def get_openssl_version():
"""
Returns the FIPS openssl version
Return:
string: the openssl version being used by the Auth Proxy
"""
# The import is scoped to the function because `backend` initializes
# some packages that we need to wrap first.
from cryptography.hazmat.backends.openssl import backend
return backend.openssl_version_text()
from typing import TYPE_CHECKING, Any, Dict, List, Optional, Tuple, Union
from .. import util
if TYPE_CHECKING:
from OpenSSL.crypto import CRL, X509 # type: ignore[import]
__all__ = ["inject_into_urllib3", "extract_from_urllib3"]
# SNI always works.
HAS_SNI = True
# Use system TLS ciphers on OpenSSL 1.1.1+
USE_DEFAULT_SSLCONTEXT_CIPHERS = util.ssl_._is_ge_openssl_v1_1_1(
openssl_backend.openssl_version_text(), openssl_backend.openssl_version_number()
)
# Map from urllib3 to PyOpenSSL compatible parameter-values.
_openssl_versions = {
util.ssl_.PROTOCOL_TLS: OpenSSL.SSL.SSLv23_METHOD, # type: ignore[attr-defined]
util.ssl_.PROTOCOL_TLS_CLIENT: OpenSSL.SSL.SSLv23_METHOD, # type: ignore[attr-defined]
ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD,
}
if hasattr(ssl, "PROTOCOL_TLSv1_1") and hasattr(OpenSSL.SSL, "TLSv1_1_METHOD"):
_openssl_versions[ssl.PROTOCOL_TLSv1_1] = OpenSSL.SSL.TLSv1_1_METHOD
if hasattr(ssl, "PROTOCOL_TLSv1_2") and hasattr(OpenSSL.SSL, "TLSv1_2_METHOD"):
_openssl_versions[ssl.PROTOCOL_TLSv1_2] = OpenSSL.SSL.TLSv1_2_METHOD
def pytest_report_header(config):
return "\n".join([
"OpenSSL: {}".format(openssl_backend.openssl_version_text()),
"FIPS Enabled: {}".format(openssl_backend._fips_enabled),
])
def pytest_report_header(config):
return "OpenSSL: {0}".format(openssl_backend.openssl_version_text())
def pytest_report_header(config):
return "OpenSSL: {0}".format(openssl_backend.openssl_version_text())
import re
import subprocess
import time
from cryptography.hazmat.backends.openssl import backend
# the version that cryptography uses
linked_version = backend.openssl_version_text()
# the version present in the conda environment
env_version = subprocess.check_output('openssl version',
shell=True).decode('utf8').strip()
# strip off possible brackets from e.g. "OpenSSL 3.0.0 7 sep 2021 (Library: OpenSSL 3.0.0 7 sep 2021)"
env_version = re.sub(
r"(?P<version>OpenSSL [\d\.]+ \d+ [a-z]{3} 20\d\d)(?P<irrelevant> \(.*\))?",
r"\1", env_version)
print('Version used by cryptography:\n{linked_version}'.format(
linked_version=linked_version))
print('Version in conda environment:\n{env_version}'.format(
env_version=env_version))
# avoid race condition between print and (possible) AssertionError
time.sleep(1)
# linking problems have appeared on windows before (see issue #38),
# and were only caught by lucky accident through the test suite.
# This is intended to ensure it does not happen again.
assert linked_version == env_version
from socket import timeout
from typing import TYPE_CHECKING, Any, Dict, List, Optional, Tuple, Union
from .. import util
if TYPE_CHECKING:
from OpenSSL.crypto import CRL, X509 # type: ignore[import]
__all__ = ["inject_into_urllib3", "extract_from_urllib3"]
# SNI always works.
HAS_SNI = True
# Use system TLS ciphers on OpenSSL 1.1.1+
USE_DEFAULT_SSLCONTEXT_CIPHERS = util.ssl_._is_ge_openssl_v1_1_1(
openssl_backend.openssl_version_text(),
openssl_backend.openssl_version_number() # type: ignore[no-untyped-call]
)
# Map from urllib3 to PyOpenSSL compatible parameter-values.
_openssl_versions = {
util.ssl_.PROTOCOL_TLS:
OpenSSL.SSL.SSLv23_METHOD, # type: ignore[attr-defined]
util.ssl_.PROTOCOL_TLS_CLIENT:
OpenSSL.SSL.SSLv23_METHOD, # type: ignore[attr-defined]
ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD,
}
if hasattr(ssl, "PROTOCOL_SSLv3") and hasattr(OpenSSL.SSL, "SSLv3_METHOD"):
_openssl_versions[ssl.PROTOCOL_SSLv3] = OpenSSL.SSL.SSLv3_METHOD
