File: changelog.md

package info (click to toggle)
asn1crypto 0.24.0-1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster, sid
  • size: 688 kB
  • sloc: python: 9,275; makefile: 4
file content (339 lines) | stat: -rw-r--r-- 14,624 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
# changelog

## 0.24.0

 - `x509.Certificate().self_signed` will no longer return `"yes"` under any
   circumstances. This helps prevent confusion since the library does not
   verify the signature. Instead a library like oscrypto should be used
   to confirm if a certificate is self-signed.
 - Added various OIDs to `x509.KeyPurposeId()`
 - Added `x509.Certificate().private_key_usage_period_value`
 - Added structures for parsing common subject directory attributes for
   X.509 certificates, including `x509.SubjectDirectoryAttribute()`
 - Added `algos.AnyAlgorithmIdentifier()` for situations where an
   algorithm identifier may contain a digest, signed digest or encryption
   algorithm OID
 - Fixed a bug with `x509.Certificate().subject_directory_attributes_value`
   not returning the correct value
 - Fixed a bug where explicitly-tagged fields in a `core.Sequence()` would
   not function properly when the field had a default value
 - Fixed a bug with type checking in `pem.armor()`

## 0.23.0

 - Backwards compatibility break: the `tag_type`, `explicit_tag` and
   `explicit_class` attributes on `core.Asn1Value` no longer exist and were
   replaced by the `implicit` and `explicit` attributes. Field param dicts
   may use the new `explicit` and `implicit` keys, or the old `tag_type` and
   `tag` keys. The attribute changes will likely to have little to no impact
   since they were primarily an implementation detail.
 - Teletex strings used inside of X.509 certificates are now interpreted
   using Windows-1252 (a superset of ISO-8859-1). This enables compatibility
   with certificates generated by OpenSSL. Strict parsing of Teletex strings
   can be retained by using the `x509.strict_teletex()` context manager.
 - Added support for nested explicit tagging, supporting values that are
   defined with explicit tagging and then added as a field of another
   structure using explicit tagging.
 - Fixed a `UnicodeDecodeError` when trying to find the (optional) dependency
   OpenSSL on Python 2
 - Fixed `next_update` field of `crl.TbsCertList` to be optional
 - Added the `x509.Certificate.sha256_fingerprint` property
 - `x509.Certificate.ocsp_urls` and `x509.DistributionPoint.url` will now
   return `https://`, `ldap://` and `ldaps://` URLs in addition to `http://`.
 - Added CMS Attribute Protection definitions from RFC 6211
 - Added OIDs from RFC 6962

## 0.22.0

 - Added `parser.peek()`
 - Implemented proper support for BER-encoded indefinite length strings of
   all kinds - `core.BitString`, `core.OctetString` and all of the `core`
   classes that are natively represented as Python unicode strings
 - Fixed a bug with encoding LDAP URLs in `x509.URI`
 - Correct `x509.DNSName` to allow a leading `.`, such as when used with
   `x509.NameConstraints`
 - Fixed an issue with dumping the parsed contents of `core.Any` when
   explicitly tagged
 - Custom `setup.py clean` now accepts the short `-a` flag for compatibility

## 0.21.1

 - Fixed a regression where explicit tagging of a field containing a
   `core.Choice` would result in an incorrect header
 - Fixed a bug where an `IndexError` was being raised instead of a `ValueError`
   when a value was truncated to not include enough bytes for the header
 - Corrected the spec for the `value` field of `pkcs12.Attribute`
 - Added support for `2.16.840.1.113894.746875.1.1` OID to
   `pkcs12.AttributeType`

## 0.21.0

 - Added `core.load()` for loading standard, universal types without knowing
   the spec beforehand
 - Added a `strict` keyword arg to the various `load()` methods and functions in
   `core` that checks for trailing data and raises a `ValueError` when found
 - Added `asn1crypto.parser` submodule with `emit()` and `parse()` functions for
   low-level integration
 - Added `asn1crypto.version` for version introspection without side-effects
 - Added `algos.DSASignature`
 - Fixed a bug with the `_header` attribute of explicitly-tagged values only
   containing the explicit tag header instead of both the explicit tag header
   and the encapsulated value header

