Project

Profile

Help

Task #7484

closed

Replace PyOpenSSL use with `cryptography` library from pypa

Added by bmbouter about 2 years ago. Updated 9 months ago.

Status:
CLOSED - DUPLICATE
Priority:
Normal
Assignee:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

Ticket moved to GitHub: "pulp/pulp-certguard/143":https://github.com/pulp/pulp-certguard/issues/143


library to use: https://pypi.org/project/cryptography/

Current usage:

The code itself uses PyOpenssl in two areas:

  1. Validation a certificate is in PEM format here

  2. Ensuring a certificate is unexpired here

  3. Ensuring a client certificate is signed by the CA certificate here

Replacement calls in cryptography

The load_pem_x509_certificate call expects a PEM encoded cert (not DNR) so we can test this provides validation at instantiation time.

We can probably manually check a valid certificate's usng the `Certificate.not_valid_after attribute against the current UTC time.

I do not see how to validate that a valid PEM certificate was signed by another valid PEM certificate.

Actions #1

Updated by pulpbot 9 months ago

  • Description updated (diff)
  • Status changed from NEW to CLOSED - DUPLICATE

Also available in: Atom PDF