Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace PyOpenSSL use with cryptography library from pypa #143

Open
pulpbot opened this issue Jan 4, 2022 · 0 comments
Open

Replace PyOpenSSL use with cryptography library from pypa #143

pulpbot opened this issue Jan 4, 2022 · 0 comments
Labels
Task

Comments

@pulpbot
Copy link
Member

pulpbot commented Jan 4, 2022

Author: @bmbouter (bmbouter)

Redmine Issue: 7484, https://pulp.plan.io/issues/7484

library to use: https://pypi.org/project/cryptography/

Current usage:

The code itself uses PyOpenssl in two areas:

  1. Validation a certificate is in PEM format here

  2. Ensuring a certificate is unexpired here

  3. Ensuring a client certificate is signed by the CA certificate here

Replacement calls in cryptography

The load_pem_x509_certificate call expects a PEM encoded cert (not DNR) so we can test this provides validation at instantiation time.

We can probably manually check a valid certificate's usng the `Certificate.not_valid_after attribute against the current UTC time.

I do not see how to validate that a valid PEM certificate was signed by another valid PEM certificate.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Task
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dralley @pulpbot