Skip to content
This repository has been archived by the owner on Apr 7, 2022. It is now read-only.

Parsing x509.extensions.PrecertificateSignedCertificateTimestamps requires OpenSSL ≥ 1.1.0 #2

Closed
felddy opened this issue Jan 29, 2019 · 1 comment
Closed

Parsing x509.extensions.PrecertificateSignedCertificateTimestamps requires OpenSSL ≥ 1.1.0 #2

felddy opened this issue Jan 29, 2019 · 1 comment

Comments

@felddy
Copy link
Member

felddy commented Jan 29, 2019

Alpine linux is using an older OpenSSL library that doesn't understand precertificate signed timestamps. We need to upgrade to a distro that support OpenSSL 1.1.0 or greater.

pyca/cryptography#3461

/home/con # cat /etc/issue 
Welcome to Alpine Linux 3.8

Python 3.6.6 (default, Sep 12 2018, 02:15:29) 
[GCC 6.4.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from cryptography.hazmat.backends.openssl.backend import backend
>>> print(backend.openssl_version_text())
OpenSSL 1.0.2q  20 Nov 2018

Exploring https://hub.docker.com/_/python
@felddy
Copy link
Member Author

felddy commented Jan 30, 2019

Admiral docker image changed to alpine:edge. This is pulling in a version of OpenSSL that supports parsing the SCTs.

See: 926580c

~ $ cat /etc/issue 
Welcome to Alpine Linux 3.8
Kernel \r on an \m (\l)
~ $ uname -a
Linux 00dfe6153660 4.9.125-linuxkit #1 SMP Fri Sep 7 08:20:28 UTC 2018 x86_64 Linux

~ $ python3
Python 3.6.8 (default, Jan 24 2019, 16:36:39) 
[GCC 8.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from cryptography.hazmat.backends.openssl.backend import backend
>>> print(backend.openssl_version_text())
OpenSSL 1.1.1a  20 Nov 2018

@felddy felddy closed this as completed Jan 30, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@felddy