Deprecated pkcs7 and pkcs12 support (#921)

2 files changed, 25 insertions, 1 deletions

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index d188dc6..d2c92e3 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -19,6 +19,8 @@ Backward-incompatible changes:
 Deprecations:
 ^^^^^^^^^^^^^
 
+- Deprecated ``OpenSSL.crypto.loads_pkcs7`` and ``OpenSSL.crypto.loads_pkcs12``.
+
 *none*
 
 
diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py
index 0744ca7..1b1e93e 100644
--- a/src/OpenSSL/crypto.py
+++ b/src/OpenSSL/crypto.py
@@ -10,7 +10,7 @@ from six import (
     PY2 as _PY2,
 )
 
-from cryptography import x509
+from cryptography import utils, x509
 from cryptography.hazmat.primitives.asymmetric import dsa, rsa
 
 from OpenSSL._util import (
@@ -3010,6 +3010,17 @@ def load_pkcs7_data(type, buffer):
     return pypkcs7
 
 
+load_pkcs7_data = utils.deprecated(
+    load_pkcs7_data,
+    __name__,
+    (
+        "PKCS#7 support in pyOpenSSL is deprecated. You should use the APIs "
+        "in cryptography."
+    ),
+    DeprecationWarning,
+)
+
+
 def load_pkcs12(buffer, passphrase=None):
     """
     Load pkcs12 data from the string *buffer*. If the pkcs12 structure is
@@ -3097,6 +3108,17 @@ def load_pkcs12(buffer, passphrase=None):
     return pkcs12
 
 
+load_pkcs12 = utils.deprecated(
+    load_pkcs12,
+    __name__,
+    (
+        "PKCS#12 support in pyOpenSSL is deprecated. You should use the APIs "
+        "in cryptography."
+    ),
+    DeprecationWarning,
+)
+
+
 # There are no direct unit tests for this initialization.  It is tested
 # indirectly since it is necessary for functions like dump_privatekey when
 # using encryption.