|
|
Upgrade to release 3.0:
- Deprecated support for Python 2. At the time there is no time
table for actually dropping support, however we strongly
encourage all users to upgrade their Python, as Python 2 no
longer receives support from the Python core team.
- Added support for OpenSSH serialization format for ec, ed25519,
rsa and dsa private keys.
- Added support for OpenSSH certificates.
- Added :meth:`~cryptography.fernet.Fernet.encrypt_at_time` and
:meth:`~cryptography.fernet.Fernet.decrypt_at_time` to
:class:`~cryptography.fernet.Fernet`.
- Added support for the :class:`~cryptography.x509.SubjectInformationAccess`
X.509 extension.
- Added support for parsing :class:`~cryptography.x509.SignedCertificateTimestamps`
in OCSP responses.
- Added support for parsing attributes in certificate signing
requests.
- Added support for encoding attributes in certificate signing
requests.
- On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL's
built-in CSPRNG instead of its own OS random engine because
ithese versions of OpenSSL properly reseed on fork.
BACKWARDS INCOMPATIBLE:
- Support for LibreSSL 2.7.x, 2.8.x, and 2.9.0 has been removed
(2.9.1+ is still supported).
- Dropped support for macOS 10.9, macOS users must upgrade to
10.10 or newer.
- RSA :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key`
no longer accepts public_exponent values except 65537 and 3
(the latter for legacy purposes).
- X.509 certificate parsing now enforces that the version field
contains a valid value, rather than deferring this check until
:attr:`~cryptography.x509.Certificate.version` is accessed.
- Added initial support for creating PKCS12 files with
:func:`~cryptography.hazmat.primitives.serialization.pkcs12.serialize_key_and_certificates`.
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Acked-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
