From 5a54f1aec2d9b739c95ed862661efe7b8ff75d31 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 31 Aug 2018 10:46:20 -0400 Subject: Fixes #3460 -- deprecate OpenSSL 1.0.1 (#4427) * Fixes #3460 -- deprecate OpenSSL 1.0.1 * We need to import warnings * flake8 * words are hard * rephrase --- src/cryptography/hazmat/bindings/openssl/binding.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'src') diff --git a/src/cryptography/hazmat/bindings/openssl/binding.py b/src/cryptography/hazmat/bindings/openssl/binding.py index ec74d4cf..d52619dc 100644 --- a/src/cryptography/hazmat/bindings/openssl/binding.py +++ b/src/cryptography/hazmat/bindings/openssl/binding.py @@ -7,6 +7,7 @@ from __future__ import absolute_import, division, print_function import collections import threading import types +import warnings from cryptography import utils from cryptography.exceptions import InternalError @@ -150,9 +151,24 @@ class Binding(object): _openssl_assert(cls.lib, res == 1) +def _verify_openssl_version(lib): + if ( + lib.CRYPTOGRAPHY_OPENSSL_LESS_THAN_102 and + not lib.CRYPTOGRAPHY_IS_LIBRESSL + ): + warnings.warn( + "OpenSSL version 1.0.1 is no longer supported by the OpenSSL " + "project, please upgrade. A future version of cryptography will " + "drop support for it.", + DeprecationWarning + ) + + # OpenSSL is not thread safe until the locks are initialized. We call this # method in module scope so that it executes with the import lock. On # Pythons < 3.4 this import lock is a global lock, which can prevent a race # condition registering the OpenSSL locks. On Python 3.4+ the import lock # is per module so this approach will not work. Binding.init_static_locks() + +_verify_openssl_version(Binding.lib) -- cgit v1.2.3