Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extension parsing: add new fallback code which uses the new cryptography API #331

Merged
merged 8 commits into from
Nov 22, 2021
Merged

Extension parsing: add new fallback code which uses the new cryptography API #331

merged 8 commits into from
Nov 22, 2021

Conversation

felixfontein
Copy link
Contributor

SUMMARY

This adds a fallback to extension parsing which uses the new API from pyca/cryptography#6346. I've used the new code as a fallback since it is potentially a breaking change (as announced as upcoming eventually in the changelog for 2.0.0). Switching to it as a default should only happen in a new minor release, while this can (and should) go into a bugfix release.

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

get_certificate
openssl_csr_info
x509_certificate_info

@felixfontein felixfontein mentioned this pull request Nov 11, 2021
Open
@felixfontein
Copy link
Contributor Author

ready_for_review

@felixfontein
Copy link
Contributor Author

pyca/cryptography#6346 has been merged. One thing that might get fixed are the differences for KeyUsage that crept into our tests (https://github.com/ansible-collections/community.crypto/pull/331/files#diff-1f795e32ff22e33251b41bd3572823f7677804e01c3fcf8ceb56185c22014537R158, https://github.com/ansible-collections/community.crypto/pull/331/files#diff-1f795e32ff22e33251b41bd3572823f7677804e01c3fcf8ceb56185c22014537R35, https://github.com/ansible-collections/community.crypto/pull/331/files#diff-c809c2bf907465bdbbfa9115178aef8985383112034fa42b1c347eae05bd8c97R24), though we likely have to keep supporting both values since 35.0.0 already introduced this difference. (But maybe we can do something like only accept the other value if cryptography major version == 35. But that's something I would do in a follow-up PR on main only, since the logic would be even more PITA on stable-1...)

Ajpantuso
Ajpantuso approved these changes Nov 15, 2021
View reviewed changes
Copy link
Collaborator

@Ajpantuso Ajpantuso left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@felixfontein felixfontein changed the title [WIP] Extension parsing: add new fallback code which uses the new cryptography API Extension parsing: add new fallback code which uses the new cryptography API Nov 22, 2021
@felixfontein felixfontein mentioned this pull request Nov 22, 2021
Closed
@felixfontein felixfontein merged commit 3f40795 into ansible-collections:main Nov 22, 2021
@felixfontein felixfontein deleted the cryptography-serialize-exts branch November 22, 2021 06:42
@felixfontein
Copy link
Contributor Author

@Ajpantuso thanks a lot for also reviewing this one!

@patchback
Copy link

patchback bot commented Nov 22, 2021
edited
Loading

Backport to stable-1: 💚 backport PR created

✅ Backport PR branch: patchback/backports/stable-1/3f40795a98a7fae560ea2edd544276eb83a2cd45/pr-331

Backported as #345

🤖 @patchback
I'm built with octomachinery and
my source is open — https://github.com/sanitizers/patchback-github-app.

patchback bot pushed a commit that referenced this pull request Nov 22, 2021
@felixfontein
Extension parsing: add new fallback code which uses the new cryptogra…
b9c5e90 
…phy API (#331)

* Add new code as fallback which re-serializes de-serialized extensions using the new cryptography API.

* Forgot Base64 encoding.

* Add extension by OID tests.

* There's one value which is different with the new code.

* Differences in CI.

* Working around older Jinjas.

* Value depends on which SAN was included.

* Force complete CI run now since cryptography 36.0.0 is out.

ci_complete

(cherry picked from commit 3f40795)
@patchback patchback bot mentioned this pull request Nov 22, 2021
Merged
felixfontein added a commit that referenced this pull request Nov 22, 2021
@patchback @felixfontein
[PR #331/3f40795a backport][stable-1] Extension parsing: add new fall…
3e6815d 
…back code which uses the new cryptography API (#345)

* Extension parsing: add new fallback code which uses the new cryptography API (#331)

* Add new code as fallback which re-serializes de-serialized extensions using the new cryptography API.

* Forgot Base64 encoding.

* Add extension by OID tests.

* There's one value which is different with the new code.

* Differences in CI.

* Working around older Jinjas.

* Value depends on which SAN was included.

* Force complete CI run now since cryptography 36.0.0 is out.

ci_complete

(cherry picked from commit 3f40795)

* Adjust tests.

Co-authored-by: Felix Fontein <felix@fontein.de>
@renovate renovate bot mentioned this pull request Nov 22, 2021
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ajpantuso Ajpantuso Ajpantuso approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@felixfontein @Ajpantuso