[PYTHON-CRYPTO] ANN: M2Crypto 0.20

Heikki Toivonen heikki at OSAFOUNDATION.ORG
Tue Aug 11 06:21:55 CEST 2009

M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA,
DSA, DH, HMACs, message digests, symmetric ciphers (including AES); SSL
functionality to implement clients and servers; HTTPS extensions to
Python's httplib, urllib, and xmlrpclib; unforgeable HMAC'ing
AuthCookies for web session management; FTP/TLS client and server;
S/MIME; ZServerSSL: A HTTPS server for Zope and ZSmime: An S/MIME
messenger for Zope. Smartcards supported with the Engine interface.

This is the 0.20 release. Download links and bug filing instructions on
the homepage at


- Deprecated M2Crypto.PGP subpackage since nobody seems to be using it
nor is it being maintained (if you do use it, please let me know)
- Added fedora_setup.sh to help work around differences on Fedora Core
-based distributions (RedHat, CentOS, ...); thanks to Miloslav Trmac
- Added X509.load_request_bio and load_request_string, by Hartmut Goebel
and Pavel Shramov
- Added alias X509.Request.set_subject for set_subject_name to match
X509.X509, by Pavel Shramov
- OBJ_* wrappers did not work properly with OpenSSL 0.9.8a and earlier,
fix by Pavel Shramov
- Added ASN1_UTCTIME.get_datetime and set_datetime, by Pavel Shramov
- Fixed obj_obj2txt, which returned nonsense, fix by Barney Stratford
- m2urllib did not close sockets properly, fix by Miloslav Trmac
- Allow SSL peer certificate to have subjectAltName without dNSName and
use commonName for hostname check, fix by Miloslav Trmac
- threading_locking_callback did not block on a lock when the lock
  was held by another thread, by Miloslav Trmac
- Allow more blocking OpenSSL functions to run without GIL, by Miloslav
- Fixed httpslib to send only the path+query+fragment part of the URL
when using CONNECT proxy, by James Bowes
- SSLServer.__init__ now takes optional bind_and_activate parameter and
  initializes by calling SocketServer.BaseServer.__init__, which
  are Python 2.6 compatibility fixes, by Christian
- ftpslib now works with Python 2.6, by Theodore A. Roth
- httpslib.ProxyHTTPSConnection needs to cast port into integer,
  by John M. Schanck
- Added support for RSASSA-PSS signing and verifying, by Chris Collis
- Added support for disabling padding when using RSA encryption,
  by Chris Collis
- ASN1_INTEGERs can now be larger than fits in an int, for example to
support X509 certificates with large serial numbers, patch by Mikhail
Vorozhtsov and testcase by Barry G.
- Reverted a change done in 0.17 to m2urllib2 which changed urls to
include host when it should stay as it was
- httpslib no longer uses urllib; instead it uses urlparse for url parsing
- SMIME.text_crlf and text_crlf_bio were always raising TypeError; fixed
- EVP.load_key and load_key_bio fixed to raise EVP.EVPError and
BIO.BIOError instead of str (str exceptions not allowed in Python 2.6
and later)
- SSL.Session.load_session fixed to raise SSL.SSLError instead of str
- SMIME.load_pkcs7, load_pkcs7_bio, smime_load_pkcs7,
smime_load_pkcs7_bio, text_crlf, text_crlf_bio fixed to raise
BIO.BIOError, SMIME.PKCS7_Error and SMIME.SMIME_Error as appropriate
instead of str
- Added FIPS mode to unit tests, and used FIPS-compliant key sizes in
other tests, by Miloslav Trmac. Note that tests run much slower because
of this!
- Unit tests cover 80% of the code

  Heikki Toivonen - http://heikkitoivonen.net

More information about the python-crypto mailing list