From 855d0543946c76334f2620330de5ac03c2327665da4ae9e76ba12249461ffe44 Mon Sep 17 00:00:00 2001 From: Steve Kowalik Date: Thu, 25 Jan 2024 04:26:24 +0000 Subject: [PATCH] - Drop patch cryptography.patch: * No longer required. - Add patch support-service-identity-24.patch: * Support service-identity >= 24 - Switch to pyproject macros. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-aioquic?expand=0&rev=14 --- cryptography.patch | 26 ------------- python-aioquic.changes | 9 +++++ python-aioquic.spec | 12 +++--- support-service-identity-24.patch | 61 +++++++++++++++++++++++++++++++ 4 files changed, 76 insertions(+), 32 deletions(-) delete mode 100644 cryptography.patch create mode 100644 support-service-identity-24.patch diff --git a/cryptography.patch b/cryptography.patch deleted file mode 100644 index ea0c101..0000000 --- a/cryptography.patch +++ /dev/null @@ -1,26 +0,0 @@ -Index: aioquic-0.9.21/tests/test_tls.py -=================================================================== ---- aioquic-0.9.21.orig/tests/test_tls.py -+++ aioquic-0.9.21/tests/test_tls.py -@@ -443,7 +443,7 @@ class ContextTest(TestCase): - - with self.assertRaises(tls.AlertBadCertificate) as cm: - self._handshake(client, server) -- self.assertEqual(str(cm.exception), "unable to get local issuer certificate") -+ self.assertEqual(str(cm.exception), "unable to get local issuer certificate") - - def test_handshake_with_certificate_no_verify(self): - client = self.create_client(cafile=None, verify_mode=ssl.CERT_NONE) -@@ -1282,9 +1282,9 @@ class VerifyCertificateTest(TestCase): - # fail - with self.assertRaises(tls.AlertBadCertificate) as cm: - verify_certificate(certificate=certificate, server_name="localhost") -- self.assertEqual( -- str(cm.exception), "unable to get local issuer certificate" -- ) -+ self.assertEqual( -+ str(cm.exception), "unable to get local issuer certificate" -+ ) - - # ok - verify_certificate( diff --git a/python-aioquic.changes b/python-aioquic.changes index 8369078..09d7ab2 100644 --- a/python-aioquic.changes +++ b/python-aioquic.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Thu Jan 25 04:25:09 UTC 2024 - Steve Kowalik + +- Drop patch cryptography.patch: + * No longer required. +- Add patch support-service-identity-24.patch: + * Support service-identity >= 24 +- Switch to pyproject macros. + ------------------------------------------------------------------- Sat Jan 20 14:01:39 UTC 2024 - Dirk Müller diff --git a/python-aioquic.spec b/python-aioquic.spec index cf8e315..33e8e1e 100644 --- a/python-aioquic.spec +++ b/python-aioquic.spec @@ -22,12 +22,12 @@ Version: 0.9.25 Release: 0 Summary: Python implementation of QUIC and HTTP/3 License: BSD-3-Clause -Group: Development/Languages/Python URL: https://github.com/aiortc/aioquic Source: https://files.pythonhosted.org/packages/source/a/aioquic/aioquic-%{version}.tar.gz -# PATCH-FIX-OPENSUSE cryptography.patch -- we can't pin to old cryptography and thus don't get expected test exceptions, code@bnavigator.de -Patch1: cryptography.patch +# PATCH-FIX-UPSTREAM gh#aiortc/aioquic#452 +Patch0: support-service-identity-24.patch BuildRequires: %{python_module devel >= 3.7} +BuildRequires: %{python_module pip} BuildRequires: %{python_module setuptools} BuildRequires: %{python_module wheel} BuildRequires: fdupes @@ -57,10 +57,10 @@ A library for the QUIC network protocol in Python. It features a minimal TLS %build export CFLAGS="%{optflags}" -%python_build +%pyproject_wheel %install -%python_install +%pyproject_install %{python_expand rm %{buildroot}%{$python_sitearch}/aioquic/*.c %fdupes %{buildroot}%{$python_sitearch} } @@ -72,6 +72,6 @@ export CFLAGS="%{optflags}" %doc README.rst %license LICENSE %{python_sitearch}/aioquic -%{python_sitearch}/aioquic-%{version}*-info +%{python_sitearch}/aioquic-%{version}.dist-info %changelog diff --git a/support-service-identity-24.patch b/support-service-identity-24.patch new file mode 100644 index 0000000..212a5c7 --- /dev/null +++ b/support-service-identity-24.patch @@ -0,0 +1,61 @@ +From 9dd2b961dac1c9192d2459b697925ffab26a8ed2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jeremy=20Lain=C3=A9?= +Date: Sun, 14 Jan 2024 11:49:14 +0100 +Subject: [PATCH] Adapt "no subjectaltname" test for service-identitity >= 24 + +When a certificate contains no subjectAltName extension, +`service-identity` now raises a `CertificateError` instead of a +`VerificationError`. +--- + pyproject.toml | 2 +- + src/aioquic/tls.py | 7 +++++-- + tests/test_tls.py | 3 +-- + 3 files changed, 7 insertions(+), 5 deletions(-) + +diff --git a/pyproject.toml b/pyproject.toml +index 562a2a72..927fa0d4 100644 +--- a/pyproject.toml ++++ b/pyproject.toml +@@ -31,7 +31,7 @@ dependencies = [ + "cryptography", + "pylsqpack>=0.3.3,<0.4.0", + "pyopenssl>=22", +- "service-identity>=23.1.0", ++ "service-identity>=24.1.0", + ] + dynamic = ["version"] + +diff --git a/src/aioquic/tls.py b/src/aioquic/tls.py +index a8bcb2ce..35f92ce7 100644 +--- a/src/aioquic/tls.py ++++ b/src/aioquic/tls.py +@@ -244,10 +244,13 @@ def verify_certificate( + certificate, server_name + ) + +- except service_identity.VerificationError as exc: ++ except ( ++ service_identity.CertificateError, ++ service_identity.VerificationError, ++ ) as exc: + patterns = service_identity.cryptography.extract_patterns(certificate) + if len(patterns) == 0: +- errmsg = "subject alternative name not found in the certificate" ++ errmsg = str(exc) + elif len(patterns) == 1: + errmsg = f"hostname {server_name!r} doesn't match {patterns[0]!r}" + else: +diff --git a/tests/test_tls.py b/tests/test_tls.py +index 1de9cf35..cf28bf11 100644 +--- a/tests/test_tls.py ++++ b/tests/test_tls.py +@@ -1666,8 +1666,7 @@ def test_verify_subject_no_subjaltname(self): + cadata=cadata, certificate=certificate, server_name="example.com" + ) + self.assertEqual( +- str(cm.exception), +- "subject alternative name not found in the certificate", ++ str(cm.exception), "Certificate does not contain any `subjectAltName`s." + ) + + def test_verify_subject_with_subjaltname(self):