Sync from SUSE:ALP:Source:Standard:1.0 python-pyOpenSSL revision 469e827b3d3221737fde36b4f6876194
This commit is contained in:
commit
cc6fe44514
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
||||
## Default LFS
|
||||
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||
*.png filter=lfs diff=lfs merge=lfs -text
|
||||
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
*.zst filter=lfs diff=lfs merge=lfs -text
|
3
_multibuild
Normal file
3
_multibuild
Normal file
@ -0,0 +1,3 @@
|
||||
<multibuild>
|
||||
<package>test</package>
|
||||
</multibuild>
|
BIN
pyOpenSSL-24.0.0.tar.gz
(Stored with Git LFS)
Normal file
BIN
pyOpenSSL-24.0.0.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
596
python-pyOpenSSL.changes
Normal file
596
python-pyOpenSSL.changes
Normal file
@ -0,0 +1,596 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 29 21:16:31 UTC 2024 - Dirk Müller <dmueller@suse.com>
|
||||
|
||||
- update to 24.0.0:
|
||||
* Added OpenSSL.SSL.Connection.get_selected_srtp_profile to
|
||||
determine which SRTP profile was negotiated. #1279.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Nov 27 08:52:41 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
||||
|
||||
- update to 23.3.0:
|
||||
* Dropped support for Python 3.6.
|
||||
* The minimum ``cryptography`` version is now 41.0.5.
|
||||
* Removed ``OpenSSL.crypto.loads_pkcs7`` and
|
||||
``OpenSSL.crypto.loads_pkcs12`` which had been deprecated for
|
||||
3 years.
|
||||
* Added ``OpenSSL.SSL.OP_LEGACY_SERVER_CONNECT`` to allow
|
||||
legacy insecure renegotiation between OpenSSL and unpatched
|
||||
servers.
|
||||
* Deprecated ``OpenSSL.crypto.PKCS12`` (which was intended to
|
||||
have been deprecated at the same time as
|
||||
``OpenSSL.crypto.load_pkcs12``).
|
||||
* Deprecated ``OpenSSL.crypto.NetscapeSPKI``.
|
||||
* Deprecated ``OpenSSL.crypto.CRL``
|
||||
* Deprecated ``OpenSSL.crypto.Revoked``
|
||||
* Deprecated ``OpenSSL.crypto.load_crl`` and
|
||||
``OpenSSL.crypto.dump_crl``
|
||||
* Deprecated ``OpenSSL.crypto.sign`` and
|
||||
``OpenSSL.crypto.verify``
|
||||
* Deprecated ``OpenSSL.crypto.X509Extension``
|
||||
* Changed ``OpenSSL.crypto.X509Store.add_crl`` to also accept
|
||||
* ``cryptography``'s ``x509.CertificateRevocationList``
|
||||
arguments in addition
|
||||
* to the now deprecated ``OpenSSL.crypto.CRL`` arguments.
|
||||
* Fixed ``test_set_default_verify_paths`` test so that it is
|
||||
skipped if no network connection is available.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 19 20:25:32 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
||||
|
||||
- update to 23.2.0:
|
||||
* Removed ``X509StoreFlags.NOTIFY_POLICY``.
|
||||
* ``cryptography`` maximum version has been increased to
|
||||
41.0.x.
|
||||
* Invalid versions are now rejected in
|
||||
``OpenSSL.crypto.X509Req.set_version``.
|
||||
* Added ``X509VerificationCodes`` to ``OpenSSL.SSL``.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Apr 21 12:30:17 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
||||
|
||||
- add sle15_python_module_pythons (jsc#PED-68)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 13 22:43:49 UTC 2023 - Matej Cepl <mcepl@suse.com>
|
||||
|
||||
- Make calling of %{sle15modernpython} optional.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 28 15:40:13 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
||||
|
||||
- update to 23.1.1:
|
||||
* Worked around an issue in OpenSSL 3.1.0 which caused
|
||||
`X509Extension.get_short_name` to raise an exception when no
|
||||
short name was known to OpenSSL.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 27 07:54:16 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
||||
|
||||
- update to 23.1.0:
|
||||
* ``cryptography`` maximum version has been increased to
|
||||
40.0.x.
|
||||
* Add ``OpenSSL.SSL.Connection.DTLSv1_get_timeout`` and
|
||||
``OpenSSL.SSL.Connection.DTLSv1_handle_timeout``
|
||||
to support DTLS timeouts `#1180
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 2 18:47:06 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
||||
|
||||
- update to 23.0.0:
|
||||
* Add ``OpenSSL.SSL.X509StoreFlags.PARTIAL_CHAIN`` constant to allow for
|
||||
users
|
||||
to perform certificate verification on partial certificate chains.
