Skip to content

Removed indirect dependency on OpenSSL from cryptography-x509-verification #14003

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
TaaviE wants to merge 1 commit into from
Closed

Removed indirect dependency on OpenSSL from cryptography-x509-verification #14003

TaaviE wants to merge 1 commit into from

Conversation

@TaaviE
Copy link
Contributor

@TaaviE TaaviE commented Dec 11, 2025
edited
Loading

This PR should decouple cryptography-x509-verification from cryptography-key-parsing and subsequently OpenSSL.

This makes it possible to (cross-)build the library for targets that would otherwise have difficulties with OpenSSL. It also makes the PKCS#1 parsing pure Rust.

Tests seem to all pass when ran locally.

@TaaviE
Removed indirect dependency on OpenSSL from cryptography-x509-verific…
0afcb2c 
…ation

Decouple cryptography-x509-verification from cryptography-key-parsing and subsequently OpenSSL.
@alex
Copy link
Member

alex commented Dec 13, 2025

We're not going to depend on an entirely different ASN.1 stack for this. If there's an interest in the objective we can consider it, but this isn't going to be the right approach.

@TaaviE
Copy link
Contributor Author

TaaviE commented Dec 13, 2025

@alex Yeah, that makes sense. I just stumbled upon this when trying to use that code standalone (and without OpenSSL).

It might be worthwhile to consider switching to a memory-safe ASN.1 stack even outside the context of build targets that OpenSSL isn't so pleasant to use with.

@alex
Copy link
Member

alex commented Dec 13, 2025 via email

@TaaviE
Copy link
Contributor Author

TaaviE commented Dec 13, 2025

I'm not sure I follow, is there any place we don't use our own rust asn1 stack for der?

Yeah I misremembered/misphrased, OSSL is just intertwined with the Rust asn1 stack currently used in cryptography-key-parsing, including rsa.rs. Which made me make a (silly) leap into assuming it's used throughout.

@alex
Copy link
Member

alex commented Dec 17, 2025

going to close this since it doesn't make sense as-is, but we're generally happy to take improvements to this code.

@alex alex closed this Dec 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TaaviE @alex