Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Negative serial numbers are mega deprecated #9897

Merged
merged 1 commit into from
Nov 18, 2023

Conversation

alex
Copy link
Member

@alex alex commented Nov 18, 2023

FYI: @woodruffw

@reaperhulk reaperhulk enabled auto-merge (squash) November 18, 2023 20:59
@reaperhulk reaperhulk merged commit d517aae into pyca:main Nov 18, 2023
57 checks passed
@alex alex deleted the negative-serial-warning branch November 18, 2023 21:16
@woodruffw
Copy link
Contributor

Nice, and thanks for the ping!

Once they're fully disallowed, I think the Certificate type could switch to BigUint for its serial type, right?

@alex
Copy link
Member Author

alex commented Nov 19, 2023 via email

Comment on lines +46 to +47
* In the next release (43.0.0) of cryptography, loading an X.509 certificate
with a negative serial number will raise an exception. This has been
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

43.0.0 was released, but no mention of this. See #10247 (comment)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just for others who might find this: we didn't remove support in 43 (as noted in #10247 (comment))

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

4 participants