Re: git: 403f201a1461 - main - security/py-cryptography-legacy: fix OpenSSL >= 3.0 compat

Am 30.05.24 um 14:59 schrieb Vladimir Druzenko:
> 30.05.2024 13:49, Matthias Andree пишет:
>> Am 30.05.24 um 11:59 schrieb Matthias Andree:
>>> The branch main has been updated by mandree:
>>>
>>> URL: 
>>> https://cgit.FreeBSD.org/ports/commit/?id=403f201a1461fd26f026f2c8d3e67f1481908362
>>>
>>> commit 403f201a1461fd26f026f2c8d3e67f1481908362
>>> Author:     Matthias Andree <mandree@FreeBSD.org>
>>> AuthorDate: 2024-05-30 09:48:22 +0000
>>> Commit:     Matthias Andree <mandree@FreeBSD.org>
>>> CommitDate: 2024-05-30 09:53:54 +0000
>>>
>>>      security/py-cryptography-legacy: fix OpenSSL >= 3.0 compat
>>>           py-cryptography-legacy still references functions that have 
>>> been
>>>      removed in OpenSSL 3.0, and fails to load openssl.abi3.so at 
>>> run-time because
>>>      it lacks ERR_GET_FUNC (reported) and FIPS_mode (masked by first 
>>> error),
>>>      and later because py-openssl feeds our utils/deprecated() an
>>>      unsupported name=<some string> keyword argument.
>>> https://www.openssl.org/docs/man3.0/man7/migration_guide.html
>>>      is the basis for fixes #1 and #2
>>>           removed, because OpenSSL 3.0 removed function codes from 
>>> the error.
>>>      In our own binding, leave the err_func attribute in, but set it
>>>      to a constant 0.
>>>      (patch-src___cffi* and patch-*binding.py)
>>
>> ... sorry for the botched commit log message. The one in 2024Q2 is 
>> formatted in a readable manner.
> 
> Hello!
> 
> I understand correctly that the patch fixes compatibility with 
> security/py-openssl 23+?
> 
> Thanks for your work!

I have tested that "certbot renew" runs for me with

py311-certbot-2.10.0,1
py311-cryptography-legacy-3.4.8_3,1
py311-openssl-23.2.0,1

and should cover other failures if you have a backtrace where py-openssl 
calls into some utils.deprecated function complaining about an 
unsupported keyword argument for "name".

-- 
Matthias Andree
FreeBSD ports committer