raise an exception instead of returning an empty list for pkcs7 cert … #10360
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…loading (pyca#9947) * raise an exception instead of returning an empty list as davidben points out in pyca#9926 we are calling a specific load certificates function and an empty value doesn't necessarily mean empty because PKCS7 contains multitudes. erroring is more correct. * changelog * Update CHANGELOG.rst Co-authored-by: Alex Gaynor <[email protected]> --------- Co-authored-by: Alex Gaynor <[email protected]>
|
We intentionally did not backport this change to the 41.x release, as it is not backwards compatible. |
|
Ok, thanks for the quick reply. I'm closing the PR then. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
…loading (#9947)
as davidben points out in #9926 we are calling a specific load certificates function and an empty value doesn't necessarily mean empty because PKCS7 contains multitudes. erroring is more correct.
I know this change is backward incompatible but it synchronizes the behavior of the fix for CVE-2023-49083. Versions 41.0.x are not vulnerable anymore but version 42 has better implementation that raises ValueError.
The concern of backward compatibility is just between the latest 41.0.x releases because:
What do you think about it?