diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..56d94eb --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/pyOpenSSL-0.13.1.tar.gz diff --git a/.pyOpenSSL.metadata b/.pyOpenSSL.metadata new file mode 100644 index 0000000..2fcdbe6 --- /dev/null +++ b/.pyOpenSSL.metadata @@ -0,0 +1 @@ +60633ebb821d48d7132a436c897288ec0121b892 SOURCES/pyOpenSSL-0.13.1.tar.gz diff --git a/README.md b/README.md deleted file mode 100644 index 0e7897f..0000000 --- a/README.md +++ /dev/null @@ -1,5 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 - -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/pyOpenSSL-0.13-check-error.patch b/SOURCES/pyOpenSSL-0.13-check-error.patch new file mode 100644 index 0000000..3c7f01c --- /dev/null +++ b/SOURCES/pyOpenSSL-0.13-check-error.patch @@ -0,0 +1,77 @@ +diff -up pyOpenSSL-0.13/OpenSSL/crypto/crypto.c.error pyOpenSSL-0.13/OpenSSL/crypto/crypto.c +--- pyOpenSSL-0.13/OpenSSL/crypto/crypto.c.error 2011-09-02 17:46:13.000000000 +0200 ++++ pyOpenSSL-0.13/OpenSSL/crypto/crypto.c 2013-04-04 14:25:17.405118204 +0200 +@@ -45,12 +45,15 @@ global_passphrase_callback(char *buf, in + + func = (PyObject *)cb_arg; + argv = Py_BuildValue("(i)", rwflag); ++ if (argv == NULL) ++ return 0; + ret = PyEval_CallObject(func, argv); + Py_DECREF(argv); + if (ret == NULL) + return 0; + if (!PyBytes_Check(ret)) + { ++ Py_DECREF(ret); + PyErr_SetString(PyExc_ValueError, "String expected"); + return 0; + } +@@ -58,6 +61,7 @@ global_passphrase_callback(char *buf, in + if (nchars > len) + nchars = len; + strncpy(buf, PyBytes_AsString(ret), nchars); ++ Py_DECREF(ret); + return nchars; + } + +@@ -637,7 +641,10 @@ crypto_sign(PyObject *spam, PyObject *ar + return NULL; + } + +- EVP_SignInit(&md_ctx, digest); ++ if (EVP_SignInit(&md_ctx, digest) <= 0) { ++ exception_from_error_queue(crypto_Error); ++ return NULL; ++ } + EVP_SignUpdate(&md_ctx, data, data_len); + sig_len = sizeof(sig_buf); + err = EVP_SignFinal(&md_ctx, sig_buf, &sig_len, pkey->pkey); +@@ -692,7 +699,11 @@ crypto_verify(PyObject *spam, PyObject * + return NULL; + } + +- EVP_VerifyInit(&md_ctx, digest); ++ if (EVP_VerifyInit(&md_ctx, digest) <= 0) { ++ exception_from_error_queue(crypto_Error); ++ EVP_PKEY_free(pkey); ++ return NULL; ++ } + EVP_VerifyUpdate(&md_ctx, data, data_len); + err = EVP_VerifyFinal(&md_ctx, signature, sig_len, pkey); + EVP_PKEY_free(pkey); +diff -up pyOpenSSL-0.13/OpenSSL/crypto/x509.c.error pyOpenSSL-0.13/OpenSSL/crypto/x509.c +--- pyOpenSSL-0.13/OpenSSL/crypto/x509.c.error 2011-09-02 17:46:13.000000000 +0200 ++++ pyOpenSSL-0.13/OpenSSL/crypto/x509.c 2013-04-04 14:02:34.932847551 +0200 +@@ -656,6 +656,7 @@ crypto_X509_digest(crypto_X509Obj *self, + if (!X509_digest(self->x509,digest,fp,&len)) + { + exception_from_error_queue(crypto_Error); ++ return NULL; + } + tmp = malloc(3*len+1); + memset(tmp, 0, 3*len+1); +diff -up pyOpenSSL-0.13/OpenSSL/ssl/context.c.error pyOpenSSL-0.13/OpenSSL/ssl/context.c +--- pyOpenSSL-0.13/OpenSSL/ssl/context.c.error 2011-09-02 17:46:13.000000000 +0200 ++++ pyOpenSSL-0.13/OpenSSL/ssl/context.c 2013-04-04 14:02:34.932847551 +0200 +@@ -1215,6 +1215,10 @@ ssl_Context_init(ssl_ContextObj *self, i + } + + self->ctx = SSL_CTX_new(method); ++ if (self->ctx == NULL) { ++ exception_from_error_queue(ssl_Error); ++ return NULL; ++ } + Py_INCREF(Py_None); + self->passphrase_callback = Py_None; + Py_INCREF(Py_None); diff --git a/SOURCES/pyOpenSSL-0.13.1-digest.patch b/SOURCES/pyOpenSSL-0.13.1-digest.patch new file mode 100644 index 0000000..88ea8bb --- /dev/null +++ b/SOURCES/pyOpenSSL-0.13.1-digest.patch @@ -0,0 +1,93 @@ +diff -up pyOpenSSL-0.13.1/OpenSSL/crypto/crl.c.digest pyOpenSSL-0.13.1/OpenSSL/crypto/crl.c +--- pyOpenSSL-0.13.1/OpenSSL/crypto/crl.c.digest 2011-08-15 00:06:11.000000000 +0200 ++++ pyOpenSSL-0.13.1/OpenSSL/crypto/crl.c 2018-05-04 18:57:37.708913903 +0200 +@@ -2,7 +2,7 @@ + #define crypto_MODULE + #include "crypto.h" + +- ++#if OPENSSL_VERSION_NUMBER<0x10002000L + static X509_REVOKED * X509_REVOKED_dup(X509_REVOKED *orig) { + X509_REVOKED *dupe = NULL; + +@@ -32,6 +32,7 @@ static X509_REVOKED * X509_REVOKED_dup(X + dupe->sequence = orig->sequence; + return dupe; + } ++#endif + + static char crypto_CRL_get_revoked_doc[] = "\n\ + Return revoked portion of the CRL structure (by value\n\ +@@ -130,14 +131,24 @@ crypto_CRL_export(crypto_CRLObj *self, P + crypto_PKeyObj *key; + ASN1_TIME *tmptm; + crypto_X509Obj *x509; +- static char *kwlist[] = {"cert", "key", "type", "days", NULL}; ++ const char *mdname = NULL; ++ const EVP_MD *md; ++ static char *kwlist[] = {"cert", "key", "type", "days", "digest", NULL}; + +- if (!PyArg_ParseTupleAndKeywords(args, keywds, "O!O!|ii:dump_crl", kwlist, ++ if (!PyArg_ParseTupleAndKeywords(args, keywds, "O!O!|iiz:dump_crl", kwlist, + &crypto_X509_Type, &x509, +- &crypto_PKey_Type, &key, &type, &days)) { ++ &crypto_PKey_Type, &key, &type, &days, &mdname)) { ++ return NULL; ++ } ++ if (mdname == NULL) { ++ mdname = "sha256"; ++ } ++ if ((md = EVP_get_digestbyname(mdname)) == NULL) { ++ PyErr_SetString( ++ PyExc_ValueError, ++ "No such digest method"); + return NULL; + } +- + bio = BIO_new(BIO_s_mem()); + tmptm = ASN1_TIME_new(); + if (!tmptm) { +@@ -149,7 +160,7 @@ crypto_CRL_export(crypto_CRLObj *self, P + X509_CRL_set_nextUpdate(self->crl, tmptm); + ASN1_TIME_free(tmptm); + X509_CRL_set_issuer_name(self->crl, X509_get_subject_name(x509->x509)); +- X509_CRL_sign(self->crl, key->pkey, EVP_md5()); ++ X509_CRL_sign(self->crl, key->pkey, md); + switch (type) { + case X509_FILETYPE_PEM: + ret = PEM_write_bio_X509_CRL(bio, self->crl); +diff -up pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py.digest pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py +--- pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py.digest 2018-05-04 18:57:37.707913880 +0200 ++++ pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py 2018-05-04 18:55:09.360484497 +0200 +@@ -2628,11 +2628,12 @@ class CRLTests(TestCase): + crl.add_revoked(revoked) + + # PEM format +- dumped_crl = crl.export(self.cert, self.pkey, days=20) ++ dumped_crl = crl.export(self.cert, self.pkey, days=20, digest="sha1") + text = _runopenssl(dumped_crl, "crl", "-noout", "-text") + text.index(b('Serial Number: 03AB')) + text.index(b('Superseded')) + text.index(b('Issuer: /C=US/ST=IL/L=Chicago/O=Testing/CN=Testing Root CA')) ++ text.index(b('Signature Algorithm: sha1WithRSAEncryption')) + + # DER format + dumped_crl = crl.export(self.cert, self.pkey, FILETYPE_ASN1) +@@ -2662,14 +2663,14 @@ class CRLTests(TestCase): + def test_export_wrong_args(self): + """ + Calling L{OpenSSL.CRL.export} with fewer than two or more than +- four arguments, or with arguments other than the certificate, +- private key, integer file type, and integer number of days it ++ five arguments, or with arguments other than the certificate, ++ private key, integer file type, integer number of days, and digest it + expects, results in a L{TypeError} being raised. + """ + crl = CRL() + self.assertRaises(TypeError, crl.export) + self.assertRaises(TypeError, crl.export, self.cert) +- self.assertRaises(TypeError, crl.export, self.cert, self.pkey, FILETYPE_PEM, 10, "foo") ++ self.assertRaises(TypeError, crl.export, self.cert, self.pkey, FILETYPE_PEM, 10, "foo", "boo") + + self.assertRaises(TypeError, crl.export, None, self.pkey, FILETYPE_PEM, 10) + self.assertRaises(TypeError, crl.export, self.cert, None, FILETYPE_PEM, 10) diff --git a/SOURCES/pyOpenSSL-0.13.1-exception.patch b/SOURCES/pyOpenSSL-0.13.1-exception.patch new file mode 100644 index 0000000..d81cb11 --- /dev/null +++ b/SOURCES/pyOpenSSL-0.13.1-exception.patch @@ -0,0 +1,389 @@ +diff -up pyOpenSSL-0.13.1/OpenSSL/crypto/crypto.c.exception pyOpenSSL-0.13.1/OpenSSL/crypto/crypto.c +--- pyOpenSSL-0.13.1/OpenSSL/crypto/crypto.c.exception 2018-05-04 18:56:35.946486574 +0200 ++++ pyOpenSSL-0.13.1/OpenSSL/crypto/crypto.c 2018-05-04 18:56:35.950486667 +0200 +@@ -45,26 +45,72 @@ global_passphrase_callback(char *buf, in + + func = (PyObject *)cb_arg; + argv = Py_BuildValue("(i)", rwflag); +- if (argv == NULL) ++ if (argv == NULL) { + return 0; ++ } + ret = PyEval_CallObject(func, argv); + Py_DECREF(argv); +- if (ret == NULL) ++ if (ret == NULL) { + return 0; +- if (!PyBytes_Check(ret)) +- { ++ } ++ if (!PyBytes_Check(ret)) { + Py_DECREF(ret); + PyErr_SetString(PyExc_ValueError, "String expected"); + return 0; + } + nchars = PyBytes_Size(ret); +- if (nchars > len) +- nchars = len; ++ if (nchars > len) { ++ Py_DECREF(ret); ++ PyErr_SetString(PyExc_ValueError, ++ "passphrase returned by callback is too long"); ++ return 0; ++ } + strncpy(buf, PyBytes_AsString(ret), nchars); + Py_DECREF(ret); + return nchars; + } + ++static PyObject * ++raise_current_error(void) ++{ ++ if (PyErr_Occurred()) { ++ /* ++ * The python exception from callback is more informative than ++ * OpenSSL's error. ++ */ ++ flush_error_queue(); ++ return NULL; ++ } ++ exception_from_error_queue(crypto_Error); ++ return NULL; ++} ++ ++static int ++setup_callback(int type, PyObject *pw, pem_password_cb **cb, void **cb_arg) { ++ if (pw == NULL) { ++ *cb = NULL; ++ *cb_arg = NULL; ++ return 1; ++ } ++ if (type != X509_FILETYPE_PEM) { ++ PyErr_SetString(PyExc_ValueError, ++ "only FILETYPE_PEM key format supports encryption"); ++ return 0; ++ } ++ if (PyBytes_Check(pw)) { ++ *cb = NULL; ++ *cb_arg = PyBytes_AsString(pw); ++ } else if (PyCallable_Check(pw)) { ++ *cb = global_passphrase_callback; ++ *cb_arg = pw; ++ } else { ++ PyErr_SetString(PyExc_TypeError, ++ "Last argument must be string or callable"); ++ return 0; ++ } ++ return 1; ++} ++ + static char crypto_load_privatekey_doc[] = "\n\ + Load a private key from a buffer\n\ + \n\ +@@ -89,31 +135,20 @@ crypto_load_privatekey(PyObject *spam, P + BIO *bio; + EVP_PKEY *pkey; + +- if (!PyArg_ParseTuple(args, "is#|O:load_privatekey", &type, &buffer, &len, &pw)) ++ if (!PyArg_ParseTuple(args, "is#|O:load_privatekey", ++ &type, &buffer, &len, &pw)) { ++ return NULL; ++ } ++ if (!setup_callback(type, pw, &cb, &cb_arg)) { + return NULL; +- +- if (pw != NULL) +- { +- if (PyBytes_Check(pw)) +- { +- cb = NULL; +- cb_arg = PyBytes_AsString(pw); +- } +- else if (PyCallable_Check(pw)) +- { +- cb = global_passphrase_callback; +- cb_arg = pw; +- } +- else +- { +- PyErr_SetString(PyExc_TypeError, "Last argument must be string or callable"); +- return NULL; +- } + } + + bio = BIO_new_mem_buf(buffer, len); +- switch (type) +- { ++ if (bio == NULL) { ++ exception_from_error_queue(crypto_Error); ++ return NULL; ++ } ++ switch (type) { + case X509_FILETYPE_PEM: + pkey = PEM_read_bio_PrivateKey(bio, NULL, cb, cb_arg); + break; +@@ -129,10 +164,8 @@ crypto_load_privatekey(PyObject *spam, P + } + BIO_free(bio); + +- if (pkey == NULL) +- { +- exception_from_error_queue(crypto_Error); +- return NULL; ++ if (pkey == NULL) { ++ return raise_current_error(); + } + + return (PyObject *)crypto_PKey_New(pkey, 1); +@@ -168,49 +201,32 @@ crypto_dump_privatekey(PyObject *spam, P + crypto_PKeyObj *pkey; + + if (!PyArg_ParseTuple(args, "iO!|sO:dump_privatekey", &type, +- &crypto_PKey_Type, &pkey, &cipher_name, &pw)) ++ &crypto_PKey_Type, &pkey, &cipher_name, &pw)) { + return NULL; +- +- if (cipher_name != NULL && pw == NULL) +- { ++ } ++ if (cipher_name != NULL && pw == NULL) { + PyErr_SetString(PyExc_ValueError, "Illegal number of arguments"); + return NULL; + } +- if (cipher_name != NULL) +- { ++ if (cipher_name != NULL) { + cipher = EVP_get_cipherbyname(cipher_name); +- if (cipher == NULL) +- { ++ if (cipher == NULL) { + PyErr_SetString(PyExc_ValueError, "Invalid cipher name"); + return NULL; + } +- if (PyBytes_Check(pw)) +- { +- cb = NULL; +- cb_arg = PyBytes_AsString(pw); +- } +- else if (PyCallable_Check(pw)) +- { +- cb = global_passphrase_callback; +- cb_arg = pw; +- } +- else +- { +- PyErr_SetString(PyExc_TypeError, "Last argument must be string or callable"); ++ if (!setup_callback(type, pw, &cb, &cb_arg)) { + return NULL; + } + } + + bio = BIO_new(BIO_s_mem()); +- switch (type) +- { ++ if (bio == NULL) { ++ exception_from_error_queue(crypto_Error); ++ return NULL; ++ } ++ switch (type) { + case X509_FILETYPE_PEM: + ret = PEM_write_bio_PrivateKey(bio, pkey->pkey, cipher, NULL, 0, cb, cb_arg); +- if (PyErr_Occurred()) +- { +- BIO_free(bio); +- return NULL; +- } + break; + + case X509_FILETYPE_ASN1: +@@ -219,8 +235,12 @@ crypto_dump_privatekey(PyObject *spam, P + + case X509_FILETYPE_TEXT: + rsa = EVP_PKEY_get1_RSA(pkey->pkey); ++ if (rsa == NULL) { ++ ret = 0; ++ break; ++ } + ret = RSA_print(bio, rsa, 0); +- RSA_free(rsa); ++ RSA_free(rsa); + break; + + default: +@@ -229,11 +249,9 @@ crypto_dump_privatekey(PyObject *spam, P + return NULL; + } + +- if (ret == 0) +- { ++ if (ret == 0) { + BIO_free(bio); +- exception_from_error_queue(crypto_Error); +- return NULL; ++ return raise_current_error(); + } + + buf_len = BIO_get_mem_data(bio, &temp); +@@ -513,8 +531,8 @@ crypto_load_pkcs7_data(PyObject *spam, P + if (!PyArg_ParseTuple(args, "is#:load_pkcs7_data", &type, &buffer, &len)) + return NULL; + +- /* +- * Try to read the pkcs7 data from the bio ++ /* ++ * Try to read the pkcs7 data from the bio + */ + bio = BIO_new_mem_buf(buffer, len); + switch (type) +diff -up pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py.exception pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py +--- pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py.exception 2018-05-04 18:56:35.948486620 +0200 ++++ pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py 2018-05-04 18:57:16.363420609 +0200 +@@ -7,7 +7,7 @@ Unit tests for L{OpenSSL.crypto}. + + from unittest import main + +-import os, re ++import os, re, sys + from subprocess import PIPE, Popen + from datetime import datetime, timedelta + +@@ -2038,6 +2038,18 @@ class FunctionTests(TestCase): + load_privatekey, FILETYPE_PEM, encryptedPrivateKeyPEM, b("quack")) + + ++ def test_load_privatekey_passphraseWrongType(self): ++ """ ++ :py:obj:`load_privatekey` raises :py:obj:`ValueError` when it is passed a passphrase ++ with a private key encoded in a format, that doesn't support ++ encryption. ++ """ ++ key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM) ++ blob = dump_privatekey(FILETYPE_ASN1, key) ++ self.assertRaises(ValueError, ++ load_privatekey, FILETYPE_ASN1, blob, "secret") ++ ++ + def test_load_privatekey_passphrase(self): + """ + L{load_privatekey} can create a L{PKey} object from an encrypted PEM +@@ -2058,7 +2070,7 @@ class FunctionTests(TestCase): + called = [] + def cb(*a): + called.append(None) +- return "quack" ++ return b("quack") + self.assertRaises( + Error, + load_privatekey, FILETYPE_PEM, encryptedPrivateKeyPEM, cb) +@@ -2083,25 +2095,36 @@ class FunctionTests(TestCase): + def test_load_privatekey_passphrase_exception(self): + """ + An exception raised by the passphrase callback passed to +- L{load_privatekey} causes L{OpenSSL.crypto.Error} to be raised. +- +- This isn't as nice as just letting the exception pass through. The +- behavior might be changed to that eventually. ++ L{load_privatekey} is propagated. + """ + def broken(ignored): + raise RuntimeError("This is not working.") + self.assertRaises( +- Error, ++ RuntimeError, + load_privatekey, + FILETYPE_PEM, encryptedPrivateKeyPEM, broken) + + ++ def test_load_privatekey_passphrase_wrong_return_type(self): ++ """ ++ :py:obj:`load_privatekey` raises :py:obj:`ValueError` if the passphrase ++ callback returns something other than a byte string. ++ """ ++ self.assertRaises( ++ ValueError, ++ load_privatekey, ++ FILETYPE_PEM, encryptedPrivateKeyPEM, lambda *args: 3) ++ ++ + def test_dump_privatekey_wrong_args(self): + """ + L{dump_privatekey} raises L{TypeError} if called with the wrong number + of arguments. + """ + self.assertRaises(TypeError, dump_privatekey) ++ # If cipher name is given, password is required. ++ self.assertRaises( ++ ValueError, dump_privatekey, FILETYPE_PEM, PKey(), "foo") + + + def test_dump_privatekey_unknown_cipher(self): +@@ -2138,6 +2161,18 @@ class FunctionTests(TestCase): + self.assertRaises(ValueError, dump_privatekey, 100, key) + + ++ def test_load_privatekey_passphraseCallbackLength(self): ++ """ ++ :py:obj:`crypto.load_privatekey` should raise an error when the passphrase ++ provided by the callback is too long, not silently truncate it. ++ """ ++ def cb(ignored): ++ return "a" * 1025 ++ ++ self.assertRaises(ValueError, ++ load_privatekey, FILETYPE_PEM, encryptedPrivateKeyPEM, cb) ++ ++ + def test_dump_privatekey_passphrase(self): + """ + L{dump_privatekey} writes an encrypted PEM when given a passphrase. +@@ -2152,6 +2187,17 @@ class FunctionTests(TestCase): + self.assertEqual(loadedKey.bits(), key.bits()) + + ++ def test_dump_privatekey_passphraseWrongType(self): ++ """ ++ :py:obj:`dump_privatekey` raises :py:obj:`ValueError` when it is passed a passphrase ++ with a private key encoded in a format, that doesn't support ++ encryption. ++ """ ++ key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM) ++ self.assertRaises(ValueError, ++ dump_privatekey, FILETYPE_ASN1, key, "blowfish", "secret") ++ ++ + def test_dump_certificate(self): + """ + L{dump_certificate} writes PEM, DER, and text. +@@ -2230,6 +2276,32 @@ class FunctionTests(TestCase): + self.assertEqual(loadedKey.bits(), key.bits()) + + ++ def test_dump_privatekey_passphrase_exception(self): ++ """ ++ :py:obj:`dump_privatekey` should not overwrite the exception raised ++ by the passphrase callback. ++ """ ++ def cb(ignored): ++ raise ArithmeticError ++ ++ key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM) ++ self.assertRaises(ArithmeticError, ++ dump_privatekey, FILETYPE_PEM, key, "blowfish", cb) ++ ++ ++ def test_dump_privatekey_passphraseCallbackLength(self): ++ """ ++ :py:obj:`crypto.dump_privatekey` should raise an error when the passphrase ++ provided by the callback is too long, not silently truncate it. ++ """ ++ def cb(ignored): ++ return "a" * 1025 ++ ++ key = load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM) ++ self.assertRaises(ValueError, ++ dump_privatekey, FILETYPE_PEM, key, "blowfish", cb) ++ ++ + def test_load_pkcs7_data(self): + """ + L{load_pkcs7_data} accepts a PKCS#7 string and returns an instance of diff --git a/SOURCES/pyOpenSSL-0.13.1-test-failure.patch b/SOURCES/pyOpenSSL-0.13.1-test-failure.patch new file mode 100644 index 0000000..6736439 --- /dev/null +++ b/SOURCES/pyOpenSSL-0.13.1-test-failure.patch @@ -0,0 +1,333 @@ +diff -up pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py.test-failure pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py +--- pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py.test-failure 2013-08-23 21:48:24.000000000 +0200 ++++ pyOpenSSL-0.13.1/OpenSSL/test/test_crypto.py 2018-05-04 18:55:55.508551705 +0200 +@@ -35,22 +35,22 @@ def normalize_privatekey_pem(pem): + + + root_cert_pem = b("""-----BEGIN CERTIFICATE----- +-MIIC7TCCAlagAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE ++MIIC6TCCAlKgAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE + BhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdU +-ZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwIhgPMjAwOTAzMjUxMjM2 +-NThaGA8yMDE3MDYxMTEyMzY1OFowWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklM +-MRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdUZXN0aW5nMRgwFgYDVQQDEw9U +-ZXN0aW5nIFJvb3QgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPmaQumL +-urpE527uSEHdL1pqcDRmWzu+98Y6YHzT/J7KWEamyMCNZ6fRW1JCR782UQ8a07fy +-2xXsKy4WdKaxyG8CcatwmXvpvRQ44dSANMihHELpANTdyVp6DCysED6wkQFurHlF +-1dshEaJw8b/ypDhmbVIo6Ci1xvCJqivbLFnbAgMBAAGjgbswgbgwHQYDVR0OBBYE +-FINVdy1eIfFJDAkk51QJEo3IfgSuMIGIBgNVHSMEgYAwfoAUg1V3LV4h8UkMCSTn +-VAkSjch+BK6hXKRaMFgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UE +-BxMHQ2hpY2FnbzEQMA4GA1UEChMHVGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBS +-b290IENBggg9DMTgxt659DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB +-AGGCDazMJGoWNBpc03u6+smc95dEead2KlZXBATOdFT1VesY3+nUOqZhEhTGlDMi +-hkgaZnzoIq/Uamidegk4hirsCT/R+6vsKAAxNTcBjUeZjlykCJWy5ojShGftXIKY +-w/njVbKMXrvc83qmTdGl3TAM0fxQIpqgcglFLveEBgzn ++ZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwHhcNMTcwNjExMjIzMjU5 ++WhcNMzcwNjA2MjIzMjU5WjBYMQswCQYDVQQGEwJVUzELMAkGA1UECBMCSUwxEDAO ++BgNVBAcTB0NoaWNhZ28xEDAOBgNVBAoTB1Rlc3RpbmcxGDAWBgNVBAMTD1Rlc3Rp ++bmcgUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA+ZpC6Yu6ukTn ++bu5IQd0vWmpwNGZbO773xjpgfNP8nspYRqbIwI1np9FbUkJHvzZRDxrTt/LbFewr ++LhZ0prHIbwJxq3CZe+m9FDjh1IA0yKEcQukA1N3JWnoMLKwQPrCRAW6seUXV2yER ++onDxv/KkOGZtUijoKLXG8ImqK9ssWdsCAwEAAaOBuzCBuDAdBgNVHQ4EFgQUg1V3 ++LV4h8UkMCSTnVAkSjch+BK4wgYgGA1UdIwSBgDB+gBSDVXctXiHxSQwJJOdUCRKN ++yH4ErqFcpFowWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdD ++aGljYWdvMRAwDgYDVQQKEwdUZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3Qg ++Q0GCCD0MxODG3rn0MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEANFYQ ++R+T70VcZ+SnvURnwviFgCXeedBzCr21meo+DNHbkp2gudB9W8Xrned/wtUBVymy9 ++gjB5jINfU7Lci0H57Evsw96UJJVfhXdUMHpqt1RGCoEd9FWnrDyrSy0NysnBT2bH ++lEqxh3aFEUx9IOQ4sgnx1/NOFXBpkRtivl6O0Ec= + -----END CERTIFICATE----- + """) + +@@ -72,18 +72,18 @@ cbvAhow217X9V0dVerEOKxnNYspXRrh36h7k4mQA + """) + + server_cert_pem = b("""-----BEGIN CERTIFICATE----- +-MIICKDCCAZGgAwIBAgIJAJn/HpR21r/8MA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV +-BAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UEBxMHQ2hpY2FnbzEQMA4GA1UEChMH +-VGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBSb290IENBMCIYDzIwMDkwMzI1MTIz +-NzUzWhgPMjAxNzA2MTExMjM3NTNaMBgxFjAUBgNVBAMTDWxvdmVseSBzZXJ2ZXIw +-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL6m+G653V0tpBC/OKl22VxOi2Cv +-lK4TYu9LHSDP9uDVTe7V5D5Tl6qzFoRRx5pfmnkqT5B+W9byp2NU3FC5hLm5zSAr +-b45meUhjEJ/ifkZgbNUjHdBIGP9MAQUHZa5WKdkGIJvGAvs8UzUqlr4TBWQIB24+ +-lJ+Ukk/CRgasrYwdAgMBAAGjNjA0MB0GA1UdDgQWBBS4kC7Ij0W1TZXZqXQFAM2e +-gKEG2DATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOBgQBh30Li +-dJ+NlxIOx5343WqIBka3UbsOb2kxWrbkVCrvRapCMLCASO4FqiKWM+L0VDBprqIp +-2mgpFQ6FHpoIENGvJhdEKpptQ5i7KaGhnDNTfdy3x1+h852G99f1iyj0RmbuFcM8 +-uzujnS8YXWvM7DM1Ilozk4MzPug8jzFp5uhKCQ== ++MIICJDCCAY2gAwIBAgIJAJn/HpR21r/8MA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV ++BAYTAlVTMQswCQYDVQQIDAJJTDEQMA4GA1UEBwwHQ2hpY2FnbzEQMA4GA1UECgwH ++VGVzdGluZzEYMBYGA1UEAwwPVGVzdGluZyBSb290IENBMB4XDTE3MDYxMjAwMTA1 ++N1oXDTM3MDYwNzAwMTA1N1owGDEWMBQGA1UEAwwNbG92ZWx5IHNlcnZlcjCBnzAN ++BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvqb4brndXS2kEL84qXbZXE6LYK+UrhNi ++70sdIM/24NVN7tXkPlOXqrMWhFHHml+aeSpPkH5b1vKnY1TcULmEubnNICtvjmZ5 ++SGMQn+J+RmBs1SMd0EgY/0wBBQdlrlYp2QYgm8YC+zxTNSqWvhMFZAgHbj6Un5SS ++T8JGBqytjB0CAwEAAaM2MDQwHQYDVR0OBBYEFINVdy1eIfFJDAkk51QJEo3IfgSu ++MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4GBAGki1K6WgHHJ ++qC6aY2EowjaWOXLO6jUZIhGk7BA7vMRfNug429AOZ4m5F6OQhzmJmlw67Jyu2FeI ++h0VtBuQoHPtjqZXF59oX6hMMmGLMs9pV0UA3fJs5MYA4/V5ZcQy0Ie0QoJNejLzE ++6V1Qz1rRTYLUyEcpI7ZCmBg2KQQI8YZI + -----END CERTIFICATE----- + """) + +@@ -105,18 +105,18 @@ r50+LF74iLXFwqysVCebPKMOpDWp/qQ1BbJQIPs7 + """)) + + client_cert_pem = b("""-----BEGIN CERTIFICATE----- +-MIICJjCCAY+gAwIBAgIJAKxpFI5lODkjMA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV +-BAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UEBxMHQ2hpY2FnbzEQMA4GA1UEChMH +-VGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBSb290IENBMCIYDzIwMDkwMzI1MTIz +-ODA1WhgPMjAxNzA2MTExMjM4MDVaMBYxFDASBgNVBAMTC3VnbHkgY2xpZW50MIGf +-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAZh/SRtNm5ntMT4qb6YzEpTroMlq2 +-rn+GrRHRiZ+xkCw/CGNhbtPir7/QxaUj26BSmQrHw1bGKEbPsWiW7bdXSespl+xK +-iku4G/KvnnmWdeJHqsiXeUZtqurMELcPQAw9xPHEuhqqUJvvEoMTsnCEqGM+7Dtb +-oCRajYyHfluARQIDAQABozYwNDAdBgNVHQ4EFgQUNQB+qkaOaEVecf1J3TTUtAff +-0fAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAyv/Jh7gM +-Q3OHvmsFEEvRI+hsW8y66zK4K5de239Y44iZrFYkt7Q5nBPMEWDj4F2hLYWL/qtI +-9Zdr0U4UDCU9SmmGYh4o7R4TZ5pGFvBYvjhHbkSFYFQXZxKUi+WUxplP6I0wr2KJ +-PSTJCjJOn3xo2NTKRgV1gaoTf2EhL+RG8TQ= ++MIICIjCCAYugAwIBAgIJAKxpFI5lODkjMA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNV ++BAYTAlVTMQswCQYDVQQIDAJJTDEQMA4GA1UEBwwHQ2hpY2FnbzEQMA4GA1UECgwH ++VGVzdGluZzEYMBYGA1UEAwwPVGVzdGluZyBSb290IENBMB4XDTE3MDYxMjAwMDQx ++M1oXDTM3MDYwNzAwMDQxM1owFjEUMBIGA1UEAwwLdWdseSBjbGllbnQwgZ8wDQYJ ++KoZIhvcNAQEBBQADgY0AMIGJAoGBAMBmH9JG02bme0xPipvpjMSlOugyWrauf4at ++EdGJn7GQLD8IY2Fu0+Kvv9DFpSPboFKZCsfDVsYoRs+xaJbtt1dJ6ymX7EqKS7gb ++8q+eeZZ14keqyJd5Rm2q6swQtw9ADD3E8cS6GqpQm+8SgxOycISoYz7sO1ugJFqN ++jId+W4BFAgMBAAGjNjA0MB0GA1UdDgQWBBSDVXctXiHxSQwJJOdUCRKNyH4ErjAT ++BgNVHSUEDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQUFAAOBgQAMqcHyweaCOZNN ++dWQQOsBKQlL5wqVVZwucHPWqobjxpULKy9gS2ha2zbgkXcB/BnBOSwe0Fm+MJV0T ++NbnTghcGJNpEH7VKn4xSLvIGZmnZZWgxeIB16z4GhpkK2fShBJ+6GKZjsgjT0lSH ++JRgjHbWutZfZvbSHXr9n7PIphG1Ojg== + -----END CERTIFICATE----- + """) + +@@ -138,22 +138,22 @@ f6GGcfNpip0Uk7q7udTKuX7Q/buZi/C4YW7u3VKA + """)) + + cleartextCertificatePEM = b("""-----BEGIN CERTIFICATE----- +-MIIC7TCCAlagAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE ++MIIC6TCCAlKgAwIBAgIIPQzE4MbeufQwDQYJKoZIhvcNAQEFBQAwWDELMAkGA1UE + BhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdU +-ZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwIhgPMjAwOTAzMjUxMjM2 +-NThaGA8yMDE3MDYxMTEyMzY1OFowWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklM +-MRAwDgYDVQQHEwdDaGljYWdvMRAwDgYDVQQKEwdUZXN0aW5nMRgwFgYDVQQDEw9U +-ZXN0aW5nIFJvb3QgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPmaQumL +-urpE527uSEHdL1pqcDRmWzu+98Y6YHzT/J7KWEamyMCNZ6fRW1JCR782UQ8a07fy +-2xXsKy4WdKaxyG8CcatwmXvpvRQ44dSANMihHELpANTdyVp6DCysED6wkQFurHlF +-1dshEaJw8b/ypDhmbVIo6Ci1xvCJqivbLFnbAgMBAAGjgbswgbgwHQYDVR0OBBYE +-FINVdy1eIfFJDAkk51QJEo3IfgSuMIGIBgNVHSMEgYAwfoAUg1V3LV4h8UkMCSTn +-VAkSjch+BK6hXKRaMFgxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UE +-BxMHQ2hpY2FnbzEQMA4GA1UEChMHVGVzdGluZzEYMBYGA1UEAxMPVGVzdGluZyBS +-b290IENBggg9DMTgxt659DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GB +-AGGCDazMJGoWNBpc03u6+smc95dEead2KlZXBATOdFT1VesY3+nUOqZhEhTGlDMi +-hkgaZnzoIq/Uamidegk4hirsCT/R+6vsKAAxNTcBjUeZjlykCJWy5ojShGftXIKY +-w/njVbKMXrvc83qmTdGl3TAM0fxQIpqgcglFLveEBgzn ++ZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3QgQ0EwHhcNMTcwNjExMjIzMjU5 ++WhcNMzcwNjA2MjIzMjU5WjBYMQswCQYDVQQGEwJVUzELMAkGA1UECBMCSUwxEDAO ++BgNVBAcTB0NoaWNhZ28xEDAOBgNVBAoTB1Rlc3RpbmcxGDAWBgNVBAMTD1Rlc3Rp ++bmcgUm9vdCBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA+ZpC6Yu6ukTn ++bu5IQd0vWmpwNGZbO773xjpgfNP8nspYRqbIwI1np9FbUkJHvzZRDxrTt/LbFewr ++LhZ0prHIbwJxq3CZe+m9FDjh1IA0yKEcQukA1N3JWnoMLKwQPrCRAW6seUXV2yER ++onDxv/KkOGZtUijoKLXG8ImqK9ssWdsCAwEAAaOBuzCBuDAdBgNVHQ4EFgQUg1V3 ++LV4h8UkMCSTnVAkSjch+BK4wgYgGA1UdIwSBgDB+gBSDVXctXiHxSQwJJOdUCRKN ++yH4ErqFcpFowWDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAklMMRAwDgYDVQQHEwdD ++aGljYWdvMRAwDgYDVQQKEwdUZXN0aW5nMRgwFgYDVQQDEw9UZXN0aW5nIFJvb3Qg ++Q0GCCD0MxODG3rn0MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEANFYQ ++R+T70VcZ+SnvURnwviFgCXeedBzCr21meo+DNHbkp2gudB9W8Xrned/wtUBVymy9 ++gjB5jINfU7Lci0H57Evsw96UJJVfhXdUMHpqt1RGCoEd9FWnrDyrSy0NysnBT2bH ++lEqxh3aFEUx9IOQ4sgnx1/NOFXBpkRtivl6O0Ec= + -----END CERTIFICATE----- + """) + +@@ -309,7 +309,7 @@ class X509ExtTests(TestCase): + """ + # Basic setup stuff to generate a certificate + self.pkey = PKey() +- self.pkey.generate_key(TYPE_RSA, 384) ++ self.pkey.generate_key(TYPE_RSA, 2048) + self.req = X509Req() + self.req.set_pubkey(self.pkey) + # Authority good you have. +@@ -608,7 +608,7 @@ class PKeyTests(TestCase): + L{PKeyType.generate_key} generates an RSA key when passed + L{TYPE_RSA} as a type and a reasonable number of bits. + """ +- bits = 128 ++ bits = 2048 + key = PKey() + key.generate_key(TYPE_RSA, bits) + self.assertEqual(key.type(), TYPE_RSA) +@@ -624,7 +624,7 @@ class PKeyTests(TestCase): + # 512 is a magic number. The DSS (Digital Signature Standard) + # allows a minimum of 512 bits for DSA. DSA_generate_parameters + # will silently promote any value below 512 to 512. +- bits = 512 ++ bits = 1024 + key = PKey() + key.generate_key(TYPE_DSA, bits) + self.assertEqual(key.type(), TYPE_DSA) +@@ -638,7 +638,7 @@ class PKeyTests(TestCase): + key to generate new keys. + """ + key = PKey() +- for type, bits in [(TYPE_RSA, 512), (TYPE_DSA, 576)]: ++ for type, bits in [(TYPE_RSA, 2048), (TYPE_DSA, 1024)]: + key.generate_key(type, bits) + self.assertEqual(key.type(), type) + self.assertEqual(key.bits(), bits) +@@ -869,7 +869,7 @@ class X509NameTests(TestCase): + self.assertEqual( + a.der(), + b('0\x1b1\x0b0\t\x06\x03U\x04\x06\x13\x02US' +- '1\x0c0\n\x06\x03U\x04\x03\x13\x03foo')) ++ '1\x0c0\n\x06\x03U\x04\x03\x0c\x03foo')) + + + def test_get_components(self): +@@ -926,7 +926,7 @@ class _PKeyInteractionTestsMixin: + """ + request = self.signable() + key = PKey() +- key.generate_key(TYPE_RSA, 512) ++ key.generate_key(TYPE_RSA, 2048) + request.set_pubkey(key) + pub = request.get_pubkey() + self.assertRaises(ValueError, request.sign, pub, 'MD5') +@@ -939,7 +939,7 @@ class _PKeyInteractionTestsMixin: + """ + request = self.signable() + key = PKey() +- key.generate_key(TYPE_RSA, 512) ++ key.generate_key(TYPE_RSA, 2048) + self.assertRaises(ValueError, request.sign, key, "monkeys") + + +@@ -950,16 +950,16 @@ class _PKeyInteractionTestsMixin: + """ + request = self.signable() + key = PKey() +- key.generate_key(TYPE_RSA, 512) ++ key.generate_key(TYPE_RSA, 2048) + request.set_pubkey(key) +- request.sign(key, 'MD5') ++ request.sign(key, 'SHA256') + # If the type has a verify method, cover that too. + if getattr(request, 'verify', None) is not None: + pub = request.get_pubkey() + self.assertTrue(request.verify(pub)) + # Make another key that won't verify. + key = PKey() +- key.generate_key(TYPE_RSA, 512) ++ key.generate_key(TYPE_RSA, 2048) + self.assertRaises(Error, request.verify, key) + + +@@ -1257,7 +1257,7 @@ WpOdIpB8KksUTCzV591Nr1wd + internally. + """ + cert = load_certificate(FILETYPE_PEM, self.pemData) +- self.assertEqual(cert.get_notBefore(), b("20090325123658Z")) ++ self.assertEqual(cert.get_notBefore(), b("20170611223259Z")) + + + def test_get_notAfter(self): +@@ -1267,7 +1267,7 @@ WpOdIpB8KksUTCzV591Nr1wd + internally. + """ + cert = load_certificate(FILETYPE_PEM, self.pemData) +- self.assertEqual(cert.get_notAfter(), b("20170611123658Z")) ++ self.assertEqual(cert.get_notAfter(), b("20370606223259Z")) + + + def test_gmtime_adj_notBefore_wrong_args(self): +@@ -1348,10 +1348,10 @@ WpOdIpB8KksUTCzV591Nr1wd + L{X509.digest} returns a string giving ":"-separated hex-encoded words + of the digest of the certificate. + """ +- cert = X509() ++ cert = load_certificate(FILETYPE_PEM, self.pemData) + self.assertEqual( +- cert.digest("md5"), +- b("A8:EB:07:F8:53:25:0A:F2:56:05:C5:A5:C4:C4:C7:15")) ++ cert.digest("SHA256"), ++ b('65:D6:61:2C:C2:2D:5F:A6:08:76:9A:03:01:B3:71:FF:FD:48:9B:A3:F2:19:B3:84:CF:3F:D0:9E:57:39:6A:7E')) + + + def _extcert(self, pkey, extensions): +@@ -1364,6 +1364,7 @@ WpOdIpB8KksUTCzV591Nr1wd + cert.set_notAfter(when) + + cert.add_extensions(extensions) ++ cert.sign(pkey, 'SHA256') + return load_certificate( + FILETYPE_PEM, dump_certificate(FILETYPE_PEM, cert)) + +@@ -2109,7 +2110,7 @@ class FunctionTests(TestCase): + cipher name. + """ + key = PKey() +- key.generate_key(TYPE_RSA, 512) ++ key.generate_key(TYPE_RSA, 2048) + self.assertRaises( + ValueError, dump_privatekey, + FILETYPE_PEM, key, "zippers", "passphrase") +@@ -2121,7 +2122,7 @@ class FunctionTests(TestCase): + is neither a C{str} nor a callable. + """ + key = PKey() +- key.generate_key(TYPE_RSA, 512) ++ key.generate_key(TYPE_RSA, 2048) + self.assertRaises( + TypeError, + dump_privatekey, FILETYPE_PEM, key, "blowfish", object()) +@@ -2133,7 +2134,7 @@ class FunctionTests(TestCase): + filetype. + """ + key = PKey() +- key.generate_key(TYPE_RSA, 512) ++ key.generate_key(TYPE_RSA, 2048) + self.assertRaises(ValueError, dump_privatekey, 100, key) + + +@@ -2580,6 +2581,8 @@ class CRLTests(TestCase): + """ + crl = CRL() + revoked = Revoked() ++ revoked.set_serial(b"01") ++ revoked.set_rev_date(b"20160310020145Z") + crl.add_revoked(revoked=revoked) + self.assertTrue(isinstance(crl.get_revoked()[0], Revoked)) + +diff -up pyOpenSSL-0.13.1/OpenSSL/test/test_ssl.py.test-failure pyOpenSSL-0.13.1/OpenSSL/test/test_ssl.py +--- pyOpenSSL-0.13.1/OpenSSL/test/test_ssl.py.test-failure 2011-08-15 00:06:11.000000000 +0200 ++++ pyOpenSSL-0.13.1/OpenSSL/test/test_ssl.py 2018-05-04 18:53:26.670109705 +0200 +@@ -282,7 +282,7 @@ class ContextTests(TestCase, _LoopbackMi + + try: + Context(SSLv2_METHOD) +- except ValueError: ++ except (ValueError, Error): + # Some versions of OpenSSL have SSLv2, some don't. + # Difficult to say in advance. + pass +@@ -645,7 +645,7 @@ class ContextTests(TestCase, _LoopbackMi + self.assertRaises(TypeError, context.load_verify_locations, None, None, None) + + +- if platform == "win32": ++ if True: + "set_default_verify_paths appears not to work on Windows. " + "See LP#404343 and LP#404344." + else: +@@ -869,9 +869,9 @@ class ContextTests(TestCase, _LoopbackMi + connections created with the context object will be able to choose from. + """ + context = Context(TLSv1_METHOD) +- context.set_cipher_list("hello world:EXP-RC4-MD5") ++ context.set_cipher_list("hello world:AES128-SHA256") + conn = Connection(context, None) +- self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"]) ++ self.assertEquals(conn.get_cipher_list(), ["AES128-SHA256"]) + + + diff --git a/SOURCES/pyOpenSSL-elinks.patch b/SOURCES/pyOpenSSL-elinks.patch new file mode 100644 index 0000000..cdbefab --- /dev/null +++ b/SOURCES/pyOpenSSL-elinks.patch @@ -0,0 +1,33 @@ +diff -Nur pyOpenSSL-0.5.1.orig/doc/tools/mkhowto pyOpenSSL-0.5.1/doc/tools/mkhowto +--- pyOpenSSL-0.5.1.orig/doc/tools/mkhowto 2001-07-30 13:31:48.000000000 +0200 ++++ pyOpenSSL-0.5.1/doc/tools/mkhowto 2003-08-08 16:46:10.000000000 +0200 +@@ -56,7 +56,7 @@ + DVIPS_BINARY = "dvips" + LATEX_BINARY = "latex" + LATEX2HTML_BINARY = "latex2html" +-LYNX_BINARY = "lynx" ++LYNX_BINARY = "elinks" + MAKEINDEX_BINARY = "makeindex" + PDFLATEX_BINARY = "pdflatex" + PERL_BINARY = "perl" +@@ -397,7 +397,7 @@ + if tempdir is None: + tempdir = self.doc + indexfile = os.path.join(tempdir, "index.html") +- self.run("%s -nolist -dump %s >%s.txt" ++ self.run("%s -dump %s >%s.txt" + % (LYNX_BINARY, indexfile, self.doc)) + + def require_temps(self, binary=None): +diff -Nur pyOpenSSL-0.5.1.orig/setup.cfg pyOpenSSL-0.5.1/setup.cfg +--- pyOpenSSL-0.5.1.orig/setup.cfg 2002-09-10 00:05:21.000000000 +0200 ++++ pyOpenSSL-0.5.1/setup.cfg 2003-08-08 16:48:34.000000000 +0200 +@@ -4,7 +4,7 @@ + # bdist_rpm settings contributed by Mihai Ibanescu + [bdist_rpm] + release = 1 +-build-requires = lynx openssl-devel python-devel perl tetex-dvips tetex-latex ++build-requires = elinks openssl-devel python-devel perl tetex-dvips tetex-latex + group = Development/Libraries + build_script = rpm/build_script + doc-files = doc/pyOpenSSL.txt doc/pyOpenSSL.ps doc/html diff --git a/SOURCES/pyOpenSSL-nopdfout.patch b/SOURCES/pyOpenSSL-nopdfout.patch new file mode 100644 index 0000000..0c30083 --- /dev/null +++ b/SOURCES/pyOpenSSL-nopdfout.patch @@ -0,0 +1,46 @@ +--- pyOpenSSL-0.6/doc/tools/texinputs/howto.cls.nopdfout 2001-07-16 07:53:03.000000000 -0400 ++++ pyOpenSSL-0.6/doc/tools/texinputs/howto.cls 2005-03-14 20:22:34.745230000 -0500 +@@ -54,10 +54,16 @@ + % changes \\ to ', ' (comma-space), making it pass muster for + % generating document info in the PDF file. + \def\\{, } +- \pdfinfo{ +- /Author (\@author) +- /Title (\@title) +- } ++ \ifx\pdfoutput\relax ++ \else ++ \ifcase\pdfoutput ++ \else ++ \pdfinfo{ ++ /Author (\@author) ++ /Title (\@title) ++ } ++ \fi ++ \fi + }} + \begin{flushright} + {\rm\Huge\py@HeaderFamily \@title} \par +--- pyOpenSSL-0.6/doc/tools/texinputs/manual.cls.nopdfout 2005-03-14 09:32:50.000000000 -0500 ++++ pyOpenSSL-0.6/doc/tools/texinputs/manual.cls 2005-03-14 09:34:20.000000000 -0500 +@@ -69,10 +69,16 @@ + % changes \\ to ', ' (comma-space), making it pass muster for + % generating document info in the PDF file. + \def\\{, } +- \pdfinfo{ +- /Author (\@author) +- /Title (\@title) +- } ++ \ifx\pdfoutput\relax ++ \else ++ \ifcase\pdfoutput ++ \else ++ \pdfinfo{% ++ /Author (\@author) ++ /Title (\@title) ++ } ++ \fi ++ \fi + }} + \begin{flushright}% + {\rm\Huge\py@HeaderFamily \@title \par}% diff --git a/SPECS/pyOpenSSL.spec b/SPECS/pyOpenSSL.spec new file mode 100644 index 0000000..dd4a080 --- /dev/null +++ b/SPECS/pyOpenSSL.spec @@ -0,0 +1,343 @@ +%if 0%{?fedora} > 12 +%global with_python3 1 +%endif + +Summary: Python wrapper module around the OpenSSL library +Name: pyOpenSSL +Version: 0.13.1 +Release: 4%{?dist} +Source0: http://pypi.python.org/packages/source/p/pyOpenSSL/pyOpenSSL-%{version}.tar.gz + +# Fedora specific patches + +Patch2: pyOpenSSL-elinks.patch +Patch3: pyOpenSSL-nopdfout.patch + +Patch10: pyOpenSSL-0.13-check-error.patch +Patch11: pyOpenSSL-0.13.1-test-failure.patch +Patch12: pyOpenSSL-0.13.1-exception.patch +Patch13: pyOpenSSL-0.13.1-digest.patch + +License: ASL 2.0 +Group: Development/Libraries +Url: http://pyopenssl.sourceforge.net/ + +BuildRequires: elinks +BuildRequires: openssl-devel +BuildRequires: tetex-dvips +BuildRequires: tetex-latex +BuildRequires: latex2html + +BuildRequires: python2-devel +%if 0%{?with_python3} +BuildRequires: python3-devel +%endif + +%description +High-level wrapper around a subset of the OpenSSL library, includes among others + * SSL.Connection objects, wrapping the methods of Python's portable + sockets + * Callbacks written in Python + * Extensive error-handling mechanism, mirroring OpenSSL's error codes + +%if 0%{?with_python3} +%package -n python3-pyOpenSSL +Summary: Python wrapper module around the OpenSSL library + +%description -n python3-pyOpenSSL +High-level wrapper around a subset of the OpenSSL library, includes among others + * SSL.Connection objects, wrapping the methods of Python's portable + sockets + * Callbacks written in Python + * Extensive error-handling mechanism, mirroring OpenSSL's error codes +%endif + +%package doc +Summary: Documentation for pyOpenSSL +BuildArch: noarch + +%description doc +Documentation for pyOpenSSL + +# we don't want to provide private python extension libs +%{?filter_setup: +%filter_provides_in %{python_sitearch}/.*\.so$ +%if 0%{?with_python3} +%filter_provides_in %{python3_sitearch}/.*\.so$ +%endif +%filter_requires_in %{_datadir}/doc/ +%filter_setup +} + +%prep +%setup -q -n pyOpenSSL-%{version} +%patch2 -p1 -b .elinks +%patch3 -p1 -b .nopdfout +%patch10 -p1 -b .error +%patch11 -p1 -b .test-failure +%patch12 -p1 -b .exception +%patch13 -p1 -b .digest + +# Fix permissions for debuginfo package +%{__chmod} -x OpenSSL/ssl/connection.c + +%build +%if 0%{?with_python3} +rm -rf %{py3dir} +cp -a . %{py3dir} +find %{py3dir} -name '*.py' | xargs sed -i '1s|^#!python|#!%{__python3}|' +%endif + +find -name '*.py' | xargs sed -i '1s|^#!python|#!%{__python}|' + +CFLAGS="%{optflags} -fno-strict-aliasing" %{__python} setup.py build + +%if 0%{?with_python3} +pushd %{py3dir} +CFLAGS="%{optflags} -fno-strict-aliasing" %{__python3} setup.py build +popd +%endif + +%{__make} -C doc ps +%{__make} -C doc text html + +%install +%{__python} setup.py install --skip-build --root %{buildroot} + +%if 0%{?with_python3} +pushd %{py3dir} +%{__python3} setup.py install --skip-build --root %{buildroot} +popd +%endif + +%files +%{python_sitearch}/OpenSSL/ +%{python_sitearch}/pyOpenSSL-*.egg-info + +%if 0%{?with_python3} +%files -n python3-pyOpenSSL +%{python3_sitearch}/OpenSSL/ +%{python3_sitearch}/pyOpenSSL-*.egg-info +%endif + +%files doc +%doc README doc/pyOpenSSL.