Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

X.509 path building follow-ups #10034

Open
19 of 22 tasks
alex opened this issue Dec 22, 2023 · 2 comments
Open
19 of 22 tasks

X.509 path building follow-ups #10034

alex opened this issue Dec 22, 2023 · 2 comments
Labels

Comments

@alex
Copy link
Member

alex commented Dec 22, 2023

For 42.0

Functionality

@alex alex added this to the Forty Second Release milestone Dec 22, 2023
@alex alex added the x509 label Dec 22, 2023
@alex alex removed this from the Forty Second Release milestone Dec 23, 2023
@alex alex added this to the Forty Second Release milestone Jan 3, 2024
@alex alex removed this from the Forty Second Release milestone Jan 22, 2024
@woodruffw
Copy link
Contributor

Another functionality follow-up: CRLs and CRL checking. This will likely require its own non-trivial design and planning period.

@reaperhulk
Copy link
Member

Added as Revocation (CRL, OCSP) 👍

vEpiphyte added a commit to vertexproject/synapse that referenced this issue Feb 28, 2024
…#3568)

- Cryptography update addresses older version of cryptography package containing CVE-2023-50782 & CVE-2024-26130
- certdir now uses cryptography X509 objects and RSA private key objects, instead of PyOpenSSL X509 and Pkey objects. This is largely due to the removal of APIs from PyOpenSSL which we were utilizing for PKCS12 support and the guidance from PyOpenSSL project to not utilize the ``Crypto`` module in new projects as it is considered deprecated in
favor of Cryptography. Per prior discussion, there should be no API stability concerns related to this change since the CertDir class is not exposed via telepath or storm apis.
- certdir is now fully typed. This identified issues where we were declaring bytes as inputs on certdir and Cortex was passing in PEM strings instead of bytes.
- Remove PyOpenSSL use where it is possible to do so. We now only use it for doing X509 path building and certificate verification, eventually we'll be able to remove this in favor of APIs provided by Cryptography ( see pyca/cryptography#10393 pyca/cryptography#10034 )

---------

Co-authored-by: Cisphyx <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

No branches or pull requests

3 participants