|
||||
* ``cryptography`` maximum version has been increased to 39.0.x.
|
||||
- drop pyOpenSSL-pr1158-conditional-__all__.patch (upstream)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Oct 21 14:20:05 UTC 2022 - Ben Greiner <code@bnavigator.de>
|
||||
|
||||
- Upstream post-release doc fix (gh#pyca/pyopenssl#1150)
|
||||
* The minimum cryptography version is now 38.0.x (and we now pin
|
||||
releases against cryptography major versions to prevent future
|
||||
breakage)
|
||||
- Add pyOpenSSL-pr1158-conditional-__all__.patch
|
||||
gh#pyca/pyopenssl#1158
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Sep 29 19:33:29 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
||||
|
||||
- update to 22.1.0:
|
||||
* Remove support for SSLv2 and SSLv3.
|
||||
* The minimum ``cryptography`` version is now 37.0.2.
|
||||
* The ``OpenSSL.crypto.X509StoreContextError`` exception has been refactored,
|
||||
changing its internal attributes.
|
||||
* Add ``OpenSSL.SSL.Connection.set_verify`` and ``OpenSSL.SSL.Connection.get_verify_mode``
|
||||
to override the context object's verification flags.
|
||||
* Add ``OpenSSL.SSL.Connection.use_certificate`` and
|
||||
``OpenSSL.SSL.Connection.use_privatekey``
|
||||
to set a certificate per connection (and not just per context)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 1 08:25:21 UTC 2022 - Steve Kowalik <steven.kowalik@suse.com>
|
||||
|
||||
- Shift BuildRequires on openssl, it's only required for tests.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 4 23:21:43 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
||||
|
||||
- update to 22.0.0:
|
||||
- Drop support for Python 2.7.
|
||||
- The minimum ``cryptography`` version is now 35.0.
|
||||
- Expose wrappers for some `DTLS
|
||||
<https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security>`_
|
||||
primitives.
|
||||
- drop check_inv_ALPN_lists.patch: upstream
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Dec 9 05:55:51 UTC 2021 - Steve Kowalik <steven.kowalik@suse.com>
|
||||
|
||||
- Inject multibuild to avoid a build loop.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Oct 30 19:08:35 UTC 2021 - Matej Cepl <mcepl@suse.com>
|
||||
|
||||
- Add check_inv_ALPN_lists.patch checks for invalid ALPN lists
|
||||
before calling OpenSSL (gh#pyca/pyopenssl#1056).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 26 20:27:12 UTC 2021 - Dirk Müller <dmueller@suse.com>
|
||||
|
||||
- update to 21.0.0 (bsc#1200771, jsc#SLE-24519):
|
||||
- The minimum ``cryptography`` version is now 3.3.
|
||||
- Drop support for Python 3.5
|
||||
- Raise an error when an invalid ALPN value is set.
|
||||
- Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version``
|
||||
- Updated ``to_cryptography`` and ``from_cryptography`` methods to support an
|
||||
upcoming release of ``cryptography`` without raising deprecation warnings.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Feb 1 18:07:21 UTC 2021 - Dirk Müller <dmueller@suse.com>
|
||||
|
||||
- update to 20.0.1:
|
||||
- Fixed compatibility with OpenSSL 1.1.0.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 22 22:28:30 UTC 2020 - Matej Cepl <mcepl@suse.com>
|
||||
|
||||
- Adjust metadata for skip-networked-test.patch and refer to the proper
|
||||
upstream ticket gh#pyca/pyopenssl#68.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Dec 11 13:21:19 UTC 2020 - Matej Cepl <mcepl@suse.com>
|
||||
|
||||
- According to gh#pyca/pyopenssl#684 tests must run with TZ=UTC, also
|
||||
skip test_verify_with_time on %ix86.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Dec 9 16:41:15 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
|
||||
|
||||
- Update to v20.0.0
|
||||
- Backward-incompatible changes:
|
||||
- The minimum cryptography version is now 3.2.
|
||||
- Remove deprecated OpenSSL.tsafe module.
|
||||
- Removed deprecated
|
||||
OpenSSL.SSL.Context.set_npn_advertise_callback,
|
||||
OpenSSL.SSL.Context.set_npn_select_callback, and
|
||||
OpenSSL.SSL.Connection.get_next_proto_negotiated.
