From dac99b85a53523138e73b28e8c7248c1e8dd8325467d3eaa05a38eda1f1d3605 Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dmueller@suse.com>
Date: Sat, 20 Jan 2024 20:31:31 +0000
Subject: [PATCH] =?UTF-8?q?-=20update=20to=2024.1.0:=20=20=20*=20If=20a=20?=
 =?UTF-8?q?certificate=20doesn't=20contain=20any=20`subjectAltName`s,=20we?=
 =?UTF-8?q?=20=20=20=20=20now=20raise=20`service=5Fidentity.CertificateErr?=
 =?UTF-8?q?or`=20instead=20of=20=20=20=20=20`service=5Fidentity.Verificati?=
 =?UTF-8?q?onError`=20to=20make=20the=20problem=20=20=20=20=20easier=20to?=
 =?UTF-8?q?=20debug.=20=20=20=20=20-=20Since=20Chrome=2058=20and=20Firefox?=
 =?UTF-8?q?=2048=20both=20don=E2=80=99t=20accept=20certificates=20=20=20?=
 =?UTF-8?q?=20=20=20=20that=20contain=20only=20a=20Common=20Name,=20its=20?=
 =?UTF-8?q?usage=20is=20hereby=20=20=20=20=20=20=20deprecated=20in=20servi?=
 =?UTF-8?q?ce=5Fidentity=20too.=20We=20have=20been=20raising=20=20=20=20?=
 =?UTF-8?q?=20=20=20a=20warning=20since=2016.0.0=20and=20the=20support=20w?=
 =?UTF-8?q?ill=20be=20removed=20in=20=20=20=20=20-=20When=20service=5Fiden?=
 =?UTF-8?q?tity.SubjectAltNameWarning=20is=20raised,=20the=20=20=20=20=20-?=
 =?UTF-8?q?=20Wildcards=20(*)=20are=20now=20only=20allowed=20if=20they=20a?=
 =?UTF-8?q?re=20the=20leftmost=20=20=20=20=20=20=20label=20in=20a=20certif?=
 =?UTF-8?q?icate.=20This=20is=20common=20practice=20by=20all=20major?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-service_identity?expand=0&rev=34
---
 23.1.0.tar.gz                   |  3 ---
 24.1.0.tar.gz                   |  3 +++
 python-service_identity.changes | 23 ++++++++++++++++-------
 python-service_identity.spec    |  4 ++--
 4 files changed, 21 insertions(+), 12 deletions(-)
 delete mode 100644 23.1.0.tar.gz
 create mode 100644 24.1.0.tar.gz

diff --git a/23.1.0.tar.gz b/23.1.0.tar.gz
deleted file mode 100644
index 6c5f132..0000000
--- a/23.1.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:35c8caebaa66d1f88e1651a9de32e34fd5323561499f01e918f8e25a19020bd8
-size 38860
diff --git a/24.1.0.tar.gz b/24.1.0.tar.gz
new file mode 100644
index 0000000..86fd625
--- /dev/null
+++ b/24.1.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0a4d5c1e489fe71d379d7c091068a6a6e8e836567bd936006d2ba435a7e14141
+size 39217
diff --git a/python-service_identity.changes b/python-service_identity.changes
index 40436a8..491207e 100644
--- a/python-service_identity.changes
+++ b/python-service_identity.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Sat Jan 20 20:31:18 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 24.1.0:
+  * If a certificate doesn't contain any `subjectAltName`s, we
+    now raise `service_identity.CertificateError` instead of
+    `service_identity.VerificationError` to make the problem
+    easier to debug.
+
 -------------------------------------------------------------------
 Mon Sep 18 09:42:13 UTC 2023 - pgajdos@suse.com
 
@@ -115,19 +124,19 @@ Mon Sep 24 13:16:17 UTC 2018 - ecsos@opensuse.org
 
 - Update to 17.0.0:
   * Deprecations:
-    - Since Chrome 58 and Firefox 48 both don’t accept certificates 
-      that contain only a Common Name, its usage is hereby 
-      deprecated in service_identity too. We have been raising 
-      a warning since 16.0.0 and the support will be removed in 
+    - Since Chrome 58 and Firefox 48 both don’t accept certificates
+      that contain only a Common Name, its usage is hereby
+      deprecated in service_identity too. We have been raising
+      a warning since 16.0.0 and the support will be removed in
       mid-2018 for good.
   * Changes:
-    - When service_identity.SubjectAltNameWarning is raised, the 
+    - When service_identity.SubjectAltNameWarning is raised, the
       Common Name of the certificate is now included in the warning
       message. #17
     - Added cryptography.x509 backend for verifying certificates.
       #18
-    - Wildcards (*) are now only allowed if they are the leftmost 
-      label in a certificate. This is common practice by all major 
+    - Wildcards (*) are now only allowed if they are the leftmost
+      label in a certificate. This is common practice by all major
       browsers. #19
 
 -------------------------------------------------------------------
diff --git a/python-service_identity.spec b/python-service_identity.spec
index 75074f4..70483f4 100644
--- a/python-service_identity.spec
+++ b/python-service_identity.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package python-service_identity
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
 %define oname   service_identity
 %{?sle15_python_module_pythons}
 Name:           python-service_identity
-Version:        23.1.0
+Version:        24.1.0
 Release:        0
 Summary:        Service identity verification for pyOpenSSL
 License:        MIT