search

wbond / oscrypto

Compiler-free Python crypto library backed by the OS, supporting CPython and PyPy
MIT License
318 stars 71 forks source link

Fixes #35: Pin libcrypto and libssl dylibs only on Catalina #36

Closed worldwise001 closed 4 years ago

worldwise001 commented 4 years ago

Here's a possible fix to pin the versions at least on Catalina.

wbond commented 4 years ago

To get the Circle CI to pass we'll need to do this since Circle got rid of the 9.2.0 image: https://github.com/wbond/asn1crypto/commit/d43d2b56aa00ce29f4022906e85dd0e6115cf9c8.

codecov[bot] commented 4 years ago

Codecov Report

Merging #36 into master will decrease coverage by 0.18%. The diff coverage is 75%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master      #36      +/-   ##
==========================================
- Coverage   85.11%   84.92%   -0.19%     
==========================================
  Files          68       68              
  Lines        9420     9428       +8     
==========================================
- Hits         8018     8007      -11     
- Misses       1402     1421      +19
Impacted Files Coverage Δ
oscrypto/_openssl/_libssl_cffi.py 87.5% <75%> (-2.5%) :arrow_down:
oscrypto/_openssl/_libcrypto_cffi.py 75% <75%> (ø) :arrow_up:
oscrypto/_win/tls.py 87.58% <0%> (-1.76%) :arrow_down:
oscrypto/_openssl/_libcrypto_ctypes.py 96.25% <0%> (-1.5%) :arrow_down:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update a9f5774...03cecec. Read the comment docs.

wbond commented 4 years ago

So right now the libcrypto bindings assume that when we see LibreSSL that we have an OpenSSL 1.0.1 compatible API.

It looks like in LibreSSL 2.7 they started adding OpenSSL 1.0.2 and 1.1.0 APIs. Because of this I think it would be safest if we default to libcrypto.42.dylib and libssl.44.dylib.

Here is the version info I got for libssl on Catalina:

libssl.35.dylib:libressl-2.2
libssl.43.dylib:libressl-2.5
libssl.44.dylib:libressl-2.6
libssl.46.dylib:libressl-2.8
worldwise001 commented 4 years ago

Oh interesting. I can change that. I assumed the numbers were the same.

worldwise001 commented 4 years ago

wow I am usually much better at catching linter problems.

wbond commented 4 years ago

Thanks for all of the digging and the fix!