diff --git a/CHANGELOG.rst b/CHANGELOG.rst index b24e08aa..7d30aac1 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -3,19 +3,6 @@ Changelog Versions are year-based with a strict backward-compatibility policy. The third digit is only for regressions. -UNRELEASED ----------- - -Backward-incompatible changes: -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Deprecations: -^^^^^^^^^^^^^ - -Changes: -^^^^^^^^ - -- Added ``OpenSSL.SSL.Context.set_tls13_ciphersuites`` that allows the allowed TLS 1.3 ciphers. 25.2.0 (UNRELEASED) ------------------- @@ -23,8 +10,7 @@ Changes: Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -pyOpenSSL now sets SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER by default, matching CPython's behavior. #1287. -The minimum cryptography version is now 42.0.0. +- The minimum ``cryptography`` version is now 45.0.7. Deprecations: ^^^^^^^^^^^^^ @@ -32,6 +18,9 @@ Deprecations: Changes: ^^^^^^^^ +- pyOpenSSL now sets ``SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER`` by default, matching CPython's behavior. +- Added ``OpenSSL.SSL.Context.set_tls13_ciphersuites`` that allows the allowed TLS 1.3 ciphers. +- Added ``OpenSSL.SSL.Connection.set_info_callback`` 25.1.0 (2025-05-17) ------------------- diff --git a/noxfile.py b/noxfile.py index f0ee8b67..f46fdf9a 100644 --- a/noxfile.py +++ b/noxfile.py @@ -3,7 +3,7 @@ nox.options.reuse_existing_virtualenvs = True nox.options.default_venv_backend = "uv|virtualenv" -MINIMUM_CRYPTOGRAPHY_VERSION = "41.0.5" +MINIMUM_CRYPTOGRAPHY_VERSION = "45.0.7" @nox.session diff --git a/setup.py b/setup.py index dbb53099..6823b140 100644 --- a/setup.py +++ b/setup.py @@ -94,7 +94,7 @@ def find_meta(meta): packages=find_packages(where="src"), package_dir={"": "src"}, install_requires=[ - "cryptography>=42.0.0,<46", + "cryptography>=45.0.7,<46", ( "typing-extensions>=4.9; " "python_version < '3.13' and python_version >= '3.8'" diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py index 7760142b..2579c714 100644 --- a/src/OpenSSL/SSL.py +++ b/src/OpenSSL/SSL.py @@ -3233,3 +3233,27 @@ def request_ocsp(self) -> None: self._ssl, _lib.TLSEXT_STATUSTYPE_ocsp ) _openssl_assert(rc == 1) + + def set_info_callback( + self, callback: Callable[[Connection, int, int], None] + ) -> None: + """ + Set the information callback to *callback*. This function will be + called from time to time during SSL handshakes. + + :param callback: The Python callback to use. This should take three + arguments: a Connection object and two integers. The first integer + specifies where in the SSL handshake the function was called, and + the other the return code from a (possibly failed) internal + function call. + :return: None + """ + + @wraps(callback) + def wrapper(ssl, where, return_code): # type: ignore[no-untyped-def] + callback(Connection._reverse_mapping[ssl], where, return_code) + + self._info_callback = _ffi.callback( + "void (*)(const SSL *, int, int)", wrapper + ) + _lib.SSL_set_info_callback(self._ssl, self._info_callback) diff --git a/tests/test_ssl.py b/tests/test_ssl.py index 3cab6f15..ae55c0ad 100644 --- a/tests/test_ssl.py +++ b/tests/test_ssl.py @@ -3470,6 +3470,33 @@ def test_buffer_size(self) -> None: data = conn.bio_read(2) assert 2 == len(data) + def test_connection_set_info_callback(self) -> None: + (server_sock, client_sock) = socket_pair() + + context = Context(SSLv23_METHOD) + context.use_certificate(load_certificate(FILETYPE_PEM, root_cert_pem)) + context.use_privatekey(load_privatekey(FILETYPE_PEM, root_key_pem)) + server = Connection(context, server_sock) + server.set_accept_state() + + client = Connection(Context(SSLv23_METHOD), client_sock) + client.set_connect_state() + + called = [] + + def info(conn: Connection, where: int, ret: int) -> None: + assert conn is client + called.append(where) + + client.set_info_callback(info) + + handshake(client, server) + + # Verify that the callback was actually called during handshake + assert len(called) > 0 + assert SSL_CB_HANDSHAKE_START in called + assert SSL_CB_HANDSHAKE_DONE in called + class TestConnectionGetCipherList: """