0.46.2 - 2025-10-02
-------------------

- fix[m2xmlrpclib]: make the module compatible with Python 3.6

0.46.1 - 2025-10-02
-------------------

- Correct license to BSD-2-Clause and update references
- Specify in setup.cfg that we require Python >= 3.6

0.46.0 - 2025-10-01
-------------------

(Tested on Pythons between 3.6 and 3.14.0~rc3)

- M2Crypto closes SSL connection on closing HTTPS Connection, and
  some other related issues (#203, #278)
- Modernize C API by eliminating use of deprecated
  PyBytes_AsStringAndSize and related functions with Python
  Buffer Protocol (#375)
- Whole project is completely covered with type hints and is
  checked by mypy (also while doing that, the whole project was
  blackened) (#344)
- Add logging support to C extension code sending messages to the
  Python logging
- Introducing first efforts to support Engine object (#229)
- Reworked and fixed M2Crypto.m2xmlrpclib module (#163)
- Reverted removal of demo/ subdirectory
- Improve SMIME documentation (#377)
- Some other minor bugs, improvements, and removal of dead code

0.45.1 - 2025-04-23
-------------------

- ci: switch from using sha1 to sha256.
- ci(keys): regenerate rsa*.pem keys as well
- fix: make the package compatible with OpenSSL >= 3.4 (don’t
  rely on LEGACY crypto-policies)
- chore: package also system_shadowing directory to make builds more reliable

0.45.0 - 2025-04-17
-------------------

- chore: preparing 0.45.0 release
- fix(lib,ssl): rewrite ssl_accept, ssl_{read,write}_nbio for better error handling
- fix: replace m2_PyBuffer_Release with native PyBuffer_Release
- chore: build Windows builds with Python 3.13 as well
- fix: remove support for Engine
- chore: mark actual license of the project BSD-2-Clause instead of wrong MIT
- ci(Debian): make M2Crypto buildable on Debian
- swig: Workaround for reading sys/select.h ending with wrong types.
- ci: bump required setuptools version because of change in naming strategy
- fix: add fix for build with older GCC
- fix: remove AnyStr and Any types
- chore: add .git-blame-ignore-revs
- chore: blacken everything

0.44.0 - 2025-02-17
-------------------

- fix(RSA): introduce internal cache for RSA.check_key()
- fix[AuthCookie]: modernize the module
- fix(_lib): add missing #include for Windows
- ci: the same relaxing of crypto policies for tests on GitLab.
- ci: relax Fedora crypto policy to LEGACY.
- Enhance setup.py for macOS compatibility
- Prefer packaging.version over distutils.version
- Fix segfault with OpenSSL 3.4.0
- fix[EC]: raise IOError instead when load_key_bio() cannot read the file.
- doc: update installation instructions for Windows.
- Fix setting X509.verify_* variables
- Fix building against OpenSSL in non-standard location
- test_x509: Use only X509_VERSION_1 (0) as version for CSR.
- fix: remove support for Engine

0.43.0 - 2024-10-30
-------------------

- feat[m2]: add m2.time_t_bits to checking for 32bitness.
- fix[tests]: Use only X509_VERSION_1 (0) as version for CSR.
- fix[EC]: raise ValueError when load_key_bio() cannot read the
  file.
- ci: use -mpip wheel instead of -mbuild
- fix: use PyMem_Malloc() instead of malloc()
- fix[hints]: more work on conversion of type hints to the py3k ones
- fix: make the package build even on Python 3.6
- ci[local]: skip freezing local tests
- fix[hints]: remove AnyStr type
- test: add suggested test for RSA.{get,set}_ex_data
- fix: implement interfaces for RSA_{get,set}_ex_new_{data,index}
- fix: generate src/SWIG/x509_v_flag.h to overcome weaknesses of
  swig
- fix: replace literal enumeration of all VERIFY_ constants by a
  cycle
- test: unify various test cases in test_ssl related to ftpslib
- fix: replace deprecated url keyword in setup.cfg with complete
  project_urls map

0.42.0 - 2024-08-10
-------------------

- allow ASN1_{Integer,String} be initialized directly
- minimal infrastructure for type hints for a C extension and
  some type hints for some basic modules
- time_t on 32bit Linux is 32bit (integer) not 64bit (long)
- EOS for CentOS 7
- correct checking for OpenSSL version number on Windows
- make compatible with Python 3.13 (replace PyEval_CallObject
  with PyObject_CallObject)
- fix typo in extern function signature (and proper type of
  engine_ctrl_cmd_string())
- move the package to Sorucehut
- setup CI to use Sourcehut CI
- setup CI on GitLab for Windows as well (remove Appveyor)
- initial draft of documentation for migration to pyca/cryptography
- fix Read the Docs configuration (contributed kindly by Facundo
  Tuesca)

0.41.0 - 2024-02-13
-------------------

- fix: test/smime: Rewind BIO before repeadetly invoking verify.
- feat: React to the possible error when calling BIO_set_cipher(3).
- Return M2Crypto.version_info
- Revert 957df43e (workaround for the problem in OpenSSL, which is not needed any more)
- Fix Windows builds (fix #319)
- feat: Remove py2k constructs in setup.py
- Fix mkpath call (compatibility with Python >= 3.2)
- Remove generated files from sources
- feat!: Remove six and make whole project Py3k only (see #328)
- Don't use setup.py commands anymore.
- 32bit Python actually has Y2K38 problem, because time_t is long int (see #341)
- From TAP back to the standard unittest (gh#python-tap/tappy#136)

0.40.1 - 2023-10-25
-------------------

- Whoops! The problem with ASN1_Time is not a problem of Windows,
  but of all 32bit architectures.

