Open
Conversation
The only place where `OpenSSL` is used is via an indirect dependency from `urllib3.contrib.pyopenssl`, which itself is only used when the Python built-in SSL module doesn't support SNI (Server Name Indication). That module itself is only imported via the vendored `requests` init, _iff_ `ssl.HAS_SNI` is `False`, or as an optional import in vendored `requests.help` (which is never imported by code; in the original `requests` library, it's supposed to be run as a command-line module, but it's unlikely `python -m oci._vendor.requests.help` is a real use case). The `urllib3.contrib.pyopenssl` module's docstring says: > This module was relevant before the standard library ``ssl`` > module supported SNI, but now that we've dropped support for > Python 2.7 all relevant Python versions support SNI so > **this module is no longer recommended**. This is related to oracle#802; right now there are upper version pins on `pyOpenSSL`, which prevent downstream users from upgrading to e.g. non-vulnerable versions of that library downstream. Signed-off-by: Aarni Koskela <akx@iki.fi>
|
Thank you for your pull request and welcome to our community! To contribute, please sign the Oracle Contributor Agreement (OCA).
To sign the OCA, please create an Oracle account and sign the OCA in Oracle's Contributor Agreement Application. When signing the OCA, please provide your GitHub username. After signing the OCA and getting an OCA approval from Oracle, this PR will be automatically updated. If you are an Oracle employee, please make sure that you are a member of the main Oracle GitHub organization, and your membership in this organization is public. |
oracle-contributor-agreement
bot
added
the
OCA Required
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The only place where
OpenSSLis used is via an indirect dependency fromurllib3.contrib.pyopenssl, which itself is only used when the Python built-in SSL module doesn't support SNI (Server Name Indication).That module itself is only imported via the vendored
requestsinit, iffssl.HAS_SNIisFalse, or as an optional import in vendoredrequests.help(which is never imported by code; in the originalrequestslibrary, it's supposed to be run as a command-line module, but it's unlikelypython -m oci._vendor.requests.helpis a real use case).The
urllib3.contrib.pyopensslmodule's docstring says:This is related to #802; right now there are upper version pins on
pyOpenSSL, which prevent downstream users from upgrading to e.g. non-vulnerable versions of that library downstream.