You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
pyOpenSSL has many APIs with poor designs that are entirely reliant on OpenSSL implementation details. For nearly all of these, pyca/cryptography has much better implementations with more thought out APIs.
Therefore, we would like to deprecate/remove anything besides SSL in pyOpenSSL (SSL has no equivalent in pyca/cryptography, nor is there is a path to adding one).
We've been doing this for a while already, but now we're filing an issue to actually track this in a systematic way.
Strategy
Most APIs can simply be deprecated and removed. In some cases, where SSL relies on these (e.g., PKey objects for private keys or X509 for certificates), we'll need to expand the SSL API to accept the pyca/cryptography versions of these objects (there are mostly already from_cryptography APIs we can keep around).
This also means we will not be adding any new API surface in these areas.
Motivation
pyOpenSSL has many APIs with poor designs that are entirely reliant on OpenSSL implementation details. For nearly all of these, pyca/cryptography has much better implementations with more thought out APIs.
Therefore, we would like to deprecate/remove anything besides SSL in pyOpenSSL (SSL has no equivalent in pyca/cryptography, nor is there is a path to adding one).
We've been doing this for a while already, but now we're filing an issue to actually track this in a systematic way.
Strategy
Most APIs can simply be deprecated and removed. In some cases, where SSL relies on these (e.g.,
PKeyobjects for private keys orX509for certificates), we'll need to expand the SSL API to accept the pyca/cryptography versions of these objects (there are mostly alreadyfrom_cryptographyAPIs we can keep around).This also means we will not be adding any new API surface in these areas.
Status
Deprecations and Removals
randadd,statuscryptoPKey,dump_publickey,dump_privatekey,load_publickey,load_privatekeyget_elliptic_curves,get_elliptic_curveX509NameX509ExtensionX509Req,dump_certificate_request,load_certificate_requestX509,load_certificate,dump_certificateX509Store,X509StoreContextSSLintegrationCRL,Revoked,dump_crl,load_crlsign,verifyAPIs needing to accept/return
pyca/cryptographytypesContextuse_certificateadd_extra_chain_certuse_privatekeyset_tmp_ecdhset_client_ca_listadd_client_caConnectionuse_certificateuse_privatekeyget_client_ca_listget_certificateget_peer_certificateget_peer_cert_chainget_verified_chain