## 0.20.0

 - Added support for year 0
 - Added the OID for unique identifier to `x509.NameType`
 - Fixed a bug creating the native representation of a `core.BitString` with
   leading null bytes
 - Added a `.cast()` method to allow converting between different
   representations of the same data, e.g. `core.BitString` and
   `core.OctetBitString`

## 0.19.0

 - Force `algos.DigestAlgorithm` to encoding `parameters` as `Null` when the
   `algorithm` is `sha1`, `sha224`, `sha256`, `sha384` or `sha512` per RFC 4055
 - Resolved an issue where a BER-encoded indefinite-length value could not be
   properly parsed when embedded inside of a `core.Sequence` or `core.Set`
 - Fix `x509.Name.build()` to properly handle dotted OID type values
 - `core.Choice` can now be constructed from a single-element `dict` or a
   two-element `tuple` to allow for better usability when constructing values
   from native Python values
 - All `core` objects can now be passed to `print()` with an exception being
   raised

## 0.18.5

 - Don't fail importing if `ctypes` or `_ctypes` is not available

## 0.18.4

 - `core.Sequence` will now raise an exception when an unknown field is provided
 - Prevent `UnicodeDecodeError` on Python 2 when calling
   `core.OctetString.debug()`
 - Corrected the default value for the `hash_algorithm` field of
   `tsp.ESSCertIDv2`
 - Fixed a bug constructing a `cms.SignedData` object
 - Ensure that specific RSA OIDs are always paired with `parameters` set to
   `core.Null`

## 0.18.3

 - Fixed DER encoding of `core.BitString` when a `_map` is specified (i.e. a
   "named bit list") to omit trailing zero bits. This fixes compliance of
   various `x509` structures with RFC 5280.
 - Corrected a side effect in `keys.PrivateKeyInfo.wrap()` that would cause the
   original `keys.ECPrivateKey` structure to become corrupt
 - `core.IntegerOctetString` now correctly encodes the integer as an unsigned
   value when converting to bytes. Previously decoding was unsigned, but
   encoding was signed.
 - Fix `util.int_from_bytes()` on Python 2 to return `0` from an empty byte
   string

## 0.18.2

 - Allow `_perf` submodule to be removed from source tree when embedding

## 0.18.1

 - Fixed DER encoding of `core.Set` and `core.SetOf`
 - Fixed a bug in `x509.Name.build()` that could generate invalid DER encoding
 - Improved exception messages when parsing nested structures via the `.native`
   attribute
 - `algos.SignedDigestAlgorithm` now ensures the `parameters` are set to
   `Null` when `algorithm` is `sha224_rsa`, `sha256_rsa`, `sha384_rsa` or
   `sha512_rsa`, per RFC 4055
 - Corrected the definition of `pdf.AdobeTimestamp` to mark the
   `requires_auth` field as optional
 - Add support for the OID `1.2.840.113549.1.9.16.2.14` to
   `cms.CMSAttributeType`
 - Improve attribute support for `cms.AttributeCertificateV2`
 - Handle `cms.AttributeCertificateV2` when incorrectly tagged as
   `cms.AttributeCertificateV1` in `cms.CertificateChoices`

## 0.18.0

 - Improved general parsing performance by 10-15%
 - Add support for Windows XP
 - Added `core.ObjectIdentifier.dotted` attribute to always return dotted
   integer unicode string
 - Added `core.ObjectIdentifier.map()` and `core.ObjectIdentifier.unmap()`
   class methods to map dotted integer unicode strings to user-friendly unicode
   strings and back
 - Added various Apple OIDs to `x509.KeyPurposeId`
 - Fixed a bug parsing nested indefinite-length-encoded values
 - Fixed a bug with `x509.Certificate.issuer_alt_name_value` if it is the first
   extension queried
 - `keys.PublicKeyInfo.bit_size` and `keys.PrivateKeyInfo.bit_size` values are
   now rounded up to the next closest multiple of 8

