Remove Dependency on Cryptography >=36.0.0
The mTLS OAuth2.0 in Keystone uses a parameter that is only availble on cryptography 36.0.0 or later. Users may have to upgrade cryptography which is already installed, which can be unreasonably hassle. This patch introduces an alternative for that parameter. [1] https://cryptography.io/en/latest/changelog/#v36-0-0 Closes-bug: 2009600 Change-Id: Idffe269b62797bb2935429f4069e878a177db04f
This commit is contained in:
parent
c08d97672d
commit
f5db9801c2
@ -479,8 +479,9 @@ def get_certificate_subject_dn(cert_pem):
|
||||
try:
|
||||
cert = x509.load_pem_x509_certificate(cert_pem.encode('utf-8'))
|
||||
for item in cert.subject:
|
||||
name, value = item.rfc4514_string(
|
||||
attr_name_overrides=ATTR_NAME_OVERRIDES).split('=')
|
||||
name, value = item.rfc4514_string().split('=')
|
||||
if item.oid in ATTR_NAME_OVERRIDES:
|
||||
name = ATTR_NAME_OVERRIDES[item.oid]
|
||||
dn_dict[name] = value
|
||||
except Exception as error:
|
||||
LOG.exception(error)
|
||||
@ -501,8 +502,9 @@ def get_certificate_issuer_dn(cert_pem):
|
||||
try:
|
||||
cert = x509.load_pem_x509_certificate(cert_pem.encode('utf-8'))
|
||||
for item in cert.issuer:
|
||||
name, value = item.rfc4514_string(
|
||||
attr_name_overrides=ATTR_NAME_OVERRIDES).split('=')
|
||||
name, value = item.rfc4514_string().split('=')
|
||||
if item.oid in ATTR_NAME_OVERRIDES:
|
||||
name = ATTR_NAME_OVERRIDES[item.oid]
|
||||
dn_dict[name] = value
|
||||
except Exception as error:
|
||||
LOG.exception(error)
|
||||
|
Loading…
Reference in New Issue
Block a user