From aeabfd04669a300ecdabec9310764e5957085383 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Sat, 19 Mar 2016 10:59:57 -0400
Subject: Fixed #2836 -- error out on OpenSSL 0.9.8 by default

---
 .../hazmat/bindings/openssl/binding.py             | 40 ++++++++++++++--------
 1 file changed, 26 insertions(+), 14 deletions(-)

(limited to 'src')

diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py
index 5d7466f9..73457092 100644
--- a/src/cryptography/hazmat/bindings/openssl/binding.py
+++ b/src/cryptography/hazmat/bindings/openssl/binding.py
@@ -217,6 +217,31 @@ class Binding(object):
             )
 
 
+def _verify_openssl_version(version):
+    if version < 0x10000000:
+        if os.environ.get("CRYPTOGRAPHY_ALLOW_OPENSSL_098"):
+            warnings.warn(
+                "OpenSSL version 0.9.8 is no longer supported by the OpenSSL "
+                "project, please upgrade. The next version of cryptography "
+                "will completely remove support for it.",
+                utils.DeprecatedIn12
+            )
+        else:
+            # TODO: what exception type?
+            raise Exception(
+                "You are linking against OpenSSL 0.9.8, which is no longer "
+                "support by the OpenSSL project. You need to upgrade to a "
+                "newer version of OpenSSL."
+            )
+    elif version < 0x10001000:
+        warnings.warn(
+            "OpenSSL versions less than 1.0.1 are no longer supported by the "
+            "OpenSSL project, please upgrade. A future version of "
+            "cryptography will drop support for these versions of OpenSSL.",
+            DeprecationWarning
+        )
+
+
 # OpenSSL is not thread safe until the locks are initialized. We call this
 # method in module scope so that it executes with the import lock. On
 # Pythons < 3.4 this import lock is a global lock, which can prevent a race
@@ -224,17 +249,4 @@ class Binding(object):
 # is per module so this approach will not work.
 Binding.init_static_locks()
 
-if Binding.lib.SSLeay() < 0x10000000:
-    warnings.warn(
-        "OpenSSL version 0.9.8 is no longer supported by the OpenSSL project, "
-        "please upgrade. The next version of cryptography will drop support "
-        "for it.",
-        utils.DeprecatedIn12
-    )
-elif Binding.lib.SSLeay() < 0x10001000:
-    warnings.warn(
-        "OpenSSL versions less than 1.0.1 are no longer supported by the "
-        "OpenSSL project, please upgrade. A future version of cryptography "
-        "will drop support for these versions.",
-        DeprecationWarning
-    )
+_verify_openssl_version(Binding.lib.SSLeay())
-- 
cgit v1.2.3


From 57eec7fda04034b70681adda53b2d564eed33ef7 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Sat, 19 Mar 2016 11:58:32 -0400
Subject: Use runtimeerror for this

---
 src/cryptography/hazmat/bindings/openssl/binding.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py
index 73457092..0f7a9d95 100644
--- a/src/cryptography/hazmat/bindings/openssl/binding.py
+++ b/src/cryptography/hazmat/bindings/openssl/binding.py
@@ -227,8 +227,7 @@ def _verify_openssl_version(version):
                 utils.DeprecatedIn12
             )
         else:
-            # TODO: what exception type?
-            raise Exception(
+            raise RuntimeError(
                 "You are linking against OpenSSL 0.9.8, which is no longer "
                 "support by the OpenSSL project. You need to upgrade to a "
                 "newer version of OpenSSL."
-- 
cgit v1.2.3


From bb2b86557ee5c5f8a9916c0a5a0a9dc5f56410d6 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Sat, 19 Mar 2016 17:52:06 -0400
Subject: DeprecationWarning

---
 src/cryptography/hazmat/bindings/openssl/binding.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py
index 0f7a9d95..7727ad8d 100644
--- a/src/cryptography/hazmat/bindings/openssl/binding.py
+++ b/src/cryptography/hazmat/bindings/openssl/binding.py
@@ -10,7 +10,6 @@ import threading
 import types
 import warnings
 
-from cryptography import utils
 from cryptography.exceptions import InternalError
 from cryptography.hazmat.bindings._openssl import ffi, lib
 from cryptography.hazmat.bindings.openssl._conditional import CONDITIONAL_NAMES
@@ -224,7 +223,7 @@ def _verify_openssl_version(version):
                 "OpenSSL version 0.9.8 is no longer supported by the OpenSSL "
                 "project, please upgrade. The next version of cryptography "
                 "will completely remove support for it.",
-                utils.DeprecatedIn12
+                DeprecationWarning
             )
         else:
             raise RuntimeError(
-- 
cgit v1.2.3