From 00a906ddeb470ef9a282c959e3483eda4fd8ae23 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Nov 2024 12:42:58 +0400 Subject: [PATCH 1/2] Bump the dependencies group with 10 updates (#669) --- docs-requirements.txt | 10 +++++----- lint-requirements.txt | 10 +++++----- test-requirements.txt | 8 ++++---- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/docs-requirements.txt b/docs-requirements.txt index 401b44d..381a858 100644 --- a/docs-requirements.txt +++ b/docs-requirements.txt @@ -12,13 +12,13 @@ certifi==2024.8.30 # via requests cffi==1.17.1 # via cryptography -charset-normalizer==3.3.2 +charset-normalizer==3.4.0 # via requests -cryptography==42.0.4 +cryptography==43.0.3 # via -r docs-requirements.in docutils==0.21.2 # via sphinx -idna==3.4 +idna==3.10 # via # -r docs-requirements.in # requests @@ -26,7 +26,7 @@ imagesize==1.4.1 # via sphinx jinja2==3.1.2 # via sphinx -markupsafe==2.1.1 +markupsafe==3.0.2 # via jinja2 packaging==24.1 # via sphinx @@ -38,7 +38,7 @@ requests==2.32.3 # via sphinx snowballstemmer==2.2.0 # via sphinx -sphinx==8.0.2 +sphinx==8.1.3 # via sphinxcontrib-trio sphinxcontrib-applehelp==2.0.0 # via sphinx diff --git a/lint-requirements.txt b/lint-requirements.txt index 440738c..c7ea23d 100644 --- a/lint-requirements.txt +++ b/lint-requirements.txt @@ -4,23 +4,23 @@ # # pip-compile lint-requirements.in # -black==24.8.0 +black==24.10.0 # via -r lint-requirements.in cffi==1.17.1 # via cryptography click==8.1.7 # via black -cryptography==42.0.4 +cryptography==43.0.3 # via # -r lint-requirements.in # types-pyopenssl -idna==3.6 +idna==3.10 # via -r lint-requirements.in iniconfig==2.0.0 # via pytest isort==5.13.2 # via -r lint-requirements.in -mypy==1.11.2 +mypy==1.13.0 # via -r lint-requirements.in mypy-extensions==1.0.0 # via @@ -44,7 +44,7 @@ types-cffi==1.16.0.20240331 # via types-pyopenssl types-pyopenssl==24.1.0.20240722 # via -r lint-requirements.in -types-setuptools==75.1.0.20240917 +types-setuptools==75.2.0.20241025 # via types-cffi typing-extensions==4.12.2 # via mypy diff --git a/test-requirements.txt b/test-requirements.txt index 32c6620..cc1a9ef 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -8,14 +8,14 @@ attrs==24.2.0 # via service-identity cffi==1.17.1 # via cryptography -coverage[toml]==7.6.1 +coverage[toml]==7.6.4 # via -r test-requirements.in -cryptography==42.0.4 +cryptography==43.0.3 # via # -r test-requirements.in # pyopenssl # service-identity -idna==3.4 +idna==3.10 # via -r test-requirements.in iniconfig==2.0.0 # via pytest @@ -35,5 +35,5 @@ pyopenssl==24.2.1 # via -r test-requirements.in pytest==8.3.3 # via -r test-requirements.in -service-identity==24.1.0 +service-identity==24.2.0 # via -r test-requirements.in From e3dc9046c40859c8b9664bf52b3610ff806e9722 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Dec 2024 16:09:10 +0400 Subject: [PATCH 2/2] Use cryptography to load the pyOpenSSL certificates (#670) * Bump the dependencies group with 4 updates Bumps the dependencies group with 4 updates: [packaging](https://github.com/pypa/packaging), [types-setuptools](https://github.com/python/typeshed), [coverage[toml]](https://github.com/nedbat/coveragepy) and [pyopenssl](https://github.com/pyca/pyopenssl). Updates `packaging` from 24.1 to 24.2 - [Release notes](https://github.com/pypa/packaging/releases) - [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pypa/packaging/compare/24.1...24.2) Updates `types-setuptools` from 75.2.0.20241025 to 75.6.0.20241126 - [Commits](https://github.com/python/typeshed/commits) Updates `coverage[toml]` from 7.6.4 to 7.6.8 - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](https://github.com/nedbat/coveragepy/compare/7.6.4...7.6.8) Updates `pyopenssl` from 24.2.1 to 24.3.0 - [Changelog](https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/pyopenssl/compare/24.2.1...24.3.0) --- updated-dependencies: - dependency-name: packaging dependency-type: indirect update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: types-setuptools dependency-type: indirect update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: coverage[toml] dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: pyopenssl dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] * Switch to using cryptography privatekeys * Switch x509 too * Fix typings * Give up on typing --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: EXPLOSION --- docs-requirements.txt | 2 +- lint-requirements.txt | 4 ++-- src/trustme/__init__.py | 16 +++++++--------- test-requirements.txt | 6 +++--- 4 files changed, 13 insertions(+), 15 deletions(-) diff --git a/docs-requirements.txt b/docs-requirements.txt index 381a858..7a2aed2 100644 --- a/docs-requirements.txt +++ b/docs-requirements.txt @@ -28,7 +28,7 @@ jinja2==3.1.2 # via sphinx markupsafe==3.0.2 # via jinja2 -packaging==24.1 +packaging==24.2 # via sphinx pycparser==2.22 # via cffi diff --git a/lint-requirements.txt b/lint-requirements.txt index c7ea23d..a29ba83 100644 --- a/lint-requirements.txt +++ b/lint-requirements.txt @@ -26,7 +26,7 @@ mypy-extensions==1.0.0 # via # black # mypy -packaging==24.1 +packaging==24.2 # via # black # pytest @@ -44,7 +44,7 @@ types-cffi==1.16.0.20240331 # via types-pyopenssl types-pyopenssl==24.1.0.20240722 # via -r lint-requirements.in -types-setuptools==75.2.0.20241025 +types-setuptools==75.6.0.20241126 # via types-cffi typing-extensions==4.12.2 # via mypy diff --git a/src/trustme/__init__.py b/src/trustme/__init__.py index ff87ab7..6f3cc00 100644 --- a/src/trustme/__init__.py +++ b/src/trustme/__init__.py @@ -8,7 +8,7 @@ from contextlib import contextmanager from enum import Enum from tempfile import NamedTemporaryFile -from typing import TYPE_CHECKING, Generator, List, Optional, Union +from typing import TYPE_CHECKING, Generator, List, Optional, Union, cast import idna from cryptography import x509 @@ -545,15 +545,13 @@ def configure_cert(self, ctx: Union[ssl.SSLContext, OpenSSL.SSL.Context]) -> Non with self.private_key_and_cert_chain_pem.tempfile() as path: ctx.load_cert_chain(path) elif _smells_like_pyopenssl(ctx): - from OpenSSL.crypto import FILETYPE_PEM, load_certificate, load_privatekey - - key = load_privatekey(FILETYPE_PEM, self.private_key_pem.bytes()) - ctx.use_privatekey(key) - cert = load_certificate(FILETYPE_PEM, self.cert_chain_pems[0].bytes()) - ctx.use_certificate(cert) + key = load_pem_private_key(self.private_key_pem.bytes(), None) + ctx.use_privatekey(key) # type: ignore[arg-type] + cert = x509.load_pem_x509_certificate(self.cert_chain_pems[0].bytes()) + ctx.use_certificate(cert) # type: ignore[arg-type] for pem in self.cert_chain_pems[1:]: - cert = load_certificate(FILETYPE_PEM, pem.bytes()) - ctx.add_extra_chain_cert(cert) + cert = x509.load_pem_x509_certificate(pem.bytes()) + ctx.add_extra_chain_cert(cert) # type: ignore[arg-type] else: raise TypeError( "unrecognized context type {!r}".format(ctx.__class__.__name__) diff --git a/test-requirements.txt b/test-requirements.txt index cc1a9ef..5555fa4 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -8,7 +8,7 @@ attrs==24.2.0 # via service-identity cffi==1.17.1 # via cryptography -coverage[toml]==7.6.4 +coverage[toml]==7.6.8 # via -r test-requirements.in cryptography==43.0.3 # via @@ -19,7 +19,7 @@ idna==3.10 # via -r test-requirements.in iniconfig==2.0.0 # via pytest -packaging==24.1 +packaging==24.2 # via pytest pluggy==1.5.0 # via pytest @@ -31,7 +31,7 @@ pyasn1-modules==0.4.1 # via service-identity pycparser==2.22 # via cffi -pyopenssl==24.2.1 +pyopenssl==24.3.0 # via -r test-requirements.in pytest==8.3.3 # via -r test-requirements.in