E
eGenix Team: M.-A. Lemburg
________________________________________________________________________
ANNOUNCING
eGenix.com pyOpenSSL Distribution
Version 0.13.2.1.0.1.5
An easy-to-install and easy-to-use distribution
of the pyOpenSSL Python interface for OpenSSL -
available for Windows, Mac OS X and Unix platforms
This announcement is also available on our web-site for online reading:
http://www.egenix.com/company/news/eGenix-pyOpenSSL-Distribution-0.13.2.1.0.1.5.html
________________________________________________________________________
INTRODUCTION
The eGenix.com pyOpenSSL Distribution includes everything you need to
get started with SSL in Python.
It comes with an easy-to-use installer that includes the most recent
OpenSSL library versions in pre-compiled form, making your application
independent of OS provided OpenSSL libraries:
http://www.egenix.com/products/python/pyOpenSSL/
pyOpenSSL is an open-source Python add-on that allows writing SSL/TLS-
aware network applications as well as certificate management tools:
https://launchpad.net/pyopenssl/
OpenSSL is an open-source implementation of the SSL/TLS protocol:
http://www.openssl.org/
________________________________________________________________________
NEWS
This new release of the eGenix.com pyOpenSSL Distribution includes a
set of updates related to security problems reported by Christian
Heimes:
New in the eGenix pyOpenSSL Distribution
----------------------------------------
* Added a patch by Christian Heimes to pyOpenSSL: This addresses the
CVE-2013-4238 related problem with embedded NUL bytes in
subjectAltNames and also fixes a memory leak in the X509
.get_extension() method.
* Christian Heimes also pointed us to a problem with the included CA
root bundle, which turns out to be rather wide-spread. Mozilla's
certificate bundle includes more than just the trusted CA root
certificates. It also includes several explicitly untrusted root
certificates and even single untrusted server certificates.
Our investigation showed that while OpenSSL does handle trust
parameters in the certificates, it doesn't use this information
during certificate verification, if the certificate is passed in
together with other trusted certificates. Future OpenSSL versions
may add this support, but at least versions up to and including
1.0.1e don't have it.
To work around this problem, we have split the bundle file into
separate bundles, each with different trust settings included. The
explicitly untrusted certificates are no longer included in the
lists to avoid potentially trusting these untrusted (root)
certificates.
Many thanks to Christian Heimes for these reports.
* Added new TRUST_* constants to the OpenSSL.ca_bundle module and new
purpose parameters to various bundle query functions.
* Fixed a missing import in the https_client.py example.
As always, we provide binaries that include both pyOpenSSL and the
necessary OpenSSL libraries for all supported platforms:
Windows x86 and x64, Linux x86 and x64, Mac OS X PPC, x86 and x64.
We've also added egg-file distribution versions of our eGenix.com
pyOpenSSL Distribution for Windows, Linux and Mac OS X to the
available download options. These make setups using e.g. zc.buildout
and other egg-file based installers a lot easier.
________________________________________________________________________
DOWNLOADS
The download archives and instructions for installing the package can
be found at:
http://www.egenix.com/products/python/pyOpenSSL/
________________________________________________________________________
UPGRADING
Before installing this version of pyOpenSSL, please make sure that
you uninstall any previously installed pyOpenSSL version. Otherwise,
you could end up not using the included OpenSSL libs.
_______________________________________________________________________
SUPPORT
Commercial support for these packages is available from eGenix.com.
Please see
http://www.egenix.com/services/support/
for details about our support offerings.
________________________________________________________________________
MORE INFORMATION
For more information about the eGenix pyOpenSSL Distribution, licensing
and download instructions, please visit our web-site or write to
(e-mail address removed).
