Releases: pyca/service-identity
24.2.0
Highlights
There is only one notable change in this release and it's @alex ripping out some gnarly code using gnarly, deprecated APIs.
Special Thanks
This release would not be possible without my generous sponsors! Thank you to all of you making sustainable maintenance possible! If you would like to join them, go to https://github.com/sponsors/hynek and check out the sweet perks!
Above and Beyond
Variomedia AG (@variomedia), Tidelift (@tidelift), Klaviyo (@klaviyo), FilePreviews (@filepreviews), Privacy Solutions GmbH (@privacy-solutions), Daniel Fortunov (@asqui), Kevin P. Fleming (@kpfleming), and Polar (@polarsource).
Maintenance Sustainers
Buttondown (@buttondown), Christopher Dignam (@chdsbd), Stefan Hagen (@sthagen), Magnus Watn (@magnuswatn), David Cramer (@dcramer), Jesse Snyder (@jessesnyder), Rivo Laks (@rivol), Chris Withers (@cjw296), Mike Fiedler (@miketheman), Duncan Hill (@cricalix), Colin Marquardt (@cmarqu), Pieter Swinkels (@swinkels), Nick Libertini (@libertininick), Adam Hill (@adamghill), Moving Content AG (@moving-content), ProteinQure (@ProteinQure), The Westervelt Company (@westerveltco), Philippe Galvan (@PhilippeGalvan), Sławomir Ehlert (@slafs), Mostafa Khalil (@khadrawy), Filip Mularczyk (@mukiblejlok), Thomas Klinger (@thmsklngr), Andreas Poehlmann (@ap--), August Bigelow (@atbigelow), Carlton Gibson (@carltongibson), and Roboflow (@roboflow).
Not to forget 12 more amazing humans who chose to be generous but anonymous!
Full Changelog
Added
- Python 3.13 is now officially supported. #74
Changed
- pyOpenSSL's identity extraction has been reimplemented using cryptography's primitives instead of deprecated pyOpenSSL APIs. As a result, the oldest supported pyOpenSSL version is now 17.1.0. #70
This release contains contributions from @alex, and @hynek.
Artifact Attestations
You can verify this release's artifact attestions using GitHub's CLI tool by downloading the sdist and wheel from PyPI and running:
$ gh attestation verify --owner pyca service_identity-24.2.0.tar.gzand
$ gh attestation verify --owner pyca service_identity-24.2.0-py3-none-any.whlContributors
Assets 2
24.1.0
Highlights
Only one visible change: if a certificate has not subjectAltNames, meaning there's nothing to verify against, a service_identity.CertificateError is raised now instead of a VerificationError. This change was prompted by the difficulty to debug the problem with certificates that still only carry a commonName that has been ignored since 23.1.0.
Special Thanks
This release would not be possible without my generous sponsors! Thank you to all of you making sustainable maintenance possible! If you would like to join them, go to https://github.com/sponsors/hynek and check out the sweet perks!
Above and Beyond
Variomedia AG (@variomedia), Tidelift (@tidelift), FilePreviews (@filepreviews), Daniel Fortunov (@asqui), Kevin P. Fleming (@kpfleming), and Sören Weber (@SoerenWeber).
Maintenance Sustainers
Jeff Triplett (@jefftriplett), Adam Hill (@adamghill), Dan Groshev (@si14), Magnus Watn (@magnuswatn), David Cramer (@dcramer), Moving Content AG (@moving-content), ProteinQure (@ProteinQure), Jesse Snyder (@jessesnyder), Rivo Laks (@rivol), Ionel Cristian Mărieș (@ionelmc), The Westervelt Company (@westerveltco), Philippe Galvan (@PhilippeGalvan), Birk Jernström (@birkjernstrom), Tim Schilling (@tim-schilling), Chris Withers (@cjw296), Christopher Dignam (@chdsbd), Stefan Hagen (@sthagen), Sławomir Ehlert (@slafs), Mostafa Khalil (@khadrawy), Filip Mularczyk (@mukiblejlok), Mike Fiedler (@miketheman), and Michel Vittória (@michelvittoria).
Not to forget 5 more amazing humans who chose to be generous but anonymous!
Full Changelog
Changed
- If a certificate doesn't contain any
subjectAltNames, we now raiseservice_identity.CertificateErrorinstead ofservice_identity.VerificationErrorto make the problem easier to debug. #67
23.1.0
Highlights
Since there wasn't any interest in adding more verification methods, this release makes the service identity pattern extraction from pyOpenSSL and PyCA cryptography certificate public APIs. Check out service_identity.cryptography.extract_patterns() and service_identity.pyopenssl.extract_patterns()!
It also adds type hints and removes support for commonName. Otherwise there's no changes to how service identities are extracted or compared.
Special Thanks
This release would not be possible without my generous sponsors! Thank you to all of you making sustainable maintenance possible! If you would like to join them, go to https://github.com/sponsors/hynek and check out the sweet perks!
Above and Beyond
Variomedia AG (@variomedia), Tidelift (@tidelift), Sentry (@getsentry), HiredScore (@HiredScore), FilePreviews (@filepreviews), and Daniel Fortunov (@asqui).
Maintenance Sustainers
Adam Hill (@adamghill), Dan Groshev (@si14), Magnus Watn (@magnuswatn), David Cramer (@dcramer), Moving Content AG (@moving-content), Stein Magnus Jodal (@jodal), ProteinQure (@ProteinQure), Jesse Snyder (@jessesnyder), Rivo Laks (@rivol), Tom Ballinger (@thomasballinger), Ionel Cristian Mărieș (@ionelmc), The Westervelt Company (@westerveltco), Philippe Galvan (@PhilippeGalvan), Birk Jernström (@birkjernstrom), Tim Schilling (@tim-schilling), Chris Withers (@cjw296), Christopher Dignam (@chdsbd), and Stefan Hagen (@sthagen).
Not to forget 5 more amazing humans who chose to be generous but anonymous!
Full Changelog
Removed
- All Python versions up to and including 3.7 have been dropped.
- Support for
commonNamein certificates has been dropped. It has been deprecated since 2017 and isn't supported by any major browser. - The oldest supported pyOpenSSL version (when using the
pyopensslbackend) is now 17.0.0. When using such an old pyOpenSSL version, you have to pin cryptography yourself to ensure compatibility between them. Please check outcontraints/oldest-pyopenssl.txtto verify what we are testing against.
Deprecated
- If you've used
service_identity.(cryptography|pyopenssl).extract_ids(), please switch to the new namesextract_patterns(). #56
