Conditionally print certificate info

The cryptography package (which pyOpenSSL depends on) doesn't support being loaded in multiple sub interpreters from version 41.0.0. Doing it in previous versions seemed to work, but could apparenly cause soundness issues, so it errors out from version 41.0.0. Note that this isn't a change in the cryptography package, but in pyo3 from version 0.17.0, which cryptography uses. This causes the script to fail when reloading it. However, since pyOpenSSL is only used to print certificate info, wrap it in a try and skip printing info instead of crashing if pyOpenSSL can't be imported. There is another issue with a dependency of matrix-nio using pyo3 (rpds-py via jsonschema), but this at least helps with part of the problem. See poljar#357 for more details.
trygveaa · Dec 23, 2024 · d049c43 · d049c43
1 parent feae9fd
commit d049c43
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/main.py b/main.py
@@ -40,7 +40,6 @@
 
 import logbook
 import json
-import OpenSSL.crypto as crypto
 from future.utils import bytes_to_native_str as n
 from logbook import Logger, StreamHandler
 
@@ -118,6 +117,16 @@
 
 
 def print_certificate_info(buff, sock, cert):
+    try:
+        import OpenSSL.crypto as crypto
+    except:
+        message = (
+            "{prefix}matrix: printing certificate info is not supported after reload, "
+            + "see https://github.com/poljar/weechat-matrix/issues/357"
+        ).format(prefix=W.prefix("network"))
+        W.prnt(buff, message)
+        return
+
     cert_pem = ssl.DER_cert_to_PEM_cert(sock.getpeercert(True))
 
     x509 = crypto.load_certificate(crypto.FILETYPE_PEM, cert_pem)