-
Notifications
You must be signed in to change notification settings - Fork 88
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support cryptography 35.0.0 for all modules except openssl_pkcs12 #294
Support cryptography 35.0.0 for all modules except openssl_pkcs12 #294
Conversation
…orted multiple backends).
… else works." This reverts commit 3f905bc.
Ok, as the succeeding CI run shows when the openssl_pkcs12 tests were disabled, this fixes 'everything' except the problem with extracting the friendly name for PKCS#12 archives. My suggestion would be to merge this despite failing CI, and try to work on a fix for openssl_pkcs12 in a separate PR. |
Ok, so the latest changes still work everywhere (except for openssl_pkcs12, as expected). |
The follow-up #296 will fix the remaining PKCS#12 issues (once rebased after this has been merged). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
unfortunate to have to resort to such workarounds, but these look like solid fixes to me
@briantist I'm really looking forward to get rid of them (resp. only have to use them for older cryptography versions)! I've started another push for that in cryptography, but it probably has to wait a bit longer (pyca/cryptography#6346 (comment))... Let's see how many ugly workarounds similar to the ones here or in #296 we need until then... |
Backport to stable-1: 💚 backport PR created✅ Backport PR branch: Backported as #297 🤖 @patchback |
* Add some workarounds for cryptography 35.0.0. * Make fix work with very old cryptography versions as well (which supported multiple backends). * [TEMP] Disable openssl_pkcs12 tests to see whether everything else works. * Revert "[TEMP] Disable openssl_pkcs12 tests to see whether everything else works." This reverts commit 3f905bc. * Add changelog fragment. * Remove unnecessary assignment. * Simplify code change. * [TEMP] Disable openssl_pkcs12 tests to see whether everything else works. * Revert "[TEMP] Disable openssl_pkcs12 tests to see whether everything else works." This reverts commit fdb2105. (cherry picked from commit a2a7d94)
@webknjaz @briantist thanks a lot for reviewing this! |
…) (#297) * Add some workarounds for cryptography 35.0.0. * Make fix work with very old cryptography versions as well (which supported multiple backends). * [TEMP] Disable openssl_pkcs12 tests to see whether everything else works. * Revert "[TEMP] Disable openssl_pkcs12 tests to see whether everything else works." This reverts commit 3f905bc. * Add changelog fragment. * Remove unnecessary assignment. * Simplify code change. * [TEMP] Disable openssl_pkcs12 tests to see whether everything else works. * Revert "[TEMP] Disable openssl_pkcs12 tests to see whether everything else works." This reverts commit fdb2105. (cherry picked from commit a2a7d94) Co-authored-by: Felix Fontein <felix@fontein.de>
SUMMARY
The latest cryptography release, 35.0.0 (released today), uses a lot more Rust code than previous relesaes. Unfortunately this breaks some of our 'workarounds' which access some internals to gather some information that cryptography unfortunately does not provide. These are in particular:
I've been able to work around 1 in some ugly fashion, but didn't find a working solution for 2 yet. It seems that the friendly name is somehow stripped from the certificate.
ISSUE TYPE
COMPONENT NAME
cryptography support
ADDITIONAL INFORMATION