## 0.17.1

 - Fix a bug in `x509.URI` parsing IRIs containing explicit port numbers on
   Python 3.x

## 0.17.0

 - Added `x509.TrustedCertificate` for handling OpenSSL auxiliary certificate
   information appended after a certificate
 - Added `core.Concat` class for situations such as `x509.TrustedCertificate`
 - Allow "broken" X.509 certificates to use `core.IA5String` where an
   `x509.DirectoryString` should be used instead
 - Added `keys.PrivateKeyInfo.public_key_info` attribute
 - Added a bunch of OIDs to `x509.KeyPurposeId`

## 0.16.0

 - Added DH key exchange structures: `algos.KeyExchangeAlgorithm`,
   `algos.KeyExchangeAlgorithmId` and `algos.DHParameters`.
 - Added DH public key support to `keys.PublicKeyInfo`,
   `keys.PublicKeyAlgorithm` and `keys.PublicKeyAlgorithmId`. New structures
   include `keys.DomainParameters` and `keys.ValidationParms`.

## 0.15.1

 - Fixed `cms.CMSAttributes` to be a `core.SetOf` instead of `core.SequenceOf`
 - `cms.CMSAttribute` can now parse unknown attribute contrustruct without an
   exception being raised
 - `x509.PolicyMapping` now uses `x509.PolicyIdentifier` for field types
 - Fixed `pdf.RevocationInfoArchival` so that all fields are now of the type
   `core.SequenceOf` instead of a single value
 - Added support for the `name_distinguisher`, `telephone_number` and
   `organization_identifier` OIDs to `x509.Name`
 - Fixed `x509.Name.native` to not accidentally create nested lists when three
   of more values for a single type are part of the name
 - `x509.Name.human_friendly` now reverses the order of fields when the data
   in an `x509.Name` was encoded in most-specific to least-specific order, which
   is the opposite of the standard way of least-specific to most-specific.
 - `x509.NameType.human_friendly` no longer raises an exception when an
   unknown OID is encountered
 - Raise a `ValueError` when parsing a `core.Set` and an unknown field is
   encountered

## 0.15.0

 - Added support for the TLS feature extension from RFC 7633
 - `x509.Name.build()` now accepts a keyword parameter `use_printable` to force
   string encoding to be `core.PrintableString` instead of `core.UTF8String`
 - Added the functions `util.uri_to_iri()` and `util.iri_to_uri()`
 - Changed `algos.SignedDigestAlgorithmId` to use the preferred OIDs when
   mapping a unicode string name to an OID. Previously there were multiple OIDs
   for some algorithms, and different OIDs would sometimes be selected due to
   the fact that the `_map` `dict` is not ordered.

## 0.14.1

 - Fixed a bug generating `x509.Certificate.sha1_fingerprint` on Python 2

## 0.14.0

 - Added the `x509.Certificate.sha1_fingerprint` attribute

## 0.13.0

 - Backwards compatibility break: the native representation of some
   `algos.EncryptionAlgorithmId` values changed. `aes128` became `aes128_cbc`,
   `aes192` became `aes192_cbc` and `aes256` became `aes256_cbc`.
 - Added more OIDs to `algos.EncryptionAlgorithmId`
 - Added more OIDs to `cms.KeyEncryptionAlgorithmId`
 - `x509.Name.human_friendly` now properly supports multiple values per
   `x509.NameTypeAndValue` object
 - Added `ocsp.OCSPResponse.basic_ocsp_response` and
   `ocsp.OCSPResponse.response_data` properties
 - Added `algos.EncryptionAlgorithm.encryption_mode` property
 - Fixed a bug with parsing times containing timezone offsets in Python 3
 - The `attributes` field of `csr.CertificationRequestInfo` is now optional,
   for compatibility with other ASN.1 parsers