0.40.0 - 2023-10-24
-------------------

- OK, SO NOT THIS RELEASE, BUT IN THE NEXT RELEASE PYTHON2 WILL
  TRULY GO!
- BREAKING CHANGES:
  - There are no SWIG generated files (src/SWIG/_m2crytpo_wrap.c)
    included anymore, so swig must be installed, no
    exceptions! Also, for compatibility with Python 3.12+, swig
    4.0+ is required.
   - All support for asyncore has been removed, as it has been
     removed in Python 3.12 as well (which means also removal of
     contrib/dispatcher.py, M2Crypto/SSL/ssl_dispatcher.py,
     ZServerSSL).
   - All use of distutils (including the bundled ones in
     setuptools) has been removed, so `setup.py clean` is no
     more.
   - Excessively complicated and error-prone __init__py has been
     cleaned and `import M2Crypto` doesn’t include everything
     anymore. Imports should specified as for example with `from
     M2Crypto import foo`.
- ASN1_Time handling has been mostly rewritten and it almost
  works even on Windows.
- All tests in Gitlab CI (with exceptions of some skipped tests
  especially on Windows) are now green, tests of Python 2.7 on
  CentOS 7 have been included.
- Introduce m2.err_clear_error()
- Make X509_verify_cert() accessible as m2.x509_verify_cert

0.39.0 - 2023-07-04
-------------------

- SUPPORT FOR PYTHON 2 HAS BEEN DEPRECATED AND IT WILL BE
  COMPLETELY REMOVED IN THE NEXT RELEASE.
- Remove dependency on parameterized and use unittest.subTest
  instead.
- Upgrade embedded six.py module to 1.16.0 (really tiny
  inconsequential changes).
- Make tests working on MacOS again (test_bio_membuf: Use fork)
- Use OpenSSL_version_num() instead of unrealiable parsing of .h
  file.
- Mitigate the Bleichenbacher timing attacks in the RSA
  decryption API (CVE-2020-25657)
- Add functionality to extract EC key from public key + Update
  tests
- Worked around compatibility issues with OpenSSL 3.*
- Support for Twisted has been deprecated (they have their own
  SSL support anyway).
- Generate TAP while testing.
- Stop using GitHub for testing.
- Accept a small deviation from time in the testsuite (for
  systems with non-standard HZ kernel parameter).
- Use the default BIO.__del__ rather tha overriding in BIO.File
  (avoid a memleak).
- Resolve "X509_Name.as_der() method from X509.py -> class
  X509_Name caused segmentation fault"

0.38.0 - 2021-06-14
-------------------

- Remove the last use of setup.py test idiom.
- Use m2_PyObject_AsReadBuffer instead of PyObject_AsReadBuffer.
- Add support for arm64 big endian <Steev Klimaszewski>
- Make support of RSA_SSLV23_PADDING optional (it has been deprecated).
- Move project to src/ layout
- Allow verify_cb_* to be called with ok=True  <Casey Deccio>
- Be prepared if any of constants in x509_vfy.h is not available.
- But we do support 3.8
- We DO NOT support Python 2.6.

0.37.0 - 2020-12-08
-------------------

- Remove support for CentOS 6 and Python 2.6 (remove tests.vendor
  module).
- Remodel CI:
  - on GitHub switched from Travis-CI to GH Actions
  - on GitLab-CI: stop testing 2.7 on Fedora, add centos7
  - update appveyor.yml
- Stop playing with swig in setup.py, we don't support swig 1.* anymore.
- Fix dereferencing of pointers (gl#m2crypto/m2crypto#281)
- Replace deprecated PyObject_AsReadBuffer with our own shim.
- Use parameterized to create parameterized tests (new external
  dependency).
- Only use DigestSign() and DigestUpdate() with OpenSSL >= 1.1.1
- Expose all the X509_V_FLAG
- Add support for DigestSign* and DigestVerify*

0.36.0 - 2020-07-13
-------------------

- wrap SocketIO in io.Buffered* for makefile <lethliel>
- SSL.Connection.close accepts an argument to force the socket closing
  <Christophe Haen>
- SSL.Connection: make the clientPostConnectionCheck an instance
  attribute <Christophe Haen>
- Fixed bug with usage of unexisting method getreply at SSL_Transport
  <roman-nagaev>
- Add appveyor builds for python 3.7 and 3.8 <Daniel A. Wozniak>
- Fixed syntax warning on line 44. <randomfox>
- Update M2Crypto.six to 1.13.0 <Matěj Cepl>
- base64.decodestring() was finally removed in Python 3.8. <Matěj Cepl>
- wrap SocketIO in io.Buffered* for makefile <lethliel>
- NULL is legal argument for key and iv paramters of EVP_CipherInit(3)
  <Matěj Cepl>
- Expose X509_V_FLAG_ALLOW_PROXY_CERTS verification flag and
  X509_STORE_SET_FLAGS function <Christophe Haen>
- Stop testing for 2.6 and 3.4 on Travis. Start testing 3.8 <Matěj Cepl>
- Extend test cert validity to 2049 <Bernhard M. Wiedemann>
- Revert using typing module in 2.6. It is just not worthy. <Matěj Cepl>
- Update Debian/stable SSL as well <Matěj Cepl>
- Make tests pass again. <Matěj Cepl>
- Stop using string module, which has been deprecated. <Matěj Cepl>
- Tiny fixes to make pyls more happy <Matěj Cepl>
- CI: Rework Fedora CI configuration <Neal Gompa>

