Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update cryptography to 42.0.4 and update certdir (SYN-3552, SYN-6860) (…
…#3568) - Cryptography update addresses older version of cryptography package containing CVE-2023-50782 & CVE-2024-26130 - certdir now uses cryptography X509 objects and RSA private key objects, instead of PyOpenSSL X509 and Pkey objects. This is largely due to the removal of APIs from PyOpenSSL which we were utilizing for PKCS12 support and the guidance from PyOpenSSL project to not utilize the ``Crypto`` module in new projects as it is considered deprecated in favor of Cryptography. Per prior discussion, there should be no API stability concerns related to this change since the CertDir class is not exposed via telepath or storm apis. - certdir is now fully typed. This identified issues where we were declaring bytes as inputs on certdir and Cortex was passing in PEM strings instead of bytes. - Remove PyOpenSSL use where it is possible to do so. We now only use it for doing X509 path building and certificate verification, eventually we'll be able to remove this in favor of APIs provided by Cryptography ( see pyca/cryptography#10393 pyca/cryptography#10034 ) --------- Co-authored-by: Cisphyx <[email protected]>
- Loading branch information