<feed xmlns='http://www.w3.org/2005/Atom'>
<title>delta/python-packages/pyopenssl.git/tests, branch dependabot/github_actions/actions/setup-python-2.3.1</title>
<subtitle>github.com: pyca/pyopenssl.git
</subtitle>
<link rel='alternate' type='text/html' href='http://git.baserock.org/cgit/delta/python-packages/pyopenssl.git/'/>
<entry>
<title>Remove some more py27-isms (#1062)</title>
<updated>2021-11-23T20:56:09+00:00</updated>
<author>
<name>Alex Gaynor</name>
<email>alex.gaynor@gmail.com</email>
</author>
<published>2021-11-23T20:56:09+00:00</published>
<link rel='alternate' type='text/html' href='http://git.baserock.org/cgit/delta/python-packages/pyopenssl.git/commit/?id=11b9bc5cb5efd5cafd9fe4cf7a99a1252213025b'/>
<id>11b9bc5cb5efd5cafd9fe4cf7a99a1252213025b</id>
<content type='text'>
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
</pre>
</div>
</content>
</entry>
<entry>
<title>Expose some DTLS-related features (#1026)</title>
<updated>2021-11-02T06:30:36+00:00</updated>
<author>
<name>Nathaniel J. Smith</name>
<email>njs@pobox.com</email>
</author>
<published>2021-11-02T06:30:36+00:00</published>
<link rel='alternate' type='text/html' href='http://git.baserock.org/cgit/delta/python-packages/pyopenssl.git/commit/?id=e84e7b57d1838de70ab7a27089fbee78ce0d2106'/>
<id>e84e7b57d1838de70ab7a27089fbee78ce0d2106</id>
<content type='text'>
* Expose DTLS_METHOD and friends

* Expose OP_NO_RENEGOTIATION

* Expose DTLS MTU-related functions

* Expose DTLSv1_listen and associated callbacks

* Add a basic DTLS test

* Cope with old versions of openssl/libressl

* blacken

* Soothe flake8

* Add temporary hack to skip DTLS test on old cryptography versions

* Update for cryptography v35 release

* Add changelog entry

* Fix versionadded::

* get_cleartext_mtu doesn't exist on decrepit old openssl

* Rewrite DTLS test to work around stupid OpenSSL misbehavior

* flake8 go away

* minor tidying</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
* Expose DTLS_METHOD and friends

* Expose OP_NO_RENEGOTIATION

* Expose DTLS MTU-related functions

* Expose DTLSv1_listen and associated callbacks

* Add a basic DTLS test

* Cope with old versions of openssl/libressl

* blacken

* Soothe flake8

* Add temporary hack to skip DTLS test on old cryptography versions

* Update for cryptography v35 release

* Add changelog entry

* Fix versionadded::

* get_cleartext_mtu doesn't exist on decrepit old openssl

* Rewrite DTLS test to work around stupid OpenSSL misbehavior

* flake8 go away

* minor tidying</pre>
</div>
</content>
</entry>
<entry>
<title>Check for invalid ALPN lists before calling OpenSSL, for consistency (#1056)</title>
<updated>2021-10-27T22:37:33+00:00</updated>
<author>
<name>Nathaniel J. Smith</name>
<email>njs@pobox.com</email>
</author>
<published>2021-10-27T22:37:33+00:00</published>
<link rel='alternate' type='text/html' href='http://git.baserock.org/cgit/delta/python-packages/pyopenssl.git/commit/?id=45c5678e48839e08cd290285c052a65ecb4cac80'/>
<id>45c5678e48839e08cd290285c052a65ecb4cac80</id>
<content type='text'>
* Check for invalid ALPN lists before calling OpenSSL, for consistency

Fixes gh-1043

* Soothe flake8</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
* Check for invalid ALPN lists before calling OpenSSL, for consistency

Fixes gh-1043

* Soothe flake8</pre>
</div>
</content>
</entry>
<entry>
<title>py27 going, going, gone (#1047)</title>
<updated>2021-10-04T08:22:33+00:00</updated>
<author>
<name>Paul Kehrer</name>
<email>paul.l.kehrer@gmail.com</email>
</author>
<published>2021-10-04T08:22:33+00:00</published>
<link rel='alternate' type='text/html' href='http://git.baserock.org/cgit/delta/python-packages/pyopenssl.git/commit/?id=a42ec20880d44150022b8cd9c852fff6cca2dcaa'/>
<id>a42ec20880d44150022b8cd9c852fff6cca2dcaa</id>
<content type='text'>
* py27 going, going, gone

