Only optionally use cryptography verification

Some supported distributions can't run the newer cryptography. Make it a feature that only works with newer platforms.
2026-05-02 21:37:46 +00:00 · 2025-10-27 08:38:14 -04:00
parent 24a76612ae
commit 0ad7e99efe
1 changed files with 5 additions and 2 deletions
--- a/confluent_server/confluent/util.py
+++ b/confluent_server/confluent/util.py
@@ -34,7 +34,10 @@ import ssl
 import struct
 import eventlet.green.subprocess as subprocess
 import cryptography.x509 as x509
-import cryptography.x509.verification as verification
+try:
+    import cryptography.x509.verification as verification
+except ImportError:
+    verification = None



@@ -307,7 +310,7 @@ class TLSCertVerifier(object):
        # Mismatches, but try more traditional validation using the site CAs
        if self.subject:
            try:
-                if self.verify_by_ca(certificate):
+                if verification and self.verify_by_ca(certificate):
                    auditlog = log.Logger('audit')
                    auditlog.log({'node': self.node, 'event': 'certautoupdate',
                                  'fingerprint': fingerprint})