|
 |
dde086 |
%global build_api_doc 1
|
|
|
dde086 |
%global with_python2 0
|
|
|
dde086 |
%global with_python3 0
|
|
|
dde086 |
|
|
|
dde086 |
%if (0%{?fedora} > 0 && 0%{?fedora} < 32) || (0%{?rhel} > 0 && 0%{?rhel} <= 7)
|
|
|
dde086 |
%global with_python2 1
|
|
|
dde086 |
%endif
|
|
|
dde086 |
|
|
|
dde086 |
%if 0%{?fedora} || 0%{?rhel} >= 8
|
|
|
dde086 |
%global with_python3 1
|
|
|
dde086 |
%endif
|
|
|
dde086 |
|
|
|
dde086 |
Name: python-nss
|
|
|
dde086 |
Version: 1.0.1
|
|
|
dde086 |
Release: 10%{?dist}
|
|
|
dde086 |
Summary: Python bindings for Network Security Services (NSS)
|
|
|
dde086 |
|
|
|
dde086 |
Group: Development/Languages
|
|
|
dde086 |
License: MPLv2.0 or GPLv2+ or LGPLv2+
|
|
|
dde086 |
URL: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Python_binding_for_NSS
|
|
|
dde086 |
Source0: https://ftp.mozilla.org/pub/mozilla.org/security/python-nss/releases/PYNSS_RELEASE_1_0_1/src/python-nss-%{version}.tar.bz2
|
|
|
dde086 |
|
|
|
dde086 |
Patch1: sphinx.patch
|
|
|
dde086 |
|
|
|
dde086 |
%global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
|
|
|
dde086 |
%global py2dir %{_builddir}/python2-%{name}-%{version}-%{release}
|
|
|
dde086 |
|
|
|
dde086 |
# we don't want to provide private python extension libs in either
|
|
|
dde086 |
#the python2 or python3 dirs
|
|
|
dde086 |
%global __provides_exclude_from ^(%{python2_sitearch}|%{python3_sitearch})/.*\\.so$
|
|
|
dde086 |
|
|
|
dde086 |
BuildRequires: nspr-devel
|
|
|
dde086 |
BuildRequires: nss-devel
|
|
|
dde086 |
BuildRequires: python3-devel
|
|
|
dde086 |
BuildRequires: python3-sphinx
|
|
|
dde086 |
|
|
|
dde086 |
%global _description\
|
|
|
dde086 |
This package provides Python bindings for Network Security Services\
|
|
|
dde086 |
(NSS) and the Netscape Portable Runtime (NSPR).\
|
|
|
dde086 |
\
|
|
|
dde086 |
NSS is a set of libraries supporting security-enabled client and\
|
|
|
dde086 |
server applications. Applications built with NSS can support SSL v2\
|
|
|
dde086 |
and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3\
|
|
|
dde086 |
certificates, and other security standards. Specific NSS\
|
|
|
dde086 |
implementations have been FIPS-140 certified.
|
|
|
dde086 |
|
|
|
dde086 |
%description %_description
|
|
|
dde086 |
|
|
|
dde086 |
%if %{with_python2}
|
|
|
dde086 |
|
|
|
dde086 |
%package -n python2-nss
|
|
|
dde086 |
|
|
|
dde086 |
BuildRequires: python2-devel
|
|
|
dde086 |
BuildRequires: python2-setuptools
|
|
|
dde086 |
BuildRequires: python2-sphinx
|
|
|
dde086 |
|
|
|
dde086 |
%{?python_provide:%python_provide python2-nss}
|
|
|
dde086 |
|
|
|
dde086 |
Summary: %summary
|
|
|
dde086 |
%{?python_provide:%python_provide python2-nss}
|
|
|
dde086 |
|
|
|
dde086 |
%description -n python2-nss %_description
|
|
|
dde086 |
|
|
|
dde086 |
%endif
|
|
|
dde086 |
|
|
|
dde086 |
%if %{with_python3}
|
|
|
dde086 |
|
|
|
dde086 |
%package -n python3-nss
|
|
|
dde086 |
|
|
|
dde086 |
BuildRequires: python3-devel
|
|
|
dde086 |
BuildRequires: python3-setuptools
|
|
|
dde086 |
BuildRequires: python3-sphinx
|
|
|
dde086 |
|
|
|
dde086 |
%{?python_provide:%python_provide python3-nss}
|
|
|
dde086 |
|
|
|
dde086 |
Summary: Python3 bindings for Network Security Services (NSS)
|
|
|
dde086 |
|
|
|
dde086 |
%description -n python3-nss %_description
|
|
|
dde086 |
|
|
|
dde086 |
%endif
|
|
|
dde086 |
|
|
|
dde086 |
%package doc
|
|
|
dde086 |
Group: Documentation
|
|
|
dde086 |
Summary: API documentation and examples
|
|
|
dde086 |
|
|
|
dde086 |
%description doc
|
|
|
dde086 |
API documentation and examples
|
|
|
dde086 |
|
|
|
dde086 |
%prep
|
|
|
dde086 |
%setup -q
|
|
|
dde086 |
%patch1 -p1
|
|
|
dde086 |
|
|
|
dde086 |
%if %{with_python2}
|
|
|
dde086 |
rm -rf %{py2dir}
|
|
|
dde086 |
cp -a . %{py2dir}
|
|
|
dde086 |
%endif
|
|
|
dde086 |
|
|
|
dde086 |
%build
|
|
|
dde086 |
%if %{with_python2}
|
|
|
dde086 |
pushd %{py2dir}
|
|
|
dde086 |
%py2_build
|
|
|
dde086 |
popd
|
|
|
dde086 |
%endif
|
|
|
dde086 |
|
|
|
dde086 |
%if %{with_python3}
|
|
|
dde086 |
%py3_build
|
|
|
dde086 |
%endif
|
|
|
dde086 |
|
|
|
dde086 |
%if %{build_api_doc}
|
|
|
dde086 |
%{__python3} setup.py build_doc
|
|
|
dde086 |
%endif
|
|
|
dde086 |
|
|
|
dde086 |
|
|
|
dde086 |
%install
|
|
|
dde086 |
rm -rf $RPM_BUILD_ROOT
|
|
|
dde086 |
|
|
|
dde086 |
%if %{with_python2}
|
|
|
dde086 |
pushd %{py2dir}
|
|
|
dde086 |
%py2_install
|
|
|
dde086 |
popd
|
|
|
dde086 |
%endif
|
|
|
dde086 |
|
|
|
dde086 |
%if %{with_python3}
|
|
|
dde086 |
%py3_install
|
|
|
dde086 |
%{__python3} setup.py install_doc --docdir %{docdir} --skip-build --root $RPM_BUILD_ROOT
|
|
|
dde086 |
|
|
|
dde086 |
%endif
|
|
|
dde086 |
|
|
|
dde086 |
# Remove execution permission from any example/test files in docdir
|
|
|
dde086 |
find $RPM_BUILD_ROOT/%{docdir} -type f | xargs chmod a-x
|
|
|
dde086 |
|
|
|
dde086 |
# Set correct permissions on .so files
|
|
|
dde086 |
chmod 0755 $RPM_BUILD_ROOT/%{python3_sitearch}/nss/*.so
|
|
|
dde086 |
|
|
|
dde086 |
%clean
|
|
|
dde086 |
%if %{with_python2}
|
|
|
dde086 |
rm -rf %{py2dir}
|
|
|
dde086 |
%endif
|
|
|
dde086 |
|
|
|
dde086 |
%if %{with_python2}
|
|
|
dde086 |
|
|
|
dde086 |
%files -n python2-nss
|
|
|
dde086 |
%defattr(-,root,root,-)
|
|
|
dde086 |
%{python2_sitearch}/*
|
|
|
dde086 |
%doc %{docdir}/ChangeLog
|
|
|
dde086 |
%doc %{docdir}/LICENSE.gpl
|
|
|
dde086 |
%doc %{docdir}/LICENSE.lgpl
|
|
|
dde086 |
%doc %{docdir}/LICENSE.mpl
|
|
|
dde086 |
%doc %{docdir}/README
|
|
|
dde086 |
|
|
|
dde086 |
%endif
|
|
|
dde086 |
|
|
|
dde086 |
%if %{with_python3}
|
|
|
dde086 |
|
|
|
dde086 |
%files -n python3-nss
|
|
|
dde086 |
%{python3_sitearch}/*
|
|
|
dde086 |
%doc %{docdir}/ChangeLog
|
|
|
dde086 |
%doc %{docdir}/LICENSE.gpl
|
|
|
dde086 |
%doc %{docdir}/LICENSE.lgpl
|
|
|
dde086 |
%doc %{docdir}/LICENSE.mpl
|
|
|
dde086 |
%doc %{docdir}/README
|
|
|
dde086 |
|
|
|
dde086 |
%endif
|
|
|
dde086 |
|
|
|
dde086 |
%files doc
|
|
|
dde086 |
%defattr(-,root,root,-)
|
|
|
dde086 |
%doc %{docdir}/examples
|
|
|
dde086 |
%doc %{docdir}/test
|
|
|
dde086 |
%if %{build_api_doc}
|
|
|
dde086 |
%doc %{docdir}/api
|
|
|
dde086 |
%endif
|
|
|
dde086 |
|
|
|
dde086 |
%changelog
|
|
|
dde086 |
* Fri Jul 6 2018 <jdennis@redhat.com> - 1.0.1-10
|
|
|
dde086 |
- Move documentation generator from epydoc to Sphinx autodoc
|
|
|
dde086 |
- Modify py2/py3 build logic to comply with new guidelines
|
|
|
dde086 |
|
|
|
dde086 |
* Wed Jun 27 2018 Charalampos Stratakis <cstratak@redhat.com> - 1.0.1-9
|
|
|
dde086 |
- Conditionalize the python2 subpackage
|
|
|
dde086 |
|
|
|
dde086 |
* Wed Jun 27 2018 Charalampos Stratakis <cstratak@redhat.com> - 1.0.1-8
|
|
|
dde086 |
- Disable documentation generated by epydoc
|
|
|
dde086 |
|
|
|
dde086 |
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.1-7
|
|
|
dde086 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
|
|
dde086 |
|
|
|
dde086 |
* Fri Jan 26 2018 Iryna Shcherbina <ishcherb@redhat.com> - 1.0.1-6
|
|
|
dde086 |
- Update Python 2 dependency declarations to new packaging standards
|
|
|
dde086 |
(See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
|
|
|
dde086 |
|
|
|
dde086 |
* Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.0.1-5
|
|
|
dde086 |
- Python 2 binary package renamed to python2-nss
|
|
|
dde086 |
See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3
|
|
|
dde086 |
|
|
|
dde086 |
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.1-4
|
|
|
dde086 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
|
|
dde086 |
|
|
|
dde086 |
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.1-3
|
|
|
dde086 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
|
|
dde086 |
|
|
|
dde086 |
* Fri Jul 07 2017 Igor Gnatenko <ignatenko@redhat.com> - 1.0.1-2
|
|
|
dde086 |
- Rebuild due to bug in RPM (RHBZ #1468476)
|
|
|
dde086 |
|
|
|
dde086 |
* Tue Feb 28 2017 John Dennis <jdennis@redhat.com> - 1.0.1-1
|
|
|
dde086 |
* Add TLS 1.3 cipher suites.
|
|
|
dde086 |
|
|
|
dde086 |
* ssl_cipher_info.py now attempts to enable TLS 1.3.
|
|
|
dde086 |
|
|
|
dde086 |
* Fix build issue in setup.py. python-nss can now be build
|
|
|
dde086 |
as Python wheel, e.g. `pip wheel -w dist .`
|
|
|
dde086 |
|
|
|
dde086 |
* The following constants were added:
|
|
|
dde086 |
|
|
|
dde086 |
- ssl.TLS_AES_128_GCM_SHA256
|
|
|
dde086 |
- ssl.TLS_AES_256_GCM_SHA384
|
|
|
dde086 |
- ssl.TLS_CHACHA20_POLY1305_SHA256
|
|
|
dde086 |
|
|
|
dde086 |
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-4
|
|
|
dde086 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
|
|
dde086 |
|
|
|
dde086 |
* Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com> - 1.0.0-3
|
|
|
dde086 |
- Rebuild for Python 3.6
|
|
|
dde086 |
|
|
|
dde086 |
* Tue Sep 27 2016 John Dennis <jdennis@redhat.com> - 1.0.0-2
|
|
|
dde086 |
- remove reference to unused tls_chacha20-poly1305-constants.patch
|
|
|
dde086 |
|
|
|
dde086 |
* Thu Sep 1 2016 John Dennis <jdennis@redhat.com> - 1.0.0-1
|
|
|
dde086 |
- Offical 1.0.0 release, only minor tweaks from 1.0.0beta1
|
|
|
dde086 |
|
|
|
dde086 |
- Allow custom include root in setup.py as command line arg
|
|
|
dde086 |
|
|
|
dde086 |
- Remove checks for whether a socket is open for reading. It's not
|
|
|
dde086 |
possible for the binding to know in all cases, especially if the
|
|
|
dde086 |
socket is created from an external socket passed in.
|
|
|
dde086 |
|
|
|
dde086 |
* The following module functions were added:
|
|
|
dde086 |
- nss.get_all_tokens
|
|
|
dde086 |
|
|
|
dde086 |
* Mon Aug 15 2016 John Dennis <jdennis@redhat.com> - 1.0.0-beta1.2.3
|
|
|
dde086 |
- add tls chacha20 poly1305 constants
|
|
|
dde086 |
|
|
|
dde086 |
* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.0-beta1.2.2
|
|
|
dde086 |
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
|
|
|
dde086 |
|
|
|
dde086 |
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.0-beta1.2.1
|
|
|
dde086 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
|
|
dde086 |
|
|
|
dde086 |
* Tue Nov 10 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.0-beta1.2
|
|
|
dde086 |
- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5
|
|
|
dde086 |
|
|
|
dde086 |
* Fri Nov 6 2015 John Dennis <jdennis@redhat.com> - 1.0.0-beta1.1
|
|
|
dde086 |
- Resolves: bug #985290 Port to Python3
|
|
|
dde086 |
- Upgrade to upstream 1.0.0-beta1
|
|
|
dde086 |
python-nss now supports both Py2 and Py3, see ChangeLog for details
|
|
|
dde086 |
When built for Py2:
|
|
|
dde086 |
- text will be a Unicode object
|
|
|
dde086 |
- binary data will be a str object
|
|
|
dde086 |
- ints will be Python long object
|
|
|
dde086 |
When built for Py3:
|
|
|
dde086 |
- text will be a str object
|
|
|
dde086 |
- binary data will be a bytes object
|
|
|
dde086 |
- ints will be a Python int object
|
|
|
dde086 |
|
|
|
dde086 |
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.16.0-1
|
|
|
dde086 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
|
|
dde086 |
|
|
|
dde086 |
* Tue Oct 28 2014 John Dennis <jdennis@redhat.com> - 0.16.0-0
|
|
|
dde086 |
The primary enhancements in this version is adding support for the
|
|
|
dde086 |
setting trust attributes on a Certificate, the SSL version range API,
|
|
|
dde086 |
information on the SSL cipher suites and information on the SSL connection.
|
|
|
dde086 |
|
|
|
dde086 |
* The following module functions were added:
|
|
|
dde086 |
|
|
|
dde086 |
- ssl.get_ssl_version_from_major_minor
|
|
|
dde086 |
- ssl.get_default_ssl_version_range
|
|
|
dde086 |
- ssl.get_supported_ssl_version_range
|
|
|
dde086 |
- ssl.set_default_ssl_version_range
|
|
|
dde086 |
- ssl.ssl_library_version_from_name
|
|
|
dde086 |
- ssl.ssl_library_version_name
|
|
|
dde086 |
- ssl.get_cipher_suite_info
|
|
|
dde086 |
- ssl.ssl_cipher_suite_name
|
|
|
dde086 |
- ssl.ssl_cipher_suite_from_name
|
|
|
dde086 |
|
|
|
dde086 |
* The following deprecated module functions were removed:
|
|
|
dde086 |
|
|
|
dde086 |
- ssl.nssinit
|
|
|
dde086 |
- ssl.nss_ini
|
|
|
dde086 |
- ssl.nss_shutdown
|
|
|
dde086 |
|
|
|
dde086 |
* The following classes were added:
|
|
|
dde086 |
|
|
|
dde086 |
- SSLCipherSuiteInfo
|
|
|
dde086 |
- SSLChannelInfo
|
|
|
dde086 |
|
|
|
dde086 |
* The following class methods were added:
|
|
|
dde086 |
|
|
|
dde086 |
- Certificate.trust_flags
|
|
|
dde086 |
- Certificate.set_trust_attributes
|
|
|
dde086 |
|
|
|
dde086 |
- SSLSocket.set_ssl_version_range
|
|
|
dde086 |
- SSLSocket.get_ssl_version_range
|
|
|
dde086 |
- SSLSocket.get_ssl_channel_info
|
|
|
dde086 |
- SSLSocket.get_negotiated_host
|
|
|
dde086 |
- SSLSocket.connection_info_format_lines
|
|
|
dde086 |
- SSLSocket.connection_info_format
|
|
|
dde086 |
- SSLSocket.connection_info_str
|
|
|
dde086 |
|
|
|
dde086 |
- SSLCipherSuiteInfo.format_lines
|
|
|
dde086 |
- SSLCipherSuiteInfo.format
|
|
|
dde086 |
|
|
|
dde086 |
- SSLChannelInfo.format_lines
|
|
|
dde086 |
- SSLChannelInfo.format
|
|
|
dde086 |
|
|
|
dde086 |
* The following class properties were added:
|
|
|
dde086 |
|
|
|
dde086 |
- Certificate.ssl_trust_flags
|
|
|
dde086 |
- Certificate.email_trust_flags
|
|
|
dde086 |
- Certificate.signing_trust_flags
|
|
|
dde086 |
|
|
|
dde086 |
- SSLCipherSuiteInfo.cipher_suite
|
|
|
dde086 |
- SSLCipherSuiteInfo.cipher_suite_name
|
|
|
dde086 |
- SSLCipherSuiteInfo.auth_algorithm
|
|
|
dde086 |
- SSLCipherSuiteInfo.auth_algorithm_name
|
|
|
dde086 |
- SSLCipherSuiteInfo.kea_type
|
|
|
dde086 |
- SSLCipherSuiteInfo.kea_type_name
|
|
|
dde086 |
- SSLCipherSuiteInfo.symmetric_cipher
|
|
|
dde086 |
- SSLCipherSuiteInfo.symmetric_cipher_name
|
|
|
dde086 |
- SSLCipherSuiteInfo.symmetric_key_bits
|
|
|
dde086 |
- SSLCipherSuiteInfo.symmetric_key_space
|
|
|
dde086 |
- SSLCipherSuiteInfo.effective_key_bits
|
|
|
dde086 |
- SSLCipherSuiteInfo.mac_algorithm
|
|
|
dde086 |
- SSLCipherSuiteInfo.mac_algorithm_name
|
|
|
dde086 |
- SSLCipherSuiteInfo.mac_bits
|
|
|
dde086 |
- SSLCipherSuiteInfo.is_fips
|
|
|
dde086 |
- SSLCipherSuiteInfo.is_exportable
|
|
|
dde086 |
- SSLCipherSuiteInfo.is_nonstandard
|
|
|
dde086 |
|
|
|
dde086 |
- SSLChannelInfo.protocol_version
|
|
|
dde086 |
- SSLChannelInfo.protocol_version_str
|
|
|
dde086 |
- SSLChannelInfo.protocol_version_enum
|
|
|
dde086 |
- SSLChannelInfo.major_protocol_version
|
|
|
dde086 |
