search

suds-community / suds

Suds is a lightweight SOAP python client for consuming Web Services. A community fork of the jurko fork.
https://suds.readthedocs.io/
GNU Lesser General Public License v3.0
172 stars 54 forks source link

Use usedforsecurity=False for md5() calls to make suds work on FIPS enabled systems #72

Closed oalbrigt closed 2 years ago

phillbaker commented 2 years ago

In reading https://github.com/s3tools/s3cmd/issues/1005#issuecomment-578241131 and some of the linked blog posts/issues, it seems like this was only added in Python 3.9.

If you can add code that checks the python version, this makes sense to me.

On Mon, Feb 28, 2022 at 5:27 AM Oyvind Albrigtsen @.***> wrote:

You can view, comment on, or merge this pull request online at:

https://github.com/suds-community/suds/pull/72 Commit Summary

File Changes

(2 files https://github.com/suds-community/suds/pull/72/files)

Patch Links:

— Reply to this email directly, view it on GitHub https://github.com/suds-community/suds/pull/72, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAXCKLH4QHIQSNLIQPBTFTU5NEZDANCNFSM5PQVXE3Q . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you are subscribed to this thread.Message ID: @.***>

ptoscano commented 2 years ago

(part of subscription-manager/virt-who team here)

While this seems OK-ish, I wonder whether the Reader class needs md5 at all. It seems it is used only for caching, so I wonder there a cache system could be implemented without using md5 at all.

oalbrigt commented 2 years ago

I think you're right, but I dont see an issue in using it.