Commit 074d7441 authored by SVN-Git Migration's avatar SVN-Git Migration

Imported Upstream version 1.0.1

parent e423fa65
Changelog
=========
1.0.1 - 2015-09-05
~~~~~~~~~~~~~~~~~~
* We now ship OS X wheels that statically link OpenSSL by default. When
installing a wheel on OS X 10.10+ (and using a Python compiled against the
10.10 SDK) users will no longer need to compile. See :doc:`/installation` for
alternate installation methods if required.
* Set the default string mask to UTF-8 in the OpenSSL backend to resolve
character encoding issues with older versions of OpenSSL.
* Several new OpenSSL bindings have been added to support a future pyOpenSSL
release.
* Raise an error during install on PyPy < 2.6. 1.0+ requires PyPy 2.6+.
1.0 - 2015-08-12
~~~~~~~~~~~~~~~~
......
Metadata-Version: 1.1
Name: cryptography
Version: 1.0
Version: 1.0.1
Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
Home-page: https://github.com/pyca/cryptography
Author: The cryptography developers
......
......@@ -118,38 +118,65 @@ build.
Building cryptography on OS X
-----------------------------
Building cryptography requires the presence of a C compiler and development
headers. On OS X this is typically provided by Apple's Xcode development tools.
To install the Xcode command line tools on open a terminal window and run:
The wheel package on OS X is a statically linked build (as of 1.0.1) so for
users on 10.10 (Yosemite) and above you need two steps:
.. code-block:: console
$ xcode-select --install
This will install a compiler (clang) along with the required development
headers. If you wish to compile against a more recent OpenSSL than the
version shipped with OS X see the next section.
followed by
Using your own OpenSSL on OS X
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. code-block:: console
$ pip install cryptography
If you want to build cryptography yourself or are on an older OS X version
cryptography requires the presence of a C compiler, development headers, and
the proper libraries. On OS X much of this is provided by Apple's Xcode
development tools. To install the Xcode command line tools open a terminal
window and run:
.. code-block:: console
$ xcode-select --install
This will install a compiler (clang) along with (most of) the required
development headers.
You'll also need OpenSSL, which you can obtain from `Homebrew`_ or `MacPorts`_.
To build cryptography and dynamically link it:
`Homebrew`_
.. code-block:: console
$ brew install openssl
$ env LDFLAGS="-L$(brew --prefix openssl)/lib" CFLAGS="-I$(brew --prefix openssl)/include" pip install cryptography
`MacPorts`_:
.. code-block:: console
$ sudo port install openssl
$ env LDFLAGS="-L/opt/local/lib" CFLAGS="-I/opt/local/include" pip install cryptography
To link cryptography against a custom version of OpenSSL you'll need to set
``ARCHFLAGS``, ``LDFLAGS``, and ``CFLAGS``. OpenSSL can be installed via
`Homebrew`_ or `MacPorts`_:
You can also build cryptography statically:
`Homebrew`_
.. code-block:: console
$ brew install openssl
$ env ARCHFLAGS="-arch x86_64" LDFLAGS="-L$(brew --prefix openssl)/lib" CFLAGS="-I$(brew --prefix openssl)/include" pip install cryptography
$ env CRYPTOGRAPHY_OSX_NO_LINK_FLAGS=1 LDFLAGS="$(brew --prefix openssl)/lib/libssl.a $(brew --prefix openssl)/lib/libcrypto.a" CFLAGS="-I$(brew --prefix openssl)/include" pip install cryptography
or `MacPorts`_:
`MacPorts`_:
.. code-block:: console
$ sudo port install openssl
$ env ARCHFLAGS="-arch x86_64" LDFLAGS="-L/opt/local/lib" CFLAGS="-I/opt/local/include" pip install cryptography
$ env CRYPTOGRAPHY_OSX_NO_LINK_FLAGS=1 LDFLAGS="/opt/local/lib/libssl.a /opt/local/lib/libcrypto.a" CFLAGS="-I/opt/local/include" pip install cryptography
Building cryptography with conda
--------------------------------
......
