-
Notifications
You must be signed in to change notification settings - Fork 420
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deprecate/remove all non-SSL APIs in pyOpenSSL #1321
Comments
Allow passing cryptography keys instead. Refs pyca#1321
Allow passing cryptography keys instead. Refs pyca#1321
Allow passing cryptography keys instead. Refs pyca#1321
Allow passing cryptography keys instead. Refs #1321
removing surely removing things like this would be better suited to a major (or at least minor) release rather than a patch release |
my bad - it was at least a minor release |
@phlax If there's some action to be taken here, please file a separate bug. My read of the gsutil source is that it should work fine with these APIs removed in pyOpenSSL, because all the behavior has a 2nd implementation using pyca/cryptography. |
probs there is no action here - but posted as i suspect others will arrive here with same issue (i also opened a pr in gsutil to pin the dep) ftr - since last release doing ... pip install gsutil
gsutil ... ... is broke - pinning |
Motivation
pyOpenSSL has many APIs with poor designs that are entirely reliant on OpenSSL implementation details. For nearly all of these, pyca/cryptography has much better implementations with more thought out APIs.
Therefore, we would like to deprecate/remove anything besides SSL in pyOpenSSL (SSL has no equivalent in pyca/cryptography, nor is there is a path to adding one).
We've been doing this for a while already, but now we're filing an issue to actually track this in a systematic way.
Strategy
Most APIs can simply be deprecated and removed. In some cases, where SSL relies on these (e.g.,
PKey
objects for private keys orX509
for certificates), we'll need to expand the SSL API to accept the pyca/cryptography versions of these objects (there are mostly alreadyfrom_cryptography
APIs we can keep around).This also means we will not be adding any new API surface in these areas.
Status
Deprecations and Removals
rand
add
,status
crypto
PKey
,dump_publickey
,dump_privatekey
,load_publickey
,load_privatekey
get_elliptic_curves
,get_elliptic_curve
X509Name
X509Extension
X509Req
,dump_certificate_request
,load_certificate_request
X509
,load_certificate
,dump_certificate
X509Store
,X509StoreContext
SSL
integrationCRL
,Revoked
,dump_crl
,load_crl
sign
,verify
APIs needing to accept/return
pyca/cryptography
typesContext
use_certificate
add_extra_chain_cert
use_privatekey
set_tmp_ecdh
set_client_ca_list
add_client_ca
Connection
use_certificate
use_privatekey
get_client_ca_list
get_certificate
get_peer_certificate
get_peer_cert_chain
get_verified_chain
The text was updated successfully, but these errors were encountered: