Fetching contributors…
Cannot retrieve contributors at this time
95 lines (71 sloc) 3.08 KB
0.11.0 - 2016-05-11
* Have the local verifier validate that the email
address is well-formed, to avoid passing e.g.
null bytes through to code that doesn't properly
handle them.
0.10.0 - 2016-03-09
* Add support for "idpClaims" and "userClaims" when
generating test assertions. This helps when using
this library to interact with Firefox Accounts.
0.9.2 - 2014-04-13
* Remove tuple paramter unpacking for python3.
* Add "description" attribute to Error objects.
0.9.1 - 2012-11-26
* Fix data-decoding bug in fallback crypto routines.
0.9.0 - 2012-10-04
* Support for Python 3.
0.8.0 - 2012-08-01
* Correct the pure-python RSA implementation. Unfortunately this
requires a small backwards-incompatible API change on RSKey objects
(the SIZE property is now DIGESTSIZE and it gives the size of the
internal hex digest string in bytes)
0.7.0 - 2012-07-26
* Added a pure-python implementation of the JWT crypto routines, for
use when M2Crypto is not available.
* Added "from_pem_data" and "to_pem_data" methods to Key objects.
Currently these are only available when M2Crypto is installed.
* Added support for delegation of authority; thanks @kylef.
* Use for remote verification
0.6.2 - 2012-07-17
* Add and related sites to the list of default
trusted secondaries.
0.6.1 - 2012-06-07
* Disable certificate chaining for now. This feature is not used by any
servers in the wild, and the spec for it is going to change soon.
0.6.0 - 2012-31-05
* Remove ability to use a custom JWT parser class, it's not used and
adds needless complexity.
* Add a way to skip the ssl verification when getting certificates with the
0.5.0 - 2012-04-18
* add support of requests rather than custom code for ssl checking when
retrieving certificates.
* removed patch utility for secure_urlopen (we are now using requests)
* add more verbose errors when dealing with RSA/DSA Keys.
0.4.0 - 2012-03-13
* Renamed from PyVEP to PyBrowserID, in keeping with Mozilla branding.
* Audience checking now accepts glob-style patterns as well as fixed
audience strings.
* Verifier objects now accept a list of audience patterns as their first
argument. This is designed to encourage doing the right thing rather than,
say, passing in the hostname from the request.
* Allowed LocalVerifier to use of a custom JWT parser.
* Removed browserid.verify_[remote|local|dummy] since they just cause
confusion. You should either accept the defaults provided by the
browserid.verify function, or use a full-blown Verifier object.
* Split certificate loading and caching into a separate class, in
* Removed the DummyVerifier class in favour of supporting functions