- SSLChannelInfo.minor_protocol_version
|
|
|
dde086 |
- SSLChannelInfo.cipher_suite
|
|
|
dde086 |
- SSLChannelInfo.auth_key_bits
|
|
|
dde086 |
- SSLChannelInfo.kea_key_bits
|
|
|
dde086 |
- SSLChannelInfo.creation_time
|
|
|
dde086 |
- SSLChannelInfo.creation_time_utc
|
|
|
dde086 |
- SSLChannelInfo.last_access_time
|
|
|
dde086 |
- SSLChannelInfo.last_access_time_utc
|
|
|
dde086 |
- SSLChannelInfo.expiration_time
|
|
|
dde086 |
- SSLChannelInfo.expiration_time_utc
|
|
|
dde086 |
- SSLChannelInfo.compression_method
|
|
|
dde086 |
- SSLChannelInfo.compression_method_name
|
|
|
dde086 |
- SSLChannelInfo.session_id
|
|
|
dde086 |
|
|
|
dde086 |
* The following files were added:
|
|
|
dde086 |
|
|
|
dde086 |
- doc/examples/cert_trust.py
|
|
|
dde086 |
- doc/examples/ssl_version_range.py
|
|
|
dde086 |
|
|
|
dde086 |
* The following constants were added:
|
|
|
dde086 |
- nss.CERTDB_TERMINAL_RECORD
|
|
|
dde086 |
- nss.CERTDB_VALID_PEER
|
|
|
dde086 |
- nss.CERTDB_TRUSTED
|
|
|
dde086 |
- nss.CERTDB_SEND_WARN
|
|
|
dde086 |
- nss.CERTDB_VALID_CA
|
|
|
dde086 |
- nss.CERTDB_TRUSTED_CA
|
|
|
dde086 |
- nss.CERTDB_NS_TRUSTED_CA
|
|
|
dde086 |
- nss.CERTDB_USER
|
|
|
dde086 |
- nss.CERTDB_TRUSTED_CLIENT_CA
|
|
|
dde086 |
- nss.CERTDB_GOVT_APPROVED_CA
|
|
|
dde086 |
- ssl.SRTP_AES128_CM_HMAC_SHA1_32
|
|
|
dde086 |
- ssl.SRTP_AES128_CM_HMAC_SHA1_80
|
|
|
dde086 |
- ssl.SRTP_NULL_HMAC_SHA1_32
|
|
|
dde086 |
- ssl.SRTP_NULL_HMAC_SHA1_80
|
|
|
dde086 |
- ssl.SSL_CK_DES_192_EDE3_CBC_WITH_MD5
|
|
|
dde086 |
- ssl.SSL_CK_DES_64_CBC_WITH_MD5
|
|
|
dde086 |
- ssl.SSL_CK_IDEA_128_CBC_WITH_MD5
|
|
|
dde086 |
- ssl.SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5
|
|
|
dde086 |
- ssl.SSL_CK_RC2_128_CBC_WITH_MD5
|
|
|
dde086 |
- ssl.SSL_CK_RC4_128_EXPORT40_WITH_MD5
|
|
|
dde086 |
- ssl.SSL_CK_RC4_128_WITH_MD5
|
|
|
dde086 |
- ssl.SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA
|
|
|
dde086 |
- ssl.SSL_FORTEZZA_DMS_WITH_NULL_SHA
|
|
|
dde086 |
- ssl.SSL_FORTEZZA_DMS_WITH_RC4_128_SHA
|
|
|
dde086 |
- ssl.SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA
|
|
|
dde086 |
- ssl.SSL_RSA_OLDFIPS_WITH_DES_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
|
|
|
dde086 |
- ssl.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_DHE_DSS_WITH_DES_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
|
|
|
dde086 |
- ssl.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
|
|
|
dde086 |
- ssl.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
|
|
|
dde086 |
- ssl.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_DHE_RSA_WITH_DES_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_DH_DSS_WITH_DES_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_DH_RSA_WITH_DES_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
|
|
|
dde086 |
- ssl.TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_DH_anon_WITH_AES_128_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_DH_anon_WITH_AES_256_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_DH_anon_WITH_DES_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_DH_anon_WITH_RC4_128_MD5
|
|
|
dde086 |
- ssl.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
|
|
|
dde086 |
- ssl.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
|
|
dde086 |
- ssl.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
|
|
|
dde086 |
- ssl.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
|
|
dde086 |
- ssl.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
|
|
|
dde086 |
- ssl.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
|
|
|
dde086 |
- ssl.TLS_EMPTY_RENEGOTIATION_INFO_SCSV
|
|
|
dde086 |
- ssl.TLS_FALLBACK_SCSV
|
|
|
dde086 |
- ssl.TLS_NULL_WITH_NULL_NULL
|
|
|
dde086 |
- ssl.TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
|
|
|
dde086 |
- ssl.TLS_RSA_EXPORT_WITH_RC4_40_MD5
|
|
|
dde086 |
- ssl.TLS_RSA_WITH_3DES_EDE_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_RSA_WITH_AES_128_CBC_SHA256
|
|
|
dde086 |
- ssl.TLS_RSA_WITH_AES_128_GCM_SHA256
|
|
|
dde086 |
- ssl.TLS_RSA_WITH_AES_256_CBC_SHA256
|
|
|
dde086 |
- ssl.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_RSA_WITH_DES_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_RSA_WITH_IDEA_CBC_SHA
|
|
|
dde086 |
- ssl.TLS_RSA_WITH_NULL_MD5
|
|
|
dde086 |
- ssl.TLS_RSA_WITH_NULL_SHA
|
|
|
dde086 |
- ssl.TLS_RSA_WITH_NULL_SHA256
|
|
|
dde086 |
- ssl.TLS_RSA_WITH_RC4_128_MD5
|
|
|
dde086 |
- ssl.TLS_RSA_WITH_RC4_128_SHA
|
|
|
dde086 |
- ssl.TLS_RSA_WITH_SEED_CBC_SHA
|
|
|
dde086 |
- ssl.SSL_VARIANT_DATAGRAM
|
|
|
dde086 |
- ssl.SSL_VARIANT_STREAM
|
|
|
dde086 |
- ssl.SSL_LIBRARY_VERSION_2
|
|
|
dde086 |
- ssl.SSL_LIBRARY_VERSION_3_0
|
|
|
dde086 |
- ssl.SSL_LIBRARY_VERSION_TLS_1_0
|
|
|
dde086 |
- ssl.SSL_LIBRARY_VERSION_TLS_1_1
|
|
|
dde086 |
- ssl.SSL_LIBRARY_VERSION_TLS_1_2
|
|
|
dde086 |
- ssl.SSL_LIBRARY_VERSION_TLS_1_3
|
|
|
dde086 |
- ssl.ssl2
|
|
|
dde086 |
- ssl.ssl3
|
|
|
dde086 |
- ssl.tls1.0
|
|
|
dde086 |
- ssl.tls1.1
|
|
|
dde086 |
- ssl.tls1.2
|
|
|
dde086 |
- ssl.tls1.3
|
|
|
dde086 |
|
|
|
dde086 |
* The following methods were missing thread locks, this has been fixed.
|
|
|
dde086 |
|
|
|
dde086 |
- nss.nss_initialize
|
|
|
dde086 |
- nss.nss_init_context
|
|
|
dde086 |
- nss.nss_shutdown_context
|
|
|
dde086 |
|
|
|
dde086 |
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.15.0-5
|
|
|
dde086 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
|
|
dde086 |
|
|
|
dde086 |
* Mon Jun 30 2014 Toshio Kuratomi <toshio@fedoraproject.org> - 0.15.0-4
|
|
|
dde086 |
- Replace python-setuptools-devel BR with python-setuptools
|
|
|
dde086 |
|
|
|
dde086 |
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.15.0-3
|
|
|
dde086 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
|
|
dde086 |
|
|
|
dde086 |
* Fri May 2 2014 John Dennis <jdennis@redhat.com> - 0.15.0-2
|
|
|
dde086 |
- resolves bug #1087031, bad parameter spec for check_ocsp_status
|
|
|
dde086 |
|
|
|
dde086 |
* Fri Jan 31 2014 John Dennis <jdennis@redhat.com> - 0.15.0-1
|
|
|
dde086 |
- fix fedora bug 1060314, CSR extensions sometimes not found
|
|
|
dde086 |
Also adds support for accessing CSR attributes.
|
|
|
dde086 |
See doc/Changelog for details
|
|
|
dde086 |
|
|
|
dde086 |
* Wed Nov 13 2013 Ville Skyttä <ville.skytta@iki.fi> - 0.14.0-3
|
|
|
dde086 |
- Install docs to %%{_pkgdocdir} where available (#994060).
