Upgraded the included OpenSSL library from version 0.9.8l to version 1.0.0a. See http://www.openssl.org/news/news.html for a complete list of changes.
Upgraded the included pyOpenSSL library from version 0.9 to version 0.10. See the announcement for a summary of changes.
Added a new default certificate search path. The embedded OpenSSL libs will now look for certificates in /etc/ssl on Unix platforms and /System/Library/OpenSSL on Mac OS X
Note that it's still better to explicitly tell OpenSSL where to look for
trusted certificates via .load_verify_locations(None, certs_dir) than
to rely on the above defaults using context.set_default_verify_paths()
Added support for Win64 and precompiled Python 2.6 compatible
binaries for that platform (you can find the OpenSSL libs in
openssl-win64/vc9).
Added support for Mac OS X 10.6 on Intel x64.
Added .egg Distributions for Python 2.4 as well (in order to support Plone 3).
IMPORTANT: The
work-around chosen by the OpenSSL team is to disable SSL session
renegotiations altogether. This can cause applications relying on this
feature on the client or server side to fail. You can still download
the previous version of our pyOpenSSL distribution if you run into such problems.
Upgraded the included pyOpenSSL library to version 0.9, which includes a new fix for the threading problems of version 0.8 and several new features.
Upgraded the included OpenSSL libraries to version 0.9.8k, which includes a number of important bug fixes related to SSL.
Changes from 0.8.1_0.9.8j_1 to 0.8.1_0.9.8j_2:
Added support for Mac OS X and pre-built archives for this platform.
Changes from 0.8.0_0.9.8j_1 to 0.8.1_0.9.8j_1:
Fixed
a serious problem with pyOpenSSL 0.8.0 and multi-threaded applications:
the new threading fixes cause invalid thread states in the Python
interpreter which resulted in random core dumps and seg faults. The patch was provided by Maxim Sobolev on SourceForge. Note that this patch has not yet been integrated into upstream pyOpenSSL.
Added
pre-built archives for Windows upon request from the Plone people: this
makes it easier to integrate the archives into buildout scripts.
Changes from 0.8.0_0.9.8i_1 to 0.8.0_0.9.8j_1:
Upgraded the included OpenSSL libs to version 0.9.8j, which fixes a vulnerability found in earlier OpenSSL releases of the 0.9.8 branch: CVE-2008-5077.
Enabled zlib compression support
in OpenSSL for both the Linux and Windows builds, so OpenSSL
client/servers can now negotiate on-the-fly zlib compression for SSL
connections.