Commit 72920cbe authored by Vincent Pelletier's avatar Vincent Pelletier

Require cryptography 2.1.1 or later.

Allows enforcing CRL signature checking.
parent c66a652d
...@@ -372,8 +372,7 @@ def load_crl(data, trusted_cert_list): ...@@ -372,8 +372,7 @@ def load_crl(data, trusted_cert_list):
""" """
crl = x509.load_pem_x509_crl(data, _cryptography_backend) crl = x509.load_pem_x509_crl(data, _cryptography_backend)
for cert in trusted_cert_list: for cert in trusted_cert_list:
# TODO: make mandatory when next cryptography version is released if crl.is_signature_valid(cert.public_key()):
if getattr(crl, 'is_signature_valid', lambda x: True)(cert.public_key()):
return crl return crl
raise cryptography.exceptions.InvalidSignature raise cryptography.exceptions.InvalidSignature
......
...@@ -45,7 +45,7 @@ setup( ...@@ -45,7 +45,7 @@ setup(
license='GPLv3+', license='GPLv3+',
packages=find_packages(), packages=find_packages(),
install_requires=[ install_requires=[
'cryptography', # everything x509 except... 'cryptography>=2.1.1', # everything x509 except...
'pyOpenSSL>=17.1.0', # ...certificate chain validation 'pyOpenSSL>=17.1.0', # ...certificate chain validation
'pem>=17.1.0', # Parse PEM files 'pem>=17.1.0', # Parse PEM files
], ],
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment