work around openssl 3.1.0 bug and bump for 23.1.1 by reaperhulk · Pull Request #1204 · pyca/pyopenssl (original) (raw)

Conversation

This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters

[ Show hidden characters]({{ revealButtonHref }})

@reaperhulk

@reaperhulk

@reaperhulk

cryptographyMain does not support 3.6

alex

alex approved these changes Mar 28, 2023

@ShaneHarvey

@reaperhulk

Passing an undef NID to EllipticCurve.from_nid is already documented as requiring a known NID. In the UNDEF case it will fail sooner on OpenSSL 3.1.0, but that's it. (This is a terrible API in general, as is most of pyOpenSSL, but c'est la vie).

X509Name.get_components appears reachable so I'd be happy to review a patch that fixes that (and adds a test).

PKCS7.get_type_name would be reachable only if someone creates a PKCS7 structure that deliberately does not use known types. That's certainly possible, albeit somewhat involved. If a test exercising the path is created we'd take a patch for this as well.

@alex

It's impossible to use X509Name.get_components with an unknown NID and get a useful result AFAICT. UNDEF as a string there is useless.

On Tue, Mar 28, 2023 at 8:53 PM Paul Kehrer ***@***.***> wrote: Passing an undef NID to EllipticCurve.from_nid is already documented as requiring a known NID. In the UNDEF case it will fail sooner on OpenSSL 3.1.0, but that's it. (This is a terrible API in general, as is most of pyOpenSSL, but c'est la vie). X509Name.get_components appears reachable so I'd be happy to review a patch that fixes that (and adds a test). PKCS7.get_type_name would be reachable only if someone creates a PKCS7 structure that deliberately does not use known types. That's certainly possible, albeit somewhat involved. If a test exercising the path is created we'd take a patch for this as well. — Reply to this email directly, view it on GitHub <#1204 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAAAGBABSB5JLH5TDFRRHWTW6OB2LANCNFSM6AAAAAAWJ2V3CI> . You are receiving this because you modified the open/close state.Message ID: ***@***.***>

-- All that is necessary for evil to succeed is for good people to do nothing.

@ShaneHarvey