Versions are year-based with a strict backwards-compatibility policy. The third digit is only for regressions.
- Since Chrome 58 and Firefox 48 both don’t accept certificates that contain only a Common Name, its usage is hereby deprecated in
service_identitytoo. We have been raising a warning since 16.0.0 and the support will be removed in mid-2018 for good.
service_identity.SubjectAltNameWarningis raised, the Common Name of the certificate is now included in the warning message. #17
cryptography.x509backend for verifying certificates. #18
- Wildcards (
*) are now only allowed if they are the leftmost label in a certificate. This is common practice by all major browsers. #19
Python 3.3 and 2.6 aren’t supported anymore. They may work by chance but any effort to keep them working has ceased.
The last Python 2.6 release was on October 29, 2013 and isn’t supported by the CPython core team anymore. Major Python packages like Django and Twisted dropped Python 2.6 a while ago already.
Python 3.3 never had a significant user base and wasn’t part of any distribution’s LTS release.
pyOpenSSL versions older than 0.14 are not tested anymore. They don’t even build on recent OpenSSL versions. Please note that its support may break without further notice.
- Switch to year-based version numbers.
- Port to
characteristic14.0 (get rid of deprecation warnings).
- Package docs with sdist.
- Drop support for Python 3.2. There is no justification to add complexity and unnecessary function calls for a Python version that nobody uses.
- Move into the Python Cryptography Authority’s GitHub account.
- Move exceptions into
service_identity.exceptionsso tracebacks don’t contain private module names.
- Promoting to stable since Twisted 14.0 is optionally depending on
- Use characteristic instead of a home-grown solution.
idna0.6 did some backward-incompatible fixes that broke Python 3 support. This has been fixed now therefore
service_identityonly works with
idna0.6 and later. Unfortunately since
idnadoesn’t offer version introspection,
service_identitycan’t warn about it.
- Refactor into a multi-module package.
extract_idslive in the
verify_hostnamenow takes an
OpenSSL.SSL.Connectionfor the first argument.
- Less false positives in IP address detection.
- Officially support Python 3.4 too.
- More strict checks for URI_IDs.