- Update to 0.10.0

* Added support for macOS 10.13 and earlier using the `SecTrustEvaluate`
    API. Note that this API doesn't return fine-grained errors like
    `SecTrustEvaluateWithError` (requires macOS 10.14+).
  * Added `SSLContext.set_default_verify_paths()` method.
  * Changed method for disabling hostname verification for macOS and
    Windows. Previously would ignore hostname verification errors if
    `SSLContext.check_hostname` was `False`.
    Now for both macOS and Windows the certificate verification policy
    is configured to not check certificate hostname. This should have
    no effect on users.
- from version 0.9.2
  * Fixed an issue where implementations supporting Python 3.10 but not
    the peer certificate chain APIs would fail during the handshake instead
    of when importing the `truststore` module. The module now raises an error
    immediately instead of on first handshake. This was added for the GraalPy
    implementation specifically, but there may be others.
- Skip test_wrong_host_succeeds_with_hostname_verification_disabled test

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-truststore?expand=0&rev=11

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1 @@
+.osc

no-network-testing.patch

@@ -0,0 +1,113 @@
+---
+ pyproject.toml     |    3 +++
+ test_truststore.py |    7 +++----
+ 2 files changed, 6 insertions(+), 4 deletions(-)
+
+Index: truststore-0.8.0/pyproject.toml
+===================================================================
+--- truststore-0.8.0.orig/pyproject.toml
++++ truststore-0.8.0/pyproject.toml
+@@ -26,6 +26,9 @@ classifiers = [
+ ]
+ dynamic = ["version", "description"]
+ requires-python = ">= 3.10"
++markers = [
++    "network: test case requires network connection",
++]
+ 
+ [project.urls]
+ Source = "https://github.com/sethmlarson/truststore"
+@@ -38,3 +41,6 @@ filterwarnings = [
+   # See: aio-libs/aiohttp#7545
+   "ignore:.*datetime.utcfromtimestamp().*:DeprecationWarning",
+ ]
++markers = [
++   "network: test case requires network connection",
++]
+Index: truststore-0.8.0/tests/conftest.py
+===================================================================
+--- truststore-0.8.0.orig/tests/conftest.py
++++ truststore-0.8.0/tests/conftest.py
+@@ -18,7 +18,7 @@ SUBPROCESS_TIMEOUT = 5
+ original_SSLContext = ssl.SSLContext
+ 
+ 
+-successful_hosts = pytest.mark.parametrize("host", ["example.com", "1.1.1.1"])
++successful_hosts = pytest.mark.network
+ 
+ logger = logging.getLogger("aiohttp.web")
+ 
+Index: truststore-0.8.0/tests/test_api.py
+===================================================================
+--- truststore-0.8.0.orig/tests/test_api.py
++++ truststore-0.8.0/tests/test_api.py
+@@ -27,8 +27,8 @@ pytestmark = pytest.mark.flaky
+ # if the client drops the connection due to a cert verification error
+ socket.setdefaulttimeout(10)
+ 
+-successful_hosts = pytest.mark.parametrize("host", ["example.com", "1.1.1.1"])
+ 
++successful_hosts = pytest.mark.network
+ 
+ @dataclass
+ class FailureHost:
+@@ -118,9 +118,7 @@ failure_hosts_list = [
+     ),
+ ]
+ 
+-failure_hosts_no_revocation = pytest.mark.parametrize(
+-    "failure", failure_hosts_list.copy(), ids=attrgetter("host")
+-)
++failure_hosts_no_revocation = pytest.mark.network
+ 
+ if platform.system() != "Linux":
+     failure_hosts_list.append(
+@@ -139,9 +137,7 @@ if platform.system() != "Linux":
+         )
+     )
+ 
+-failure_hosts = pytest.mark.parametrize(
+-    "failure", failure_hosts_list, ids=attrgetter("host")
+-)
++failure_hosts = pytest.mark.network
+ 
+ 
+ @pytest.fixture(scope="session")
+@@ -317,7 +313,7 @@ def test_trustme_cert_loaded_via_capath(
+         assert resp.status == 200
+         assert len(resp.data) > 0
+ 
+-
++@pytest.mark.network
+ def test_trustme_cert_still_uses_system_certs(trustme_ca):
+     ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+     trustme_ca.configure_trust(ctx)
+Index: truststore-0.8.0/tests/test_sslcontext.py
+===================================================================
+--- truststore-0.8.0.orig/tests/test_sslcontext.py
++++ truststore-0.8.0/tests/test_sslcontext.py
+@@ -7,7 +7,7 @@ from urllib3.exceptions import InsecureR
+ 
+ import truststore
+ 
+-
++@pytest.mark.network
+ def test_minimum_maximum_version():
+     ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+     ctx.maximum_version = ssl.TLSVersion.TLSv1_2
+@@ -24,6 +24,7 @@ def test_minimum_maximum_version():
+     assert ctx.maximum_version == ssl.TLSVersion.TLSv1_2
+ 
+ 
++@pytest.mark.network
+ def test_check_hostname_false():
+     ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+     assert ctx.check_hostname is True
+@@ -35,6 +36,7 @@ def test_check_hostname_false():
+         assert "match" in str(e.value)
+ 
+ 
++@pytest.mark.network
+ def test_verify_mode_cert_none():
+     ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+     assert ctx.check_hostname is True

