bump the minimum cryptography version (#875)
Users with older cryptography (and hence potentially older asn1crypto, a
transitive dependency) are seeing a serious bug on macOS catalina due to
the way older asn1crypto loads a shared library. While this isn't a
pyOpenSSL bug bumping this dep might prevent the bug from impacting
some users.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 2b6d732..2bf74f5 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -14,6 +14,8 @@
- Removed deprecated ``ContextType``, ``ConnectionType``, ``PKeyType``, ``X509NameType``, ``X509ReqType``, ``X509Type``, ``X509StoreType``, ``CRLType``, ``PKCS7Type``, ``PKCS12Type``, and ``NetscapeSPKIType`` aliases.
Use the classes without the ``Type`` suffix instead.
`#814 <https://github.com/pyca/pyopenssl/pull/814>`_
+- The minimum ``cryptography`` version is now 2.8 due to issues on macOS with a transitive dependency.
+ `#875 <https://github.com/pyca/pyopenssl/pull/875>`_
Deprecations:
^^^^^^^^^^^^^
diff --git a/setup.py b/setup.py
index f6d5499..3e76199 100755
--- a/setup.py
+++ b/setup.py
@@ -94,7 +94,7 @@
package_dir={"": "src"},
install_requires=[
# Fix cryptographyMinimum in tox.ini when changing this!
- "cryptography>=2.3",
+ "cryptography>=2.8",
"six>=1.5.2"
],
extras_require={
diff --git a/tox.ini b/tox.ini
index 58cfd7a..83601a6 100644
--- a/tox.ini
+++ b/tox.ini
@@ -10,7 +10,7 @@
deps =
coverage>=4.2
cryptographyMaster: git+https://github.com/pyca/cryptography.git
- cryptographyMinimum: cryptography==2.3.0
+ cryptographyMinimum: cryptography==2.8
randomorder: pytest-randomly
setenv =
# Do not allow the executing environment to pollute the test environment