		@@ -7,2 +7,27 @@ Changelog

		24.3.0 (2024-11-27)
		-------------------

		Backward-incompatible changes:
		^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

		- Removed the deprecated ``OpenSSL.crypto.CRL``, ``OpenSSL.crypto.Revoked``, ``OpenSSL.crypto.dump_crl``, and ``OpenSSL.crypto.load_crl``. ``cryptography.x509``'s CRL functionality should be used instead.
		- Removed the deprecated ``OpenSSL.crypto.sign`` and ``OpenSSL.crypto.verify``. ``cryptography.hazmat.primitives.asymmetric``'s signature APIs should be used instead.

		Deprecations:
		^^^^^^^^^^^^^

		- Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead.
		- Deprecated ``add_extensions`` and ``get_extensions`` on ``OpenSSL.crypto.X509Req`` and ``OpenSSL.crypto.X509``. These should have been deprecated at the same time ``X509Extension`` was. Users should use pyca/cryptography's X.509 APIs instead.
		- Deprecated ``OpenSSL.crypto.get_elliptic_curves`` and ``OpenSSL.crypto.get_elliptic_curve``, as well as passing the reult of them to ``OpenSSL.SSL.Context.set_tmp_ecdh``, users should instead pass curves from ``cryptography``.
		- Deprecated passing ``X509`` objects to ``OpenSSL.SSL.Context.use_certificate``, ``OpenSSL.SSL.Connection.use_certificate``, ``OpenSSL.SSL.Context.add_extra_chain_cert``, and ``OpenSSL.SSL.Context.add_client_ca``, users should instead pass ``cryptography.x509.Certificate`` instances. This is in preparation for deprecating pyOpenSSL's ``X509`` entirely.
		- Deprecated passing ``PKey`` objects to ``OpenSSL.SSL.Context.use_privatekey`` and ``OpenSSL.SSL.Connection.use_privatekey``, users should instead pass ``cryptography`` priate key instances. This is in preparation for deprecating pyOpenSSL's ``PKey`` entirely.

		Changes:
		^^^^^^^^

		* ``cryptography`` maximum version has been increased to 44.0.x.
		* ``OpenSSL.SSL.Connection.get_certificate``, ``OpenSSL.SSL.Connection.get_peer_certificate``, ``OpenSSL.SSL.Connection.get_peer_cert_chain``, and ``OpenSSL.SSL.Connection.get_verified_chain`` now take an ``as_cryptography`` keyword-argument. When ``True`` is passed then ``cryptography.x509.Certificate`` are returned, instead of ``OpenSSL.crypto.X509``. In the future, passing ``False`` (the default) will be deprecated.


		24.2.1 (2024-07-20)
		@@ -9,0 +34,0 @@ -------------------

+3

-33

doc/api/crypto.rst

		@@ -9,4 +9,6 @@ .. _openssl-crypto:

		.. note::
		.. danger::

		This module is pending deprecation, use pyca/cryptography instead.

		`pyca/cryptography`_ is likely a better choice than using this module.
		@@ -65,17 +67,3 @@ It contains a complete set of cryptographic primitives as well as a significantly better and more powerful X509 API.

