Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deprecate X509Extension #1255

Merged
merged 1 commit into from
Oct 17, 2023
Merged

Deprecate X509Extension #1255

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ Deprecations:
- Deprecated ``OpenSSL.crypto.Revoked``
- Deprecated ``OpenSSL.crypto.load_crl`` and ``OpenSSL.crypto.dump_crl``
- Deprecated ``OpenSSL.crypto.sign`` and ``OpenSSL.crypto.verify``
- Deprecated ``OpenSSL.crypto.X509Extension``

Changes:
^^^^^^^^
Expand Down
33 changes: 25 additions & 8 deletions src/OpenSSL/crypto.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -941,6 +941,19 @@ def get_data(self) -> bytes:
return _ffi.buffer(char_result, result_length)[:]


_X509ExtensionInternal = X509Extension
utils.deprecated(
X509Extension,
__name__,
(
"X509Extension support in pyOpenSSL is deprecated. You should use the "
"APIs in cryptography."
),
DeprecationWarning,
name="X509Extension",
)


class X509Req:
"""
An X.509 certificate signing requests.
Expand Down Expand Up @@ -1063,7 +1076,9 @@ def get_subject(self) -> X509Name:

return name

def add_extensions(self, extensions: Iterable[X509Extension]) -> None:
def add_extensions(
self, extensions: Iterable[_X509ExtensionInternal]
) -> None:
"""
Add extensions to the certificate signing request.

Expand All @@ -1077,7 +1092,7 @@ def add_extensions(self, extensions: Iterable[X509Extension]) -> None:
stack = _ffi.gc(stack, _lib.sk_X509_EXTENSION_free)

for ext in extensions:
if not isinstance(ext, X509Extension):
if not isinstance(ext, _X509ExtensionInternal):
raise ValueError("One of the elements is not an X509Extension")

# TODO push can fail (here and elsewhere)
Expand All @@ -1086,7 +1101,7 @@ def add_extensions(self, extensions: Iterable[X509Extension]) -> None:
add_result = _lib.X509_REQ_add_extensions(self._req, stack)
_openssl_assert(add_result == 1)

def get_extensions(self) -> List[X509Extension]:
def get_extensions(self) -> List[_X509ExtensionInternal]:
"""
Get X.509 extensions in the certificate signing request.

Expand All @@ -1106,7 +1121,7 @@ def get_extensions(self) -> List[X509Extension]:
)

for i in range(_lib.sk_X509_EXTENSION_num(native_exts_obj)):
ext = X509Extension.__new__(X509Extension)
ext = _X509ExtensionInternal.__new__(_X509ExtensionInternal)
extension = _lib.X509_EXTENSION_dup(
_lib.sk_X509_EXTENSION_value(native_exts_obj, i)
)
Expand Down Expand Up @@ -1600,7 +1615,9 @@ def get_extension_count(self) -> int:
"""
return _lib.X509_get_ext_count(self._x509)

def add_extensions(self, extensions: Iterable[X509Extension]) -> None:
def add_extensions(
self, extensions: Iterable[_X509ExtensionInternal]
) -> None:
"""
Add extensions to the certificate.

Expand All @@ -1609,14 +1626,14 @@ def add_extensions(self, extensions: Iterable[X509Extension]) -> None:
:return: ``None``
"""
for ext in extensions:
if not isinstance(ext, X509Extension):
if not isinstance(ext, _X509ExtensionInternal):
raise ValueError("One of the elements is not an X509Extension")

add_result = _lib.X509_add_ext(self._x509, ext._extension, -1)
if not add_result:
_raise_current_error()

def get_extension(self, index: int) -> X509Extension:
def get_extension(self, index: int) -> _X509ExtensionInternal:
"""
Get a specific extension of the certificate by index.

Expand All @@ -1630,7 +1647,7 @@ def get_extension(self, index: int) -> X509Extension:

.. versionadded:: 0.12
"""
ext = X509Extension.__new__(X509Extension)
ext = _X509ExtensionInternal.__new__(_X509ExtensionInternal)
ext._extension = _lib.X509_get_ext(self._x509, index)
if ext._extension == _ffi.NULL:
raise IndexError("extension index out of bounds")
Expand Down
2 changes: 1 addition & 1 deletion tests/test_crypto.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@
X509,
Error,
PKey,
X509Extension,
X509Name,
X509Req,
X509Store,
Expand All @@ -54,6 +53,7 @@
PKCS12,
NetscapeSPKI,
Revoked,
X509Extension,
dump_crl,
load_crl,
)
Expand Down
5 changes: 4 additions & 1 deletion tests/test_ssl.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,14 +49,17 @@
TYPE_RSA,
X509,
PKey,
X509Extension,
X509Store,
dump_certificate,
dump_privatekey,
get_elliptic_curves,
load_certificate,
load_privatekey,
)

with pytest.warns(DeprecationWarning):
from OpenSSL.crypto import X509Extension

from OpenSSL.SSL import (
DTLS_METHOD,
MODE_RELEASE_BUFFERS,
Expand Down