Accepting request 503305 from home:dimstar:Factory

- Add python-pyOpenSSL=replace-expired-cert.patch: the root cert expired, mking the test suite fail. Replace the certificate with a new one, valid for 20 years (gh#pyca/pyopenssl#637). * Automatically set ``SSL_CTX_set_ecdh_auto()`` on OBS-URL: https://build.opensuse.org/request/show/503305 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=40
2017-06-13 08:29:05 +00:00 · 2017-06-13 08:29:05 +00:00 · e0e9850035
commit e0e9850035
parent 51a1a0e03f
3 changed files with 237 additions and 5 deletions
--- a/python-pyOpenSSL.changes
+++ b/python-pyOpenSSL.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Jun 13 07:05:41 UTC 2017 - dimstar@opensuse.org
+
+- Add python-pyOpenSSL=replace-expired-cert.patch: the root cert
+  expired, mking the test suite fail. Replace the certificate with
+  a new one, valid for 20 years (gh#pyca/pyopenssl#637).
+
 -------------------------------------------------------------------
 Fri May  5 21:32:55 UTC 2017 - toddrme2178@gmail.com

@ -27,7 +34,7 @@ Wed Apr 26 14:20:27 UTC 2017 - toddrme2178@gmail.com
    For applications that process a lot of TLS data or that use
    very lage allocations this can provide considerable performance
    improvements.
-  * Automatically set ``SSL_CTX_set_ecdh_auto()`` on 
+  * Automatically set ``SSL_CTX_set_ecdh_auto()`` on
    ``OpenSSL.SSL.Context``.
  - Fix empty exceptions from ``OpenSSL.crypto.load_privatekey()``.
 - Rebase bug-lp-1265482.diff
--- a/python-pyOpenSSL.spec
+++ b/python-pyOpenSSL.spec
@ -31,13 +31,15 @@ Source:         https://files.pythonhosted.org/packages/source/p/pyOpenSSL/pyOpe
 Patch0:         bug-lp-1265482.diff
 Patch1:         skip-networked-test.patch
 Patch2:         rsa128-i586.patch
+# PATCH-FIX-UPSTREAM python-pyOpenSSL=replace-expired-cert.patch gh#pyca/pyopenssl#637 dimstar@opensuse.org -- the root cert expired
+Patch3:         python-pyOpenSSL=replace-expired-cert.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-BuildRequires:  openssl-devel
-BuildRequires:  fdupes
-BuildRequires:  python-rpm-macros
+BuildRequires:  %{python_module cryptography >= 1.3.4}
 BuildRequires:  %{python_module devel}
 BuildRequires:  %{python_module setuptools}
-BuildRequires:  %{python_module cryptography >= 1.3.4}
+BuildRequires:  fdupes
+BuildRequires:  openssl-devel
+BuildRequires:  python-rpm-macros
 BuildRequires:  python3-Sphinx
 %if %{with tests}
 BuildRequires:  %{python_module pytest}
@ -72,6 +74,7 @@ Provides documentation for %{name}.
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1

 %build
 %python_build
--- a/python-pyOpenSSL=replace-expired-cert.patch
+++ b/python-pyOpenSSL=replace-expired-cert.patch
@ -0,0 +1,222 @@
+From 6eeb0ef13e578d8b51ca332e43c581484ac965b2 Mon Sep 17 00:00:00 2001
+From: Paul Kehrer <paul.l.kehrer@gmail.com>
+Date: Sun, 11 Jun 2017 12:36:25 -1000
+Subject: [PATCH 1/4] the root cert expired, make a new one (using the same
+ values)
+
+The new one lasts 20 years. If this project is still in use in 20 years
+we have failed.
