Skip to content

Latest commit

 

History

History
102 lines (68 loc) · 3.89 KB

CHANGELOG.md

File metadata and controls

102 lines (68 loc) · 3.89 KB

0.10.4

  • Fixed a thread-safety issue when configuring the internal ssl.SSLContext object.

0.10.3

  • Added support for the system certificate bundle in Fedora 43 and later.

0.10.2

  • Release failed to publish to PyPI due to outdated build tools. Created new release (0.10.3) after updating build to 1.2.2.post1.

0.10.1

  • Fixed the patching of Requests' globally-cached ssl.SSLContext object to work automagically with truststore.inject_into_ssl() regardless of import-order.
  • Speed up import times by skipping feature-checking for known Python implementations (CPython and PyPy).

0.10.0

  • Added support for macOS 10.13 and earlier using the SecTrustEvaluate API. Note that this API doesn't return fine-grained errors like SecTrustEvaluateWithError (requires macOS 10.14+).
  • Added SSLContext.set_default_verify_paths() method.
  • Changed method for disabling hostname verification for macOS and Windows. Previously would ignore hostname verification errors if SSLContext.check_hostname was False. Now for both macOS and Windows the certificate verification policy is configured to not check certificate hostname. This should have no effect on users.

0.9.2

  • Fixed an issue where implementations supporting Python 3.10 but not the peer certificate chain APIs would fail during the handshake instead of when importing the truststore module. The module now raises an error immediately instead of on first handshake. This was added for the GraalPy implementation specifically, but there may be others.

0.9.1

  • Fixed an issue for CPython 3.13 where ssl.SSLSocket and ssl.SSLObject certificate chain APIs would return different types.

0.9.0

  • Added support for Python 3.13.
  • Fixed loading additional certificates on macOS.
  • Changed error message for Windows when peer offers no certificates and verification is enabled. Previously was IndexError, now is SSLCertVerificationError.

0.8.0

  • Added support for PyPy 3.10 and later.

0.7.0

  • Changed the error raised when using an unsupported macOS version (10.7 or earlier) from an OSError to an ImportError to match the error raised in other situations where the module isn't supported.

0.6.1

  • Fixed issue where a RecursionError that would be raised when setting SSLContext.minimum_version or .maximum_version.

0.6.0

  • Truststore is now beta! Truststore will be made the default in a future pip release.
  • Added inject_into_ssl() and extract_from_ssl() to enable Truststore for all packages using ssl.SSLContext automatically.
  • Added support for setting check_hostname, verify_mode, and verify_flags.
  • Added pass-through implementations for many ssl.SSLContext methods like load_cert_chain(), set_alpn_protocols(), etc.

0.5.0

  • Support for using truststore was released with pip v22.2! You can read more here about how to help us test truststore.
  • Added David Glick as an author in packaging metadata.
  • Added documentation for how to use truststore with urllib3, Requests, aiohttp, and pip.
  • Changed macOS SecureTransport error handling to raise as ssl.SSLError with message from the OS.

0.4.0

  • Added more descriptive error messages to ssl.SSLCertVerificationError determined by the OS on macOS and Windows.
  • Changed Windows to follow SSLContext.verify_flags for strictly checking CRLs instead of checking CRLs strictly by default.

0.3.0

  • Added support for loading extra CA certificates via SSLContext.load_verify_locations().
  • Added type hints.
  • Changed the name of TruststoreSSLContext to SSLContext.
  • Changed certificate hostname verification to rely on macOS and Windows instead of OpenSSL.
  • Fixed the order default certificates are loaded for OpenSSL backend.

0.2.0

  • Added support for Windows via the CryptoAPI.

0.1.0

  • Initial release with support for macOS and Linux.