From 07f2dcfb54914116e6c986290e0534df15e5f67fd376999a18d11d8020a66ad9 Mon Sep 17 00:00:00 2001 From: Jan Matejek Date: Wed, 23 Aug 2017 11:32:24 +0000 Subject: [PATCH] Accepting request 518329 from home:tbechtold:branches:devel:languages:python - update to 17.2.0: - Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead. - Fixed a bug causing ``Context.set_default_verify_paths()`` to not work with cryptography ``manylinux1`` wheels on Python 3.x. - Fixed a crash with (EC)DSA signatures in some cases. - Removed the deprecated ``OpenSSL.rand.egd()`` function. Applications should prefer ``os.urandom()`` for random number generation. - Removed the deprecated default ``digest`` argument to ``OpenSSL.crypto.CRL.export()``. Callers must now always pass an explicit ``digest``. - Fixed a bug with ``ASN1_TIME`` casting in ``X509.set_notBefore()``, ``X509.set_notAfter()``, ``Revoked.set_rev_date()``, ``Revoked.set_nextUpdate()``, and ``Revoked.set_lastUpdate()``. You must now pass times in the form ``YYYYMMDDhhmmssZ``. ``YYYYMMDDhhmmss+hhmm`` and ``YYYYMMDDhhmmss-hhmm`` will no longer work. `#612 `_ - Deprecated the legacy "Type" aliases: ``ContextType``, ``ConnectionType``, ``PKeyType``, ``X509NameType``, ``X509ExtensionType``, ``X509ReqType``, ``X509Type``, ``X509StoreType``, ``CRLType``, ``PKCS7Type``, ``PKCS12Type``, ``NetscapeSPKIType``. The names without the "Type"-suffix should be used instead. - Added ``OpenSSL.crypto.X509.from_cryptography()`` and ``OpenSSL.crypto.X509.to_cryptography()`` for converting X.509 certificate to and from pyca/cryptography objects. - Added ``OpenSSL.crypto.X509Req.from_cryptography()``, ``OpenSSL.crypto.X509Req.to_cryptography()``, ``OpenSSL.crypto.CRL.from_cryptography()``, and ``OpenSSL.crypto.CRL.to_cryptography()`` for converting X.509 CSRs and CRLs to and from pyca/cryptography objects. - Added ``OpenSSL.debug`` that allows to get an overview of used library versions (including linked OpenSSL) and other useful runtime information using ``python -m OpenSSL.debug``. - Added a fallback path to ``Context.set_default_verify_paths()`` to accommodate the upcoming release of ``cryptography`` ``manylinux1`` wheels. - Drop python-pyOpenSSL=replace-expired-cert.patch . Applied upstream. OBS-URL: https://build.opensuse.org/request/show/518329 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=42 --- pyOpenSSL-17.0.0.tar.gz | 3 - pyOpenSSL-17.2.0.tar.gz | 3 + python-pyOpenSSL-always-overflow.patch | 30 --- python-pyOpenSSL.changes | 35 +++ python-pyOpenSSL.spec | 17 +- python-pyOpenSSL=replace-expired-cert.patch | 222 -------------------- 6 files changed, 45 insertions(+), 265 deletions(-) delete mode 100644 pyOpenSSL-17.0.0.tar.gz create mode 100644 pyOpenSSL-17.2.0.tar.gz delete mode 100644 python-pyOpenSSL-always-overflow.patch delete mode 100644 python-pyOpenSSL=replace-expired-cert.patch diff --git a/pyOpenSSL-17.0.0.tar.gz b/pyOpenSSL-17.0.0.tar.gz deleted file mode 100644 index f1f5d29..0000000 --- a/pyOpenSSL-17.0.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:48abfe9d2bb8eb8d8947c8452b0223b7b1be2383b332f3b4f248fe59ef0bafdd -size 167121 diff --git a/pyOpenSSL-17.2.0.tar.gz b/pyOpenSSL-17.2.0.tar.gz new file mode 100644 index 0000000..c4e0d4b --- /dev/null +++ b/pyOpenSSL-17.2.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5d617ce36b07c51f330aa63b83bf7f25c40a0e95958876d54d1982f8c91b4834 +size 170816 diff --git a/python-pyOpenSSL-always-overflow.patch b/python-pyOpenSSL-always-overflow.patch deleted file mode 100644 index ff36195..0000000 --- a/python-pyOpenSSL-always-overflow.patch +++ /dev/null @@ -1,30 +0,0 @@ -From b3460c6a9a45a016d1ab65c149c606fa3f07096d Mon Sep 17 00:00:00 2001 -From: Alex Gaynor -Date: Thu, 6 Jul 2017 22:40:40 -0400 -Subject: [PATCH] Fixed #657 -- handle OverflowErrors on large allocation - requests (#659) - -* Fixed #657 -- handle OverflowErrors on large allocation requests - -* always be overflowing - -diff --git a/tests/test_rand.py b/tests/test_rand.py -index bdd3af0..41a4f27 100644 ---- a/tests/test_rand.py -+++ b/tests/test_rand.py -@@ -32,11 +32,11 @@ class TestRand(object): - - def test_insufficient_memory(self): - """ -- `OpenSSL.rand.bytes` raises `MemoryError` if more bytes are requested -- than will fit in memory. -+ `OpenSSL.rand.bytes` raises `MemoryError` or `OverflowError` if more -+ bytes are requested than will fit in memory. - """ -- with pytest.raises(MemoryError): -- rand.bytes(sys.maxsize) -+ with pytest.raises((MemoryError, OverflowError)): -+ rand.bytes(sys.maxsize + 1) - - def test_bytes(self): - """ diff --git a/python-pyOpenSSL.changes b/python-pyOpenSSL.changes index f87c40c..72507b1 100644 --- a/python-pyOpenSSL.changes +++ b/python-pyOpenSSL.changes @@ -1,3 +1,38 @@ +------------------------------------------------------------------- +Wed Aug 23 05:26:31 UTC 2017 - tbechtold@suse.com + +- update to 17.2.0: + - Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead. + - Fixed a bug causing ``Context.set_default_verify_paths()`` to not work with + cryptography ``manylinux1`` wheels on Python 3.x. + - Fixed a crash with (EC)DSA signatures in some cases. + - Removed the deprecated ``OpenSSL.rand.egd()`` function. + Applications should prefer ``os.urandom()`` for random number generation. + - Removed the deprecated default ``digest`` argument to ``OpenSSL.crypto.CRL.export()``. + Callers must now always pass an explicit ``digest``. + - Fixed a bug with ``ASN1_TIME`` casting in ``X509.set_notBefore()``, + ``X509.set_notAfter()``, ``Revoked.set_rev_date()``, ``Revoked.set_nextUpdate()``, + and ``Revoked.set_lastUpdate()``. You must now pass times in the form + ``YYYYMMDDhhmmssZ``. ``YYYYMMDDhhmmss+hhmm`` and ``YYYYMMDDhhmmss-hhmm`` + will no longer work. `#612 `_ + - Deprecated the legacy "Type" aliases: ``ContextType``, ``ConnectionType``, + ``PKeyType``, ``X509NameType``, ``X509ExtensionType``, ``X509ReqType``, + ``X509Type``, ``X509StoreType``, ``CRLType``, ``PKCS7Type``, ``PKCS12Type``, + ``NetscapeSPKIType``. + The names without the "Type"-suffix should be used instead. + - Added ``OpenSSL.crypto.X509.from_cryptography()`` and ``OpenSSL.crypto.X509.to_cryptography()`` + for converting X.509 certificate to and from pyca/cryptography objects. + - Added ``OpenSSL.crypto.X509Req.from_cryptography()``, ``OpenSSL.crypto.X509Req.to_cryptography()``, + ``OpenSSL.crypto.CRL.from_cryptography()``, and ``OpenSSL.crypto.CRL.to_cryptography()`` + for converting X.509 CSRs and CRLs to and from pyca/cryptography objects. + - Added ``OpenSSL.debug`` that allows to get an overview of used library versions + (including linked OpenSSL) and other useful runtime information using + ``python -m OpenSSL.debug``. + - Added a fallback path to ``Context.set_default_verify_paths()`` to accommodate + the upcoming release of ``cryptography`` ``manylinux1`` wheels. +- Drop python-pyOpenSSL=replace-expired-cert.patch . Applied upstream. +- Drop python-pyOpenSSL-always-overflow.patch. Applied upstream. + ------------------------------------------------------------------- Thu Aug 10 11:38:17 CEST 2017 - ro@suse.de diff --git a/python-pyOpenSSL.spec b/python-pyOpenSSL.spec index bd091da..8138372 100644 --- a/python-pyOpenSSL.spec +++ b/python-pyOpenSSL.spec @@ -21,7 +21,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} %define oldpython python Name: python-pyOpenSSL -Version: 17.0.0 +Version: 17.2.0 Release: 0 Url: https://github.com/pyca/pyopenssl Summary: Python wrapper module around the OpenSSL library @@ -31,12 +31,8 @@ Source: https://files.pythonhosted.org/packages/source/p/pyOpenSSL/pyOpe Patch0: bug-lp-1265482.diff Patch1: skip-networked-test.patch Patch2: rsa128-i586.patch -# PATCH-FIX-UPSTREAM python-pyOpenSSL=replace-expired-cert.patch gh#pyca/pyopenssl#637 dimstar@opensuse.org -- the root cert expired -Patch3: python-pyOpenSSL=replace-expired-cert.patch -# PATCH-FIX-UPSTREAM python-pyOpenSSL-always-overflow.patch gh#pyca/pyopenssl#657 ro@suse.de - always trigger overflow in testsuite -Patch4: python-pyOpenSSL-always-overflow.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: %{python_module cryptography >= 1.3.4} +BuildRequires: %{python_module cryptography >= 1.9} BuildRequires: %{python_module devel} BuildRequires: %{python_module setuptools} BuildRequires: fdupes @@ -44,9 +40,12 @@ BuildRequires: openssl-devel BuildRequires: python-rpm-macros BuildRequires: python3-Sphinx %if %{with tests} -BuildRequires: %{python_module pytest} +BuildRequires: %{python_module flaky} +BuildRequires: %{python_module pretend} +BuildRequires: %{python_module pytest >= 3.0.1} %endif -Requires: python-cryptography >= 1.3.4 +Requires: python-cryptography >= 1.9 +Requires: python-six >= 1.5.2 Provides: pyOpenSSL = %{version} %ifpython2 Obsoletes: %{oldpython}-openssl < %{version} @@ -76,8 +75,6 @@ Provides documentation for %{name}. %patch0 -p1 %patch1 -p1 %patch2 -p1 -%patch3 -p1 -%patch4 -p1 %build %python_build diff --git a/python-pyOpenSSL=replace-expired-cert.patch b/python-pyOpenSSL=replace-expired-cert.patch deleted file mode 100644 index 12259eb..0000000 --- a/python-pyOpenSSL=replace-expired-cert.patch +++ /dev/null @@ -1,222 +0,0 @@ -From 6eeb0ef13e578d8b51ca332e43c581484ac965b2 Mon Sep 17 00:00:00 2001 -From: Paul Kehrer -Date: Sun, 11 Jun 2017 12:36:25 -1000 -Subject: [PATCH 1/4] the root cert expired, make a new one (using the same - values) - -The new one lasts 20 years. If this project is still in use in 20 years -we have failed. ---- - tests/test_crypto.py | 24 ++++++++++++++++++++++-- - 1 file changed, 22 insertions(+), 2 deletions(-) - -diff --git a/tests/test_crypto.py b/tests/test_crypto.py -index 10f47180..7f54a11d 100644 ---- a/tests/test_crypto.py -+++ b/tests/test_crypto.py -@@ -58,7 +58,7 @@ def normalize_privatekey_pem(pem): - GOOD_DIGEST = "SHA1" - BAD_DIGEST = "monkeys" - --root_cert_pem = b"""-----BEGIN CERTIFICATE----- -+old_root_cert_pem = b"""-----BEGIN CERTIFICATE----- - MIIC7TCCAlagAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE - BhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdU - ZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwIhgPMjAwOTAzMjUxMjM2 -@@ -78,6 +78,26 @@ def normalize_privatekey_pem(pem): - -----END CERTIFICATE----- - """ - -+root_cert_pem = b"""-----BEGIN CERTIFICATE----- -+MIIC6TCCAlKgAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE -+BhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdU -+ZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwHhcNMTcwNjExMjIzMjU5 -+WhcNMzcwNjA2MjIzMjU5WjBYMQswCQYDVQQGEwJVUzELMAkGA1UECBMCSUwxEDAO -+BgNVBAcTB0NoaWNhZ28xEDAOBgNVBAoTB1Rlc3RpbmcxGDAWBgNVBAMTD1Rlc3Rp -+bmcgUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA+ZpC6Yu6ukTn -+bu5IQd0vWmpwNGZbO773xjpgfNP8nspYRqbIwI1np9FbUkJHvzZRDxrTt/LbFewr -+LhZ0prHIbwJxq3CZe+m9FDjh1IA0yKEcQukA1N3JWnoMLKwQPrCRAW6seUXV2yER -+onDxv/KkOGZtUijoKLXG8ImqK9ssWdsCAwEAAaOBuzCBuDAdBgNVHQ4EFgQUg1V3 -+LV4h8UkMCSTnVAkSjch+BK4wgYgGA1UdIwSBgDB+gBSDVXctXiHxSQwJJOdUCRKN -+yH4ErqFcpFowWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdD -+aGljYWdvMRAwDgYDVQQKEwdUZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3Qg -+Q0GCCD0MxODG3rn0MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEANFYQ -+R+T70VcZ+SnvURnwviFgCXeedBzCr21meo+DNHbkp2gudB9W8Xrned/wtUBVymy9 -+gjB5jINfU7Lci0H57Evsw96UJJVfhXdUMHpqt1RGCoEd9FWnrDyrSy0NysnBT2bH -+lEqxh3aFEUx9IOQ4sgnx1/NOFXBpkRtivl6O0Ec= -+-----END CERTIFICATE----- -+""" -+ - root_key_pem = b"""-----BEGIN RSA PRIVATE