Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch to pyOpenSSL library #2930

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Switch to pyOpenSSL library #2930

wants to merge 1 commit into from

Conversation

b-ranto
Copy link

@b-ranto b-ranto commented Feb 3, 2015

python-rsa library exhibits several security flaws, this patch drops
the python-rsa dependency and implements the same functionality with
pyOpenSSL library.

@b-ranto
Switch to pyOpenSSL library
2ea6f43 
python-rsa library exhibits several security flaws, this patch drops
the python-rsa dependency and implements the same functionality with
pyOpenSSL library.

Signed-off-by: Boris Ranto <branto@redhat.com>
@b-ranto b-ranto changed the title bSwitch to pyOpenSSL library Switch to pyOpenSSL library Feb 3, 2015
@b-ranto b-ranto mentioned this pull request Feb 3, 2015
Open
@b-ranto
Copy link
Author

b-ranto commented Feb 3, 2015

Note: debian-based distros know this under the name python-openssl.

btw: I've again tested the patch with tests/unit/cloudfront/test_signed_urls.py unit test and it passed all the tests.

@danielgtaylor
Copy link
Member

@BRANTO1 thanks for the pull request and trying to get this updated. It seems that PyOpenSSL actually depends on the cryptography module:

https://github.com/pyca/pyopenssl/blob/master/setup.py#L37

So if we switch from python-rsa I think we'd just go with cryptography directly, unless there is a good reason not to. We are still deciding which way to move forward with this issue.

@alex
Copy link

alex commented Feb 6, 2015

This has teh advantage that pyOpenSSL is packaged in older versions of debian, etc. and folks can still use that version.

@b-ranto
Copy link
Author

b-ranto commented Feb 6, 2015

Yep, this should also work in fedora 20, rhel 7 and some other systems where there is no cryptography module.

@kevgliss
Copy link

Any update on which way this is going to go? I will be working on a pull request adding signature verification to SNS messages.

I have no problem with either, but would lean towards cryptography if given a choice.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
cloudfront needs-tests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@b-ranto @danielgtaylor @alex @kevgliss @jamesls