		Certificate revocation lists
		~~~~~~~~~~~~~~~~~~~~~~~~~~~~

		.. autofunction:: dump_crl

		.. autofunction:: load_crl

		Signing and verifying signatures
		--------------------------------

		.. autofunction:: sign

		.. autofunction:: verify


		.. _openssl-x509:
		@@ -175,20 +163,2 @@

		.. _crl:

		CRL objects
		-----------

		.. autoclass:: CRL
		:members:
		:special-members:
		:exclude-members: __weakref__

		.. _revoked:

		Revoked objects
		---------------

		.. autoclass:: Revoked
		:members:

		Exceptions
		@@ -195,0 +165,0 @@ ----------

+0

-10

doc/api/ssl.rst

		@@ -153,7 +153,2 @@ .. _openssl-ssl:

		.. py:data:: ContextType

		See :py:class:`Context`.


		.. autoclass:: Context
		@@ -165,7 +160,2 @@ :noindex:

		.. py:data:: ConnectionType

		See :py:class:`Connection`.


		.. py:class:: Connection(context, socket)
		@@ -172,0 +162,0 @@ :noindex:

+6

-5

doc/conf.py

		@@ -125,9 +125,10 @@ #
		# a list of builtin themes.
		on_rtd = os.environ.get("READTHEDOCS", None) == "True"
		if os.environ.get("READTHEDOCS", None) == "True":
		html_baseurl = os.environ.get("READTHEDOCS_CANONICAL_URL", "")

		if not on_rtd: # only import and set the theme if we're building docs locally
		import sphinx_rtd_theme
		if "html_context" not in globals():
		html_context = {}
		html_context["READTHEDOCS"] = True

		html_theme = "sphinx_rtd_theme"
		html_theme_path = [sphinx_rtd_theme.get_html_theme_path()]
		html_theme = "sphinx_rtd_theme"

		@@ -134,0 +135,0 @@ # Theme options are theme-specific and customize the look and feel of a theme

+0

-5

INSTALL.rst

		@@ -26,8 +26,3 @@ Installation
		pyOpenSSL supports the same platforms and releases as the upstream cryptography project `does <https://cryptography.io/en/latest/installation/#supported-platforms>`_.
		Currently that means:

		- 1.1.0
		- 1.1.1
		- 3.0

		You can always find out the versions of pyOpenSSL, cryptography, and the linked OpenSSL by running ``python -m OpenSSL.debug``.
		@@ -34,0 +29,0 @@

+1

-1

MANIFEST.in

		include LICENSE MANIFEST.in *.rst tox.ini .coveragerc src/OpenSSL/py.typed
		exclude codecov.yml .readthedocs.yml mypy.ini
		exclude .readthedocs.yml mypy.ini
		recursive-include tests *.py
		recursive-include doc *
		prune doc/_build

+28

-6

PKG-INFO

		Metadata-Version: 2.1
		Name: pyOpenSSL
		Version: 24.2.1
		Version: 24.3.0
		Summary: Python wrapper module around the OpenSSL library
		@@ -23,2 +23,3 @@ Home-page: https://pyopenssl.org/
		Classifier: Programming Language :: Python :: 3.12
		Classifier: Programming Language :: Python :: 3.13
		Classifier: Programming Language :: Python :: Implementation :: CPython
		@@ -31,3 +32,3 @@ Classifier: Programming Language :: Python :: Implementation :: PyPy
		License-File: LICENSE
		Requires-Dist: cryptography<44,>=41.0.5
		Requires-Dist: cryptography<45,>=41.0.5
		Provides-Extra: test
		@@ -52,6 +53,2 @@ Requires-Dist: pytest-rerunfailures; extra == "test"

		.. image:: https://codecov.io/github/pyca/pyopenssl/branch/main/graph/badge.svg
		:target: https://codecov.io/github/pyca/pyopenssl
		:alt: Test coverage

		Note: The Python Cryptographic Authority strongly suggests the use of `pyca/cryptography`_
		@@ -93,2 +90,27 @@ where possible. If you are using pyOpenSSL for anything other than making a TLS connection

		24.3.0 (2024-11-27)
		-------------------

		Backward-incompatible changes:
		^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

		- Removed the deprecated ``OpenSSL.crypto.CRL``, ``OpenSSL.crypto.Revoked``, ``OpenSSL.crypto.dump_crl``, and ``OpenSSL.crypto.load_crl``. ``cryptography.x509``'s CRL functionality should be used instead.
		- Removed the deprecated ``OpenSSL.crypto.sign`` and ``OpenSSL.crypto.verify``. ``cryptography.hazmat.primitives.asymmetric``'s signature APIs should be used instead.

