Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-pyOpenSSL for
openSUSE:Factory checked in at 2023-01-03 15:04:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-pyOpenSSL (Old)
and /work/SRC/openSUSE:Factory/.python-pyOpenSSL.new.1563 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-pyOpenSSL"
Tue Jan 3 15:04:28 2023 rev:48 rq:1046269 version:23.0.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-pyOpenSSL/python-pyOpenSSL.changes
2022-10-29 20:17:04.626201193 +0200
+++
/work/SRC/openSUSE:Factory/.python-pyOpenSSL.new.1563/python-pyOpenSSL.changes
2023-01-03 15:04:35.758240426 +0100
@@ -1,0 +2,10 @@
+Mon Jan 2 18:47:06 UTC 2023 - Dirk Müller <dmuel...@suse.com>
+
+- update to 23.0.0:
+ * Add ``OpenSSL.SSL.X509StoreFlags.PARTIAL_CHAIN`` constant to allow for
+ users
+ to perform certificate verification on partial certificate chains.
+ * ``cryptography`` maximum version has been increased to 39.0.x.
+- drop pyOpenSSL-pr1158-conditional-__all__.patch (upstream)
+
+-------------------------------------------------------------------
Old:
----
pyOpenSSL-22.1.0.tar.gz
pyOpenSSL-pr1158-conditional-__all__.patch
New:
----
pyOpenSSL-23.0.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-pyOpenSSL.spec ++++++
--- /var/tmp/diff_new_pack.l9nxPO/_old 2023-01-03 15:04:36.310243647 +0100
+++ /var/tmp/diff_new_pack.l9nxPO/_new 2023-01-03 15:04:36.314243670 +0100
@@ -1,7 +1,7 @@
#
# spec file
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -27,7 +27,7 @@
%endif
%global skip_python2 1
Name: python-pyOpenSSL%{psuffix}
-Version: 22.1.0
+Version: 23.0.0
Release: 0
Summary: Python wrapper module around the OpenSSL library
License: Apache-2.0
@@ -36,14 +36,12 @@
# PATCH-FIX-UPSTREAM skip-networked-test.patch gh#pyca/pyopenssl#68
mc...@suse.com
# Mark tests requiring network access
Patch0: skip-networked-test.patch
-# PATCH-FIX-UPSTREAM pyOpenSSL-pr1158-conditional-__all__.patch
gh#pyca/pyopenssl#1158
-Patch1: pyOpenSSL-pr1158-conditional-__all__.patch
BuildRequires: %{python_module cffi}
BuildRequires: %{python_module setuptools}
BuildRequires: fdupes
BuildRequires: python-rpm-macros
%if %{with test}
-BuildRequires: %{python_module cryptography >= 38.0.0 with
%python-cryptography < 39}
+BuildRequires: %{python_module cryptography >= 38.0.0 with
%python-cryptography < 40}
BuildRequires: %{python_module flaky}
BuildRequires: %{python_module pretend}
BuildRequires: %{python_module pyOpenSSL >= %version}
@@ -52,7 +50,7 @@
BuildRequires: openssl
%endif
Requires: python-cffi
-Requires: (python-cryptography >= 38.0.0 with python-cryptography < 39)
+Requires: (python-cryptography >= 38.0.0 with python-cryptography < 40)
Provides: pyOpenSSL = %{version}
BuildArch: noarch
%python_subpackages
++++++ pyOpenSSL-22.1.0.tar.gz -> pyOpenSSL-23.0.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-22.1.0/CHANGELOG.rst
new/pyOpenSSL-23.0.0/CHANGELOG.rst
--- old/pyOpenSSL-22.1.0/CHANGELOG.rst 2022-09-25 03:13:51.000000000 +0200
+++ new/pyOpenSSL-23.0.0/CHANGELOG.rst 2023-01-02 05:29:00.000000000 +0100
@@ -4,14 +4,32 @@
Versions are year-based with a strict backward-compatibility policy.
The third digit is only for regressions.
-22.1.0 (UNRELEASED)
+23.0.0 (2023-01-01)
+-------------------
+
+Backward-incompatible changes:
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Deprecations:
+^^^^^^^^^^^^^
+
+Changes:
+^^^^^^^^
+
+- Add ``OpenSSL.SSL.X509StoreFlags.PARTIAL_CHAIN`` constant to allow for users
+ to perform certificate verification on partial certificate chains.
