- update to 17.2.0:
- Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead.
- Fixed a bug causing ``Context.set_default_verify_paths()`` to not work with
cryptography ``manylinux1`` wheels on Python 3.x.
- Fixed a crash with (EC)DSA signatures in some cases.
- Removed the deprecated ``OpenSSL.rand.egd()`` function.
Applications should prefer ``os.urandom()`` for random number generation.
- Removed the deprecated default ``digest`` argument to ``OpenSSL.crypto.CRL.export()``.
Callers must now always pass an explicit ``digest``.
- Fixed a bug with ``ASN1_TIME`` casting in ``X509.set_notBefore()``,
``X509.set_notAfter()``, ``Revoked.set_rev_date()``, ``Revoked.set_nextUpdate()``,
and ``Revoked.set_lastUpdate()``. You must now pass times in the form
``YYYYMMDDhhmmssZ``. ``YYYYMMDDhhmmss+hhmm`` and ``YYYYMMDDhhmmss-hhmm``
will no longer work. `#612 `_
- Deprecated the legacy "Type" aliases: ``ContextType``, ``ConnectionType``,
``PKeyType``, ``X509NameType``, ``X509ExtensionType``, ``X509ReqType``,
``X509Type``, ``X509StoreType``, ``CRLType``, ``PKCS7Type``, ``PKCS12Type``,
``NetscapeSPKIType``.
The names without the "Type"-suffix should be used instead.
- Added ``OpenSSL.crypto.X509.from_cryptography()`` and ``OpenSSL.crypto.X509.to_cryptography()``
for converting X.509 certificate to and from pyca/cryptography objects.
- Added ``OpenSSL.crypto.X509Req.from_cryptography()``, ``OpenSSL.crypto.X509Req.to_cryptography()``,
``OpenSSL.crypto.CRL.from_cryptography()``, and ``OpenSSL.crypto.CRL.to_cryptography()``
for converting X.509 CSRs and CRLs to and from pyca/cryptography objects.
- Added ``OpenSSL.debug`` that allows to get an overview of used library versions
(including linked OpenSSL) and other useful runtime information using
``python -m OpenSSL.debug``.
- Added a fallback path to ``Context.set_default_verify_paths()`` to accommodate
the upcoming release of ``cryptography`` ``manylinux1`` wheels.
- Drop python-pyOpenSSL=replace-expired-cert.patch . Applied upstream.