......@@ -45,7 +45,13 @@ if sys.version_info < (3, 4):
if sys.version_info < (3, 3):
requirements.append("ipaddress")
if platform.python_implementation() != "PyPy":
if platform.python_implementation() == "PyPy":
if sys.pypy_version_info < (2, 6):
raise RuntimeError(
"cryptography 1.0 is not compatible with PyPy < 2.6. Please "
"upgrade PyPy to use this library."
)
else:
requirements.append("cffi>=1.1.0")
setup_requirements.append("cffi>=1.1.0")
......
......@@ -4,6 +4,7 @@
from __future__ import absolute_import, division, print_function
import os
import sys
from _cffi_src.utils import build_ffi_for_binding, extra_link_args
......@@ -11,15 +12,27 @@ from _cffi_src.utils import build_ffi_for_binding, extra_link_args
def _get_openssl_libraries(platform):
# OpenSSL goes by a different library name on different operating systems.
if platform != "win32":
if platform == "darwin":
return _osx_libraries(
os.environ.get("CRYPTOGRAPHY_OSX_NO_LINK_FLAGS")
)
elif platform == "win32":
return ["libeay32", "ssleay32", "advapi32",
"crypt32", "gdi32", "user32", "ws2_32"]
else:
# In some circumstances, the order in which these libs are
# specified on the linker command-line is significant;
# libssl must come before libcrypto
# (http://marc.info/?l=openssl-users&m=135361825921871)
return ["ssl", "crypto"]
def _osx_libraries(build_static):
# For building statically we don't want to pass the -lssl or -lcrypto flags
if build_static == "1":
return []
else:
return ["libeay32", "ssleay32", "advapi32",
"crypt32", "gdi32", "user32", "ws2_32"]
return ["ssl", "crypto"]
_OSX_PRE_INCLUDE = """
......
......@@ -132,6 +132,10 @@ typedef ... SSL_CTX;
typedef struct {
int master_key_length;
unsigned char master_key[...];
unsigned int session_id_length;
unsigned char session_id[...];
unsigned int sid_ctx_length;
unsigned char sid_ctx[...];
...;
} SSL_SESSION;
......@@ -200,6 +204,8 @@ Cryptography_STACK_OF_X509_NAME *SSL_get_client_CA_list(const SSL *);
int SSL_get_error(const SSL *, int);
int SSL_do_handshake(SSL *);
int SSL_shutdown(SSL *);
int SSL_renegotiate(SSL *);
int SSL_renegotiate_pending(SSL *);
const char *SSL_get_cipher_list(const SSL *, int);
Cryptography_STACK_OF_SSL_CIPHER *SSL_get_ciphers(const SSL *);
......@@ -247,6 +253,10 @@ size_t SSL_get_peer_finished(const SSL *, void *, size_t);
"""
MACROS = """
/* not a macro, but older OpenSSLs don't pass the args as const */
char *SSL_CIPHER_description(const SSL_CIPHER *, char *, int);
int SSL_SESSION_print(BIO *, const SSL_SESSION *);
/* not macros, but will be conditionally bound so can't live in functions */
const COMP_METHOD *SSL_get_current_compression(SSL *);
const COMP_METHOD *SSL_get_current_expansion(SSL *);
......
Metadata-Version: 1.1
Name: cryptography
Version: 1.0
Version: 1.0.1
Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers.
Home-page: https://github.com/pyca/cryptography
Author: The cryptography developers
......
......@@ -14,7 +14,7 @@ __summary__ = ("cryptography is a package which provides cryptographic recipes"
" and primitives to Python developers.")
__uri__ = "https://github.com/pyca/cryptography"
__version__ = "1.0"
__version__ = "1.0.1"
__author__ = "The cryptography developers"
__email__ = "cryptography-dev@python.org"
......
......@@ -521,6 +521,12 @@ class Backend(object):
self._ffi = self._binding.ffi
self._lib = self._binding.lib
# Set the default string mask for encoding ASN1 strings to UTF8. This
# is the default for newer OpenSSLs for several years and is
# recommended in RFC 2459.
res = self._lib.ASN1_STRING_set_default_mask_asc(b"utf8only")
assert res == 1
self._binding.init_static_locks()
# adds all ciphers/digests for EVP
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment