- Add patch to work with openssl 1.1.0i+:

* openssl-1.1.0i.patch

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=48

openssl-1.1.0i.patch

@@ -0,0 +1,61 @@
+From 0e6c553bc57587dc644430b7336e6bf4d90180a6 Mon Sep 17 00:00:00 2001
+From: Paul Kehrer <paul.l.kehrer@gmail.com>
+Date: Thu, 23 Aug 2018 10:52:15 -0500
+Subject: [PATCH] X509Store.add_cert no longer raises an error on duplicate
+ cert (#787)
+
+* X509Store.add_cert no longer raises an error on duplicate cert
+
+---
+ src/OpenSSL/crypto.py | 11 ++++++++++-
+ tests/test_crypto.py  |  9 ++++-----
+ 3 files changed, 16 insertions(+), 7 deletions(-)
+
+ Deprecations:
+diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py
+index d40f23c2..ea7b354b 100644
+--- a/src/OpenSSL/crypto.py
++++ b/src/OpenSSL/crypto.py
+@@ -1607,7 +1607,16 @@ def add_cert(self, cert):
+         if not isinstance(cert, X509):
+             raise TypeError()
+ 
+-        _openssl_assert(_lib.X509_STORE_add_cert(self._store, cert._x509) != 0)
++        # As of OpenSSL 1.1.0i adding the same cert to the store more than
++        # once doesn't cause an error. Accordingly, this code now silences
++        # the error for OpenSSL < 1.1.0i as well.
++        if _lib.X509_STORE_add_cert(self._store, cert._x509) == 0:
++            code = _lib.ERR_peek_error()
++            err_reason = _lib.ERR_GET_REASON(code)
++            _openssl_assert(
++                err_reason == _lib.X509_R_CERT_ALREADY_IN_HASH_TABLE
++            )
++            _lib.ERR_clear_error()
+ 
+     def add_crl(self, crl):
+         """
+diff --git a/tests/test_crypto.py b/tests/test_crypto.py
+index d1c261b8..eb4590d0 100644
+--- a/tests/test_crypto.py
++++ b/tests/test_crypto.py
+@@ -2016,16 +2016,15 @@ def test_add_cert_wrong_args(self, cert):
+         with pytest.raises(TypeError):
+             store.add_cert(cert)
+ 
+-    def test_add_cert_rejects_duplicate(self):
++    def test_add_cert_accepts_duplicate(self):
+         """
+-        `X509Store.add_cert` raises `OpenSSL.crypto.Error` if an attempt is
+-        made to add the same certificate to the store more than once.
++        `X509Store.add_cert` doesn't raise `OpenSSL.crypto.Error` if an attempt
++        is made to add the same certificate to the store more than once.
+         """
+         cert = load_certificate(FILETYPE_PEM, cleartextCertificatePEM)
+         store = X509Store()
+         store.add_cert(cert)
+-        with pytest.raises(Error):
+-            store.add_cert(cert)
++        store.add_cert(cert)
+ 
+ 
+ class TestPKCS12(object):

python-pyOpenSSL.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Aug 24 09:08:36 UTC 2018 - tchvatal@suse.com
+
+- Add patch to work with openssl 1.1.0i+:
+  * openssl-1.1.0i.patch
+
 -------------------------------------------------------------------
 Thu Aug 16 15:48:21 UTC 2018 - tchvatal@suse.com
 

python-pyOpenSSL.spec

@@ -27,7 +27,8 @@ Group:          Development/Languages/Python
 URL:            https://github.com/pyca/pyopenssl
 Source:         https://files.pythonhosted.org/packages/source/p/pyOpenSSL/pyOpenSSL-%{version}.tar.gz
 Patch1:         skip-networked-test.patch
-BuildRequires:  %{python_module cryptography >= 2.2.1}
+Patch2:         openssl-1.1.0i.patch
+BuildRequires:  %{python_module cryptography >= 2.3.0}
 BuildRequires:  %{python_module flaky}
 BuildRequires:  %{python_module pretend}
 BuildRequires:  %{python_module pytest >= 3.0.1}
@@ -35,7 +36,7 @@ BuildRequires:  %{python_module setuptools}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
 BuildRequires:  python3-Sphinx
-Requires:       python-cryptography >= 2.2.1
+Requires:       python-cryptography >= 2.3.0
 Requires:       python-six >= 1.5.2
 Provides:       pyOpenSSL = %{version}
 BuildArch:      noarch
@@ -63,7 +64,7 @@ Provides documentation for %{name}.
 
 %prep
 %setup -q -n pyOpenSSL-%{version}
-%patch1 -p1
+%autopatch -p1
 
 %build
 %python_build