* black

* more black

* ok then

* forgot to remove pypy2</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
* py27 going, going, gone

* black

* more black

* ok then

* forgot to remove pypy2</pre>
</div>
</content>
</entry>
<entry>
<title>Fill in notBefore/notAfter in X509 _PKeyInteractionTestsMixin tests (#1039)</title>
<updated>2021-09-07T18:24:13+00:00</updated>
<author>
<name>David Benjamin</name>
<email>davidben@google.com</email>
</author>
<published>2021-09-07T18:24:13+00:00</published>
<link rel='alternate' type='text/html' href='http://git.baserock.org/cgit/delta/python-packages/pyopenssl.git/commit/?id=8e1f599eb6bb4fc129ce0519506945fb306713fa'/>
<id>8e1f599eb6bb4fc129ce0519506945fb306713fa</id>
<content type='text'>
While the tests currently pass without it, this is because OpenSSL's
encoder doesn't notice that it is emitting garbage. See
https://github.com/openssl/openssl/issues/16538

Fill in a placeholder validity period so the tests both better mirror
real X.509 signing code and do not rely on this bug.</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
While the tests currently pass without it, this is because OpenSSL's
encoder doesn't notice that it is emitting garbage. See
https://github.com/openssl/openssl/issues/16538

Fill in a placeholder validity period so the tests both better mirror
real X.509 signing code and do not rely on this bug.</pre>
</div>
</content>
</entry>
<entry>
<title>Don't try to serialize invalid objects in tests (#1037)</title>
<updated>2021-08-23T03:19:40+00:00</updated>
<author>
<name>David Benjamin</name>
<email>davidben@google.com</email>
</author>
<published>2021-08-23T03:19:40+00:00</published>
<link rel='alternate' type='text/html' href='http://git.baserock.org/cgit/delta/python-packages/pyopenssl.git/commit/?id=30e82d4ba5e3817a77e212540477da701460e988'/>
<id>30e82d4ba5e3817a77e212540477da701460e988</id>
<content type='text'>
A default-constructed X509_REQ or NETSCAPE_SPKI contains empty values
for all its fields, notably the OIDs in public keys. This initial state
is incomplete and not yet a valid object. The ASN.1 structures make the
public key mandatory.  When serializing, OpenSSL would previously
silently omit the field, which doesn't actually produce a valid
structure.

As of https://github.com/openssl/openssl/pull/16027, OpenSSL will notice
this and return an error rather than serialize garbage. Sadly, that had
to be reverted on 1.1.1, but it is present in the 3.0 branch. With that
change, some of pyOpenSSL's tests fail.

The bug here is in pyOpenSSL: pyOpenSSL tests are trying to serialize
incomplete objects. Instead, fill in the public key.  While not
syntactically necessary (the empty string is a BIT STRING), also fill in
the signature for NetscapeSPKI, to better align with real code.

Tested by running pyOpenSSL tests against a copy of OpenSSL 1.1.1's dev
branch, prior to the changes getting reverted.</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
A default-constructed X509_REQ or NETSCAPE_SPKI contains empty values
for all its fields, notably the OIDs in public keys. This initial state
is incomplete and not yet a valid object. The ASN.1 structures make the
public key mandatory.  When serializing, OpenSSL would previously
silently omit the field, which doesn't actually produce a valid
structure.

As of https://github.com/openssl/openssl/pull/16027, OpenSSL will notice
this and return an error rather than serialize garbage. Sadly, that had
to be reverted on 1.1.1, but it is present in the 3.0 branch. With that
change, some of pyOpenSSL's tests fail.

The bug here is in pyOpenSSL: pyOpenSSL tests are trying to serialize
incomplete objects. Instead, fill in the public key.  While not
syntactically necessary (the empty string is a BIT STRING), also fill in
the signature for NetscapeSPKI, to better align with real code.

Tested by running pyOpenSSL tests against a copy of OpenSSL 1.1.1's dev
branch, prior to the changes getting reverted.</pre>
</div>
</content>
</entry>
<entry>
<title>Attempt to test with system OpenSSL on recent Ubuntu (#1003)</title>
<updated>2021-03-19T23:36:39+00:00</updated>
<author>
<name>Alex Gaynor</name>
<email>alex.gaynor@gmail.com</email>
</author>
<published>2021-03-19T23:36:39+00:00</published>
<link rel='alternate' type='text/html' href='http://git.baserock.org/cgit/delta/python-packages/pyopenssl.git/commit/?id=2be0c8677e77dca03829e1a588a627e1ee037111'/>
<id>2be0c8677e77dca03829e1a588a627e1ee037111</id>
<content type='text'>
* Attempt to test with system OpenSSL on recent Ubuntu

* attempted fix for this test</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
* Attempt to test with system OpenSSL on recent Ubuntu

* attempted fix for this test</pre>
</div>
</content>
</entry>
<entry>
<title>Add SSL_CTX_set_min_proto_version/SSL_CTX_set_max_proto_version bindings (#985)</title>
<updated>2021-03-10T21:35:24+00:00</updated>
<author>
<name>Maximilian Hils</name>
<email>git@maximilianhils.com</email>
</author>
<published>2021-03-10T21:35:24+00:00</published>
<link rel='alternate' type='text/html' href='http://git.baserock.org/cgit/delta/python-packages/pyopenssl.git/commit/?id=5dc698861c91b4aa83b284b282c0e91cdcee49a3'/>
<id>5dc698861c91b4aa83b284b282c0e91cdcee49a3</id>
<content type='text'>
* add Context.set_*_proto_version, fix #860

* docs: add new openssl tls methods

* accept the fact that nothing can be taken for granted

* bump minimum required cryptography version to 3.3

* drop support for Python 3.5

* use binary wheels for cryptography

* Revert "use binary wheels for cryptography"

This reverts commit 91a04c612ed1d0dd9fd541dfefe21cac7c25b1c1.

* docker ci: compile cryptography with rust</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
* add Context.set_*_proto_version, fix #860

* docs: add new openssl tls methods

* accept the fact that nothing can be taken for granted

* bump minimum required cryptography version to 3.3

* drop support for Python 3.5

* use binary wheels for cryptography

* Revert "use binary wheels for cryptography"

This reverts commit 91a04c612ed1d0dd9fd541dfefe21cac7c25b1c1.

* docker ci: compile cryptography with rust</pre>
</div>
</content>
</entry>
<entry>
<title>Check return code of SSL_[CTX_]set_alpn_protos (#993)</title>
<updated>2021-02-17T19:06:26+00:00</updated>
<author>
<name>Maximilian Hils</name>
<email>git@maximilianhils.com</email>
</author>
<published>2021-02-17T19:06:26+00:00</published>
<link rel='alternate' type='text/html' href='http://git.baserock.org/cgit/delta/python-packages/pyopenssl.git/commit/?id=614d6737d84294b038eead384100e2a7a65f717b'/>
<id>614d6737d84294b038eead384100e2a7a65f717b</id>
<content type='text'>
* check return code of SSL_CTX_set_alpn_protos, fix #992

* paint it black!

* fix line lengths as well :upside_down_face:</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
* check return code of SSL_CTX_set_alpn_protos, fix #992

* paint it black!

* fix line lengths as well :upside_down_face:</pre>
</div>
</content>
</entry>
<entry>
<title>fix a memleak (#967)</title>
<updated>2020-11-27T21:22:30+00:00</updated>
<author>
<name>Paul Kehrer</name>
<email>paul.l.kehrer@gmail.com</email>
</author>
<published>2020-11-27T21:22:30+00:00</published>
<link rel='alternate' type='text/html' href='http://git.baserock.org/cgit/delta/python-packages/pyopenssl.git/commit/?id=09b5d7071846a7abdb8061711ac0d2e561f7260a'/>
<id>09b5d7071846a7abdb8061711ac0d2e561f7260a</id>
<content type='text'>
* fix a memleak

* black</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
* fix a memleak

* black</pre>
</div>
</content>
</entry>
</feed>
