diff --git a/Raise-an-Error-with-no-cipher-match-even-with-TLS1.3.patch b/Raise-an-Error-with-no-cipher-match-even-with-TLS1.3.patch deleted file mode 100644 index 8659e23c47aa5e8356b8ce35f3b582fb22c55654..0000000000000000000000000000000000000000 --- a/Raise-an-Error-with-no-cipher-match-even-with-TLS1.3.patch +++ /dev/null @@ -1,102 +0,0 @@ -From df2480da2c65cf0ddb0427803edbc04516fc237f Mon Sep 17 00:00:00 2001 -From: Mark Williams -Date: Thu, 14 Feb 2019 19:30:07 -0800 -Subject: [PATCH] Raise an Error with "no cipher match" even with TLS 1.3 - (#818) - -* Raise an Error with "no cipher match" even with TLS 1.3 - -This makes Twisted's OpenSSLAcceptableCiphers.fromOpenSSLCipherString -and seamlessly work with TLS 1.3: - -https://github.com/twisted/twisted/pull/1100/files/a5df2fb373ac67b0e3032acc9291ae88dfd0b3b1#diff-df501bac724aab523150498f84749b88R1767 - -* Split TestContext.test_set_cipher_list_wrong_args into two tests. ---- - src/OpenSSL/SSL.py | 15 ++++++++++++--- - tests/test_ssl.py | 31 ++++++++++++++++++++++--------- - 2 files changed, 34 insertions(+), 12 deletions(-) - -diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py -index 5d07b26..de49cf9 100644 ---- a/src/OpenSSL/SSL.py -+++ b/src/OpenSSL/SSL.py -@@ -1196,13 +1196,23 @@ class Context(object): - # invalid cipher string is passed, but without the following check - # for the TLS 1.3 specific cipher suites it would never error. - tmpconn = Connection(self, None) -- _openssl_assert( -- tmpconn.get_cipher_list() != [ -- 'TLS_AES_256_GCM_SHA384', -- 'TLS_CHACHA20_POLY1305_SHA256', -- 'TLS_AES_128_GCM_SHA256' -- ] -- ) -+ if ( -+ tmpconn.get_cipher_list() == [ -+ 'TLS_AES_256_GCM_SHA384', -+ 'TLS_CHACHA20_POLY1305_SHA256', -+ 'TLS_AES_128_GCM_SHA256', -+ 'TLS_AES_128_CCM_SHA256' -+ ] -+ ): -+ raise Error( -+ [ -+ ( -+ 'SSL routines', -+ 'SSL_CTX_set_cipher_list', -+ 'no cipher match', -+ ), -+ ], -+ ) - - def set_client_ca_list(self, certificate_authorities): - """ -diff --git a/tests/test_ssl.py b/tests/test_ssl.py -index 38511a4..986463a 100644 ---- a/tests/test_ssl.py -+++ b/tests/test_ssl.py -@@ -410,18 +410,31 @@ class TestContext(object): - - assert "AES128-SHA" in conn.get_cipher_list() - -- @pytest.mark.parametrize("cipher_list,error", [ -- (object(), TypeError), -- ("imaginary-cipher", Error), -- ]) -- def test_set_cipher_list_wrong_args(self, context, cipher_list, error): -+ def test_set_cipher_list_wrong_type(self, context): - """ - `Context.set_cipher_list` raises `TypeError` when passed a non-string -- argument and raises `OpenSSL.SSL.Error` when passed an incorrect cipher -- list string. -+ argument. - """ -- with pytest.raises(error): -- context.set_cipher_list(cipher_list) -+ with pytest.raises(TypeError): -+ context.set_cipher_list(object()) -+ -+ def test_set_cipher_list_no_cipher_match(self, context): -+ """ -+ `Context.set_cipher_list` raises `OpenSSL.SSL.Error` with a -+ `"no cipher match"` reason string regardless of the TLS -+ version. -+ """ -+ with pytest.raises(Error) as excinfo: -+ context.set_cipher_list(b"imaginary-cipher") -+ assert excinfo.value.args == ( -+ [ -+ ( -+ 'SSL routines', -+ 'SSL_CTX_set_cipher_list', -+ 'no cipher match', -+ ), -+ ], -+ ) - - def test_load_client_ca(self, context, ca_file): - """ --- -2.21.0.windows.1 - diff --git a/pyOpenSSL-19.0.0.tar.gz b/pyOpenSSL-19.0.0.tar.gz deleted file mode 100644 index 6c0c649d8ea29d99fb9dd53756ae53e83a1d002c..0000000000000000000000000000000000000000 Binary files a/pyOpenSSL-19.0.0.tar.gz and /dev/null differ diff --git a/pyOpenSSL-19.1.0.tar.gz b/pyOpenSSL-19.1.0.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..d03a512874573f072021aa5016a3cf12d7b63781 Binary files /dev/null and b/pyOpenSSL-19.1.0.tar.gz differ diff --git a/pyOpenSSL.spec b/pyOpenSSL.spec index 659ad24be7445b38874da7e2bf5e06363c624249..cd513f167c62b97665fb05c785dcdbda98a7bc18 100644 --- a/pyOpenSSL.spec +++ b/pyOpenSSL.spec @@ -1,7 +1,7 @@ %bcond_without python2 Name: pyOpenSSL -Version: 19.0.0 +Version: 19.1.0 Release: 1 Summary: A rather thin wrapper around (a subset of) the OpenSSL library. @@ -13,9 +13,6 @@ BuildArch: noarch BuildRequires: python2-devel python3-devel python2-cryptography python3-cryptography BuildRequires: python3-setuptools python3-sphinx python3-sphinx_rtd_theme -Patch6006: skip-NPN-tests-if-NPN-is-not-available.patch -Patch6008: Raise-an-Error-with-no-cipher-match-even-with-TLS1.3.patch - %description pyOpenSSL is a rather thin wrapper around (a subset of) the OpenSSL library. With thin wrapper we mean that a lot of the object methods do nothing more @@ -78,9 +75,15 @@ make -C doc html SPHINXBUILD=sphinx-build-3 %files help %license LICENSE -%doc CHANGELOG.rst doc/_build/html examples +%doc CHANGELOG.rst doc/_build/html %changelog +* Tue May 12 2019 openEuler Buildteam - 19.1.0-1 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:Update pyOpenSSL to 19.1.0 + * Sat Aug 31 2019 openEuler Buildteam - 19.0.0-1 - Type:enhancement - ID:NA diff --git a/skip-NPN-tests-if-NPN-is-not-available.patch b/skip-NPN-tests-if-NPN-is-not-available.patch deleted file mode 100644 index d9f90ee1519c786cee2879a1159c7a9f0550bb34..0000000000000000000000000000000000000000 --- a/skip-NPN-tests-if-NPN-is-not-available.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 4d57590bc7fc93430a1fdacc31bc0cbd9778f678 Mon Sep 17 00:00:00 2001 -From: Paul Kehrer -Date: Tue, 26 Feb 2019 21:42:12 +0800 -Subject: [PATCH] skip NPN tests if NPN is not available (#822) - -* skip NPN tests if NPN is not available - -* use the right name ---- - tests/test_ssl.py | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/tests/test_ssl.py b/tests/test_ssl.py -index 986463a..ed911de 100644 ---- a/tests/test_ssl.py -+++ b/tests/test_ssl.py -@@ -1737,6 +1737,9 @@ class TestServerNameCallback(object): - assert args == [(server, b"foo1.example.com")] - - -+@pytest.mark.skipif( -+ not _lib.Cryptography_HAS_NEXTPROTONEG, reason="NPN is not available" -+) - class TestNextProtoNegotiation(object): - """ - Test for Next Protocol Negotiation in PyOpenSSL. --- -2.21.0.windows.1 -