Expose constants that are no longer available in latest cryptography · Issue #1201 · pyca/pyopenssl (original) (raw)

Skip to content

Navigation Menu

• • GitHub Copilot Write better code with AI
  • GitHub Advanced Security Find and fix vulnerabilities
  • Actions Automate any workflow
  • Codespaces Instant dev environments
  • Issues Plan and track work
  • Code Review Manage code changes
  • Discussions Collaborate outside of code
  • Code Search Find more, search less
• Explore
  • Learning Pathways
  • Events & Webinars
  • Ebooks & Whitepapers
  • Customer Stories
  • Partners
  • Executive Insights
• • GitHub Sponsors Fund open source developers
  • The ReadME Project GitHub community articles
• • Enterprise platform AI-powered developer platform
• Pricing

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Sign up

Description

In order to customize TLS validation logic in pyOpenSSL, some constants are sometimes needed. For example, Tahoe-LAFS currently uses X509_V_ERR_CERT_NOT_YET_VALID, X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN, and a few others (https://github.com/tahoe-lafs/tahoe-lafs/blob/d92470d233533bdc8ae1f014ca3a82b0ce74e3f3/src/allmydata/storage/http_client.py#L220).

Previous to cryptography v40, these were available there, but they no longer are.

@alex suggested that:

1. They get added to public interface of pyOpenSSL, since that is the consumer.
2. cryptography is then updated appropriately to expose just what pyOpenSSL needs.

I assume they should be exposed in OpenSSL.SSL?

• PR to cryptography adding the constants is merged.
• PR to this repository conditionally adding these to OpenSSL.SSL.__all__.