|
||||
- Drop support for Python 3.4
|
||||
- Drop support for OpenSSL 1.0.1 and 1.0.2
|
||||
- Deprecations:
|
||||
- Deprecated OpenSSL.crypto.loads_pkcs7 and
|
||||
OpenSSL.crypto.loads_pkcs12.
|
||||
- Changes:
|
||||
- Added a new optional chain parameter to
|
||||
OpenSSL.crypto.X509StoreContext() where additional untrusted
|
||||
certificates can be specified to help chain building. #948
|
||||
- Added OpenSSL.crypto.X509Store.load_locations to set trusted
|
||||
certificate file bundles and/or directories for verification.
|
||||
#943
|
||||
- Added Context.set_keylog_callback to log key material. #910
|
||||
- Added OpenSSL.SSL.Connection.get_verified_chain to retrieve
|
||||
the verified certificate chain of the peer. #894.
|
||||
- Make verification callback optional in Context.set_verify. If
|
||||
omitted, OpenSSL’s default verification is used. #933
|
||||
- Fixed a bug that could truncate or cause a zero-length key
|
||||
error due to a null byte in private key passphrase in
|
||||
OpenSSL.crypto.load_privatekey and
|
||||
OpenSSL.crypto.dump_privatekey. #947
|
||||
- drop patch fix-compilation-2020.patch: no longer needed
|
||||
- refreshed patch skip-networked-test.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 18 16:49:55 UTC 2020 - John Vandenberg <jayvdb@gmail.com>
|
||||
|
||||
- Update to v19.1
|
||||
* Removed deprecated aliases ContextType, ConnectionType, PKeyType, X509NameType,
|
||||
X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, and NetscapeSPKIType.
|
||||
Use the classes without the ``Type`` suffix instead.
|
||||
* The minimum ``cryptography`` version is now 2.8
|
||||
* Deprecated ``OpenSSL.SSL.Context.set_npn_advertise_callback,
|
||||
OpenSSL.SSL.Context.set_npn_select_callback, and
|
||||
OpenSSL.SSL.Connection.get_next_proto_negotiated
|
||||
ALPN should be used instead.
|
||||
* Support bytearray in SSL.Connection.send() by using cffi's from_buffer
|
||||
* The OpenSSL.SSL.Context.set_alpn_select_callback can return a new
|
||||
NO_OVERLAPPING_PROTOCOLS sentinel value to allow a TLS handshake
|
||||
to complete without an application protocol.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 22 12:02:59 UTC 2019 - Bernhard Wiedemann <bwiedemann@suse.com>
|
||||
|
||||
- Add fix-compilation-2020.patch to fix tests after 2020
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Mar 7 15:53:31 UTC 2019 - John Vandenberg <jayvdb@gmail.com>
|
||||
|
||||
- Remove no longer necessary pytest argument -k "not test_export_text"
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Mar 2 16:29:39 UTC 2019 - Ondřej Súkup <mimi.vx@gmail.com>
|
||||
|
||||
- update to 19.0
|
||||
- fixed build deps.
|
||||
- drop patches: openssl-1.1.0i.patch
|
||||
openssl-1.1.1.patch
|
||||
opensuse_ca.patch
|
||||
tls13-renegotiation.patch
|
||||
* X509Store.add_cert no longer raises an error if you add a duplicate cert.
|
||||
* pyOpenSSL now works with OpenSSL 1.1.1.
