Add upper bound for cryptography

conda-forge · Dec 2, 2024 · 6264cc9 · 6264cc9
1 parent eb2aedd
commit 6264cc9
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/recipe/patch_yaml/pyopenssl.yaml b/recipe/patch_yaml/pyopenssl.yaml
@@ -17,3 +17,24 @@ then:
   - replace_depends:
       old: cryptography >=35.0
       new: cryptography >=35.0,<39
+---
+# The above patch has the effect of encouraging the solver
+# to prefer pyopenssl 21.0.0 instead of the latest version
+# if there is a newer cryptography version available that is
+# incompatible with all modern versions of pyopenssl. Thus
+# we need to add upper bounds for all previous versions as
+# well.
+# The specific error I see with pyopenssl 21.0.0 and
+# cryptography 44.0.0 is:
+#   .pixi/envs/default/lib/python3.12/site-packages/OpenSSL/crypto.py:1598: in X509StoreFlags
+#       NOTIFY_POLICY = _lib.X509_V_FLAG_NOTIFY_POLICY
+#   E   AttributeError: module 'lib' has no attribute 'X509_V_FLAG_NOTIFY_POLICY'. Did you mean: 'X509_V_FLAG_EXPLICIT_POLICY'?
+if:
+  name: pyopenssl
+  version_lt: "22.0.0"
+  timestamp_lt: 1733175687000
+  has_depends: cryptography*
+then:
+  - tighten_depends:
+      name: cryptography
+      upper_bound: "39"