adding ports@ to cc On 2023/05/18 06:49, orbea wrote: > Hi, > > As you may be aware urllib3 has added code that checks that OpenSSL > version string explicitly starts with "OpenSSL " breaking runtime with > any other ssl implementations such as LibreSSL. > > https://github.com/urllib3/urllib3/blob/5dbc8e23488862aadab0706128d387af2f406b51/src/urllib3/__init__.py#L35 > > After some discussion in on their Github issue tracker its been > suggested to turn this into a warning instead, but a small number of > the tests fail leaving them hesitant to follow through. > > https://github.com/urllib3/urllib3/issues/2168 > > I posted my test results in the relevant PR. > > https://github.com/urllib3/urllib3/pull/3024#issuecomment-1546991435 > > And upstream made a basic comment on what is failing here. > > https://github.com/urllib3/urllib3/pull/3024#issuecomment-1549555363 > > However I have limited experience with python and understanding these > tests is hard for me, is there anyone more capable and willing of > helping as requested in the closed issue? > > https://github.com/urllib3/urllib3/issues/2168#issuecomment-1553027058 > > I attached a small workaround patch, but it doesn't fix the tests.
> --- a/openssl-sys-0.9.83/build/main.rs.orig > +++ b/openssl-sys-0.9.83/build/main.rs > @@ -295,6 +295,7 @@ > (3, 6, _) => ('3', '6', 'x'), > (3, 7, 0) => ('3', '7', '0'), > (3, 7, 1) => ('3', '7', '1'), > + (3, _, _) => ('3', 'x', 'x'), > _ => version_error(), > }; > I just saw this too. Probably easier to look into this on OpenBSD as cryptography doesn't need touching. Here is the main part of the PR in the form of a patch to the port, tests are still running and it's time to go out for yoga class so I'll send what I have in the hope it avoids anyone having to duplicate work. Tests make network conn's so disable any _pbuild PF blocks. Index: Makefile =================================================================== RCS file: /cvs/ports/www/py-urllib3/Makefile,v retrieving revision 1.37 diff -u -p -r1.37 Makefile --- Makefile 11 Mar 2023 11:24:09 -0000 1.37 +++ Makefile 18 May 2023 16:18:52 -0000 @@ -1,6 +1,6 @@ COMMENT= HTTP library for Python -MODPY_EGG_VERSION= 1.26.15 +MODPY_EGG_VERSION= 2.0.2 DISTNAME= urllib3-${MODPY_EGG_VERSION} PKGNAME= py-urllib3-${MODPY_EGG_VERSION} @@ -16,9 +16,14 @@ FLAVOR= python3 MODPY_PI= Yes MODPY_PYBUILD= setuptools +MODPY_PYTEST_ARGS= -v # optional, displays test names rather than summary -TEST_DEPENDS= devel/py-mock${MODPY_FLAVOR} \ +TEST_DEPENDS= devel/py-coverage${MODPY_FLAVOR} \ + devel/py-freezegun${MODPY_FLAVOR} \ + devel/py-test-timeout${MODPY_FLAVOR} \ net/py-socks${MODPY_FLAVOR} \ + security/py-cryptography${MODPY_FLAVOR} \ + security/py-openssl${MODPY_FLAVOR} \ sysutils/py-psutil${MODPY_FLAVOR} \ security/py-trustme${MODPY_FLAVOR} \ www/py-tornado${MODPY_FLAVOR} Index: distinfo =================================================================== RCS file: /cvs/ports/www/py-urllib3/distinfo,v retrieving revision 1.25 diff -u -p -r1.25 distinfo --- distinfo 11 Mar 2023 11:24:09 -0000 1.25 +++ distinfo 18 May 2023 16:18:52 -0000 @@ -1,2 +1,2 @@ -SHA256 (urllib3-1.26.15.tar.gz) = ijiHF7lHb5NKIUhOjI5hh1q2BkTSm5s54R5LncHGswU= -SIZE (urllib3-1.26.15.tar.gz) = 301444 +SHA256 (urllib3-2.0.2.tar.gz) = YXF6EJXX4VXNtzese7L0MkqFih4uZGb20D/2MMpo08w= +SIZE (urllib3-2.0.2.tar.gz) = 277703 Index: patches/patch-src_urllib3___init___py =================================================================== RCS file: patches/patch-src_urllib3___init___py diff -N patches/patch-src_urllib3___init___py --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_urllib3___init___py 18 May 2023 16:18:52 -0000 @@ -0,0 +1,32 @@ +from https://github.com/urllib3/urllib3/pull/3024 + +Index: src/urllib3/__init__.py +--- src/urllib3/__init__.py.orig ++++ src/urllib3/__init__.py +@@ -30,17 +30,19 @@ try: + except ImportError: + pass + else: +- # fmt: off +- if ( +- not ssl.OPENSSL_VERSION.startswith("OpenSSL ") +- or ssl.OPENSSL_VERSION_INFO < (1, 1, 1) +- ): # Defensive: ++ if not ssl.OPENSSL_VERSION.startswith("OpenSSL "): # Defensive: ++ warnings.warn( ++ "urllib3 v2.0 only supports OpenSSL 1.1.1+, currently " ++ f"the 'ssl' module is compiled with {ssl.OPENSSL_VERSION!r}. " ++ "See: https://github.com/urllib3/urllib3/issues/3020", ++ exceptions.NotOpenSSLWarning, ++ ) ++ elif ssl.OPENSSL_VERSION_INFO < (1, 1, 1): # Defensive: + raise ImportError( + "urllib3 v2.0 only supports OpenSSL 1.1.1+, currently " +- f"the 'ssl' module is compiled with {ssl.OPENSSL_VERSION}. " ++ f"the 'ssl' module is compiled with {ssl.OPENSSL_VERSION!r}. " + "See: https://github.com/urllib3/urllib3/issues/2168" + ) +- # fmt: on + + # === NOTE TO REPACKAGERS AND VENDORS === + # Please delete this block, this logic is only Index: patches/patch-src_urllib3_exceptions_py =================================================================== RCS file: patches/patch-src_urllib3_exceptions_py diff -N patches/patch-src_urllib3_exceptions_py --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_urllib3_exceptions_py 18 May 2023 16:18:52 -0000 @@ -0,0 +1,16 @@ +from https://github.com/urllib3/urllib3/pull/3024 + +Index: src/urllib3/exceptions.py +--- src/urllib3/exceptions.py.orig ++++ src/urllib3/exceptions.py +@@ -214,6 +214,10 @@ class InsecureRequestWarning(SecurityWarning): + """Warned when making an unverified HTTPS request.""" + + ++class NotOpenSSLWarning(SecurityWarning): ++ """Warned when using unsupported SSL library""" ++ ++ + class SystemTimeWarning(SecurityWarning): + """Warned when system time is suspected to be wrong""" +