Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove export of silly OpenSSL functions #12223

Open
richsalz opened this issue Jan 2, 2025 · 8 comments
Open

Remove export of silly OpenSSL functions #12223

richsalz opened this issue Jan 2, 2025 · 8 comments
Milestone
Forty Fifth Release

Comments

@richsalz
Copy link

richsalz commented Jan 2, 2025

It would be nice if you removed use of

  • X509_get_default_cert_dir_env as it just returns the value "SSL_CERT_DIR"
  • X509_get_default_cert_dir_env as it just returns the value "SSL_CERT_FILE"

Those values are documented in man7/openssl-env.
@alex
Copy link
Member

alex commented Jan 2, 2025

What's the motivation for this?

pyOpenSSL makes use of these, so we can't simply remove them, we'd have to remove the callers there and do a release cycle.

Do all OpenSSL forks document the same guarantees?

Assuming yes, I'm happy to take a PR for this (starting with the pyOpenSSL side), but I don't think any of the maintainers are likely to make time for it.

@reaperhulk
Copy link
Member

I’m happy to make time to review, but won’t author the PRs (assuming the forks we support all make the same guarantees)

@alex alex added the waiting-on-reporter Issue is waiting on a reply from the reporter. It will be automatically cloesd if there is no reply. label Jan 2, 2025
@richsalz
Copy link
Author

richsalz commented Jan 2, 2025

Yes LibreSSL and BoringSSL do the same thing, inherited from the original indirection in OpenSSL. I'll make a PR at some point, thanks.

@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 6, 2025

This issue has been waiting for a reporter response for 3 days. It will be auto-closed if no activity occurs in the next 5 days.

@github-actions github-actions bot added the Stale label Jan 6, 2025
@richsalz
Copy link
Author

richsalz commented Jan 6, 2025

Close if you want, a couple of silly needless functions won't really hurt the ecosystem. But I will try to do something.

@reaperhulk
Copy link
Member

That’s just the automated bot which isn’t very smart. We remain happy to review the PRs.

@reaperhulk reaperhulk removed the waiting-on-reporter Issue is waiting on a reply from the reporter. It will be automatically cloesd if there is no reply. label Jan 6, 2025
@alex alex removed the Stale label Jan 15, 2025
@reaperhulk reaperhulk added this to the Forty Fifth Release milestone Jan 31, 2025
alex added a commit to alex/pyopenssl that referenced this issue Jan 31, 2025
@alex
Remove use of OpenSSL APIs that aren't useful
b78fb55 
Per pyca/cryptography#12223 these always return constant strings
@alex alex mentioned this issue Jan 31, 2025
Merged
@alex
Copy link
Member

alex commented Jan 31, 2025

pyca/pyopenssl#1414 removes the usage from pyOpenSSL. Once that's in a release we can remove from here.

reaperhulk pushed a commit to pyca/pyopenssl that referenced this issue Jan 31, 2025
@alex
Remove use of OpenSSL APIs that aren't useful (#1414)
9b8c497 
Per pyca/cryptography#12223 these always return constant strings
@richsalz
Copy link
Author

Thanks, I never got around to it (obviously) and decided it wasn't worth anyone working on it :). I appreciate it!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
Forty Fifth Release
Development

No branches or pull requests
3 participants
@alex @reaperhulk @richsalz