upstream/openvpn
1
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2026-02-18 18:19:42 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Replace deprecated OpenSSL.crypto.load_crl

Browse source 
OpenSSL.crypto.load_crl was deprecated with with pyOpenSSL 23.3.0 and
eventually removed in 24.3.0. pyOpenSSL recommends using cryptography.x509's
CRL functions as a replacement.
See also: https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst

Signed-off-by: Christian Schürmann <spike@fedoraproject.org>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20250704082813.99654-2-spike@fedoraproject.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg32037.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This commit is contained in:
Christian Schürmann 2025-07-04 10:28:14 +02:00 committed by Gert Doering
parent fd6d0f3cf6
commit f2364488d3
1 changed files with 7 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
contrib/extract-crl/extractcrl.py
View file

@ -42,17 +42,17 @@ def measure_time(method):
def load_crl(filename, format):
def try_openssl_module(filename, format):
from OpenSSL import crypto
types = {
FILETYPE_PEM: crypto.FILETYPE_PEM,
FILETYPE_DER: crypto.FILETYPE_ASN1
from cryptography import x509
load_crl_functions = {
FILETYPE_PEM: x509.load_pem_x509_crl,
FILETYPE_DER: x509.load_der_x509_crl
}
if filename == '-':
crl = crypto.load_crl(types[format], sys.stdin.buffer.read())
crl = load_crl_functions[format](sys.stdin.buffer.read())
else:
with open(filename, 'rb') as f:
crl = crypto.load_crl(types[format], f.read())
return set(int(r.get_serial(), 16) for r in crl.get_revoked())
crl = load_crl_functions[format](f.read())
return set(r.serial_number for r in crl)
def try_openssl_exec(filename, format):
args = ['openssl', 'crl', '-inform', format, '-text']