* doc/html + +%changelog +* Fri May 4 2018 Tomáš Mráz - 0.13.1-4 +- fix various testsuite failures +- fix exception propagation from private key passphrase callback (#1227505) +- add optional digest parameter to CRL.export method (#1523772) + +* Fri Jan 24 2014 Daniel Mach - 0.13.1-3 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 0.13.1-2 +- Mass rebuild 2013-12-27 + +* Thu Sep 5 2013 Tomáš Mráz - 0.13.1-1 +- new upstream release fixing a security issue with string + formatting subjectAltName of a certificate + +* Tue Aug 06 2013 Jeffrey C. Ollie - 0.13-8 +- Python 3 subpackage +- Split documentation off into noarch subpackage + +* Sun Aug 04 2013 Fedora Release Engineering - 0.13-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Thu Apr 4 2013 Tomáš Mráz - 0.13-6 +- Check for error returns which cause segfaults in FIPS mode +- Fix missing error check and leak found by gcc-with-cpychecker (#800086) + +* Thu Feb 14 2013 Fedora Release Engineering - 0.13-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Fri Oct 12 2012 Petr Pisar - 0.13-4 +- Do not scan documentation for dependencies (bug #865806) + +* Mon Oct 08 2012 Dan Horák - 0.13-3 +- rebuilt because ARM packages had wrong Requires autodetected + +* Sat Jul 21 2012 Fedora Release Engineering - 0.13-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Wed Jun 20 2012 Tomas Mraz - 0.13-1 +- New upstream release + +* Sat Jan 14 2012 Fedora Release Engineering - 0.12-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Jun 28 2011 Tomas Mraz - 0.12-1 +- New upstream release + +* Tue Feb 08 2011 Fedora Release Engineering - 0.10-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Dec 7 2010 Toshio Kuratomi - 0.10-2 +- Fix incompatibility with python-2.7's socket module. + +* Mon Oct 4 2010 Tomas Mraz - 0.10-1 +- Merge-review cleanup by Parag Nemade (#226335) +- New upstream release + +* Wed Jul 21 2010 David Malcolm - 0.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + +* Tue Sep 29 2009 Matěj Cepl - 0.9-1 +- New upstream release +- Fix BuildRequires to make Postscript documentation buildable + +* Fri Aug 21 2009 Tomas Mraz - 0.7-7 +- rebuilt with new openssl + +* Sun Jul 26 2009 Fedora Release Engineering - 0.7-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Thu Feb 26 2009 Fedora Release Engineering - 0.7-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Thu Jan 15 2009 Dennis Gilmore - 0.7-4 +- rebuild against now openssl + +* Sat Nov 29 2008 Ignacio Vazquez-Abrams - 0.7-3 +- Rebuild for Python 2.6 + +* Fri Sep 19 2008 Dennis Gilmore - 0.7-2 +- update threadsafe patch +- bug#462807 + +* Mon Sep 15 2008 Paul F. Johnson 0.7-1 +- bump to new release +- the inevitable patch fixes + + +* Wed Mar 26 2008 Tom "spot" Callaway - 0.6-4 +- fix horrific release tag +- fix license tag +- add egg-info + +* Tue Feb 19 2008 Fedora Release Engineering - 0.6-3.p24.9 +- Autorebuild for GCC 4.3 + +* Wed Dec 5 2007 Jeremy Katz - 0.6-2.p24.9 +- rebuild for new openssl + +* Mon Dec 11 2006 Paul Howarth - 0.6-1.p24.9 +- add missing buildreq latex2html, needed to build HTML docs +- rewrite to be more in line with Fedora python spec template and use + %%{python_sitearch} rather than a script-generated %%files list +- package is not relocatable - drop Prefix: tag +- buildreq perl not necessary +- fix permissions for files going into debuginfo package + +* Thu Dec 7 2006 Jeremy Katz - 0.6-1.p24.8 +- rebuild for python 2.5 + +* Wed Jul 12 2006 Jesse Keating - 0.6-1.p24.7.2.2 +- rebuild + +* Fri Feb 10 2006 Jesse Keating - 0.6-1.p24.7.2.1 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 0.6-1.p24.7.2 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Wed Nov 9 2005 Mihai Ibanescu - 0.6-1.p24.7 +- rebuilt against newer openssl + +* Wed Aug 24 2005 Jeremy Katz - 0.6-1.p24.6 +- add dcbw's patch to fix some threading problems + +* Wed Aug 03 2005 Karsten Hopp 0.6-1.p24.5 +- current rpm creates .pyo files, include them in filelist + +* Thu Mar 17 2005 Mihai Ibanescu 0.6-1.p24.4 +- rebuilt + +* Mon Mar 14 2005 Mihai Ibanescu 0.6-1.p24.3 +- rebuilt + +* Mon Mar 7 2005 Tomas Mraz 0.6-1.p23.2 +- rebuild with openssl-0.9.7e + +* Tue Nov 9 2004 Nalin Dahyabhai 0.6-1.p23.1 +- rebuild + +* Fri Aug 13 2004 Mihai Ibanescu 0.6-1 +- 0.6 is out + +* Tue Aug 10 2004 Mihai Ibanescu 0.6-0.90.rc1 +- release candidate + +* Thu Jun 24 2004 Mihai Ibanescu 0.5.1-24 +- rebuilt + +* Mon Jun 21 2004 Mihai Ibanescu 0.5.1-23 +- rebuilt + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Tue Mar 02 2004 Elliot Lee +- rebuilt + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Wed Nov 5 2003 Mihai Ibanescu 0.5.1-20 +- rebuilt against python 2.3.2 + +* Fri Aug 8 2003 Mihai Ibanescu 0.5.1-12 +- lynx no longer supported, using elinks instead (patch from + Michael Redinger , bug #101947 ) + +* Wed Jun 4 2003 Elliot Lee 0.5.1-11 +- Rebuilt + +* Wed Jun 4 2003 Mihai Ibanescu 0.5.1-10.7.x +- Built on 7.x + +* Mon Mar 3 2003 Mihai Ibanescu 0.5.1-9 +- bug #73967: Added Requires: python + +* Mon Feb 24 2003 Elliot Lee +- rebuilt + +* Fri Feb 21 2003 Mihai Ibanescu 0.5.1-7 +- bug #84803: Added patch to expose more flags + +* Fri Jan 31 2003 Mihai Ibanescu 0.5.1-5 +- installing to %%{_libdir} + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Tue Jan 7 2003 Nalin Dahyabhai 0.5.1-3 +- rebuild + +* Fri Jan 3 2003 Nalin Dahyabhai +- Add -I and -L flags for finding Kerberos headers and libraries, in case + they're referenced + +* Tue Dec 3 2002 Mihai Ibanescu +- Fix for bug 73967: site-packages/OpenSSL not owned by this package +- Adding hacks around the lack of latex2html on ia64 + +* Tue Sep 24 2002 Mihai Ibanescu +- 0.5.1 + +* Thu Aug 29 2002 Mihai Ibanescu +- Building 0.5.1rc1 with version number 0.5.0.91 (this should also fix the big + error of pushing 0.5pre previously, since it breaks rpm's version comparison + algorithm). +- We use %%{__python}. Too bad I can't pass --define's to distutils. + +* Fri Aug 16 2002 Mihai Ibanescu +- Building 0.5 + +* Fri Jun 14 2002 Mihai Ibanescu +- Added documentation