MB-55841 Set CRYPTOGRAPHY_OPENSSL_NO_LEGACY

safianalicb · safianalicb · commit f8e383faae8e · 2023-03-14T08:32:31.000Z
Currently, the "import pem" step fails due to a dependency in the cryptography library, which seems to fail on Macs if the above environment variable is not set. This change automatically sets CRYPTOGRAPHY_OPENSSL_NO_LEGACY, allowing the import step to work and couchbase-cli Change-Id: I4880163528c571f21710cb1d2900f60194741394 Reviewed-on: https://review.couchbase.org/c/couchbase-cli/+/187911 Tested-by: Build Bot <build@couchbase.com> Reviewed-by: James Lee <james.lee@couchbase.com>
diff --git a/x509_adapter.py b/x509_adapter.py
@@ -15,11 +15,19 @@
 # limitations under the License.
 
 import base64
+import os  # noqa
 import ssl
 from pathlib import Path
 from typing import Optional, Tuple
 
 import Crypto.IO.PKCS8 as pkcs8
+
+"""This environment variable is needed to prevent the "import pem" step is failing on MacOS.
+pem imports OpenSSL, which imports cryptography, which seems to fail as the MacOS version of OpenSSL doesn't seem to
+have the legacy algorithms required. Since we don't use any of these algorithms in this file, setting this environment
+variable solves the issue without problem.
+"""
+os.environ["CRYPTOGRAPHY_OPENSSL_NO_LEGACY"] = "true"  # noqa
 import pem
 from cryptography import x509
 from cryptography.exceptions import UnsupportedAlgorithm