|
|
|
dde086 |
|
|
|
dde086 |
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.14.0-2
|
|
|
dde086 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
|
|
dde086 |
|
|
|
dde086 |
* Mon May 13 2013 John Dennis <jdennis@redhat.com> - 0.14-1
|
|
|
dde086 |
External Changes:
|
|
|
dde086 |
-----------------
|
|
|
dde086 |
|
|
|
dde086 |
The primary enhancements in this version is support of certifcate
|
|
|
dde086 |
validation, OCSP support, and support for the certificate "Authority
|
|
|
dde086 |
Information Access" extension.
|
|
|
dde086 |
|
|
|
dde086 |
Enhanced certifcate validation including CA certs can be done via
|
|
|
dde086 |
Certificate.verify() or Certificate.is_ca_cert(). When cert
|
|
|
dde086 |
validation fails you can now obtain diagnostic information as to why
|
|
|
dde086 |
the cert failed to validate. This is encapsulated in the
|
|
|
dde086 |
CertVerifyLog class which is a iterable collection of
|
|
|
dde086 |
CertVerifyLogNode objects. Most people will probablby just print the
|
|
|
dde086 |
string representation of the returned CertVerifyLog object. Cert
|
|
|
dde086 |
validation logging is handled by the Certificate.verify() method.
|
|
|
dde086 |
Support has also been added for the various key usage and cert type
|
|
|
dde086 |
entities which feature prominently during cert validation.
|
|
|
dde086 |
|
|
|
dde086 |
|
|
|
dde086 |
* Certificate() constructor signature changed from
|
|
|
dde086 |
|
|
|
dde086 |
Certificate(data=None, der_is_signed=True)
|
|
|
dde086 |
|
|
|
dde086 |
to
|
|
|
dde086 |
|
|
|
dde086 |
Certificate(data, certdb=cert_get_default_certdb(), perm=False, nickname=None)
|
|
|
dde086 |
|
|
|
dde086 |
This change was necessary because all certs should be added to the
|
|
|
dde086 |
NSS temporary database when they are loaded, but earlier code
|
|
|
dde086 |
failed to to that. It's is not likely that an previous code was
|
|
|
dde086 |
failing to pass initialization data or the der_is_signed flag so
|
|
|
dde086 |
this change should be backwards compatible.
|
|
|
dde086 |
|
|
|
dde086 |
* Fix bug #922247, PKCS12Decoder.database_import() method. Importing into
|
|
|
dde086 |
a NSS database would sometimes fail or segfault.
|
|
|
dde086 |
|
|
|
dde086 |
* Error codes and descriptions were updated from upstream NSPR & NSS.
|
|
|
dde086 |
|
|
|
dde086 |
* The password callback did not allow for breaking out of a password
|
|
|
dde086 |
prompting loop, now if None is returned from the password callback
|
|
|
dde086 |
the password prompting is terminated.
|
|
|
dde086 |
|
|
|
dde086 |
* nss.nss_shutdown_context now called from InitContext destructor,
|
|
|
dde086 |
this assures the context is shutdown even if the programmer forgot
|
|
|
dde086 |
to. It's still best to explicitly shut it down, this is just
|
|
|
dde086 |
failsafe.
|
|
|
dde086 |
|
|
|
dde086 |
* Support was added for shutdown callbacks.
|
|
|
dde086 |
|
|
|
dde086 |
* The following classes were added:
|
|
|
dde086 |
- nss.CertVerifyLogNode
|
|
|
dde086 |
- nss.CertVerifyLog
|
|
|
dde086 |
- error.CertVerifyError (exception)
|
|
|
dde086 |
- nss.AuthorityInfoAccess
|
|
|
dde086 |
- nss.AuthorityInfoAccesses
|
|
|
dde086 |
|
|
|
dde086 |
|
|
|
dde086 |
* The following class methods were added:
|
|
|
dde086 |
- nss.Certificate.is_ca_cert
|
|
|
dde086 |
- nss.Certificate.verify
|
|
|
dde086 |
- nss.Certificate.verify_with_log
|
|
|
dde086 |
- nss.Certificate.get_cert_chain
|
|
|
dde086 |
- nss.Certificate.check_ocsp_status
|
|
|
dde086 |
- nss.PK11Slot.list_certs
|
|
|
dde086 |
- nss.CertVerifyLogNode.format_lines
|
|
|
dde086 |
- nss.CertVerifyLog.format_lines
|
|
|
dde086 |
- nss.CRLDistributionPts.format_lines
|
|
|
dde086 |
|
|
|
dde086 |
* The following class properties were added:
|
|
|
dde086 |
- nss.CertVerifyLogNode.certificate
|
|
|
dde086 |
- nss.CertVerifyLogNode.error
|
|
|
dde086 |
- nss.CertVerifyLogNode.depth
|
|
|
dde086 |
- nss.CertVerifyLog.count
|
|
|
dde086 |
|
|
|
dde086 |
* The following module functions were added:
|
|
|
dde086 |
- nss.x509_cert_type
|
|
|
dde086 |
- nss.key_usage_flags
|
|
|
dde086 |
- nss.list_certs
|
|
|
dde086 |
- nss.find_certs_from_email_addr
|
|
|
dde086 |
- nss.find_certs_from_nickname
|
|
|
dde086 |
- nss.nss_get_version
|
|
|
dde086 |
- nss.nss_version_check
|
|
|
dde086 |
- nss.set_shutdown_callback
|
|
|
dde086 |
- nss.get_use_pkix_for_validation
|
|
|
dde086 |
- nss.set_use_pkix_for_validation
|
|
|
dde086 |
- nss.enable_ocsp_checking
|
|
|
dde086 |
- nss.disable_ocsp_checking
|
|
|
dde086 |
- nss.set_ocsp_cache_settings
|
|
|
dde086 |
- nss.set_ocsp_failure_mode
|
|
|
dde086 |
- nss.set_ocsp_timeout
|
|
|
dde086 |
- nss.clear_ocsp_cache
|
|
|
dde086 |
- nss.set_ocsp_default_responder
|
|
|
dde086 |
- nss.enable_ocsp_default_responder
|
|
|
dde086 |
- nss.disable_ocsp_default_responder
|
|
|
dde086 |
|
|
|
dde086 |
* The following files were added:
|
|
|
dde086 |
src/py_traceback.h
|
|
|
dde086 |
doc/examples/verify_cert.py
|
|
|
dde086 |
test/test_misc.py
|
|
|
dde086 |
|
|
|
dde086 |
* The following constants were added:
|
|
|
dde086 |
- nss.KU_DIGITAL_SIGNATURE
|
|
|
dde086 |
- nss.KU_NON_REPUDIATION
|
|
|
dde086 |
- nss.KU_KEY_ENCIPHERMENT
|
|
|
dde086 |
- nss.KU_DATA_ENCIPHERMENT
|
|
|
dde086 |
- nss.KU_KEY_AGREEMENT
|
|
|
dde086 |
- nss.KU_KEY_CERT_SIGN
|
|
|
dde086 |
- nss.KU_CRL_SIGN
|
|
|
dde086 |
- nss.KU_ENCIPHER_ONLY
|
|
|
dde086 |
- nss.KU_ALL
|
|
|
dde086 |
- nss.KU_DIGITAL_SIGNATURE_OR_NON_REPUDIATION
|
|
|
dde086 |
- nss.KU_KEY_AGREEMENT_OR_ENCIPHERMENT
|
|
|
dde086 |
- nss.KU_NS_GOVT_APPROVED
|
|
|
dde086 |
- nss.PK11CertListUnique
|
|
|
dde086 |
- nss.PK11CertListUser
|
|
|
dde086 |
- nss.PK11CertListRootUnique
|
|
|
dde086 |
- nss.PK11CertListCA
|
|
|
dde086 |
- nss.PK11CertListCAUnique
|
|
|
dde086 |
- nss.PK11CertListUserUnique
|
|
|
dde086 |
- nss.PK11CertListAll
|
|
|
dde086 |
- nss.certUsageSSLClient
|
|
|
dde086 |
- nss.certUsageSSLServer
|
|
|
dde086 |
- nss.certUsageSSLServerWithStepUp
|
|
|
dde086 |
- nss.certUsageSSLCA
|
|
|
dde086 |
- nss.certUsageEmailSigner
|
|
|
dde086 |
- nss.certUsageEmailRecipient
|
|
|
dde086 |
- nss.certUsageObjectSigner
|
|
|
dde086 |
- nss.certUsageUserCertImport
|
|
|
dde086 |
- nss.certUsageVerifyCA
|
|
|
dde086 |
- nss.certUsageProtectedObjectSigner
|
|
|
dde086 |
- nss.certUsageStatusResponder
|
|
|
dde086 |
- nss.certUsageAnyCA
|
|
|
dde086 |
- nss.ocspMode_FailureIsVerificationFailure
|
|
|
dde086 |
- nss.ocspMode_FailureIsNotAVerificationFailure
|
|
|
dde086 |
|
|
|
dde086 |
* cert_dump.py extended to print NS_CERT_TYPE_EXTENSION
|
|
|
dde086 |
|
|
|
dde086 |
* cert_usage_flags, nss_init_flags now support optional repr_kind parameter
|
|
|
dde086 |
|
|
|
dde086 |
Internal Changes:
|
|
|
dde086 |
-----------------
|
|
|
dde086 |
|
|
|
dde086 |
* Reimplement exception handling
|
|
|
dde086 |
- NSPRError is now derived from StandardException instead of
|
|
|
dde086 |
EnvironmentError. It was never correct to derive from
|
|
|
dde086 |
EnvironmentError but was difficult to implement a new subclassed
|
|
|
dde086 |
exception with it's own attributes, using EnvironmentError had
|
|
|
dde086 |
been expedient.
