- Update dependencies to baseline on Ubuntu 18.04
- Clarify documentation of Ubuntu installation dependencies
- List ipaddress as a dependency
- Strip PEM header from OpenSSL.crypto.X509 cert
- Doc updates: dependency versions, standard links
- Fix cryptography deprecation warnings. Closes #108
- Allow URI attribute of Reference to be absent (#102)
- Fix release
Fix release
- Relax dependency version constraints.
- Drop Python 3.3 support.
- Support for PEM files with CR+LF line endings (#93).
- Import asn1crypto on demand
- Allow newer versions of cryptography library (#89)
- Add explicit dependency on asn1crypto to setup.py (#87)
- Remove use of Exception.message for py3 compatibility. Closes #36 (#86)
- Use asn1crypto instead of pyasn1 to match cryptography lib (#85)
- Pin to major version of lxml instead of minor
- Allow newer versions of several requirements (#84)
- Allow newer version of eight library (#83)
- Documentation and test fixes
- Release automation: parse repo name correctly
- Expand supported cryptography version range. Fixes #74
- Documentation and release automation improvements
- Fix handling of reference URIs in detached signing
- Test infra fixes
- Support custom key info when signing
- Initial elements of ws-security support
- Support signing and verifying multiple references
- Only sign the referenced element when passed reference_uri (thanks to @soby).
- Add CN validation - instead of a full X.509 certificate, it is now possible to pass a common name that will be matched against the CN of a cert trusted by the CA store.
- Order-agnostic cert chain validation and friendlier ingestion of cert chains.
- Minor/internal changes; packaging fix for 2.1.0
- Pre-release; see notes for v2.1.4
- Major API change: signxml.xmldsig(data).sign() -> signxml.XMLSigner().sign(data)
- Major API change: signxml.xmldsig(data).verify() -> signxml.XMLVerifier().verify(data)
- Signer and verifier objects now carry no data-specific state; instead carry system configuration state that is expected to be reused
- Signer and verifier objects should now be safe to reuse in reentrant environments
- Internal architecture changes to improve modularity and eliminate data-specific latent state and side effects
- Update xmlenc namespaces for downstream encryptxml support
- Packaging fix: remove stray .pyc file
- Major API change: Return signature information in verify() return value (#41, #50). Thanks to @klondi.
- Major API change: Excise signature node from verify() return value to avoid possibly returning untrusted data (#47). Thanks to @klondi.
- Remove signature nodes appropriately (#46). Thanks to @klondi.
- Expand Travis CI test to include flake8 linter.
- Add support for using a KeyName element within the KeyInfo block (#38). Thanks to @Pelleplutt.
- Update cryptography dependency
- Expand Travis CI test matrix to include OS X
- Python 3.5 compatibility fix: move enum34 into conditional dependencies (#37). Thanks to @agronholm.
- Support enveloped signatures nested at arbitrary levels beneath root element (#32, #33). Thanks to @jmindek.
- Update certifi, cryptography dependencies
- Handle xml.etree.ElementTree nodes as input (previously these would cause a crash, despite the documentation suggesting otherwise). Closes #19, thanks to @nickcash.
- Do not open schema file in text mode when parsing XML (closes #18, thanks to @nick210)
- Update cryptography dependency
- Add support for parameterizable signature namespace (PR #12, thanks to @ldnunes)
- Update cryptography dependency
- Add support for detached signatures (closes #3)
- Update pyOpenSSL dependency; use X509StoreContext.verify_certificate()
- Use pyasn1 for DER encoding and decoding, eliminating some DSA signature verification failures
- Do not distribute tests in source archive
- Configurable id attribute name for verifying non-standard internal object references, e.g. ADFS (closes #6)
- Python 3 compatibility fixes
- Fix test matrix (Python version configuration) in Travis
- Refactor application of enveloped signature transforms
- Support base64 transform
- Support application of different canonicalization algorithms to signature and payload (closes #1)
- Add support for exclusive canonicalization with InclusiveNamespaces PrefixList attribute
- Overhaul support of canonicalization algorithms
- Fix bug in enveloped signature canonicalization of namespace prefixes
- Fix bug in enveloped signature excision
- Allow location of enveloped signature to be specified
- Use exclusive c14n when signing
- Namespace all tags when generating signature
- Switch default signing method to enveloped signature
- Fix typo in ns prefixing code
- Fix handling of DER sequences in DSA key serialization
- Parameterize excision with ns prefix
- Fix excision with ns prefix
- Fixes to c14n of enveloped signatures
- Expand tests to use the XML Signature interoperability test suite
- Load bare X509 certificates from SAML metadata correctly
- Always use X509 information even if key value is present
- Internal refactor to modularize key value handling logic
- Use defusedxml when verifying signatures.
- Eliminate dependency on PyCrypto.
- Introduce support for ECDSA asymmetric key encryption.
- Introduce ability to validate xmldsig11 schema.
- Expand test suite coverage.
- Allow use of external X509 certificates for validation; add an example of supplying a cert from SAML metadata.
- Packaging fix.
- Packaging fix.
- Accept etree elements in verify.
- Packaging fix.
- Begin work toward conformance with version 1.1 of the spec.
- Require x509 for verification by default.
- Documentation fixes.
- Documentation fixes.
- Initial release.