Accepting request 527394 from devel:languages:python

- update to 17.2.0: - Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead. - Fixed a bug causing ``Context.set_default_verify_paths()`` to not work with cryptography ``manylinux1`` wheels on Python 3.x. - Fixed a crash with (EC)DSA signatures in some cases. - Removed the deprecated ``OpenSSL.rand.egd()`` function. Applications should prefer ``os.urandom()`` for random number generation. - Removed the deprecated default ``digest`` argument to ``OpenSSL.crypto.CRL.export()``. Callers must now always pass an explicit ``digest``. - Fixed a bug with ``ASN1_TIME`` casting in ``X509.set_notBefore()``, ``X509.set_notAfter()``, ``Revoked.set_rev_date()``, ``Revoked.set_nextUpdate()``, and ``Revoked.set_lastUpdate()``. You must now pass times in the form ``YYYYMMDDhhmmssZ``. ``YYYYMMDDhhmmss+hhmm`` and ``YYYYMMDDhhmmss-hhmm`` will no longer work. `#612 <https://github.com/pyca/pyopenssl/pull/612>`_ - Deprecated the legacy "Type" aliases: ``ContextType``, ``ConnectionType``, ``PKeyType``, ``X509NameType``, ``X509ExtensionType``, ``X509ReqType``, ``X509Type``, ``X509StoreType``, ``CRLType``, ``PKCS7Type``, ``PKCS12Type``, ``NetscapeSPKIType``. The names without the "Type"-suffix should be used instead. - Added ``OpenSSL.crypto.X509.from_cryptography()`` and ``OpenSSL.crypto.X509.to_cryptography()`` for converting X.509 certificate to and from pyca/cryptography objects. - Added ``OpenSSL.crypto.X509Req.from_cryptography()``, ``OpenSSL.crypto.X509Req.to_cryptography()``, ``OpenSSL.crypto.CRL.from_cryptography()``, and ``OpenSSL.crypto.CRL.to_cryptography()`` for converting X.509 CSRs and CRLs to and from pyca/cryptography objects. - Added ``OpenSSL.debug`` that allows to get an overview of used library versions (including linked OpenSSL) and other useful runtime information using ``python -m OpenSSL.debug``. - Added a fallback path to ``Context.set_default_verify_paths()`` to accommodate the upcoming release of ``cryptography`` ``manylinux1`` wheels. - Drop python-pyOpenSSL=replace-expired-cert.patch . Applied upstream. OBS-URL: https://build.opensuse.org/request/show/527394 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-pyOpenSSL?expand=0&rev=28
2017-09-22 19:32:53 +00:00 · 2017-09-22 19:32:53 +00:00 · 37e0ce7375
commit 37e0ce7375
parent 9cf577d3a7 07f2dcfb54
6 changed files with 45 additions and 265 deletions
--- a/pyOpenSSL-17.0.0.tar.gz
+++ b/pyOpenSSL-17.0.0.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:48abfe9d2bb8eb8d8947c8452b0223b7b1be2383b332f3b4f248fe59ef0bafdd
-size 167121
--- a/pyOpenSSL-17.2.0.tar.gz
+++ b/pyOpenSSL-17.2.0.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5d617ce36b07c51f330aa63b83bf7f25c40a0e95958876d54d1982f8c91b4834
+size 170816
--- a/python-pyOpenSSL-always-overflow.patch
+++ b/python-pyOpenSSL-always-overflow.patch
@ -1,30 +0,0 @@
-From b3460c6a9a45a016d1ab65c149c606fa3f07096d Mon Sep 17 00:00:00 2001
-From: Alex Gaynor <alex.gaynor@gmail.com>
-Date: Thu, 6 Jul 2017 22:40:40 -0400
-Subject: [PATCH] Fixed #657 -- handle OverflowErrors on large allocation
- requests (#659)
-
-* Fixed #657 -- handle OverflowErrors on large allocation requests
-
-* always be overflowing
-
-diff --git a/tests/test_rand.py b/tests/test_rand.py
-index bdd3af0..41a4f27 100644
--- a/tests/test_rand.py
-+++ b/tests/test_rand.py
-@@ -32,11 +32,11 @@ class TestRand(object):
- 
-     def test_insufficient_memory(self):
-         """
-        `OpenSSL.rand.bytes` raises `MemoryError` if more bytes are requested
-        than will fit in memory.
-+        `OpenSSL.rand.bytes` raises `MemoryError` or `OverflowError` if more
-+        bytes are requested than will fit in memory.
-         """
-        with pytest.raises(MemoryError):
-            rand.bytes(sys.maxsize)
-+        with pytest.raises((MemoryError, OverflowError)):
-+            rand.bytes(sys.maxsize + 1)
- 
-     def test_bytes(self):
-         """
--- a/python-pyOpenSSL.changes
+++ b/python-pyOpenSSL.changes
@ -1,3 +1,38 @@
+-------------------------------------------------------------------
+Wed Aug 23 05:26:31 UTC 2017 - tbechtold@suse.com
+
+- update to 17.2.0:
+  - Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead.
+  - Fixed a bug causing ``Context.set_default_verify_paths()`` to not work with
+    cryptography ``manylinux1`` wheels on Python 3.x.
+  - Fixed a crash with (EC)DSA signatures in some cases.
+  - Removed the deprecated ``OpenSSL.rand.egd()`` function.
+    Applications should prefer ``os.urandom()`` for random number generation.
+  - Removed the deprecated default ``digest`` argument to ``OpenSSL.crypto.CRL.export()``.
+    Callers must now always pass an explicit ``digest``.
+  - Fixed a bug with ``ASN1_TIME`` casting in ``X509.set_notBefore()``,
+    ``X509.set_notAfter()``, ``Revoked.set_rev_date()``, ``Revoked.set_nextUpdate()``,
+    and ``Revoked.set_lastUpdate()``. You must now pass times in the form
+    ``YYYYMMDDhhmmssZ``. ``YYYYMMDDhhmmss+hhmm`` and ``YYYYMMDDhhmmss-hhmm``
+    will no longer work. `#612 <https://github.com/pyca/pyopenssl/pull/612>`_
+  - Deprecated the legacy "Type" aliases: ``ContextType``, ``ConnectionType``,
+    ``PKeyType``, ``X509NameType``, ``X509ExtensionType``, ``X509ReqType``,
+    ``X509Type``, ``X509StoreType``, ``CRLType``, ``PKCS7Type``, ``PKCS12Type``,
+    ``NetscapeSPKIType``.
+    The names without the "Type"-suffix should be used instead.
+  - Added ``OpenSSL.crypto.X509.from_cryptography()`` and ``OpenSSL.crypto.X509.to_cryptography()``
+    for converting X.509 certificate to and from pyca/cryptography objects.
+  - Added ``OpenSSL.crypto.X509Req.from_cryptography()``, ``OpenSSL.crypto.X509Req.to_cryptography()``,
+    ``OpenSSL.crypto.CRL.from_cryptography()``, and ``OpenSSL.crypto.CRL.to_cryptography()``
+    for converting X.509 CSRs and CRLs to and from pyca/cryptography objects.
+  - Added ``OpenSSL.debug`` that allows to get an overview of used library versions
+    (including linked OpenSSL) and other useful runtime information using
+    ``python -m OpenSSL.debug``.
+  - Added a fallback path to ``Context.set_default_verify_paths()`` to accommodate
+    the upcoming release of ``cryptography`` ``manylinux1`` wheels.
+- Drop python-pyOpenSSL=replace-expired-cert.patch . Applied upstream.
+- Drop python-pyOpenSSL-always-overflow.patch. Applied upstream.
