chore(deps): update dependency pyopenssl to v26 by renovate[bot] · Pull Request #246 · A-aung/python-docs-samples
v26.0.0
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Dropped support for Python 3.7.
- The minimum
cryptographyversion is now 46.0.0.
Deprecations:
^^^^^^^^^^^^^
Changes:
^^^^^^^^
- Added support for using aws-lc instead of OpenSSL.
- Properly raise an error if a DTLS cookie callback returned a cookie longer than
DTLS1_COOKIE_LENGTHbytes. Previously this would result in a buffer-overflow. Credit to dark_haxor for reporting the issue. CVE-2026-27459 - Added
OpenSSL.SSL.Connection.get_group_nameto determine which group name was negotiated. Context.set_tlsext_servername_callbacknow handles exceptions raised in the callback by callingsys.excepthookand returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to Leury Castillo for reporting this issue. CVE-2026-27448
v25.3.0
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Deprecations:
^^^^^^^^^^^^^
Changes:
^^^^^^^^
- Maximum supported
cryptographyversion is now 46.x.
v25.2.0
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- The minimum
cryptographyversion is now 45.0.7.
Deprecations:
^^^^^^^^^^^^^
Changes:
^^^^^^^^
- pyOpenSSL now sets
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFERon connections by default, matching CPython's behavior. - Added
OpenSSL.SSL.Context.clear_mode. - Added
OpenSSL.SSL.Context.set_tls13_ciphersuitesto set the allowed TLS 1.3 ciphers. - Added
OpenSSL.SSL.Connection.set_info_callback
v25.1.0
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Deprecations:
^^^^^^^^^^^^^
- Attempting using any methods that mutate an
OpenSSL.SSL.Contextafter it
has been used to create anOpenSSL.SSL.Connectionwill emit a warning. In
a future release, this will raise an exception.
Changes:
^^^^^^^^
cryptographymaximum version has been increased to 45.0.x.
v25.0.0
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Deprecations:
^^^^^^^^^^^^^
Changes:
^^^^^^^^
- Corrected type annotations on
Context.set_alpn_select_callback,Context.set_session_cache_mode,Context.set_options,Context.set_mode,X509.subject_name_hash, andX509Store.load_locations. - Deprecated APIs are now marked using
warnings.deprecated.mypywill emit deprecation notices for them when used with--enable-error-code deprecated.
v24.3.0
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Removed the deprecated
OpenSSL.crypto.CRL,OpenSSL.crypto.Revoked,OpenSSL.crypto.dump_crl, andOpenSSL.crypto.load_crl.cryptography.x509's CRL functionality should be used instead. - Removed the deprecated
OpenSSL.crypto.signandOpenSSL.crypto.verify.cryptography.hazmat.primitives.asymmetric's signature APIs should be used instead.
Deprecations:
^^^^^^^^^^^^^
- Deprecated
OpenSSL.rand- callers should useos.urandom()instead. - Deprecated
add_extensionsandget_extensionsonOpenSSL.crypto.X509ReqandOpenSSL.crypto.X509. These should have been deprecated at the same timeX509Extensionwas. Users should use pyca/cryptography's X.509 APIs instead. - Deprecated
OpenSSL.crypto.get_elliptic_curvesandOpenSSL.crypto.get_elliptic_curve, as well as passing the reult of them toOpenSSL.SSL.Context.set_tmp_ecdh, users should instead pass curves fromcryptography. - Deprecated passing
X509objects toOpenSSL.SSL.Context.use_certificate,OpenSSL.SSL.Connection.use_certificate,OpenSSL.SSL.Context.add_extra_chain_cert, andOpenSSL.SSL.Context.add_client_ca, users should instead passcryptography.x509.Certificateinstances. This is in preparation for deprecating pyOpenSSL'sX509entirely. - Deprecated passing
PKeyobjects toOpenSSL.SSL.Context.use_privatekeyandOpenSSL.SSL.Connection.use_privatekey, users should instead passcryptographyprivate key instances. This is in preparation for deprecating pyOpenSSL'sPKeyentirely.
Changes:
^^^^^^^^
cryptographymaximum version has been increased to 44.0.x.OpenSSL.SSL.Connection.get_certificate,OpenSSL.SSL.Connection.get_peer_certificate,OpenSSL.SSL.Connection.get_peer_cert_chain, andOpenSSL.SSL.Connection.get_verified_chainnow take anas_cryptographykeyword-argument. WhenTrueis passed thencryptography.x509.Certificateare returned, instead ofOpenSSL.crypto.X509. In the future, passingFalse(the default) will be deprecated.
v24.2.1
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Deprecations:
^^^^^^^^^^^^^
Changes:
^^^^^^^^
- Fixed changelog to remove sphinx specific restructured text strings.
v24.1.0
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Removed the deprecated
OpenSSL.crypto.PKCS12and
OpenSSL.crypto.NetscapeSPKI.OpenSSL.crypto.PKCS12may be replaced
by the PKCS#12 APIs in thecryptographypackage.
Deprecations:
^^^^^^^^^^^^^
Changes:
^^^^^^^^
v24.0.0
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Deprecations:
^^^^^^^^^^^^^
Changes:
^^^^^^^^
- Added
OpenSSL.SSL.Connection.get_selected_srtp_profileto determine which SRTP profile was negotiated.
#​1279 <https://github.com/pyca/pyopenssl/pull/1279>_.
v23.3.0
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Dropped support for Python 3.6.
