pool/python-pyOpenSSL
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Add patch to fix issues with openssl 1.1.1:

Browse Source 
* openssl-1.1.1.patch

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=51
This commit is contained in:
Tomáš Chvátal 2018-10-30 11:24:49 +00:00 committed by Git OBS Bridge
parent d244c67d99
commit 70eff89ff9
4 changed files with 234 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
fix_test_suite.patch
View File

@ -1,29 +0,0 @@
--- a/tests/test_crypto.py
+++ b/tests/test_crypto.py
@@ -13,7 +13,7 @@ from datetime import datetime, timedelta
import pytest
-from six import binary_type
+from six import binary_type, PY3
from cryptography import x509
from cryptography.hazmat.backends.openssl.backend import backend
@@ -3167,9 +3167,14 @@ class TestCRL(object):
# and with what certificate it was exported.
text.index(b'Serial Number: 03AB')
text.index(b'Superseded')
- text.index(
- b'Issuer: /C=US/ST=IL/L=Chicago/O=Testing/CN=Testing Root CA'
- )
+ if PY3:
+ text.decode().translate(str.maketrans('','',',/ ')).index(
+ 'Issuer:C=USST=ILL=ChicagoO=TestingCN=TestingRootCA'
+ )
+ else:
+ text.translate(None, ',/ ').index(
+ 'Issuer:C=USST=ILL=ChicagoO=TestingCN=TestingRootCA'
+ )
def test_export_der(self):
"""

