Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-pyOpenSSL for
openSUSE:Factory checked in at 2023-03-29 23:26:51
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-pyOpenSSL (Old)
and /work/SRC/openSUSE:Factory/.python-pyOpenSSL.new.31432 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-pyOpenSSL"
Wed Mar 29 23:26:51 2023 rev:49 rq:1075038 version:23.1.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-pyOpenSSL/python-pyOpenSSL.changes
2023-01-03 15:04:35.758240426 +0100
+++
/work/SRC/openSUSE:Factory/.python-pyOpenSSL.new.31432/python-pyOpenSSL.changes
2023-03-29 23:27:04.383420551 +0200
@@ -1,0 +2,18 @@
+Tue Mar 28 15:40:13 UTC 2023 - Dirk Müller <[email protected]>
+
+- update to 23.1.1:
+ * Worked around an issue in OpenSSL 3.1.0 which caused
+ `X509Extension.get_short_name` to raise an exception when no
+ short name was known to OpenSSL.
+
+-------------------------------------------------------------------
+Mon Mar 27 07:54:16 UTC 2023 - Dirk Müller <[email protected]>
+
+- update to 23.1.0:
+ * ``cryptography`` maximum version has been increased to
+ 40.0.x.
+ * Add ``OpenSSL.SSL.Connection.DTLSv1_get_timeout`` and
+ ``OpenSSL.SSL.Connection.DTLSv1_handle_timeout``
+ to support DTLS timeouts `#1180
+
+-------------------------------------------------------------------
Old:
----
pyOpenSSL-23.0.0.tar.gz
New:
----
pyOpenSSL-23.1.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-pyOpenSSL.spec ++++++
--- /var/tmp/diff_new_pack.RqRJD3/_old 2023-03-29 23:27:04.935423145 +0200
+++ /var/tmp/diff_new_pack.RqRJD3/_new 2023-03-29 23:27:04.939423164 +0200
@@ -27,7 +27,7 @@
%endif
%global skip_python2 1
Name: python-pyOpenSSL%{psuffix}
-Version: 23.0.0
+Version: 23.1.1
Release: 0
Summary: Python wrapper module around the OpenSSL library
License: Apache-2.0
@@ -41,7 +41,7 @@
BuildRequires: fdupes
BuildRequires: python-rpm-macros
%if %{with test}
-BuildRequires: %{python_module cryptography >= 38.0.0 with
%python-cryptography < 40}
+BuildRequires: %{python_module cryptography >= 38.0.0 with
%python-cryptography < 41}
BuildRequires: %{python_module flaky}
BuildRequires: %{python_module pretend}
BuildRequires: %{python_module pyOpenSSL >= %version}
@@ -50,7 +50,7 @@
BuildRequires: openssl
%endif
Requires: python-cffi
-Requires: (python-cryptography >= 38.0.0 with python-cryptography < 40)
+Requires: (python-cryptography >= 38.0.0 with python-cryptography < 41)
Provides: pyOpenSSL = %{version}
BuildArch: noarch
%python_subpackages
++++++ pyOpenSSL-23.0.0.tar.gz -> pyOpenSSL-23.1.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-23.0.0/CHANGELOG.rst
new/pyOpenSSL-23.1.1/CHANGELOG.rst
--- old/pyOpenSSL-23.0.0/CHANGELOG.rst 2023-01-02 05:29:00.000000000 +0100
+++ new/pyOpenSSL-23.1.1/CHANGELOG.rst 2023-03-28 05:07:36.000000000 +0200
@@ -4,6 +4,37 @@
Versions are year-based with a strict backward-compatibility policy.
The third digit is only for regressions.
+23.1.1 (2023-03-28)
+-------------------
+
+Backward-incompatible changes:
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Deprecations:
+^^^^^^^^^^^^^
+
+Changes:
+^^^^^^^^
+
+- Worked around an issue in OpenSSL 3.1.0 which caused
`X509Extension.get_short_name` to raise an exception when no short name was
known to OpenSSL.
+ `#1204 <https://github.com/pyca/pyopenssl/pull/1204>`_.
+
+23.1.0 (2023-03-24)
+-------------------
+
+Backward-incompatible changes:
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Deprecations:
+^^^^^^^^^^^^^
+
+Changes:
+^^^^^^^^
+
+- ``cryptography`` maximum version has been increased to 40.0.x.