+
 -------------------------------------------------------------------
 Thu Aug 10 11:38:17 CEST 2017 - ro@suse.de

--- a/python-pyOpenSSL.spec
+++ b/python-pyOpenSSL.spec
@ -21,7 +21,7 @@
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 %define oldpython python
 Name:           python-pyOpenSSL
-Version:        17.0.0
+Version:        17.2.0
 Release:        0
 Url:            https://github.com/pyca/pyopenssl
 Summary:        Python wrapper module around the OpenSSL library
@ -31,12 +31,8 @@ Source:         https://files.pythonhosted.org/packages/source/p/pyOpenSSL/pyOpe
 Patch0:         bug-lp-1265482.diff
 Patch1:         skip-networked-test.patch
 Patch2:         rsa128-i586.patch
-# PATCH-FIX-UPSTREAM python-pyOpenSSL=replace-expired-cert.patch gh#pyca/pyopenssl#637 dimstar@opensuse.org -- the root cert expired
-Patch3:         python-pyOpenSSL=replace-expired-cert.patch
-# PATCH-FIX-UPSTREAM python-pyOpenSSL-always-overflow.patch gh#pyca/pyopenssl#657 ro@suse.de - always trigger overflow in testsuite
-Patch4:         python-pyOpenSSL-always-overflow.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-BuildRequires:  %{python_module cryptography >= 1.3.4}
+BuildRequires:  %{python_module cryptography >= 1.9}
 BuildRequires:  %{python_module devel}
 BuildRequires:  %{python_module setuptools}
 BuildRequires:  fdupes
@ -44,9 +40,12 @@ BuildRequires:  openssl-devel
 BuildRequires:  python-rpm-macros
 BuildRequires:  python3-Sphinx
 %if %{with tests}
-BuildRequires:  %{python_module pytest}
+BuildRequires:  %{python_module flaky}
+BuildRequires:  %{python_module pretend}
+BuildRequires:  %{python_module pytest >= 3.0.1}
 %endif
-Requires:       python-cryptography >= 1.3.4
+Requires:       python-cryptography >= 1.9
+Requires:       python-six >= 1.5.2
 Provides:       pyOpenSSL = %{version}
 %ifpython2
 Obsoletes:      %{oldpython}-openssl < %{version}
@ -76,8 +75,6 @@ Provides documentation for %{name}.
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
-%patch3 -p1
-%patch4 -p1

 %build
 %python_build
--- a/python-pyOpenSSL=replace-expired-cert.patch
+++ b/python-pyOpenSSL=replace-expired-cert.patch
@ -1,222 +0,0 @@
-From 6eeb0ef13e578d8b51ca332e43c581484ac965b2 Mon Sep 17 00:00:00 2001
-From: Paul Kehrer <paul.l.kehrer@gmail.com>
-Date: Sun, 11 Jun 2017 12:36:25 -1000
-Subject: [PATCH 1/4] the root cert expired, make a new one (using the same
- values)
-
-The new one lasts 20 years. If this project is still in use in 20 years
-we have failed.