python-truststore.changes

@@ -0,0 +1,64 @@
+-------------------------------------------------------------------
+Tue Jan 28 10:07:25 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to 0.10.0
+  * Added support for macOS 10.13 and earlier using the `SecTrustEvaluate`
+    API. Note that this API doesn't return fine-grained errors like
+    `SecTrustEvaluateWithError` (requires macOS 10.14+).
+  * Added `SSLContext.set_default_verify_paths()` method.
+  * Changed method for disabling hostname verification for macOS and
+    Windows. Previously would ignore hostname verification errors if
+    `SSLContext.check_hostname` was `False`.
+    Now for both macOS and Windows the certificate verification policy
+    is configured to not check certificate hostname. This should have
+    no effect on users.
+- from version 0.9.2
+  * Fixed an issue where implementations supporting Python 3.10 but not
+    the peer certificate chain APIs would fail during the handshake instead
+    of when importing the `truststore` module. The module now raises an error
+    immediately instead of on first handshake. This was added for the GraalPy
+    implementation specifically, but there may be others.
+- Skip test_wrong_host_succeeds_with_hostname_verification_disabled test
+
+-------------------------------------------------------------------
+Thu Oct  3 05:43:57 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Add missing BuildRequires on pyOpenSSL for the testsuite, rather than
+  depending on it transitivity.
+
+-------------------------------------------------------------------
+Wed Aug 14 05:38:45 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Update to 0.9.1:
+  * Fixed an issue for CPython 3.13 where `ssl.SSLSocket` and `ssl.SSLObject`
+    certificate chain APIs would return different types.
+  * Added support for Python 3.13.
+  * Fixed loading additional certificates on macOS.
+- Drop patch no-network-testing.patch, not required.
+
+-------------------------------------------------------------------
+Sat Mar  2 08:02:57 UTC 2024 - Andreas Schneider <asn@cryptomilk.org>
+
+- Use sle15_python_module_pythons
+
+-------------------------------------------------------------------
+Fri Sep 29 17:56:07 UTC 2023 - Ondřej Súkup <mimi.vx@gmail.com>
+
+- update to 0.8.0
+- refresh no-network-testing.patch
+ * Added documentation for how to use truststore with urllib3,
+   Requests, aiohttp, and pip.
+ * Added pass-through implementations for many ssl.SSLContext methods
+   like load_cert_chain(), set_alpn_protocols(), etc.
+ * Added inject_into_ssl() and extract_from_ssl() to enable Truststore
+   for all packages using ssl.SSLContext automatically
+ * Added support for setting check_hostname, verify_mode, and verify_flags.
+ * Fixed issue where a RecursionError that would be raised when setting
+   SSLContext.minimum_version or .maximum_version
+
+-------------------------------------------------------------------
+Thu Jul 28 15:00:19 UTC 2022 - Matej Cepl <mcepl@suse.com>
+
+- Initial packaging effort for truststore 0.4.0.
+- Add no-network-testing.patch to skip networked tests
+  (gh#sethmlarson/truststore#65).

python-truststore.spec

@@ -0,0 +1,69 @@
+#
+# spec file for package python-truststore
+#
+# Copyright (c) 2025 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%{?sle15_python_module_pythons}
+Name:           python-truststore
+Version:        0.10.0
+Release:        0
+Summary:        Verify certificates using OS trust stores
+License:        MIT
+URL:            https://github.com/sethmlarson/truststore
+Source:         https://github.com/sethmlarson/truststore/archive/refs/tags/v%{version}.tar.gz#/truststore-%{version}.tar.gz
+BuildRequires:  %{python_module aiohttp}
+BuildRequires:  %{python_module flaky}
+BuildRequires:  %{python_module flit-core}
+BuildRequires:  %{python_module httpx}
+BuildRequires:  %{python_module pip}
+BuildRequires:  %{python_module pyOpenSSL}
+BuildRequires:  %{python_module pytest-asyncio}
+BuildRequires:  %{python_module pytest-httpserver}
+BuildRequires:  %{python_module pytest}
+BuildRequires:  %{python_module requests}
+BuildRequires:  %{python_module trustme}
+BuildRequires:  %{python_module urllib3}
+BuildRequires:  %{python_module wheel}
+BuildRequires:  fdupes
+BuildRequires:  python-rpm-macros
+BuildArch:      noarch
+%python_subpackages
+
+%description
+Verify certificates using OS trust stores. Supports macOS,
+Windows, and Linux (with OpenSSL). This project should be
+considered experimental.
+
+%prep
+%autosetup -p1 -n truststore-%{version}
+
+%build
+%pyproject_wheel
+
+%install
+%pyproject_install
+%python_expand %fdupes %{buildroot}%{$python_sitelib}
+
+%check
+%pytest -s -k 'not internet and not test_wrong_host_succeeds_with_hostname_verification_disabled'
+
+%files %{python_files}
+%doc README.md
+%license LICENSE
+%{python_sitelib}/truststore
+%{python_sitelib}/truststore-%{version}.dist-info
+
+%changelog

truststore-0.10.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:12e89641dba78a9427f782ad2d824bed93583a9465002fe59b63c3fd12cbe8f5
+size 28644

truststore-0.8.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c862292f8d136bfcf2a7827a1fd1c1b27944a982741205fb466005673b570df8
+size 25619

truststore-0.9.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2716d09dc828e5df71673d881e558aa72337d816d93fa7f282c6c19989b7e772
+size 26720