New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deprecate X509Extension
and CRL
APIs
#1249
Comments
X509.Extension
and X509.CertificateRevocationList
APIsX509Extension
and CRL
APIs
Here's another list of important packages dependent on PyOpenSSL, this time sorted by # of downloads last month (I removed the packages already present in the previous list): Format:
Dependents:
|
I just realized there's at least one public API that relies on CRL: |
@alex To have To put it in code, what we want is: def add_crl(self, crl: Union["CRL", x509.CertificateRevocationList]) -> None:
converted_crl = crl if isinstance(crl, CRL) else CRL.from_cryptography(crl)
_openssl_assert(_lib.X509_STORE_add_crl(self._store, converted_crl._crl) != 0) But since |
I don't feel strongly about this.
…On Wed, Sep 20, 2023 at 5:45 AM Facundo Tuesca ***@***.***> wrote:
@alex <https://github.com/alex> To have add_crl accept a
x509.CertificateRevocationList, we would need to convert it so that
_lib.X509_STORE_add_crl() can take it. Currently, the logic for that is
in CRL::from_cryptography() and _load_crl(), two functions that are in
the set to be deprecated.
Should we duplicate that logic in X509Store::add_crl, so that when those
two are deprecated, add_crl() still works?
—
Reply to this email directly, view it on GitHub
<#1249 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAAGBDD7T2MTR7JPWBUSJLX3K3NLANCNFSM6AAAAAA4T4HTW4>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
--
All that is necessary for evil to succeed is for good people to do nothing.
|
|
These have better alternatives in cryptography, and users should be pointed to use them instead.
Here is a list of packages that depend on pyOpenSSL, along with their importance to the ecosystem (number of direct+indirect dependents), current use of these APIs and places where
pyOpenSSL
is being used.Format:
X509Extension
orCRL
pyOpenSSL
Dependents:
mitmproxy
)The text was updated successfully, but these errors were encountered: