| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
py-cryptography-legacy still references functions that have been
removed in OpenSSL 3.0, and fails to load openssl.abi3.so at run-time because
it lacks ERR_GET_FUNC (reported) and FIPS_mode (masked by first error),
and later because py-openssl feeds our utils/deprecated() an
unsupported name=<some string> keyword argument.
https://www.openssl.org/docs/man3.0/man7/migration_guide.html
is the basis for fixes #1 and #2
removed, because OpenSSL 3.0 removed function codes from the error.
In our own binding, leave the err_func attribute in, but set it
to a constant 0.
(patch-src___cffi* and patch-*binding.py)
and FIPS_mode_set, which need rework. (patch-libressl)
our utils/deprecated() function does not support, so steal
the utils function from py-cryptography 42.0.7,1, drop the
argument and return type annotations for consistency.
(patch-src_cryptography_utils.py)
This is sufficient to fix run-time errors for py-certbot on my
FreeBSD 14.0-RELEASE-p6 amd64 server with Python 3.11,
which I set to default to py-cryptography-legacy.
PR: 272935
(and bug linkage will reflect changes in PRs 273770, 272885)
Approved by: portmgr@ (just-fix-it blanket approval)
MFH: 2024Q2
|
