Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

automatically set SSL_CTX_set_ecdh_auto when available #575

merged 2 commits into from Dec 19, 2016


Copy link

@reaperhulk reaperhulk commented Nov 22, 2016

fixes #359

Copy link

@codecov-io codecov-io commented Nov 22, 2016

Current coverage is 95.65% (diff: 100%)

Merging #575 into master will increase coverage by <.01%

@@             master       #575   diff @@
  Files            16         16          
  Lines          5615       5620     +5   
  Methods           0          0          
  Messages          0          0          
  Branches        403        403          
+ Hits           5371       5376     +5   
  Misses          167        167          
  Partials         77         77          

Powered by Codecov. Last update e62840e...0d65cea

@@ -23,7 +23,8 @@ Deprecations:

- Automatically set `SSL_CTX_set_ecdh_auto()` on ``OpenSSL.SSL.Context``.

This comment has been minimized.


hynek Nov 22, 2016

Can you make SSL_CTX_set_ecdh_auto() a reST code too pls? Otherwise LGTM and you can merge it if the tests pass.

Copy link

@hynek hynek commented Nov 22, 2016

this needs a rebase (sorry, had the choice between your and pestering a newbie some more :))

@reaperhulk reaperhulk force-pushed the reaperhulk:auto-ecdh branch from c7ce289 to 0d65cea Nov 28, 2016
hynek approved these changes Dec 19, 2016
@hynek hynek merged commit 6c6bf86 into pyca:master Dec 19, 2016
3 checks passed
3 checks passed
codecov/patch 100% of diff hit (target 95.65%)
codecov/project 95.65% (+<.01%) compared to e62840e
continuous-integration/travis-ci/pr The Travis CI build passed
Copy link

@hynek hynek commented Dec 19, 2016

Sorry, lost track of this.

aszlig added a commit to NixOS/nixpkgs that referenced this pull request Jun 21, 2017
Upstream changes:

 * Added OpenSSL.X509Store.set_time() to set a custom verification time
   when verifying certificate chains. pyca/pyopenssl#567
 * Added a collection of functions for working with OCSP stapling. None
   of these functions make it possible to validate OCSP assertions, only
   to staple them into the handshake and to retrieve the stapled
   assertion if provided. Users will need to write their own code to
   handle OCSP assertions. We specifically added:
   Context.set_ocsp_server_callback, Context.set_ocsp_client_callback,
   and Connection.request_ocsp. pyca/pyopenssl#580
 * Changed the SSL module's memory allocation policy to avoid zeroing
   memory it allocates when unnecessary. This reduces CPU usage and
   memory allocation time by an amount proportional to the size of the
   allocation. For applications that process a lot of TLS data or that
   use very lage allocations this can provide considerable performance
   improvements. pyca/pyopenssl#578
 * Automatically set SSL_CTX_set_ecdh_auto() on OpenSSL.SSL.Context.
 * Fix empty exceptions from OpenSSL.crypto.load_privatekey().

The full upstream changelog can be found at:

I've also added a patch from pyca/pyopenssl#637 in order to fix the
tests, which was the main reason for the version bump because that patch
won't apply for 16.2.0.

According to the upstream changelog there should be no
backwards-incompatible changes, but I've tested building against some of
the packages depending on pyopenssl anyway. Regardless of this, the
build for pyopenssl fails right now anyway, so the worst that could
happen via this commit would be that we break something that's already

Signed-off-by: aszlig <>
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 18, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Linked issues

Successfully merging this pull request may close these issues.

3 participants