		Deprecations:
		^^^^^^^^^^^^^

		- Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead.
		- Deprecated ``add_extensions`` and ``get_extensions`` on ``OpenSSL.crypto.X509Req`` and ``OpenSSL.crypto.X509``. These should have been deprecated at the same time ``X509Extension`` was. Users should use pyca/cryptography's X.509 APIs instead.
		- Deprecated ``OpenSSL.crypto.get_elliptic_curves`` and ``OpenSSL.crypto.get_elliptic_curve``, as well as passing the reult of them to ``OpenSSL.SSL.Context.set_tmp_ecdh``, users should instead pass curves from ``cryptography``.
		- Deprecated passing ``X509`` objects to ``OpenSSL.SSL.Context.use_certificate``, ``OpenSSL.SSL.Connection.use_certificate``, ``OpenSSL.SSL.Context.add_extra_chain_cert``, and ``OpenSSL.SSL.Context.add_client_ca``, users should instead pass ``cryptography.x509.Certificate`` instances. This is in preparation for deprecating pyOpenSSL's ``X509`` entirely.
		- Deprecated passing ``PKey`` objects to ``OpenSSL.SSL.Context.use_privatekey`` and ``OpenSSL.SSL.Connection.use_privatekey``, users should instead pass ``cryptography`` priate key instances. This is in preparation for deprecating pyOpenSSL's ``PKey`` entirely.

		Changes:
		^^^^^^^^

		* ``cryptography`` maximum version has been increased to 44.0.x.
		* ``OpenSSL.SSL.Connection.get_certificate``, ``OpenSSL.SSL.Connection.get_peer_certificate``, ``OpenSSL.SSL.Connection.get_peer_cert_chain``, and ``OpenSSL.SSL.Connection.get_verified_chain`` now take an ``as_cryptography`` keyword-argument. When ``True`` is passed then ``cryptography.x509.Certificate`` are returned, instead of ``OpenSSL.crypto.X509``. In the future, passing ``False`` (the default) will be deprecated.


		24.2.1 (2024-07-20)
		@@ -95,0 +117,0 @@ -------------------

+7

-2

pyproject.toml

		[tool.coverage.run]
		branch = true
		relative_files = true
		source = ["OpenSSL", "tests/"]
		@@ -8,4 +9,6 @@
		"src/OpenSSL",
		".tox//lib/python/site-packages/OpenSSL",
		".tox/pypy/site-packages/OpenSSL",
		".tox//lib/python*/site-packages/OpenSSL",
		".tox//lib/pypy*/site-packages/OpenSSL",
		"*.tox/pypy/site-packages/OpenSSL",
		".tox\\\\Lib\\site-packages\\OpenSSL",
		]
		@@ -43,4 +46,6 @@
		line-length = 79
		# Remove if/when we move setup.py python-requires metadata to pyproject.toml
		target-version = "py37"

		[tool.ruff.lint.isort]
		known-first-party = ["OpenSSL", "tests"]

+0

-4

README.rst

		@@ -12,6 +12,2 @@ ========================================================

		.. image:: https://codecov.io/github/pyca/pyopenssl/branch/main/graph/badge.svg
		:target: https://codecov.io/github/pyca/pyopenssl
		:alt: Test coverage

		Note: The Python Cryptographic Authority strongly suggests the use of `pyca/cryptography`_
		@@ -18,0 +14,0 @@ where possible. If you are using pyOpenSSL for anything other than making a TLS connection

+2

-1

setup.py

		@@ -86,2 +86,3 @@ #!/usr/bin/env python
		"Programming Language :: Python :: 3.12",
		"Programming Language :: Python :: 3.13",
		"Programming Language :: Python :: Implementation :: CPython",
		@@ -97,3 +98,3 @@ "Programming Language :: Python :: Implementation :: PyPy",
		install_requires=[
		"cryptography>=41.0.5,<44",
		"cryptography>=41.0.5,<45",
		],
		@@ -100,0 +101,0 @@ extras_require={

+1

-1

src/OpenSSL/__init__.py

		@@ -22,3 +22,2 @@ # Copyright (C) AB Strakt
		"SSL",
		"crypto",
		"__author__",
		@@ -32,2 +31,3 @@ "__copyright__",
		"__version__",
		"crypto",
		]

+5

-3

src/OpenSSL/_util.py

		@@ -0,5 +1,7 @@
		from __future__ import annotations

		import os
		import sys
		import warnings
		from typing import Any, Callable, NoReturn, Type, Union
		from typing import Any, Callable, NoReturn, Union

		@@ -34,3 +36,3 @@ from cryptography.hazmat.bindings.openssl.binding import Binding