0.35.2 - 2019-06-10
-------------------

- tests.test_rsa: Fix typo to match for proper exception <Sebastian
  Andrzej Siewior>
- Expose CRLs verification flags <Christophe Haen>

0.35.1 - 2019-06-08
-------------------

- Actually, really fix compatibility with OpenSSL 1.1.1c. Thank you,
  Sebastian Andrzej Siewior from the Debian team for resolving it.

0.34.0 - 2019-05-30
-------------------

- Use more recent version of OpenSSL on Windows
- Be resilient against the situation when no erorr happened.
- Correct URL of https://www.schneier.com/academic/smime/
- Use shlex.split() for CPP

0.33.0 - 2019-04-26
-------------------

- eb4525c - Stop pretending to support Python 3.4. <Matěj Cepl>
- 6a89548 - Fix use of urlunsplit (25 hours ago) <Andreas Schwab>
- 0a5a356 - tests/test_ssl: use -ciphercuites for TLS1.3 cipher in
      openssl1.1 <Sebastian Andrzej Siewior>
- 8a0a3e3 - There are apparently multiword CPP variables. Taking that
      into account. <Matěj Cepl>

0.32.0 - 2019-03-04
-------------------

- 471582f - setup.py: use ${CPP} as path to cpp <Duncan Macleod>
- efb1580 - Bump pipeline OpenSSL from 1.1.0i to 1.1.0j
- 35bb71b - Stub wchar_t helpers and ignore unused WCHAR defs <makepost>
- effc7be - Add type comment to setup.py <Matěj Cepl>

0.31.0 - 2018-11-08
-------------------

- Compatibility with OpenSSL 1.1.1 (partly workaround, maybe requires
  further investigation)
- Fixes for Windows builds
- Fixes of installs on AWS Lambda
- Fixes of Mac OS X related failures
- Fix Python 2.6 compatibility issues

0.30.1 - 2018-04-29
-------------------
- Fix packaging (missed packaging testing file)

0.30.0 - 2018-04-25
-------------------
- Various small typos (Windows builds, Fix SSL.Connection.__del__)
- The project is now Linux-distribution agnostic
- Replace all old-style classes with the new ones (it shouldn't cause
  any problems, but feel free to file an issue, if it does)
- Do not by-pass a potential transfer decoding in m2urllib2
- Update M2Crypto.six with 1.11.0 and replace our local workarounds with
  new functions.
- SSLv3 just removed.
- Don't support Python 2.6 on Windows anymore. Windows users don't have
  python as a system package, so they are usually more likely to upgrade
  anyway.

0.29.0 - 2018-02-23
-------------------
- Fix building on Windows (all tests fix on Win32 and Win64 on all
  supported combinations of versions of OpenSSL and Python)
- Fixes of some small bugs

0.28.0 - 2018-02-08
-------------------
- Mainly port to Python 3 (supporting 2.6, 2.7, 3.3, 3.4, 3.5, 3.6)
- Some lame efforts to make setup.py build --openssl work better (needs
  more real testing on Mac OS X)
- Fix licence: it is MIT, not BSD
- Fix and add tests for SWIG/_aes.i module
- Improve somehow situation on Mac OS X (some testing, improve setup.py,
  testsuite should fully pass)
- Bundle-in unittest2 for Python 2.6 (dealing with the need for
  specific version of unittest2 package was too complicated)
- Remove all PGP modules

0.27.0 - 2017-10-05
-------------------
- Fix licence: it is MIT, not BSD
- At least minimal support of SNI in httpslib.
- Small bugfixes and cleanups.
- More effort to make build system more robust (now should work even on
  Debian LTS).
- Restore m2.rsa_set_e() and m2.rsa_set_n().
- Make sure that every exceptional return throws and exception and vice
  versa.

0.26.4 - 2017-09-26
-------------------
- Proper fix of deprecation warning for OpenSSL 1.1.0
- Small mostly stylistic bugfixes
- Emergency release to fix FTBFS.

0.26.3 - 2017-09-22
-------------------
- Fix a syntax typo.

0.26.2 - 2017-09-20
-------------------
- port to support OpenSSL 1.1.0 API
- add generated Sphinx documentation
- another set of cleanups

0.26.0 - 2017-03-21
-------------------
- Fix packaging on RHEL-6
- Replace ASN1_UTCTIME with ASN1_TIME which supports both UTCTime and
  GeneralizedTime
- Add possibility to sign PKCS7 with a non-default digest.
- Add possibility to set custom callback for X509 verification.
- Clean up imports and PEP8ization
- A lot of cleanups on the way towards Python 3
- Other small bugfixes

0.25.1 - 2016-07-25
-------------------
- Actually do check, whether we have SSLv2 compiled in, and don't run
  test for it.