+- Add ``OpenSSL.SSL.Connection.DTLSv1_get_timeout`` and
``OpenSSL.SSL.Connection.DTLSv1_handle_timeout``
+ to support DTLS timeouts `#1180
<https://github.com/pyca/pyopenssl/pull/1180>`_.
+
23.0.0 (2023-01-01)
-------------------
@@ -28,7 +59,7 @@
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Remove support for SSLv2 and SSLv3.
-- The minimum ``cryptography`` version is now 38.0.x (and we now pin releases
+- The minimum ``cryptography`` version is now 38.0.x (and we now pin releases
against ``cryptography`` major versions to prevent future breakage)
- The ``OpenSSL.crypto.X509StoreContextError`` exception has been refactored,
changing its internal attributes.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-23.0.0/PKG-INFO
new/pyOpenSSL-23.1.1/PKG-INFO
--- old/pyOpenSSL-23.0.0/PKG-INFO 2023-01-02 05:30:57.825963000 +0100
+++ new/pyOpenSSL-23.1.1/PKG-INFO 2023-03-28 05:09:15.759759400 +0200
@@ -1,12 +1,13 @@
Metadata-Version: 2.1
Name: pyOpenSSL
-Version: 23.0.0
+Version: 23.1.1
Summary: Python wrapper module around the OpenSSL library
Home-page: https://pyopenssl.org/
Author: The pyOpenSSL developers
Author-email: [email protected]
License: Apache License, Version 2.0
Project-URL: Source, https://github.com/pyca/pyopenssl
+Platform: UNKNOWN
Classifier: Development Status :: 6 - Mature
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Apache Software License
@@ -81,6 +82,37 @@
Release Information
===================
+23.1.1 (2023-03-28)
+-------------------
+
+Backward-incompatible changes:
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Deprecations:
+^^^^^^^^^^^^^
+
+Changes:
+^^^^^^^^
+
+- Worked around an issue in OpenSSL 3.1.0 which caused
`X509Extension.get_short_name` to raise an exception when no short name was
known to OpenSSL.
+ `#1204 <https://github.com/pyca/pyopenssl/pull/1204>`_.
+
+23.1.0 (2023-03-24)
+-------------------
+
+Backward-incompatible changes:
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Deprecations:
+^^^^^^^^^^^^^
+
+Changes:
+^^^^^^^^
+
+- ``cryptography`` maximum version has been increased to 40.0.x.
+- Add ``OpenSSL.SSL.Connection.DTLSv1_get_timeout`` and
``OpenSSL.SSL.Connection.DTLSv1_handle_timeout``
+ to support DTLS timeouts `#1180
<https://github.com/pyca/pyopenssl/pull/1180>`_.
+
23.0.0 (2023-01-01)
-------------------
@@ -105,7 +137,7 @@
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Remove support for SSLv2 and SSLv3.
-- The minimum ``cryptography`` version is now 38.0.x (and we now pin releases
+- The minimum ``cryptography`` version is now 38.0.x (and we now pin releases
against ``cryptography`` major versions to prevent future breakage)
- The ``OpenSSL.crypto.X509StoreContextError`` exception has been refactored,
changing its internal attributes.
@@ -254,3 +286,5 @@
`Full changelog <https://pyopenssl.org/en/stable/changelog.html>`_.
+
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-23.0.0/setup.py
new/pyOpenSSL-23.1.1/setup.py
--- old/pyOpenSSL-23.0.0/setup.py 2023-01-02 05:29:00.000000000 +0100
+++ new/pyOpenSSL-23.1.1/setup.py 2023-03-28 05:07:24.000000000 +0200
@@ -8,7 +8,6 @@
Installation script for the OpenSSL package.
"""
-import codecs
import os
import re
@@ -21,10 +20,12 @@
def read_file(*parts):
"""
- Build an absolute path from *parts* and and return the contents of the
+ Build an absolute path from *parts* and return the contents of the
resulting file. Assume UTF-8 encoding.
