Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pyOpenSSL requirement pins us to an unecessarily-old cryptography module #293

Closed
ggainey opened this issue Oct 11, 2023 · 1 comment · Fixed by #294
Closed

pyOpenSSL requirement pins us to an unecessarily-old cryptography module #293

ggainey opened this issue Oct 11, 2023 · 1 comment · Fixed by #294
Assignees
@ggainey
Labels
Issue Triage-Needed

Comments

@ggainey
Copy link
Contributor

ggainey commented Oct 11, 2023

Currently we have require PyOpenSSL<23.0 in requirements.txt. This version requires cryptography>=38.0.0,<39, which means we are missing a CVE that cryptography addresses in 39.0.1.

pulpcore now has widened its crypto-requirement to cryptography>=38.0.1,<41.0.5. This means we can widen our PyOpenSSL requirement to <24.0, which allows the installation to choose cryptography 41.0 and satisfy core and pulp-certguard.
@ggainey
Copy link
Contributor Author

ggainey commented Oct 11, 2023

NOTE: this is a related, but not the same, issue as raised in #212, which was resolved by loosening pulpcore's restrictions.

It could be also be addressed by going to cryptography directly, as described in #143 . However, there is validation done in PyOpenSSL that isn't yet ready for primetime even in crypto-42.0. For the moment, this change gets us to newer code with a little effort.

@ggainey ggainey mentioned this issue Oct 11, 2023
Closed
ggainey added a commit to ggainey/pulp-certguard that referenced this issue Oct 11, 2023
@ggainey
Allow pyOpenSSL<24 to pick up fixes in 23.0.
b0abe30 
fixes pulp#293.
@ggainey ggainey mentioned this issue Oct 11, 2023
Merged
@ggainey ggainey self-assigned this Oct 11, 2023
ggainey added a commit that referenced this issue Oct 16, 2023
@ggainey
Allow pyOpenSSL<24 to pick up fixes in 23.0.
875c198 
fixes #293.
ggainey added a commit to ggainey/pulp-certguard that referenced this issue Oct 16, 2023
@ggainey
Allow pyOpenSSL<24 to pick up fixes in 23.0.
30e429f 
fixes pulp#293.

(cherry picked from commit 875c198)
@ggainey ggainey mentioned this issue Oct 16, 2023
Merged
ggainey added a commit to ggainey/pulp-certguard that referenced this issue Oct 16, 2023
@ggainey
Allow pyOpenSSL<24 to pick up fixes in 23.0.
f8a4c77 
fixes pulp#293.

(cherry picked from commit 875c198)
@ggainey ggainey mentioned this issue Oct 16, 2023
Merged
mdellweg pushed a commit that referenced this issue Oct 17, 2023
@ggainey @mdellweg
Allow pyOpenSSL<24 to pick up fixes in 23.0.
6a43913 
fixes #293.

(cherry picked from commit 875c198)
mdellweg pushed a commit that referenced this issue Oct 17, 2023
@ggainey @mdellweg
Allow pyOpenSSL<24 to pick up fixes in 23.0.
501d3a9 
fixes #293.

(cherry picked from commit 875c198)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ggainey ggainey

Labels
Issue Triage-Needed
Projects
RH Pulp Kanban board
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Allow pyOpenSSL<24 to pick up fixes in 23.0. ggainey/pulp-certguard
1 participant
@ggainey