Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactoring to drop deprecated usages in pyOpenSSL & drop Python 3.7 support #182

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

Refactoring to drop deprecated usages in pyOpenSSL & drop Python 3.7 support #182

wants to merge 2 commits into from

Conversation

adferrand
Copy link
Collaborator

@adferrand adferrand commented Aug 27, 2024
edited
Loading

Fixes #181

Caution: This PR introduces backward incompatible changes to the library. A major version of josepy should be issued when this PR is merged.
Caution: Defensive PR on Certbot should be merged first -> certbot/certbot#9993

This PR removes the APIs deprecated by pyopenssl in version 24.2+.

As a consequence, several changes of josepy public API are made:

  • josepy.ComparableX509 is removed since the underlying wrapped object is now objects from cryptography API (Certificate or CertificateSigningRequest) and these objects support equality checks.
  • methods encode_csr, decode_csr, encode_cert and decode_cert now manipulates objects from cryptography API
  • underlying tests are updated.

Aside these changes, the support of Python 3.7 is dropped, given this PR will require a new major version anyway.

@adferrand adferrand mentioned this pull request Aug 27, 2024
Merged
@adferrand adferrand changed the title Feature/remove pyopenssl Refactoring to drop deprecated usages in pyOpenSSL & drop Python 3.7 support Aug 27, 2024
@zoracon zoracon requested a review from bmw September 4, 2024 03:49
@markdboyd markdboyd mentioned this pull request Sep 4, 2024
Merged
alex added a commit to alex/josepy that referenced this pull request Sep 5, 2024
@alex
Ignore warning that CSRs are deprecated in pyOpenSSL
a73e364 
Without this, pyca/cryptography's downstream tests currently fail.

The actual warning is being addressed in certbot#182
@alex alex mentioned this pull request Sep 5, 2024
Merged
ohemorange pushed a commit that referenced this pull request Sep 5, 2024
@alex
Ignore warning that CSRs are deprecated in pyOpenSSL (#185)
350410f 
Without this, pyca/cryptography's downstream tests currently fail.

The actual warning is being addressed in #182
@zoracon
Copy link
Contributor

zoracon commented Sep 6, 2024

This should resolve advisories: (needs Python 3.7 dropped)

@jharrisonSV
Copy link

Any movement on this? 👀

@bmw bmw mentioned this pull request Sep 17, 2024
Merged
@bmw
Copy link
Member

bmw commented Sep 17, 2024

I opened #186 to drop Python 3.7 and fix security alerts.

As for this PR in itself, we will likely do this and/or deprecate this library entirely as discussed at certbot/certbot#8322 and the comments on certbot/certbot#9993 in the next few months. We just need to map out what that transition will look like for the code in https://github.com/certbot/certbot.

@lbeaufort lbeaufort mentioned this pull request Sep 18, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alex alex alex approved these changes

@bmw bmw Awaiting requested review from bmw

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

OpenSSL.crypto.X509Req is deprecated in PyOpenSSL 24.2+
5 participants
@adferrand @zoracon @jharrisonSV @bmw @alex