|
|
|
dde086 |
|
|
|
dde086 |
- NSPRError now derived from StandardException, provides:
|
|
|
dde086 |
* errno (numeric error code)
|
|
|
dde086 |
* strerror (error description associated with error code)
|
|
|
dde086 |
* error_message (optional detailed message)
|
|
|
dde086 |
* error_code (alias for errno)
|
|
|
dde086 |
* error_desc (alias for strerror)
|
|
|
dde086 |
|
|
|
dde086 |
- CertVerifyError derived from NSPRError, extends with:
|
|
|
dde086 |
* usages (bitmask of returned usages)
|
|
|
dde086 |
* log (CertVerifyLog object)
|
|
|
dde086 |
|
|
|
dde086 |
* Expose error lookup to sibling modules
|
|
|
dde086 |
|
|
|
dde086 |
* Use macros for bitmask_to_list functions to reduce code
|
|
|
dde086 |
duplication and centralize logic.
|
|
|
dde086 |
|
|
|
dde086 |
* Add repr_kind parameter to cert_trust_flags_str()
|
|
|
dde086 |
|
|
|
dde086 |
* Add support for repr_kind AsEnumName to bitstring table lookup.
|
|
|
dde086 |
|
|
|
dde086 |
* Add cert_type_bitstr_to_tuple() lookup function
|
|
|
dde086 |
|
|
|
dde086 |
* Add PRTimeConvert(), used to convert Python time values
|
|
|
dde086 |
to PRTime, centralizes conversion logic, reduces duplication
|
|
|
dde086 |
|
|
|
dde086 |
* Add UTF8OrNoneConvert to better handle unicode parameters which
|
|
|
dde086 |
are optional.
|
|
|
dde086 |
|
|
|
dde086 |
* Add Certificate_summary_format_lines() utility to generate
|
|
|
dde086 |
concise certificate identification info for output.
|
|
|
dde086 |
|
|
|
dde086 |
* Certificate_new_from_CERTCertificate now takes add_reference parameter
|
|
|
dde086 |
to properly reference count certs, should fix shutdown busy problems.
|
|
|
dde086 |
|
|
|
dde086 |
* Add print_traceback(), print_cert() debugging support.
|
|
|
dde086 |
|
|
|
dde086 |
* Mon Feb 18 2013 John Dennis <jdennis@redhat.com> - 0.13-1
|
|
|
dde086 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
|
|
dde086 |
|
|
|
dde086 |
* Mon Oct 8 2012 John Dennis <jdennis@redhat.com> - 0.13-0
|
|
|
dde086 |
- Update to version 0.13
|
|
|
dde086 |
Introduced in 0.13:
|
|
|
dde086 |
|
|
|
dde086 |
* Fix NSS SECITEM_CompareItem bug via workaround.
|
|
|
dde086 |
|
|
|
dde086 |
* Fix incorrect format strings in PyArg_ParseTuple* for:
|
|
|
dde086 |
- GeneralName
|
|
|
dde086 |
- BasicConstraints
|
|
|
dde086 |
- cert_x509_key_usage
|
|
|
dde086 |
|
|
|
dde086 |
* Fix bug when decoding certificate BasicConstraints extension
|
|
|
dde086 |
|
|
|
dde086 |
* Fix hang in setup_certs.
|
|
|
dde086 |
|
|
|
dde086 |
* For NSS >= 3.13 support CERTDB_TERMINAL_RECORD
|
|
|
dde086 |
|
|
|
dde086 |
* You can now query for a specific certificate extension
|
|
|
dde086 |
Certficate.get_extension()
|
|
|
dde086 |
|
|
|
dde086 |
* The following classes were added:
|
|
|
dde086 |
- RSAGenParams
|
|
|
dde086 |
|
|
|
dde086 |
* The following class methods were added:
|
|
|
dde086 |
- nss.nss.Certificate.get_extension
|
|
|
dde086 |
- nss.nss.PK11Slot.generate_key_pair
|
|
|
dde086 |
- nss.nss.DSAPublicKey.format
|
|
|
dde086 |
- nss.nss.DSAPublicKey.format_lines
|
|
|
dde086 |
|
|
|
dde086 |
* The following module functions were added:
|
|
|
dde086 |
- nss.nss.pub_wrap_sym_key
|
|
|
dde086 |
|
|
|
dde086 |
* The following internal utilities were added:
|
|
|
dde086 |
- PyString_UTF8
|
|
|
dde086 |
- SecItem_new_alloc()
|
|
|
dde086 |
|
|
|
dde086 |
* The following class constructors were modified to accept
|
|
|
dde086 |
intialization parameters
|
|
|
dde086 |
|
|
|
dde086 |
- KEYPQGParams (DSA generation parameters)
|
|
|
dde086 |
|
|
|
dde086 |
* The PublicKey formatting (i.e. format_lines) was augmented
|
|
|
dde086 |
to format DSA keys (formerly it only recognized RSA keys).
|
|
|
dde086 |
|
|
|
dde086 |
* Allow lables and values to be justified when printing objects
|
|
|
dde086 |
|
|
|
dde086 |
* The following were deprecated:
|
|
|
dde086 |
- nss.nss.make_line_pairs (replaced by nss.nss.make_line_fmt_tuples)
|
|
|
dde086 |
|
|
|
dde086 |
Deprecated Functionality:
|
|
|
dde086 |
-------------------------
|
|
|
dde086 |
- make_line_pairs() has been replaced by make_line_fmt_tuples()
|
|
|
dde086 |
because 2-valued tuples were not sufficently general. It is
|
|
|
dde086 |
expected very few programs will have used this function, it's mostly
|
|
|
dde086 |
used internally but provided as a support utility.
|
|
|
dde086 |
|
|
|
dde086 |
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.12-4
|
|
|
dde086 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
|
|
dde086 |
|
|
|
dde086 |
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.12-3
|
|
|
dde086 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
|
|
dde086 |
|
|
|
dde086 |
* Thu Nov 17 2011 John Dennis <jdennis@redhat.com> - 0.12-2
|
|
|
dde086 |
- add patch python-nss-0.12-rsapssparams.patch to fix build problem
|
|
|
dde086 |
which appears only with nss 3.13 and later.
|
|
|
dde086 |
|
|
|
dde086 |
* Mon Jun 6 2011 John Dennis <jdennis@redhat.com> - 0.12-1
|
|
|
dde086 |
* Major new enhancement is additon of PKCS12 support and
|
|
|
dde086 |
AlgorithmID's.
|
|
|
dde086 |
|
|
|
dde086 |
* setup.py build enhancements
|
|
|
dde086 |
- Now searches for the NSS and NSPR header files rather
|
|
|
dde086 |
than hardcoding their location. This makes building friendlier
|
|
|
dde086 |
on other systems (i.e. debian)
|
|
|
dde086 |
- Now takes optional command line arguments, -d or --debug
|
|
|
dde086 |
will turn on debug options during the build.
|
|
|
dde086 |
|
|
|
dde086 |
* Fix reference counting bug in PK11_password_callback() which
|
|
|
dde086 |
contributed to NSS not being able to shutdown due to
|
|
|
dde086 |
resources still in use.
|
|
|
dde086 |
|
|
|
dde086 |
* Add UTF-8 support to ssl.config_server_session_id_cache()
|
|
|
dde086 |
|
|
|
dde086 |
* Added unit tests for cipher, digest, client_server.
|
|
|
dde086 |
|
|
|
dde086 |
* All unittests now run, added test/run_tests to invoke
|
|
|
dde086 |
full test suite.
|
|
|
dde086 |
|
|
|
dde086 |
* Fix bug in test/setup_certs.py, hardcoded full path to
|
|
|
dde086 |
libnssckbi.so was causing failures on 64-bit systems,
|
|
|
dde086 |
just use the libnssckbi.so basename, modutil will find
|
|
|
dde086 |
it on the standard search path.
|
|
|
dde086 |
|
|
|
dde086 |
* doc/examples/cert_dump.py uses new AlgorithmID class to
|
|
|
dde086 |
dump Signature Algorithm
|
|
|
dde086 |
|
|
|
dde086 |
* doc/examples/ssl_example.py now can cleanly shutdown NSS.
|
|
|
dde086 |
|
|
|
dde086 |
* Exception error messages now include PR error text if available.
