openssl_pkcs12: add cryptography backend #234
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Ajpantuso
reviewed
May 19, 2021
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
I have no idea why 17.1.0 was there (in the tests), and not something smaller. The module itself did not mention any version.
…or maciter_size is used.
felixfontein
changed the title
|
ready_for_review |
Ajpantuso
requested changes
May 19, 2021
| ''' | ||
| Load list of concatenated PEM files, and return a list of parsed certificates. | ||
| ''' | ||
| with open(filename, 'rb') as f: | ||
| data = f.read().decode('utf-8') | ||
| return [load_certificate(None, content=cert) for cert in split_pem_list(data)] | ||
| return [load_certificate(None, content=cert.encode('utf-8'), backend=backend) for cert in split_pem_list(data)] |
There was a problem hiding this comment.
This makes sense, but how was PyOpenSSL handling the text certificate data previously?
There was a problem hiding this comment.
PyOpenSSL has some magic to automatically encode: https://github.com/pyca/pyopenssl/blob/main/src/OpenSSL/crypto.py#L2898
Ajpantuso
reviewed
May 19, 2021
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
Ajpantuso
approved these changes
May 19, 2021
|
@Ajpantuso thanks a lot for reviewing this! |
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
SUMMARY
This requires cryptography 3.0 and @Ajpantuso's hack, so we can't deprecate pyOpenSSL anytime soon.
Also this is at the moment pretty ugly, I'll have to do a lot more cleanup...
Finally,
iter_sizeandmaciter_sizeare not supported. Also, the cryptography docs sayPKCS12 encryption is not secure and should not be used as a security mechanism. Wrap a PKCS12 blob in a more secure envelope if you need to store or send it safely. Encryption is provided for compatibility reasons only..Fixes #21.
ISSUE TYPE
COMPONENT NAME
openssl_pkcs12