|
||||
* pyOpenSSL now handles NUL bytes in X509Name.get_components()
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 1 18:06:10 UTC 2019 - Hans-Peter Jansen <hpj@urpla.net>
|
||||
|
||||
- remove everything to build docs:
|
||||
- local-intersphinx-inventories.patch
|
||||
- fetch-intersphinx-inventories.sh
|
||||
- python3.inv
|
||||
- crypto.inv
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Feb 25 19:56:35 UTC 2019 - Todd R <toddrme2178@gmail.com>
|
||||
|
||||
- Add fetch-intersphinx-inventories.sh to sources
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Feb 2 18:56:14 UTC 2019 - Hans-Peter Jansen <hpj@urpla.net>
|
||||
|
||||
- add local-intersphinx-inventories.patch for generating the docs
|
||||
correctly
|
||||
- add fetch-intersphinx-inventories.sh to fetch the inventories
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 30 13:41:43 UTC 2018 - Vítězslav Čížek <vcizek@suse.com>
|
||||
|
||||
- handle that renegotiation is forbidden in TLS 1.3
|
||||
* add tls13-renegotiation.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 30 11:21:30 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
|
||||
|
||||
- Add patch to fix issues with openssl 1.1.1:
|
||||
* openssl-1.1.1.patch
|
||||
- Drop the downstream fix_test_suite.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 30 01:06:28 CET 2018 - mcepl@suse.com
|
||||
|
||||
- Add patch fix_test_suite.patch to allow test suite to pass with
|
||||
OpenSSL 1.1.1.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Oct 5 14:31:59 UTC 2018 - Vítězslav Čížek <vcizek@suse.com>
|
||||
|
||||
- OpenSSL changed X509_STORE_add_cert in 1.1.0i such that it no longer
|
||||
raises an error if a duplicate cert is added (bsc#1110435)
|
||||
* https://github.com/pyca/pyopenssl/pull/787
|
||||
* add X509_STORE_add_cert.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Aug 24 09:08:36 UTC 2018 - tchvatal@suse.com
|
||||
|
||||
- Add patch to work with openssl 1.1.0i+:
|
||||
* openssl-1.1.0i.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 16 15:48:21 UTC 2018 - tchvatal@suse.com
|
||||
|
||||
- Update to 18.0.0:
|
||||
* Update for new openssl 1.1.1
|
||||
- Remove not needed patches:
|
||||
* bug-lp-1265482.diff
|
||||
* rsa128-i586.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 14 14:41:50 UTC 2018 - hpj@urpla.net
|
||||
|
||||
- add missing python-cffi dependency
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 27 19:20:19 UTC 2018 - aplanas@suse.com
|
||||
|
||||
- Use %__python3 macro to call Python 3 binary
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 2 11:36:18 UTC 2018 - tchvatal@suse.com
|
||||
|
||||
- Update to 17.5.0:
|
||||
* The minimum cryptography version is now 2.1.4.
|
||||
* Fixed various memory leaks
|
||||
* Various fuzz fixes
|
||||
* See CHANGELOG.rst
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 23 05:26:31 UTC 2017 - tbechtold@suse.com
|
||||
|
||||
- update to 17.2.0:
|
||||
- Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead.
|
||||
- Fixed a bug causing ``Context.set_default_verify_paths()`` to not work with
|
||||
cryptography ``manylinux1`` wheels on Python 3.x.
|
||||
- Fixed a crash with (EC)DSA signatures in some cases.
|
||||
- Removed the deprecated ``OpenSSL.rand.egd()`` function.
|
||||
Applications should prefer ``os.urandom()`` for random number generation.
|
||||
- Removed the deprecated default ``digest`` argument to ``OpenSSL.crypto.CRL.export()``.
|
||||
Callers must now always pass an explicit ``digest``.
|
||||
- Fixed a bug with ``ASN1_TIME`` casting in ``X509.set_notBefore()``,
|
||||
``X509.set_notAfter()``, ``Revoked.set_rev_date()``, ``Revoked.set_nextUpdate()``,
|
||||
and ``Revoked.set_lastUpdate()``. You must now pass times in the form
|
||||
``YYYYMMDDhhmmssZ``. ``YYYYMMDDhhmmss+hhmm`` and ``YYYYMMDDhhmmss-hhmm``
|
||||
will no longer work. `#612 <https://github.com/pyca/pyopenssl/pull/612>`_
|
||||
- Deprecated the legacy "Type" aliases: ``ContextType``, ``ConnectionType``,
|
||||
``PKeyType``, ``X509NameType``, ``X509ExtensionType``, ``X509ReqType``,
|
||||
``X509Type``, ``X509StoreType``, ``CRLType``, ``PKCS7Type``, ``PKCS12Type``,
|
||||
``NetscapeSPKIType``.
|
||||
The names without the "Type"-suffix should be used instead.
|
||||
- Added ``OpenSSL.crypto.X509.from_cryptography()`` and ``OpenSSL.crypto.X509.to_cryptography()``
|
||||
for converting X.509 certificate to and from pyca/cryptography objects.
|
||||
- Added ``OpenSSL.crypto.X509Req.from_cryptography()``, ``OpenSSL.crypto.X509Req.to_cryptography()``,
|
||||
``OpenSSL.crypto.CRL.from_cryptography()``, and ``OpenSSL.crypto.CRL.to_cryptography()``
|
||||
for converting X.509 CSRs and CRLs to and from pyca/cryptography objects.
|
||||
- Added ``OpenSSL.debug`` that allows to get an overview of used library versions
|
||||
(including linked OpenSSL) and other useful runtime information using
|
||||
``python -m OpenSSL.debug``.
|
||||
- Added a fallback path to ``Context.set_default_verify_paths()`` to accommodate
|
||||
the upcoming release of ``cryptography`` ``manylinux1`` wheels.