---
- tests/test_crypto.py | 24 ++++++++++++++++++++++--
- 1 file changed, 22 insertions(+), 2 deletions(-)
-
-diff --git a/tests/test_crypto.py b/tests/test_crypto.py
-index 10f47180..7f54a11d 100644
--- a/tests/test_crypto.py
-+++ b/tests/test_crypto.py
-@@ -58,7 +58,7 @@ def normalize_privatekey_pem(pem):
- GOOD_DIGEST = "SHA1"
- BAD_DIGEST = "monkeys"
- 
-root_cert_pem = b"""-----BEGIN CERTIFICATE-----
-+old_root_cert_pem = b"""-----BEGIN CERTIFICATE-----
- MIIC7TCCAlagAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE
- BhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdU
- ZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwIhgPMjAwOTAzMjUxMjM2
-@@ -78,6 +78,26 @@ def normalize_privatekey_pem(pem):
- -----END CERTIFICATE-----
- """
- 
-+root_cert_pem = b"""-----BEGIN CERTIFICATE-----
-+MIIC6TCCAlKgAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE
-+BhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdU
-+ZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwHhcNMTcwNjExMjIzMjU5
-+WhcNMzcwNjA2MjIzMjU5WjBYMQswCQYDVQQGEwJVUzELMAkGA1UECBMCSUwxEDAO
-+BgNVBAcTB0NoaWNhZ28xEDAOBgNVBAoTB1Rlc3RpbmcxGDAWBgNVBAMTD1Rlc3Rp
-+bmcgUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA+ZpC6Yu6ukTn
-+bu5IQd0vWmpwNGZbO773xjpgfNP8nspYRqbIwI1np9FbUkJHvzZRDxrTt/LbFewr
-+LhZ0prHIbwJxq3CZe+m9FDjh1IA0yKEcQukA1N3JWnoMLKwQPrCRAW6seUXV2yER
-+onDxv/KkOGZtUijoKLXG8ImqK9ssWdsCAwEAAaOBuzCBuDAdBgNVHQ4EFgQUg1V3
-+LV4h8UkMCSTnVAkSjch+BK4wgYgGA1UdIwSBgDB+gBSDVXctXiHxSQwJJOdUCRKN
-+yH4ErqFcpFowWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdD
-+aGljYWdvMRAwDgYDVQQKEwdUZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3Qg
-+Q0GCCD0MxODG3rn0MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEANFYQ
-+R+T70VcZ+SnvURnwviFgCXeedBzCr21meo+DNHbkp2gudB9W8Xrned/wtUBVymy9
-+gjB5jINfU7Lci0H57Evsw96UJJVfhXdUMHpqt1RGCoEd9FWnrDyrSy0NysnBT2bH
-+lEqxh3aFEUx9IOQ4sgnx1/NOFXBpkRtivl6O0Ec=
-+-----END CERTIFICATE-----
-+"""
-+
- root_key_pem = b"""-----BEGIN RSA PRIVATE KEY-----
- MIICXQIBAAKBgQD5mkLpi7q6ROdu7khB3S9aanA0Zls7vvfGOmB80/yeylhGpsjA
- jWen0VtSQke/NlEPGtO38tsV7CsuFnSmschvAnGrcJl76b0UOOHUgDTIoRxC6QDU
-@@ -1646,7 +1666,7 @@ def test_digest(self):
-         `X509.digest` returns a string giving ":"-separated hex-encoded
-         words of the digest of the certificate.
-         """
-        cert = load_certificate(FILETYPE_PEM, root_cert_pem)
-+        cert = load_certificate(FILETYPE_PEM, old_root_cert_pem)
-         assert (
-             # This is MD5 instead of GOOD_DIGEST because the digest algorithm
-             # actually matters to the assertion (ie, another arbitrary, good
-
-From 30bd9ab3c337900d32b945c8e989e56a524b09f7 Mon Sep 17 00:00:00 2001
-From: Paul Kehrer <paul.l.kehrer@gmail.com>
-Date: Sun, 11 Jun 2017 13:38:34 -1000
-Subject: [PATCH 2/4] this is the same cert. wtf
