Use cryptography to load the pyOpenSSL certificates

[dependabot]

Bumps the dependencies group with 4 updates: packaging, types-setuptools, coverage[toml] and pyopenssl.

Updates packaging from 24.1 to 24.2

Release notes

Sourced from packaging's releases.

24.2

What's Changed

• The source is auto-formatted with ruff, not black by @​DimitriPapadopoulos in pypa/packaging#798
• Bump the github-actions group across 1 directory with 3 updates by @​dependabot in pypa/packaging#813
• Apply ruff rules (RUF) by @​DimitriPapadopoulos in pypa/packaging#800
• Fix typo in Version __str__ by @​aryanpingle in pypa/packaging#817
• Bump the github-actions group with 3 updates by @​dependabot in pypa/packaging#819
• Get rid of duplicate test cases by @​DimitriPapadopoulos in pypa/packaging#821
• Fix doc for canonicalize_version and a typo in a docstring by @​Laurent-Dx in pypa/packaging#801
• docs: public/base_version comparison by @​henryiii in pypa/packaging#818
• Apply ruff/bugbear rules (B) by @​DimitriPapadopoulos in pypa/packaging#787
• Apply ruff/pyupgrade rules (UP) by @​DimitriPapadopoulos in pypa/packaging#786
• Add a changelog entry for dropping Python 3.7 support by @​alexwlchan in pypa/packaging#824
• Patch python_full_version unconditionally by @​jaraco in pypa/packaging#825
• Refactor canonicalize_version by @​jaraco in pypa/packaging#793
• Allow creating a SpecifierSet from a list of specifiers by @​pfmoore in pypa/packaging#777
• Fix uninformative error message by @​abravalheri in pypa/packaging#830
• Fix prerelease detection for > and < by @​notatallshaw in pypa/packaging#794
• Bump the github-actions group across 1 directory with 4 updates by @​dependabot in pypa/packaging#839
• Add support for PEP 730 iOS tags. by @​freakboy3742 in pypa/packaging#832
• Update the changelog to reflect 24.1 changes by @​pradyunsg in pypa/packaging#840
• Mention updating changelog in release process by @​pradyunsg in pypa/packaging#841
• Add a comment as to why Metadata.name isn't normalized by @​brettcannon in pypa/packaging#842
• Use !r formatter for error messages with filenames. by @​Carreau in pypa/packaging#844
• PEP 639: Implement License-Expression and License-File by @​ewdurbin in pypa/packaging#828
• Bump the github-actions group with 4 updates by @​dependabot in pypa/packaging#852
• Upgrade to latest mypy by @​hauntsaninja in pypa/packaging#853
• Extraneous quotes by @​ewdurbin in pypa/packaging#848

New Contributors

• @​aryanpingle made their first contribution in pypa/packaging#817
• @​Laurent-Dx made their first contribution in pypa/packaging#801
• @​alexwlchan made their first contribution in pypa/packaging#824
• @​jaraco made their first contribution in pypa/packaging#825
• @​notatallshaw made their first contribution in pypa/packaging#794
• @​freakboy3742 made their first contribution in pypa/packaging#832
• @​Carreau made their first contribution in pypa/packaging#844
• @​ewdurbin made their first contribution in pypa/packaging#828

Full Changelog: pypa/packaging@24.1...24.2

Changelog

Sourced from packaging's changelog.

24.2 - 2024-11-08

* PEP 639: Implement License-Expression and License-File (:issue:`828`)
* Use ``!r`` formatter for error messages with filenames (:issue:`844`)
* Add support for PEP 730 iOS tags (:issue:`832`)
* Fix prerelease detection for ``>`` and ``<`` (:issue:`794`)
* Fix uninformative error message (:issue:`830`)
* Refactor ``canonicalize_version`` (:issue:`793`)
* Patch python_full_version unconditionally (:issue:`825`)
* Fix doc for ``canonicalize_version`` to mention ``strip_trailing_zero`` and a typo in a docstring (:issue:`801`)
* Fix typo in Version ``__str__`` (:issue:`817`)
* Support creating a ``SpecifierSet`` from an iterable of ``Specifier`` objects (:issue:`775`)

Commits

• d8e3b31 Bump for release
• 2de393d Update changelog for release
• 9c66f5c Remove extraneous quotes in f-strings by using !r (#848)
• 4dc334c Upgrade to latest mypy (#853)
• d1a9f93 Bump the github-actions group with 4 updates (#852)
• 029f415 PEP 639: Implement License-Expression and License-File (#828)
• 6c338a8 Use !r formatter for error messages with filenames. (#844)
• 28e7da7 Add a comment as to why Metadata.name isn't normalized (#842)
• ce0d79c Mention updating changelog in release process (#841)
• ac5bdf3 Update the changelog to reflect 24.1 changes (#840)
• Additional commits viewable in compare view

Updates types-setuptools from 75.2.0.20241025 to 75.6.0.20241126

Commits

• See full diff in compare view

Updates coverage[toml] from 7.6.4 to 7.6.8

Release notes

Sourced from coverage[toml]'s releases.

7.6.8

Version 7.6.8 — 2024-11-23

• Fix: the LCOV report code assumed that a branch line that took no branches meant that the entire line was unexecuted. This isn’t true in a few cases: the line might always raise an exception, or might have been optimized away. Fixes issue 1896.
• Fix: similarly, the HTML report will now explain that a line that jumps to none of its expected destinations must have always raised an exception. Previously, it would say something nonsensical like, “line 4 didn’t jump to line 5 because line 4 was never true, and it didn’t jump to line 7 because line 4 was always true.” This was also shown in issue 1896.