|
||||
- Drop python-pyOpenSSL=replace-expired-cert.patch . Applied upstream.
|
||||
- Drop python-pyOpenSSL-always-overflow.patch. Applied upstream.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 10 11:38:17 CEST 2017 - ro@suse.de
|
||||
|
||||
- add patch to always trigger overflow in the testsuite
|
||||
(gh#pyca/pyopenssl#657) b3460c6a9a45a016d1ab65c149c606fa3f07096d
|
||||
|
||||
python-pyOpenSSL-always-overflow.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jun 13 07:05:41 UTC 2017 - dimstar@opensuse.org
|
||||
|
||||
- Add python-pyOpenSSL=replace-expired-cert.patch: the root cert
|
||||
expired, mking the test suite fail. Replace the certificate with
|
||||
a new one, valid for 20 years (gh#pyca/pyopenssl#637).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri May 5 21:32:55 UTC 2017 - toddrme2178@gmail.com
|
||||
|
||||
- Fix Provides/Obsoletes.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 26 14:20:27 UTC 2017 - toddrme2178@gmail.com
|
||||
|
||||
- Implement single-spec version
|
||||
- Fix source URL
|
||||
- Update to 17.0.0
|
||||
* Added ``OpenSSL.X509Store.set_time()`` to set a custom
|
||||
verification time when verifying certificate chains.
|
||||
* Added a collection of functions for working with OCSP stapling.
|
||||
None of these functions make it possible to validate OCSP
|
||||
assertions, only to staple them into the handshake and to
|
||||
retrieve the stapled assertion if provided.
|
||||
Users will need to write their own code to handle OCSP
|
||||
assertions.
|
||||
We specifically added: ``Context.set_ocsp_server_callback``,
|
||||
``Context.set_ocsp_client_callback``, and
|
||||
``Connection.request_ocsp``.
|
||||
* Changed the ``SSL`` module's memory allocation policy to
|
||||
avoid zeroing memory it allocates when unnecessary.
|
||||
This reduces CPU usage and memory allocation time by an amount
|
||||
proportional to the size of the allocation.
|
||||
For applications that process a lot of TLS data or that use
|
||||
very lage allocations this can provide considerable performance
|
||||
improvements.
|
||||
* Automatically set ``SSL_CTX_set_ecdh_auto()`` on
|
||||
``OpenSSL.SSL.Context``.
|
||||
- Fix empty exceptions from ``OpenSSL.crypto.load_privatekey()``.
|
||||
- Rebase bug-lp-1265482.diff
|
||||
- Rebase rsa128-i586.patch
|
||||
- Rebase skip-networked-test.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 16 07:46:25 UTC 2016 - dmueller@suse.com
|
||||
|
||||
- fix source url
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 15 09:39:09 UTC 2016 - mlin@suse.com
|
||||
|
||||
- Change source url to pypi.io
|
||||
* version 16.2.0 source tarball failed to download from pypi.python.org
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Nov 14 08:46:18 UTC 2016 - mlin@suse.com
|
||||
|
||||
- Update to 16.2.0
|
||||
* Deprecations
|
||||
** Dropped support for OpenSSL 0.9.8.
|
||||
* Changes
|
||||
** Fix memory leak in OpenSSL.crypto.dump_privatekey() with FILETYPE_TEXT. #496
|
||||
** Enable use of CRL (and more) in verify context. #483
|
||||
** OpenSSL.crypto.PKey can now be constructed from cryptography objects and also
|
||||
exported as such. #439
|
||||
** Support newer versions of cryptography which use opaque structs for OpenSSL
|
||||
1.1.0 compatibility.
|
||||
** Fixed compatibility errors with OpenSSL 1.1.0.
|
||||
** Fixed an issue that caused failures with subinterpreters and embedded Pythons.
|
||||
#552
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon May 16 15:29:16 UTC 2016 - jmatejek@suse.com
|
||||
|
||||
- added %check section with testsuite
|
||||
- skip-networked-test.patch - mark a test as networked so that we can
|
||||
specify non-network test run
|
||||
- rsa128-i586.patch - sidestep a crasher bug on 32bit platforms
|
||||
by generating reasonably-sized RSA keys instead of small 128bit ones
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon May 9 09:54:12 UTC 2016 - hpj@urpla.net
|
||||
|
||||
- update to 16.0.0
|
||||
Backward-incompatible changes:
|
||||
* Python 3.2 support has been dropped. It never had significant real world
|
||||
usage and has been dropped by our main dependency cryptography. Affected
|
||||
users should upgrade to Python 3.3 or later.
