Project

Profile

Help

Task #7484

Replace PyOpenSSL use with `cryptography` library from pypa

Added by bmbouter 20 days ago.

Status:
NEW
Priority:
Normal
Assignee:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

library to use: https://pypi.org/project/cryptography/

Current usage:

The code itself uses PyOpenssl in two areas:

  1. Validation a certificate is in PEM format here

  2. Ensuring a certificate is unexpired here

  3. Ensuring a client certificate is signed by the CA certificate here

Replacement calls in cryptography

The load_pem_x509_certificate call expects a PEM encoded cert (not DNR) so we can test this provides validation at instantiation time.

We can probably manually check a valid certificate's usng the `Certificate.not_valid_after attribute against the current UTC time.

I do not see how to validate that a valid PEM certificate was signed by another valid PEM certificate.

Please register to edit this issue

Also available in: Atom PDF