-
---
- tests/test_crypto.py | 30 +++++++++++++++---------------
- 1 file changed, 15 insertions(+), 15 deletions(-)
-
-diff --git a/tests/test_crypto.py b/tests/test_crypto.py
-index 7f54a11d..5d0d2aa2 100644
--- a/tests/test_crypto.py
-+++ b/tests/test_crypto.py
-@@ -250,22 +250,22 @@ def normalize_privatekey_pem(pem):
- """)
- 
- cleartextCertificatePEM = b"""-----BEGIN CERTIFICATE-----
-MIIC7TCCAlagAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE
-+MIIC6TCCAlKgAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE
- BhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdU
-ZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwIhgPMjAwOTAzMjUxMjM2
-NThaGA8yMDE3MDYxMTEyMzY1OFowWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklM
-MRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdUZXN0aW5nMRgwFgYDVQQDEw9U
-ZXN0aW5nIFJvb3QgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPmaQumL
-urpE527uSEHdL1pqcDRmWzu+98Y6YHzT/J7KWEamyMCNZ6fRW1JCR782UQ8a07fy
-2xXsKy4WdKaxyG8CcatwmXvpvRQ44dSANMihHELpANTdyVp6DCysED6wkQFurHlF
-1dshEaJw8b/ypDhmbVIo6Ci1xvCJqivbLFnbAgMBAAGjgbswgbgwHQYDVR0OBBYE
-FINVdy1eIfFJDAkk51QJEo3IfgSuMIGIBgNVHSMEgYAwfoAUg1V3LV4h8UkMCSTn
-VAkSjch+BK6hXKRaMFgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UE
-BxMHQ2hpY2FnbzEQMA4GA1UEChMHVGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBS
-b290IENBggg9DMTgxt659DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB
-AGGCDazMJGoWNBpc03u6+smc95dEead2KlZXBATOdFT1VesY3+nUOqZhEhTGlDMi
-hkgaZnzoIq/Uamidegk4hirsCT/R+6vsKAAxNTcBjUeZjlykCJWy5ojShGftXIKY
-w/njVbKMXrvc83qmTdGl3TAM0fxQIpqgcglFLveEBgzn
-+ZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwHhcNMTcwNjExMjIzMjU5
-+WhcNMzcwNjA2MjIzMjU5WjBYMQswCQYDVQQGEwJVUzELMAkGA1UECBMCSUwxEDAO
-+BgNVBAcTB0NoaWNhZ28xEDAOBgNVBAoTB1Rlc3RpbmcxGDAWBgNVBAMTD1Rlc3Rp
-+bmcgUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA+ZpC6Yu6ukTn
-+bu5IQd0vWmpwNGZbO773xjpgfNP8nspYRqbIwI1np9FbUkJHvzZRDxrTt/LbFewr
-+LhZ0prHIbwJxq3CZe+m9FDjh1IA0yKEcQukA1N3JWnoMLKwQPrCRAW6seUXV2yER
-+onDxv/KkOGZtUijoKLXG8ImqK9ssWdsCAwEAAaOBuzCBuDAdBgNVHQ4EFgQUg1V3
-+LV4h8UkMCSTnVAkSjch+BK4wgYgGA1UdIwSBgDB+gBSDVXctXiHxSQwJJOdUCRKN
-+yH4ErqFcpFowWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdD
-+aGljYWdvMRAwDgYDVQQKEwdUZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3Qg
-+Q0GCCD0MxODG3rn0MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEANFYQ
-+R+T70VcZ+SnvURnwviFgCXeedBzCr21meo+DNHbkp2gudB9W8Xrned/wtUBVymy9
-+gjB5jINfU7Lci0H57Evsw96UJJVfhXdUMHpqt1RGCoEd9FWnrDyrSy0NysnBT2bH
-+lEqxh3aFEUx9IOQ4sgnx1/NOFXBpkRtivl6O0Ec=
- -----END CERTIFICATE-----
- """
- 
-
-From 15fbcdad3ffeb63e267ccec5265e5b456832660e Mon Sep 17 00:00:00 2001
-From: Paul Kehrer <paul.l.kehrer@gmail.com>
-Date: Sun, 11 Jun 2017 14:12:36 -1000
-Subject: [PATCH 3/4] replace the other certs we need to replace...