+ `#1166 <https://github.com/pyca/pyopenssl/pull/1166>`_
+- ``cryptography`` maximum version has been increased to 39.0.x.
+
+22.1.0 (2022-09-25)
-------------------
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Remove support for SSLv2 and SSLv3.
-- The minimum ``cryptography`` version is now 37.0.2.
+- The minimum ``cryptography`` version is now 38.0.x (and we now pin releases
+ against ``cryptography`` major versions to prevent future breakage)
- The ``OpenSSL.crypto.X509StoreContextError`` exception has been refactored,
changing its internal attributes.
`#1133 <https://github.com/pyca/pyopenssl/pull/1133>`_
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-22.1.0/PKG-INFO
new/pyOpenSSL-23.0.0/PKG-INFO
--- old/pyOpenSSL-22.1.0/PKG-INFO 2022-09-25 19:44:25.184811600 +0200
+++ new/pyOpenSSL-23.0.0/PKG-INFO 2023-01-02 05:30:57.825963000 +0100
@@ -1,13 +1,12 @@
Metadata-Version: 2.1
Name: pyOpenSSL
-Version: 22.1.0
+Version: 23.0.0
Summary: Python wrapper module around the OpenSSL library
Home-page: https://pyopenssl.org/
Author: The pyOpenSSL developers
Author-email: cryptography-...@python.org
License: Apache License, Version 2.0
Project-URL: Source, https://github.com/pyca/pyopenssl
-Platform: UNKNOWN
Classifier: Development Status :: 6 - Mature
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Apache Software License
@@ -20,6 +19,7 @@
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: Implementation :: CPython
Classifier: Programming Language :: Python :: Implementation :: PyPy
Classifier: Topic :: Security :: Cryptography
@@ -81,14 +81,32 @@
Release Information
===================
-22.1.0 (UNRELEASED)
+23.0.0 (2023-01-01)
+-------------------
+
+Backward-incompatible changes:
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Deprecations:
+^^^^^^^^^^^^^
+
+Changes:
+^^^^^^^^
+
+- Add ``OpenSSL.SSL.X509StoreFlags.PARTIAL_CHAIN`` constant to allow for users
+ to perform certificate verification on partial certificate chains.
+ `#1166 <https://github.com/pyca/pyopenssl/pull/1166>`_
+- ``cryptography`` maximum version has been increased to 39.0.x.
+
+22.1.0 (2022-09-25)
-------------------
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Remove support for SSLv2 and SSLv3.
-- The minimum ``cryptography`` version is now 37.0.2.
+- The minimum ``cryptography`` version is now 38.0.x (and we now pin releases
+ against ``cryptography`` major versions to prevent future breakage)
- The ``OpenSSL.crypto.X509StoreContextError`` exception has been refactored,
changing its internal attributes.
`#1133 <https://github.com/pyca/pyopenssl/pull/1133>`_
@@ -236,5 +254,3 @@
`Full changelog <https://pyopenssl.org/en/stable/changelog.html>`_.
-
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-22.1.0/doc/api/crypto.rst
new/pyOpenSSL-23.0.0/doc/api/crypto.rst
--- old/pyOpenSSL-22.1.0/doc/api/crypto.rst 2021-11-14 23:39:04.000000000
+0100
+++ new/pyOpenSSL-23.0.0/doc/api/crypto.rst 2022-12-16 04:25:25.000000000
+0100
@@ -149,6 +149,7 @@
.. data:: INHIBIT_MAP
.. data:: NOTIFY_POLICY
.. data:: CHECK_SS_SIGNATURE
+ .. data:: PARTIAL_CHAIN
.. _openssl-x509storeflags:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-22.1.0/setup.py
new/pyOpenSSL-23.0.0/setup.py
--- old/pyOpenSSL-22.1.0/setup.py 2022-09-25 16:58:29.000000000 +0200
+++ new/pyOpenSSL-23.0.0/setup.py 2023-01-02 05:29:00.000000000 +0100
@@ -85,6 +85,7 @@
"Programming Language :: Python :: 3.8",
"Programming Language :: Python :: 3.9",
"Programming Language :: Python :: 3.10",
+ "Programming Language :: Python :: 3.11",
"Programming Language :: Python :: Implementation :: CPython",
"Programming Language :: Python :: Implementation :: PyPy",
"Topic :: Security :: Cryptography",
@@ -96,7 +97,7 @@
package_dir={"": "src"},
install_requires=[
# Fix cryptographyMinimum in tox.ini when changing this!
- "cryptography>=38.0.0,<39",
+ "cryptography>=38.0.0,<40",
],
extras_require={
"test": ["flaky", "pretend", "pytest>=3.0.1"],
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-22.1.0/src/OpenSSL/SSL.py
new/pyOpenSSL-23.0.0/src/OpenSSL/SSL.py
--- old/pyOpenSSL-22.1.0/src/OpenSSL/SSL.py 2022-09-25 03:13:51.000000000
+0200
+++ new/pyOpenSSL-23.0.0/src/OpenSSL/SSL.py 2022-10-24 04:50:37.000000000
+0200
@@ -59,7 +59,6 @@
"OP_NO_TLSv1",
"OP_NO_TLSv1_1",
"OP_NO_TLSv1_2",
- "OP_NO_TLSv1_3",
"MODE_RELEASE_BUFFERS",
"OP_SINGLE_DH_USE",
"OP_SINGLE_ECDH_USE",
@@ -84,8 +83,6 @@
"OP_NO_QUERY_MTU",
"OP_COOKIE_EXCHANGE",
"OP_NO_TICKET",
- "OP_NO_RENEGOTIATION",
- "OP_IGNORE_UNEXPECTED_EOF",
"OP_ALL",
"VERIFY_PEER",
"VERIFY_FAIL_IF_NO_PEER_CERT",
@@ -172,6 +169,7 @@
OP_NO_TLSv1_2 = _lib.SSL_OP_NO_TLSv1_2
try:
OP_NO_TLSv1_3 = _lib.SSL_OP_NO_TLSv1_3
+ __all__.append("OP_NO_TLSv1_3")
except AttributeError:
pass
@@ -208,11 +206,13 @@
try:
OP_NO_RENEGOTIATION = _lib.SSL_OP_NO_RENEGOTIATION
+ __all__.append("OP_NO_RENEGOTIATION")
except AttributeError:
pass
try:
OP_IGNORE_UNEXPECTED_EOF = _lib.SSL_OP_IGNORE_UNEXPECTED_EOF
+ __all__.append("OP_IGNORE_UNEXPECTED_EOF")
except AttributeError:
pass
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-22.1.0/src/OpenSSL/crypto.py
new/pyOpenSSL-23.0.0/src/OpenSSL/crypto.py
--- old/pyOpenSSL-22.1.0/src/OpenSSL/crypto.py 2022-09-16 14:23:19.000000000
+0200
+++ new/pyOpenSSL-23.0.0/src/OpenSSL/crypto.py 2023-01-02 03:57:32.000000000
+0100
@@ -168,12 +168,34 @@
"""
if not isinstance(when, bytes):
raise TypeError("when must be a byte string")
+ # ASN1_TIME_set_string validates the string without writing anything
+ # when the destination is NULL.
+ _openssl_assert(boundary != _ffi.NULL)
set_result = _lib.ASN1_TIME_set_string(boundary, when)
if set_result == 0:
raise ValueError("Invalid string")
+def _new_asn1_time(when: bytes) -> Any:
+ """
+ Behaves like _set_asn1_time but returns a new ASN1_TIME object.
+
+ @param when: A string representation of the desired time value.
+
+ @raise TypeError: If C{when} is not a L{bytes} string.
+ @raise ValueError: If C{when} does not represent a time in the required
+ format.
+ @raise RuntimeError: If the time value cannot be set for some other
+ (unspecified) reason.
+ """
+ ret = _lib.ASN1_TIME_new()
+ _openssl_assert(ret != _ffi.NULL)
+ ret = _ffi.gc(ret, _lib.ASN1_TIME_free)
+ _set_asn1_time(ret, when)
+ return ret
+
+
def _get_asn1_time(timestamp: Any) -> Optional[bytes]:
"""
Retrieve the time value of an ASN1 time object.
@@ -762,7 +784,8 @@
:param bool critical: A flag indicating whether this is a critical
extension.
- :param value: The value of the extension.
+ :param value: The OpenSSL textual representation of the extension's
+ value.
:type value: :py:data:`bytes`
:param subject: Optional X509 certificate to use as subject.
