Require cryptography 2.1.1 or later.

Allows enforcing CRL signature checking.

Require cryptography 2.1.1 or later.
Allows enforcing CRL signature checking.
72920cbe · Vincent Pelletier · c66a652d · 72920cbe · 72920cbe
Commit 72920cbe authored Oct 20, 2017 by Vincent Pelletier
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 3 deletions

caucase/utils.py caucase/utils.py +1 -2

setup.py setup.py +1 -1

No files found.
--- a/caucase/utils.py
+++ b/caucase/utils.py
@@ -372,8 +372,7 @@ def load_crl(data, trusted_cert_list):
  """
  crl = x509.load_pem_x509_crl(data, _cryptography_backend)
  for cert in trusted_cert_list:
-    # TODO: make mandatory when next cryptography version is released
-    if getattr(crl, 'is_signature_valid', lambda x: True)(cert.public_key()):
+    if crl.is_signature_valid(cert.public_key()):
      return crl
  raise cryptography.exceptions.InvalidSignature


--- a/setup.py
+++ b/setup.py
@@ -45,7 +45,7 @@ setup(
  license='GPLv3+',
  packages=find_packages(),
  install_requires=[
-    'cryptography', # everything x509 except...
+    'cryptography>=2.1.1', # everything x509 except...
    'pyOpenSSL>=17.1.0', # ...certificate chain validation
    'pem>=17.1.0', # Parse PEM files
  ],