Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DeprecationWarning: verify() from OpenSSL.crypto is deprecated #256

Closed
David-Ongaro opened this issue May 30, 2024 · 5 comments
Closed

DeprecationWarning: verify() from OpenSSL.crypto is deprecated #256

David-Ongaro opened this issue May 30, 2024 · 5 comments

Comments

@David-Ongaro
Copy link

Since a while (I didn't pinpoint the exact version though) I always see this warning, just by importing the signxml module:

[...]/site-packages/signxml/verifier.py:13: DeprecationWarning: verify() is deprecated. Use the equivalent APIs in cryptography.
    from OpenSSL.crypto import verify as openssl_verify

I looked into it briefly, and it seems the 'equivalent APIs in cryptography' are not a drop-in replacement, so the fix may not be trivial. I found an example at pyca/cryptography#7939 how the OpenSSL.crypto.verify function is used which may or may not be relevant, but I suppose you guys are much more knowledgeable to evaluate how a possible fix should look like.

@kislyuk
Copy link
Member

kislyuk commented May 30, 2024

See #141

@kislyuk kislyuk closed this as completed May 30, 2024
@kislyuk
Copy link
Member

kislyuk commented May 30, 2024

The issue you linked in cryptography is the issue that I opened to track #141.

@David-Ongaro
Copy link
Author

The issue you linked in cryptography is the issue that I opened to track #141.

Wow, this issue is open since 2019. But what is more bewildering is that the replacement API in cryptography is still to be released but the OpenSSL guys went ahead already deprecating their API.

@kislyuk
Copy link
Member

kislyuk commented May 31, 2024

Maintaining and safely providing open source software for cryptography is hard work. You are welcome to contribute time or money to the development of relevant APIs in cryptography or in this package. Cryptography does not accept donations directly, but SignXML does.

As I mentioned in #141, APIs to support this in cryptography are scheduled to be released with the next major release, v43.

@David-Ongaro
Copy link
Author

Maintaining and safely providing open source software for cryptography is hard work. You are welcome to contribute time or money to the development of relevant APIs in cryptography or in this package. Cryptography does not accept donations directly, but SignXML does.

I'd like to help, but spending time on transitive dependencies is a bit too much. As for SignXML: as mentioned, I tried to look for a fix, but now you're basically confirming that the openssl people deprecated their API too early, and there is not much else we can do but wait.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants