diff options
Diffstat (limited to 'CHANGELOG.rst')
-rw-r--r-- | CHANGELOG.rst | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 8935285c..8332b8be 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -15,6 +15,11 @@ Changelog :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.verify` has always been to check whether or not :class:`~cryptography.exceptions.InvalidSignature` was raised. +* Accessing an unrecognized extension marked critical on an X.509 object will + no longer raise an ``UnsupportedExtension`` exception, instead an + :class:`~cryptography.x509.UnrecognizedExtension` object will be returned. + This behavior was based on a poor reading of the RFC, unknown critical + extensions only need to be rejected on certificate verification. 1.8.1 - 2017-03-10 @@ -488,9 +493,9 @@ Changelog * :class:`~cryptography.x509.CertificatePolicies` Note that unsupported extensions with the critical flag raise - :class:`~cryptography.x509.UnsupportedExtension` while unsupported extensions - set to non-critical are silently ignored. Read the - :doc:`X.509 documentation</x509/index>` for more information. + ``UnsupportedExtension`` while unsupported extensions set to non-critical are + silently ignored. Read the :doc:`X.509 documentation</x509/index>` for more + information. 0.8.2 - 2015-04-10 ~~~~~~~~~~~~~~~~~~ |