Commit 72920cbe by Vincent Pelletier

Require cryptography 2.1.1 or later.

Allows enforcing CRL signature checking.
1 parent c66a652d
......@@ -372,8 +372,7 @@ def load_crl(data, trusted_cert_list):
"""
crl = x509.load_pem_x509_crl(data, _cryptography_backend)
for cert in trusted_cert_list:
# TODO: make mandatory when next cryptography version is released
if getattr(crl, 'is_signature_valid', lambda x: True)(cert.public_key()):
if crl.is_signature_valid(cert.public_key()):
return crl
raise cryptography.exceptions.InvalidSignature
......
......@@ -45,7 +45,7 @@ setup(
license='GPLv3+',
packages=find_packages(),
install_requires=[
'cryptography', # everything x509 except...
'cryptography>=2.1.1', # everything x509 except...
'pyOpenSSL>=17.1.0', # ...certificate chain validation
'pem>=17.1.0', # Parse PEM files
],
......
Styling with Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!