## 0.12.2

 - Correct `core.Sequence.__setitem__()` so set `core.VOID` to an optional
   field when `None` is set

## 0.12.1

 - Fixed a `unicode`/`bytes` bug with `x509.URI.dump()` on Python 2

## 0.12.0

 - Backwards Compatibility Break: `core.NoValue` was renamed to `core.Void` and
   a singleton was added as `core.VOID`
 - 20-30% improvement in parsing performance
 - `core.Void` now implements `__nonzero__`
 - `core.Asn1Value.copy()` now performs a deep copy
 - All `core` value classes are now compatible with the `copy` module
 - `core.SequenceOf` and `core.SetOf` now implement `__contains__`
 - Added `x509.Name.__len__()`
 - Fixed a bug where `core.Choice.validate()` would not properly account for
   explicit tagging
 - `core.Choice.load()` now properly passes itself as the spec when parsing
 - `x509.Certificate.crl_distribution_points` no longer throws an exception if
   the `DistributionPoint` does not have a value for the `distribution_point`
   field

## 0.11.1

 - Corrected `core.UTCTime` to interpret year <= 49 as 20xx and >= 50 as 19xx
 - `keys.PublicKeyInfo.hash_algo` can now handle DSA keys without parameters
 - Added `crl.CertificateList.sha256` and `crl.CertificateList.sha1`
 - Fixed `x509.Name.build()` to properly encode `country_name`, `serial_number`
   and `dn_qualifier` as `core.PrintableString` as specified in RFC 5280,
   instead of `core.UTF8String`

## 0.11.0

 - Added Python 2.6 support
 - Added ability to compare primitive type objects
 - Implemented proper support for internationalized domains, URLs and email
   addresses in `x509.Certificate`
 - Comparing `x509.Name` and `x509.GeneralName` objects adheres to RFC 5280
 - `x509.Certificate.self_signed` and `x509.Certificate.self_issued` no longer
   require that certificate is for a CA
 - Fixed `x509.Certificate.valid_domains` to adhere to RFC 6125
 - Added `x509.Certificate.is_valid_domain_ip()`
 - Added `x509.Certificate.sha1` and `x509.Certificate.sha256`
 - Exposed `util.inet_ntop()` and `util.inet_pton()` for IP address encoding
 - Improved exception messages for improper types to include type's module name

## 0.10.1

 - Fixed bug in `core.Sequence` affecting Python 2.7 and pypy

## 0.10.0

 - Added PEM encoding/decoding functionality
 - `core.BitString` now uses item access instead of attributes for named bit
   access
 - `core.BitString.native` now uses a `set` of unicode strings when `_map` is
   present
 - Removed `core.Asn1Value.pprint()` method
 - Added `core.ParsableOctetString` class
 - Added `core.ParsableOctetBitString` class
 - Added `core.Asn1Value.copy()` method
 - Added `core.Asn1Value.debug()` method
 - Added `core.SequenceOf.append()` method
 - Added `core.Sequence.spec()` and `core.SequenceOf.spec()` methods
 - Added correct IP address parsing to `x509.GeneralName`
 - `x509.Name` and `x509.GeneralName` are now compared according to rules in
   RFC 5280
 - Added convenience attributes to:
   - `algos.SignedDigestAlgorithm`
   - `crl.CertificateList`
   - `crl.RevokedCertificate`
   - `keys.PublicKeyInfo`
   - `ocsp.OCSPRequest`
   - `ocsp.Request`
   - `ocsp.OCSPResponse`
   - `ocsp.SingleResponse`
   - `x509.Certificate`
   - `x509.Name`
 - Added `asn1crypto.util` module with the following items:
   - `int_to_bytes()`
   - `int_from_bytes()`
   - `timezone.utc`
 - Added `setup.py clean` command

## 0.9.0

 - Initial release