Merge branch 'master' into crl_ossl_backend

.travis.yml

@@ -71,23 +71,27 @@ matrix:
         - language: generic
           os: osx
           osx_image: beta-xcode6.3
-          env: TOXENV=py26
+          env: TOXENV=py26 CRYPTOGRAPHY_OSX_NO_LINK_FLAGS=1
         - language: generic
           os: osx
           osx_image: beta-xcode6.3
-          env: TOXENV=py27
+          env: TOXENV=py27 CRYPTOGRAPHY_OSX_NO_LINK_FLAGS=1
         - language: generic
           os: osx
           osx_image: beta-xcode6.3
-          env: TOXENV=py33
+          env: TOXENV=py33 CRYPTOGRAPHY_OSX_NO_LINK_FLAGS=1
         - language: generic
           os: osx
           osx_image: beta-xcode6.3
-          env: TOXENV=py34
+          env: TOXENV=py34 CRYPTOGRAPHY_OSX_NO_LINK_FLAGS=1
         - language: generic
           os: osx
           osx_image: beta-xcode6.3
-          env: TOXENV=pypy
+          env: TOXENV=pypy CRYPTOGRAPHY_OSX_NO_LINK_FLAGS=1
+        - language: generic
+          os: osx
+          osx_image: beta-xcode6.3
+          env: TOXENV=py27 CRYPTOGRAPHY_OSX_NO_LINK_FLAGS=0
         - language: generic
           os: osx
           osx_image: beta-xcode6.3

.travis/run.sh

@@ -8,7 +8,12 @@ if [[ "$(uname -s)" == "Darwin" ]]; then
     if [[ "${OPENSSL}" != "0.9.8" ]]; then
         # set our flags to use homebrew openssl
         export ARCHFLAGS="-arch x86_64"
-        export LDFLAGS="-L/usr/local/opt/openssl/lib"
+        # if the build is static we need different LDFLAGS
+        if [[ "${CRYPTOGRAPHY_OSX_NO_LINK_FLAGS}" == "1" ]]; then
+            export LDFLAGS="/usr/local/opt/openssl/lib/libssl.a /usr/local/opt/openssl/lib/libcrypto.a"
+        else
+            export LDFLAGS="-L/usr/local/opt/openssl/lib"
+        fi
         export CFLAGS="-I/usr/local/opt/openssl/include"
         # The Travis OS X jobs are run for two versions
         # of OpenSSL, but we only need to run the
@@ -26,3 +31,7 @@ else
 fi
 source ~/.venv/bin/activate
 tox -- $TOX_FLAGS
+# Output information about linking of the OpenSSL library on OS X
+if [[ "$(uname -s)" == "Darwin" ]]; then
+    otool -L `find .tox -name _openssl*.so`
+fi

CHANGELOG.rst

@@ -6,6 +6,18 @@ Changelog
 
 .. note:: This version is not yet released and is under active development.
 
+1.0.1 - 2015-09-05
+~~~~~~~~~~~~~~~~~~
+
+* We now ship OS X wheels that statically link OpenSSL by default. When
+  installing a wheel on OS X 10.10+ (and using a Python compiled against the
+  10.10 SDK) users will no longer need to compile. See :doc:`/installation` for
+  alternate installation methods if required.
+* Set the default string mask to UTF-8 in the OpenSSL backend to resolve
+  character encoding issues with older versions of OpenSSL.
+* Several new OpenSSL bindings have been added to support a future pyOpenSSL
+  release.
+* Raise an error during install on PyPy < 2.6. 1.0+ requires PyPy 2.6+.
 
