Paul Kehrer
Paul Kehrer
On Windows pyOpenSSL doesn't ship with any trust roots (for annoying technical reasons). You'll need to supply your own trust roots. This can most easily be accomplished via [certifi](https://github.com/certifi/python-certifi) where...
Reopening since we have a method of reproduction in linux. I can confirm the failure occurs in your debian image, but the failure appears to occur even if I link...
This does a conversion to a `cryptography` CRL which then causes the error. Could you file this over on the https://github.com/pyca/cryptography repo?
Looks like more than one bug here. One is that pyca/cryptography assumes nextUpdate will always be present, when it is not required (so https://github.com/pyca/cryptography/blob/master/src/cryptography/hazmat/backends/openssl/x509.py#L296 is incorrect) and another is that...
cryptography 38 is out now 😄
Conflict here due to the new pinning, but we should get this reviewed ASAP 😄
Was this test passing previously? This logic changed in https://github.com/pyca/pyopenssl/pull/907, but fundamentally this OpenSSL API still takes a `time_t`, which on x86 (not x86_64) time_t is defined as a 32-bit...
I would expect https://github.com/pyca/pyopenssl/pull/927 is what caused the failure since that's where we updated the root cert to expire > 2038.
You can create a `Cryptography_STACK_OF_X509` object with `sk_X509_new_null(void)`. You can then push X509 objects onto it via `sk_X509_push(X509 *)`. These are both bound in cryptography's bindings. However, you'll need to...
1.3.6.1.4.1.11129.2.4.2 is the OID for certificate transparency (RFC 6962). Since your install (and indeed almost all installs) of OpenSSL don't know this extension an error is raised when `__str__` is...