diff mbox series

[Openvpn-devel] Replace deprecated OpenSSL.crypto.load_crl

Message ID 20250704082813.99654-2-spike@fedoraproject.org
State New
Headers show
Series [Openvpn-devel] Replace deprecated OpenSSL.crypto.load_crl | expand

Commit Message

Christian Schürmann July 4, 2025, 8:28 a.m. UTC 
OpenSSL.crypto.load_crl was deprecated with with pyOpenSSL 23.3.0 and
eventually removed in 24.3.0. pyOpenSSL recommends using cryptography.x509's
CRL functions as a replacement.
See also: https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst

Signed-off-by: Christian Schürmann <spike@fedoraproject.org>
---
 contrib/extract-crl/extractcrl.py | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

Comments

Arne Schwabe July 8, 2025, 9:09 a.m. UTC | #1 
Am 04.07.25 um 10:28 schrieb Christian Schürmann:
> OpenSSL.crypto.load_crl was deprecated with with pyOpenSSL 23.3.0 and
> eventually removed in 24.3.0. pyOpenSSL recommends using cryptography.x509's
> CRL functions as a replacement.
> See also: https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst
> 
> Signed-off-by: Christian Schürmann <spike@fedoraproject.org>

Acked-By: Arne Schwabe <arne@rfc2549.org>
Gert Doering July 8, 2025, 4:50 p.m. UTC | #2 
Thanks. Your patch has been applied to the master branch.

commit f2364488d36a758c8f2ac273af4642dc84b1b28f
Author: Christian Schürmann
Date:   Fri Jul 4 10:28:14 2025 +0200

     Replace deprecated OpenSSL.crypto.load_crl

     Signed-off-by: Christian Schürmann <spike@fedoraproject.org>
     Acked-by: Arne Schwabe <arne@rfc2549.org>
     Message-Id: <20250704082813.99654-2-spike@fedoraproject.org>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg32037.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering
diff mbox series

Patch

diff --git a/contrib/extract-crl/extractcrl.py b/contrib/extract-crl/extractcrl.py
index 441464e..c387ea1 100755
--- a/contrib/extract-crl/extractcrl.py
+++ b/contrib/extract-crl/extractcrl.py
@@ -42,17 +42,17 @@  def measure_time(method):
 def load_crl(filename, format):
 
     def try_openssl_module(filename, format):
-        from OpenSSL import crypto
-        types = {
-            FILETYPE_PEM: crypto.FILETYPE_PEM,
-            FILETYPE_DER: crypto.FILETYPE_ASN1
+        from cryptography import x509
+        load_crl_functions = {
+            FILETYPE_PEM: x509.load_pem_x509_crl,
+            FILETYPE_DER: x509.load_der_x509_crl
         }
         if filename == '-':
-            crl = crypto.load_crl(types[format], sys.stdin.buffer.read())
+            crl = load_crl_functions[format](sys.stdin.buffer.read())
         else:
             with open(filename, 'rb') as f:
-                crl = crypto.load_crl(types[format], f.read())
-        return set(int(r.get_serial(), 16) for r in crl.get_revoked())
+                crl = load_crl_functions[format](f.read())
+        return set(r.serial_number for r in crl)
 
     def try_openssl_exec(filename, format):
         args = ['openssl', 'crl', '-inform', format, '-text']