Releases: pyca/service-identity
24.1.0
Highlights
Only one visible change: if a certificate has not subjectAltNames, meaning there's nothing to verify against, a service_identity.CertificateError is raised now instead of a VerificationError. This change was prompted by the difficulty to debug the problem with certificates that still only carry a commonName that has been ignored since 23.1.0.
Special Thanks
This release would not be possible without my generous sponsors! Thank you to all of you making sustainable maintenance possible! If you would like to join them, go to https://github.com/sponsors/hynek and check out the sweet perks!
Above and Beyond
Variomedia AG (@variomedia), Tidelift (@tidelift), FilePreviews (@filepreviews), Daniel Fortunov (@asqui), Kevin P. Fleming (@kpfleming), and Sören Weber (@SoerenWeber).
Maintenance Sustainers
Jeff Triplett (@jefftriplett), Adam Hill (@adamghill), Dan Groshev (@si14), Magnus Watn (@magnuswatn), David Cramer (@dcramer), Moving Content AG (@moving-content), ProteinQure (@ProteinQure), Jesse Snyder (@jessesnyder), Rivo Laks (@rivol), Ionel Cristian Mărieș (@ionelmc), The Westervelt Company (@westerveltco), Philippe Galvan (@PhilippeGalvan), Birk Jernström (@birkjernstrom), Tim Schilling (@tim-schilling), Chris Withers (@cjw296), Christopher Dignam (@chdsbd), Stefan Hagen (@sthagen), Sławomir Ehlert (@slafs), Mostafa Khalil (@khadrawy), Filip Mularczyk (@mukiblejlok), Mike Fiedler (@miketheman), and Michel Vittória (@michelvittoria).
Not to forget 5 more amazing humans who chose to be generous but anonymous!
Full Changelog
Changed
- If a certificate doesn't contain any
subjectAltNames, we now raiseservice_identity.CertificateErrorinstead ofservice_identity.VerificationErrorto make the problem easier to debug. #67
23.1.0
Highlights
Since there wasn't any interest in adding more verification methods, this release makes the service identity pattern extraction from pyOpenSSL and PyCA cryptography certificate public APIs. Check out service_identity.cryptography.extract_patterns() and service_identity.pyopenssl.extract_patterns()!
It also adds type hints and removes support for commonName. Otherwise there's no changes to how service identities are extracted or compared.
Special Thanks
This release would not be possible without my generous sponsors! Thank you to all of you making sustainable maintenance possible! If you would like to join them, go to https://github.com/sponsors/hynek and check out the sweet perks!
Above and Beyond
Variomedia AG (@variomedia), Tidelift (@tidelift), Sentry (@getsentry), HiredScore (@HiredScore), FilePreviews (@filepreviews), and Daniel Fortunov (@asqui).
Maintenance Sustainers
Adam Hill (@adamghill), Dan Groshev (@si14), Magnus Watn (@magnuswatn), David Cramer (@dcramer), Moving Content AG (@moving-content), Stein Magnus Jodal (@jodal), ProteinQure (@ProteinQure), Jesse Snyder (@jessesnyder), Rivo Laks (@rivol), Tom Ballinger (@thomasballinger), Ionel Cristian Mărieș (@ionelmc), The Westervelt Company (@westerveltco), Philippe Galvan (@PhilippeGalvan), Birk Jernström (@birkjernstrom), Tim Schilling (@tim-schilling), Chris Withers (@cjw296), Christopher Dignam (@chdsbd), and Stefan Hagen (@sthagen).
Not to forget 5 more amazing humans who chose to be generous but anonymous!
Full Changelog
Removed
- All Python versions up to and including 3.7 have been dropped.
- Support for
commonNamein certificates has been dropped. It has been deprecated since 2017 and isn't supported by any major browser. - The oldest supported pyOpenSSL version (when using the
pyopensslbackend) is now 17.0.0. When using such an old pyOpenSSL version, you have to pin cryptography yourself to ensure compatibility between them. Please check outcontraints/oldest-pyopenssl.txtto verify what we are testing against.
Deprecated
- If you've used
service_identity.(cryptography|pyopenssl).extract_ids(), please switch to the new namesextract_patterns(). #56