-
---
- tests/test_crypto.py | 48 ++++++++++++++++++++++++------------------------
- 1 file changed, 24 insertions(+), 24 deletions(-)
-
-diff --git a/tests/test_crypto.py b/tests/test_crypto.py
-index 5d0d2aa2..58caebfa 100644
--- a/tests/test_crypto.py
-+++ b/tests/test_crypto.py
-@@ -150,18 +150,18 @@ def normalize_privatekey_pem(pem):
- """
- 
- server_cert_pem = b"""-----BEGIN CERTIFICATE-----
-MIICKDCCAZGgAwIBAgIJAJn/HpR21r/8MA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UEBxMHQ2hpY2FnbzEQMA4GA1UEChMH
-VGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBSb290IENBMCIYDzIwMDkwMzI1MTIz
-NzUzWhgPMjAxNzA2MTExMjM3NTNaMBgxFjAUBgNVBAMTDWxvdmVseSBzZXJ2ZXIw
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL6m+G653V0tpBC/OKl22VxOi2Cv
-lK4TYu9LHSDP9uDVTe7V5D5Tl6qzFoRRx5pfmnkqT5B+W9byp2NU3FC5hLm5zSAr
-b45meUhjEJ/ifkZgbNUjHdBIGP9MAQUHZa5WKdkGIJvGAvs8UzUqlr4TBWQIB24+
-lJ+Ukk/CRgasrYwdAgMBAAGjNjA0MB0GA1UdDgQWBBS4kC7Ij0W1TZXZqXQFAM2e
-gKEG2DATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOBgQBh30Li
-dJ+NlxIOx5343WqIBka3UbsOb2kxWrbkVCrvRapCMLCASO4FqiKWM+L0VDBprqIp
-2mgpFQ6FHpoIENGvJhdEKpptQ5i7KaGhnDNTfdy3x1+h852G99f1iyj0RmbuFcM8
-uzujnS8YXWvM7DM1Ilozk4MzPug8jzFp5uhKCQ==
-+MIICJDCCAY2gAwIBAgIJAJn/HpR21r/8MA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV
-+BAYTAlVTMQswCQYDVQQIDAJJTDEQMA4GA1UEBwwHQ2hpY2FnbzEQMA4GA1UECgwH
-+VGVzdGluZzEYMBYGA1UEAwwPVGVzdGluZyBSb290IENBMB4XDTE3MDYxMjAwMTA1
-+N1oXDTM3MDYwNzAwMTA1N1owGDEWMBQGA1UEAwwNbG92ZWx5IHNlcnZlcjCBnzAN
-+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvqb4brndXS2kEL84qXbZXE6LYK+UrhNi
-+70sdIM/24NVN7tXkPlOXqrMWhFHHml+aeSpPkH5b1vKnY1TcULmEubnNICtvjmZ5
-+SGMQn+J+RmBs1SMd0EgY/0wBBQdlrlYp2QYgm8YC+zxTNSqWvhMFZAgHbj6Un5SS
-+T8JGBqytjB0CAwEAAaM2MDQwHQYDVR0OBBYEFINVdy1eIfFJDAkk51QJEo3IfgSu
-+MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4GBAGki1K6WgHHJ
-+qC6aY2EowjaWOXLO6jUZIhGk7BA7vMRfNug429AOZ4m5F6OQhzmJmlw67Jyu2FeI
-+h0VtBuQoHPtjqZXF59oX6hMMmGLMs9pV0UA3fJs5MYA4/V5ZcQy0Ie0QoJNejLzE
-+6V1Qz1rRTYLUyEcpI7ZCmBg2KQQI8YZI
- -----END CERTIFICATE-----
- """
- 
-@@ -217,18 +217,18 @@ def normalize_privatekey_pem(pem):
- """
- 
- client_cert_pem = b"""-----BEGIN CERTIFICATE-----
-MIICJjCCAY+gAwIBAgIJAKxpFI5lODkjMA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UEBxMHQ2hpY2FnbzEQMA4GA1UEChMH
-VGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBSb290IENBMCIYDzIwMDkwMzI1MTIz
-ODA1WhgPMjAxNzA2MTExMjM4MDVaMBYxFDASBgNVBAMTC3VnbHkgY2xpZW50MIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAZh/SRtNm5ntMT4qb6YzEpTroMlq2
