Skip to main content

Python wrapper module around the OpenSSL library

Project description

Stable Docs https://github.com/pyca/pyopenssl/workflows/CI/badge.svg?branch=main Test coverage

Note: The Python Cryptographic Authority strongly suggests the use of pyca/cryptography where possible. If you are using pyOpenSSL for anything other than making a TLS connection you should move to cryptography and drop your pyOpenSSL dependency.

High-level wrapper around a subset of the OpenSSL library. Includes

  • SSL.Connection objects, wrapping the methods of Python’s portable sockets

  • Callbacks written in Python

  • Extensive error-handling mechanism, mirroring OpenSSL’s error codes

… and much more.

You can find more information in the documentation. Development takes place on GitHub.

Discussion

If you run into bugs, you can file them in our issue tracker.

We maintain a cryptography-dev mailing list for both user and development discussions.

You can also join #pyca on irc.libera.chat to ask questions or get involved.

Release Information

23.1.1 (2023-03-28)

Backward-incompatible changes:

Deprecations:

Changes:

  • Worked around an issue in OpenSSL 3.1.0 which caused X509Extension.get_short_name to raise an exception when no short name was known to OpenSSL. #1204.

23.1.0 (2023-03-24)

Backward-incompatible changes:

Deprecations:

Changes:

  • cryptography maximum version has been increased to 40.0.x.

  • Add OpenSSL.SSL.Connection.DTLSv1_get_timeout and OpenSSL.SSL.Connection.DTLSv1_handle_timeout to support DTLS timeouts #1180.

23.0.0 (2023-01-01)

Backward-incompatible changes:

Deprecations:

Changes:

  • Add OpenSSL.SSL.X509StoreFlags.PARTIAL_CHAIN constant to allow for users to perform certificate verification on partial certificate chains. #1166

  • cryptography maximum version has been increased to 39.0.x.

22.1.0 (2022-09-25)

Backward-incompatible changes:

  • Remove support for SSLv2 and SSLv3.

  • The minimum cryptography version is now 38.0.x (and we now pin releases against cryptography major versions to prevent future breakage)

  • The OpenSSL.crypto.X509StoreContextError exception has been refactored, changing its internal attributes. #1133

Deprecations:

  • OpenSSL.SSL.SSLeay_version is deprecated in favor of OpenSSL.SSL.OpenSSL_version. The constants OpenSSL.SSL.SSLEAY_* are deprecated in favor of OpenSSL.SSL.OPENSSL_*.

Changes:

  • Add OpenSSL.SSL.Connection.set_verify and OpenSSL.SSL.Connection.get_verify_mode to override the context object’s verification flags. #1073

  • Add OpenSSL.SSL.Connection.use_certificate and OpenSSL.SSL.Connection.use_privatekey to set a certificate per connection (and not just per context) #1121.

22.0.0 (2022-01-29)

Backward-incompatible changes:

  • Drop support for Python 2.7. #1047

  • The minimum cryptography version is now 35.0.

Deprecations:

Changes:

  • Expose wrappers for some DTLS primitives. #1026

21.0.0 (2021-09-28)

Backward-incompatible changes:

  • The minimum cryptography version is now 3.3.

  • Drop support for Python 3.5

Deprecations:

Changes:

  • Raise an error when an invalid ALPN value is set. #993

  • Added OpenSSL.SSL.Context.set_min_proto_version and OpenSSL.SSL.Context.set_max_proto_version to set the minimum and maximum supported TLS version #985.

  • Updated to_cryptography and from_cryptography methods to support an upcoming release of cryptography without raising deprecation warnings. #1030

20.0.1 (2020-12-15)

Backward-incompatible changes:

Deprecations:

Changes:

  • Fixed compatibility with OpenSSL 1.1.0.

20.0.0 (2020-11-27)

Backward-incompatible changes:

  • The minimum cryptography version is now 3.2.

  • Remove deprecated OpenSSL.tsafe module.

  • Removed deprecated OpenSSL.SSL.Context.set_npn_advertise_callback, OpenSSL.SSL.Context.set_npn_select_callback, and OpenSSL.SSL.Connection.get_next_proto_negotiated.

  • Drop support for Python 3.4

  • Drop support for OpenSSL 1.0.1 and 1.0.2

Deprecations:

  • Deprecated OpenSSL.crypto.loads_pkcs7 and OpenSSL.crypto.loads_pkcs12.

Changes:

  • Added a new optional chain parameter to OpenSSL.crypto.X509StoreContext() where additional untrusted certificates can be specified to help chain building. #948

  • Added OpenSSL.crypto.X509Store.load_locations to set trusted certificate file bundles and/or directories for verification. #943

  • Added Context.set_keylog_callback to log key material. #910

  • Added OpenSSL.SSL.Connection.get_verified_chain to retrieve the verified certificate chain of the peer. #894.

  • Make verification callback optional in Context.set_verify. If omitted, OpenSSL’s default verification is used. #933

  • Fixed a bug that could truncate or cause a zero-length key error due to a null byte in private key passphrase in OpenSSL.crypto.load_privatekey and OpenSSL.crypto.dump_privatekey. #947

19.1.0 (2019-11-18)

Backward-incompatible changes:

  • Removed deprecated ContextType, ConnectionType, PKeyType, X509NameType, X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, and NetscapeSPKIType aliases. Use the classes without the Type suffix instead. #814

  • The minimum cryptography version is now 2.8 due to issues on macOS with a transitive dependency. #875

Deprecations:

  • Deprecated OpenSSL.SSL.Context.set_npn_advertise_callback, OpenSSL.SSL.Context.set_npn_select_callback, and OpenSSL.SSL.Connection.get_next_proto_negotiated. ALPN should be used instead. #820

Changes:

  • Support bytearray in SSL.Connection.send() by using cffi’s from_buffer. #852

  • The OpenSSL.SSL.Context.set_alpn_select_callback can return a new NO_OVERLAPPING_PROTOCOLS sentinel value to allow a TLS handshake to complete without an application protocol.

Full changelog.

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pyOpenSSL-23.1.1.tar.gz (183.4 kB view details)

Uploaded Source

Built Distribution

pyOpenSSL-23.1.1-py3-none-any.whl (57.9 kB view details)

Uploaded Python 3

File details

Details for the file pyOpenSSL-23.1.1.tar.gz.

File metadata

  • Download URL: pyOpenSSL-23.1.1.tar.gz
  • Upload date:
  • Size: 183.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.1 CPython/3.10.1

File hashes

Hashes for pyOpenSSL-23.1.1.tar.gz
Algorithm Hash digest
SHA256 841498b9bec61623b1b6c47ebbc02367c07d60e0e195f19790817f10cc8db0b7
MD5 8b560a85b1feec02ba4f4542dadecf07
BLAKE2b-256 8f72f1d9e92f5d3a58aba3b71ad512de19eb9f82e7b98795662bf7b796be71e5

See more details on using hashes here.

File details

Details for the file pyOpenSSL-23.1.1-py3-none-any.whl.

File metadata

  • Download URL: pyOpenSSL-23.1.1-py3-none-any.whl
  • Upload date:
  • Size: 57.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.1 CPython/3.10.1

File hashes

Hashes for pyOpenSSL-23.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 9e0c526404a210df9d2b18cd33364beadb0dc858a739b885677bc65e105d4a4c
MD5 0a43b97c92bec3b28f00b2d4cdbfdb12
BLAKE2b-256 b76dd7377332703ffd8821878794aca4fb54637da654bf3e467ffb32109c2147

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page