Tasks #51946
openmgr: remove pyOpenSSL dependency
0%
Description
From https://pypi.org/project/pyOpenSSL/ , "The Python Cryptographic Authority strongly suggests the use of pyca/cryptography where possible"
We should drop our direct use of PyOpenSSL and use https://pypi.org/project/cryptography/ wherever possible.
git grep -l OpenSSL | grep \.py
shows
doc/_ext/ceph_commands.py doc/_ext/ceph_confval.py qa/tasks/openssl_keys.py src/mypy.ini src/pybind/CMakeLists.txt src/pybind/mgr/dashboard/cherrypy_backports.py src/pybind/mgr/mgr_util.py src/pybind/mgr/requirements.txt src/pybind/mgr/restful/module.py src/pybind/mgr/tests/test_tls.py src/test/rgw/bucket_notification/test_bn.py
mgr_util.py
seems to be the main problem, mainly cert handling like create_self_signed_cert()
, verify_tls_files()
, verify_tls()
, verify_cacrt_content()
.
The cryptography.io docs are excellent, and I'll also mention for what it's worth I've written a separate tool that uses python-cryptography to do things like CA generation and signatures, etc, https://pagure.io/koji-tools/blob/master/f/src/bin/koji-ssl-admin . Feel free to use that as inspiration for rewriting this in Ceph's mgr.