aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--CHANGELOG.rst12
-rw-r--r--src/cryptography/hazmat/backends/openssl/utils.py2
-rw-r--r--src/cryptography/hazmat/backends/openssl/x509.py10
-rw-r--r--src/cryptography/hazmat/primitives/asymmetric/utils.py22
-rw-r--r--src/cryptography/hazmat/primitives/constant_time.py2
-rw-r--r--src/cryptography/utils.py5
-rw-r--r--src/cryptography/x509/general_name.py6
-rw-r--r--tests/hazmat/primitives/test_asym_utils.py13
-rw-r--r--tests/x509/test_x509.py21
-rw-r--r--tests/x509/test_x509_ext.py12
10 files changed, 26 insertions, 79 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index cbf032eb..5a6d4b54 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -8,6 +8,18 @@ Changelog
.. note:: This version is not yet released and is under active development.
+* **BACKWARDS INCOMPATIBLE:** Removed
+ ``cryptography.hazmat.primitives.asymmetric.utils.encode_rfc6979_signature``
+ and
+ ``cryptography.hazmat.primitives.asymmetric.utils.decode_rfc6979_signature``,
+ which had been deprecated for nearly 4 years. Use
+ :func:`~cryptography.hazmat.primitives.asymmetric.utils.encode_dss_signature`
+ and
+ :func:`~cryptography.hazmat.primitives.asymmetric.utils.decode_dss_signature`
+ instead.
+* **BACKWARDS INCOMPATIBLE**: Removed ``cryptography.x509.Certificate.serial``,
+ which had been deprecated for nearly 3 years. Use
+ :attr:`~cryptography.x509.Certificate.serial_number` instead.
.. _v2-5:
diff --git a/src/cryptography/hazmat/backends/openssl/utils.py b/src/cryptography/hazmat/backends/openssl/utils.py
index 363f3d2c..ee472c0e 100644
--- a/src/cryptography/hazmat/backends/openssl/utils.py
+++ b/src/cryptography/hazmat/backends/openssl/utils.py
@@ -64,6 +64,6 @@ def _warn_sign_verify_deprecated():
warnings.warn(
"signer and verifier have been deprecated. Please use sign "
"and verify instead.",
- utils.PersistentlyDeprecated,
+ utils.PersistentlyDeprecated2017,
stacklevel=3
)
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index ac1838c6..b3eb797d 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -6,7 +6,6 @@ from __future__ import absolute_import, division, print_function
import datetime
import operator
-import warnings
from cryptography import utils, x509
from cryptography.exceptions import UnsupportedAlgorithm
@@ -63,15 +62,6 @@ class _Certificate(object):
)
@property
- def serial(self):
- warnings.warn(
- "Certificate serial is deprecated, use serial_number instead.",
- utils.PersistentlyDeprecated,
- stacklevel=2
- )
- return self.serial_number
-
- @property
def serial_number(self):
asn1_int = self._backend._lib.X509_get_serialNumber(self._x509)
self._backend.openssl_assert(asn1_int != self._backend._ffi.NULL)
diff --git a/src/cryptography/hazmat/primitives/asymmetric/utils.py b/src/cryptography/hazmat/primitives/asymmetric/utils.py
index ef1e7eb9..274c1f41 100644
--- a/src/cryptography/hazmat/primitives/asymmetric/utils.py
+++ b/src/cryptography/hazmat/primitives/asymmetric/utils.py
@@ -4,8 +4,6 @@
from __future__ import absolute_import, division, print_function
-import warnings
-
from asn1crypto.algos import DSASignature
import six
@@ -14,31 +12,11 @@ from cryptography import utils
from cryptography.hazmat.primitives import hashes
-def decode_rfc6979_signature(signature):
- warnings.warn(
- "decode_rfc6979_signature is deprecated and will "
- "be removed in a future version, use decode_dss_signature instead.",