0.25.0 - 2016-03-21
-------------------
- More cleanups, removal of obsolete stuff, and moves towards py3k
  compatibility.
- Add support for EC.get_builtin_curves() and use it for testing.
- Enable AES CTR mode
- Bundle-in six module v. 1.10.0
- add rand_file_name and rand_status
- remove all LHASH fiddling
- Extend Travis and GitLab CI configuration to test also py3k (with
  allowed_failures) and CentOS6 (on GitLab CI).
- Add CONTRIBUTORS.rst. Thank you!
- Add PEP-484 type hints in comments to all Python files (except for
  tests)
- Use context managers for file handling wherever possible instead of
  leaking open file descriptors.
- Improve defaults handling for SSL_CTX_new().
- Fix PGP tests to actually run

0.24.0 - 2016-03-21
-------------------
- More cleanups, removal of obsolete stuff, and moves towards py3k
  compatibility.
- Add DSA.pub_key_from_params() factory function (and m2.dsa_set_pub()).
- Allow import/export of EC public key with binary values
- Add EVP.load_key_string_pubkey() function, as well as helper functions
- Add EVP.get_digestbyname() functionality.
- Convert documentation to rST (and add instructions for building on Mac
  OS X)
- Another round of fixing multiarch building.
- Disable tests with weak ciphers on some platforms (Debain)

0.23.0 - 2016-01-29
-------------------
- Add Travis and GitLab CI configurations
- Allow building without SSLv2
- More cleanups and removing obsolete code
- Fix README
- Fix buffer overflow in pkcs5_pbkdf2_hmac_sha1
- First moves towards Python 3 compatibility
- Removed rather large and completely unmaintained demo/ subdirectory
  (now in a separate repo https://gitlab.com/m2crypto/m2crypto_demo)
- Automatically generated test data files
- Finally fix building on multiarch systems
- All objects derived from BIO.BIO now could work as context managers
- Switch setup.py to setuptools

0.22.5 - 2015-10-13
-------------------
- Add forgoteen SWIG/*.h among distributed files.

0.22.4 - 2015-10-13
-------------------
- Matěj Cepl takes over leadership of the upstream maintenance
- Fedora/RHEL distribution patches merged to the main development
  (mainly, but not only, upgrading to the more recent versions of
  OpenSSL, swig which is now at 3.0.5, but anything above 2.0.4 is
  supported as well, and python which now has to be at least 2.6).
- Tons of cleaning up the code for obsolete constructs, PEP8ization,
  etc.

0.22.3 - 2014-01-22
-------------------
(released by Martin Paljak, later development started on top of 0.21.1
with his improvements cherry picked to the new development branch)

0.21.1 - 2011-01-15
-------------------
- Distribution fix

0.21 - 2011-01-12
-----------------
- Support OpenSSL 1.0. Thanks to Miloslav Trmac for figuring out how to fix
  test_smime.py
- Rename m2.engine_init to engine_init_error so that
  ENGINE_init and ENGINE_finish can be exposed, thanks to Erlo
- 0.20 started releasing Python locks even around some operations that
  interacted with the Python runtime, potentially causing crashes and other
  weirdness, fix by Miloslav Trmac
- Make httpslib.ProxyHTTPSConnection work with Python 2.3

0.20.2 - 2009-10-06
-------------------
- (Re)Enable configuration and use with OpenSSL 0.9.7g and older by disabling
  RSA PSS methods when using such old OpenSSL, thanks to Stef Walter

0.20.1 - 2009-08-27
-------------------
- Fix regression in httpslib.ProxyHTTPSConnection, by Miloslav Trmac

0.20 - 2009-08-10
-----------------
- Deprecated M2Crypto.PGP subpackage since nobody seems to be using it nor
  is it being maintained (if you do use it, please let me know)
- Added fedora_setup.sh to help work around differences on Fedora Core -based
  distributions (RedHat, CentOS, ...); thanks to Miloslav Trmac
- Added X509.load_request_bio and load_request_string, by Hartmut Goebel and
  Pavel Shramov
- Added alias X509.Request.set_subject for set_subject_name to match X509.X509,
  by Pavel Shramov
- OBJ_* wrappers did not work properly with OpenSSL 0.9.8a and earlier, fix by
  Pavel Shramov
- Added ASN1_UTCTIME.get_datetime and set_datetime, by Pavel Shramov
- Fixed obj_obj2txt, which returned nonsense, fix by Barney Stratford
- m2urllib did not close sockets properly, fix by Miloslav Trmac
- Allow SSL peer certificate to have subjectAltName without dNSName and use
  commonName for hostname check, fix by Miloslav Trmac
- threading_locking_callback did not block on a lock when the lock
  was held by another thread, by Miloslav Trmac
- Allow more blocking OpenSSL functions to run without GIL, by Miloslav Trmac
- Fixed httpslib to send only the path+query+fragment part of the URL when
  using CONNECT proxy, by James Bowes
- SSLServer.__init__ now takes optional bind_and_activate parameter and
  initializes by calling SocketServer.BaseServer.__init__, which
  are Python 2.6 compatibility fixes, by Christian
- ftpslib now works with Python 2.6, by Theodore A. Roth
- httpslib.ProxyHTTPSConnection needs to cast port into integer,
  by John M. Schanck
- Added support for RSASSA-PSS signing and verifying, by Chris Collis
- Added support for disabling padding when using RSA encryption,
  by Chris Collis
- ASN1_INTEGERs can now be larger than fits in an int, for example to support
  X509 certificates with large serial numbers,
  patch by Mikhail Vorozhtsov and testcase by Barry G.
- Reverted a change done in 0.17 to m2urllib2 which changed urls to include
  host when it should stay as it was
- httpslib no longer uses urllib; instead it uses urlparse for url parsing
- SMIME.text_crlf and text_crlf_bio were always raising TypeError; fixed
- EVP.load_key and load_key_bio fixed to raise EVP.EVPError and BIO.BIOError
  instead of str (str exceptions not allowed in Python 2.6 and later)
- SSL.Session.load_session fixed to raise SSL.SSLError instead of str
- SMIME.load_pkcs7, load_pkcs7_bio, smime_load_pkcs7, smime_load_pkcs7_bio,
  text_crlf, text_crlf_bio fixed to raise BIO.BIOError, SMIME.PKCS7_Error and
  SMIME.SMIME_Error as appropriate instead of str
- Added FIPS mode to unit tests, and used FIPS-compliant key sizes in other
  tests, by Miloslav Trmac. Note that tests run much slower because of this!
- Unit tests cover 80% of the code

