From 33da1d65bc6377e81caa17aaa4631c7aad607ccd Mon Sep 17 00:00:00 2001 From: Antoine Pitrou Date: Sun, 16 Jan 2011 18:16:09 +0000 Subject: [PATCH] Better description of SSL-related changes --- Doc/whatsnew/3.2.rst | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/Doc/whatsnew/3.2.rst b/Doc/whatsnew/3.2.rst index a9c44e83dbe..4dfea84d640 100644 --- a/Doc/whatsnew/3.2.rst +++ b/Doc/whatsnew/3.2.rst @@ -1120,11 +1120,15 @@ The :mod:`socket` module has two new improvements. ssl --- -* The :mod:`ssl` module has a new class, :class:`~ssl.SSLContext` which serves - as a container for various persistent SSL data, such as protocol settings, - certificates, private keys, and various other options. The - :meth:`~ssl.SSLContext.wrap_socket` method allows to create an SSL socket from - such an SSL context. (Added by Antoine Pitrou; :issue:`8550`.) +The :mod:`ssl` module gains an array of new functionalities which make it much easier +to satisfy common requirements for secure (encrypted, authenticated) connections +over the Internet: + +* A new class, :class:`~ssl.SSLContext`, serves as a container for various + persistent SSL data, such as protocol settings, certificates, private keys, + and various other options. The :meth:`~ssl.SSLContext.wrap_socket` method + allows to create an SSL socket from such an SSL context. (Added by Antoine + Pitrou; :issue:`8550`.) * A new function, :func:`ssl.match_hostname`, helps implement server identity verification for higher-level protocols by implementing the rules of @@ -1142,7 +1146,7 @@ ssl protocol, allowing for several "virtual hosts" using different certificates on a single IP/port. This extension is only supported in client mode, and is activated by passing the *server_hostname* argument to - :meth:`SSLContext.wrap_socket`. + :meth:`ssl.SSLContext.wrap_socket`. (Added by Antoine Pitrou, :issue:`5639`.) * Various options have been added to the :mod:`ssl` module, such as @@ -1167,7 +1171,11 @@ text semantics as well as more practical APIs. These improvements break compatibility with the nntplib version in Python 3.1, which was partly dysfunctional in itself. -(Contributed by Antoine Pitrou in :issue:`9360`) +Support for secure connections through both implicit (using +:class:`nntplib.NNTP_SSL`) and explicit (using :meth:`nntplib.NNTP.starttls`) +TLS has also been added. + +(Contributed by Antoine Pitrou in :issue:`9360` and Andrew Vant in :issue:`1926`.) certificates ------------