Split up the one big CRL test and deprecate the default message digest.
diff --git a/OpenSSL/crypto.py b/OpenSSL/crypto.py
index 95ccc18..9f44b44 100644
--- a/OpenSSL/crypto.py
+++ b/OpenSSL/crypto.py
@@ -2,6 +2,7 @@
from base64 import b16encode
from functools import partial
from operator import __eq__, __ne__, __lt__, __le__, __gt__, __ge__
+from warnings import warn as _warn
from six import (
integer_types as _integer_types,
@@ -24,6 +25,10 @@
TYPE_RSA = _lib.EVP_PKEY_RSA
TYPE_DSA = _lib.EVP_PKEY_DSA
+# A marker object to observe whether some optional arguments are passed any
+# value or not.
+_undefined = object()
+
class Error(Exception):
"""
@@ -1707,7 +1712,8 @@
_raise_current_error()
- def export(self, cert, key, type=FILETYPE_PEM, days=100, digest="md5"):
+ def export(self, cert, key, type=FILETYPE_PEM, days=100,
+ digest=_undefined):
"""
export a CRL as a string
@@ -1722,7 +1728,7 @@
:param days: The number of days until the next update of this CRL.
:type days: :py:data:`int`
- :param digest: The message digest to use
+ :param digest: The message digest to use (eg ``"sha1"``).
:type digest: :py:data:`str`
:return: :py:data:`str`
@@ -1734,6 +1740,15 @@
if not isinstance(type, int):
raise TypeError("type must be an integer")
+ if digest is _undefined:
+ _warn(
+ "The default message digest (md5) is deprecated. "
+ "Pass the name of a message digest explicitly.",
+ category=DeprecationWarning,
+ stacklevel=2,
+ )
+ digest = "md5"
+
digest_obj = _lib.EVP_get_digestbyname(_byte_string(digest))
if digest_obj == _ffi.NULL:
raise ValueError("No such digest method")