|
|
|
dde086 |
|
|
|
dde086 |
* The following classes were replaced:
|
|
|
dde086 |
- SignatureAlgorithm replaced by new class AlgorithmID
|
|
|
dde086 |
|
|
|
dde086 |
* The following classes were added:
|
|
|
dde086 |
- AlgorithmID
|
|
|
dde086 |
- PKCS12DecodeItem
|
|
|
dde086 |
- PKCS12Decoder
|
|
|
dde086 |
|
|
|
dde086 |
* The following class methods were added:
|
|
|
dde086 |
- PK11Slot.authenticate()
|
|
|
dde086 |
- PK11Slot.get_disabled_reason()
|
|
|
dde086 |
- PK11Slot.has_protected_authentication_path()
|
|
|
dde086 |
- PK11Slot.has_root_certs()
|
|
|
dde086 |
- PK11Slot.is_disabled()
|
|
|
dde086 |
- PK11Slot.is_friendly()
|
|
|
dde086 |
- PK11Slot.is_internal()
|
|
|
dde086 |
- PK11Slot.is_logged_in()
|
|
|
dde086 |
- PK11Slot.is_removable()
|
|
|
dde086 |
- PK11Slot.logout()
|
|
|
dde086 |
- PK11Slot.need_login()
|
|
|
dde086 |
- PK11Slot.need_user_init()
|
|
|
dde086 |
- PK11Slot.user_disable()
|
|
|
dde086 |
- PK11Slot.user_enable()
|
|
|
dde086 |
- PKCS12DecodeItem.format()
|
|
|
dde086 |
- PKCS12DecodeItem.format_lines()
|
|
|
dde086 |
- PKCS12Decoder.database_import()
|
|
|
dde086 |
- PKCS12Decoder.format()
|
|
|
dde086 |
- PKCS12Decoder.format_lines()
|
|
|
dde086 |
|
|
|
dde086 |
* The following class properties were added:
|
|
|
dde086 |
- AlgorithmID.id_oid
|
|
|
dde086 |
- AlgorithmID.id_str
|
|
|
dde086 |
- AlgorithmID.id_tag
|
|
|
dde086 |
- AlgorithmID.parameters
|
|
|
dde086 |
- PKCS12DecodeItem.certificate
|
|
|
dde086 |
- PKCS12DecodeItem.friendly_name
|
|
|
dde086 |
- PKCS12DecodeItem.has_key
|
|
|
dde086 |
- PKCS12DecodeItem.shroud_algorithm_id
|
|
|
dde086 |
- PKCS12DecodeItem.signed_cert_der
|
|
|
dde086 |
- PKCS12DecodeItem.type
|
|
|
dde086 |
- SignedData.data
|
|
|
dde086 |
- SignedData.der
|
|
|
dde086 |
|
|
|
dde086 |
* The following module functions were added:
|
|
|
dde086 |
- nss.nss.dump_certificate_cache_info()
|
|
|
dde086 |
- nss.nss.find_slot_by_name()
|
|
|
dde086 |
- nss.nss.fingerprint_format_lines()
|
|
|
dde086 |
- nss.nss.get_internal_slot()
|
|
|
dde086 |
- nss.nss.is_fips()
|
|
|
dde086 |
- nss.nss.need_pw_init()
|
|
|
dde086 |
- nss.nss.nss_init_read_write()
|
|
|
dde086 |
- nss.nss.pk11_disabled_reason_name()
|
|
|
dde086 |
- nss.nss.pk11_disabled_reason_str()
|
|
|
dde086 |
- nss.nss.pk11_logout_all()
|
|
|
dde086 |
- nss.nss.pkcs12_cipher_from_name()
|
|
|
dde086 |
- nss.nss.pkcs12_cipher_name()
|
|
|
dde086 |
- nss.nss.pkcs12_enable_all_ciphers()
|
|
|
dde086 |
- nss.nss.pkcs12_enable_cipher()
|
|
|
dde086 |
- nss.nss.pkcs12_export()
|
|
|
dde086 |
- nss.nss.pkcs12_map_cipher()
|
|
|
dde086 |
- nss.nss.pkcs12_set_nickname_collision_callback()
|
|
|
dde086 |
- nss.nss.pkcs12_set_preferred_cipher()
|
|
|
dde086 |
- nss.nss.token_exists()
|
|
|
dde086 |
- nss.ssl.config_mp_server_sid_cache()
|
|
|
dde086 |
- nss.ssl.config_server_session_id_cache_with_opt()
|
|
|
dde086 |
- nss.ssl.get_max_server_cache_locks()
|
|
|
dde086 |
- nss.ssl.set_max_server_cache_locks()
|
|
|
dde086 |
- nss.ssl.shutdown_server_session_id_cache()
|
|
|
dde086 |
|
|
|
dde086 |
* The following constants were added:
|
|
|
dde086 |
- nss.nss.int.PK11_DIS_COULD_NOT_INIT_TOKEN
|
|
|
dde086 |
- nss.nss.int.PK11_DIS_NONE
|
|
|
dde086 |
- nss.nss.int.PK11_DIS_TOKEN_NOT_PRESENT
|
|
|
dde086 |
- nss.nss.int.PK11_DIS_TOKEN_VERIFY_FAILED
|
|
|
dde086 |
- nss.nss.int.PK11_DIS_USER_SELECTED
|
|
|
dde086 |
- nss.nss.int.PKCS12_DES_56
|
|
|
dde086 |
- nss.nss.int.PKCS12_DES_EDE3_168
|
|
|
dde086 |
- nss.nss.int.PKCS12_RC2_CBC_128
|
|
|
dde086 |
- nss.nss.int.PKCS12_RC2_CBC_40
|
|
|
dde086 |
- nss.nss.int.PKCS12_RC4_128
|
|
|
dde086 |
- nss.nss.int.PKCS12_RC4_40
|
|
|
dde086 |
|
|
|
dde086 |
* The following files were added:
|
|
|
dde086 |
- test/run_tests
|
|
|
dde086 |
- test/test_cipher.py (replaces cipher_test.py)
|
|
|
dde086 |
- test/test_client_server.py
|
|
|
dde086 |
- test/test_digest.py (replaces digest_test.py)
|
|
|
dde086 |
- test/test_pkcs12.py
|
|
|
dde086 |
|
|
|
dde086 |
* The following were deprecated:
|
|
|
dde086 |
- SignatureAlgorithm
|
|
|
dde086 |
|
|
|
dde086 |
* Tue Mar 22 2011 John Dennis <jdennis@redhat.com> - 0.11-2
|
|
|
dde086 |
- Resolves: #689059
|
|
|
dde086 |
Add family parameter to Socket constructors in examples and doc.
|
|
|
dde086 |
Mark implicit family parameter as deprecated.
|
|
|
dde086 |
Raise exception if Socket family does not match NetworkAddress family.
|
|
|
dde086 |
Add --server-subject to setup_certs.py (made testing IPv6 easier without DNS)
|
|
|
dde086 |
|
|
|
dde086 |
* Mon Feb 21 2011 John Dennis <jdennis@redhat.com> - 0.11-1
|
|
|
dde086 |
* Better support for IPv6
|
|
|
dde086 |
|
|
|
dde086 |
* Add AddrInfo class to support IPv6 address resolution. Supports
|
|
|
dde086 |
iteration over it's set of NetworkAddress objects and provides
|
|
|
dde086 |
hostname, canonical_name object properties.
|
|
|
dde086 |
|
|
|
dde086 |
* Add PR_AI_* constants.
|
|
|
dde086 |
|
|
|
dde086 |
* NetworkAddress constructor and NetworkAddress.set_from_string() added
|
|
|
dde086 |
optional family parameter. This is necessary for utilizing
|
|
|
dde086 |
PR_GetAddrInfoByName().
|
|
|
dde086 |
|
|
|
dde086 |
* NetworkAddress initialized via a string paramter are now initalized via
|
|
|
dde086 |
PR_GetAddrInfoByName using family.
|
|
|
dde086 |
|
|
|
dde086 |
* Add NetworkAddress.address property to return the address sans the
|
|
|
dde086 |
port as a string. NetworkAddress.str() includes the port. For IPv6 the
|
|
|
dde086 |
a hex string must be enclosed in brackets if a port is appended to it,
|
|
|
dde086 |
the bracketed hex address with appended with a port is unappropriate
|
|
|
dde086 |
in some circumstances, hence the new address property to permit either
|
|
|
dde086 |
the address string with a port or without a port.
|
|
|
dde086 |
|
|
|
dde086 |
* Fix the implementation of the NetworkAddress.family property, it was
|
|
|
dde086 |
returning bogus data due to wrong native data size.
|
|
|
dde086 |
|
|
|
dde086 |
* HostEntry objects now support iteration and indexing of their
|
|
|
dde086 |
NetworkAddress members.
|
|
|
dde086 |
|
|
|
dde086 |
* Add io.addr_family_name() function to return string representation of
|
|
|
dde086 |
PR_AF_* constants.
|
|
|
dde086 |
|
|
|
dde086 |
* Modify example and test code to utilize AddrInfo instead of deprecated
|
|
|
dde086 |
NetworkAddress functionality. Add address family command argument to
|
|
|
dde086 |
ssl_example.
|
|
|
dde086 |
|
|
|
dde086 |
* Fix pty import statement in test/setup_certs.py
|
|
|
dde086 |
|
|
|
dde086 |
Deprecated Functionality:
|
|
|
dde086 |
-------------------------
|
|
|
dde086 |
|
|
|
dde086 |
* NetworkAddress initialized via a string paramter is now
|
|
|
dde086 |
deprecated. AddrInfo should be used instead.
|
|
|
dde086 |
|
|
|
dde086 |
* NetworkAddress.set_from_string is now deprecated. AddrInfo should be
|
|
|
dde086 |
used instead.
|
|
|
dde086 |
|
|
|
dde086 |
* NetworkAddress.hostentry is deprecated. It was a bad idea,
|
|
|
dde086 |
NetworkAddress objects can support both IPv4 and IPv6, but a HostEntry
|
|
|
dde086 |
object can only support IPv4. Plus the implementation depdended on
|
|
|
dde086 |
being able to perform a reverse DNS lookup which is not always
|
|
|
dde086 |
possible.