@@ -1611,6 +1634,7 @@
INHIBIT_MAP: int = _lib.X509_V_FLAG_INHIBIT_MAP
NOTIFY_POLICY: int = _lib.X509_V_FLAG_NOTIFY_POLICY
CHECK_SS_SIGNATURE: int = _lib.X509_V_FLAG_CHECK_SS_SIGNATURE
+ PARTIAL_CHAIN: int = _lib.X509_V_FLAG_PARTIAL_CHAIN
class X509Store:
@@ -2282,8 +2306,11 @@
as ASN.1 TIME.
:return: ``None``
"""
- dt = _lib.X509_REVOKED_get0_revocationDate(self._revoked)
- return _set_asn1_time(dt, when)
+ revocationDate = _new_asn1_time(when)
+ ret = _lib.X509_REVOKED_set_revocationDate(
+ self._revoked, revocationDate
+ )
+ _openssl_assert(ret == 1)
def get_rev_date(self) -> Optional[bytes]:
"""
@@ -2405,11 +2432,6 @@
"""
_openssl_assert(_lib.X509_CRL_set_version(self._crl, version) != 0)
- def _set_boundary_time(
- self, which: Callable[..., Any], when: bytes
- ) -> None:
- return _set_asn1_time(which(self._crl), when)
-
def set_lastUpdate(self, when: bytes) -> None:
"""
Set when the CRL was last updated.
@@ -2423,7 +2445,9 @@
:param bytes when: A timestamp string.
:return: ``None``
"""
- return self._set_boundary_time(_lib.X509_CRL_get0_lastUpdate, when)
+ lastUpdate = _new_asn1_time(when)
+ ret = _lib.X509_CRL_set1_lastUpdate(self._crl, lastUpdate)
+ _openssl_assert(ret == 1)
def set_nextUpdate(self, when: bytes) -> None:
"""
@@ -2438,7 +2462,9 @@
:param bytes when: A timestamp string.
:return: ``None``
"""
- return self._set_boundary_time(_lib.X509_CRL_get0_nextUpdate, when)
+ nextUpdate = _new_asn1_time(when)
+ ret = _lib.X509_CRL_set1_nextUpdate(self._crl, nextUpdate)
+ _openssl_assert(ret == 1)
def sign(self, issuer_cert: X509, issuer_key: PKey, digest: bytes) -> None:
"""
@@ -2501,23 +2527,26 @@
if digest_obj == _ffi.NULL:
raise ValueError("No such digest method")
- bio = _lib.BIO_new(_lib.BIO_s_mem())
- _openssl_assert(bio != _ffi.NULL)
-
# A scratch time object to give different values to different CRL
# fields
sometime = _lib.ASN1_TIME_new()
_openssl_assert(sometime != _ffi.NULL)
+ sometime = _ffi.gc(sometime, _lib.ASN1_TIME_free)
- _lib.X509_gmtime_adj(sometime, 0)
- _lib.X509_CRL_set1_lastUpdate(self._crl, sometime)
+ ret = _lib.X509_gmtime_adj(sometime, 0)
+ _openssl_assert(ret != _ffi.NULL)
+ ret = _lib.X509_CRL_set1_lastUpdate(self._crl, sometime)
+ _openssl_assert(ret == 1)
+
+ ret = _lib.X509_gmtime_adj(sometime, days * 24 * 60 * 60)
+ _openssl_assert(ret != _ffi.NULL)
+ ret = _lib.X509_CRL_set1_nextUpdate(self._crl, sometime)
+ _openssl_assert(ret == 1)
- _lib.X509_gmtime_adj(sometime, days * 24 * 60 * 60)
- _lib.X509_CRL_set1_nextUpdate(self._crl, sometime)
-
- _lib.X509_CRL_set_issuer_name(
+ ret = _lib.X509_CRL_set_issuer_name(
self._crl, _lib.X509_get_subject_name(cert._x509)
)
+ _openssl_assert(ret == 1)
sign_result = _lib.X509_CRL_sign(self._crl, key._pkey, digest_obj)
if not sign_result:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-22.1.0/src/OpenSSL/version.py
new/pyOpenSSL-23.0.0/src/OpenSSL/version.py
--- old/pyOpenSSL-22.1.0/src/OpenSSL/version.py 2022-09-25 19:43:32.000000000
+0200
+++ new/pyOpenSSL-23.0.0/src/OpenSSL/version.py 2023-01-02 05:29:00.000000000
+0100
@@ -17,7 +17,7 @@
"__version__",
]
-__version__ = "22.1.0"
+__version__ = "23.0.0"
__title__ = "pyOpenSSL"
__uri__ = "https://pyopenssl.org/";
@@ -25,4 +25,4 @@
__author__ = "The pyOpenSSL developers"
__email__ = "cryptography-...@python.org"
__license__ = "Apache License, Version 2.0"
-__copyright__ = "Copyright 2001-2022 {0}".format(__author__)