0.19.1 - 2008-10-12
-------------------
- Re-enable building when OpenSSL built without EC support, by Miloslav Trmac
- Remove shebang from Engine.py since it is not executable, by Miloslav Trmac

0.19 - 2008-10-05
-----------------
- OpenSSL OBJ_* functions wrapped by Pavel Shramov
- OpenSSL ENGINE interface wrapped, providing support for smart cards, by
  Martin Paljak and Pavel Shramov
- EVP.PKey.get_rsa() now returns RSA_pub, which fixes segmentation fault
  when trying to encrypt using public key from X509 certificate, by Ben Timby
- httpslib.ProxyHTTPSConnection now sends the required Host header,
  by Karl Grindley
- Use the proxied User-Agent value in CONNECT requests, by James Antill and
  Miloslav Trmac
- Fixed m2urllib.build_opener when optional handlers were in use,
  affected Python 2.5 and later, by Miloslav Trmac
- Reverted the incorrect GIL change done in 0.18 to m2.passphrase_callback,
  which caused a deadlock when called from mod_python for example. Thanks to
  Michal Kochel and Keith Jackson.
- SSL.Connection.accept() passed wrong certificate to postConnectionCheck
  callback
- httpslib.HTTPSConnection now raises ValueError for illegal keyword argument
- m2.pkey_write_pem[_no_cipher] changed to use the recommended (more secure)
  PEM_write_bio_PKCS8PrivateKey (used by PEM_write_bio_PrivateKey).
- X509.load_cert, load_cert_bio, load_cert_der_string, new_stack_from_der,
  load_request and load_crl now raise X509Error for invalid data. Previously
  some of these raised a string as an error, some did not raise but caused
  strange errors later, for example x509.verify() would return -1.
- Fixed SSL.Connection.get_socket_read_timeout and set_socket_read_timeout on
  64bit platforms by adding SSL.timeout.struct_size() and using it instead of
  hardcoded size for socket.getsockopt
- X509_Store.load_info now returns the value from the underlying
  m2.x509_store_load_locations call, and in case of error raises X509Error
- Fixed SMIME.verify to raise the correct PKCS7_Error (used to raise
  SMIME_Error) when verification fails with Python 2.6

0.18.2 - 2007-10-12
-------------------
- typedef Py_ssize_t was insufficiently guarded, now follows PEP 353. This
  prevented building on at least Red Hat Linux and Debian Linux (unstable).

0.18.1 - 2007-10-08
-------------------
- Redo build fix when OpenSSL configured without Elliptic Curves (EC), see
  also INSTALL file

0.18 - 2007-07-26
-----------------
- Added EVP.pbkdf2 to derive key from password
- X509_Store_Context.get1_chain added
- Added X509_Name.__iter__, __getitem__, get_entries_by_nid which allow
  iterating over all X509_Name_Entries or getting just all commonName entries,
  for example
- Added X509_Name_Entry.get_object, get_data, set_data
- Added back PKCS7.get0_signers (was removed in 0.16)
- X509_Extension.get_value accepts flag and indent parameters.
- support multiple dNSName fields in subjectAltName
- support multiple commonName fields for SSL peer hostname checking
- Checking for erroneous returns from more OpenSSL EVP_* functions, which
  means that certain things that used to fail silently will now raise an
  EVP.EVPError; affected m2 functions are: digest_final, cipher_init,
  cipher_update, cipher_final and sign_update. sign_final will now raise
  EVP.EVPError instead of SystemError as well.
- Fixed Pkey.verify_final to take a sign parameter
- If a subjectAltName extension of type dNSName is present in peer certificate,
  use only the dNSNames when checking peer certificate hostname, as specified
  by RFC 2818. If no dNSNames are present, use subject commonName.
- Fixed memory leaks in m2 functions ec_key_new_by_curve_name,
  pkey_get_modulus, ecdsa_verify, threading_init and
  X509.X509.verify, X509.X509_Stack (which manifested for example when
  calling X509.new_stack_from_der), SSL.Connection (which manifested with some
  connection errors or when connect was never called), twisted wrapper,
  SSL.Connection.makefile (in BIO.IOBuffer really)
- Fixed threading regressions introduced in 0.16,
  by Aaron Reizes and Keith Jackson
- Added SSL session caching support to HTTPSConnection, by Keith Jackson
- Added the ability to save and load DER formatted X509 certificates and
  certificate requests, by Keith Jackson
- m2xmlrpclib.py fixed to work with Python 2.5, by Miloslav Trmac
- 64-bit correctness fixes, by Miloslav Trmac
- Added X509_Name.as_hash, by Thomas Uram
- Moved --openssl option from general setup.py option to build_ext option,
  meaning you need to do: python setup.py build build_ext --openssl=/path,
  by Philip Kershaw
- Fixed build problem affecting certain systems where OpenSSL was built without
  EC support
- M2CRYPTO_TEST_SSL_SLEEP environment variable controls how long to sleep
  after starting the test SSL server. Default is 0.5, but 0.1 or even 0.05
  might work with modern computers. Makes tests finish significantly faster.