- utils.PersistentlyDeprecated,
- stacklevel=2
- )
- return decode_dss_signature(signature)
-
-
def decode_dss_signature(signature):
data = DSASignature.load(signature, strict=True).native
return data['r'], data['s']
-def encode_rfc6979_signature(r, s):
- warnings.warn(
- "encode_rfc6979_signature is deprecated and will "
- "be removed in a future version, use encode_dss_signature instead.",
- utils.PersistentlyDeprecated,
- stacklevel=2
- )
- return encode_dss_signature(r, s)
-
-
def encode_dss_signature(r, s):
if (
not isinstance(r, six.integer_types) or
diff --git a/src/cryptography/hazmat/primitives/constant_time.py b/src/cryptography/hazmat/primitives/constant_time.py
index 0e987ea7..99a114e2 100644
--- a/src/cryptography/hazmat/primitives/constant_time.py
+++ b/src/cryptography/hazmat/primitives/constant_time.py
@@ -23,7 +23,7 @@ else:
"Support for your Python version is deprecated. The next version of "
"cryptography will remove support. Please upgrade to a 2.7.x "
"release that supports hmac.compare_digest as soon as possible.",
- utils.DeprecatedIn23,
+ utils.PersistentlyDeprecated2018,
)
def bytes_eq(a, b):
diff --git a/src/cryptography/utils.py b/src/cryptography/utils.py
index cbbae3a7..567600fb 100644
--- a/src/cryptography/utils.py
+++ b/src/cryptography/utils.py
@@ -20,9 +20,8 @@ class CryptographyDeprecationWarning(UserWarning):
# Several APIs were deprecated with no specific end-of-life date because of the
# ubiquity of their use. They should not be removed until we agree on when that
# cycle ends.
-PersistentlyDeprecated = CryptographyDeprecationWarning
-DeprecatedIn21 = CryptographyDeprecationWarning
-DeprecatedIn23 = CryptographyDeprecationWarning
+PersistentlyDeprecated2017 = CryptographyDeprecationWarning
+PersistentlyDeprecated2018 = CryptographyDeprecationWarning
DeprecatedIn25 = CryptographyDeprecationWarning
diff --git a/src/cryptography/x509/general_name.py b/src/cryptography/x509/general_name.py
index 1b0f8c8f..fef29c8c 100644
--- a/src/cryptography/x509/general_name.py
+++ b/src/cryptography/x509/general_name.py
@@ -72,7 +72,7 @@ class RFC822Name(object):
"This means unicode characters should be encoded via "
"idna. Support for passing unicode strings (aka U-label) "
"will be removed in a future version.",
- utils.DeprecatedIn21,
+ utils.PersistentlyDeprecated2017,
stacklevel=2,
)
else:
@@ -139,7 +139,7 @@ class DNSName(object):
"This means unicode characters should be encoded via "
"idna. Support for passing unicode strings (aka U-label) "
"will be removed in a future version.",
- utils.DeprecatedIn21,
+ utils.PersistentlyDeprecated2017,
stacklevel=2,
)
else:
@@ -184,7 +184,7 @@ class UniformResourceIdentifier(object):
"This means unicode characters should be encoded via "
"idna. Support for passing unicode strings (aka U-label) "
" will be removed in a future version.",
- utils.DeprecatedIn21,
+ utils.PersistentlyDeprecated2017,
stacklevel=2,
)
else:
diff --git a/tests/hazmat/primitives/test_asym_utils.py b/tests/hazmat/primitives/test_asym_utils.py
index fc9e9fd8..d817c651 100644
--- a/tests/hazmat/primitives/test_asym_utils.py
+++ b/tests/hazmat/primitives/test_asym_utils.py
@@ -7,19 +7,8 @@ from __future__ import absolute_import, division, print_function
import pytest
from cryptography.hazmat.primitives.asymmetric.utils import (
- Prehashed, decode_dss_signature, decode_rfc6979_signature,
