Re: git: 403f201a1461 - main - security/py-cryptography-legacy: fix OpenSSL >= 3.0 compat

In reply to: Matthias Andree : "Re: git: 403f201a1461 - main - security/py-cryptography-legacy: fix OpenSSL >= 3.0 compat"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Vladimir Druzenko <vvd_at_freebsd.org>
Date: Sun, 21 Jul 2024 19:07:19 UTC

30.05.2024 16:04, Matthias Andree пишет:
> Am 30.05.24 um 14:59 schrieb Vladimir Druzenko:
>> 30.05.2024 13:49, Matthias Andree пишет:
>>> Am 30.05.24 um 11:59 schrieb Matthias Andree:
>>>> The branch main has been updated by mandree:
>>>>
>>>> URL: 
>>>> https://cgit.FreeBSD.org/ports/commit/?id=403f201a1461fd26f026f2c8d3e67f1481908362
>>>>
>>>> commit 403f201a1461fd26f026f2c8d3e67f1481908362
>>>> Author:     Matthias Andree <mandree@FreeBSD.org>
>>>> AuthorDate: 2024-05-30 09:48:22 +0000
>>>> Commit:     Matthias Andree <mandree@FreeBSD.org>
>>>> CommitDate: 2024-05-30 09:53:54 +0000
>>>>
>>>>      security/py-cryptography-legacy: fix OpenSSL >= 3.0 compat
>>>>           py-cryptography-legacy still references functions that 
>>>> have been
>>>>      removed in OpenSSL 3.0, and fails to load openssl.abi3.so at 
>>>> run-time because
>>>>      it lacks ERR_GET_FUNC (reported) and FIPS_mode (masked by 
>>>> first error),
>>>>      and later because py-openssl feeds our utils/deprecated() an
>>>>      unsupported name=<some string> keyword argument.
>>>> https://www.openssl.org/docs/man3.0/man7/migration_guide.html
>>>>      is the basis for fixes #1 and #2
>>>>           removed, because OpenSSL 3.0 removed function codes from 
>>>> the error.
>>>>      In our own binding, leave the err_func attribute in, but set it
>>>>      to a constant 0.
>>>>      (patch-src___cffi* and patch-*binding.py)
>>>
>>> ... sorry for the botched commit log message. The one in 2024Q2 is 
>>> formatted in a readable manner.
>>
>> Hello!
>>
>> I understand correctly that the patch fixes compatibility with 
>> security/py-openssl 23+?
>>
>> Thanks for your work!
>
> I have tested that "certbot renew" runs for me with
>
> py311-certbot-2.10.0,1
> py311-cryptography-legacy-3.4.8_3,1
> py311-openssl-23.2.0,1
>
> and should cover other failures if you have a backtrace where 
> py-openssl calls into some utils.deprecated function complaining about 
> an unsupported keyword argument for "name".
>
Just update and tested - work for me with:
py311-certbot-2.11.0,1
py311-cryptography-legacy-3.4.8_3,1
py311-openssl-24.1.0,1

Thanks!

-- 
Best regards,
Vladimir Druzenko