0.17 - 2006-12-20
-----------------
- setup.py has new test command to run unit tests (requires setuptools)
- Added m2urllib2, by James Bowes (python 2.4 and later, at least for now)
- Added CONNECT proxy for httpslib and m2urllib2, by James Bowes
- Added PKey.get_modulus, X509.get_fingerprint, X509_Name.as_der and
  m2.bn_to_hex, by Thomas Uram
- Prevent Connection.makefile from freeing bio redundantly, by Thomas Uram
- Added Err.peek_error_code, by Thomas Uram
- Fixed m2urllib.open_https to return the response headers, otherwise code
  that relied on that would break (for example msnlib-3.5), by Arno bakker
- Fixed twisted wrapper to work with >16kb BIO buffers, by Martin Paljak
- Added support for remaining ECs, by Larry Bugbee
- Fixed DSA.save_key and DSA_.save_pub_key, by Larry Bugbee
- SSL.Context.load_verify_locations raises ValueError if cafile and capath
  are both None
- Fixed X509.check_purpose() (was always raising exceptions)
- smime_read_pkcs7 was changed to automatically call BIO_set_mem_eof_return
  on memory BIOs because otherwise the read would fail with
  "SMIME_Error: not enough data"
- X509.new_extension('subjectKeyIdentifier', 'hash') raises ValueError instead
  of crashing Python

0.16 - 2006-07-05
-----------------
- Minimum requirements updated: Python 2.3+, OpenSSL 0.9.7+, SWIG 1.3.24+
- Optional features from OpenSSL 0.9.8 and newer
- Enhancements to EVP and X509 to allow proxy certificate handling,
  by Matt Rodriguez
- SSLBio and related additions to help do SSL with BIOs directly,
  by Matt Rodriguez
- Added --openssl option to build command which can be used to specify
  where OpenSSL is installed, by Matt Rodriguez
- Added sign and verify to RSA class, and get_rsa to PKey class,
  by Matt Rodriguez
- ECDSA signatures and ECDH key agreement, requires OpenSSL 0.9.8+,
  by Arno Bakker
- Fix non-hashable type problems in SSL._ctxmap and users,
  by Michael Weiser
- Fixed SSLServer.handle_error to take the correct number of
  arguments, by Dan Williams
- Various DSA enhancements by Larry Bugbee
- Added sha224, sha256, sha384 and sha512, by Larry Bugbee
- Added serialNumber, SN, surname, GN and givenName fields to X509_Name,
  by Martin Paljak
- m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT is the fourth certificate
  verification error that will be allowed when unknown CAs are allowed
- post connection checks in Connection.accept() and connect() fixed (these
  were broken in 0.15)
- Fixed EVP.Cipher to work with aes_* ciphers (used to crash Python).
  The actual problem was in m2.bytes_to_key.
- SMIME methods and functions raise correct exceptions
- Raise ValueError instead of AttributeError when a non-existing hash
  algorithm or SSL version is asked for
- ssl_ctx_set_tmp_(dh|rsa) now return value, and the rsa version calls
  the rsa function instead of the dh function
- digest_update and verify_update return type changed to int, which allows
  better error reporting; EVP.MessageDigest.update and
  EVP.PKey.verify_update likewise changed
- X509_Name and ASN1_String as_text (new for ASN1_String) take optional
  parameters to control formatting.
- Cipher_Stack, X509_Stack and X509_Extension_Stack are iterable
- EVP.MessageDigest now properly cleans up the underlying data when the object
  gets deleted
- It is now possible to set and get non-nid values to X509_Name (previously
  only set worked)
- SSL.Connection.set_client_CA_list_from_file now uses the actual implementd
  function instead of raising exception
- Multithreaded SSL no longer uses the SSL_set/get_app_data to set and
  restore thread state, but uses the standard PyGILState_STATE instead.
- m2urllib no longer outputs the HTTP headers (there was an erronous call
  to set_debuglevel(1))
- Removed RCS_id, RCS_ID and _RCS_id from Python files
- All known memory leaks fixed
- SWIG and compiler warning fixes
- More and better Epydoc formatted docstrings
- More than doubled the number of unit tests, also made many demos into tests

0.15 - 2005-08-17
-----------------
- Support OpenSSL 0.9.8, Python 2.4.1, SWIG 1.3.24
- Fixed multiple memory leaks
- Twisted integration
- Safer defaults for SSL context and post connection check for clients
- Eliminated C pointers from interfaces (some may still remain in callbacks)
- Many cases where Python interpreter crashed have been fixed
- Improved thread safety of many callbacks
- And of course more of the OpenSSL API is covered, new docstrings and
  tests have been written

