Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-pyOpenSSL for
openSUSE:Factory checked in at 2024-01-30 18:24:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-pyOpenSSL (Old)
and /work/SRC/openSUSE:Factory/.python-pyOpenSSL.new.1815 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-pyOpenSSL"
Tue Jan 30 18:24:28 2024 rev:53 rq:1142651 version:24.0.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-pyOpenSSL/python-pyOpenSSL.changes
2023-11-28 22:18:28.735743812 +0100
+++
/work/SRC/openSUSE:Factory/.python-pyOpenSSL.new.1815/python-pyOpenSSL.changes
2024-01-30 18:24:44.572487033 +0100
@@ -1,0 +2,7 @@
+Mon Jan 29 21:16:31 UTC 2024 - Dirk Müller <[email protected]>
+
+- update to 24.0.0:
+ * Added OpenSSL.SSL.Connection.get_selected_srtp_profile to
+ determine which SRTP profile was negotiated. #1279.
+
+-------------------------------------------------------------------
Old:
----
pyOpenSSL-23.3.0.tar.gz
New:
----
pyOpenSSL-24.0.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-pyOpenSSL.spec ++++++
--- /var/tmp/diff_new_pack.uPI4NT/_old 2024-01-30 18:24:45.312513730 +0100
+++ /var/tmp/diff_new_pack.uPI4NT/_new 2024-01-30 18:24:45.312513730 +0100
@@ -1,7 +1,7 @@
#
-# spec file
+# spec file for package python-pyOpenSSL
#
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -26,7 +26,7 @@
%endif
%{?sle15_python_module_pythons}
Name: python-pyOpenSSL%{psuffix}
-Version: 23.3.0
+Version: 24.0.0
Release: 0
Summary: Python wrapper module around the OpenSSL library
License: Apache-2.0
@@ -39,8 +39,12 @@
BuildRequires: %{python_module setuptools}
BuildRequires: fdupes
BuildRequires: python-rpm-macros
+Requires: python-cffi
+Requires: (python-cryptography >= 41.0.5 with python-cryptography < 43)
+Provides: pyOpenSSL = %{version}
+BuildArch: noarch
%if %{with test}
-BuildRequires: %{python_module cryptography >= 41.0.5 with
%python-cryptography < 42}
+BuildRequires: %{python_module cryptography >= 41.0.5 with
%python-cryptography < 43}
BuildRequires: %{python_module flaky}
BuildRequires: %{python_module pretend}
BuildRequires: %{python_module pyOpenSSL >= %version}
@@ -48,10 +52,6 @@
BuildRequires: ca-certificates-mozilla
BuildRequires: openssl
%endif
-Requires: python-cffi
-Requires: (python-cryptography >= 41.0.5 with python-cryptography < 42)
-Provides: pyOpenSSL = %{version}
-BuildArch: noarch
%python_subpackages
%description
++++++ pyOpenSSL-23.3.0.tar.gz -> pyOpenSSL-24.0.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-23.3.0/.coveragerc
new/pyOpenSSL-24.0.0/.coveragerc
--- old/pyOpenSSL-23.3.0/.coveragerc 2023-10-20 00:18:27.000000000 +0200
+++ new/pyOpenSSL-24.0.0/.coveragerc 1970-01-01 01:00:00.000000000 +0100
@@ -1,14 +0,0 @@
-[run]
-branch = True
-source =
- OpenSSL
- tests/
-
-[paths]
-source =
- src/OpenSSL
- .tox/*/lib/python*/site-packages/OpenSSL
- .tox/pypy/site-packages/OpenSSL
-
-[report]
-show_missing = True
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-23.3.0/CHANGELOG.rst
new/pyOpenSSL-24.0.0/CHANGELOG.rst
--- old/pyOpenSSL-23.3.0/CHANGELOG.rst 2023-10-26 05:04:18.000000000 +0200
+++ new/pyOpenSSL-24.0.0/CHANGELOG.rst 2024-01-23 02:41:32.000000000 +0100
@@ -4,6 +4,21 @@
Versions are year-based with a strict backward-compatibility policy.
The third digit is only for regressions.
+24.0.0 (2024-01-22)
+-------------------
+
+Backward-incompatible changes:
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Deprecations:
+^^^^^^^^^^^^^
+
+Changes:
+^^^^^^^^
+
+- Added ``OpenSSL.SSL.Connection.get_selected_srtp_profile`` to determine
which SRTP profile was negotiated.
+ `#1279 <https://github.com/pyca/pyopenssl/pull/1279>`_.
+
23.3.0 (2023-10-25)
-------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-23.3.0/INSTALL.rst
new/pyOpenSSL-24.0.0/INSTALL.rst
--- old/pyOpenSSL-23.3.0/INSTALL.rst 2023-10-20 00:18:27.000000000 +0200
+++ new/pyOpenSSL-24.0.0/INSTALL.rst 2023-11-30 19:20:30.000000000 +0100
@@ -7,7 +7,7 @@
If you are installing in order to *develop* on pyOpenSSL, move to the root
directory of a pyOpenSSL checkout, and run::
- $ pip install -e .
+ $ pip install -e .[test]
.. warning::
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-23.3.0/PKG-INFO
new/pyOpenSSL-24.0.0/PKG-INFO
--- old/pyOpenSSL-23.3.0/PKG-INFO 2023-10-26 05:05:07.202564500 +0200
+++ new/pyOpenSSL-24.0.0/PKG-INFO 2024-01-23 02:42:33.705136500 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: pyOpenSSL
-Version: 23.3.0
+Version: 24.0.0
Summary: Python wrapper module around the OpenSSL library
Home-page: https://pyopenssl.org/
Author: The pyOpenSSL developers
@@ -27,7 +27,7 @@
Classifier: Topic :: System :: Networking
Requires-Python: >=3.7
License-File: LICENSE
-Requires-Dist: cryptography<42,>=41.0.5
+Requires-Dist: cryptography<43,>=41.0.5
Provides-Extra: test
Requires-Dist: flaky; extra == "test"
Requires-Dist: pretend; extra == "test"
@@ -87,6 +87,21 @@
Release Information
===================
+24.0.0 (2024-01-22)
+-------------------
+
+Backward-incompatible changes:
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Deprecations:
+^^^^^^^^^^^^^
+
+Changes:
+^^^^^^^^
+
+- Added ``OpenSSL.SSL.Connection.get_selected_srtp_profile`` to determine
which SRTP profile was negotiated.
+ `#1279 <https://github.com/pyca/pyopenssl/pull/1279>`_.
+
23.3.0 (2023-10-25)
-------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-23.3.0/pyproject.toml
new/pyOpenSSL-24.0.0/pyproject.toml
--- old/pyOpenSSL-23.3.0/pyproject.toml 2023-10-20 00:18:27.000000000 +0200
+++ new/pyOpenSSL-24.0.0/pyproject.toml 2023-12-06 00:28:11.000000000 +0100
@@ -1,6 +1,47 @@
-[tool.black]
-line-length = 79
-target-version = ["py37"]
+[tool.coverage.run]
+branch = true
+source = ["OpenSSL", "tests/"]
+
+[tool.coverage.paths]
+source = [
+ "src/OpenSSL",
+ ".tox/*/lib/python*/site-packages/OpenSSL",
+ ".tox/pypy/site-packages/OpenSSL",
+]
+
+[tool.coverage.report]
+show_missing = true
+
+[tool.mypy]
+warn_unused_configs = true
+follow_imports = "skip"
+strict = true
+exclude = ['SSL\.py$']
+
+[[tool.mypy.overrides]]
+module = "OpenSSL.crypto"
+warn_return_any = false
+disallow_any_expr = false
+
+[[tool.mypy.overrides]]
+module = "OpenSSL.rand"
+warn_return_any = false
+
+[[tool.mypy.overrides]]
+module = "OpenSSL._util"
+warn_return_any = false
+
+[[tool.mypy.overrides]]
+module = "cryptography.*"
+ignore_missing_imports = true
+
+[[tool.mypy.overrides]]
+module = "cffi.*"
+ignore_missing_imports = true
+
+[tool.pytest.ini_options]
+addopts = "-r s --strict-markers"
+testpaths = ["tests"]
[tool.ruff]
select = ['E', 'F', 'I', 'W', 'UP', 'RUF']
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-23.3.0/setup.cfg
new/pyOpenSSL-24.0.0/setup.cfg
--- old/pyOpenSSL-23.3.0/setup.cfg 2023-10-26 05:05:07.202891800 +0200
+++ new/pyOpenSSL-24.0.0/setup.cfg 2024-01-23 02:42:33.705550200 +0100
@@ -1,7 +1,3 @@
-[tool:pytest]
-addopts = "-r s --strict-markers"
-testpaths = tests
-
[metadata]
license_file = LICENSE
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-23.3.0/setup.py
new/pyOpenSSL-24.0.0/setup.py
--- old/pyOpenSSL-23.3.0/setup.py 2023-10-25 14:03:05.000000000 +0200
+++ new/pyOpenSSL-24.0.0/setup.py 2024-01-23 02:41:32.000000000 +0100
@@ -93,7 +93,7 @@
packages=find_packages(where="src"),
package_dir={"": "src"},
install_requires=[
- "cryptography>=41.0.5,<42",
+ "cryptography>=41.0.5,<43",
],
extras_require={
"test": ["flaky", "pretend", "pytest>=3.0.1"],
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-23.3.0/src/OpenSSL/SSL.py
new/pyOpenSSL-24.0.0/src/OpenSSL/SSL.py
--- old/pyOpenSSL-23.3.0/src/OpenSSL/SSL.py 2023-10-20 00:18:27.000000000
+0200
+++ new/pyOpenSSL-24.0.0/src/OpenSSL/SSL.py 2024-01-12 14:40:26.000000000
+0100
@@ -2858,6 +2858,19 @@
return _ffi.buffer(data[0], data_len[0])[:]
+ def get_selected_srtp_profile(self):
+ """
+ Get the SRTP protocol which was negotiated.
+
+ :returns: A bytestring of the SRTP profile name. If no profile has been
+ negotiated yet, returns an empty bytestring.
+ """
+ profile = _lib.SSL_get_selected_srtp_profile(self._ssl)
+ if not profile:
+ return b""
+
+ return _ffi.string(profile.name)
+
def request_ocsp(self):
"""
Called to request that the server sends stapled OCSP data, if
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-23.3.0/src/OpenSSL/crypto.py
new/pyOpenSSL-24.0.0/src/OpenSSL/crypto.py
--- old/pyOpenSSL-23.3.0/src/OpenSSL/crypto.py 2023-10-25 14:03:05.000000000
+0200
+++ new/pyOpenSSL-24.0.0/src/OpenSSL/crypto.py 2024-01-12 14:40:26.000000000
+0100
@@ -1881,12 +1881,6 @@
of a certificate in a described context. For describing such a context, see
:class:`X509Store`.
- :ivar _store_ctx: The underlying X509_STORE_CTX structure used by this
- instance. It is dynamically allocated and automatically garbage
- collected.
- :ivar _store: See the ``store`` ``__init__`` parameter.
- :ivar _cert: See the ``certificate`` ``__init__`` parameter.
- :ivar _chain: See the ``chain`` ``__init__`` parameter.
:param X509Store store: The certificates which will be trusted for the
purposes of any verifications.
:param X509 certificate: The certificate to be verified.