+---
+ tests/test_crypto.py | 24 ++++++++++++++++++++++--
+ 1 file changed, 22 insertions(+), 2 deletions(-)
+
+diff --git a/tests/test_crypto.py b/tests/test_crypto.py
+index 10f47180..7f54a11d 100644
+--- a/tests/test_crypto.py
+++ b/tests/test_crypto.py
+@@ -58,7 +58,7 @@ def normalize_privatekey_pem(pem):
+ GOOD_DIGEST = "SHA1"
+ BAD_DIGEST = "monkeys"
+ 
+-root_cert_pem = b"""-----BEGIN CERTIFICATE-----
+old_root_cert_pem = b"""-----BEGIN CERTIFICATE-----
+ MIIC7TCCAlagAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE
+ BhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdU
+ ZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwIhgPMjAwOTAzMjUxMjM2
+@@ -78,6 +78,26 @@ def normalize_privatekey_pem(pem):
+ -----END CERTIFICATE-----
+ """
+ 
+root_cert_pem = b"""-----BEGIN CERTIFICATE-----
+MIIC6TCCAlKgAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE
+BhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdU
+ZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwHhcNMTcwNjExMjIzMjU5
+WhcNMzcwNjA2MjIzMjU5WjBYMQswCQYDVQQGEwJVUzELMAkGA1UECBMCSUwxEDAO
+BgNVBAcTB0NoaWNhZ28xEDAOBgNVBAoTB1Rlc3RpbmcxGDAWBgNVBAMTD1Rlc3Rp
+bmcgUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA+ZpC6Yu6ukTn
+bu5IQd0vWmpwNGZbO773xjpgfNP8nspYRqbIwI1np9FbUkJHvzZRDxrTt/LbFewr
+LhZ0prHIbwJxq3CZe+m9FDjh1IA0yKEcQukA1N3JWnoMLKwQPrCRAW6seUXV2yER
+onDxv/KkOGZtUijoKLXG8ImqK9ssWdsCAwEAAaOBuzCBuDAdBgNVHQ4EFgQUg1V3
+LV4h8UkMCSTnVAkSjch+BK4wgYgGA1UdIwSBgDB+gBSDVXctXiHxSQwJJOdUCRKN
+yH4ErqFcpFowWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdD
+aGljYWdvMRAwDgYDVQQKEwdUZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3Qg
+Q0GCCD0MxODG3rn0MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEANFYQ
+R+T70VcZ+SnvURnwviFgCXeedBzCr21meo+DNHbkp2gudB9W8Xrned/wtUBVymy9
+gjB5jINfU7Lci0H57Evsw96UJJVfhXdUMHpqt1RGCoEd9FWnrDyrSy0NysnBT2bH
+lEqxh3aFEUx9IOQ4sgnx1/NOFXBpkRtivl6O0Ec=
+-----END CERTIFICATE-----
+"""
+
+ root_key_pem = b"""-----BEGIN RSA PRIVATE KEY-----
+ MIICXQIBAAKBgQD5mkLpi7q6ROdu7khB3S9aanA0Zls7vvfGOmB80/yeylhGpsjA
+ jWen0VtSQke/NlEPGtO38tsV7CsuFnSmschvAnGrcJl76b0UOOHUgDTIoRxC6QDU
+@@ -1646,7 +1666,7 @@ def test_digest(self):
+         `X509.digest` returns a string giving ":"-separated hex-encoded
+         words of the digest of the certificate.
