ANN: M2Crypto 0.20

Heikki Toivonen hjtoi-better-remove-before-reply at
Tue Aug 11 06:25:21 CEST 2009

I am please to announce the M2Crypto 0.20 release, which was in
development for over nine months. Over 30 bugs fixed by more than ten
people. Download links and bug filing instructions on the homepage at

M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA,
DSA, DH, HMACs, message digests, symmetric ciphers (including AES); SSL
functionality to implement clients and servers; HTTPS extensions to
Python's httplib, urllib, and xmlrpclib; unforgeable HMAC'ing
AuthCookies for web session management; FTP/TLS client and server;
S/MIME; ZServerSSL: A HTTPS server for Zope and ZSmime: An S/MIME
messenger for Zope. Smartcards supported with the Engine interface.


- Deprecated M2Crypto.PGP subpackage since nobody seems to be using it
nor is it being maintained (if you do use it, please let me know)
- Added to help work around differences on Fedora Core
-based distributions (RedHat, CentOS, ...); thanks to Miloslav Trmac
- Added X509.load_request_bio and load_request_string, by Hartmut Goebel
and Pavel Shramov
- Added alias X509.Request.set_subject for set_subject_name to match
X509.X509, by Pavel Shramov
- OBJ_* wrappers did not work properly with OpenSSL 0.9.8a and earlier,
fix by Pavel Shramov
- Added ASN1_UTCTIME.get_datetime and set_datetime, by Pavel Shramov
- Fixed obj_obj2txt, which returned nonsense, fix by Barney Stratford
- m2urllib did not close sockets properly, fix by Miloslav Trmac
- Allow SSL peer certificate to have subjectAltName without dNSName and
use commonName for hostname check, fix by Miloslav Trmac
- threading_locking_callback did not block on a lock when the lock
  was held by another thread, by Miloslav Trmac
- Allow more blocking OpenSSL functions to run without GIL, by Miloslav
- Fixed httpslib to send only the path+query+fragment part of the URL
when using CONNECT proxy, by James Bowes
- SSLServer.__init__ now takes optional bind_and_activate parameter and
  initializes by calling SocketServer.BaseServer.__init__, which
  are Python 2.6 compatibility fixes, by Christian
- ftpslib now works with Python 2.6, by Theodore A. Roth
- httpslib.ProxyHTTPSConnection needs to cast port into integer,
  by John M. Schanck
- Added support for RSASSA-PSS signing and verifying, by Chris Collis
- Added support for disabling padding when using RSA encryption,
  by Chris Collis
- ASN1_INTEGERs can now be larger than fits in an int, for example to
support X509 certificates with large serial numbers, patch by Mikhail
Vorozhtsov and testcase by Barry G.
- Reverted a change done in 0.17 to m2urllib2 which changed urls to
include host when it should stay as it was
- httpslib no longer uses urllib; instead it uses urlparse for url parsing
- SMIME.text_crlf and text_crlf_bio were always raising TypeError; fixed
- EVP.load_key and load_key_bio fixed to raise EVP.EVPError and
BIO.BIOError instead of str (str exceptions not allowed in Python 2.6
and later)
- SSL.Session.load_session fixed to raise SSL.SSLError instead of str
- SMIME.load_pkcs7, load_pkcs7_bio, smime_load_pkcs7,
smime_load_pkcs7_bio, text_crlf, text_crlf_bio fixed to raise
BIO.BIOError, SMIME.PKCS7_Error and SMIME.SMIME_Error as appropriate
instead of str
- Added FIPS mode to unit tests, and used FIPS-compliant key sizes in
other tests, by Miloslav Trmac. Note that tests run much slower because
of this!
- Unit tests cover 80% of the code

  Heikki Toivonen -

More information about the Python-list mailing list