+__copyright__ = "Copyright 2001-2023 {0}".format(__author__)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-22.1.0/src/pyOpenSSL.egg-info/PKG-INFO
new/pyOpenSSL-23.0.0/src/pyOpenSSL.egg-info/PKG-INFO
--- old/pyOpenSSL-22.1.0/src/pyOpenSSL.egg-info/PKG-INFO 2022-09-25
19:44:24.000000000 +0200
+++ new/pyOpenSSL-23.0.0/src/pyOpenSSL.egg-info/PKG-INFO 2023-01-02
05:30:57.000000000 +0100
@@ -1,13 +1,12 @@
Metadata-Version: 2.1
Name: pyOpenSSL
-Version: 22.1.0
+Version: 23.0.0
Summary: Python wrapper module around the OpenSSL library
Home-page: https://pyopenssl.org/
Author: The pyOpenSSL developers
Author-email: cryptography-...@python.org
License: Apache License, Version 2.0
Project-URL: Source, https://github.com/pyca/pyopenssl
-Platform: UNKNOWN
Classifier: Development Status :: 6 - Mature
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Apache Software License
@@ -20,6 +19,7 @@
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: Implementation :: CPython
Classifier: Programming Language :: Python :: Implementation :: PyPy
Classifier: Topic :: Security :: Cryptography
@@ -81,14 +81,32 @@
Release Information
===================
-22.1.0 (UNRELEASED)
+23.0.0 (2023-01-01)
+-------------------
+
+Backward-incompatible changes:
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Deprecations:
+^^^^^^^^^^^^^
+
+Changes:
+^^^^^^^^
+
+- Add ``OpenSSL.SSL.X509StoreFlags.PARTIAL_CHAIN`` constant to allow for users
+ to perform certificate verification on partial certificate chains.
+ `#1166 <https://github.com/pyca/pyopenssl/pull/1166>`_
+- ``cryptography`` maximum version has been increased to 39.0.x.
+
+22.1.0 (2022-09-25)
-------------------
Backward-incompatible changes:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
- Remove support for SSLv2 and SSLv3.
-- The minimum ``cryptography`` version is now 37.0.2.
+- The minimum ``cryptography`` version is now 38.0.x (and we now pin releases
+ against ``cryptography`` major versions to prevent future breakage)
- The ``OpenSSL.crypto.X509StoreContextError`` exception has been refactored,
changing its internal attributes.
`#1133 <https://github.com/pyca/pyopenssl/pull/1133>`_
@@ -236,5 +254,3 @@
`Full changelog <https://pyopenssl.org/en/stable/changelog.html>`_.
-
-
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-22.1.0/src/pyOpenSSL.egg-info/requires.txt
new/pyOpenSSL-23.0.0/src/pyOpenSSL.egg-info/requires.txt
--- old/pyOpenSSL-22.1.0/src/pyOpenSSL.egg-info/requires.txt 2022-09-25
19:44:25.000000000 +0200
+++ new/pyOpenSSL-23.0.0/src/pyOpenSSL.egg-info/requires.txt 2023-01-02
05:30:57.000000000 +0100
@@ -1,4 +1,4 @@
-cryptography<39,>=38.0.0
+cryptography<40,>=38.0.0
[docs]
sphinx!=5.2.0,!=5.2.0.post0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-22.1.0/tests/test_crypto.py
new/pyOpenSSL-23.0.0/tests/test_crypto.py
--- old/pyOpenSSL-22.1.0/tests/test_crypto.py 2022-09-16 14:23:19.000000000
+0200
+++ new/pyOpenSSL-23.0.0/tests/test_crypto.py 2022-12-16 17:05:37.000000000
+0100
@@ -3850,7 +3850,9 @@
crl.add_revoked(revoked)
crl.set_version(1)
crl.set_lastUpdate(b"20140601000000Z")
- crl.set_nextUpdate(b"20180601000000Z")
+ # The year 5000 is far into the future so that this CRL isn't
+ # considered to have expired.