 Changes since 0.13
--------------------
- Fixed memory leak due to circular reference in SSL.Connection.
  Thanks to Michael Dunstan. Oops, patch is ZServerSSL-specific.
  Andre Reitz provided a generalised fix. Thanks Andre.
- Fixed __getattr__ error in DSA. Thanks to Igor Belyi.
- Added rand_poll, rand_screen and rand_win32_event functions to
  M2Crypto.Rand.
- Updated ZServerSSL files to match Zope 2.7.0 versions.
- Integrated (overlapping) patches by Peter Teniz and Heikki Toivonen
  covering operations on X.509-related structures that gives M2Crypto
  PKI functionality. Thanks Peter and Heikki.
- Peter Teniz contributed demo2004/pki/x509auth.py.
- Created demo2004/ directory that will contain new or updated demos.
- Added verify_[init|update|final] in _evp.i. Patch by Zachery Corbiere.
  Thanks Zac.


 Changes since 0.12/0.11
-------------------------
- Patches from Artur Frysiak <wiget@pld-linux.org>. Thanks Artur.
  = Allow using a passphrase callback in class SMIME.
  = Added method get0_signers to class PKCS7, which retrieves signers'
    certificates from a PKCS7 blob.
  = Added methods as_pem and save_pem to class X509.
  = Added file version.py.
  = Allow SSL.Context.load_verify_locations to accept both 'cafile' and
    'capath'.
- Fixed BIO.read() not reading until EOF. Thanks to Egil Muller
  <redhog@redhog.org> for suggestion.
- Honour 'mode' parameter in SSL.Connection.makefile. Thanks again to Egil
  Muller.
- Roger Binns contributed epydoc-generated docs for M2Crypto. Thanks Roger.
- Peter Teniz contributed patches to create X.509 requests and certificates.
  Thanks Peter.
- Updated Medusa to 0.54.
- Make various OpenSSL bignum functions (written long ago) available to Python.


 Changes since 0.11
--------------------
- ZServerSSL with client certificate-based authentication rides again.
- Created Makefile for Python 2.3.
- Modified LICENCE: changed my name to the generic "the author" in the
  all-caps disclaimer paragraph.
- Allow to save RSA key pair in the clear.
- ZServerSSL for Zope 2.7.
- Excluded RC5. IDEA was taken out several releases ago. This should
  allow M2Crypto to build with stock OpenSSL on various Linuxen.
- Added ssl_set_tmp_dh_callback.
- Added ssl_set_tmp_rsa and ssl_set_tmp_rsa_callback to support weak-cipher
  browsers.
- ZServerSSL exports SSL_CIPHER request header (a la mod_ssl) to Zope
  applications.
- Perform distutils's SWIG .i search path tweaking within setup.py. setup.py
  should now work "out of the box".
- Added contrib/smimeplus.py, a high-level S/MIME interface, contributed by
  Bernard Yue <bernie@3captus.com>. Thanks Bernard.
- Added in long forms of nid's in X509_Name. Thanks to William K Volkman
  <development@netshark.com> for patch.
- Updated Mac OS X build instructions. Thanks to Larry Bugbee


 Changes since 0.10
--------------------
- Dave Berkeley <dave@rotwang.freeserve.co.uk> contributed fixes to
  SSL.Context-related memory leaks and code to set the size of the SSL
  session cache.
- Brent Chun <bnc@intel-research.net> contributed the following:
  + Fixes to memory leaks.
  + Code to expose X.509 certificate chain operations.
  + Code to expose set/get operations on the SSL session cache.
- Changed swig/ to SWIG/, for the convenience of people who don't read
  INSTALL. Some Makefiles may break because of this. setup.py continues
  to work, of course.
- ZServerSSL tested with Zope 2.6.1. There is now a HOWTO.
- Updated README and INSTALL.
- Filled doc/ with stuff that went missing in several past releases.


 Changes since 0.09
--------------------
- Updated to OpenSSL 0.9.7. Thanks to Toby Allsopp <toby@MI6.GEN.NZ> for
  patches.
- Added functionality to create a basic certificate request. Also
  contributed by Toby Allsopp.
- Finally, AES!


 Changes since 0.08
--------------------
- Replaced demo/Zope/ZServer/__init__.py with the correct version
  for Zope 2.6.0.
- Added a sample starts.bat for ZServerSSL.
- Incoporated a patch by prashanth@jibe.biz that handled the
  new-in-Python-2.2.2 "strict" parameter for the various HTTP[S] connection
  classes in httplib.py. Thanks prashanth. This fixes M2Crypto's XMLRPC
  support for Python 2.2.2. (Apparently it was working for Python 2.2.1.)
- Incorporated some cosmetic patches from Adam Karpierz <karpierz@zope.pl>.
  Thanks Adam.


 Changes since 0.07 snapshot #3
--------------------------------
- Updated to SWIG 1.3.17.
- Excluded IDEA.
- Tested with OpenSSL 0.9.6h.
- ZServerSSL rides again for Zope 2.6.0.
- setup.py does!
- Removed Makefiles for Windows and Unix. (Makefile.osx remains.)
- Included in contrib/ Isaac Salzberg's application of Mihai Ibanescu's
  patch that allows IIS interoperability thru an authenticating proxy.
  Thanks Isaac.
- Included in contrib/ patch by Dave Brueck <dave@pythonaprocrypha.com>
  that has smarter non-blocking behaviour. Thanks Dave.


