diff --git a/SOURCES/0004-Revert-remove-NPN-bindings.patch b/SOURCES/0004-Revert-remove-NPN-bindings.patch new file mode 100644 index 0000000..8a1c31a --- /dev/null +++ b/SOURCES/0004-Revert-remove-NPN-bindings.patch @@ -0,0 +1,75 @@ +From e8ed37e0d24a1cc7482ab816ed5f25243395b2ef Mon Sep 17 00:00:00 2001 +From: Christian Heimes +Date: Mon, 14 Dec 2020 14:13:53 +0100 +Subject: [PATCH] Revert "remove NPN bindings -- you should be using ALPN! + (#4765)" + +This reverts commit 99bf4e4605cbe54bad597da1ebe4cc323909083c. +--- + src/_cffi_src/openssl/ssl.py | 20 +++++++++++++++++++- + tests/hazmat/bindings/test_openssl.py | 4 ++++ + 2 files changed, 23 insertions(+), 1 deletion(-) + +diff --git a/src/_cffi_src/openssl/ssl.py b/src/_cffi_src/openssl/ssl.py +index c38e309a1..fa854f5dd 100644 +--- a/src/_cffi_src/openssl/ssl.py ++++ b/src/_cffi_src/openssl/ssl.py +@@ -138,6 +138,8 @@ static const long SSL3_RANDOM_SIZE; + static const long TLS_ST_BEFORE; + static const long TLS_ST_OK; + ++static const long OPENSSL_NPN_NEGOTIATED; ++ + typedef ... SSL_METHOD; + typedef ... SSL_CTX; + +@@ -401,9 +403,25 @@ SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *); + + long SSL_session_reused(SSL *); + ++void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *, ++ int (*)(SSL *, ++ const unsigned char **, ++ unsigned int *, ++ void *), ++ void *); ++void SSL_CTX_set_next_proto_select_cb(SSL_CTX *, ++ int (*)(SSL *, ++ unsigned char **, ++ unsigned char *, ++ const unsigned char *, ++ unsigned int, ++ void *), ++ void *); + int SSL_select_next_proto(unsigned char **, unsigned char *, + const unsigned char *, unsigned int, + const unsigned char *, unsigned int); ++void SSL_get0_next_proto_negotiated(const SSL *, ++ const unsigned char **, unsigned *); + + int sk_SSL_CIPHER_num(Cryptography_STACK_OF_SSL_CIPHER *); + const SSL_CIPHER *sk_SSL_CIPHER_value(Cryptography_STACK_OF_SSL_CIPHER *, int); +@@ -601,7 +619,7 @@ static const long Cryptography_HAS_TLSv1_2 = 1; + static const long Cryptography_HAS_SSL_OP_MSIE_SSLV2_RSA_PADDING = 1; + static const long Cryptography_HAS_SSL_OP_NO_TICKET = 1; + static const long Cryptography_HAS_SSL_SET_SSL_CTX = 1; +-static const long Cryptography_HAS_NEXTPROTONEG = 0; ++static const long Cryptography_HAS_NEXTPROTONEG = 1; + static const long Cryptography_HAS_ALPN = 1; + + #if CRYPTOGRAPHY_IS_LIBRESSL +diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py +index ecee34091..aeb12a0dc 100644 +--- a/tests/hazmat/bindings/test_openssl.py ++++ b/tests/hazmat/bindings/test_openssl.py +@@ -137,3 +137,7 @@ class TestOpenSSL(object): + ) + with pytest.raises(RuntimeError): + _verify_openssl_version(lib) ++ ++ def test_npn_binding(self): ++ b = Binding() ++ assert b.lib.Cryptography_HAS_NEXTPROTONEG +-- +2.29.2 + diff --git a/SPECS/python-cryptography.spec b/SPECS/python-cryptography.spec index d972238..e475ba0 100644 --- a/SPECS/python-cryptography.spec +++ b/SPECS/python-cryptography.spec @@ -4,7 +4,7 @@ Name: python-%{srcname} Version: 3.2.1 -Release: 1%{?dist} +Release: 3%{?dist} Summary: PyCA's cryptography library Group: Development/Libraries @@ -15,6 +15,7 @@ Source0: https://pypi.io/packages/source/c/%{srcname}/%{srcname}-%{versio Patch0001: 0001-Re-add-deprecated-and-removed-features.patch Patch0002: 0002-Support-pytest-3.4.2.patch Patch0003: 0003-Skip-iso8601-test-cases.patch +Patch0004: 0004-Revert-remove-NPN-bindings.patch BuildRequires: openssl-devel BuildRequires: gcc @@ -41,6 +42,8 @@ Summary: PyCA's cryptography library Requires: openssl-libs Requires: python%{python3_pkgversion}-six >= 1.4.1 Requires: python%{python3_pkgversion}-cffi >= 1.7 +Conflicts: python%{python3_pkgversion}-cryptography-vectors < %{version} +Conflicts: python%{python3_pkgversion}-cryptography-vectors > %{version} %description -n python%{python3_pkgversion}-%{srcname} cryptography is a package designed to expose cryptographic primitives and @@ -78,6 +81,13 @@ PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest %changelog +* Mon Dec 14 17:24:01 CET 2020 Christian Heimes - 3.2.1-3 +- Conflict with non-matching vector package + +* Mon Dec 14 14:19:42 CET 2020 Christian Heimes - 3.2.1-2 +- Re-add remove NPN bindings, required for pyOpenSSL +- Resolves: rhbz#1907429 + * Wed Oct 28 2020 Christian Heimes - 3.2.1-1 - Rebase to upstream release 3.2.1 - Resolves: rhbz#1873581