"""
- with codecs.open(os.path.join(HERE, *parts), "rb", "ascii") as f:
+ with open(
+ os.path.join(HERE, *parts), "r", encoding="utf-8", newline=None
+ ) as f:
return f.read()
@@ -97,7 +98,7 @@
package_dir={"": "src"},
install_requires=[
# Fix cryptographyMinimum in tox.ini when changing this!
- "cryptography>=38.0.0,<40",
+ "cryptography>=38.0.0,<41",
],
extras_require={
"test": ["flaky", "pretend", "pytest>=3.0.1"],
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-23.0.0/src/OpenSSL/SSL.py
new/pyOpenSSL-23.1.1/src/OpenSSL/SSL.py
--- old/pyOpenSSL-23.0.0/src/OpenSSL/SSL.py 2022-10-24 04:50:37.000000000
+0200
+++ new/pyOpenSSL-23.1.1/src/OpenSSL/SSL.py 2023-03-28 05:07:24.000000000
+0200
@@ -1916,7 +1916,6 @@
buf = _text_to_bytes_and_warn("buf", buf)
with _ffi.from_buffer(buf) as data:
-
left_to_send = len(buf)
total_sent = 0
@@ -2160,6 +2159,37 @@
if result < 0:
self._raise_ssl_error(self._ssl, result)
+ def DTLSv1_get_timeout(self):
+ """
+ Determine when the DTLS SSL object next needs to perform internal
+ processing due to the passage of time.
+
+ When the returned number of seconds have passed, the
+ :meth:`DTLSv1_handle_timeout` method needs to be called.
+
+ :return: The time left in seconds before the next timeout or `None`
+ if no timeout is currently active.
+ """
+ ptv_sec = _ffi.new("time_t *")
+ ptv_usec = _ffi.new("long *")
+ if _lib.Cryptography_DTLSv1_get_timeout(self._ssl, ptv_sec, ptv_usec):
+ return ptv_sec[0] + (ptv_usec[0] / 1000000)
+ else:
+ return None
+
+ def DTLSv1_handle_timeout(self):
+ """
+ Handles any timeout events which have become pending on a DTLS SSL
+ object.
+
+ :return: `True` if there was a pending timeout, `False` otherwise.
+ """
+ result = _lib.DTLSv1_handle_timeout(self._ssl)
+ if result < 0:
+ self._raise_ssl_error(self._ssl, result)
+ else:
+ return bool(result)
+
def bio_shutdown(self):
"""
If the Connection was created with a memory BIO, this method can be
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-23.0.0/src/OpenSSL/crypto.py
new/pyOpenSSL-23.1.1/src/OpenSSL/crypto.py
--- old/pyOpenSSL-23.0.0/src/OpenSSL/crypto.py 2023-01-02 03:57:32.000000000
+0100
+++ new/pyOpenSSL-23.1.1/src/OpenSSL/crypto.py 2023-03-28 05:07:36.000000000
+0200
@@ -904,7 +904,14 @@
"""
obj = _lib.X509_EXTENSION_get_object(self._extension)
nid = _lib.OBJ_obj2nid(obj)
- return _ffi.string(_lib.OBJ_nid2sn(nid))
+ # OpenSSL 3.1.0 has a bug where nid2sn returns NULL for NIDs that
+ # previously returned UNDEF. This is a workaround for that issue.
