update pyOpenSSL to 19.1.0

Raise-an-Error-with-no-cipher-match-even-with-TLS1.3.patch

@@ -1,102 +0,0 @@
-From df2480da2c65cf0ddb0427803edbc04516fc237f Mon Sep 17 00:00:00 2001
-From: Mark Williams <mrw@enotuniq.org>
-Date: Thu, 14 Feb 2019 19:30:07 -0800
-Subject: [PATCH] Raise an Error with "no cipher match" even with TLS 1.3
- (#818)
-
-* Raise an Error with "no cipher match" even with TLS 1.3
-
-This makes Twisted's OpenSSLAcceptableCiphers.fromOpenSSLCipherString
-and seamlessly work with TLS 1.3:
-
-https://github.com/twisted/twisted/pull/1100/files/a5df2fb373ac67b0e3032acc9291ae88dfd0b3b1#diff-df501bac724aab523150498f84749b88R1767
-
-* Split TestContext.test_set_cipher_list_wrong_args into two tests.
----
- src/OpenSSL/SSL.py | 15 ++++++++++++---
- tests/test_ssl.py  | 31 ++++++++++++++++++++++---------
- 2 files changed, 34 insertions(+), 12 deletions(-)
-
-diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py
-index 5d07b26..de49cf9 100644
---- a/src/OpenSSL/SSL.py
-+++ b/src/OpenSSL/SSL.py
-@@ -1196,13 +1196,23 @@ class Context(object):
-         # invalid cipher string is passed, but without the following check
-         # for the TLS 1.3 specific cipher suites it would never error.
-         tmpconn = Connection(self, None)
--        _openssl_assert(
--            tmpconn.get_cipher_list() != [
--                'TLS_AES_256_GCM_SHA384',
--                'TLS_CHACHA20_POLY1305_SHA256',
--                'TLS_AES_128_GCM_SHA256'
--            ]
--        )
-+        if (
-+            tmpconn.get_cipher_list() == [
-+                 'TLS_AES_256_GCM_SHA384',
-+                 'TLS_CHACHA20_POLY1305_SHA256',
-+                 'TLS_AES_128_GCM_SHA256',
-+                 'TLS_AES_128_CCM_SHA256'
-+             ]
-+        ):
-+            raise Error(
-+                [
-+                    (
-+                        'SSL routines',
-+                        'SSL_CTX_set_cipher_list',
-+                        'no cipher match',
-+                    ),
-+                ],
-+            )
- 
-     def set_client_ca_list(self, certificate_authorities):
-         """
-diff --git a/tests/test_ssl.py b/tests/test_ssl.py
-index 38511a4..986463a 100644
---- a/tests/test_ssl.py
-+++ b/tests/test_ssl.py
-@@ -410,18 +410,31 @@ class TestContext(object):
- 
-         assert "AES128-SHA" in conn.get_cipher_list()
- 
--    @pytest.mark.parametrize("cipher_list,error", [
--        (object(), TypeError),
--        ("imaginary-cipher", Error),
--    ])
--    def test_set_cipher_list_wrong_args(self, context, cipher_list, error):
-+    def test_set_cipher_list_wrong_type(self, context):
-         """
-         `Context.set_cipher_list` raises `TypeError` when passed a non-string
--        argument and raises `OpenSSL.SSL.Error` when passed an incorrect cipher
--        list string.
-+        argument.
-         """
--        with pytest.raises(error):
--            context.set_cipher_list(cipher_list)
-+        with pytest.raises(TypeError):
-+            context.set_cipher_list(object())
-+
-+    def test_set_cipher_list_no_cipher_match(self, context):
-+        """
-+        `Context.set_cipher_list` raises `OpenSSL.SSL.Error` with a
-+        `"no cipher match"` reason string regardless of the TLS
-+        version.
-+        """
-+        with pytest.raises(Error) as excinfo:
-+            context.set_cipher_list(b"imaginary-cipher")
-+        assert excinfo.value.args == (
-+                [
-+                    (
-+                        'SSL routines',
-+                        'SSL_CTX_set_cipher_list',
-+                        'no cipher match',
-+                    ),
-+                ],
-+            )
- 
-     def test_load_client_ca(self, context, ca_file):
-         """
--- 
-2.21.0.windows.1
-

pyOpenSSL.spec

@@ -1,7 +1,7 @@
 %bcond_without  python2
 
 Name:           pyOpenSSL
-Version:        19.0.0
+Version:        19.1.0
 Release:        1
 Summary:        A rather thin wrapper around (a subset of) the OpenSSL library.
 
@@ -13,9 +13,6 @@ BuildArch:      noarch
 BuildRequires:  python2-devel python3-devel python2-cryptography python3-cryptography
 BuildRequires:  python3-setuptools python3-sphinx python3-sphinx_rtd_theme
 
-Patch6006:      skip-NPN-tests-if-NPN-is-not-available.patch
-Patch6008:      Raise-an-Error-with-no-cipher-match-even-with-TLS1.3.patch
-
 %description
 pyOpenSSL is a rather thin wrapper around (a subset of) the OpenSSL library.
 With thin wrapper we mean that a lot of the object methods do nothing more
@@ -78,9 +75,15 @@ make -C doc html SPHINXBUILD=sphinx-build-3
 
 %files help
 %license LICENSE
-%doc CHANGELOG.rst doc/_build/html examples
+%doc CHANGELOG.rst doc/_build/html
 
 %changelog
+* Tue May 12 2019 openEuler Buildteam <buildteam@openeuler.org> - 19.1.0-1
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC:Update pyOpenSSL to 19.1.0
+
 * Sat Aug 31 2019 openEuler Buildteam <buildteam@openeuler.org> - 19.0.0-1
 - Type:enhancement
 - ID:NA

skip-NPN-tests-if-NPN-is-not-available.patch

@@ -1,29 +0,0 @@
-From 4d57590bc7fc93430a1fdacc31bc0cbd9778f678 Mon Sep 17 00:00:00 2001
-From: Paul Kehrer <paul.l.kehrer@gmail.com>
-Date: Tue, 26 Feb 2019 21:42:12 +0800
-Subject: [PATCH] skip NPN tests if NPN is not available (#822)
-
-* skip NPN tests if NPN is not available
-
-* use the right name
----
- tests/test_ssl.py | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/tests/test_ssl.py b/tests/test_ssl.py
-index 986463a..ed911de 100644
---- a/tests/test_ssl.py
-+++ b/tests/test_ssl.py
-@@ -1737,6 +1737,9 @@ class TestServerNameCallback(object):
-         assert args == [(server, b"foo1.example.com")]
- 
- 
-+@pytest.mark.skipif(
-+    not _lib.Cryptography_HAS_NEXTPROTONEG, reason="NPN is not available"
-+)
- class TestNextProtoNegotiation(object):
-     """
-     Test for Next Protocol Negotiation in PyOpenSSL.
--- 
-2.21.0.windows.1
-