 Changes since 0.06
-----------------------
- test_ssl_win.py. (Requires Mark Hammond's Win32 extensions.)
- Renamed demo/https to demo/medusa; updated Medusa to 2001 Jun release.
- Improved _ssl.i's and M2Crypto.SSL.Connection's accept/connect methods.
- M2Crypto.ftpslib for client-side FTP/TLS.
- demo/medusa/ftps_server.py for server-side FTP/TLS.
- Improved thread-safety.
- Cleaned up echo client and servers.
- Fixed missing import in m2urllib.
- Fixed m2urllib to handle HTTP redirects.
- Python 2.2 compatibility.
- AuthCookie - secure authenticator cookies.


 Changes since 0.05
-----------------------
- Handled the cases where Python callbacks raised exceptions.
- Fixed a NULL-deref bug in _ssl.i which crashes Medusa https when IE
  or Opera comes a-calling.
- ZServerSSL rides again - a more robust ZServerSSL for Zope 2.3.0.
- Added the MIME type 'application/x-x509-ca-cert' to
  demo/ssl/https_srv.py. This facilitates installing self-generated
  certificates into your browser.
- ZSmime and GuardedFile bundled.
- Documentation! A HOWTO on operating your own CA.
- Documentation! A HOWTO on S/MIME. Examples are in demo/smime.howto.
- Python 2.1 compatibility.
- Fixed demo/https/https_server.py's CPU-spinning. (As per ZServerSSL.)
- Fixed m2urllib's unexpected eof - demo/ssl/urllib_cli.py now works.
- Renamed xmlrpclib2.py to m2xmlrpclib.py.
- Kludged SSL.ssl_dispatcher to do blocking connect()'s: see
  demo/ssl/https_cli_async.py.
- SWIG 1.3.6 does! Thanks to Keith Jackson <krjackson@lbl.gov>.


 Changes since 0.04
-----------------------
- Fixed a silly reversed-logic bug in M2Crypto.SSL.Connection.setblocking().
- Fixed yet more memory leaks. Thanks to Ray Suorsa <res@loudcloud.com>.
- Build instructions for Borland BC++ 5.5 free compiler suite.
- Bundles the June 2000 unencumbered release of Medusa.
- SSL callback thread-safety. Thanks again to Ray Suorsa for insights and
  patches.
- Renamed M2Crypto.M2Crypto to M2Crypto.m2 to prevent package/module loading
  confusion.
- SSL.Session and a demo in demo/ssl/sess.py.
- https_srv.py, an enhanced, https version of SimpleHTTPServer.py.
- Interface change: SMIME.load_pkcs7_bio() is renamed
  SMIME.smime_load_pkcs7_bio(), similarly SMIME.load_pkcs7() to
  SMIME.smime_load_pkcs7(); these load PKCS7 objects generated by S/MIME.
- Interface change: SMIME.load_pkcs7_bio() now loads a PKCS7 PEM file, i.e., a
  file of the format "-----BEGIN PKCS7-----".
- Works with both Python 2.0 and Python 1.5.2.
- OpenSSL 0.9.6. (Possibly incompatible with earlier OpenSSL releases.)
- Unit tests with PyUnit.
- Improved C code:
    =   Custom Python exceptions.
    =   Diligent error checking.
    =   Fixed memory leaks.
- Renamed M2Crypto.urllib2 to M2Crypto.m2urllib.
- HTTPS clients of Python 1.5.2's and Python 2.0's httplib and urllib.


 Changes since 0.03
-----------------------
- SSL certificate-based authentication with Python callback.
- More robust SSL.Connection - raises exceptions, not dumps core.
- Fixed (some) memory leaks and multiple-free()s.
- Cleaned up EVP.HMAC and EVP.PKey.
- More X.509 certificate manipulation.
- An interface to create SSL sessions.
- Unified SSL read() and write() for synchronous and asynchronous operation.
- S/MIME and PKCS #7.
- Integrated with OpenSSL 0.9.5.
- Enhanced the PRNG interface.


 Changes since 0.02
-----------------------
1. Ephemeral DH for SSL.
2. ThreadingSSLServer now does.
3. XMLrpc over https.
4. ZServerSSL for Zope 2.1.3.
5. Encrypting monitor for Zope 2.1.3.
6. Beginnings of PGP2 support.
7. Replaced eval() calls with other (hopefully) safe ones.
8. Miscellaneous enhancements and bug fixes.


 Changes since 0.01
-----------------------
1. Beginnings of SSL support.

	For building servers, blocking i/o:
		- An SSLServer modeled after SocketServer.
		- A ForkingSSLServer that seems to work well.
		- A ThreadingSSLServer that runs one thread at a time. (!) ;-)

	For building servers, nonblocking i/o:
		- An ssl_dispatcher modeled after asyncore.dispatcher.

	A HTTPS server based on Medusa.

	For client-side web programming:
		- httpslib
		- urllib2


2. Support for some BIO objects.
3. Reduced per-module name space pollution.
4. Have Swig check for NULL pointers: reduced .i cut-&-paste.
5. Standardise on MPINT for passing big integers between Python and OpenSSL.
6. Removed MD5, SHA1, RIPEMD160. Just use EVP.MessageDigest.
7. Removed HMAC. Just use EVP.HMAC.