@@ -1901,15 +1895,9 @@
certificate: X509,
chain: Optional[Sequence[X509]] = None,
) -> None:
- store_ctx = _lib.X509_STORE_CTX_new()
- self._store_ctx = _ffi.gc(store_ctx, _lib.X509_STORE_CTX_free)
self._store = store
self._cert = certificate
self._chain = self._build_certificate_stack(chain)
- # Make the store context available for use after instantiating this
- # class by initializing it now. Per testing, subsequent calls to
- # :meth:`_init` have no adverse affect.
- self._init()
@staticmethod
def _build_certificate_stack(
@@ -1941,28 +1929,8 @@
return stack
- def _init(self) -> None:
- """
- Set up the store context for a subsequent verification operation.
-
- Calling this method more than once without first calling
- :meth:`_cleanup` will leak memory.
- """
- ret = _lib.X509_STORE_CTX_init(
- self._store_ctx, self._store._store, self._cert._x509, self._chain
- )
- if ret <= 0:
- _raise_current_error()
-
- def _cleanup(self) -> None:
- """
- Internally cleans up the store context.
-
- The store context can then be reused with a new call to :meth:`_init`.
- """
- _lib.X509_STORE_CTX_cleanup(self._store_ctx)
-
- def _exception_from_context(self) -> X509StoreContextError:
+ @staticmethod
+ def _exception_from_context(store_ctx: Any) -> X509StoreContextError:
"""
Convert an OpenSSL native context error failure into a Python
exception.
@@ -1972,21 +1940,45 @@
"""
message = _ffi.string(
_lib.X509_verify_cert_error_string(
- _lib.X509_STORE_CTX_get_error(self._store_ctx)
+ _lib.X509_STORE_CTX_get_error(store_ctx)
)
).decode("utf-8")
errors = [
- _lib.X509_STORE_CTX_get_error(self._store_ctx),
- _lib.X509_STORE_CTX_get_error_depth(self._store_ctx),
+ _lib.X509_STORE_CTX_get_error(store_ctx),
+ _lib.X509_STORE_CTX_get_error_depth(store_ctx),
message,
]
# A context error should always be associated with a certificate, so we
# expect this call to never return :class:`None`.
- _x509 = _lib.X509_STORE_CTX_get_current_cert(self._store_ctx)
+ _x509 = _lib.X509_STORE_CTX_get_current_cert(store_ctx)
_cert = _lib.X509_dup(_x509)
pycert = X509._from_raw_x509_ptr(_cert)
return X509StoreContextError(message, errors, pycert)
+ def _verify_certificate(self) -> Any:
+ """
+ Verifies the certificate and runs an X509_STORE_CTX containing the
+ results.
+
+ :raises X509StoreContextError: If an error occurred when validating a
+ certificate in the context. Sets ``certificate`` attribute to
+ indicate which certificate caused the error.
+ """
+ store_ctx = _lib.X509_STORE_CTX_new()
+ _openssl_assert(store_ctx != _ffi.NULL)
+ store_ctx = _ffi.gc(store_ctx, _lib.X509_STORE_CTX_free)
+
+ ret = _lib.X509_STORE_CTX_init(
+ store_ctx, self._store._store, self._cert._x509, self._chain
+ )
+ _openssl_assert(ret == 1)
+
+ ret = _lib.X509_verify_cert(store_ctx)
+ if ret <= 0:
+ raise self._exception_from_context(store_ctx)
+
+ return store_ctx
+
def set_store(self, store: X509Store) -> None:
"""
Set the context's X.509 store.
@@ -2008,17 +2000,7 @@
certificate in the context. Sets ``certificate`` attribute to
indicate which certificate caused the error.
"""
- # Always re-initialize the store context in case
- # :meth:`verify_certificate` is called multiple times.
- #
- # :meth:`_init` is called in :meth:`__init__` so _cleanup is called
- # before _init to ensure memory is not leaked.
- self._cleanup()
- self._init()
- ret = _lib.X509_verify_cert(self._store_ctx)
- self._cleanup()
- if ret <= 0:
- raise self._exception_from_context()
+ self._verify_certificate()
def get_verified_chain(self) -> List[X509]:
"""
@@ -2031,20 +2013,10 @@
.. versionadded:: 20.0
"""
- # Always re-initialize the store context in case
- # :meth:`verify_certificate` is called multiple times.
- #
- # :meth:`_init` is called in :meth:`__init__` so _cleanup is called
- # before _init to ensure memory is not leaked.
- self._cleanup()
- self._init()
- ret = _lib.X509_verify_cert(self._store_ctx)
- if ret <= 0:
- self._cleanup()
- raise self._exception_from_context()
+ store_ctx = self._verify_certificate()
# Note: X509_STORE_CTX_get1_chain returns a deep copy of the chain.
- cert_stack = _lib.X509_STORE_CTX_get1_chain(self._store_ctx)
+ cert_stack = _lib.X509_STORE_CTX_get1_chain(store_ctx)
_openssl_assert(cert_stack != _ffi.NULL)
result = []
@@ -2056,7 +2028,6 @@
# Free the stack but not the members which are freed by the X509 class.
_lib.sk_X509_free(cert_stack)
- self._cleanup()
return result
@@ -3191,7 +3162,7 @@
utils.deprecated(
sign,
__name__,
- "sign() is deprecated. Use the equivilant APIs in cryptography.",
+ "sign() is deprecated. Use the equivalent APIs in cryptography.",
DeprecationWarning,
name="sign",
)
@@ -3238,7 +3209,7 @@
utils.deprecated(
verify,
__name__,
- "verify() is deprecated. Use the equivilant APIs in cryptography.",
+ "verify() is deprecated. Use the equivalent APIs in cryptography.",
DeprecationWarning,
name="verify",
)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-23.3.0/src/OpenSSL/version.py
new/pyOpenSSL-24.0.0/src/OpenSSL/version.py
--- old/pyOpenSSL-23.3.0/src/OpenSSL/version.py 2023-10-26 05:04:18.000000000
+0200
+++ new/pyOpenSSL-24.0.0/src/OpenSSL/version.py 2024-01-23 02:41:32.000000000
+0100
@@ -17,7 +17,7 @@
"__version__",
]
-__version__ = "23.3.0"
+__version__ = "24.0.0"
__title__ = "pyOpenSSL"
__uri__ = "https://pyopenssl.org/";
@@ -25,4 +25,4 @@
__author__ = "The pyOpenSSL developers"
__email__ = "[email protected]"
__license__ = "Apache License, Version 2.0"
-__copyright__ = f"Copyright 2001-2023 {__author__}"
+__copyright__ = f"Copyright 2001-2024 {__author__}"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-23.3.0/src/pyOpenSSL.egg-info/PKG-INFO
new/pyOpenSSL-24.0.0/src/pyOpenSSL.egg-info/PKG-INFO
--- old/pyOpenSSL-23.3.0/src/pyOpenSSL.egg-info/PKG-INFO 2023-10-26
05:05:07.000000000 +0200
+++ new/pyOpenSSL-24.0.0/src/pyOpenSSL.egg-info/PKG-INFO 2024-01-23
02:42:33.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: pyOpenSSL
-Version: 23.3.0
+Version: 24.0.0
Summary: Python wrapper module around the OpenSSL library
Home-page: https://pyopenssl.org/
Author: The pyOpenSSL developers
@@ -27,7 +27,7 @@
Classifier: Topic :: System :: Networking
Requires-Python: >=3.7
License-File: LICENSE
-Requires-Dist: cryptography<42,>=41.0.5
+Requires-Dist: cryptography<43,>=41.0.5
Provides-Extra: test
Requires-Dist: flaky; extra == "test"
Requires-Dist: pretend; extra == "test"
@@ -87,6 +87,21 @@
Release Information
===================
+24.0.0 (2024-01-22)
+-------------------
+
+Backward-incompatible changes:
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Deprecations:
+^^^^^^^^^^^^^
+
+Changes:
+^^^^^^^^
+
+- Added ``OpenSSL.SSL.Connection.get_selected_srtp_profile`` to determine
which SRTP profile was negotiated.
+ `#1279 <https://github.com/pyca/pyopenssl/pull/1279>`_.
+
23.3.0 (2023-10-25)
-------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-23.3.0/src/pyOpenSSL.egg-info/SOURCES.txt
new/pyOpenSSL-24.0.0/src/pyOpenSSL.egg-info/SOURCES.txt
--- old/pyOpenSSL-23.3.0/src/pyOpenSSL.egg-info/SOURCES.txt 2023-10-26
05:05:07.000000000 +0200
+++ new/pyOpenSSL-24.0.0/src/pyOpenSSL.egg-info/SOURCES.txt 2024-01-23
02:42:33.000000000 +0100
@@ -1,4 +1,3 @@
-.coveragerc
CHANGELOG.rst
CODE_OF_CONDUCT.rst
CONTRIBUTING.rst
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-23.3.0/src/pyOpenSSL.egg-info/requires.txt
new/pyOpenSSL-24.0.0/src/pyOpenSSL.egg-info/requires.txt
--- old/pyOpenSSL-23.3.0/src/pyOpenSSL.egg-info/requires.txt 2023-10-26
05:05:07.000000000 +0200
+++ new/pyOpenSSL-24.0.0/src/pyOpenSSL.egg-info/requires.txt 2024-01-23
02:42:33.000000000 +0100
@@ -1,4 +1,4 @@
-cryptography<42,>=41.0.5
+cryptography<43,>=41.0.5
[docs]
sphinx!=5.2.0,!=5.2.0.post0,!=7.2.5
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-23.3.0/tests/test_crypto.py
new/pyOpenSSL-24.0.0/tests/test_crypto.py
--- old/pyOpenSSL-23.3.0/tests/test_crypto.py 2023-10-25 14:03:05.000000000
+0200
+++ new/pyOpenSSL-24.0.0/tests/test_crypto.py 2024-01-12 14:40:26.000000000
+0100
@@ -770,7 +770,7 @@
"""
# Basic setup stuff to generate a certificate
pkey = PKey()
- pkey.generate_key(TYPE_RSA, 512)
+ pkey.generate_key(TYPE_RSA, 2048)
req = X509Req()
req.set_pubkey(pkey)
# Authority good you have.
@@ -1123,7 +1123,7 @@
`PKey.generate_key` generates an RSA key when passed `TYPE_RSA` as a
type and a reasonable number of bits.
"""
- bits = 512
+ bits = 2048
key = PKey()
key.generate_key(TYPE_RSA, bits)
assert key.type() == TYPE_RSA
@@ -1152,7 +1152,7 @@
generate new keys.
"""
key = PKey()
- for type, bits in [(TYPE_RSA, 512), (TYPE_DSA, 576)]:
+ for type, bits in [(TYPE_RSA, 2048), (TYPE_DSA, 576)]:
key.generate_key(type, bits)
assert key.type() == type
assert key.bits() == bits
@@ -1173,7 +1173,7 @@
"""
# A trick to get a public-only key
key = PKey()
- key.generate_key(TYPE_RSA, 512)
+ key.generate_key(TYPE_RSA, 2048)
cert = X509()
cert.set_pubkey(key)
pub = cert.get_pubkey()
@@ -1487,7 +1487,7 @@
"""
request = self.signable()
key = PKey()
- key.generate_key(TYPE_RSA, 512)
+ key.generate_key(TYPE_RSA, 2048)
request.set_pubkey(key)
pub = request.get_pubkey()
with pytest.raises(ValueError):
@@ -1500,7 +1500,7 @@
"""
request = self.signable()
key = PKey()
- key.generate_key(TYPE_RSA, 512)
+ key.generate_key(TYPE_RSA, 2048)
with pytest.raises(ValueError):
request.sign(key, BAD_DIGEST)
@@ -1512,7 +1512,7 @@
"""
request = self.signable()
key = PKey()
- key.generate_key(TYPE_RSA, 512)
+ key.generate_key(TYPE_RSA, 2048)
request.set_pubkey(key)
request.sign(key, GOOD_DIGEST)
# If the type has a verify method, cover that too.
@@ -1521,7 +1521,7 @@
assert request.verify(pub)
# Make another key that won't verify.
key = PKey()
- key.generate_key(TYPE_RSA, 512)
+ key.generate_key(TYPE_RSA, 2048)
with pytest.raises(Error):
request.verify(key)
@@ -2773,7 +2773,7 @@
argument but no `passphrase` argument.
"""
key = PKey()
- key.generate_key(TYPE_RSA, 512)
+ key.generate_key(TYPE_RSA, 2048)
with pytest.raises(TypeError):
dump_privatekey(FILETYPE_PEM, key, cipher=GOOD_CIPHER)
@@ -2797,7 +2797,7 @@
cipher name.
"""
key = PKey()
- key.generate_key(TYPE_RSA, 512)
+ key.generate_key(TYPE_RSA, 2048)
with pytest.raises(ValueError):
dump_privatekey(FILETYPE_PEM, key, BAD_CIPHER, "passphrase")
@@ -2807,7 +2807,7 @@
is neither a `str` nor a callable.
"""
key = PKey()
- key.generate_key(TYPE_RSA, 512)
+ key.generate_key(TYPE_RSA, 2048)
with pytest.raises(TypeError):
dump_privatekey(FILETYPE_PEM, key, GOOD_CIPHER, object())
@@ -2817,7 +2817,7 @@
filetype.
"""
key = PKey()
- key.generate_key(TYPE_RSA, 512)
+ key.generate_key(TYPE_RSA, 2048)
with pytest.raises(ValueError):
dump_privatekey(100, key)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-23.3.0/tests/test_ssl.py
new/pyOpenSSL-24.0.0/tests/test_ssl.py
--- old/pyOpenSSL-23.3.0/tests/test_ssl.py 2023-10-25 14:03:05.000000000
+0200
+++ new/pyOpenSSL-24.0.0/tests/test_ssl.py 2024-01-12 14:40:26.000000000
+0100
@@ -4380,7 +4380,7 @@
# Arbitrary number larger than any conceivable handshake volley.
LARGE_BUFFER = 65536
- def test_it_works_at_all(self):
+ def _test_handshake_and_data(self, srtp_profile):
s_ctx = Context(DTLS_METHOD)
def generate_cookie(ssl):
@@ -4394,11 +4394,15 @@
s_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))
s_ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))
s_ctx.set_options(OP_NO_QUERY_MTU)
+ if srtp_profile is not None:
+ s_ctx.set_tlsext_use_srtp(srtp_profile)
s = Connection(s_ctx)
s.set_accept_state()
c_ctx = Context(DTLS_METHOD)
c_ctx.set_options(OP_NO_QUERY_MTU)
+ if srtp_profile is not None:
+ c_ctx.set_tlsext_use_srtp(srtp_profile)
c = Connection(c_ctx)
c.set_connect_state()
@@ -4480,6 +4484,14 @@
pump()
assert s.read(100) == b"goodbye"
+ # Check whether SRTP was negotiated
+ if srtp_profile is not None:
+ assert s.get_selected_srtp_profile() == srtp_profile
+ assert c.get_selected_srtp_profile() == srtp_profile
+ else:
+ assert s.get_selected_srtp_profile() == b""
+ assert c.get_selected_srtp_profile() == b""
+
# Check that the MTU set/query functions are doing *something*
c.set_ciphertext_mtu(1000)
try:
@@ -4492,6 +4504,12 @@
except NotImplementedError: # OpenSSL 1.1.0 and earlier
pass
+ def test_it_works_at_all(self):
+ self._test_handshake_and_data(srtp_profile=None)
+
+ def test_it_works_with_srtp(self):
+ self._test_handshake_and_data(srtp_profile=b"SRTP_AES128_CM_SHA1_80")
+
def test_timeout(self, monkeypatch):
c_ctx = Context(DTLS_METHOD)
c = Connection(c_ctx)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-23.3.0/tox.ini new/pyOpenSSL-24.0.0/tox.ini
--- old/pyOpenSSL-23.3.0/tox.ini 2023-10-25 14:03:05.000000000 +0200
+++ new/pyOpenSSL-24.0.0/tox.ini 2023-12-06 00:28:11.000000000 +0100
@@ -44,12 +44,11 @@
[testenv:lint]
basepython = python3
deps =
- black
- ruff==0.0.284
+ ruff
skip_install = true
commands =
- black --check .
ruff .
+ ruff format --check .
[testenv:py311-mypy]
deps =
@@ -72,7 +71,7 @@
sphinx-build -W -b html doc doc/_build/html {posargs}
[testenv:coverage-report]
-deps = coverage>=4.2
+deps = coverage[toml]>=4.2
skip_install = true
commands =
coverage combine
++++++ skip-networked-test.patch ++++++
--- /var/tmp/diff_new_pack.uPI4NT/_old 2024-01-30 18:24:45.424517770 +0100
+++ /var/tmp/diff_new_pack.uPI4NT/_new 2024-01-30 18:24:45.424517770 +0100
@@ -1,8 +1,8 @@
-Index: pyOpenSSL-23.2.0/tests/test_ssl.py
+Index: pyOpenSSL-24.0.0/tests/test_ssl.py
===================================================================
---- pyOpenSSL-23.2.0.orig/tests/test_ssl.py
-+++ pyOpenSSL-23.2.0/tests/test_ssl.py
-@@ -1252,6 +1252,7 @@ class TestContext:
+--- pyOpenSSL-24.0.0.orig/tests/test_ssl.py
++++ pyOpenSSL-24.0.0/tests/test_ssl.py
+@@ -1250,6 +1250,7 @@ class TestContext:
reason="set_default_verify_paths appears not to work on Windows. "
"See LP#404343 and LP#404344.",
)
@@ -10,22 +10,27 @@
def test_set_default_verify_paths(self):
"""
`Context.set_default_verify_paths` causes the platform-specific CA
-Index: pyOpenSSL-23.2.0/setup.cfg
+Index: pyOpenSSL-24.0.0/setup.cfg
===================================================================
---- pyOpenSSL-23.2.0.orig/setup.cfg
-+++ pyOpenSSL-23.2.0/setup.cfg
-@@ -1,6 +1,8 @@
- [tool:pytest]
- addopts = "-r s --strict-markers"
- testpaths = tests
-+markers =
-+ network: test case requires network connection
-
- [metadata]
- license_file = LICENSE
-@@ -15,4 +17,3 @@ doc_files = doc/_build/html
+--- pyOpenSSL-24.0.0.orig/setup.cfg
++++ pyOpenSSL-24.0.0/setup.cfg
+@@ -11,4 +11,3 @@ doc_files = doc/_build/html
[egg_info]
tag_build =
tag_date = 0
-
+Index: pyOpenSSL-24.0.0/pyproject.toml
+===================================================================
+--- pyOpenSSL-24.0.0.orig/pyproject.toml
++++ pyOpenSSL-24.0.0/pyproject.toml
+@@ -42,6 +42,9 @@ ignore_missing_imports = true
+ [tool.pytest.ini_options]
+ addopts = "-r s --strict-markers"
+ testpaths = ["tests"]
++markers = [
++ "network: test case requires network connection",
++]
+
+ [tool.ruff]
+ select = ['E', 'F', 'I', 'W', 'UP', 'RUF']