|
||||
Deprecations:
|
||||
* The support for EGD has been removed. The only affected function
|
||||
OpenSSL.rand.egd() now uses os.urandom() to seed the internal PRNG instead.
|
||||
Please see pyca/cryptography#1636 for more background information on this
|
||||
decision. In accordance with our backward compatibility policy
|
||||
OpenSSL.rand.egd() will be removed no sooner than a year from the release of
|
||||
16.0.0.
|
||||
* Please note that you should use urandom for all your secure random number
|
||||
needs.
|
||||
* Python 2.6 support has been deprecated. Our main dependency cryptography
|
||||
deprecated 2.6 in version 0.9 (2015-05-14) with no time table for actually
|
||||
dropping it. pyOpenSSL will drop Python 2.6 support once cryptography does.
|
||||
Changes:
|
||||
* Fixed OpenSSL.SSL.Context.set_session_id, OpenSSL.SSL.Connection.renegotiate,
|
||||
OpenSSL.SSL.Connection.renegotiate_pending, and
|
||||
OpenSSL.SSL.Context.load_client_ca. They were lacking an implementation since
|
||||
0.14. #422
|
||||
* Fixed segmentation fault when using keys larger than 4096-bit to sign data.
|
||||
#428
|
||||
* Fixed AttributeError when OpenSSL.SSL.Connection.get_app_data() was called
|
||||
before setting any app data. #304
|
||||
* Added OpenSSL.crypto.dump_publickey() to dump OpenSSL.crypto.PKey objects
|
||||
that represent public keys, and OpenSSL.crypto.load_publickey() to load such
|
||||
objects from serialized representations. #382
|
||||
* Added OpenSSL.crypto.dump_crl() to dump a certificate revocation list out to
|
||||
a string buffer. #368
|
||||
* Added OpenSSL.SSL.Connection.get_state_string() using the OpenSSL binding
|
||||
state_string_long. #358
|
||||
* Added support for the socket.MSG_PEEK flag to OpenSSL.SSL.Connection.recv()
|
||||
and OpenSSL.SSL.Connection.recv_into(). #294
|
||||
* Added OpenSSL.SSL.Connection.get_protocol_version() and
|
||||
OpenSSL.SSL.Connection.get_protocol_version_name(). #244
|
||||
* Switched to utf8string mask by default. OpenSSL formerly defaulted to a
|
||||
T61String if there were UTF-8 characters present. This was changed to
|
||||
default to UTF8String in the config around 2005, but the actual code didn’t
|
||||
change it until late last year. This will default us to the setting that
|
||||
actually works. To revert this you can call
|
||||
OpenSSL.crypto._lib.ASN1_STRING_set_default_mask_asc(b"default"). #234
|
||||
|
||||
- fixed paths in bug-lp-1265482.diff
|
||||
- fixed doc generation
|
||||
- spec clean up
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 14 13:07:00 UTC 2015 - toddrme2178@gmail.com
|
||||
|
||||
- Fix building on SLES 11
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 22 09:50:09 UTC 2015 - mcihar@suse.cz
|
||||
|
||||
- Do not hardcode version in file list
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 22 09:42:53 UTC 2015 - mcihar@suse.cz
|
||||
|
||||
- udapte to 0.15.1
|
||||
* OpenSSL/SSL.py, OpenSSL/test/test_ssl.py: Fix a regression
|
||||
present in 0.15, where when an error occurs and no errno() is set,
|
||||
a KeyError is raised. This happens, for example, if
|
||||
Connection.shutdown() is called when the underlying transport has
|
||||
gone away.
|
||||
* OpenSSL/rand.py, OpenSSL/SSL.py: APIs which previously accepted
|
||||
filenames only as bytes now accept them as either bytes or
|
||||
unicode (and respect sys.getfilesystemencoding()).
|
||||
* OpenSSL/SSL.py: Add Cory Benfield's next-protocol-negotiation
|
||||
(NPN) bindings.
|
||||
* OpenSSL/SSL.py: Add ``Connection.recv_into``, mirroring the
|
||||
builtin ``socket.recv_into``. Based on work from Cory Benfield.
|
||||
* OpenSSL/test/test_ssl.py: Add tests for ``recv_into``.
|
||||
* OpenSSL/crypto.py: Expose ``X509StoreContext`` for verifying certificates.
|
||||
* OpenSSL/test/test_crypto.py: Add intermediate certificates for
|
||||
* OpenSSL/SSL.py: ``Connection.shutdown`` now propagates errors from the
|
||||
underlying socket.
