usage of pyopenssl library

Question

usage of pyopenssl library

defigor opened this issue 2 years ago · 4 comments

It seems that pyopenssl library should not be used for cryptography: https://github.com/pyca/pyopenssl
Note: The Python Cryptographic Authority strongly suggests the use of pyca/cryptography where possible. If you are using pyOpenSSL for anything other than making a TLS connection you should move to cryptography and drop your pyOpenSSL dependency.

It seems that it is still being used in cert: https://github.com/IdentityPython/pysaml2/blob/master/src/saml2/cert.py#L8
Is it expected? Is there a plan to fix it?

Code Version

7.2.1

Expected Behavior

No dependency on pyopenssl

Current Behavior

pyopenssl is a dependency and is being used for cert.

Please let me know if we are wrong and that the library is not being used for cryptography and only for TLS connection.
Also please let me know if we need to provide any further information.
Thanks in advance.

Answer 1 · 2022-11-29T12:02:33.000Z

Hello, this is known and will be fixed, but I don't have a specific timeframe. This time of the year is very busy with meetings but I hope I can get to it soon.

Answer 2 · 2023-02-13T05:06:34.000Z

Hi @c00kiemon5ter I hope this time is less busy.
By any chance do you have an update on this one?

Answer 3 · 2023-06-05T07:04:19.000Z

Hi, by any chance are there any updates on this issue?

Answer 4 · 2023-09-03T22:31:15.000Z

Hi, just checking if there are any updates on this one. Thanks in advance.