KEY----- - MIICXQIBAAKBgQD5mkLpi7q6ROdu7khB3S9aanA0Zls7vvfGOmB80/yeylhGpsjA - jWen0VtSQke/NlEPGtO38tsV7CsuFnSmschvAnGrcJl76b0UOOHUgDTIoRxC6QDU -@@ -1646,7 +1666,7 @@ def test_digest(self): - `X509.digest` returns a string giving ":"-separated hex-encoded - words of the digest of the certificate. - """ -- cert = load_certificate(FILETYPE_PEM, root_cert_pem) -+ cert = load_certificate(FILETYPE_PEM, old_root_cert_pem) - assert ( - # This is MD5 instead of GOOD_DIGEST because the digest algorithm - # actually matters to the assertion (ie, another arbitrary, good - -From 30bd9ab3c337900d32b945c8e989e56a524b09f7 Mon Sep 17 00:00:00 2001 -From: Paul Kehrer -Date: Sun, 11 Jun 2017 13:38:34 -1000 -Subject: [PATCH 2/4] this is the same cert. wtf - ---- - tests/test_crypto.py | 30 +++++++++++++++--------------- - 1 file changed, 15 insertions(+), 15 deletions(-) - -diff --git a/tests/test_crypto.py b/tests/test_crypto.py -index 7f54a11d..5d0d2aa2 100644 ---- a/tests/test_crypto.py -+++ b/tests/test_crypto.py -@@ -250,22 +250,22 @@ def normalize_privatekey_pem(pem): - """) - - cleartextCertificatePEM = b"""-----BEGIN CERTIFICATE----- --MIIC7TCCAlagAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE -+MIIC6TCCAlKgAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE - BhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdU --ZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwIhgPMjAwOTAzMjUxMjM2 --NThaGA8yMDE3MDYxMTEyMzY1OFowWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklM --MRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdUZXN0aW5nMRgwFgYDVQQDEw9U --ZXN0aW5nIFJvb3QgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPmaQumL --urpE527uSEHdL1pqcDRmWzu+98Y6YHzT/J7KWEamyMCNZ6fRW1JCR782UQ8a07fy --2xXsKy4WdKaxyG8CcatwmXvpvRQ44dSANMihHELpANTdyVp6DCysED6wkQFurHlF --1dshEaJw8b/ypDhmbVIo6Ci1xvCJqivbLFnbAgMBAAGjgbswgbgwHQYDVR0OBBYE --FINVdy1eIfFJDAkk51QJEo3IfgSuMIGIBgNVHSMEgYAwfoAUg1V3LV4h8UkMCSTn --VAkSjch+BK6hXKRaMFgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UE --BxMHQ2hpY2FnbzEQMA4GA1UEChMHVGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBS --b290IENBggg9DMTgxt659DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB --AGGCDazMJGoWNBpc03u6+smc95dEead2KlZXBATOdFT1VesY3+nUOqZhEhTGlDMi --hkgaZnzoIq/Uamidegk4hirsCT/R+6vsKAAxNTcBjUeZjlykCJWy5ojShGftXIKY --w/njVbKMXrvc83qmTdGl3TAM0fxQIpqgcglFLveEBgzn -+ZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwHhcNMTcwNjExMjIzMjU5 -+WhcNMzcwNjA2MjIzMjU5WjBYMQswCQYDVQQGEwJVUzELMAkGA1UECBMCSUwxEDAO -+BgNVBAcTB0NoaWNhZ28xEDAOBgNVBAoTB1Rlc3RpbmcxGDAWBgNVBAMTD1Rlc3Rp -+bmcgUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA+ZpC6Yu6ukTn -+bu5IQd0vWmpwNGZbO773xjpgfNP8nspYRqbIwI1np9FbUkJHvzZRDxrTt/LbFewr -+LhZ0prHIbwJxq3CZe+m9FDjh1IA0yKEcQukA1N3JWnoMLKwQPrCRAW6seUXV2yER -+onDxv/KkOGZtUijoKLXG8ImqK9ssWdsCAwEAAaOBuzCBuDAdBgNVHQ4EFgQUg1V3 -+LV4h8UkMCSTnVAkSjch+BK4wgYgGA1UdIwSBgDB+gBSDVXctXiHxSQwJJOdUCRKN -+yH4ErqFcpFowWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdD -+aGljYWdvMRAwDgYDVQQKEwdUZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3Qg -+Q0GCCD0MxODG3rn0MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEANFYQ -+R+T70VcZ+SnvURnwviFgCXeedBzCr21meo+DNHbkp2gudB9W8Xrned/wtUBVymy9 -+gjB5jINfU7Lci0H57Evsw96UJJVfhXdUMHpqt1RGCoEd9FWnrDyrSy0NysnBT2bH -+lEqxh3aFEUx9IOQ4sgnx1/NOFXBpkRtivl6O0Ec= - -----END CERTIFICATE----- - """ - - -From 15fbcdad3ffeb63e267ccec5265e5b456832660e Mon Sep 17 00:00:00 2001 -From: Paul Kehrer -Date: Sun, 11 Jun 2017 14:12:36 -1000 -Subject: [PATCH 3/4] replace the other certs we need to replace... - ---- - tests/test_crypto.py | 48 ++++++++++++++++++++++++------------------------ - 1 file changed, 24 insertions(+), 24 deletions(-) - -diff --git a/tests/test_crypto.py b/tests/test_crypto.py -index 5d0d2aa2..58caebfa 100644 ---- a/tests/test_crypto.py -+++ b/tests/test_crypto.py -@@ -150,18 +150,18 @@ def normalize_privatekey_pem(pem): - """ - - server_cert_pem = b"""-----BEGIN CERTIFICATE----- --MIICKDCCAZGgAwIBAgIJAJn/HpR21r/8MA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV --BAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UEBxMHQ2hpY2FnbzEQMA4GA1UEChMH --VGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBSb290IENBMCIYDzIwMDkwMzI1MTIz --NzUzWhgPMjAxNzA2MTExMjM3NTNaMBgxFjAUBgNVBAMTDWxvdmVseSBzZXJ2ZXIw --gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL6m+G653V0tpBC/OKl22VxOi2Cv --lK4TYu9LHSDP9uDVTe7V5D5Tl6qzFoRRx5pfmnkqT5B+W9byp2NU3FC5hLm5zSAr --b45meUhjEJ/ifkZgbNUjHdBIGP9MAQUHZa5WKdkGIJvGAvs8UzUqlr4TBWQIB24+ --lJ+Ukk/CRgasrYwdAgMBAAGjNjA0MB0GA1UdDgQWBBS4kC7Ij0W1TZXZqXQFAM2e --gKEG2DATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOBgQBh30Li --dJ+NlxIOx5343WqIBka3UbsOb2kxWrbkVCrvRapCMLCASO4FqiKWM+L0VDBprqIp --2mgpFQ6FHpoIENGvJhdEKpptQ5i7KaGhnDNTfdy3x1+h852G99f1iyj0RmbuFcM8 --uzujnS8YXWvM7DM1Ilozk4MzPug8jzFp5uhKCQ== -+MIICJDCCAY2gAwIBAgIJAJn/HpR21r/8MA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV -+BAYTAlVTMQswCQYDVQQIDAJJTDEQMA4GA1UEBwwHQ2hpY2FnbzEQMA4GA1UECgwH -+VGVzdGluZzEYMBYGA1UEAwwPVGVzdGluZyBSb290IENBMB4XDTE3MDYxMjAwMTA1 -+N1oXDTM3MDYwNzAwMTA1N1owGDEWMBQGA1UEAwwNbG92ZWx5IHNlcnZlcjCBnzAN -+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvqb4brndXS2kEL84qXbZXE6LYK+UrhNi -+70sdIM/24NVN7tXkPlOXqrMWhFHHml+aeSpPkH5b1vKnY1TcULmEubnNICtvjmZ5 -+SGMQn+J+RmBs1SMd0EgY/0wBBQdlrlYp2QYgm8YC+zxTNSqWvhMFZAgHbj6Un5SS -+T8JGBqytjB0CAwEAAaM2MDQwHQYDVR0OBBYEFINVdy1eIfFJDAkk51QJEo3IfgSu -+MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4GBAGki1K6WgHHJ -+qC6aY2EowjaWOXLO6jUZIhGk7BA7vMRfNug429AOZ4m5F6OQhzmJmlw67Jyu2FeI -+h0VtBuQoHPtjqZXF59oX6hMMmGLMs9pV0UA3fJs5MYA4/V5ZcQy0Ie0QoJNejLzE -+6V1Qz1rRTYLUyEcpI7ZCmBg2KQQI8YZI - -----END CERTIFICATE----- - """ - -@@ -217,18 +217,18 @@ def