- The minimum
cryptographyversion is now 41.0.5. - Removed
OpenSSL.crypto.load_pkcs7andOpenSSL.crypto.load_pkcs12which had been deprecated for 3 years. - Added
OpenSSL.SSL.OP_LEGACY_SERVER_CONNECTto allow legacy insecure renegotiation between OpenSSL and unpatched servers.
#​1234 <https://github.com/pyca/pyopenssl/pull/1234>_.
Deprecations:
^^^^^^^^^^^^^
- Deprecated
OpenSSL.crypto.PKCS12(which was intended to have been deprecated at the same time asOpenSSL.crypto.load_pkcs12). - Deprecated
OpenSSL.crypto.NetscapeSPKI. - Deprecated
OpenSSL.crypto.CRL - Deprecated
OpenSSL.crypto.Revoked - Deprecated
OpenSSL.crypto.load_crlandOpenSSL.crypto.dump_crl - Deprecated
OpenSSL.crypto.signandOpenSSL.crypto.verify - Deprecated
OpenSSL.crypto.X509Extension
Changes:
^^^^^^^^
- Changed
OpenSSL.crypto.X509Store.add_crlto also accept
cryptography'sx509.CertificateRevocationListarguments in addition
to the now deprecatedOpenSSL.crypto.CRLarguments. - Fixed
test_set_default_verify_pathstest so that it is skipped if no
network connection is available.
v23.2.0
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Removed
X509StoreFlags.NOTIFY_POLICY.
#​1213 <https://github.com/pyca/pyopenssl/pull/1213>_.
Deprecations:
^^^^^^^^^^^^^
Changes:
^^^^^^^^
cryptographymaximum version has been increased to 41.0.x.- Invalid versions are now rejected in
OpenSSL.crypto.X509Req.set_version. - Added
X509VerificationCodestoOpenSSL.SSL.
#​1202 <https://github.com/pyca/pyopenssl/pull/1202>_.
v23.1.1
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Deprecations:
^^^^^^^^^^^^^
Changes:
^^^^^^^^
- Worked around an issue in OpenSSL 3.1.0 which caused
X509Extension.get_short_nameto raise an exception when no short name was known to OpenSSL.
#​1204 <https://github.com/pyca/pyopenssl/pull/1204>_.
v23.1.0
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Deprecations:
^^^^^^^^^^^^^
Changes:
^^^^^^^^
cryptographymaximum version has been increased to 40.0.x.- Add
OpenSSL.SSL.Connection.DTLSv1_get_timeoutandOpenSSL.SSL.Connection.DTLSv1_handle_timeout
to support DTLS timeouts#​1180 <https://github.com/pyca/pyopenssl/pull/1180>_.
v23.0.0
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Deprecations:
^^^^^^^^^^^^^
Changes:
^^^^^^^^
- Add
OpenSSL.SSL.X509StoreFlags.PARTIAL_CHAINconstant to allow for users
to perform certificate verification on partial certificate chains.
#​1166 <https://github.com/pyca/pyopenssl/pull/1166>_ cryptographymaximum version has been increased to 39.0.x.
v22.1.0
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Remove support for SSLv2 and SSLv3.
- The minimum
cryptographyversion is now 38.0.x (and we now pin releases
againstcryptographymajor versions to prevent future breakage) - The
OpenSSL.crypto.X509StoreContextErrorexception has been refactored,
changing its internal attributes.
#​1133 <https://github.com/pyca/pyopenssl/pull/1133>_
Deprecations:
^^^^^^^^^^^^^
OpenSSL.SSL.SSLeay_versionis deprecated in favor of
OpenSSL.SSL.OpenSSL_version. The constantsOpenSSL.SSL.SSLEAY_*are
deprecated in favor ofOpenSSL.SSL.OPENSSL_*.
Changes:
^^^^^^^^
- Add
OpenSSL.SSL.Connection.set_verifyandOpenSSL.SSL.Connection.get_verify_mode
to override the context object's verification flags.
#​1073 <https://github.com/pyca/pyopenssl/pull/1073>_ - Add
OpenSSL.SSL.Connection.use_certificateandOpenSSL.SSL.Connection.use_privatekey
to set a certificate per connection (and not just per context)#​1121 <https://github.com/pyca/pyopenssl/pull/1121>_.
v22.0.0
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Drop support for Python 2.7.
#​1047 <https://github.com/pyca/pyopenssl/pull/1047>_ - The minimum
cryptographyversion is now 35.0.
Deprecations:
^^^^^^^^^^^^^
Changes:
^^^^^^^^
- Expose wrappers for some
DTLS <https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security>_
primitives.#​1026 <https://github.com/pyca/pyopenssl/pull/1026>_
v21.0.0
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- The minimum
cryptographyversion is now 3.3. - Drop support for Python 3.5
Deprecations:
^^^^^^^^^^^^^
Changes:
^^^^^^^^
- Raise an error when an invalid ALPN value is set.
#​993 <https://github.com/pyca/pyopenssl/pull/993>_ - Added
OpenSSL.SSL.Context.set_min_proto_versionandOpenSSL.SSL.Context.set_max_proto_version
to set the minimum and maximum supported TLS version#​985 <https://github.com/pyca/pyopenssl/pull/985>_. - Updated
to_cryptographyandfrom_cryptographymethods to support an upcoming release ofcryptographywithout raising deprecation warnings.
#​1030 <https://github.com/pyca/pyopenssl/pull/1030>_
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Never, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.