eGenix is pleased to announce the eGenix pyOpenSSL Distribution 0.13.2.1.0.1.5 for Python 2.4 - 2.7, with support for Windows, Linux and Mac OS X.
The eGenix.com pyOpenSSL Distribution includes everything you need to
get started with SSL in Python. It comes with an easy to use installer
that includes the most recent OpenSSL library versions in pre-compiled
form, making your application independent of OS provided OpenSSL libraries:
Added a patch by Christian Heimes to pyOpenSSL: This addresses the CVE-2013-4238 related problem with embedded NUL bytes in subjectAltNames and also fixes a memory leak in the X509 .get_extension() method.
Christian Heimes also pointed us to a problem with the included CA root bundle,
which turns out to be rather wide-spread. Mozilla's certificate bundle
includes more than just the trusted CA root certificates. It also
includes several explicitly untrusted root certificates and even single
untrusted server certificates.
Our investigation showed that while OpenSSL does handle trust parameters
in the certificates, it doesn't use this information during certificate
verification, if the certificate is passed in together with other
trusted certificates. Future OpenSSL versions may add this support, but
at least versions up to and including 1.0.1e don't have it.
To work around this problem, we have split the bundle file into separate bundles, each with different trust settings included. The explicitly untrusted certificates are no longer included in the lists to avoid potentially trusting these untrusted (root) certificates.
Many thanks to Christian Heimes for these reports.
Added new TRUST_* constants to the OpenSSL.ca_bundle module and new purpose parameters to various bundle query functions.
Fixed a missing import in the https_client.py example.
As always, we provide binaries that include both pyOpenSSL and
the necessary OpenSSL libraries/binaries for all supported platforms: Windows
x86 and x64, Linux x86 and x64, Mac OS X PPC, x86 and x64.
We have also added .egg-file distribution versions of our eGenix.com pyOpenSSL Distribution for Windows, Linux and Mac OS X to the available download options. These make setups using e.g. zc.buildout and other egg-file based installers a lot easier.