Enjoy,
--
Marc-Andre Lemburg
eGenix.com
Professional Python Services directly from the Source (#1, Sep 04 2013)________________________________________________________________________
::::: Try our mxODBC.Connect Python Database Interface for free ! ::::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
http://www.egenix.com/company/contact/
ANNOUNCING
eGenix.com pyOpenSSL Distribution
Version 0.13.2.1.0.1.5
An easy-to-install and easy-to-use distribution
of the pyOpenSSL Python interface for OpenSSL -
available for Windows, Mac OS X and Unix platforms
This announcement is also available on our web-site for online reading:
http://www.egenix.com/company/news/eGenix-pyOpenSSL-Distribution-0.13.2.1.0.1.5.html
________________________________________________________________________
INTRODUCTION
The eGenix.com pyOpenSSL Distribution includes everything you need to
get started with SSL in Python.
It comes with an easy-to-use installer that includes the most recent
OpenSSL library versions in pre-compiled form, making your application
independent of OS provided OpenSSL libraries:
http://www.egenix.com/products/python/pyOpenSSL/
pyOpenSSL is an open-source Python add-on that allows writing SSL/TLS-
aware network applications as well as certificate management tools:
https://launchpad.net/pyopenssl/
OpenSSL is an open-source implementation of the SSL/TLS protocol:
http://www.openssl.org/
________________________________________________________________________
NEWS
This new release of the eGenix.com pyOpenSSL Distribution includes a
set of updates related to security problems reported by Christian
Heimes:
New in the eGenix pyOpenSSL Distribution
----------------------------------------
* Added a patch by Christian Heimes to pyOpenSSL: This addresses the
CVE-2013-4238 related problem with embedded NUL bytes in
subjectAltNames and also fixes a memory leak in the X509
.get_extension() method.
* Christian Heimes also pointed us to a problem with the included CA
root bundle, which turns out to be rather wide-spread. Mozilla's
certificate bundle includes more than just the trusted CA root
certificates. It also includes several explicitly untrusted root
certificates and even single untrusted server certificates.
Our investigation showed that while OpenSSL does handle trust
parameters in the certificates, it doesn't use this information
during certificate verification, if the certificate is passed in
together with other trusted certificates. Future OpenSSL versions
may add this support, but at least versions up to and including
1.0.1e don't have it.
To work around this problem, we have split the bundle file into
separate bundles, each with different trust settings included. The
explicitly untrusted certificates are no longer included in the
lists to avoid potentially trusting these untrusted (root)
certificates.
Many thanks to Christian Heimes for these reports.
* Added new TRUST_* constants to the OpenSSL.ca_bundle module and new
purpose parameters to various bundle query functions.
* Fixed a missing import in the https_client.py example.
As always, we provide binaries that include both pyOpenSSL and the
necessary OpenSSL libraries for all supported platforms:
Windows x86 and x64, Linux x86 and x64, Mac OS X PPC, x86 and x64.
We've also added egg-file distribution versions of our eGenix.com
pyOpenSSL Distribution for Windows, Linux and Mac OS X to the
available download options. These make setups using e.g. zc.buildout
and other egg-file based installers a lot easier.
________________________________________________________________________
DOWNLOADS
The download archives and instructions for installing the package can
be found at:
http://www.egenix.com/products/python/pyOpenSSL/
________________________________________________________________________
UPGRADING
Before installing this version of pyOpenSSL, please make sure that
you uninstall any previously installed pyOpenSSL version. Otherwise,
you could end up not using the included OpenSSL libs.
_______________________________________________________________________
SUPPORT
Commercial support for these packages is available from eGenix.com.
Please see
http://www.egenix.com/services/support/
for details about our support offerings.
________________________________________________________________________
MORE INFORMATION
For more information about the eGenix pyOpenSSL Distribution, licensing
and download instructions, please visit our web-site or write to
(e-mail address removed).
Enjoy,
--
Marc-Andre Lemburg
eGenix.com
Professional Python Services directly from the Source (#1, Sep 04 2013)________________________________________________________________________
::::: Try our mxODBC.Connect Python Database Interface for free ! ::::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
http://www.egenix.com/company/contact/