226
openssl-1.1.1.patch Normal file
View File

@ -0,0 +1,226 @@
From 4725d76eb4a1c0e7b7b6de6e4a8e95d6f076b50b Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Tue, 11 Sep 2018 17:35:31 -0400
Subject: [PATCH 1/7] Attempt to fix CRL tests under OpenSSL 1.1.1
---
tests/test_crypto.py | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/tests/test_crypto.py b/tests/test_crypto.py
index eb4590d0..4983d6ac 100644
--- a/tests/test_crypto.py
+++ b/tests/test_crypto.py
@@ -3161,10 +3161,10 @@ def test_export_pem(self):
dumped_crl = crl.export(
self.cert, self.pkey, days=20, digest=b"sha256"
)
- text = _runopenssl(dumped_crl, b"crl", b"-noout", b"-text")
+ text = _runopenssl(
+ dumped_crl, b"crl", b"-noout", b"-text", b"-nameopt", ""
+ )
- # These magic values are based on the way the CRL above was constructed
- # and with what certificate it was exported.
text.index(b'Serial Number: 03AB')
text.index(b'Superseded')
text.index(
@@ -3184,7 +3184,8 @@ def test_export_der(self):
self.cert, self.pkey, FILETYPE_ASN1, digest=b"md5"
)
text = _runopenssl(
- dumped_crl, b"crl", b"-noout", b"-text", b"-inform", b"DER"
+ dumped_crl, b"crl", b"-noout", b"-text", b"-inform", b"DER",
+ b"-nameopt", ""
)
text.index(b'Serial Number: 03AB')
text.index(b'Superseded')
@@ -3207,7 +3208,8 @@ def test_export_text(self):
self.cert, self.pkey, FILETYPE_ASN1, digest=b"md5"
)
text = _runopenssl(
- dumped_crl, b"crl", b"-noout", b"-text", b"-inform", b"DER"
+ dumped_crl, b"crl", b"-noout", b"-text", b"-inform", b"DER",
+ b"-nameopt", ""
)
# text format
From 17d793266477c9812fdf3311741f175b24c07ed7 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Tue, 11 Sep 2018 17:54:22 -0400
Subject: [PATCH 2/7] make these asserts both 1.1.1 and earlier friendly
---
tests/test_crypto.py | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/tests/test_crypto.py b/tests/test_crypto.py
index 4983d6ac..c08f81c3 100644
--- a/tests/test_crypto.py
+++ b/tests/test_crypto.py
@@ -3167,9 +3167,9 @@ def test_export_pem(self):
text.index(b'Serial Number: 03AB')
text.index(b'Superseded')
- text.index(
- b'Issuer: /C=US/ST=IL/L=Chicago/O=Testing/CN=Testing Root CA'
- )
+ text.index(b'Issuer:')
+ text.index(b'C=US')
+ text.index(b'CN=Testing Root CA')
def test_export_der(self):
"""
@@ -3189,9 +3189,9 @@ def test_export_der(self):
)
text.index(b'Serial Number: 03AB')
text.index(b'Superseded')
- text.index(
- b'Issuer: /C=US/ST=IL/L=Chicago/O=Testing/CN=Testing Root CA'
- )
+ text.index(b'Issuer:')
+ text.index(b'C=US')
+ text.index(b'CN=Testing Root CA')
# Flaky because we compare the output of running commands which sometimes
# varies by 1 second
From f43cdc5cb6c5f1ccf7983d2c7b8f3304d5130662 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Tue, 11 Sep 2018 18:09:49 -0400
Subject: [PATCH 3/7] Fix setsession test by excluding TLS 1.3
TLS 1.3 changes how resumption works, and the precise assertion we use here doesn't hold for it.
---
tests/test_ssl.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/test_ssl.py b/tests/test_ssl.py
index fbf07603..4845eca3 100644
--- a/tests/test_ssl.py
+++ b/tests/test_ssl.py
@@ -2539,7 +2539,7 @@ def test_client_set_session(self):
"""
key = load_privatekey(FILETYPE_PEM, server_key_pem)
cert = load_certificate(FILETYPE_PEM, server_cert_pem)
- ctx = Context(SSLv23_METHOD)
+ ctx = Context(TLSv1_2_METHOD)
ctx.use_privatekey(key)
ctx.use_certificate(cert)
ctx.set_session_id("unity-test")
From 71f44a0d979a10c69692dad2098841029363323f Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Tue, 11 Sep 2018 19:42:38 -0400
Subject: [PATCH 4/7] Make this always behave like 1.1.1
---
src/OpenSSL/SSL.py | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
index 5cf39c0d..910ce680 100644
--- a/src/OpenSSL/SSL.py
+++ b/src/OpenSSL/SSL.py
@@ -1182,9 +1182,8 @@ def set_cipher_list(self, cipher_list):
if not isinstance(cipher_list, bytes):
raise TypeError("cipher_list must be a byte string.")
- _openssl_assert(
- _lib.SSL_CTX_set_cipher_list(self._context, cipher_list) == 1
- )
+ # This can return an error if there's no ciphersuites, but we don't care.
+ _lib.SSL_CTX_set_cipher_list(self._context, cipher_list)
def set_client_ca_list(self, certificate_authorities):
"""
From 457b6d391de7f0355def4a596ddb66eede63ae75 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Tue, 11 Sep 2018 19:43:49 -0400
Subject: [PATCH 5/7] Update tests for the new behavior
---
tests/test_ssl.py | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/tests/test_ssl.py b/tests/test_ssl.py
index 4845eca3..a5fb4df9 100644
--- a/tests/test_ssl.py
+++ b/tests/test_ssl.py
@@ -409,19 +409,18 @@ def test_set_cipher_list(self, context, cipher_string):
conn = Connection(context, None)
assert "AES128-SHA" in conn.get_cipher_list()
+
+ def test_set_cipher_list_imaginary(self, context):
+ # Doesn't raise an exception
+ context.set_cipher_list(b"gibberish")
- @pytest.mark.parametrize("cipher_list,error", [
- (object(), TypeError),
- ("imaginary-cipher", Error),
- ])
- def test_set_cipher_list_wrong_args(self, context, cipher_list, error):
+ def test_set_cipher_list_wrong_args(self, context):
"""
`Context.set_cipher_list` raises `TypeError` when passed a non-string
- argument and raises `OpenSSL.SSL.Error` when passed an incorrect cipher
- list string.
+ argument.
"""
- with pytest.raises(error):
- context.set_cipher_list(cipher_list)
+ with pytest.raises(TypeError):
+ context.set_cipher_list(object())
def test_load_client_ca(self, context, ca_file):
"""
From d735cdba24a0a6a908e316743e03faf0fd7a7f8a Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Tue, 11 Sep 2018 19:48:07 -0400
Subject: [PATCH 6/7] flake8
---
src/OpenSSL/SSL.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
index 910ce680..a0469f10 100644
--- a/src/OpenSSL/SSL.py
+++ b/src/OpenSSL/SSL.py
@@ -1182,7 +1182,8 @@ def set_cipher_list(self, cipher_list):
if not isinstance(cipher_list, bytes):
raise TypeError("cipher_list must be a byte string.")
- # This can return an error if there's no ciphersuites, but we don't care.
+ # This can return an error if there's no ciphersuites, but we don't
+ # care.
_lib.SSL_CTX_set_cipher_list(self._context, cipher_list)
def set_client_ca_list(self, certificate_authorities):
From cf1e7619862652e81879541a6af38b793ede47a1 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Tue, 11 Sep 2018 20:01:26 -0400
Subject: [PATCH 7/7] flake8
---
tests/test_ssl.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/test_ssl.py b/tests/test_ssl.py
index a5fb4df9..39e76500 100644
--- a/tests/test_ssl.py
+++ b/tests/test_ssl.py
@@ -409,7 +409,7 @@ def test_set_cipher_list(self, context, cipher_string):
conn = Connection(context, None)
assert "AES128-SHA" in conn.get_cipher_list()
-
+
def test_set_cipher_list_imaginary(self, context):
# Doesn't raise an exception
context.set_cipher_list(b"gibberish")

7
python-pyOpenSSL.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Tue Oct 30 11:21:30 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
- Add patch to fix issues with openssl 1.1.1:
* openssl-1.1.1.patch
- Drop the downstream fix_test_suite.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Oct 30 01:06:28 CET 2018 - mcepl@suse.com Tue Oct 30 01:06:28 CET 2018 - mcepl@suse.com

2
python-pyOpenSSL.spec
View File

@ -28,7 +28,7 @@ URL: https://github.com/pyca/pyopenssl
Source: https://files.pythonhosted.org/packages/source/p/pyOpenSSL/pyOpenSSL-%{version}.tar.gz Source: https://files.pythonhosted.org/packages/source/p/pyOpenSSL/pyOpenSSL-%{version}.tar.gz
Patch1: skip-networked-test.patch Patch1: skip-networked-test.patch
Patch2: openssl-1.1.0i.patch Patch2: openssl-1.1.0i.patch
Patch3: fix_test_suite.patch Patch3: openssl-1.1.1.patch
BuildRequires: %{python_module cryptography >= 2.3.0} BuildRequires: %{python_module cryptography >= 2.3.0}
BuildRequires: %{python_module flaky} BuildRequires: %{python_module flaky}
BuildRequires: %{python_module pretend} BuildRequires: %{python_module pretend}