diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2017-10-11 20:29:23 +0800 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2017-10-11 08:29:23 -0400 |
commit | e885bd65a871926a8866db92035d814e3d179bf7 (patch) | |
tree | 3b4456e27928ddf9ac11b0091412de3e75000129 /CHANGELOG.rst | |
parent | 1aac78c4d036d20e8892f3861ea947cadf6ab739 (diff) | |
download | cryptography-e885bd65a871926a8866db92035d814e3d179bf7.tar.gz cryptography-e885bd65a871926a8866db92035d814e3d179bf7.tar.bz2 cryptography-e885bd65a871926a8866db92035d814e3d179bf7.zip |
Update docs and changelog for URI, RFC822Name, and DNSName (#3955)
* Update docs and changelog for URI, RFC822Name, and DNSName
As of 2.1 we want users to pass A-label strings, but we still accept
U-label strings and auto-encode on their behalf (with a deprecation
warning). However, we do not return U-label in the value attribute so
we are making a backwards incompatible change for users that utilize
internationalized domain names.
* language updates
* add presentational to the word list
* the linux dictionary is pathetic
Diffstat (limited to 'CHANGELOG.rst')
-rw-r--r-- | CHANGELOG.rst | 34 |
1 files changed, 14 insertions, 20 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index a4441b85..d029ce6f 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -14,27 +14,21 @@ Changelog * **BACKWARDS INCOMPATIBLE:** ``Whirlpool``, ``RIPEMD160``, and ``UnsupportedExtension`` have been removed in accordance with our :doc:`/api-stability` policy. +* **BACKWARDS INCOMPATIBLE:** :attr:`~cryptography.x509.DNSName.value`, + :attr:`~cryptography.x509.RFC822Name.value`, and + :attr:`~cryptography.x509.UniformResourceIdentifier.value` will now return + an :term:`A-label` string when parsing a certificate containing an + internationalized domain name (IDN) or if the caller passed a :term:`U-label` + to the constructor. See below for additional deprecations related to this + change. * Installing ``cryptography`` now requires ``pip`` 6 or newer. -* Deprecated passing unicode to the :class:`~cryptography.x509.DNSName` - constructor. Instead, users should pass DNS names as ``bytes``, with ``idna`` - encoding if necessary. In addition, the - :attr:`~cryptography.x509.DNSName.value` attribute was deprecated, users - should use :attr:`~cryptography.x509.DNSName.bytes_value` to access the - raw DNS name. -* Deprecated passing unicode to the - :class:`~cryptography.x509.UniformResourceIdentifier` constructor. Instead, - users should pass URIs as ``bytes``, with ``idna`` encoding if - necessary. In addition, the - :attr:`~cryptography.x509.UniformResourceIdentifier.value` attribute was - deprecated, users should use - :attr:`~cryptography.x509.UniformResourceIdentifier.bytes_value` to access - the raw value. -* Deprecated passing unicode to the :class:`~cryptography.x509.RFC822Name` - constructor. Instead, users should pass email addresses as ``bytes``, with - ``idna`` encoding of the hostname if necessary. In addition, the - :attr:`~cryptography.x509.RFC822Name.value` attribute was deprecated, users - should use :attr:`~cryptography.x509.RFC822Name.bytes_value` to access the - raw value. +* Deprecated passing :term:`U-label` strings to the + :class:`~cryptography.x509.DNSName`, + :class:`~cryptography.x509.UniformResourceIdentifier`, and + :class:`~cryptography.x509.RFC822Name` constructors. Instead, users should + pass values as :term:`A-label` strings with ``idna`` encoding if necessary. + This change will not affect anyone who is not processing internationalized + domains. * Added support for :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`. In most cases users should choose |