ANN: eGenix pyOpenSSL Distribution 0.13.8

eGenix Team: M.-A. Lemburg info at
Tue Mar 24 09:36:16 CET 2015


          pyOpenSSL Distribution

                            Version 0.13.8

            An easy-to-install and easy-to-use distribution
            of the pyOpenSSL Python interface for OpenSSL -
           available for Windows, Mac OS X and Unix platforms

This announcement is also available on our web-site for online reading:


The pyOpenSSL Distribution includes everything you need to
get started with SSL in Python.

It comes with an easy-to-use installer that includes the most recent
OpenSSL library versions in pre-compiled form, making your application
independent of OS provided OpenSSL libraries:

pyOpenSSL is an open-source Python add-on that allows writing SSL/TLS-
aware network applications as well as certificate management tools:

OpenSSL is an open-source implementation of the SSL/TLS protocol:


This new release of the pyOpenSSL Distribution includes the
following updates:

New in eGenix pyOpenSSL

 * Added FreeBSD as supported platform.

 * Updated the Mozilla CA root bundle to version 2015-02-19.

New in OpenSSL

 * Updated included OpenSSL libraries from OpenSSL 1.0.1k to

   We had skipped OpenSSL 1.0.1l, since the 1.0.1l release
   only included a patch for Windows we had already included in our
   0.13.7 release. See
   for a complete list of changes. The following fixes are relevant for
   pyOpenSSL applications:

   - CVE-2015-0286: Segmentation fault in ASN1_TYPE_cmp.

   - CVE-2015-0287: ASN.1 structure reuse memory corruption.

   - CVE-2015-0289: PKCS#7 NULL pointer dereference.

   - CVE-2015-0292: A vulnerability existed in previous versions of
     OpenSSL related to the processing of base64 encoded data. Any
     code path that reads base64 data from an untrusted source could
     be affected (such as the PEM processing routines). Already fixed
     in OpenSSL 1.0.1h, but wasn't listed, so repeated here for

   - CVE-2015-0293: Denial-of-Service (DoS) via reachable assert in
     SSLv2 servers.

   - CVE-2015-0209: Use After Free following d2i_ECPrivatekey error. A
     malformed EC private key file consumed via the d2i_ECPrivateKey
     function could cause a use after free condition.

 * The FREAK Attack (CVE-2015-0204) patch was already available in our
   last release with OpenSSL 1.0.1k.

Please see the product changelog for the full set of changes:

pyOpenSSL / OpenSSL Binaries Included

In addition to providing sources, we make binaries available that
include both pyOpenSSL and the necessary OpenSSL libraries for all
supported platforms: Windows, Linux, Mac OS X and now FreeBSD, for x86
and x64.

To simplify installation, we have uploaded a web installer to PyPI
which will automatically choose the right binary for your platform, so
a simple

    pip install egenix-pyopenssl

will get you the package with OpenSSL libraries installed. Please see
our installation instructions for details:

We have also added .egg-file distribution versions of our
pyOpenSSL Distribution for Windows, Linux and Mac OS X to the
available download options. These make setups using e.g. zc.buildout
and other egg-file based installers a lot easier.


The download archives and instructions for installing the package can
be found at:


Before installing this version of pyOpenSSL, please make sure that
you uninstall any previously installed pyOpenSSL version. Otherwise,
you could end up not using the included OpenSSL libs.


Commercial support for these packages is available from
Please see

for details about our support offerings.


For more information about the eGenix pyOpenSSL Distribution, licensing
and download instructions, please visit our web-site or write to
sales at

Marc-Andre Lemburg

Professional Python Services directly from the Source  (#1, Mar 24 2015)
>>> Python Projects, Coaching and Consulting ...
>>> mxODBC Plone/Zope Database Adapter ...
>>> mxODBC, mxDateTime, mxTextTools ...
2015-03-12: Released mxODBC 3.3.2 ...   

::::: Try our mxODBC.Connect Python Database Interface for free ! :::::: Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611

More information about the Python-announce-list mailing list