-rn+GrRHRiZ+xkCw/CGNhbtPir7/QxaUj26BSmQrHw1bGKEbPsWiW7bdXSespl+xK
-iku4G/KvnnmWdeJHqsiXeUZtqurMELcPQAw9xPHEuhqqUJvvEoMTsnCEqGM+7Dtb
-oCRajYyHfluARQIDAQABozYwNDAdBgNVHQ4EFgQUNQB+qkaOaEVecf1J3TTUtAff
-0fAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAyv/Jh7gM
-Q3OHvmsFEEvRI+hsW8y66zK4K5de239Y44iZrFYkt7Q5nBPMEWDj4F2hLYWL/qtI
-9Zdr0U4UDCU9SmmGYh4o7R4TZ5pGFvBYvjhHbkSFYFQXZxKUi+WUxplP6I0wr2KJ
-PSTJCjJOn3xo2NTKRgV1gaoTf2EhL+RG8TQ=
-+MIICIjCCAYugAwIBAgIJAKxpFI5lODkjMA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV
-+BAYTAlVTMQswCQYDVQQIDAJJTDEQMA4GA1UEBwwHQ2hpY2FnbzEQMA4GA1UECgwH
-+VGVzdGluZzEYMBYGA1UEAwwPVGVzdGluZyBSb290IENBMB4XDTE3MDYxMjAwMDQx
-+M1oXDTM3MDYwNzAwMDQxM1owFjEUMBIGA1UEAwwLdWdseSBjbGllbnQwgZ8wDQYJ
-+KoZIhvcNAQEBBQADgY0AMIGJAoGBAMBmH9JG02bme0xPipvpjMSlOugyWrauf4at
-+EdGJn7GQLD8IY2Fu0+Kvv9DFpSPboFKZCsfDVsYoRs+xaJbtt1dJ6ymX7EqKS7gb
-+8q+eeZZ14keqyJd5Rm2q6swQtw9ADD3E8cS6GqpQm+8SgxOycISoYz7sO1ugJFqN
-+jId+W4BFAgMBAAGjNjA0MB0GA1UdDgQWBBSDVXctXiHxSQwJJOdUCRKNyH4ErjAT
-+BgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQUFAAOBgQAMqcHyweaCOZNN
-+dWQQOsBKQlL5wqVVZwucHPWqobjxpULKy9gS2ha2zbgkXcB/BnBOSwe0Fm+MJV0T
-+NbnTghcGJNpEH7VKn4xSLvIGZmnZZWgxeIB16z4GhpkK2fShBJ+6GKZjsgjT0lSH
-+JRgjHbWutZfZvbSHXr9n7PIphG1Ojg==
- -----END CERTIFICATE-----
- """
- 
-
-From 323f50412b06c3c32a7a5837c3426762b451d7cb Mon Sep 17 00:00:00 2001
-From: Paul Kehrer <paul.l.kehrer@gmail.com>
-Date: Sun, 11 Jun 2017 14:18:55 -1000
-Subject: [PATCH 4/4] this too
-
---
- tests/test_crypto.py | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/tests/test_crypto.py b/tests/test_crypto.py
-index 58caebfa..5efb9041 100644
--- a/tests/test_crypto.py
-+++ b/tests/test_crypto.py
-@@ -1573,7 +1573,7 @@ def test_get_notBefore(self):
-         ASN1 GENERALIZEDTIME even for certificates which store it as UTCTIME
-         internally.
-         """
-        cert = load_certificate(FILETYPE_PEM, self.pemData)
-+        cert = load_certificate(FILETYPE_PEM, old_root_cert_pem)
-         assert cert.get_notBefore() == b"20090325123658Z"
- 
-     def test_get_notAfter(self):
-@@ -1582,7 +1582,7 @@ def test_get_notAfter(self):
-         ASN1 GENERALIZEDTIME even for certificates which store it as UTCTIME
-         internally.
-         """
-        cert = load_certificate(FILETYPE_PEM, self.pemData)
-+        cert = load_certificate(FILETYPE_PEM, old_root_cert_pem)
-         assert cert.get_notAfter() == b"20170611123658Z"
- 
-     def test_gmtime_adj_notBefore_wrong_args(self):
-