+         """
+-        cert = load_certificate(FILETYPE_PEM, root_cert_pem)
+        cert = load_certificate(FILETYPE_PEM, old_root_cert_pem)
+         assert (
+             # This is MD5 instead of GOOD_DIGEST because the digest algorithm
+             # actually matters to the assertion (ie, another arbitrary, good
+
+From 30bd9ab3c337900d32b945c8e989e56a524b09f7 Mon Sep 17 00:00:00 2001
+From: Paul Kehrer <paul.l.kehrer@gmail.com>
+Date: Sun, 11 Jun 2017 13:38:34 -1000
+Subject: [PATCH 2/4] this is the same cert. wtf
+
+---
+ tests/test_crypto.py | 30 +++++++++++++++---------------
+ 1 file changed, 15 insertions(+), 15 deletions(-)
+
+diff --git a/tests/test_crypto.py b/tests/test_crypto.py
+index 7f54a11d..5d0d2aa2 100644
+--- a/tests/test_crypto.py
+++ b/tests/test_crypto.py
+@@ -250,22 +250,22 @@ def normalize_privatekey_pem(pem):
+ """)
+ 
+ cleartextCertificatePEM = b"""-----BEGIN CERTIFICATE-----
+-MIIC7TCCAlagAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE
+MIIC6TCCAlKgAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE
+ BhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdU
+-ZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwIhgPMjAwOTAzMjUxMjM2
+-NThaGA8yMDE3MDYxMTEyMzY1OFowWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklM
+-MRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdUZXN0aW5nMRgwFgYDVQQDEw9U
+-ZXN0aW5nIFJvb3QgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPmaQumL
+-urpE527uSEHdL1pqcDRmWzu+98Y6YHzT/J7KWEamyMCNZ6fRW1JCR782UQ8a07fy
+-2xXsKy4WdKaxyG8CcatwmXvpvRQ44dSANMihHELpANTdyVp6DCysED6wkQFurHlF
+-1dshEaJw8b/ypDhmbVIo6Ci1xvCJqivbLFnbAgMBAAGjgbswgbgwHQYDVR0OBBYE
+-FINVdy1eIfFJDAkk51QJEo3IfgSuMIGIBgNVHSMEgYAwfoAUg1V3LV4h8UkMCSTn
+-VAkSjch+BK6hXKRaMFgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UE
+-BxMHQ2hpY2FnbzEQMA4GA1UEChMHVGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBS
+-b290IENBggg9DMTgxt659DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB
+-AGGCDazMJGoWNBpc03u6+smc95dEead2KlZXBATOdFT1VesY3+nUOqZhEhTGlDMi
+-hkgaZnzoIq/Uamidegk4hirsCT/R+6vsKAAxNTcBjUeZjlykCJWy5ojShGftXIKY
+-w/njVbKMXrvc83qmTdGl3TAM0fxQIpqgcglFLveEBgzn
+ZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwHhcNMTcwNjExMjIzMjU5
+WhcNMzcwNjA2MjIzMjU5WjBYMQswCQYDVQQGEwJVUzELMAkGA1UECBMCSUwxEDAO
+BgNVBAcTB0NoaWNhZ28xEDAOBgNVBAoTB1Rlc3RpbmcxGDAWBgNVBAMTD1Rlc3Rp
+bmcgUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA+ZpC6Yu6ukTn
+bu5IQd0vWmpwNGZbO773xjpgfNP8nspYRqbIwI1np9FbUkJHvzZRDxrTt/LbFewr
+LhZ0prHIbwJxq3CZe+m9FDjh1IA0yKEcQukA1N3JWnoMLKwQPrCRAW6seUXV2yER
+onDxv/KkOGZtUijoKLXG8ImqK9ssWdsCAwEAAaOBuzCBuDAdBgNVHQ4EFgQUg1V3
+LV4h8UkMCSTnVAkSjch+BK4wgYgGA1UdIwSBgDB+gBSDVXctXiHxSQwJJOdUCRKN
+yH4ErqFcpFowWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdD
+aGljYWdvMRAwDgYDVQQKEwdUZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3Qg
+Q0GCCD0MxODG3rn0MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEANFYQ
+R+T70VcZ+SnvURnwviFgCXeedBzCr21meo+DNHbkp2gudB9W8Xrned/wtUBVymy9
+gjB5jINfU7Lci0H57Evsw96UJJVfhXdUMHpqt1RGCoEd9FWnrDyrSy0NysnBT2bH
+lEqxh3aFEUx9IOQ4sgnx1/NOFXBpkRtivl6O0Ec=
+ -----END CERTIFICATE-----
+ """
+ 
+
+From 15fbcdad3ffeb63e267ccec5265e5b456832660e Mon Sep 17 00:00:00 2001
+From: Paul Kehrer <paul.l.kehrer@gmail.com>
+Date: Sun, 11 Jun 2017 14:12:36 -1000
+Subject: [PATCH 3/4] replace the other certs we need to replace...
