Seeing failures with get_short_name when used with cryptography >=40.0

[blink1073]

We started seeing the traceback below in our PyMongo test suite after the recent releases of pyOpenSSL 23.1.0 and cryptography 40.0.0. If we install pyOpenSSL==23.1.0 and cryptography<40, then the error does not appear. Any idea what the interaction might be?

 [2023/03/27 23:42:41.963]   File "/data/mci/2ea1ef6e08d225655a626e1898127fb5/src/pymongo/pyopenssl_context.py", line 377, in wrap_socket
 [2023/03/27 23:42:41.963]     _verify_hostname(ssl_conn, server_hostname)
 [2023/03/27 23:42:41.963]   File "/data/mci/2ea1ef6e08d225655a626e1898127fb5/src/venv-encryption/lib/python3.10/site-packages/service_identity/pyopenssl.py", line 49, in verify_hostname
 [2023/03/27 23:42:41.963]     cert_patterns=extract_ids(connection.get_peer_certificate()),
 [2023/03/27 23:42:41.963]   File "/data/mci/2ea1ef6e08d225655a626e1898127fb5/src/venv-encryption/lib/python3.10/site-packages/service_identity/pyopenssl.py", line 97, in extract_ids
 [2023/03/27 23:42:41.963]     if ext.get_short_name() == b"subjectAltName":
 [2023/03/27 23:42:41.963]   File "/data/mci/2ea1ef6e08d225655a626e1898127fb5/src/venv-encryption/lib/python3.10/site-packages/OpenSSL/crypto.py", line 907, in get_short_name
 [2023/03/27 23:42:41.963]     return _ffi.string(_lib.OBJ_nid2sn(nid))
 [2023/03/27 23:42:41.963] RuntimeError: cannot use string() on <cdata 'char *' NULL>

The system under test is Ubuntu 20.04 with OpenSSL 1.1.1f and Python 3.10.

[reaperhulk]

This is #1199 (fixed in #1204). It’s a bug with openssl 3.1.0 but we can work around it.

[reaperhulk]

This should now be resolved in 23.1.1

[blink1073]

I confirmed our tests are passing again, thank you!