|
||||
* OpenSSL/SSL.py: Fixed a regression ``Context.check_privatekey``
|
||||
causing it to always succeed - even if it should fail.
|
||||
* OpenSSL/crypto.py: Fixed a regression where calling ``load_pkcs7_data``
|
||||
with ``FILETYPE_ASN1`` would fail with a ``NameError``.
|
||||
* OpenSSL/SSL.py: Fix a regression in which the first argument of
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Feb 24 12:58:58 UTC 2014 - mvyskocil@suse.com
|
||||
|
||||
- update to 0.14
|
||||
* Support for TLSv1.1 and TLSv1.2
|
||||
* First-class support for PyPy
|
||||
* New flags, such as MODE_RELEASE_BUFFERS and OP_NO_COMPRESSION
|
||||
* Some APIs to access to the SSL session cache
|
||||
* A variety of bug fixes for error handling cases
|
||||
* Documentation has been converted from LaTeX
|
||||
+ python-pyOpenSSL-doc is now build from single spec file
|
||||
* pyOpenSSL now depends on cryptography, so it became pure-python
|
||||
module
|
||||
+ changed to noarch package, add proper dependencies
|
||||
* Development moved to github
|
||||
+ changed Url tag respectivelly
|
||||
- refreshed bug-lp-1265482.diff
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 2 11:17:23 UTC 2014 - dmueller@suse.com
|
||||
|
||||
-Add bug-lp-1265482.diff; fix testsuite for SLE11 (bnc#855666)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 13 14:02:43 UTC 2013 - jmatejek@suse.com
|
||||
|
||||
- update to 0.13.1
|
||||
* fixes NUL byte handling in subjectAltName (bnc#839107, CVE-2013-4314)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Apr 5 07:54:12 UTC 2013 - speilicke@suse.com
|
||||
|
||||
- Package LICENSE
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 9 18:34:08 PDT 2012 - msuman@opensuse.org
|
||||
|
||||
- Update to version 0.13
|
||||
* Add OPENSSL_VERSION_NUMBER, SSLeay_version and related
|
||||
constants for retrieving version information about the
|
||||
underlying OpenSSL library.
|
||||
* Support OpenSSL 1.0.0a and related changes.
|
||||
* Remove SSLv2 support if the underlying OpenSSL library does
|
||||
not provide it.
|
||||
* Add a new method to the X509 type, get_signature_algorithm.
|
||||
* Add a new method to the Connection type, get_peer_cert_chain.
|
||||
* Add the PKey.check method to verify the internal consistency
|
||||
of a PKey instance.
|
||||
* Bug fixes.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Sep 1 08:48:23 UTC 2011 - saschpe@suse.de
|
||||
|
||||
- Changed license to Apache-2.0, to fix bnc#715423
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 31 14:21:58 UTC 2011 - saschpe@suse.de
|
||||
|
||||
- Initial version, obsoletes 'python-openssl':
|
||||
* Builds properly on all SUSE version
|
||||
* Has real HTML documentation
|
||||
|
96
python-pyOpenSSL.spec
Normal file
96
python-pyOpenSSL.spec
Normal file
@ -0,0 +1,96 @@
|
||||
#
|
||||
# spec file for package python-pyOpenSSL
|
||||
#
|
||||
# Copyright (c) 2024 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
%global flavor @BUILD_FLAVOR@%{nil}
|
||||
%if "%{flavor}" == "test"
|
||||
%define psuffix -test
|
||||
%bcond_without test
|
||||
%else
|
||||
%define psuffix %{nil}
|
||||
%bcond_with test
|
||||
%endif
|
||||
%{?sle15_python_module_pythons}
|
||||
Name: python-pyOpenSSL%{psuffix}
|
||||
Version: 24.0.0
|
||||
Release: 0
|
||||
Summary: Python wrapper module around the OpenSSL library
|
||||
License: Apache-2.0
|
||||
URL: https://github.com/pyca/pyopenssl
|
||||
Source: https://files.pythonhosted.org/packages/source/p/pyOpenSSL/pyOpenSSL-%{version}.tar.gz
|
||||
# PATCH-FIX-UPSTREAM skip-networked-test.patch gh#pyca/pyopenssl#68 mcepl@suse.com
|
||||
# Mark tests requiring network access
|
||||
Patch0: skip-networked-test.patch
|
||||
BuildRequires: %{python_module cffi}
|
||||
BuildRequires: %{python_module setuptools}
|
||||
BuildRequires: fdupes
|
||||
BuildRequires: python-rpm-macros
|
||||
Requires: python-cffi
|
||||
Requires: (python-cryptography >= 41.0.5 with python-cryptography < 43)
|
||||
Provides: pyOpenSSL = %{version}
|
||||
BuildArch: noarch
|
||||
%if %{with test}
|
||||
BuildRequires: %{python_module cryptography >= 41.0.5 with %python-cryptography < 43}
|
||||
BuildRequires: %{python_module flaky}
|
||||
BuildRequires: %{python_module pretend}
|
||||
BuildRequires: %{python_module pyOpenSSL >= %version}
|
||||
BuildRequires: %{python_module pytest >= 3.0.1}
|
||||
BuildRequires: ca-certificates-mozilla
|
||||
BuildRequires: openssl
|
||||
%endif
|
||||
%python_subpackages
|
||||
|
||||
%description
|
||||
pyOpenSSL is a set of Python bindings for OpenSSL. It includes some low-level
|
||||
cryptography APIs but is primarily focused on providing an API for using the
|
||||
TLS protocol from Python.