+
+---
+ tests/test_crypto.py | 48 ++++++++++++++++++++++++------------------------
+ 1 file changed, 24 insertions(+), 24 deletions(-)
+
+diff --git a/tests/test_crypto.py b/tests/test_crypto.py
+index 5d0d2aa2..58caebfa 100644
+--- a/tests/test_crypto.py
+++ b/tests/test_crypto.py
+@@ -150,18 +150,18 @@ def normalize_privatekey_pem(pem):
+ """
+ 
+ server_cert_pem = b"""-----BEGIN CERTIFICATE-----
+-MIICKDCCAZGgAwIBAgIJAJn/HpR21r/8MA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV
+-BAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UEBxMHQ2hpY2FnbzEQMA4GA1UEChMH
+-VGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBSb290IENBMCIYDzIwMDkwMzI1MTIz
+-NzUzWhgPMjAxNzA2MTExMjM3NTNaMBgxFjAUBgNVBAMTDWxvdmVseSBzZXJ2ZXIw
+-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL6m+G653V0tpBC/OKl22VxOi2Cv
+-lK4TYu9LHSDP9uDVTe7V5D5Tl6qzFoRRx5pfmnkqT5B+W9byp2NU3FC5hLm5zSAr
+-b45meUhjEJ/ifkZgbNUjHdBIGP9MAQUHZa5WKdkGIJvGAvs8UzUqlr4TBWQIB24+
+-lJ+Ukk/CRgasrYwdAgMBAAGjNjA0MB0GA1UdDgQWBBS4kC7Ij0W1TZXZqXQFAM2e
+-gKEG2DATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOBgQBh30Li
+-dJ+NlxIOx5343WqIBka3UbsOb2kxWrbkVCrvRapCMLCASO4FqiKWM+L0VDBprqIp
+-2mgpFQ6FHpoIENGvJhdEKpptQ5i7KaGhnDNTfdy3x1+h852G99f1iyj0RmbuFcM8
+-uzujnS8YXWvM7DM1Ilozk4MzPug8jzFp5uhKCQ==
+MIICJDCCAY2gAwIBAgIJAJn/HpR21r/8MA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIDAJJTDEQMA4GA1UEBwwHQ2hpY2FnbzEQMA4GA1UECgwH
+VGVzdGluZzEYMBYGA1UEAwwPVGVzdGluZyBSb290IENBMB4XDTE3MDYxMjAwMTA1
+N1oXDTM3MDYwNzAwMTA1N1owGDEWMBQGA1UEAwwNbG92ZWx5IHNlcnZlcjCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvqb4brndXS2kEL84qXbZXE6LYK+UrhNi
+70sdIM/24NVN7tXkPlOXqrMWhFHHml+aeSpPkH5b1vKnY1TcULmEubnNICtvjmZ5
+SGMQn+J+RmBs1SMd0EgY/0wBBQdlrlYp2QYgm8YC+zxTNSqWvhMFZAgHbj6Un5SS
+T8JGBqytjB0CAwEAAaM2MDQwHQYDVR0OBBYEFINVdy1eIfFJDAkk51QJEo3IfgSu
+MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4GBAGki1K6WgHHJ
+qC6aY2EowjaWOXLO6jUZIhGk7BA7vMRfNug429AOZ4m5F6OQhzmJmlw67Jyu2FeI
+h0VtBuQoHPtjqZXF59oX6hMMmGLMs9pV0UA3fJs5MYA4/V5ZcQy0Ie0QoJNejLzE
+6V1Qz1rRTYLUyEcpI7ZCmBg2KQQI8YZI
+ -----END CERTIFICATE-----
+ """
+ 
+@@ -217,18 +217,18 @@ def normalize_privatekey_pem(pem):
+ """
+ 
+ client_cert_pem = b"""-----BEGIN CERTIFICATE-----
+-MIICJjCCAY+gAwIBAgIJAKxpFI5lODkjMA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV
+-BAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UEBxMHQ2hpY2FnbzEQMA4GA1UEChMH
+-VGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBSb290IENBMCIYDzIwMDkwMzI1MTIz
+-ODA1WhgPMjAxNzA2MTExMjM4MDVaMBYxFDASBgNVBAMTC3VnbHkgY2xpZW50MIGf
