From stanislaw.pitucha at hp.com Wed Jun 3 05:01:52 2015 From: stanislaw.pitucha at hp.com (Pitucha, Stanislaw Izaak) Date: Wed, 3 Jun 2015 03:01:52 +0000 Subject: [Cryptography-dev] Release schedule Message-ID: Hi all, I couldn?t find a release schedule on the project?s website, but I?m really interested in the next one. Specifically due to the added ASN1_TIME functions and fixed notBefore/notAfter interface. Could you let me know when will it happen approximately? (weeks/months?) We're trying to use the project in Anchor (in stackforge / openstack), but the notBefore/notAfter 0.9 is just not really usable without very creative and possibly very wrong code. Thanks, Stanislaw Pitucha From paul.l.kehrer at gmail.com Wed Jun 3 07:35:43 2015 From: paul.l.kehrer at gmail.com (Paul Kehrer) Date: Wed, 3 Jun 2015 00:35:43 -0500 Subject: [Cryptography-dev] Release schedule In-Reply-To: References: Message-ID: Hi Stanislaw, Our releases don't have an officially defined cadence, but historically we release a major version between 6-10 weeks after the previous one. In this case we released 0.9 on May 14th so a major release is likely to happen at some point in late June (or more likely) July. Occasionally we'll do a minor release to correct an issue and potentially get a small feature out the door more quickly though. For reference, do you know the commits that added the features you're looking for? If we do choose to do a smaller release we could potentially backport from master if they're just bindings (which it sounds like they probably are). -Paul Kehrer (reaperhulk) On June 2, 2015 at 10:11:52 PM, Pitucha, Stanislaw Izaak (stanislaw.pitucha at hp.com) wrote: Hi all, I couldn?t find a release schedule on the project?s website, but I?m really interested in the next one. Specifically due to the added ASN1_TIME functions and fixed notBefore/notAfter interface. Could you let me know when will it happen approximately? (weeks/months?) We're trying to use the project in Anchor (in stackforge / openstack), but the notBefore/notAfter 0.9 is just not really usable without very creative and possibly very wrong code. Thanks, Stanislaw Pitucha _______________________________________________ Cryptography-dev mailing list Cryptography-dev at python.org https://mail.python.org/mailman/listinfo/cryptography-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: From paul.l.kehrer at gmail.com Sat Jun 6 23:32:18 2015 From: paul.l.kehrer at gmail.com (Paul Kehrer) Date: Sat, 6 Jun 2015 16:32:18 -0500 Subject: [Cryptography-dev] PyCA cryptography 0.9.1 Message-ID: PyCA cryptography 0.9.1 has been released. This release corrects a potential security issue: * **SECURITY ISSUE**: Fixed a double free in the OpenSSL backend when using DSA to verify signatures. Note that this only affects PyPy 2.6.0 and (presently unreleased) CFFI versions greater than 1.1.0. -Paul Kehrer (reaperhulk) -------------- next part -------------- An HTML attachment was scrubbed... URL: From paul.l.kehrer at gmail.com Tue Jun 9 04:40:29 2015 From: paul.l.kehrer at gmail.com (Paul Kehrer) Date: Mon, 8 Jun 2015 21:40:29 -0500 Subject: [Cryptography-dev] cffi 1.0 (new compilation system) Message-ID: Over the past weekend we merged (https://github.com/pyca/cryptography/pull/1986) a major improvement to the way we compile our bindings. The recent release of cffi 1.0+ brings a new out of line API mode using "set_source" and we have converted pyca/cryptography to use that. This allows us to do a more traditional compile phase, removing much of our monkeypatching and dramatically reducing overhead on import (both in time and memory). However, this is a big change, so I'm sending this email to encourage people to clone master (https://github.com/pyca/cryptography) and verify that everything is working as expected in your environment. If you run into problems please file issues ASAP. Anything we uncover before the tenth feature release (which will be versioned 1.0!) is great. -Paul Kehrer (reaperhulk) -------------- next part -------------- An HTML attachment was scrubbed... URL: From AKuchmenko at authasas.com Tue Jun 9 12:04:51 2015 From: AKuchmenko at authasas.com (Alexey Kuchmenko) Date: Tue, 9 Jun 2015 10:04:51 +0000 Subject: [Cryptography-dev] verify X509 certificate Message-ID: Hi! How do I verify X509 cert? I see X509_verify_cert() function in bindings/openssl/x509_vfy.py, but it looks like it is not exposed by criptography.io API. I need to - verify cert is not expired (by date, no revocation list) - cert is issued by one of trusted certificates (issuer chain length max=1, I have certificates of all possible issuers) -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex.gaynor at gmail.com Tue Jun 9 16:45:00 2015 From: alex.gaynor at gmail.com (Alex Gaynor) Date: Tue, 9 Jun 2015 10:45:00 -0400 Subject: [Cryptography-dev] verify X509 certificate In-Reply-To: References: Message-ID: Right now we don't have an API for doing certificate validation in our x509 layer. Alex On Tue, Jun 9, 2015 at 6:04 AM, Alexey Kuchmenko wrote: > Hi! How do I verify X509 cert? I see X509_verify_cert() function in > bindings/openssl/x509_vfy.py, but it looks like it is not exposed by > criptography.io API. I need to > > - verify cert is not expired (by date, no revocation list) > > - cert is issued by one of trusted certificates (issuer chain length > max=1, I have certificates of all possible issuers) > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev at python.org > https://mail.python.org/mailman/listinfo/cryptography-dev > > -- "I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) "The people's good is the highest law." -- Cicero GPG Key fingerprint: 125F 5C67 DFE9 4084 -------------- next part -------------- An HTML attachment was scrubbed... URL: