Fixes #3460 -- deprecate OpenSSL 1.0.1 (#4427)

* Fixes #3460 -- deprecate OpenSSL 1.0.1

* We need to import warnings

* flake8

* words are hard

* rephrase

1 files changed, 16 insertions, 0 deletions

diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py
index ec74d4cf..d52619dc 100644
--- a/src/cryptography/hazmat/bindings/openssl/binding.py
+++ b/src/cryptography/hazmat/bindings/openssl/binding.py
@@ -7,6 +7,7 @@ from __future__ import absolute_import, division, print_function
 import collections
 import threading
 import types
+import warnings
 
 from cryptography import utils
 from cryptography.exceptions import InternalError
@@ -150,9 +151,24 @@ class Binding(object):
             _openssl_assert(cls.lib, res == 1)
 
 
+def _verify_openssl_version(lib):
+    if (
+        lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 and
+        not lib.CRYPTOGRAPHY_IS_LIBRESSL
+    ):
+        warnings.warn(
+            "OpenSSL version 1.0.1 is no longer supported by the OpenSSL "
+            "project, please upgrade. A future version of cryptography will "
+            "drop support for it.",
+            DeprecationWarning
+        )
+
+
 # OpenSSL is not thread safe until the locks are initialized. We call this
 # method in module scope so that it executes with the import lock. On
 # Pythons < 3.4 this import lock is a global lock, which can prevent a race
 # condition registering the OpenSSL locks. On Python 3.4+ the import lock
 # is per module so this approach will not work.
 Binding.init_static_locks()
+
+_verify_openssl_version(Binding.lib)