diff options
Diffstat (limited to 'gnu')
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/patches/python2-pyopenssl-openssl-compat.patch | 51 | ||||
-rw-r--r-- | gnu/packages/python-crypto.scm | 22 |
3 files changed, 8 insertions, 66 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 57116c5292..83bde9e1dc 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1755,7 +1755,6 @@ dist_patch_DATA = \ %D%/packages/patches/python-pillow-CVE-2022-45199.patch \ %D%/packages/patches/python-pyfakefs-remove-bad-test.patch \ %D%/packages/patches/python-pyflakes-test-location.patch \ - %D%/packages/patches/python2-pyopenssl-openssl-compat.patch \ %D%/packages/patches/python-flint-includes.patch \ %D%/packages/patches/python-libxml2-utf8.patch \ %D%/packages/patches/python-magic-python-bytecode.patch \ diff --git a/gnu/packages/patches/python2-pyopenssl-openssl-compat.patch b/gnu/packages/patches/python2-pyopenssl-openssl-compat.patch deleted file mode 100644 index a185f4172d..0000000000 --- a/gnu/packages/patches/python2-pyopenssl-openssl-compat.patch +++ /dev/null @@ -1,51 +0,0 @@ -Adjust for OpenSSL 1.1.1: - - https://github.com/pyca/pyopenssl/issues/1043 - -Taken from upstream: - - https://github.com/pyca/pyopenssl/commit/cc5c00ae5fd3c19d07fff79b5c4a08f5e58697ad - -diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py -index 59f21cec..fcdee047 100644 ---- a/src/OpenSSL/SSL.py -+++ b/src/OpenSSL/SSL.py -@@ -1421,6 +1421,12 @@ def set_alpn_protos(self, protos): - This list should be a Python list of bytestrings representing the - protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``. - """ -+ # Different versions of OpenSSL are inconsistent about how they handle empty -+ # proto lists (see #1043), so we avoid the problem entirely by rejecting them -+ # ourselves. -+ if not protos: -+ raise ValueError("at least one protocol must be specified") -+ - # Take the list of protocols and join them together, prefixing them - # with their lengths. - protostr = b"".join( -@@ -2449,6 +2455,12 @@ def set_alpn_protos(self, protos): - This list should be a Python list of bytestrings representing the - protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``. - """ -+ # Different versions of OpenSSL are inconsistent about how they handle empty -+ # proto lists (see #1043), so we avoid the problem entirely by rejecting them -+ # ourselves. -+ if not protos: -+ raise ValueError("at least one protocol must be specified") -+ - # Take the list of protocols and join them together, prefixing them - # with their lengths. - protostr = b"".join( -diff --git a/tests/test_ssl.py b/tests/test_ssl.py -index ffc505d8..ca363b45 100644 ---- a/tests/test_ssl.py -+++ b/tests/test_ssl.py -@@ -1928,7 +1928,7 @@ def test_alpn_call_failure(self): - protocols list. Ensure that we produce a user-visible error. - """ - context = Context(SSLv23_METHOD) -- with pytest.raises(Error): -+ with pytest.raises(ValueError): - context.set_alpn_protos([]) - - def test_alpn_set_on_connection(self): diff --git a/gnu/packages/python-crypto.scm b/gnu/packages/python-crypto.scm index a9355d134f..b3c9e57d70 100644 --- a/gnu/packages/python-crypto.scm +++ b/gnu/packages/python-crypto.scm @@ -654,19 +654,17 @@ ciphers, message digests and key derivation functions.") (propagated-inputs '()) (synopsis "Core implementation of the Cryptography Python library"))) -;; This is the last version which is compatable with python-cryptography < 35. (define-public python-pyopenssl (package (name "python-pyopenssl") - (version "21.0.0") + (version "23.1.1") (source (origin (method url-fetch) (uri (pypi-uri "pyOpenSSL" version)) (sha256 (base32 - "1cqcc20fwl521z3fxsc1c98gbnhb14q55vrvjfp6bn6h8rg8qbay")) - (patches (search-patches "python2-pyopenssl-openssl-compat.patch")))) + "1dxhip610zw1j2bz35g1w1h7vh374g0bnzn4nsqj65n6pswrh544")))) (build-system python-build-system) (arguments (list @@ -678,7 +676,7 @@ ciphers, message digests and key derivation functions.") ;; PyOpenSSL runs tests against a certificate with a fixed ;; expiry time. To ensure successful builds in the future, ;; set the time to roughly the release date. - (invoke "faketime" "2022-02-01" "py.test" "-v" "-k" + (invoke "faketime" "2023-03-25" "pytest" "-vv" "-k" (string-append ;; This test tries to look up certificates from ;; the compiled-in default path in OpenSSL, which @@ -690,17 +688,13 @@ ciphers, message digests and key derivation functions.") ;; Fails on i686-linux and possibly other 32-bit platforms ;; https://github.com/pyca/pyopenssl/issues/974 "and not test_verify_with_time")))))))) - (propagated-inputs - (list python-cryptography python-six)) - (inputs - (list openssl)) - (native-inputs - (list libfaketime python-flaky python-pretend python-pytest)) + (propagated-inputs (list python-cryptography)) + (inputs (list openssl)) + (native-inputs (list libfaketime python-flaky python-pretend python-pytest)) (home-page "https://github.com/pyca/pyopenssl") (synopsis "Python wrapper module around the OpenSSL library") - (description - "PyOpenSSL is a high-level wrapper around a subset of the OpenSSL -library.") + (description "PyOpenSSL is a high-level wrapper around a subset of the +OpenSSL library.") (license license:asl2.0))) (define-public python-ed25519 |