diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2016-03-19 19:03:37 -0400 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2016-03-19 19:03:37 -0400 |
| commit | 1a6628e55126ec1c98c98a46c04f777f77eff934 (patch) | |
| tree | 0c5a6a9e8fa11725cf9fa24adb2806da346e3bf4 /src | |
| parent | cac36fb8a08b00bee766137fb6fd353e0b399886 (diff) | |
| parent | bb2b86557ee5c5f8a9916c0a5a0a9dc5f56410d6 (diff) | |
| download | cryptography-1a6628e55126ec1c98c98a46c04f777f77eff934.tar.gz cryptography-1a6628e55126ec1c98c98a46c04f777f77eff934.tar.bz2 cryptography-1a6628e55126ec1c98c98a46c04f777f77eff934.zip | |
Merge pull request #2840 from alex/error-on-098
Fixed #2836 -- error out on OpenSSL 0.9.8 by default
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptography/hazmat/bindings/openssl/binding.py | 40 |
1 files changed, 25 insertions, 15 deletions
diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py index 5d7466f9..7727ad8d 100644 --- a/src/cryptography/hazmat/bindings/openssl/binding.py +++ b/src/cryptography/hazmat/bindings/openssl/binding.py @@ -10,7 +10,6 @@ import threading import types import warnings -from cryptography import utils from cryptography.exceptions import InternalError from cryptography.hazmat.bindings._openssl import ffi, lib from cryptography.hazmat.bindings.openssl._conditional import CONDITIONAL_NAMES @@ -217,6 +216,30 @@ class Binding(object): ) +def _verify_openssl_version(version): + if version < 0x10000000: + if os.environ.get("CRYPTOGRAPHY_ALLOW_OPENSSL_098"): + warnings.warn( + "OpenSSL version 0.9.8 is no longer supported by the OpenSSL " + "project, please upgrade. The next version of cryptography " + "will completely remove support for it.", + DeprecationWarning + ) + else: + raise RuntimeError( + "You are linking against OpenSSL 0.9.8, which is no longer " + "support by the OpenSSL project. You need to upgrade to a " + "newer version of OpenSSL." + ) + elif version < 0x10001000: + warnings.warn( + "OpenSSL versions less than 1.0.1 are no longer supported by the " + "OpenSSL project, please upgrade. A future version of " + "cryptography will drop support for these versions of OpenSSL.", + DeprecationWarning + ) + + # OpenSSL is not thread safe until the locks are initialized. We call this # method in module scope so that it executes with the import lock. On # Pythons < 3.4 this import lock is a global lock, which can prevent a race @@ -224,17 +247,4 @@ class Binding(object): # is per module so this approach will not work. Binding.init_static_locks() -if Binding.lib.SSLeay() < 0x10000000: - warnings.warn( - "OpenSSL version 0.9.8 is no longer supported by the OpenSSL project, " - "please upgrade. The next version of cryptography will drop support " - "for it.", - utils.DeprecatedIn12 - ) -elif Binding.lib.SSLeay() < 0x10001000: - warnings.warn( - "OpenSSL versions less than 1.0.1 are no longer supported by the " - "OpenSSL project, please upgrade. A future version of cryptography " - "will drop support for these versions.", - DeprecationWarning - ) +_verify_openssl_version(Binding.lib.SSLeay()) |