commit 4faa01fefcc13ec3fc86c979da81fafdc8871681 Author: overweight <5324761+overweight@user.noreply.gitee.com> Date: Mon Sep 30 11:14:25 2019 -0400 Package init diff --git a/Raise-an-Error-with-no-cipher-match-even-with-TLS1.3.patch b/Raise-an-Error-with-no-cipher-match-even-with-TLS1.3.patch new file mode 100644 index 0000000..8659e23 --- /dev/null +++ b/Raise-an-Error-with-no-cipher-match-even-with-TLS1.3.patch @@ -0,0 +1,102 @@ +From df2480da2c65cf0ddb0427803edbc04516fc237f Mon Sep 17 00:00:00 2001 +From: Mark Williams +Date: Thu, 14 Feb 2019 19:30:07 -0800 +Subject: [PATCH] Raise an Error with "no cipher match" even with TLS 1.3 + (#818) + +* Raise an Error with "no cipher match" even with TLS 1.3 + +This makes Twisted's OpenSSLAcceptableCiphers.fromOpenSSLCipherString +and seamlessly work with TLS 1.3: + +https://github.com/twisted/twisted/pull/1100/files/a5df2fb373ac67b0e3032acc9291ae88dfd0b3b1#diff-df501bac724aab523150498f84749b88R1767 + +* Split TestContext.test_set_cipher_list_wrong_args into two tests. +--- + src/OpenSSL/SSL.py | 15 ++++++++++++--- + tests/test_ssl.py | 31 ++++++++++++++++++++++--------- + 2 files changed, 34 insertions(+), 12 deletions(-) + +diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py +index 5d07b26..de49cf9 100644 +--- a/src/OpenSSL/SSL.py ++++ b/src/OpenSSL/SSL.py +@@ -1196,13 +1196,23 @@ class Context(object): + # invalid cipher string is passed, but without the following check + # for the TLS 1.3 specific cipher suites it would never error. + tmpconn = Connection(self, None) +- _openssl_assert( +- tmpconn.get_cipher_list() != [ +- 'TLS_AES_256_GCM_SHA384', +- 'TLS_CHACHA20_POLY1305_SHA256', +- 'TLS_AES_128_GCM_SHA256' +- ] +- ) ++ if ( ++ tmpconn.get_cipher_list() == [ ++ 'TLS_AES_256_GCM_SHA384', ++ 'TLS_CHACHA20_POLY1305_SHA256', ++ 'TLS_AES_128_GCM_SHA256', ++ 'TLS_AES_128_CCM_SHA256' ++ ] ++ ): ++ raise Error( ++ [ ++ ( ++ 'SSL routines', ++ 'SSL_CTX_set_cipher_list', ++ 'no cipher match', ++ ), ++ ], ++ ) + + def set_client_ca_list(self, certificate_authorities): + """ +diff --git a/tests/test_ssl.py b/tests/test_ssl.py +index 38511a4..986463a 100644 +--- a/tests/test_ssl.py ++++ b/tests/test_ssl.py +@@ -410,18 +410,31 @@ class TestContext(object): + + assert "AES128-SHA" in conn.get_cipher_list() + +- @pytest.mark.parametrize("cipher_list,error", [ +- (object(), TypeError), +- ("imaginary-cipher", Error), +- ]) +- def test_set_cipher_list_wrong_args(self, context, cipher_list, error): ++ def test_set_cipher_list_wrong_type(self, context): + """ + `Context.set_cipher_list` raises `TypeError` when passed a non-string +- argument and raises `OpenSSL.SSL.Error` when passed an incorrect cipher +- list string. ++ argument. + """ +- with pytest.raises(error): +- context.set_cipher_list(cipher_list) ++ with pytest.raises(TypeError): ++ context.set_cipher_list(object()) ++ ++ def test_set_cipher_list_no_cipher_match(self, context): ++ """ ++ `Context.set_cipher_list` raises `OpenSSL.SSL.Error` with a ++ `"no cipher match"` reason string regardless of the TLS ++ version. ++ """ ++ with pytest.raises(Error) as excinfo: ++ context.set_cipher_list(b"imaginary-cipher") ++ assert excinfo.value.args == ( ++ [ ++ ( ++ 'SSL routines', ++ 'SSL_CTX_set_cipher_list', ++ 'no cipher match', ++ ), ++ ], ++ ) + + def test_load_client_ca(self, context, ca_file): + """ +-- +2.21.0.windows.1 + diff --git a/pyOpenSSL-19.0.0.tar.gz b/pyOpenSSL-19.0.0.tar.gz new file mode 100644 index 0000000..6c0c649 Binary files /dev/null and b/pyOpenSSL-19.0.0.tar.gz differ diff --git a/pyOpenSSL.spec b/pyOpenSSL.spec new file mode 100644 index 0000000..659ad24 --- /dev/null +++ b/pyOpenSSL.spec @@ -0,0 +1,109 @@ +%bcond_without python2 + +Name: pyOpenSSL +Version: 19.0.0 +Release: 1 +Summary: A rather thin wrapper around (a subset of) the OpenSSL library. + +License: ASL 2.0 +URL: https://www.pyopenssl.org/en/stable/ +Source0: https://github.com/pyca/pyopenssl/archive/%{name}-%{version}.tar.gz + +BuildArch: noarch +BuildRequires: python2-devel python3-devel python2-cryptography python3-cryptography +BuildRequires: python3-setuptools python3-sphinx python3-sphinx_rtd_theme + +Patch6006: skip-NPN-tests-if-NPN-is-not-available.patch +Patch6008: Raise-an-Error-with-no-cipher-match-even-with-TLS1.3.patch + +%description +pyOpenSSL is a rather thin wrapper around (a subset of) the OpenSSL library. +With thin wrapper we mean that a lot of the object methods do nothing more +than calling a corresponding function in the OpenSSL library. + +%package -n python2-%{name} +Summary: A rather thin wrapper around (a subset of) the OpenSSL library. +Requires: python2-six >= 1.5.2 python2-cryptography +Obsoletes: pyOpenSSL < %{version}-%{release} +Provides: pyOpenSSL = %{version}-%{release} +%{?python_provide:%python_provide python2-pyOpenSSL} + +%description -n python2-%{name} +pyOpenSSL is a rather thin wrapper around (a subset of) the OpenSSL library. +With thin wrapper we mean that a lot of the object methods do nothing more +than calling a corresponding function in the OpenSSL library. + +%package -n python3-%{name} +Summary: A rather thin wrapper around (a subset of) the OpenSSL library. +Requires: python3-six >= 1.5.2 python3-cryptography +%{?python_provide:%python_provide python3-pyOpenSSL} + +%description -n python3-%{name} +pyOpenSSL is a rather thin wrapper around (a subset of) the OpenSSL library. +With thin wrapper we mean that a lot of the object methods do nothing more +than calling a corresponding function in the OpenSSL library. + +%package help +Summary: Documents for %{name} +Buildarch: noarch +Requires: man info +Provides: %{name}-doc +Obsoletes: %{name}-doc + +%description help +Man pages and other related documents for %{name}. + +%prep +%autosetup -n %{name}-%{version} -p1 + +%build +%py2_build +%py3_build + +make -C doc html SPHINXBUILD=sphinx-build-3 + +%install +%py2_install +%py3_install + +%files -n python2-%{name} +%license LICENSE +%{python2_sitelib}/OpenSSL/* +%{python2_sitelib}/%{name}-%{version}-py?.?.egg-info + +%files -n python3-%{name} +%license LICENSE +%{python3_sitelib}/OpenSSL/ +%{python3_sitelib}/%{name}-%{version}-py?.?.egg-info + +%files help +%license LICENSE +%doc CHANGELOG.rst doc/_build/html examples + +%changelog +* Sat Aug 31 2019 openEuler Buildteam - 19.0.0-1 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:Update to 19.0.0 + +* Sun Apr 28 2019 luochunsheng - 18.0.0-3.h3 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:fix tests + +* Sat Apr 13 2019 luochunsheng - 18.0.0-3.h2 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:pyOpenSSL package quality enhance + +* Wed Mar 13 2019 wanghongzhe - 18.0.0-3.h1 +- Type:enhancement +- ID:NA +- SUG:restart +- DESC:solve the mirror-yum installation dependency + +* Mon Aug 13 2018 openEuler Buildteam - 18.0.0-3 +- Package Init diff --git a/skip-NPN-tests-if-NPN-is-not-available.patch b/skip-NPN-tests-if-NPN-is-not-available.patch new file mode 100644 index 0000000..d9f90ee --- /dev/null +++ b/skip-NPN-tests-if-NPN-is-not-available.patch @@ -0,0 +1,29 @@ +From 4d57590bc7fc93430a1fdacc31bc0cbd9778f678 Mon Sep 17 00:00:00 2001 +From: Paul Kehrer +Date: Tue, 26 Feb 2019 21:42:12 +0800 +Subject: [PATCH] skip NPN tests if NPN is not available (#822) + +* skip NPN tests if NPN is not available + +* use the right name +--- + tests/test_ssl.py | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/tests/test_ssl.py b/tests/test_ssl.py +index 986463a..ed911de 100644 +--- a/tests/test_ssl.py ++++ b/tests/test_ssl.py +@@ -1737,6 +1737,9 @@ class TestServerNameCallback(object): + assert args == [(server, b"foo1.example.com")] + + ++@pytest.mark.skipif( ++ not _lib.Cryptography_HAS_NEXTPROTONEG, reason="NPN is not available" ++) + class TestNextProtoNegotiation(object): + """ + Test for Next Protocol Negotiation in PyOpenSSL. +-- +2.21.0.windows.1 +