Skip to content

23.1.0
Compare
Choose a tag to compare
@hynek hynek released this 14 Jun 08:11
· 52 commits to main since this release
23.1.0
This tag was signed with the committer’s verified signature. The key has expired.
hynek Hynek Schlawack
GPG key ID: AE2536227F69F181
Expired
Verified
Learn about vigilant mode.
be2f984
This commit was signed with the committer’s verified signature. The key has expired.
hynek Hynek Schlawack
GPG key ID: AE2536227F69F181
Expired
Verified
Learn about vigilant mode.

Highlights

Since there wasn't any interest in adding more verification methods, this release makes the service identity pattern extraction from pyOpenSSL and PyCA cryptography certificate public APIs. Check out service_identity.cryptography.extract_patterns() and service_identity.pyopenssl.extract_patterns()!

It also adds type hints and removes support for commonName. Otherwise there's no changes to how service identities are extracted or compared.

Special Thanks

This release would not be possible without my generous sponsors! Thank you to all of you making sustainable maintenance possible! If you would like to join them, go to https://github.com/sponsors/hynek and check out the sweet perks!

Above and Beyond

Variomedia AG (@variomedia), Tidelift (@tidelift), Sentry (@getsentry), HiredScore (@HiredScore), FilePreviews (@filepreviews), and Daniel Fortunov (@asqui).

Maintenance Sustainers

Adam Hill (@adamghill), Dan Groshev (@si14), Magnus Watn (@magnuswatn), David Cramer (@dcramer), Moving Content AG (@moving-content), Stein Magnus Jodal (@jodal), ProteinQure (@ProteinQure), Jesse Snyder (@jessesnyder), Rivo Laks (@rivol), Tom Ballinger (@thomasballinger), Ionel Cristian Mărieș (@ionelmc), The Westervelt Company (@westerveltco), Philippe Galvan (@PhilippeGalvan), Birk Jernström (@birkjernstrom), Tim Schilling (@tim-schilling), Chris Withers (@cjw296), Christopher Dignam (@chdsbd), and Stefan Hagen (@sthagen).

Not to forget 5 more amazing humans who chose to be generous but anonymous!

Full Changelog

Removed

  • All Python versions up to and including 3.7 have been dropped.
  • Support for commonName in certificates has been dropped. It has been deprecated since 2017 and isn't supported by any major browser.
  • The oldest supported pyOpenSSL version (when using the pyopenssl backend) is now 17.0.0. When using such an old pyOpenSSL version, you have to pin cryptography yourself to ensure compatibility between them. Please check out contraints/oldest-pyopenssl.txt to verify what we are testing against.

Deprecated

  • If you've used service_identity.(cryptography|pyopenssl).extract_ids(), please switch to the new names extract_patterns(). #56

Added

  • service_identity.(cryptography|pyopenssl).extract_patterns() are now public APIs (FKA extract_ids()). You can use them to extract the patterns from a certificate without verifying anything. #55
  • service-identity is now fully typed. #57

Contributors

dcramer, jodal, and 22 other contributors
Assets 2
Loading