certbot
Refactoring to drop deprecated usages in `pyOpenSSL` & drop Python 3.7 support
Fixes #181
Caution: This PR introduces backward incompatible changes to the library. A major version of josepy should be issued when this PR is merged.
Caution: Defensive PR on Certbot should be merged first -> https://github.com/certbot/certbot/pull/9993
This PR removes the APIs deprecated by pyopenssl in version 24.2+.
As a consequence, several changes of josepy public API are made:
josepy.ComparableX509is removed since the underlying wrapped object is now objects fromcryptographyAPI (CertificateorCertificateSigningRequest) and these objects support equality checks.- methods
encode_csr,decode_csr,encode_certanddecode_certnow manipulates objects fromcryptographyAPI - underlying tests are updated.
Aside these changes, the support of Python 3.7 is dropped, given this PR will require a new major version anyway.
This should resolve advisories: (needs Python 3.7 dropped)
- https://github.com/certbot/josepy/security/dependabot/26
- https://github.com/certbot/josepy/security/dependabot/26
- https://github.com/certbot/josepy/security/dependabot/25
I opened https://github.com/certbot/josepy/pull/186 to drop Python 3.7 and fix security alerts.
As for this PR in itself, we will likely do this and/or deprecate this library entirely as discussed at https://github.com/certbot/certbot/issues/8322 and the comments on https://github.com/certbot/certbot/pull/9993 in the next few months. We just need to map out what that transition will look like for the code in https://github.com/certbot/certbot.
while we haven't done a release dropping pyopenssl use yet, i believe this has been done through other PRs so i'm closing this
thanks for writing this up though