 1.0 - 2015-08-12
 ~~~~~~~~~~~~~~~~

docs/installation.rst

@@ -118,38 +118,65 @@ build.
 Building cryptography on OS X
 -----------------------------
 
-Building cryptography requires the presence of a C compiler and development
-headers. On OS X this is typically provided by Apple's Xcode development tools.
-To install the Xcode command line tools on open a terminal window and run:
+The wheel package on OS X is a statically linked build (as of 1.0.1) so for
+users on 10.10 (Yosemite) and above you need two steps:
 
 .. code-block:: console
 
     $ xcode-select --install
 
-This will install a compiler (clang) along with the required development
-headers. If you wish to compile against a more recent OpenSSL than the
-version shipped with OS X see the next section.
+followed by
 
-Using your own OpenSSL on OS X
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.. code-block:: console
+
+    $ pip install cryptography
+
+If you want to build cryptography yourself or are on an older OS X version
+cryptography requires the presence of a C compiler, development headers, and
+the proper libraries. On OS X much of this is provided by Apple's Xcode
+development tools.  To install the Xcode command line tools open a terminal
+window and run:
+
+.. code-block:: console
+
+    $ xcode-select --install
+
+This will install a compiler (clang) along with (most of) the required
+development headers.
+
+You'll also need OpenSSL, which you can obtain from `Homebrew`_ or `MacPorts`_.
+
+To build cryptography and dynamically link it:
+
+`Homebrew`_
+
+.. code-block:: console
+
+    $ brew install openssl
+    $ env LDFLAGS="-L$(brew --prefix openssl)/lib" CFLAGS="-I$(brew --prefix openssl)/include" pip install cryptography
+
+`MacPorts`_:
+
+.. code-block:: console
+
+    $ sudo port install openssl
+    $ env LDFLAGS="-L/opt/local/lib" CFLAGS="-I/opt/local/include" pip install cryptography
 
-To link cryptography against a custom version of OpenSSL you'll need to set
-``ARCHFLAGS``, ``LDFLAGS``, and ``CFLAGS``. OpenSSL can be installed via
-`Homebrew`_ or `MacPorts`_:
+You can also build cryptography statically:
 
 `Homebrew`_
 
 .. code-block:: console
 
     $ brew install openssl
-    $ env ARCHFLAGS="-arch x86_64" LDFLAGS="-L$(brew --prefix openssl)/lib" CFLAGS="-I$(brew --prefix openssl)/include" pip install cryptography
+    $ env CRYPTOGRAPHY_OSX_NO_LINK_FLAGS=1 LDFLAGS="$(brew --prefix openssl)/lib/libssl.a $(brew --prefix openssl)/lib/libcrypto.a" CFLAGS="-I$(brew --prefix openssl)/include" pip install cryptography
 
-or `MacPorts`_:
+`MacPorts`_:
 
 .. code-block:: console
 
     $ sudo port install openssl
-    $ env ARCHFLAGS="-arch x86_64" LDFLAGS="-L/opt/local/lib" CFLAGS="-I/opt/local/include" pip install cryptography
+    $ env CRYPTOGRAPHY_OSX_NO_LINK_FLAGS=1 LDFLAGS="/opt/local/lib/libssl.a /opt/local/lib/libcrypto.a" CFLAGS="-I/opt/local/include" pip install cryptography
 
 Building cryptography with conda
 --------------------------------

src/_cffi_src/build_openssl.py

@@ -4,22 +4,35 @@
 
 from __future__ import absolute_import, division, print_function
 
+import os
 import sys
 
 from _cffi_src.utils import build_ffi_for_binding, extra_link_args
 
 
 def _get_openssl_libraries(platform):
     # OpenSSL goes by a different library name on different operating systems.
-    if platform != "win32":
+    if platform == "darwin":
+        return _osx_libraries(
+            os.environ.get("CRYPTOGRAPHY_OSX_NO_LINK_FLAGS")
+        )
+    elif platform == "win32":
+        return ["libeay32", "ssleay32", "advapi32",
+                "crypt32", "gdi32", "user32", "ws2_32"]
+    else:
         # In some circumstances, the order in which these libs are
         # specified on the linker command-line is significant;
         # libssl must come before libcrypto
         # (http://marc.info/?l=openssl-users&m=135361825921871)
         return ["ssl", "crypto"]
+
+
+def _osx_libraries(build_static):
+    # For building statically we don't want to pass the -lssl or -lcrypto flags
+    if build_static == "1":
+        return []
     else:
-        return ["libeay32", "ssleay32", "advapi32",
-                "crypt32", "gdi32", "user32", "ws2_32"]
+        return ["ssl", "crypto"]
 
 
 _OSX_PRE_INCLUDE = """