- encode_dss_signature, encode_rfc6979_signature,
+ Prehashed, decode_dss_signature, encode_dss_signature
)
-from cryptography.utils import CryptographyDeprecationWarning
-
-
-def test_deprecated_rfc6979_signature():
- with pytest.warns(CryptographyDeprecationWarning):
- sig = encode_rfc6979_signature(1, 1)
- assert sig == b"0\x06\x02\x01\x01\x02\x01\x01"
- with pytest.warns(CryptographyDeprecationWarning):
- decoded = decode_rfc6979_signature(sig)
- assert decoded == (1, 1)
def test_dss_signature():
diff --git a/tests/x509/test_x509.py b/tests/x509/test_x509.py
index c8c863fb..1ead5947 100644
--- a/tests/x509/test_x509.py
+++ b/tests/x509/test_x509.py
@@ -609,27 +609,6 @@ class TestRSACertificate(object):
SignatureAlgorithmOID._RSA_WITH_SHA1
)
- def test_cert_serial_number(self, backend):
- cert = _load_cert(
- os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
- x509.load_der_x509_certificate,
- backend
- )
-
- with pytest.warns(utils.CryptographyDeprecationWarning):
- assert cert.serial == 2
- assert cert.serial_number == 2
-
- def test_cert_serial_warning(self, backend):
- cert = _load_cert(
- os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
- x509.load_der_x509_certificate,
- backend
- )
-
- with pytest.warns(utils.CryptographyDeprecationWarning):
- cert.serial
-
def test_load_der_cert(self, backend):
cert = _load_cert(
os.path.join("x509", "PKITS_data", "certs", "GoodCACert.crt"),
diff --git a/tests/x509/test_x509_ext.py b/tests/x509/test_x509_ext.py
index 6de105fa..6cf388da 100644
--- a/tests/x509/test_x509_ext.py
+++ b/tests/x509/test_x509_ext.py
@@ -1673,11 +1673,11 @@ class TestKeyUsageExtension(object):
class TestDNSName(object):
def test_init_deprecated(self):
pytest.importorskip("idna")
- with pytest.warns(utils.DeprecatedIn21):
+ with pytest.warns(utils.CryptographyDeprecationWarning):
name = x509.DNSName(u".\xf5\xe4\xf6\xfc.example.com")
assert name.value == u".xn--4ca7aey.example.com"
- with pytest.warns(utils.DeprecatedIn21):
+ with pytest.warns(utils.CryptographyDeprecationWarning):
name = x509.DNSName(u"\xf5\xe4\xf6\xfc.example.com")
assert name.value == u"xn--4ca7aey.example.com"
@@ -1792,7 +1792,7 @@ class TestRFC822Name(object):
def test_idna(self):
pytest.importorskip("idna")
- with pytest.warns(utils.DeprecatedIn21):
+ with pytest.warns(utils.CryptographyDeprecationWarning):
gn = x509.RFC822Name(u"email@em\xe5\xefl.com")
assert gn.value == u"email@xn--eml-vla4c.com"
@@ -1832,7 +1832,7 @@ class TestUniformResourceIdentifier(object):
def test_idna_no_port(self):
pytest.importorskip("idna")
- with pytest.warns(utils.DeprecatedIn21):
+ with pytest.warns(utils.CryptographyDeprecationWarning):
gn = x509.UniformResourceIdentifier(
u"http://\u043f\u044b\u043a\u0430.cryptography"
)
@@ -1841,7 +1841,7 @@ class TestUniformResourceIdentifier(object):
def test_idna_with_port(self):
pytest.importorskip("idna")
- with pytest.warns(utils.DeprecatedIn21):
+ with pytest.warns(utils.CryptographyDeprecationWarning):
gn = x509.UniformResourceIdentifier(
u"gopher://\u043f\u044b\u043a\u0430.cryptography:70/some/path"
)
@@ -1856,7 +1856,7 @@ class TestUniformResourceIdentifier(object):
def test_query_and_fragment(self):
pytest.importorskip("idna")
- with pytest.warns(utils.DeprecatedIn21):
+ with pytest.warns(utils.CryptographyDeprecationWarning):
gn = x509.UniformResourceIdentifier(
u"ldap://\u043f\u044b\u043a\u0430.cryptography:90/path?query="
u"true#somedata"