Highlights
Only one visible change: if a certificate has not subjectAltNames, meaning there's nothing to verify against, a service_identity.CertificateError is raised now instead of a VerificationError. This change was prompted by the difficulty to debug the problem with certificates that still only carry a commonName that has been ignored since 23.1.0.
Special Thanks
This release would not be possible without my generous sponsors! Thank you to all of you making sustainable maintenance possible! If you would like to join them, go to https://github.com/sponsors/hynek and check out the sweet perks!
Above and Beyond
Variomedia AG (@variomedia), Tidelift (@tidelift), FilePreviews (@filepreviews), Daniel Fortunov (@asqui), Kevin P. Fleming (@kpfleming), and Sören Weber (@SoerenWeber).
Maintenance Sustainers
Jeff Triplett (@jefftriplett), Adam Hill (@adamghill), Dan Groshev (@si14), Magnus Watn (@magnuswatn), David Cramer (@dcramer), Moving Content AG (@moving-content), ProteinQure (@ProteinQure), Jesse Snyder (@jessesnyder), Rivo Laks (@rivol), Ionel Cristian Mărieș (@ionelmc), The Westervelt Company (@westerveltco), Philippe Galvan (@PhilippeGalvan), Birk Jernström (@birkjernstrom), Tim Schilling (@tim-schilling), Chris Withers (@cjw296), Christopher Dignam (@chdsbd), Stefan Hagen (@sthagen), Sławomir Ehlert (@slafs), Mostafa Khalil (@khadrawy), Filip Mularczyk (@mukiblejlok), Mike Fiedler (@miketheman), and Michel Vittória (@michelvittoria).
Not to forget 5 more amazing humans who chose to be generous but anonymous!
Full Changelog
Changed
- If a certificate doesn't contain any
subjectAltNames, we now raiseservice_identity.CertificateErrorinstead ofservice_identity.VerificationErrorto make the problem easier to debug. #67