Skip to content
Snippets Groups Projects
Commit 4c316f291366 authored by Alex Gaynor's avatar Alex Gaynor
Browse files

fixes #5321 -- deprecate support for OpenSSL 1.0.2 (#5333)

parent 84ae4f2ed5ae
Branches
No related tags found
No related merge requests found
......@@ -8,6 +8,11 @@
.. note:: This version is not yet released and is under active development.
* Deprecated OpenSSL 1.0.2 support. OpenSSL 1.0.2 is no longer supported by
the OpenSSL project. At this time there is no time table for dropping
support, however we strongly encourage all users to upgrade or install
``cryptography`` from a wheel.
.. _v3-0:
3.0 - 2020-07-20
......
......@@ -29,6 +29,10 @@
* ``OpenSSL 1.1.0-latest``
* ``OpenSSL 1.1.1-latest``
.. warning::
Cryptography 3.1 has deprecated support for OpenSSL 1.0.2.
Building cryptography on Windows
--------------------------------
......
......@@ -66,6 +66,7 @@
static const int CRYPTOGRAPHY_OPENSSL_110F_OR_GREATER;
static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_102I;
static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_110;
static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111;
static const int CRYPTOGRAPHY_OPENSSL_LESS_THAN_111B;
static const int CRYPTOGRAPHY_NEEDS_OSRANDOM_ENGINE;
......
......@@ -7,6 +7,7 @@
import collections
import threading
import types
import warnings
import cryptography
from cryptography import utils
......@@ -153,6 +154,19 @@
_openssl_assert(cls.lib, res == 1)
def _verify_openssl_version(lib):
if (
lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_110
and not lib.CRYPTOGRAPHY_IS_LIBRESSL
):
warnings.warn(
"OpenSSL version 1.0.2 is no longer supported by the OpenSSL "
"project, please upgrade. A future version of cryptography will "
"drop support for it.",
utils.CryptographyDeprecationWarning,
)
def _verify_package_version(version):
# Occasionally we run into situations where the version of the Python
# package does not match the version of the shared object that is loaded.
......@@ -182,3 +196,5 @@
# condition registering the OpenSSL locks. On Python 3.4+ the import lock
# is per module so this approach will not work.
Binding.init_static_locks()
_verify_openssl_version(Binding.lib)
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment