x509.load_pem_x509_certificate no longer supports storing key in same file
elmeriniemela opened this issue · comments
After updating to 35.0.0 the code below (with a dummy self generated key-certificate pair) breaks:
dummy_cert = b"""
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIcXPp0FUHp4oCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECNNED4N6cFxiBIIJSPrGkcQevl1y
XXXGLIDVyBR93LT4zvbNL2Mh8EOcnATDuFn6GpxW7l0AZk3guy9Ts9GNymU3ya46
597fAuIHS5RpPryqVrABYAb31bXITj4KrP1WzLUXQKcfGIxlkz5G+a/bTfffLp2A
czIbIVCoFL9c0Cf7Zw0qyhPdfTXAM10pbnfOi2i2c6+mb2Iq+xOBpaGiqSym1ygo
TjOFuwo9nBFRzcd/XfndIhavjZ9a7Z5eFQTaltJW85Frm/ekhUJe7E2sVhihP5fo
XWz8PQ0V1+C+SatdiBHEqAfwE0HK4d5crwaMLWMhPDxI93XrKj5ryZVsE+KApfmd
UZnJrtocfHXwdc6jVDBF3dNMLs1dF2XBBOsakDByAyUlOXHR03FURx6mie4KxGLY
ineYCBxLhvs89C635Pcy9eemHV6GMTFE67bd5ry0rd+gKqJ21k13IbCagQwzck6a
D2bPuZDGWxj25VmsIlZDQIgjZNhoovgQpPnrJl3Zb268N7vMhYOk+RsFKMYv55SU
SnaszYpCcuABDqx1+9PFMYdTtX4axX9S6h2vGGATMd88xQjRf/ZlhxWQLW9Jh6G3
XsFLFXKsZAZ6uStEQJmDgXc22BrAU0qW1AT+JAQbK5Ttwr0mA0qyinGDlkKc62Ir
B6DrWW8PcdB/YjZa/ROXA8f7qKueQbvIsanZK9Z0R+shbYCgw8kHMjLW2rjWIJ9v
PiVkEU1KFRK+9mXX6U9+KcQmXeKr0HmiJPCAlHLFj107Bt2NzQT6C12Ve//CaCQ9
XXOk7we0EMqiJVSBmEqvah8f1EagHjKaFk4xJruhW12Dv3zm095UzmaMqSjIm5sp
oKPTH+irfXvVn8BY3AgTTL049IIc104AgNi4SpNqTZsDR+RbdOKi3RQ1mxPCBfm/
MhjJeqCFwgP6tR/jbrG17LRo1F7405d0z7TKwkIbcKNkcLwOW832isL6HCnr1vqh
VUtJk1UDUYlov3jF4jnvfhyZTq03FgXtzN+wkrXQNiOUlC7pgl7Igjx8x97qteaQ
pvGb/rokiVnlk7Ez+TamLsrGVu9fseq+XvNee/qgDRwGFQL1C76FcmqjUlGZPjSZ
3cZBJGHlyog9lm+k1rD/cvldgsXbh5DY0iTkz84dwcSzi8laF/zvMzCtP8YYUBz5
p0uEEbq6RY35vJmg2ptUcMimRqTe9p9DcfEhTZOUfqThcp7C3qMMzGiEuCCf5S32
wziPgBGRrm7+Z6P+lOtGSeGXfF4hw2RCfooU14OyCBy+bCuXBtHyEdnurLX9xetH
QOdyTaSVk4Ia2/OMAv/0sdYSabfd1Vp68wv/vm/ea1SWXoDlZdEn2OssdoGOdxUz
i68ZrUgRDv17slYvarlwlpE1QJdluXXj2SS9s8e3uZF2s9qJTroxFYe0RkI0ajuP
HC8KyRihnnzm6ZALfeavKnfcIntuxZZJ3iaJn6ifOUM+XU/NmsDgO+xysVnDTbaH
ZKxYrEWbLBg2wdHeoeIz1Ub2Bxb7gFOkoS1ZiuKqeTYKjHoFG41Ywu7eRNw48MGn
115b1ghMdS8VAIcupVdl0Rml50G5LlxUq/ByjxfP3WfRCsU3ZH+YEGJI/aIbU8zA
VaqDtqhlpjL7wu0Bs4MF/BfT77WTSmCZK/92bYyVCX8iAc0pQ8xflVrytPgqJc8F
vQlDxzM8u0Yi4MfhC5qaKFBXmvvdyiBPVA0LcknurYPkznOOm0VGfPtZR0or8XQU
sAgr++Y/I/8jAHnf7XJmNAkDOHFAhDMtAFOCI+NLYZXKK0kQeVUDHPQs71odXmDo
wAzRDLEqe1wD3xd11IN1Q7XPkgrkcvO+T6+cXrvTnUDy9FLFolmYzxx/k15P0JYh
+u5SUV7Y7KsPSMmgntpEGt+U9my3Xredjnkod4vfb0qG3nF7B39UpZFyIcNp18uE
gYg2+JBXBzUQXYlB0KhlTjyvecaGIrhEvNIpKGDHJ6Dlr0IbTnx3AFC7ANLguJO9
K9JHQ4GfHxOyZIermHK8kVqgeb7ScJlEjWdmIROg0sk39yV9DIQiyOavM/4DxPN2
2K2hHRbb0J12h0nxwPP1UdmevNnT3gducRN8sbzMz0zF5tRaEVskn2jl+rpO/W9b
acBgmL3gKhkBv2BpDsF38PgapuHe5Y1fq2tCMe4bIdC7+2oi1VAQ1dkrirY8zk7K
9fFpp2QigEZGBgzZTPlktFbjZ0yo70AvMO2SbpzVrzj1wPVvteNUsSrTpGFeegdE
vzdwb3WZQqMICLETKHFkKpzS9eW27wl1pwpy2iqb25L2sQQ+AqLNpMCRvvcDh1j0
BL4peqykZQpWF1aBxWV6sC9b2zp7s6/CiCMTKCnxcxqxCmVVZNg5/eFhCDKqsevR
wP51A6v/hrgiAm48RBo2YuSeurrAFeZmhi+UrnoRNzhlj1L9gIHq+o986mbNwamd
n9Ohviu/1OKCVFfoL0BvVnt78ei0Vp5DtyfH9JZWlqNS9STaGiCvnZl2JiMa2zaw
EcXqHnf75rHRqpUHUbxw4DdrWLwm9r9B/Wv+ri9MJlOTyrczOfyo+s2DtAzsDHV8
o2fmKdQKnjF3VRZyyDaitrT3rN6E0HMXYT273qbCD//balFBVKALpdjAa6994lCy
QY1QOny+HXrGkVQ46lHRgzZF+NYFeOF2il00XCEXOeXPOL/3gGWZPE08r9VC3Zko
r1qFdXCnX7c03nE6iuE8DwoPF2+YCT7WiwNI/ko40kJL3UiX3FGvhlkRGg6x1Fo5
2Iz8MU996H7hHf9vbtR9eWPsM3Z8YgMetEwpIAxInOB+iFIWYMJ2EH970ClpJndA
QKtp3RWCuEqwcwthtCfGTqvFNiYexh3hBR1wUvT4gy1+BpdDaABoXYtAb/HjivOF
ha9cZAMYrK5b8dY2nQnRFg1RCAP2mLjePDkCj5KoIlCyTUO+VEOhbWjoGbIuRBkO
1rENFpqaIfeY1k48rpcoD62+FSkG3C0O78u4r74+mpSWVJNEVLeEzjCezotALIAY
D7kIevbxDlWZ8KTkTBJJHMWewILVxfZqUV/wQMtv949W2hAMGl3ar3VUnehQMusK
WOZcPqRfX+bawhF/Jm8lvqx2SVvbV9QSRWdITjzlS7P4EfLG8+EwWipGORip8DhZ
QPihld/g9JeFdBAJ6jF3fw==
-----END ENCRYPTED PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIUM6d0h3QRVd9iBJGlDebxSW1hDVEwDQYJKoZIhvcNAQEL
BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMTExMDEwOTI5MjZaFw0yMjEx
MDEwOTI5MjZaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQDKlxqOwo1F3N4pzrwYVIjKjQ2T5PnW2u78WZTXWwPQ
YQzFKMtzAtGFbjotn0SFcdIm24M+j2Wbop87xBOt74LVGoA2d2LM4RpAabWwjVIu
hpND5g4SnAImRrXsPGRWxj7PSJiDkdnRLUTrtHnNEOie5q/gDcV/r0E10CYAkefr
VQPh2OM0u+BHAprhShCZdalfdI3abyfwUvYcIUQRDZsNGPcpQ9YWB0i2s7hpNYRa
oEc4xQZPpxykgTGguB/AkmyY3ZWGmfHJDIhWFAjzPrc1rdQC3CXULFewTcxAL0A9
RFAyIG7Mef8CwWZeDFU5969pm0SQsTVSKP/j9ezfCAF7ng6Re+KKwjUb/eJmvET+
q4IbIXTOpuogqV+/ELLqAdcRGfO64l7By6j0+XeG7jvEOGxWhwj8gAVcN18oDifq
wAJmq7tl+j8EcqMdk+bUvU36yB5p0HB4l9yjbkIDHer8BxdMNhFxO3T7TdviFVPy
2VrR1H4e/EdEN17jptZTxmYFAlVbWf9UFo70nv/BPDOHtwwfoGgCW1j+DVd+NS90
FBNoNlICPNGJAzySb5aybUzV+S7DRGoBg9JFwIT2G41vdoElpI8VCq3pXxIeXf3n
qYjXcyLeED/CFYqL1LomhrUZlncz7ionZKYqYLTgOTULvJNZRagAtioabS8msDoI
4wIDAQABo1MwUTAdBgNVHQ4EFgQUDWBcbhAQeL9b4I2qC+ZPjoumg6QwHwYDVR0j
BBgwFoAUDWBcbhAQeL9b4I2qC+ZPjoumg6QwDwYDVR0TAQH/BAUwAwEB/zANBgkq
hkiG9w0BAQsFAAOCAgEAvQvYrL6nBqZywKbFT3vA5RTERyKb9EyvgRSTCMEnd08K
BgRSHgMprtw30+BMvsAAcfHHGBBzm2Puvchxrjmw3PY2Znu/CQLASWPr+FuO7nXf
8FQk+Y6xjksC1HpGY2OzLS/luNSpB0dCtG65BSlkYIOS67ngJlch4miPAiP+cWIH
sr8W1p1VctwGxRRXwLaaMVqb6w8J4663G3gkp7UTbvyJSVPq0aPUbfLzi9Hnt9iJ
aoA+H54iemhDQg+3j5WCcq6WN8/iSUxiyCimSUrLVELBYlYFh6EMTGjhGB++a7yv
/Z00gQ/TP9PhR3HxpTBhlPW/AFAc6zeoRyvBGPDkkfV2DLQku8Lq4lSK+DiVcVkZ
jWWMBEtIFX6r8ZXySBjmxo2AMOHFNicdFHpO/C2wtsApSZv41am3mR0sBoOSySDe
jrTBZBl3gkx7H5YdYH9dHewXYwTRn425JPB8YtCceEcPPFHHJexP3REH6Hv6HvCa
S6r6FjNg3sHR2n3yxMxoLlBwlp2ADza65EtKoXtT0qm80nmCxN2v6Rt33hWTzm1L
nbIoutgiYIVKcDfNvKBj2fz2mm9hxmpwC7abbJTixO1Oa+91OmjsnY7LTYV64X04
MdUrc1ZwZz5JZ5uZQS9AJSfT08a2nCSYbaf3PeiwUFNYG1/CEDY2U/dLYGJzVns=
-----END CERTIFICATE-----
"""
from cryptography import x509
cert = x509.load_pem_x509_certificate(dummy_cert)Error:
Traceback (most recent call last):
File "cert.py", line 90, in <module>
cert = x509.load_pem_x509_certificate(dummy_cert)
File "/home/elmeri/.venv/odoo14/lib/python3.8/site-packages/cryptography/x509/base.py", line 436, in load_pem_x509_certificate
return rust_x509.load_pem_x509_certificate(data)
ValueError: Valid PEM but no BEGIN CERTIFICATE/END CERTIFICATE delimiters. Are you sure this is a certificate?
Workaround is to roll-back to an older release:
pip install cryptography==3.4.8
This was fixed in #6365, which will be released as part of 36.0