-
-
Notifications
You must be signed in to change notification settings - Fork 108
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DeprecationWarning: verify() from OpenSSL.crypto is deprecated #256
Comments
See #141 |
The issue you linked in cryptography is the issue that I opened to track #141. |
Wow, this issue is open since 2019. But what is more bewildering is that the replacement API in cryptography is still to be released but the OpenSSL guys went ahead already deprecating their API. |
Maintaining and safely providing open source software for cryptography is hard work. You are welcome to contribute time or money to the development of relevant APIs in cryptography or in this package. Cryptography does not accept donations directly, but SignXML does. As I mentioned in #141, APIs to support this in cryptography are scheduled to be released with the next major release, v43. |
I'd like to help, but spending time on transitive dependencies is a bit too much. As for SignXML: as mentioned, I tried to look for a fix, but now you're basically confirming that the openssl people deprecated their API too early, and there is not much else we can do but wait. |
Since a while (I didn't pinpoint the exact version though) I always see this warning, just by importing the
signxml
module:I looked into it briefly, and it seems the 'equivalent APIs in cryptography' are not a drop-in replacement, so the fix may not be trivial. I found an example at pyca/cryptography#7939 how the
OpenSSL.crypto.verify
function is used which may or may not be relevant, but I suppose you guys are much more knowledgeable to evaluate how a possible fix should look like.The text was updated successfully, but these errors were encountered: