Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-pyhanko-certvalidator for
openSUSE:Factory checked in at 2026-05-12 19:26:32
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-pyhanko-certvalidator (Old)
and /work/SRC/openSUSE:Factory/.python-pyhanko-certvalidator.new.1966
(New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-pyhanko-certvalidator"
Tue May 12 19:26:32 2026 rev:6 rq:1352322 version:0.31.1
Changes:
--------
---
/work/SRC/openSUSE:Factory/python-pyhanko-certvalidator/python-pyhanko-certvalidator.changes
2026-04-25 23:28:13.045576957 +0200
+++
/work/SRC/openSUSE:Factory/.python-pyhanko-certvalidator.new.1966/python-pyhanko-certvalidator.changes
2026-05-12 19:26:58.395845518 +0200
@@ -1,0 +2,12 @@
+Sun May 10 19:59:54 UTC 2026 - Dirk Müller <[email protected]>
+
+- update to 0.31.1:
+ * ML-DSA support.
+ * Always short-circuit OCSP fetching if no URLs.
+ * Tests and testability fixes for AdES TS handling.
+ * Get rid of unnecessary async marker on get_session() in the
+ aiohttp fetcher.
+ * Align default certs with certifi for aiohttp usage.
+- add certifi as test and suggested dependency
+
+-------------------------------------------------------------------
Old:
----
pyhanko_certvalidator-0.30.2.tar.gz
New:
----
pyhanko_certvalidator-0.31.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-pyhanko-certvalidator.spec ++++++
--- /var/tmp/diff_new_pack.SwsRsF/_old 2026-05-12 19:26:58.863864914 +0200
+++ /var/tmp/diff_new_pack.SwsRsF/_new 2026-05-12 19:26:58.863864914 +0200
@@ -18,7 +18,7 @@
%{?sle15_python_module_pythons}
Name: python-pyhanko-certvalidator
-Version: 0.30.2
+Version: 0.31.1
Release: 0
Summary: Validates X509 certificates and paths
License: MIT
@@ -31,7 +31,8 @@
# SECTION test requirements
BuildRequires: %{python_module asn1crypto >= 1.5.1}
BuildRequires: %{python_module aiohttp >= 3.9}
-BuildRequires: %{python_module cryptography >= 41.0.5}
+BuildRequires: %{python_module certifi >= 2023.5.7}
+BuildRequires: %{python_module cryptography >= 48.0.0}
BuildRequires: %{python_module freezegun >= 1.1.0}
BuildRequires: %{python_module oscrypto >= 1.1.0}
BuildRequires: %{python_module pytest-aiohttp >= 1.0.4}
@@ -42,11 +43,12 @@
# /SECTION
BuildRequires: fdupes
Requires: python-asn1crypto >= 1.5.1
-Requires: python-cryptography >= 41.0.5
+Requires: python-cryptography >= 48.0.0
Requires: python-oscrypto >= 1.1.0
Requires: python-requests >= 2.31.0
Requires: python-uritools >= 3.0.1
Suggests: python-aiohttp >= 3.9
+Suggests: python-certifi >= 2023.5.7
Suggests: python-freezegun >= 1.1.0
BuildArch: noarch
%python_subpackages
++++++ pyhanko_certvalidator-0.30.2.tar.gz ->
pyhanko_certvalidator-0.31.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyhanko_certvalidator-0.30.2/PKG-INFO
new/pyhanko_certvalidator-0.31.1/PKG-INFO
--- old/pyhanko_certvalidator-0.30.2/PKG-INFO 2026-03-27 23:04:42.304559000
+0100
+++ new/pyhanko_certvalidator-0.31.1/PKG-INFO 2026-05-06 01:58:40.581700000
+0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.4
Name: pyhanko-certvalidator
-Version: 0.30.2
+Version: 0.31.1
Summary: Validates X.509 certificates and paths; forked from
wbond/certvalidator
Author-email: Matthias Valvekens <[email protected]>
License-Expression: MIT
@@ -20,7 +20,7 @@
License-File: LICENSE
Requires-Dist: asn1crypto>=1.5.1
Requires-Dist: oscrypto>=1.1.0
-Requires-Dist: cryptography>=41.0.5
+Requires-Dist: cryptography>=48.0.0
Requires-Dist: uritools>=3.0.1
Requires-Dist: requests>=2.31.0
Provides-Extra: async-http
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyhanko_certvalidator-0.30.2/pyproject.toml
new/pyhanko_certvalidator-0.31.1/pyproject.toml
--- old/pyhanko_certvalidator-0.30.2/pyproject.toml 2026-03-27
23:04:38.000000000 +0100
+++ new/pyhanko_certvalidator-0.31.1/pyproject.toml 2026-05-06
01:58:36.000000000 +0200
@@ -31,11 +31,11 @@
dependencies = [
"asn1crypto>=1.5.1",
"oscrypto>=1.1.0",
- "cryptography>=41.0.5",
+ "cryptography>=48.0.0",
"uritools>=3.0.1",
"requests>=2.31.0",
]
-version = "0.30.2"
+version = "0.31.1"
[project.readme]
@@ -51,10 +51,11 @@
[dependency-groups]
testing-base = [
"pytest>=6.1.1",
- "pytest-cov>=4.0,<7.1",
+ "pytest-cov>=4.0,<7.2",
"freezegun>=1.1.0",
"aiohttp>=3.9,<3.14",
"pytest-aiohttp>=1.0.4,<1.2.0",
+ "certifi>=2023.5.7",
"aiohttp>=3.9,<3.14",
]
@@ -85,6 +86,7 @@
asyncio_mode = "strict"
norecursedirs = "tests/legacy_live_tests"
asyncio_default_fixture_loop_scope="function"
+strict = true
[tool.coverage.report]
exclude_lines = ["pragma: no cover", "pragma: nocover", "raise
AssertionError", "raise NotImplementedError", "TYPE_CHECKING", "^\\s*\\.\\.\\."]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/pyhanko_certvalidator-0.30.2/src/pyhanko_certvalidator/asn1_types.py
new/pyhanko_certvalidator-0.31.1/src/pyhanko_certvalidator/asn1_types.py
--- old/pyhanko_certvalidator-0.30.2/src/pyhanko_certvalidator/asn1_types.py
2026-03-27 23:04:35.000000000 +0100
+++ new/pyhanko_certvalidator-0.31.1/src/pyhanko_certvalidator/asn1_types.py
2026-05-06 01:58:32.000000000 +0200
@@ -1,6 +1,6 @@
from typing import Optional
-from asn1crypto import cms, core, x509
+from asn1crypto import algos, cms, core, keys, x509
__all__ = [
'AAControls',
@@ -97,3 +97,39 @@
ext_map['1.3.6.1.5.5.7.1.4'] = 'audit_identity'
ext_specs['audit_identity'] = core.OctetString
+
+
+def _pqc_setup():
+ sd_algo_map = algos.SignedDigestAlgorithmId._map
+ sd_algo_map['2.16.840.1.101.3.4.3.17'] = 'mldsa44'
+ sd_algo_map['2.16.840.1.101.3.4.3.18'] = 'mldsa65'
+ sd_algo_map['2.16.840.1.101.3.4.3.19'] = 'mldsa87'
+
+ sd_algo_reverse_map = algos.SignedDigestAlgorithmId._reverse_map
+ if sd_algo_reverse_map is not None:
+ sd_algo_reverse_map['mldsa44'] = '2.16.840.1.101.3.4.3.17'
+ sd_algo_reverse_map['mldsa65'] = '2.16.840.1.101.3.4.3.18'
+ sd_algo_reverse_map['mldsa87'] = '2.16.840.1.101.3.4.3.19'
+
+ key_algo_map = keys.PublicKeyAlgorithmId._map
+ key_algo_map['2.16.840.1.101.3.4.3.17'] = 'mldsa44'
+ key_algo_map['2.16.840.1.101.3.4.3.18'] = 'mldsa65'
+ key_algo_map['2.16.840.1.101.3.4.3.19'] = 'mldsa87'
+
+ key_algo_reverse_map = keys.PublicKeyAlgorithmId._reverse_map
+
+ if key_algo_reverse_map is not None: # pragma: nocover
+ key_algo_reverse_map['mldsa44'] = '2.16.840.1.101.3.4.3.17'
+ key_algo_reverse_map['mldsa65'] = '2.16.840.1.101.3.4.3.18'
+ key_algo_reverse_map['mldsa87'] = '2.16.840.1.101.3.4.3.19'
+
+ def _public_key_spec_wrapped(public_key_info: keys.PublicKeyInfo):
+ try:
+ return public_key_info._public_key_spec()
+ except KeyError:
+ return core.OctetBitString, None
+
+ keys.PublicKeyInfo._spec_callbacks['public_key'] = _public_key_spec_wrapped
+
+
+_pqc_setup()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/pyhanko_certvalidator-0.30.2/src/pyhanko_certvalidator/fetchers/aiohttp_fetchers/cert_fetch_client.py
new/pyhanko_certvalidator-0.31.1/src/pyhanko_certvalidator/fetchers/aiohttp_fetchers/cert_fetch_client.py
---
old/pyhanko_certvalidator-0.30.2/src/pyhanko_certvalidator/fetchers/aiohttp_fetchers/cert_fetch_client.py
2026-03-27 23:04:35.000000000 +0100
+++
new/pyhanko_certvalidator-0.31.1/src/pyhanko_certvalidator/fetchers/aiohttp_fetchers/cert_fetch_client.py
2026-05-06 01:58:32.000000000 +0200
@@ -54,7 +54,7 @@
permit_pem=self.permit_pem,
timeout=self.per_request_timeout,
user_agent=self.user_agent,
- session=await self.get_session(),
+ session=self.get_session(),
url_origin_type=url_origin_type,
)
except (ValueError, aiohttp.ClientError) as e:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/pyhanko_certvalidator-0.30.2/src/pyhanko_certvalidator/fetchers/aiohttp_fetchers/crl_client.py
new/pyhanko_certvalidator-0.31.1/src/pyhanko_certvalidator/fetchers/aiohttp_fetchers/crl_client.py
---
old/pyhanko_certvalidator-0.30.2/src/pyhanko_certvalidator/fetchers/aiohttp_fetchers/crl_client.py
2026-03-27 23:04:35.000000000 +0100
+++
new/pyhanko_certvalidator-0.31.1/src/pyhanko_certvalidator/fetchers/aiohttp_fetchers/crl_client.py
2026-05-06 01:58:32.000000000 +0200
@@ -72,7 +72,7 @@
return await _grab_crl(
url,
user_agent=self.user_agent,
- session=await self.get_session(),
+ session=self.get_session(),
timeout=self.per_request_timeout,
)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/pyhanko_certvalidator-0.30.2/src/pyhanko_certvalidator/fetchers/aiohttp_fetchers/ocsp_client.py
new/pyhanko_certvalidator-0.31.1/src/pyhanko_certvalidator/fetchers/aiohttp_fetchers/ocsp_client.py
---
old/pyhanko_certvalidator-0.30.2/src/pyhanko_certvalidator/fetchers/aiohttp_fetchers/ocsp_client.py
2026-03-27 23:04:35.000000000 +0100
+++
new/pyhanko_certvalidator-0.31.1/src/pyhanko_certvalidator/fetchers/aiohttp_fetchers/ocsp_client.py
2026-05-06 01:58:32.000000000 +0200
@@ -80,7 +80,7 @@
f"Fetching OCSP status for {target} from url(s) "
f"{';'.join(ocsp_urls)}..."
)
- session = await self.get_session()
+ session = self.get_session()
fetch_jobs = (
_grab_ocsp(
ocsp_request,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/pyhanko_certvalidator-0.30.2/src/pyhanko_certvalidator/fetchers/aiohttp_fetchers/util.py
new/pyhanko_certvalidator-0.31.1/src/pyhanko_certvalidator/fetchers/aiohttp_fetchers/util.py
---
old/pyhanko_certvalidator-0.30.2/src/pyhanko_certvalidator/fetchers/aiohttp_fetchers/util.py
2026-03-27 23:04:35.000000000 +0100
+++
new/pyhanko_certvalidator-0.31.1/src/pyhanko_certvalidator/fetchers/aiohttp_fetchers/util.py
2026-05-06 01:58:32.000000000 +0200
@@ -1,7 +1,9 @@
import asyncio
+import ssl
from typing import Any, Dict, Union
import aiohttp
+import certifi
from ..api import DEFAULT_USER_AGENT
from ..common_utils import queue_fetch_task
@@ -9,14 +11,21 @@
__all__ = ['AIOHttpMixin', 'LazySession']
+def _default_session():
+ ssl_context = ssl.create_default_context(cafile=certifi.where())
+ return aiohttp.ClientSession(
+ connector=aiohttp.TCPConnector(ssl=ssl_context)
+ )
+
+
class LazySession:
def __init__(self):
self._session = None
- async def get_session(self):
+ def get_session(self):
session = self._session
if session is None:
- self._session = session = aiohttp.ClientSession()
+ self._session = session = _default_session()
return session
async def close(self):
@@ -39,10 +48,10 @@
self.__result_events: Dict[Any, asyncio.Event] = {}
super().__init__()
- async def get_session(self) -> aiohttp.ClientSession:
+ def get_session(self) -> aiohttp.ClientSession:
session = self._session
if isinstance(session, LazySession):
- return await session.get_session()
+ return session.get_session()
else:
return session
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/pyhanko_certvalidator-0.30.2/src/pyhanko_certvalidator/policy_decl.py
new/pyhanko_certvalidator-0.31.1/src/pyhanko_certvalidator/policy_decl.py
--- old/pyhanko_certvalidator-0.30.2/src/pyhanko_certvalidator/policy_decl.py
2026-03-27 23:04:35.000000000 +0100
+++ new/pyhanko_certvalidator-0.31.1/src/pyhanko_certvalidator/policy_decl.py
2026-05-06 01:58:32.000000000 +0200
@@ -576,7 +576,10 @@
moment: Optional[datetime],
public_key: Optional[keys.PublicKeyInfo],
) -> AlgorithmUsageConstraint:
- algo_name = algo.signature_algo
+ try:
+ algo_name = algo.signature_algo
+ except ValueError:
+ algo_name = algo['algorithm'].native
algo_allowed = algo_name not in self.weak_signature_algos
is_rsa = algo_name.startswith('rsa')
is_dsa = algo_name == 'dsa'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/pyhanko_certvalidator-0.30.2/src/pyhanko_certvalidator/revinfo/manager.py
new/pyhanko_certvalidator-0.31.1/src/pyhanko_certvalidator/revinfo/manager.py
---
old/pyhanko_certvalidator-0.30.2/src/pyhanko_certvalidator/revinfo/manager.py
2026-03-27 23:04:35.000000000 +0100
+++
new/pyhanko_certvalidator-0.31.1/src/pyhanko_certvalidator/revinfo/manager.py
2026-05-06 01:58:32.000000000 +0200
@@ -27,6 +27,7 @@
OCSPContainer,
sort_freshest_first,
)
+from pyhanko_certvalidator.util import get_ocsp_urls
class RevinfoManager:
@@ -264,7 +265,7 @@
A list of :class:`OCSPContainer` objects
"""
- if not self._fetchers:
+ if not self._fetchers or not get_ocsp_urls(cert):
return self._ocsps
fetchers = self._fetchers
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/pyhanko_certvalidator-0.30.2/src/pyhanko_certvalidator/revinfo/validate_crl.py
new/pyhanko_certvalidator-0.31.1/src/pyhanko_certvalidator/revinfo/validate_crl.py
---
old/pyhanko_certvalidator-0.30.2/src/pyhanko_certvalidator/revinfo/validate_crl.py
2026-03-27 23:04:35.000000000 +0100
+++
new/pyhanko_certvalidator-0.31.1/src/pyhanko_certvalidator/revinfo/validate_crl.py
2026-05-06 01:58:32.000000000 +0200
@@ -887,7 +887,7 @@
return revoked_date, revoked_reason
-async def _classify_relevant_crls(
+def _classify_relevant_crls(
certificate_lists: List[CRLContainer],
poe_manager: POEManager,
errs: _CRLErrs,
@@ -1022,7 +1022,7 @@
(
complete_lists_by_issuer,
delta_lists_by_issuer,
- ) = await _classify_relevant_crls(certificate_lists, poe_manager, errs)
+ ) = _classify_relevant_crls(certificate_lists, poe_manager, errs)
# In the main loop, only complete CRLs are processed, so delta CRLs are
# weeded out of the to-do list
@@ -1078,9 +1078,7 @@
(
extra_complete_lists_by_issuer,
extra_delta_lists_by_issuer,
- ) = await _classify_relevant_crls(
- extra_certificate_lists, poe_manager, errs
- )
+ ) = _classify_relevant_crls(extra_certificate_lists, poe_manager, errs)
combined_deltas = {
k: delta_lists_by_issuer.get(k, [])
@@ -1273,13 +1271,12 @@
proc_state = proc_state or
ValProcState(cert_path_stack=ConsList.sing(path))
errs = _CRLErrs()
candidate_crls = revinfo_manager.currently_available_crls()
- classify_job = _classify_relevant_crls(
+ complete_lists_by_issuer, delta_lists_by_issuer = _classify_relevant_crls(
candidate_crls,
revinfo_manager.poe_manager,
errs,
control_time=control_time,
)
- complete_lists_by_issuer, delta_lists_by_issuer = await classify_job
# In the main loop, only complete CRLs are processed, so delta CRLs are
# weeded out of the to-do list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/pyhanko_certvalidator-0.30.2/src/pyhanko_certvalidator/sig_validate.py
new/pyhanko_certvalidator-0.31.1/src/pyhanko_certvalidator/sig_validate.py
--- old/pyhanko_certvalidator-0.30.2/src/pyhanko_certvalidator/sig_validate.py
2026-03-27 23:04:35.000000000 +0100
+++ new/pyhanko_certvalidator-0.31.1/src/pyhanko_certvalidator/sig_validate.py
2026-05-06 01:58:32.000000000 +0200
@@ -12,6 +12,7 @@
ec,
ed448,
ed25519,
+ mldsa,
padding,
rsa,
)
@@ -96,7 +97,7 @@
signature_algorithm: algos.SignedDigestAlgorithm,
context: SignatureValidationContext = SignatureValidationContext(),
):
- return _validate_raw(
+ _validate_raw(
signature,
signed_data,
public_key_info,
@@ -178,6 +179,15 @@
elif sig_algo == 'ed448':
assert isinstance(pub_key, ed448.Ed448PublicKey)
pub_key.verify(signature, signed_data)
+ elif sig_algo == 'mldsa44':
+ assert isinstance(pub_key, mldsa.MLDSA44PublicKey)
+ pub_key.verify(signature, signed_data)
+ elif sig_algo == 'mldsa65':
+ assert isinstance(pub_key, mldsa.MLDSA65PublicKey)
+ pub_key.verify(signature, signed_data)
+ elif sig_algo == 'mldsa87':
+ assert isinstance(pub_key, mldsa.MLDSA87PublicKey)
+ pub_key.verify(signature, signed_data)
else:
raise AlgorithmNotSupported(
f"Signature mechanism {sig_algo} is not supported."
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/pyhanko_certvalidator-0.30.2/src/pyhanko_certvalidator/util.py
new/pyhanko_certvalidator-0.31.1/src/pyhanko_certvalidator/util.py
--- old/pyhanko_certvalidator-0.30.2/src/pyhanko_certvalidator/util.py
2026-03-27 23:04:35.000000000 +0100
+++ new/pyhanko_certvalidator-0.31.1/src/pyhanko_certvalidator/util.py
2026-05-06 01:58:32.000000000 +0200
@@ -191,7 +191,7 @@
return has_crl, has_ocsp
-def get_pyca_cryptography_hash(algorithm) -> Union[hashes.HashAlgorithm]:
+def get_pyca_cryptography_hash(algorithm) -> hashes.HashAlgorithm:
if algorithm.lower() in ('shake256', 'shake256_len'):
# force the output length to 64 bytes = 512 bits. We don't
# support any other lengths because those can't be valid in CMS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/pyhanko_certvalidator-0.30.2/src/pyhanko_certvalidator/version.py
new/pyhanko_certvalidator-0.31.1/src/pyhanko_certvalidator/version.py
--- old/pyhanko_certvalidator-0.30.2/src/pyhanko_certvalidator/version.py
2026-03-27 23:04:38.000000000 +0100
+++ new/pyhanko_certvalidator-0.31.1/src/pyhanko_certvalidator/version.py
2026-05-06 01:58:36.000000000 +0200
@@ -1,2 +1,2 @@
-__version__ = '0.30.2'
-__version_info__ = (0, 30, 2)
+__version__ = '0.31.1'
+__version_info__ = (0, 31, 1)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/pyhanko_certvalidator-0.30.2/src/pyhanko_certvalidator.egg-info/PKG-INFO
new/pyhanko_certvalidator-0.31.1/src/pyhanko_certvalidator.egg-info/PKG-INFO
---
old/pyhanko_certvalidator-0.30.2/src/pyhanko_certvalidator.egg-info/PKG-INFO
2026-03-27 23:04:42.000000000 +0100
+++
new/pyhanko_certvalidator-0.31.1/src/pyhanko_certvalidator.egg-info/PKG-INFO
2026-05-06 01:58:40.000000000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.4
Name: pyhanko-certvalidator
-Version: 0.30.2
+Version: 0.31.1
Summary: Validates X.509 certificates and paths; forked from
wbond/certvalidator
Author-email: Matthias Valvekens <[email protected]>
License-Expression: MIT
@@ -20,7 +20,7 @@
License-File: LICENSE
Requires-Dist: asn1crypto>=1.5.1
Requires-Dist: oscrypto>=1.1.0
-Requires-Dist: cryptography>=41.0.5
+Requires-Dist: cryptography>=48.0.0
Requires-Dist: uritools>=3.0.1
Requires-Dist: requests>=2.31.0
Provides-Extra: async-http
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/pyhanko_certvalidator-0.30.2/src/pyhanko_certvalidator.egg-info/requires.txt
new/pyhanko_certvalidator-0.31.1/src/pyhanko_certvalidator.egg-info/requires.txt
---
old/pyhanko_certvalidator-0.30.2/src/pyhanko_certvalidator.egg-info/requires.txt
2026-03-27 23:04:42.000000000 +0100
+++
new/pyhanko_certvalidator-0.31.1/src/pyhanko_certvalidator.egg-info/requires.txt
2026-05-06 01:58:40.000000000 +0200
@@ -1,6 +1,6 @@
asn1crypto>=1.5.1
oscrypto>=1.1.0
-cryptography>=41.0.5
+cryptography>=48.0.0
uritools>=3.0.1
requests>=2.31.0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/pyhanko_certvalidator-0.30.2/tests/fixtures/nist_pkits/pkits.json
new/pyhanko_certvalidator-0.31.1/tests/fixtures/nist_pkits/pkits.json
--- old/pyhanko_certvalidator-0.30.2/tests/fixtures/nist_pkits/pkits.json
2026-03-27 23:04:35.000000000 +0100
+++ new/pyhanko_certvalidator-0.31.1/tests/fixtures/nist_pkits/pkits.json
2026-05-06 01:58:32.000000000 +0200
@@ -2752,22 +2752,6 @@
}
},
{
- "id": "41303",
- "name": "invalid_dn_nameconstraints_test3",
- "cert": "InvalidDNnameConstraintsTest3EE.crt",
- "other_certs": [
- "nameConstraintsDN1CACert.crt"
- ],
- "crls": [
- "nameConstraintsDN1CACRL.crl"
- ],
- "path_len": 3,
- "error": {
- "class": "PathValidationError",
- "msg_regex": "The path could not be validated because not all names of
the end-entity certificate are in the permitted namespace of the issuing
authority."
- }
- },
- {
"id": "41304",
"name": "valid_dn_nameconstraints_test4",
"cert": "ValidDNnameConstraintsTest4EE.crt",