		def exception_from_error_queue(exception_type: Type[Exception]) -> NoReturn:
		def exception_from_error_queue(exception_type: type[Exception]) -> NoReturn:
		"""
		@@ -61,3 +63,3 @@ Convert an OpenSSL library failure into a Python exception.

		def make_assert(error: Type[Exception]) -> Callable[[bool], Any]:
		def make_assert(error: type[Exception]) -> Callable[[bool], Any]:
		"""
		@@ -64,0 +66,0 @@ Create an assert function that uses :func:`exception_from_error_queue` to

+8

-0

src/OpenSSL/rand.py

		@@ -5,5 +5,13 @@ """

		import warnings

		from OpenSSL._util import lib as _lib

		warnings.warn(
		"OpenSSL.rand is deprecated - you should use os.urandom instead",
		DeprecationWarning,
		stacklevel=3,
		)


		def add(buffer: bytes, entropy: int) -> None:
		@@ -10,0 +18,0 @@ """

+1

-1

src/OpenSSL/version.py

		@@ -20,3 +20,3 @@ # Copyright (C) AB Strakt

		__version__ = "24.2.1"
		__version__ = "24.3.0"

		@@ -23,0 +23,0 @@ __title__ = "pyOpenSSL"

+28

-6

src/pyOpenSSL.egg-info/PKG-INFO

		Metadata-Version: 2.1
		Name: pyOpenSSL
		Version: 24.2.1
		Version: 24.3.0
		Summary: Python wrapper module around the OpenSSL library
		@@ -23,2 +23,3 @@ Home-page: https://pyopenssl.org/
		Classifier: Programming Language :: Python :: 3.12
		Classifier: Programming Language :: Python :: 3.13
		Classifier: Programming Language :: Python :: Implementation :: CPython
		@@ -31,3 +32,3 @@ Classifier: Programming Language :: Python :: Implementation :: PyPy
		License-File: LICENSE
		Requires-Dist: cryptography<44,>=41.0.5
		Requires-Dist: cryptography<45,>=41.0.5
		Provides-Extra: test
		@@ -52,6 +53,2 @@ Requires-Dist: pytest-rerunfailures; extra == "test"

		.. image:: https://codecov.io/github/pyca/pyopenssl/branch/main/graph/badge.svg
		:target: https://codecov.io/github/pyca/pyopenssl
		:alt: Test coverage

		Note: The Python Cryptographic Authority strongly suggests the use of `pyca/cryptography`_
		@@ -93,2 +90,27 @@ where possible. If you are using pyOpenSSL for anything other than making a TLS connection

		24.3.0 (2024-11-27)
		-------------------

		Backward-incompatible changes:
		^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

		- Removed the deprecated ``OpenSSL.crypto.CRL``, ``OpenSSL.crypto.Revoked``, ``OpenSSL.crypto.dump_crl``, and ``OpenSSL.crypto.load_crl``. ``cryptography.x509``'s CRL functionality should be used instead.
		- Removed the deprecated ``OpenSSL.crypto.sign`` and ``OpenSSL.crypto.verify``. ``cryptography.hazmat.primitives.asymmetric``'s signature APIs should be used instead.

		Deprecations:
		^^^^^^^^^^^^^

		- Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead.
		- Deprecated ``add_extensions`` and ``get_extensions`` on ``OpenSSL.crypto.X509Req`` and ``OpenSSL.crypto.X509``. These should have been deprecated at the same time ``X509Extension`` was. Users should use pyca/cryptography's X.509 APIs instead.
		- Deprecated ``OpenSSL.crypto.get_elliptic_curves`` and ``OpenSSL.crypto.get_elliptic_curve``, as well as passing the reult of them to ``OpenSSL.SSL.Context.set_tmp_ecdh``, users should instead pass curves from ``cryptography``.
		- Deprecated passing ``X509`` objects to ``OpenSSL.SSL.Context.use_certificate``, ``OpenSSL.SSL.Connection.use_certificate``, ``OpenSSL.SSL.Context.add_extra_chain_cert``, and ``OpenSSL.SSL.Context.add_client_ca``, users should instead pass ``cryptography.x509.Certificate`` instances. This is in preparation for deprecating pyOpenSSL's ``X509`` entirely.
		- Deprecated passing ``PKey`` objects to ``OpenSSL.SSL.Context.use_privatekey`` and ``OpenSSL.SSL.Connection.use_privatekey``, users should instead pass ``cryptography`` priate key instances. This is in preparation for deprecating pyOpenSSL's ``PKey`` entirely.

		Changes:
		^^^^^^^^