normalize_privatekey_pem(pem): - """ - - client_cert_pem = b"""-----BEGIN CERTIFICATE----- --MIICJjCCAY+gAwIBAgIJAKxpFI5lODkjMA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV --BAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UEBxMHQ2hpY2FnbzEQMA4GA1UEChMH --VGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBSb290IENBMCIYDzIwMDkwMzI1MTIz --ODA1WhgPMjAxNzA2MTExMjM4MDVaMBYxFDASBgNVBAMTC3VnbHkgY2xpZW50MIGf --MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAZh/SRtNm5ntMT4qb6YzEpTroMlq2 --rn+GrRHRiZ+xkCw/CGNhbtPir7/QxaUj26BSmQrHw1bGKEbPsWiW7bdXSespl+xK --iku4G/KvnnmWdeJHqsiXeUZtqurMELcPQAw9xPHEuhqqUJvvEoMTsnCEqGM+7Dtb --oCRajYyHfluARQIDAQABozYwNDAdBgNVHQ4EFgQUNQB+qkaOaEVecf1J3TTUtAff --0fAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAyv/Jh7gM --Q3OHvmsFEEvRI+hsW8y66zK4K5de239Y44iZrFYkt7Q5nBPMEWDj4F2hLYWL/qtI --9Zdr0U4UDCU9SmmGYh4o7R4TZ5pGFvBYvjhHbkSFYFQXZxKUi+WUxplP6I0wr2KJ --PSTJCjJOn3xo2NTKRgV1gaoTf2EhL+RG8TQ= -+MIICIjCCAYugAwIBAgIJAKxpFI5lODkjMA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV -+BAYTAlVTMQswCQYDVQQIDAJJTDEQMA4GA1UEBwwHQ2hpY2FnbzEQMA4GA1UECgwH -+VGVzdGluZzEYMBYGA1UEAwwPVGVzdGluZyBSb290IENBMB4XDTE3MDYxMjAwMDQx -+M1oXDTM3MDYwNzAwMDQxM1owFjEUMBIGA1UEAwwLdWdseSBjbGllbnQwgZ8wDQYJ -+KoZIhvcNAQEBBQADgY0AMIGJAoGBAMBmH9JG02bme0xPipvpjMSlOugyWrauf4at -+EdGJn7GQLD8IY2Fu0+Kvv9DFpSPboFKZCsfDVsYoRs+xaJbtt1dJ6ymX7EqKS7gb -+8q+eeZZ14keqyJd5Rm2q6swQtw9ADD3E8cS6GqpQm+8SgxOycISoYz7sO1ugJFqN -+jId+W4BFAgMBAAGjNjA0MB0GA1UdDgQWBBSDVXctXiHxSQwJJOdUCRKNyH4ErjAT -+BgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQUFAAOBgQAMqcHyweaCOZNN -+dWQQOsBKQlL5wqVVZwucHPWqobjxpULKy9gS2ha2zbgkXcB/BnBOSwe0Fm+MJV0T -+NbnTghcGJNpEH7VKn4xSLvIGZmnZZWgxeIB16z4GhpkK2fShBJ+6GKZjsgjT0lSH -+JRgjHbWutZfZvbSHXr9n7PIphG1Ojg== - -----END CERTIFICATE----- - """ - - -From 323f50412b06c3c32a7a5837c3426762b451d7cb Mon Sep 17 00:00:00 2001 -From: Paul Kehrer -Date: Sun, 11 Jun 2017 14:18:55 -1000 -Subject: [PATCH 4/4] this too - ---- - tests/test_crypto.py | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/tests/test_crypto.py b/tests/test_crypto.py -index 58caebfa..5efb9041 100644 ---- a/tests/test_crypto.py -+++ b/tests/test_crypto.py -@@ -1573,7 +1573,7 @@ def test_get_notBefore(self): - ASN1 GENERALIZEDTIME even for certificates which store it as UTCTIME - internally. - """ -- cert = load_certificate(FILETYPE_PEM, self.pemData) -+ cert = load_certificate(FILETYPE_PEM, old_root_cert_pem) - assert cert.get_notBefore() == b"20090325123658Z" - - def test_get_notAfter(self): -@@ -1582,7 +1582,7 @@ def test_get_notAfter(self): - ASN1 GENERALIZEDTIME even for certificates which store it as UTCTIME - internally. - """ -- cert = load_certificate(FILETYPE_PEM, self.pemData) -+ cert = load_certificate(FILETYPE_PEM, old_root_cert_pem) - assert cert.get_notAfter() == b"20170611123658Z" - - def test_gmtime_adj_notBefore_wrong_args(self): -