diff --git a/openssl-1.1.1.patch b/openssl-1.1.1.patch deleted file mode 100644 index d746b08..0000000 --- a/openssl-1.1.1.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 4725d76eb4a1c0e7b7b6de6e4a8e95d6f076b50b Mon Sep 17 00:00:00 2001 -From: Alex Gaynor -Date: Tue, 11 Sep 2018 17:35:31 -0400 -Subject: [PATCH 1/7] Attempt to fix CRL tests under OpenSSL 1.1.1 - ---- - tests/test_crypto.py | 12 +++++++----- - 1 file changed, 7 insertions(+), 5 deletions(-) - -Index: pyOpenSSL-19.0.0/tests/test_ssl.py -=================================================================== ---- pyOpenSSL-19.0.0.orig/tests/test_ssl.py -+++ pyOpenSSL-19.0.0/tests/test_ssl.py -@@ -410,18 +410,17 @@ class TestContext(object): - - assert "AES128-SHA" in conn.get_cipher_list() - -- @pytest.mark.parametrize("cipher_list,error", [ -- (object(), TypeError), -- ("imaginary-cipher", Error), -- ]) -- def test_set_cipher_list_wrong_args(self, context, cipher_list, error): -+ def test_set_cipher_list_imaginary(self, context): -+ # Doesn't raise an exception -+ context.set_cipher_list(b"gibberish") -+ -+ def test_set_cipher_list_wrong_args(self, context): - """ - `Context.set_cipher_list` raises `TypeError` when passed a non-string -- argument and raises `OpenSSL.SSL.Error` when passed an incorrect cipher -- list string. -+ argument. - """ -- with pytest.raises(error): -- context.set_cipher_list(cipher_list) -+ with pytest.raises(TypeError): -+ context.set_cipher_list(object()) - - def test_load_client_ca(self, context, ca_file): - """ -@@ -3836,7 +3835,7 @@ class TestOCSP(object): - :param request_ocsp: Whether the client will actually ask for OCSP - stapling. Useful for testing only. - """ -- ctx = Context(SSLv23_METHOD) -+ ctx = Context(TLSv1_2_METHOD) - ctx.set_ocsp_client_callback(callback, data) - client = Connection(ctx) - -Index: pyOpenSSL-19.0.0/src/OpenSSL/SSL.py -=================================================================== ---- pyOpenSSL-19.0.0.orig/src/OpenSSL/SSL.py -+++ pyOpenSSL-19.0.0/src/OpenSSL/SSL.py -@@ -1182,9 +1182,9 @@ class Context(object): - if not isinstance(cipher_list, bytes): - raise TypeError("cipher_list must be a byte string.") - -- _openssl_assert( -- _lib.SSL_CTX_set_cipher_list(self._context, cipher_list) == 1 -- ) -+ # This can return an error if there's no ciphersuites, but we don't -+ # care. -+ _lib.SSL_CTX_set_cipher_list(self._context, cipher_list) - # In OpenSSL 1.1.1 setting the cipher list will always return TLS 1.3 - # ciphers even if you pass an invalid cipher. Applications (like - # Twisted) have tests that depend on an error being raised if an diff --git a/tls13-renegotiation.patch b/tls13-renegotiation.patch deleted file mode 100644 index 7d1133e..0000000 --- a/tls13-renegotiation.patch +++ /dev/null @@ -1,38 +0,0 @@ -Index: pyOpenSSL-19.0.0/tests/test_ssl.py -=================================================================== ---- pyOpenSSL-19.0.0.orig/tests/test_ssl.py -+++ pyOpenSSL-19.0.0/tests/test_ssl.py -@@ -3181,6 +3181,7 @@ class TestConnectionRenegotiate(object): - """ - Tests for SSL renegotiation APIs. - """ -+ - def test_total_renegotiations(self): - """ - `Connection.total_renegotiations` returns `0` before any renegotiations -@@ -3219,6 +3220,25 @@ class TestConnectionRenegotiate(object): - while False is server.renegotiate_pending(): - pass - -+ # renegotiation is forbidden in TLS 1.3 -+ server, client = loopback() -+ -+ server.send(b"hello world") -+ -+ assert b"hello world" == client.recv(len(b"hello world")) -+ -+ assert 0 == server.total_renegotiations() -+ assert False is server.renegotiate_pending() -+ -+ # renegotian under TLS 1.3 must fail -+ -+ if client.get_protocol_version_name() == "TLSv1.3": -+ try: -+ assert False is server.renegotiate() -+ #error ('SSL routines', 'SSL_renegotiate', 'wrong ssl version') -+ except SSL.Error: -+ pass -+ - - class TestError(object): - """