		* ``cryptography`` maximum version has been increased to 44.0.x.
		* ``OpenSSL.SSL.Connection.get_certificate``, ``OpenSSL.SSL.Connection.get_peer_certificate``, ``OpenSSL.SSL.Connection.get_peer_cert_chain``, and ``OpenSSL.SSL.Connection.get_verified_chain`` now take an ``as_cryptography`` keyword-argument. When ``True`` is passed then ``cryptography.x509.Certificate`` are returned, instead of ``OpenSSL.crypto.X509``. In the future, passing ``False`` (the default) will be deprecated.


		24.2.1 (2024-07-20)
		@@ -95,0 +117,0 @@ -------------------

+1

-1

src/pyOpenSSL.egg-info/requires.txt

		@@ -1,2 +0,2 @@
		cryptography<44,>=41.0.5
		cryptography<45,>=41.0.5

		@@ -3,0 +3,0 @@ [docs]

+0

-1

src/pyOpenSSL.egg-info/SOURCES.txt

		@@ -46,3 +46,2 @@ CHANGELOG.rst
		tests/conftest.py
		tests/memdbg.py
		tests/test_crypto.py
		@@ -49,0 +48,0 @@ tests/test_debug.py

+1

-10

tox.ini

		[tox]
		envlist = py{py3,37,38,39,310,311,312}{,-cryptographyMinimum}{,-useWheel}{,-randomorder},py311-twistedTrunk,check-manifest,lint,py311-mypy,docs,coverage-report
		envlist = py{py3,37,38,39,310,311,312,313}{,-cryptographyMinimum}{,-useWheel}{,-randomorder},check-manifest,lint,py311-mypy,docs,coverage-report

		@@ -35,11 +35,2 @@ [testenv]

		[testenv:py311-twistedTrunk]
		deps =
		pyasn1!=0.5.0
		Twisted[all_non_platform] @ git+https://github.com/twisted/twisted
		setenv =
		commands =
		python -m OpenSSL.debug
		python -m twisted.trial -j4 --reporter=text twisted

		[testenv:lint]
		@@ -46,0 +37,0 @@ basepython = python3

-89

tests/memdbg.py

		import sys
		import traceback

		from cffi import api as _api

		sys.modules["ssl"] = None
		sys.modules["_hashlib"] = None


		_ffi = _api.FFI()
		_ffi.cdef(
		"""
		void *malloc(size_t size);
		void free(void *ptr);
		void realloc(void ptr, size_t size);

		int CRYPTO_set_mem_functions(
		void (m)(size_t),void (r)(void ,size_t), void (f)(void *));

		int backtrace(void **buffer, int size);
		char *backtrace_symbols(void const *buffer, int size);
		void backtrace_symbols_fd(void const buffer, int size, int fd);
		"""
		)
		_api = _ffi.verify(
		"""
		#include <openssl/crypto.h>
		#include <stdlib.h>
		#include <execinfo.h>
		""",
		libraries=["crypto"],
		)
		C = _ffi.dlopen(None)

		verbose = False


		def log(s):
		if verbose:
		print(s)


		def _backtrace():
		buf = _ffi.new("void*[]", 64)
		result = _api.backtrace(buf, len(buf))
		strings = _api.backtrace_symbols(buf, result)
		stack = [_ffi.string(strings[i]) for i in range(result)]
		C.free(strings)
		return stack


		@_ffi.callback("void()(size_t)")
		def malloc(n):
		memory = C.malloc(n)
		python_stack = traceback.extract_stack(limit=3)
		c_stack = _backtrace()
		heap[memory] = [(n, python_stack, c_stack)]
		log("malloc(%d) -> %s" % (n, memory))
		return memory


		@_ffi.callback("void()(void*, size_t)")
		def realloc(p, n):
		memory = C.realloc(p, n)
		old = heap.pop(p)

		python_stack = traceback.extract_stack(limit=3)
		c_stack = _backtrace()

		old.append((n, python_stack, c_stack))
		heap[memory] = old
		log("realloc(0x%x, %d) -> %s" % (int(_ffi.cast("int", p)), n, memory))
		return memory


		@_ffi.callback("void()(void)")
		def free(p):
		if p != _ffi.NULL:
		C.free(p)
		del heap[p]
		log("free(0x{:x})".format(int(_ffi.cast("int", p))))


		if _api.CRYPTO_set_mem_functions(malloc, realloc, free):
		log("Enabled memory debugging")
		heap = {}
		else:
		log("Failed to enable memory debugging")
		heap = None

src/OpenSSL/crypto.py

Sorry, the diff of this file is too big to display

src/OpenSSL/SSL.py

Sorry, the diff of this file is too big to display

tests/test_crypto.py

Sorry, the diff of this file is too big to display

tests/test_ssl.py

Sorry, the diff of this file is too big to display

pyopenssl - npm Package Compare versions

Worsened metrics