+-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAZh/SRtNm5ntMT4qb6YzEpTroMlq2
+-rn+GrRHRiZ+xkCw/CGNhbtPir7/QxaUj26BSmQrHw1bGKEbPsWiW7bdXSespl+xK
+-iku4G/KvnnmWdeJHqsiXeUZtqurMELcPQAw9xPHEuhqqUJvvEoMTsnCEqGM+7Dtb
+-oCRajYyHfluARQIDAQABozYwNDAdBgNVHQ4EFgQUNQB+qkaOaEVecf1J3TTUtAff
+-0fAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAyv/Jh7gM
+-Q3OHvmsFEEvRI+hsW8y66zK4K5de239Y44iZrFYkt7Q5nBPMEWDj4F2hLYWL/qtI
+-9Zdr0U4UDCU9SmmGYh4o7R4TZ5pGFvBYvjhHbkSFYFQXZxKUi+WUxplP6I0wr2KJ
+-PSTJCjJOn3xo2NTKRgV1gaoTf2EhL+RG8TQ=
+MIICIjCCAYugAwIBAgIJAKxpFI5lODkjMA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIDAJJTDEQMA4GA1UEBwwHQ2hpY2FnbzEQMA4GA1UECgwH
+VGVzdGluZzEYMBYGA1UEAwwPVGVzdGluZyBSb290IENBMB4XDTE3MDYxMjAwMDQx
+M1oXDTM3MDYwNzAwMDQxM1owFjEUMBIGA1UEAwwLdWdseSBjbGllbnQwgZ8wDQYJ
+KoZIhvcNAQEBBQADgY0AMIGJAoGBAMBmH9JG02bme0xPipvpjMSlOugyWrauf4at
+EdGJn7GQLD8IY2Fu0+Kvv9DFpSPboFKZCsfDVsYoRs+xaJbtt1dJ6ymX7EqKS7gb
+8q+eeZZ14keqyJd5Rm2q6swQtw9ADD3E8cS6GqpQm+8SgxOycISoYz7sO1ugJFqN
+jId+W4BFAgMBAAGjNjA0MB0GA1UdDgQWBBSDVXctXiHxSQwJJOdUCRKNyH4ErjAT
+BgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQUFAAOBgQAMqcHyweaCOZNN
+dWQQOsBKQlL5wqVVZwucHPWqobjxpULKy9gS2ha2zbgkXcB/BnBOSwe0Fm+MJV0T
+NbnTghcGJNpEH7VKn4xSLvIGZmnZZWgxeIB16z4GhpkK2fShBJ+6GKZjsgjT0lSH
+JRgjHbWutZfZvbSHXr9n7PIphG1Ojg==
+ -----END CERTIFICATE-----
+ """
+ 
+
+From 323f50412b06c3c32a7a5837c3426762b451d7cb Mon Sep 17 00:00:00 2001
+From: Paul Kehrer <paul.l.kehrer@gmail.com>
+Date: Sun, 11 Jun 2017 14:18:55 -1000
+Subject: [PATCH 4/4] this too
+
+---
+ tests/test_crypto.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tests/test_crypto.py b/tests/test_crypto.py
+index 58caebfa..5efb9041 100644
+--- a/tests/test_crypto.py
+++ b/tests/test_crypto.py
+@@ -1573,7 +1573,7 @@ def test_get_notBefore(self):
+         ASN1 GENERALIZEDTIME even for certificates which store it as UTCTIME
+         internally.
+         """
+-        cert = load_certificate(FILETYPE_PEM, self.pemData)
+        cert = load_certificate(FILETYPE_PEM, old_root_cert_pem)
+         assert cert.get_notBefore() == b"20090325123658Z"
+ 
+     def test_get_notAfter(self):
+@@ -1582,7 +1582,7 @@ def test_get_notAfter(self):
+         ASN1 GENERALIZEDTIME even for certificates which store it as UTCTIME
+         internally.
+         """
+-        cert = load_certificate(FILETYPE_PEM, self.pemData)
+        cert = load_certificate(FILETYPE_PEM, old_root_cert_pem)
+         assert cert.get_notAfter() == b"20170611123658Z"
+ 
+     def test_gmtime_adj_notBefore_wrong_args(self):
+