpclib.py.
216- Kludged SSL.ssl_dispatcher to do blocking connect()'s: see
217  demo/ssl/https_cli_async.py.
218- SWIG 1.3.6 does! Thanks to Keith Jackson <krjackson@lbl.gov>.
219
220
221 Changes since 0.04
222-----------------------
223- Fixed a silly reversed-logic bug in M2Crypto.SSL.Connection.setblocking().
224- Fixed yet more memory leaks. Thanks to Ray Suorsa <res@loudcloud.com>.
225- Build instructions for Borland BC++ 5.5 free compiler suite.
226- Bundles the June 2000 unencumbered release of Medusa.
227- SSL callback thread-safety. Thanks again to Ray Suorsa for insights and
228  patches.
229- Renamed M2Crypto.M2Crypto to M2Crypto.m2 to prevent package/module loading
230  confusion.
231- SSL.Session and a demo in demo/ssl/sess.py.
232- https_srv.py, an enhanced, https version of SimpleHTTPServer.py.
233- Interface change: SMIME.load_pkcs7_bio() is renamed
234  SMIME.smime_load_pkcs7_bio(), similarly SMIME.load_pkcs7() to
235  SMIME.smime_load_pkcs7(); these load PKCS7 objects generated by S/MIME.
236- Interface change: SMIME.load_pkcs7_bio() now loads a PKCS7 PEM file, i.e., a
237  file of the format "-----BEGIN PKCS7-----".
238- Works with both Python 2.0 and Python 1.5.2.
239- OpenSSL 0.9.6. (Possibly incompatible with earlier OpenSSL releases.)
240- Unit tests with PyUnit.
241- Improved C code:
242    =   Custom Python exceptions.
243    =   Diligent error checking.
244    =   Fixed memory leaks.
245- Renamed M2Crypto.urllib2 to M2Crypto.m2urllib.
246- HTTPS clients of Python 1.5.2's and Python 2.0's httplib and urllib.
247
248
249 Changes since 0.03
250-----------------------
251- SSL certificate-based authentication with Python callback.
252- More robust SSL.Connection - raises exceptions, not dumps core.
253- Fixed (some) memory leaks and multiple-free()s.
254- Cleaned up EVP.HMAC and EVP.PKey.
255- More X.509 certificate manipulation.
256- An interface to create SSL sessions.
257- Unified SSL read() and write() for synchronous and asynchronous operation.
258- S/MIME and PKCS #7.
259- Integrated with OpenSSL 0.9.5.
260- Enhanced the PRNG interface.
261
262
263 Changes since 0.02
264-----------------------
2651. Ephemeral DH for SSL.
2662. ThreadingSSLServer now does.
2673. XMLrpc over https.
2684. ZServerSSL for Zope 2.1.3.
2695. Encrypting monitor for Zope 2.1.3.
2706. Beginnings of PGP2 support.
2717. Replaced eval() calls with other (hopefully) safe ones.
2728. Miscellaneous enhancements and bug fixes.
273   
274
275 Changes since 0.01
276-----------------------
2771. Beginnings of SSL support.
278
279        For building servers, blocking i/o:
280                - An SSLServer modeled after SocketServer.
281                - A ForkingSSLServer that seems to work well.
282                - A ThreadingSSLServer that runs one thread at a time. (!) ;-)
283               
284        For building servers, nonblocking i/o:
285                - An ssl_dispatcher modeled after asyncore.dispatcher.
286
287        A HTTPS server based on Medusa.
288       
289        For client-side web programming:
290                - httpslib
291                - urllib2
292
293
2942. Support for some BIO objects.
2953. Reduced per-module name space pollution.
2964. Have Swig check for NULL pointers: reduced .i cut-&-paste.
2975. Standardise on MPINT for passing big integers between Python and OpenSSL.
2986. Removed MD5, SHA1, RIPEMD160. Just use EVP.MessageDigest. 
2997. Removed HMAC. Just use EVP.HMAC. 
300
301
Note: See TracBrowser for help on using the repository browser.