From 2bd13c397df6513776526f29ce7d108b5993a8e9 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Tue, 14 Apr 2026 10:45:03 -0400 Subject: [PATCH] Rework for older python cryptography compatibility --- confluent_server/confluent/util.py | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/confluent_server/confluent/util.py b/confluent_server/confluent/util.py index 08f98bed..8cf040b6 100644 --- a/confluent_server/confluent/util.py +++ b/confluent_server/confluent/util.py @@ -278,15 +278,18 @@ class TLSCertVerifier(object): if not certs: return False castore = verification.Store(certs) - _polbuilder = verification.PolicyBuilder() - eep = verification.ExtensionPolicy.permit_all().require_present( - x509.SubjectAlternativeName, verification.Criticality.AGNOSTIC, None).may_be_present( - x509.KeyUsage, verification.Criticality.AGNOSTIC, None) - cap = verification.ExtensionPolicy.webpki_defaults_ca().require_present( - x509.BasicConstraints, verification.Criticality.AGNOSTIC, None).may_be_present( - x509.KeyUsage, verification.Criticality.AGNOSTIC, None) - _polbuilder = _polbuilder.store(castore).extension_policies( - ee_policy=eep, ca_policy=cap) + _polbuilder = verification.PolicyBuilder().store(castore) + try: + eep = verification.ExtensionPolicy.permit_all().require_present( + x509.SubjectAlternativeName, verification.Criticality.AGNOSTIC, None).may_be_present( + x509.KeyUsage, verification.Criticality.AGNOSTIC, None) + cap = verification.ExtensionPolicy.webpki_defaults_ca().require_present( + x509.BasicConstraints, verification.Criticality.AGNOSTIC, None).may_be_present( + x509.KeyUsage, verification.Criticality.AGNOSTIC, None) + _polbuilder = _polbuilder.extension_policies( + ee_policy=eep, ca_policy=cap) + except AttributeError: + pass try: addr = ipaddress.ip_address(self.subject) subject = x509.IPAddress(addr)