+ # https://github.com/openssl/openssl/commit/908ba3ed9adbb3df90f76
+ buf = _lib.OBJ_nid2sn(nid)
+ if buf != _ffi.NULL:
+ return _ffi.string(buf)
+ else:
+ return b"UNDEF"
def get_data(self) -> bytes:
"""
@@ -2556,7 +2563,6 @@
class PKCS7:
-
_pkcs7: Any
def type_is_signed(self) -> bool:
@@ -2920,7 +2926,6 @@
def raise_if_problem(self, exceptionType: Type[Exception] = Error) -> None:
if self._problems:
-
# Flush the OpenSSL error queue
try:
_exception_from_error_queue(exceptionType)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-23.0.0/src/OpenSSL/version.py
new/pyOpenSSL-23.1.1/src/OpenSSL/version.py
--- old/pyOpenSSL-23.0.0/src/OpenSSL/version.py 2023-01-02 05:29:00.000000000
+0100
+++ new/pyOpenSSL-23.1.1/src/OpenSSL/version.py 2023-03-28 05:07:36.000000000
+0200
@@ -17,7 +17,7 @@
"__version__",
]
-__version__ = "23.0.0"
+__version__ = "23.1.1"
__title__ = "pyOpenSSL"
__uri__ = "https://pyopenssl.org/";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-23.0.0/src/pyOpenSSL.egg-info/PKG-INFO
new/pyOpenSSL-23.1.1/src/pyOpenSSL.egg-info/PKG-INFO
--- old/pyOpenSSL-23.0.0/src/pyOpenSSL.egg-info/PKG-INFO 2023-01-02
05:30:57.000000000 +0100
+++ new/pyOpenSSL-23.1.1/src/pyOpenSSL.egg-info/PKG-INFO 2023-03-28
05:09:15.000000000 +0200
@@ -1,12 +1,13 @@
Metadata-Version: 2.1
Name: pyOpenSSL
-Version: 23.0.0
+Version: 23.1.1
Summary: Python wrapper module around the OpenSSL library
Home-page: https://pyopenssl.org/
Author: The pyOpenSSL developers
Author-email: [email protected]
License: Apache License, Version 2.0
Project-URL: Source, https://github.com/pyca/pyopenssl
+Platform: UNKNOWN
Classifier: Development Status :: 6 - Mature
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Apache Software License
@@ -81,6 +82,37 @@
Release Information
===================
+23.1.1 (2023-03-28)
+-------------------
+
+Backward-incompatible changes:
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Deprecations:
+^^^^^^^^^^^^^
+
+Changes:
+^^^^^^^^
+
+- Worked around an issue in OpenSSL 3.1.0 which caused
`X509Extension.get_short_name` to raise an exception when no short name was
known to OpenSSL.
+ `#1204 <https://github.com/pyca/pyopenssl/pull/1204>`_.
+
+23.1.0 (2023-03-24)
+-------------------
+
+Backward-incompatible changes:
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Deprecations:
+^^^^^^^^^^^^^
+
+Changes:
+^^^^^^^^
+
+- ``cryptography`` maximum version has been increased to 40.0.x.
+- Add ``OpenSSL.SSL.Connection.DTLSv1_get_timeout`` and
``OpenSSL.SSL.Connection.DTLSv1_handle_timeout``
+ to support DTLS timeouts `#1180
<https://github.com/pyca/pyopenssl/pull/1180>`_.
+
23.0.0 (2023-01-01)
-------------------
@@ -105,7 +137,7 @@
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Remove support for SSLv2 and SSLv3.
-- The minimum ``cryptography`` version is now 38.0.x (and we now pin releases
+- The minimum ``cryptography`` version is now 38.0.x (and we now pin releases
against ``cryptography`` major versions to prevent future breakage)
- The ``OpenSSL.crypto.X509StoreContextError`` exception has been refactored,
changing its internal attributes.
@@ -254,3 +286,5 @@
`Full changelog <https://pyopenssl.org/en/stable/changelog.html>`_.
+
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-23.0.0/src/pyOpenSSL.egg-info/requires.txt
new/pyOpenSSL-23.1.1/src/pyOpenSSL.egg-info/requires.txt
--- old/pyOpenSSL-23.0.0/src/pyOpenSSL.egg-info/requires.txt 2023-01-02
05:30:57.000000000 +0100
+++ new/pyOpenSSL-23.1.1/src/pyOpenSSL.egg-info/requires.txt 2023-03-28
05:09:15.000000000 +0200
@@ -1,4 +1,4 @@
-cryptography<40,>=38.0.0
+cryptography<41,>=38.0.0
[docs]
sphinx!=5.2.0,!=5.2.0.post0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-23.0.0/tests/test_crypto.py
new/pyOpenSSL-23.1.1/tests/test_crypto.py
--- old/pyOpenSSL-23.0.0/tests/test_crypto.py 2022-12-16 17:05:37.000000000
+0100
+++ new/pyOpenSSL-23.1.1/tests/test_crypto.py 2023-03-28 05:07:36.000000000
+0200
@@ -1681,6 +1681,14 @@
exts = request.get_extensions()
assert len(exts) == 2
+ def test_undef_oid(self):
+ assert (
+ X509Extension(
+ b"1.2.3.4.5.6.7", False, b"DER:05:00"
+ ).get_short_name()
+ == b"UNDEF"
+ )
+
def test_add_extensions_wrong_args(self):
"""
`X509Req.add_extensions` raises `TypeError` if called with a
@@ -2524,7 +2532,7 @@
b"-passin",
b"pass:" + passwd,
*extra,
- )
+ ).replace(b"\r\n", b"\n")
assert recovered_key[-len(key) :] == key
if cert:
recovered_cert = _runopenssl(
@@ -2536,7 +2544,7 @@
b"pass:" + passwd,
b"-nokeys",
*extra,
- )
+ ).replace(b"\r\n", b"\n")
assert recovered_cert[-len(cert) :] == cert
if ca:
recovered_cert = _runopenssl(
@@ -2548,7 +2556,7 @@
b"pass:" + passwd,
b"-nokeys",
*extra,
- )
+ ).replace(b"\r\n", b"\n")
assert recovered_cert[-len(ca) :] == ca
def verify_pkcs12_container(self, p12):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-23.0.0/tests/test_ssl.py
new/pyOpenSSL-23.1.1/tests/test_ssl.py
--- old/pyOpenSSL-23.0.0/tests/test_ssl.py 2022-12-16 04:25:25.000000000
+0100
+++ new/pyOpenSSL-23.1.1/tests/test_ssl.py 2023-03-28 05:07:24.000000000
+0200
@@ -9,6 +9,7 @@
import gc
import select
import sys
+import time
import uuid
from errno import (
EAFNOSUPPORT,
@@ -359,11 +360,10 @@
# Copy stuff from each side's send buffer to the other side's
# receive buffer.
- for (read, write) in [
+ for read, write in [
(client_conn, server_conn),
(server_conn, client_conn),
]:
-
# Give the side a chance to generate some more bytes, or succeed.
try:
data = read.recv(2**16)
@@ -1140,23 +1140,30 @@
self._load_verify_locations_test(None, capath)
- def test_load_verify_directory_bytes_capath(self, tmpfile):
+ @pytest.mark.parametrize(
+ "pathtype",
+ [
+ "ascii_path",
+ pytest.param(
+ "unicode_path",
+ marks=pytest.mark.skipif(
+ platform == "win32",
+ reason="Unicode paths not supported on Windows",
+ ),
+ ),
+ ],
+ )
+ @pytest.mark.parametrize("argtype", ["bytes_arg", "unicode_arg"])
+ def test_load_verify_directory_capath(self, pathtype, argtype, tmpfile):
"""
`Context.load_verify_locations` accepts a directory name as a `bytes`
instance and uses the certificates within for verification purposes.
"""
- self._load_verify_directory_locations_capath(
- tmpfile + NON_ASCII.encode(getfilesystemencoding())
- )
-
- def test_load_verify_directory_unicode_capath(self, tmpfile):
- """
- `Context.load_verify_locations` accepts a directory name as a `unicode`
- instance and uses the certificates within for verification purposes.
- """
- self._load_verify_directory_locations_capath(
- tmpfile.decode(getfilesystemencoding()) + NON_ASCII
- )
+ if pathtype == "unicode_path":
+ tmpfile += NON_ASCII.encode(getfilesystemencoding())
+ if argtype == "unicode_arg":
+ tmpfile = tmpfile.decode(getfilesystemencoding())
+ self._load_verify_directory_locations_capath(tmpfile)
def test_load_verify_locations_wrong_args(self):
"""
@@ -2838,23 +2845,24 @@
"""
client_socket, server_socket = socket_pair()
# Fill up the client's send buffer so Connection won't be able to write
- # anything. Only write a single byte at a time so we can be sure we
+ # anything. Start by sending larger chunks (Windows Socket I/O is slow)
+ # and continue by writing a single byte at a time so we can be sure we
# completely fill the buffer. Even though the socket API is allowed to
# signal a short write via its return value it seems this doesn't
# always happen on all platforms (FreeBSD and OS X particular) for the
# very last bit of available buffer space.
- msg = b"x"
- for i in range(1024 * 1024 * 64):
- try:
- client_socket.send(msg)
- except error as e:
- if e.errno == EWOULDBLOCK:
- break
- raise
- else:
- pytest.fail(
- "Failed to fill socket buffer, cannot test BIO want write"
- )
+ for msg in [b"x" * 65536, b"x"]:
+ for i in range(1024 * 1024 * 64):
+ try:
+ client_socket.send(msg)
+ except error as e:
+ if e.errno == EWOULDBLOCK:
+ break
+ raise # pragma: no cover
+ else: # pragma: no cover
+ pytest.fail(
+ "Failed to fill socket buffer, cannot test BIO want write"
+ )
ctx = Context(SSLv23_METHOD)
conn = Connection(ctx, client_socket)
@@ -3753,13 +3761,16 @@
"""
If the connection is lost before an orderly SSL shutdown occurs,
`OpenSSL.SSL.SysCallError` is raised with a message of
- "Unexpected EOF".
+ "Unexpected EOF" (or WSAECONNRESET on Windows).
"""
server_conn, client_conn = loopback()
client_conn.sock_shutdown(SHUT_RDWR)
with pytest.raises(SysCallError) as err:
server_conn.recv(1024)
- assert err.value.args == (-1, "Unexpected EOF")
+ if platform == "win32":
+ assert err.value.args == (10054, "WSAECONNRESET")
+ else:
+ assert err.value.args == (-1, "Unexpected EOF")
def _check_client_ca_list(self, func):
"""
@@ -4370,10 +4381,11 @@
# new versions of OpenSSL, this is unnecessary, but harmless, because the
# DTLS state machine treats it like a network hiccup that duplicated a
# packet, which DTLS is robust against.
- def test_it_works_at_all(self):
- # arbitrary number larger than any conceivable handshake volley
- LARGE_BUFFER = 65536
+ # Arbitrary number larger than any conceivable handshake volley.
+ LARGE_BUFFER = 65536
+
+ def test_it_works_at_all(self):
s_ctx = Context(DTLS_METHOD)
def generate_cookie(ssl):
@@ -4404,7 +4416,7 @@
def pump_membio(label, source, sink):
try:
- chunk = source.bio_read(LARGE_BUFFER)
+ chunk = source.bio_read(self.LARGE_BUFFER)
except WantReadError:
return False
# I'm not sure this check is needed, but I'm not sure it's *not*
@@ -4484,3 +4496,39 @@
assert 0 < c.get_cleartext_mtu() < 500
except NotImplementedError: # OpenSSL 1.1.0 and earlier
pass
+
+ def test_timeout(self, monkeypatch):
+ c_ctx = Context(DTLS_METHOD)
+ c = Connection(c_ctx)
+
+ # No timeout before the handshake starts.
+ assert c.DTLSv1_get_timeout() is None
+ assert c.DTLSv1_handle_timeout() is False
+
+ # Start handshake and check there is data to send.
+ c.set_connect_state()
+ try:
+ c.do_handshake()
+ except SSL.WantReadError:
+ pass
+ assert c.bio_read(self.LARGE_BUFFER)
+
+ # There should now be an active timeout.
+ seconds = c.DTLSv1_get_timeout()
+ assert seconds is not None
+
+ # Handle the timeout and check there is data to send.
+ time.sleep(seconds)
+ assert c.DTLSv1_handle_timeout() is True
+ assert c.bio_read(self.LARGE_BUFFER)
+
+ # After the maximum number of allowed timeouts is reached,
+ # DTLSv1_handle_timeout will return -1.
+ #
+ # Testing this directly is prohibitively time consuming as the timeout
+ # duration is doubled on each retry, so the best we can do is to mock
+ # this condition.
+ monkeypatch.setattr(_lib, "DTLSv1_handle_timeout", lambda x: -1)
+
+ with pytest.raises(Error):
+ c.DTLSv1_handle_timeout()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-23.0.0/tox.ini new/pyOpenSSL-23.1.1/tox.ini
--- old/pyOpenSSL-23.0.0/tox.ini 2022-12-16 04:25:25.000000000 +0100
+++ new/pyOpenSSL-23.1.1/tox.ini 2023-03-28 05:07:36.000000000 +0200
@@ -12,6 +12,8 @@
PATH
LD_LIBRARY_PATH
TERM
+ RUSTUP_TOOLCHAIN
+ RUSTUP_HOME
extras =
test
deps =
