Comments (5)
Here's another list of important packages dependent on PyOpenSSL, this time sorted by # of downloads last month (I removed the packages already present in the previous list):
Format:
- package-name (number of downloads)
- Does it use either
X509Extension
orCRL
- List of places in its codebase where it uses
pyOpenSSL
- Does it use either
Dependents:
- urllib3 (388788102)
- Does not use either API
- Uses library here
- azure-cli-core (3788166)
- apache-airflow-providers-google (1914071)
- Does not use either API
- Library does not seem to be currently used anywhere
(https://github.com/urllib3/urllib3/blob/af7c78fa30f5a4e265911371d0c59b6baeddca0f/src/urllib3/contrib/pyopenssl.py)
- azure-servicemanagement-legacy (1427093)
- Does not use either API
- Uses library here
- pyvmomi (986291)
- Does not use either API
- Uses library here
- aws-sam-cli (871525)
- Does not use either API
- Uses library here
- auth0-python (740244)
- Does not use either API
- Library does not seem to be currently used anywhere
- pysaml2 (578310)
- signxml (298553)
- tinybird-cli (282228)
- Not open source (?)
- pydrive2 (228953)
- Does not use either API
- Library does not seem to be currently used anywhere
- pusher (221858)
- Does not use either API
- Does not use library directly
- httpie (218094)
- Does not use either API
- Does not use library directly
from pyopenssl.
I just realized there's at least one public API that relies on CRL: add_crl
on X509Store
. My recommendation would be to change that method to allow it to accept a pyca/cryptography CRL or a pyOpenSSL CRL. This gives users who rely on that method a deprecation-free path.
from pyopenssl.
@alex To have add_crl
accept a x509.CertificateRevocationList
, we would need to convert it so that _lib.X509_STORE_add_crl()
can take it. Currently, the logic for that is in CRL::from_cryptography()
and _load_crl()
, two functions that are in the set to be deprecated.
Should we duplicate that logic in X509Store::add_crl
, so that when those two are deprecated, add_crl()
still works?
To put it in code, what we want is:
def add_crl(self, crl: Union["CRL", x509.CertificateRevocationList]) -> None:
converted_crl = crl if isinstance(crl, CRL) else CRL.from_cryptography(crl)
_openssl_assert(_lib.X509_STORE_add_crl(self._store, converted_crl._crl) != 0)
But since from_cryptography()
(and _load_crl()
, used by from_cryptography
) are going to be deprecated, we would need to duplicate their logic in add_crl
's definition
from pyopenssl.
from pyopenssl.
I just realized there's at least one public API that relies on CRL:
add_crl
onX509Store
. My recommendation would be to change that method to allow it to accept a pyca/cryptography CRL or a pyOpenSSL CRL. This gives users who rely on that method a deprecation-free path.
@alex Here's the PR for that: #1252
from pyopenssl.
Related Issues (20)
- Selection of PKCS12 MAC algorithm HOT 1
- MemoryError: Cannot allocate write+execute memory for ffi.callback() in ASLR enabled machine - FreeBSD HOT 2
- Latest version of the pyopenssl library giving following error HOT 16
- Implement PyOpenSSL deprecated functions as calls into Cryptography library HOT 3
- Use SSL_session_reused API HOT 1
- RemoveError: 'pyopenssl' is a dependency of conda and cannot be removed from conda's operating environment. HOT 2
- Add support for retrieving negotiated SRTP profile HOT 4
- pyopenssl-23.3.0 is incompatible with the latest cryptography 42.0.0
- [docs] Use Furo?
- TLS 1.3 Session Resumption with PSKs in pyopenssl? HOT 1
- RFE: is it possible to start making github releases?🤔 HOT 2
- Support for `cryptography.X509.Extensions` in `pyopenssl.X509.add_extensions` etc? HOT 2
- 24.1.0: pytest fails in 3 units and some pytest warnings HOT 12
- 24.1.0: sphinx warnings `reference target not found` HOT 1
- CVE-2023-6129 Safety vulnerability HOT 1
- Some X509 Tests fail on v24.1.0 HOT 1
- Add SSL_OP_CLEANSE_PLAINTEXT to exported set of options
- Use of a Broken or Risky Cryptographic Algorithm [Snyk Vulnerability] HOT 1
- expose `SSL_set_info_callback` (i.e. `Connection.set_info_callback`)
- X.509Name.get_components() doesn't process Subject values like X.509Name.__getattr__() does with Unicode strings. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pyopenssl.