|
|
|
dde086 |
|
|
|
dde086 |
* HostEntry.get_network_addresses() and HostEntry.get_network_address()
|
|
|
dde086 |
are now deprecated. In addition their port parameter is now no longer
|
|
|
dde086 |
respected. HostEntry objects now support iteration and
|
|
|
dde086 |
indexing of their NetworkAddress and that should be used to access
|
|
|
dde086 |
their NetworkAddress objects instead.
|
|
|
dde086 |
|
|
|
dde086 |
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.10-4
|
|
|
dde086 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
|
|
dde086 |
|
|
|
dde086 |
* Tue Jan 11 2011 John Dennis <jdennis@redhat.com> - 0.10-3
|
|
|
dde086 |
- Fix all rpmlint warnings
|
|
|
dde086 |
- doc for license, changelog etc. now in main package,
|
|
|
dde086 |
doc subpackage now only contains api doc, examples, test, etc.
|
|
|
dde086 |
- Filter provides for .so files
|
|
|
dde086 |
- Remove execute permission on everything in docdir
|
|
|
dde086 |
- Capitalize description
|
|
|
dde086 |
|
|
|
dde086 |
* Tue Jan 11 2011 John Dennis <jdennis@redhat.com> - 0.10-2
|
|
|
dde086 |
- split documentation out into separate doc sub-package
|
|
|
dde086 |
and make building api documentation optional
|
|
|
dde086 |
|
|
|
dde086 |
* Mon Jan 10 2011 John Dennis <jdennis@redhat.com> - 0.10-1
|
|
|
dde086 |
- The following classes were added:
|
|
|
dde086 |
InitParameters
|
|
|
dde086 |
InitContext
|
|
|
dde086 |
|
|
|
dde086 |
-The following module functions were added:
|
|
|
dde086 |
nss.nss.nss_initialize()
|
|
|
dde086 |
nss.nss.nss_init_context()
|
|
|
dde086 |
nss.nss.nss_shutdown_context()
|
|
|
dde086 |
nss.nss.nss_init_flags()
|
|
|
dde086 |
|
|
|
dde086 |
* Thu Jul 22 2010 David Malcolm <dmalcolm@redhat.com> - 0.9-9
|
|
|
dde086 |
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
|
|
|
dde086 |
|
|
|
dde086 |
* Fri Jul 16 2010 John Dennis <jdennis@redhat.com> - 0.9-8
|
|
|
dde086 |
- add nss_is_initialized()
|
|
|
dde086 |
|
|
|
dde086 |
* Thu Jul 8 2010 John Dennis <jdennis@redhat.com> - 0.9-7
|
|
|
dde086 |
- Remove nss_init_nodb() when nss modules loads from previous version
|
|
|
dde086 |
apparently this prevents subsequent calls to nss_init with a
|
|
|
dde086 |
database to silently fail.
|
|
|
dde086 |
- Clean up some cruft in doc/examples/verify_server.py
|
|
|
dde086 |
|
|
|
dde086 |
* Thu Jun 24 2010 John Dennis <jdennis@redhat.com> - 0.9-6
|
|
|
dde086 |
- Invoke nss_init_nodb() when nss modules loads, this prevents segfaults
|
|
|
dde086 |
in NSS if Python programmer forgot to call one of the NSS
|
|
|
dde086 |
initialization routines.
|
|
|
dde086 |
|
|
|
dde086 |
- Rename the classes X500Name, X500RDN, X500AVA to DN, RDN, AVA
|
|
|
dde086 |
respectively.
|
|
|
dde086 |
|
|
|
dde086 |
- DN and RDN objects now return a list of their contents when indexed by
|
|
|
dde086 |
type, this is to support multi-valued items.
|
|
|
dde086 |
|
|
|
dde086 |
- Fix bug where AVA object's string representation did not include it's
|
|
|
dde086 |
type.
|
|
|
dde086 |
|
|
|
dde086 |
- Enhance test/test_cert_components.py unit test to test for above
|
|
|
dde086 |
changes.
|
|
|
dde086 |
|
|
|
dde086 |
- Add CertificateRequest object
|
|
|
dde086 |
|
|
|
dde086 |
* Mon Jun 14 2010 John Dennis <jdennis@redhat.com> - 0.9-5
|
|
|
dde086 |
- Fix incomplete read bug (due to read ahead buffer bookkeeping).
|
|
|
dde086 |
- Remove python-nss specific httplib.py, no longer needed
|
|
|
dde086 |
python-nss now compatible with standard library
|
|
|
dde086 |
- Rewrite httplib_example.py to use standard library and illustrate
|
|
|
dde086 |
ssl, non-ssl, connection class, http class usage
|
|
|
dde086 |
|
|
|
dde086 |
* Wed Jun 9 2010 John Dennis <jdennis@redhat.com> - 0.9-4
|
|
|
dde086 |
- add nss.cert_usage_flags(), use it in ssl_example.py
|
|
|
dde086 |
|
|
|
dde086 |
* Sun Jun 6 2010 John Dennis <jdennis@redhat.com> - 0.9-3
|
|
|
dde086 |
- Add format_lines() & format() methods to the new certificate extension objects.
|
|
|
dde086 |
- Add printing of certificate extensions.
|
|
|
dde086 |
- Add BasicContstraints certificate extension.
|
|
|
dde086 |
- Fix several reference counting and memory problems discovered with valgrind.
|
|
|
dde086 |
|
|
|
dde086 |
* Tue Jun 1 2010 John Dennis <jdennis@redhat.com> - 0.9-2
|
|
|
dde086 |
- fold in more ref counting patches from Miloslav Trmač <mitr@redhat.com>
|
|
|
dde086 |
into upstream.
|
|
|
dde086 |
Did not bump upstream version, just bumped release ver in this spec file.
|
|
|
dde086 |
|
|
|
dde086 |
* Fri May 28 2010 John Dennis <jdennis@redhat.com> - 0.9-1
|
|
|
dde086 |
- Unicode objects now accepted as well as str objects for
|
|
|
dde086 |
interfaces expecting a string.
|
|
|
dde086 |
|
|
|
dde086 |
- Sockets were enhanced thusly:
|
|
|
dde086 |
- Threads will now yield during blocking IO.
|
|
|
dde086 |
- Socket.makefile() reimplemented
|
|
|
dde086 |
file object methods that had been missing (readlines(), sendall(),
|
|
|
dde086 |
and iteration) were implemented, makefile now just returns the same
|
|
|
dde086 |
Socket object but increments an "open" ref count. Thus a Socket
|
|
|
dde086 |
object behaves like a file object and must be closed once for each
|
|
|
dde086 |
makefile() call before it's actually closed.
|
|
|
dde086 |
- Sockets now support the iter protocol
|
|
|
dde086 |
- Add Socket.readlines(), Socket.sendall()
|
|
|
dde086 |
|
|
|
dde086 |
- The following classes were added:
|
|
|
dde086 |
AuthKeyID
|
|
|
dde086 |
BasicConstraints
|
|
|
dde086 |
CRLDistributionPoint
|
|
|
dde086 |
CRLDistributionPts
|
|
|
dde086 |
CertificateExtension
|
|
|
dde086 |
GeneralName
|
|
|
dde086 |
SignedCRL
|
|
|
dde086 |
X500AVA
|
|
|
dde086 |
X500Name
|
|
|
dde086 |
X500RDN
|
|
|
dde086 |
|
|
|
dde086 |
- The following module functions were added:
|
|
|
dde086 |
nss.nss.cert_crl_reason_from_name()
|
|
|
dde086 |
nss.nss.cert_crl_reason_name()
|
|
|
dde086 |
nss.nss.cert_general_name_type_from_name()
|
|
|
dde086 |
nss.nss.cert_general_name_type_name()
|
|
|
dde086 |
nss.nss.cert_usage_flags()
|
|
|
dde086 |
nss.nss.decode_der_crl()
|
|
|
dde086 |
nss.nss.der_universal_secitem_fmt_lines()
|
|
|
dde086 |
nss.nss.import_crl()
|
|
|
dde086 |
nss.nss.make_line_pairs()
|
|
|
dde086 |
nss.nss.oid_dotted_decimal()
|
|
|
dde086 |
nss.nss.oid_str()
|
|
|
dde086 |
nss.nss.oid_tag()
|
|
|
dde086 |
nss.nss.oid_tag_name()
|
|
|
dde086 |
nss.nss.read_der_from_file()
|
|
|
dde086 |
nss.nss.x509_alt_name()
|
|
|
dde086 |
nss.nss.x509_ext_key_usage()
|
|
|
dde086 |
nss.nss.x509_key_usage()
|
|
|
dde086 |
|
|
|
dde086 |
- The following class methods and properties were added:
|
|
|
dde086 |
Note: it's a method if the name is suffixed with (), a propety otherwise
|
|
|
dde086 |
Socket.next()
|
|
|
dde086 |
Socket.readlines()
|
|
|
dde086 |
Socket.sendall()
|
|
|
dde086 |
SSLSocket.next()
|
|
|
dde086 |
SSLSocket.readlines()
|
|
|
dde086 |
SSLSocket.sendall()
|
|
|
dde086 |
AuthKeyID.key_id
|
|
|
dde086 |
AuthKeyID.serial_number
|
|
|
dde086 |
AuthKeyID.get_general_names()
|
|
|
dde086 |
CRLDistributionPoint.issuer
|
|
|
dde086 |
CRLDistributionPoint.get_general_names()
|
|
|
dde086 |
CRLDistributionPoint.get_reasons()
|
|
|
dde086 |
CertDB.find_crl_by_cert()
|
|
|
dde086 |
CertDB.find_crl_by_name()
|
|
|
dde086 |
Certificate.extensions
|
|
|
dde086 |
CertificateExtension.critical
|
|
|
dde086 |
CertificateExtension.name
|
|
|
dde086 |
CertificateExtension.oid
|
|
|
dde086 |
CertificateExtension.oid_tag
|
|
|
dde086 |
CertificateExtension.value
|
|
|
dde086 |
GeneralName.type_enum
|
|
|
dde086 |
GeneralName.type_name
|
|
|
dde086 |
GeneralName.type_string
|
|
|
dde086 |
SecItem.der_to_hex()
|
|
|
dde086 |
SecItem.get_oid_sequence()
|
|
|
dde086 |
SecItem.to_hex()
|
|
|
dde086 |
SignedCRL.delete_permanently()
|
|
|
dde086 |
X500AVA.oid
|
|
|
dde086 |
X500AVA.oid_tag
|
|
|
dde086 |
X500AVA.value
|
|
|
dde086 |
X500AVA.value_str
|
|
|
dde086 |
X500Name.cert_uid
|
|
|
dde086 |
X500Name.common_name
|
|
|
dde086 |
X500Name.country_name
|
|
|
dde086 |
X500Name.dc_name
|
|
|
dde086 |
X500Name.email_address
|
|
|
dde086 |
X500Name.locality_name
|
|
|
dde086 |
X500Name.org_name
|
|
|
dde086 |
X500Name.org_unit_name
|
|
|
dde086 |
X500Name.state_name
|
|
|
dde086 |
X500Name.add_rdn()
|
|
|
dde086 |
X500Name.has_key()
|
|
|
dde086 |
X500RDN.has_key()
|
|
|
dde086 |
|
|
|
dde086 |
- The following module functions were removed:
|
|
|
dde086 |
Note: use nss.nss.oid_tag() instead
|
|
|
dde086 |
nss.nss.sec_oid_tag_from_name()
|
|
|
dde086 |
nss.nss.sec_oid_tag_name()
|
|
|
dde086 |
nss.nss.sec_oid_tag_str()
|
|
|
dde086 |
|
|
|
dde086 |
- The following files were added:
|
|
|
dde086 |
doc/examples/cert_dump.py
|
|
|
dde086 |
test/test_cert_components.py
|
|
|
dde086 |
|
|
|
dde086 |
- Apply patches from Miloslav Trmač <mitr@redhat.com>
|
|
|
dde086 |
for ref counting and threading support. Thanks Miloslav!