+ crl.set_nextUpdate(b"50000601000000Z")
crl.sign(issuer_cert, issuer_key, digest=b"sha512")
return crl
@@ -4285,6 +4287,19 @@
assert str(exc.value) == "unable to get local issuer certificate"
+ def test_verify_with_partial_chain(self):
+ store = X509Store()
+ store.add_cert(self.intermediate_cert)
+
+ store_ctx = X509StoreContext(store, self.intermediate_server_cert)
+ with pytest.raises(X509StoreContextError):
+ store_ctx.verify_certificate()
+
+ # Now set the partial verification flag for verification.
+ store.set_flags(X509StoreFlags.PARTIAL_CHAIN)
+ store_ctx = X509StoreContext(store, self.intermediate_server_cert)
+ assert store_ctx.verify_certificate() is None
+
class TestSignVerify:
"""
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-22.1.0/tests/test_ssl.py
new/pyOpenSSL-23.0.0/tests/test_ssl.py
--- old/pyOpenSSL-22.1.0/tests/test_ssl.py 2022-09-25 16:58:29.000000000
+0200
+++ new/pyOpenSSL-23.0.0/tests/test_ssl.py 2022-12-16 04:25:25.000000000
+0100
@@ -7,6 +7,7 @@
import datetime
import gc
+import select
import sys
import uuid
from errno import (
@@ -1297,20 +1298,20 @@
"""
serverSocket, clientSocket = socket_pair()
- server = Connection(serverContext, serverSocket)
- server.set_accept_state()
-
- client = Connection(clientContext, clientSocket)
- client.set_connect_state()
-
- # Make them talk to each other.
- # interact_in_memory(client, server)
- for _ in range(3):
- for s in [client, server]:
- try:
- s.do_handshake()
- except WantReadError:
- pass
+ with serverSocket, clientSocket:
+ server = Connection(serverContext, serverSocket)
+ server.set_accept_state()
+
+ client = Connection(clientContext, clientSocket)
+ client.set_connect_state()
+
+ # Make them talk to each other.
+ for _ in range(3):
+ for s in [client, server]:
+ try:
+ s.do_handshake()
+ except WantReadError:
+ select.select([client, server], [], [])
def test_set_verify_callback_connection_argument(self):
"""
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyOpenSSL-22.1.0/tox.ini new/pyOpenSSL-23.0.0/tox.ini
--- old/pyOpenSSL-22.1.0/tox.ini 2022-09-25 03:13:51.000000000 +0200
+++ new/pyOpenSSL-23.0.0/tox.ini 2022-12-16 04:25:25.000000000 +0100
@@ -1,10 +1,17 @@
[tox]
-envlist =
{pypy,pypy3,py36,py37,py38,py39,py310}{,-cryptographyMain,-cryptographyMinimum}{,-useWheel}{,-randomorder},py37-twistedTrunk,check-manifest,flake8,py36-mypy,docs,coverage-report
+envlist =
py{py,py3,36,37,38,39,310,311}{,-cryptographyMain,-cryptographyMinimum}{,-useWheel}{,-randomorder},py37-twistedTrunk,check-manifest,flake8,py36-mypy,docs,coverage-report
[testenv]
-whitelist_externals =
+allowlist_externals =
openssl
-passenv = ARCHFLAGS CFLAGS LC_ALL LDFLAGS PATH LD_LIBRARY_PATH TERM
+passenv =
+ ARCHFLAGS
+ CFLAGS
+ LC_ALL
+ LDFLAGS
+ PATH
+ LD_LIBRARY_PATH
+ TERM
extras =
test
deps =
@@ -27,7 +34,6 @@
deps =
Twisted[all_non_platform] @ git+https://github.com/twisted/twisted
setenv =
-passenv = ARCHFLAGS CFLAGS LC_ALL LDFLAGS PATH LD_LIBRARY_PATH TERM
commands =
python -c "import OpenSSL.SSL;
print(OpenSSL.SSL.SSLeay_version(OpenSSL.SSL.SSLEAY_VERSION))"
python -c "import cryptography; print(cryptography.__version__)"