|
||||
|
||||
pyOpenSSL is now a pure-Python project with a dependency on a new project,
|
||||
cryptography (<https://github.com/pyca/cryptography>), which provides (among
|
||||
other things) a cffi-based interface to OpenSSL.
|
||||
|
||||
%prep
|
||||
%autosetup -p1 -n pyOpenSSL-%{version}
|
||||
|
||||
%build
|
||||
%python_build
|
||||
|
||||
%install
|
||||
%if !%{with test}
|
||||
%python_install
|
||||
%python_expand %fdupes %{buildroot}%{$python_sitelib}
|
||||
%endif
|
||||
|
||||
%check
|
||||
%if %{with test}
|
||||
SKIPPED_TESTS="network"
|
||||
%if %{__isa_bits} == 32
|
||||
SKIPPED_TESTS="(network or test_verify_with_time)"
|
||||
%endif
|
||||
export LC_ALL=en_US.UTF-8
|
||||
%pytest -k "not $SKIPPED_TESTS"
|
||||
%endif
|
||||
|
||||
%if !%{with test}
|
||||
%files %{python_files}
|
||||
%license LICENSE
|
||||
%doc *.rst
|
||||
%{python_sitelib}/OpenSSL/
|
||||
%{python_sitelib}/pyOpenSSL-%{version}*-info
|
||||
%endif
|
||||
|
||||
%changelog
|
35
skip-networked-test.patch
Normal file
35
skip-networked-test.patch
Normal file
@ -0,0 +1,35 @@
|
||||
Index: pyOpenSSL-24.0.0/tests/test_ssl.py
|
||||
===================================================================
|
||||
--- pyOpenSSL-24.0.0.orig/tests/test_ssl.py
|
||||
+++ pyOpenSSL-24.0.0/tests/test_ssl.py
|
||||
@@ -1250,6 +1250,7 @@ class TestContext:
|
||||
reason="set_default_verify_paths appears not to work on Windows. "
|
||||
"See LP#404343 and LP#404344.",
|
||||
)
|
||||
+ @pytest.mark.network
|
||||
def test_set_default_verify_paths(self):
|
||||
"""
|
||||
`Context.set_default_verify_paths` causes the platform-specific CA
|
||||
Index: pyOpenSSL-24.0.0/setup.cfg
|
||||
===================================================================
|
||||
--- pyOpenSSL-24.0.0.orig/setup.cfg
|
||||
+++ pyOpenSSL-24.0.0/setup.cfg
|
||||
@@ -11,4 +11,3 @@ doc_files = doc/_build/html
|
||||
[egg_info]
|
||||
tag_build =
|
||||
tag_date = 0
|
||||
-
|
||||
Index: pyOpenSSL-24.0.0/pyproject.toml
|
||||
===================================================================
|
||||
--- pyOpenSSL-24.0.0.orig/pyproject.toml
|
||||
+++ pyOpenSSL-24.0.0/pyproject.toml
|
||||
@@ -42,6 +42,9 @@ ignore_missing_imports = true
|
||||
[tool.pytest.ini_options]
|
||||
addopts = "-r s --strict-markers"
|
||||
testpaths = ["tests"]
|
||||
+markers = [
|
||||
+ "network: test case requires network connection",
|
||||
+]
|
||||
|
||||
[tool.ruff]
|
||||
select = ['E', 'F', 'I', 'W', 'UP', 'RUF']
|
Loading…
Reference in New Issue
Block a user