Package init

Raise-an-Error-with-no-cipher-match-even-with-TLS1.3.patch

@@ -0,0 +1,102 @@
+From df2480da2c65cf0ddb0427803edbc04516fc237f Mon Sep 17 00:00:00 2001
+From: Mark Williams <mrw@enotuniq.org>
+Date: Thu, 14 Feb 2019 19:30:07 -0800
+Subject: [PATCH] Raise an Error with "no cipher match" even with TLS 1.3
+ (#818)
+
+* Raise an Error with "no cipher match" even with TLS 1.3
+
+This makes Twisted's OpenSSLAcceptableCiphers.fromOpenSSLCipherString
+and seamlessly work with TLS 1.3:
+
+https://github.com/twisted/twisted/pull/1100/files/a5df2fb373ac67b0e3032acc9291ae88dfd0b3b1#diff-df501bac724aab523150498f84749b88R1767
+
+* Split TestContext.test_set_cipher_list_wrong_args into two tests.
+---
+ src/OpenSSL/SSL.py | 15 ++++++++++++---
+ tests/test_ssl.py  | 31 ++++++++++++++++++++++---------
+ 2 files changed, 34 insertions(+), 12 deletions(-)
+
+diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
+index 5d07b26..de49cf9 100644
+--- a/src/OpenSSL/SSL.py
++++ b/src/OpenSSL/SSL.py
+@@ -1196,13 +1196,23 @@ class Context(object):
+         # invalid cipher string is passed, but without the following check
+         # for the TLS 1.3 specific cipher suites it would never error.
+         tmpconn = Connection(self, None)
+-        _openssl_assert(
+-            tmpconn.get_cipher_list() != [
+-                'TLS_AES_256_GCM_SHA384',
+-                'TLS_CHACHA20_POLY1305_SHA256',
+-                'TLS_AES_128_GCM_SHA256'
+-            ]
+-        )
++        if (
++            tmpconn.get_cipher_list() == [
++                 'TLS_AES_256_GCM_SHA384',
++                 'TLS_CHACHA20_POLY1305_SHA256',
++                 'TLS_AES_128_GCM_SHA256',
++                 'TLS_AES_128_CCM_SHA256'
++             ]
++        ):
++            raise Error(
++                [
++                    (
++                        'SSL routines',
++                        'SSL_CTX_set_cipher_list',
++                        'no cipher match',
++                    ),
++                ],
++            )
+ 
+     def set_client_ca_list(self, certificate_authorities):
+         """
+diff --git a/tests/test_ssl.py b/tests/test_ssl.py
+index 38511a4..986463a 100644
+--- a/tests/test_ssl.py
++++ b/tests/test_ssl.py
+@@ -410,18 +410,31 @@ class TestContext(object):
+ 
+         assert "AES128-SHA" in conn.get_cipher_list()
+ 
+-    @pytest.mark.parametrize("cipher_list,error", [
+-        (object(), TypeError),
+-        ("imaginary-cipher", Error),
+-    ])
+-    def test_set_cipher_list_wrong_args(self, context, cipher_list, error):
++    def test_set_cipher_list_wrong_type(self, context):
+         """
+         `Context.set_cipher_list` raises `TypeError` when passed a non-string
+-        argument and raises `OpenSSL.SSL.Error` when passed an incorrect cipher
+-        list string.
++        argument.
+         """
+-        with pytest.raises(error):
+-            context.set_cipher_list(cipher_list)
++        with pytest.raises(TypeError):
++            context.set_cipher_list(object())
++
++    def test_set_cipher_list_no_cipher_match(self, context):
++        """
++        `Context.set_cipher_list` raises `OpenSSL.SSL.Error` with a
++        `"no cipher match"` reason string regardless of the TLS
++        version.
++        """
++        with pytest.raises(Error) as excinfo:
++            context.set_cipher_list(b"imaginary-cipher")
++        assert excinfo.value.args == (
++                [
++                    (
++                        'SSL routines',
++                        'SSL_CTX_set_cipher_list',
++                        'no cipher match',
++                    ),
++                ],
++            )
+ 
+     def test_load_client_ca(self, context, ca_file):
+         """
+-- 
+2.21.0.windows.1
+

pyOpenSSL.spec

@@ -0,0 +1,109 @@
+%bcond_without  python2
+
+Name:           pyOpenSSL
+Version:        19.0.0
+Release:        1
+Summary:        A rather thin wrapper around (a subset of) the OpenSSL library.
+
+License:        ASL 2.0
+URL:            https://www.pyopenssl.org/en/stable/
+Source0:        https://github.com/pyca/pyopenssl/archive/%{name}-%{version}.tar.gz
+
+BuildArch:      noarch
+BuildRequires:  python2-devel python3-devel python2-cryptography python3-cryptography
+BuildRequires:  python3-setuptools python3-sphinx python3-sphinx_rtd_theme
+
+Patch6006:      skip-NPN-tests-if-NPN-is-not-available.patch
+Patch6008:      Raise-an-Error-with-no-cipher-match-even-with-TLS1.3.patch
+
+%description
+pyOpenSSL is a rather thin wrapper around (a subset of) the OpenSSL library.
+With thin wrapper we mean that a lot of the object methods do nothing more
+than calling a corresponding function in the OpenSSL library.
+
+%package -n     python2-%{name}
+Summary:        A rather thin wrapper around (a subset of) the OpenSSL library.
+Requires:       python2-six >= 1.5.2 python2-cryptography
+Obsoletes:      pyOpenSSL < %{version}-%{release}
+Provides:       pyOpenSSL = %{version}-%{release}
+%{?python_provide:%python_provide python2-pyOpenSSL}
+
+%description -n python2-%{name}
+pyOpenSSL is a rather thin wrapper around (a subset of) the OpenSSL library.
+With thin wrapper we mean that a lot of the object methods do nothing more
+than calling a corresponding function in the OpenSSL library.
+
+%package -n     python3-%{name}
+Summary:        A rather thin wrapper around (a subset of) the OpenSSL library.
+Requires:       python3-six >= 1.5.2 python3-cryptography     
+%{?python_provide:%python_provide python3-pyOpenSSL}
+
+%description -n python3-%{name}
+pyOpenSSL is a rather thin wrapper around (a subset of) the OpenSSL library.
+With thin wrapper we mean that a lot of the object methods do nothing more
+than calling a corresponding function in the OpenSSL library.
+
+%package        help
+Summary:        Documents for %{name}
+Buildarch:      noarch
+Requires:       man info
+Provides:       %{name}-doc
+Obsoletes:      %{name}-doc
+
+%description    help
+Man pages and other related documents for %{name}.
+
+%prep
+%autosetup -n %{name}-%{version} -p1
+
+%build
+%py2_build
+%py3_build
+
+make -C doc html SPHINXBUILD=sphinx-build-3
+
+%install
+%py2_install
+%py3_install
+
+%files -n python2-%{name}
+%license LICENSE
+%{python2_sitelib}/OpenSSL/*
+%{python2_sitelib}/%{name}-%{version}-py?.?.egg-info
+
+%files -n python3-%{name}
+%license LICENSE
+%{python3_sitelib}/OpenSSL/
+%{python3_sitelib}/%{name}-%{version}-py?.?.egg-info
+
+%files help
+%license LICENSE
+%doc CHANGELOG.rst doc/_build/html examples
+
+%changelog
+* Sat Aug 31 2019 openEuler Buildteam <buildteam@openeuler.org> - 19.0.0-1
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC:Update to 19.0.0
+
+* Sun Apr 28 2019 luochunsheng<luochunsheng@huawei.com> - 18.0.0-3.h3
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC:fix tests
+
+* Sat Apr 13 2019 luochunsheng<luochunsheng@huawei.com> - 18.0.0-3.h2
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC:pyOpenSSL package quality enhance
+
+* Wed Mar 13 2019 wanghongzhe<wanghongzhe@huawei.com> - 18.0.0-3.h1
+- Type:enhancement
+- ID:NA
+- SUG:restart
+- DESC:solve the mirror-yum installation dependency
+
+* Mon Aug 13 2018 openEuler Buildteam <buildteam@openeuler.org> - 18.0.0-3
+- Package Init

skip-NPN-tests-if-NPN-is-not-available.patch

@@ -0,0 +1,29 @@
+From 4d57590bc7fc93430a1fdacc31bc0cbd9778f678 Mon Sep 17 00:00:00 2001
+From: Paul Kehrer <paul.l.kehrer@gmail.com>
+Date: Tue, 26 Feb 2019 21:42:12 +0800
+Subject: [PATCH] skip NPN tests if NPN is not available (#822)
+
+* skip NPN tests if NPN is not available
+
+* use the right name
+---
+ tests/test_ssl.py | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/tests/test_ssl.py b/tests/test_ssl.py
+index 986463a..ed911de 100644
+--- a/tests/test_ssl.py
++++ b/tests/test_ssl.py
+@@ -1737,6 +1737,9 @@ class TestServerNameCallback(object):
+         assert args == [(server, b"foo1.example.com")]
+ 
+ 
++@pytest.mark.skipif(
++    not _lib.Cryptography_HAS_NEXTPROTONEG, reason="NPN is not available"
++)
+ class TestNextProtoNegotiation(object):
+     """
+     Test for Next Protocol Negotiation in PyOpenSSL.
+-- 
+2.21.0.windows.1
+