|
|
|
dde086 |
|
|
|
dde086 |
- Review all ref counting, numerous ref counting fixes
|
|
|
dde086 |
|
|
|
dde086 |
- Implement cyclic garbage collection support by
|
|
|
dde086 |
adding object traversal and clear methods
|
|
|
dde086 |
|
|
|
dde086 |
- Identify static variables, move to thread local storage
|
|
|
dde086 |
|
|
|
dde086 |
|
|
|
dde086 |
* Wed Mar 24 2010 John Dennis <jdennis@redhat.com> - 0.8-2
|
|
|
dde086 |
- change %%define to %%global
|
|
|
dde086 |
|
|
|
dde086 |
* Mon Sep 21 2009 John Dennis <jdennis@redhat.com> - 0.8-1
|
|
|
dde086 |
- The following methods, properties and functions were added:
|
|
|
dde086 |
SecItem.type SecItem.len, SecItem.data
|
|
|
dde086 |
PK11SymKey.key_data, PK11SymKey.key_length, PK11SymKey.slot
|
|
|
dde086 |
create_context_by_sym_key
|
|
|
dde086 |
param_from_iv
|
|
|
dde086 |
generate_new_param
|
|
|
dde086 |
get_iv_length
|
|
|
dde086 |
get_block_size
|
|
|
dde086 |
get_pad_mechanism
|
|
|
dde086 |
- SecItem's now support indexing and slicing on their data
|
|
|
dde086 |
- Clean up parsing and parameter validation of variable arg functions
|
|
|
dde086 |
|
|
|
dde086 |
* Fri Sep 18 2009 John Dennis <jdennis@redhat.com> - 0.7-1
|
|
|
dde086 |
- add support for symmetric encryption/decryption
|
|
|
dde086 |
more support for digests (hashes)
|
|
|
dde086 |
|
|
|
dde086 |
The following classes were added:
|
|
|
dde086 |
PK11SymKey PK11Context
|
|
|
dde086 |
|
|
|
dde086 |
The following methods and functions were added:
|
|
|
dde086 |
get_best_wrap_mechanism get_best_key_length
|
|
|
dde086 |
key_gen derive
|
|
|
dde086 |
get_key_length digest_key
|
|
|
dde086 |
clone_context digest_begin
|
|
|
dde086 |
digest_op cipher_op
|
|
|
dde086 |
finalize digest_final
|
|
|
dde086 |
read_hex hash_buf
|
|
|
dde086 |
sec_oid_tag_str sec_oid_tag_name
|
|
|
dde086 |
sec_oid_tag_from_name key_mechanism_type_name
|
|
|
dde086 |
key_mechanism_type_from_name pk11_attribute_type_name
|
|
|
dde086 |
pk11_attribute_type_from_name get_best_slot
|
|
|
dde086 |
get_internal_key_slot create_context_by_sym_key
|
|
|
dde086 |
import_sym_key create_digest_context
|
|
|
dde086 |
param_from_iv param_from_algid
|
|
|
dde086 |
generate_new_param algtag_to_mechanism
|
|
|
dde086 |
mechanism_to_algtag
|
|
|
dde086 |
|
|
|
dde086 |
The following files were added:
|
|
|
dde086 |
cipher_test.py digest_test.py
|
|
|
dde086 |
|
|
|
dde086 |
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6-3
|
|
|
dde086 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
|
|
dde086 |
|
|
|
dde086 |
* Thu Jul 9 2009 John Dennis <jdennis@redhat.com> - 0.6-2
|
|
|
dde086 |
- restore nss.nssinit(), make deprecated
|
|
|
dde086 |
|
|
|
dde086 |
* Wed Jul 8 2009 John Dennis <jdennis@redhat.com> - 0.6-1
|
|
|
dde086 |
- fix bug #510343 client_auth_data_callback seg faults if False
|
|
|
dde086 |
is returned from callback
|
|
|
dde086 |
|
|
|
dde086 |
* Wed Jul 1 2009 John Dennis <jdennis@redhat.com> - 0.5-1
|
|
|
dde086 |
- restore ssl.nss_init and ssl.nss_shutdown but make them deprecated
|
|
|
dde086 |
add __version__ string to nss module
|
|
|
dde086 |
|
|
|
dde086 |
* Tue Jun 30 2009 John Dennis <jdennis@redhat.com> - 0.4-1
|
|
|
dde086 |
- add binding for NSS_NoDB_Init(), bug #509002
|
|
|
dde086 |
move nss_init and nss_shutdown from ssl module to nss module
|
|
|
dde086 |
|
|
|
dde086 |
* Thu Jun 4 2009 John Dennis <jdennis@redhat.com> - 0.3-1
|
|
|
dde086 |
- installed source code in Mozilla CVS repository
|
|
|
dde086 |
update URL tag to point to CVS repositoy
|
|
|
dde086 |
(not yet a valid URL, still have to coordinate with Mozilla)
|
|
|
dde086 |
minor tweak to src directory layout
|
|
|
dde086 |
|
|
|
dde086 |
* Mon Jun 1 2009 John Dennis <jdennis@redhat.com> - 0.2-1
|
|
|
dde086 |
- Convert licensing to MPL tri-license
|
|
|
dde086 |
- apply patch from bug #472805, (Miloslav Trmač)
|
|
|
dde086 |
Don't allow closing a socket twice, that causes crashes.
|
|
|
dde086 |
New function nss.io.Socket.new_socket_pair()
|
|
|
dde086 |
New function nss.io.Socket.poll()
|
|
|
dde086 |
New function nss.io.Socket.import_tcp_socket()
|
|
|
dde086 |
New method nss.nss.Certificate.get_subject_common_name()
|
|
|
dde086 |
New function nss.nss.generate_random()
|
|
|
dde086 |
Fix return value creation in SSLSocket.get_security_status
|
|
|
dde086 |
New function nss.ssl.SSLSocket.import_tcp_socket()
|
|
|
dde086 |
|
|
|
dde086 |
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.1-3
|
|
|
dde086 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
|
|
|
dde086 |
|
|
|
dde086 |
* Sat Nov 29 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 0.1-2
|
|
|
dde086 |
- Rebuild for Python 2.6
|
|
|
dde086 |
|
|
|
dde086 |
* Tue Sep 9 2008 John Dennis <jdennis@redhat.com> - 0.1-1
|
|
|
dde086 |
- clean up ssl_example.py, fix arg list in get_cert_nicknames,
|
|
|
dde086 |
make certdir cmd line arg consistent with other NSS tools
|
|
|
dde086 |
- update httplib.py to support client auth, add httplib_example.py which illustrates it's use
|
|
|
dde086 |
- fix some documentation
|
|
|
dde086 |
- fix some type usage which were unsafe on 64-bit
|
|
|
dde086 |
|
|
|
dde086 |
* Wed Jul 9 2008 John Dennis <jdennis@redhat.com> - 0.0-2
|
|
|
dde086 |
- add docutils to build requires so restructured text works
|
|
|
dde086 |
|
|
|
dde086 |
* Fri Jun 27 2008 John Dennis <jdennis@redhat.com> - 0.0-1
|
|
|
dde086 |
- initial release
|