ppaeps
commented
2 years ago Picked up two commits from @sraustein. These add wrappers around the Python memory management functions and update the included OpenSSL distribution for users whose system OpenSSL is not built with RFC 3779 support.
What this branch really needs now is more thorough testing in a real-world environment.
This replaces all uses of the OpenSSL API with post-1.1 idioms. It builds on the preparations put in place by @sraustein several years ago. No effort has been made to retain portability with obsolete versions of OpenSSL. It is clear that those versions of OpenSSL should no longer be used anywhere.
With these changes, rpki.net will work (and hopefully work well!) on systems that still have Python 2.7 (also obsolete) but that have moved beyond OpenSSL version 1.1.
I would very much appreciate help testing these changes. My testing has been largely focussed on unit-testing the Python OpenSSL Wrappers and the relying-party code. The CA components have seen almost no testing from me. This pull request should probably not be merged before at least one other person compiles this branch!