➡️  PyPI page: coverage 7.6.8. :arrow_right:  To install: python3 -m pip install coverage==7.6.8

7.6.7

Version 7.6.7 — 2024-11-15

• Fix: ugh, the other assert from 7.6.5 can also be encountered in the wild, so it’s been restored to a conditional. Sorry for the churn.

➡️  PyPI page: coverage 7.6.7. :arrow_right:  To install: python3 -m pip install coverage==7.6.7

7.6.6

Version 7.6.6 — 2024-11-15

• One of the new asserts from 7.6.5 caused problems in real projects, as reported in issue 1891. The assert has been removed.

➡️  PyPI page: coverage 7.6.6. :arrow_right:  To install: python3 -m pip install coverage==7.6.6

7.6.5

Version 7.6.5 — 2024-11-14

• Fix: fine-tuned the exact Python version (3.12.6) when exiting from with statements changed how they traced. This affected whether people saw the fix for issue 1880.
• Fix: isolate our code more from mocking in the os module that in rare cases can cause bizarre behavior.
• Refactor: some code unreachable code paths in parser.py were changed to asserts. If you encounter any of these, please let me know!

➡️  PyPI page: coverage 7.6.5. :arrow_right:  To install: python3 -m pip install coverage==7.6.5

Changelog

Sourced from coverage[toml]'s changelog.

Version 7.6.8 — 2024-11-23

• Fix: the LCOV report code assumed that a branch line that took no branches meant that the entire line was unexecuted. This isn't true in a few cases: the line might always raise an exception, or might have been optimized away. Fixes issue 1896_.

• Fix: similarly, the HTML report will now explain that a line that jumps to none of its expected destinations must have always raised an exception. Previously, it would say something nonsensical like, "line 4 didn't jump to line 5 because line 4 was never true, and it didn't jump to line 7 because line 4 was always true." This was also shown in issue 1896_.

.. _issue 1896: nedbat/coveragepy#1896

.. _changes_7-6-7:

Version 7.6.7 — 2024-11-15

• Fix: ugh, the other assert from 7.6.5 can also be encountered in the wild, so it's been restored to a conditional. Sorry for the churn.

.. _changes_7-6-6:

Version 7.6.6 — 2024-11-15

• One of the new asserts from 7.6.5 caused problems in real projects, as reported in issue 1891_. The assert has been removed.

.. _issue 1891: nedbat/coveragepy#1891

.. _changes_7-6-5:

Version 7.6.5 — 2024-11-14

• Fix: fine-tuned the exact Python version (3.12.6) when exiting from with statements changed how they traced. This affected whether people saw the fix for issue 1880_.

• Fix: isolate our code more from mocking in the os module that in rare cases can cause bizarre behavior <pytest-cov-666_>_.

• Refactor: some code unreachable code paths in parser.py were changed to

... (truncated)

Commits

• 6134266 docs: sample HTML for 7.6.8
• 041f963 docs: prep for 7.6.8
• 7fe48b6 build: don't search generated report files
• f219144 docs: start changelog entries with capital letters
• d1a916a fix: a line that branches nowhere must always raise an exception
• 2ace7a2 fix: don't assume 'no branches' means 'not executed' #1896
• 3ed5915 style: all of ci should use underscores
• 0db86f2 build: automate updating readthedocs
• 2a89551 chore: make upgrade (not sure why files became absolute)
• ba9c157 chore: make doc_upgrade
• Additional commits viewable in compare view

Updates pyopenssl from 24.2.1 to 24.3.0

Changelog

Sourced from pyopenssl's changelog.

24.3.0 (2024-11-27)

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

• Removed the deprecated OpenSSL.crypto.CRL, OpenSSL.crypto.Revoked, OpenSSL.crypto.dump_crl, and OpenSSL.crypto.load_crl. cryptography.x509's CRL functionality should be used instead.
• Removed the deprecated OpenSSL.crypto.sign and OpenSSL.crypto.verify. cryptography.hazmat.primitives.asymmetric's signature APIs should be used instead.

Deprecations: ^^^^^^^^^^^^^

• Deprecated OpenSSL.rand - callers should use os.urandom() instead.
• Deprecated add_extensions and get_extensions on OpenSSL.crypto.X509Req and OpenSSL.crypto.X509. These should have been deprecated at the same time X509Extension was. Users should use pyca/cryptography's X.509 APIs instead.
• Deprecated OpenSSL.crypto.get_elliptic_curves and OpenSSL.crypto.get_elliptic_curve, as well as passing the reult of them to OpenSSL.SSL.Context.set_tmp_ecdh, users should instead pass curves from cryptography.
• Deprecated passing X509 objects to OpenSSL.SSL.Context.use_certificate, OpenSSL.SSL.Connection.use_certificate, OpenSSL.SSL.Context.add_extra_chain_cert, and OpenSSL.SSL.Context.add_client_ca, users should instead pass cryptography.x509.Certificate instances. This is in preparation for deprecating pyOpenSSL's X509 entirely.
• Deprecated passing PKey objects to OpenSSL.SSL.Context.use_privatekey and OpenSSL.SSL.Connection.use_privatekey, users should instead pass cryptography priate key instances. This is in preparation for deprecating pyOpenSSL's PKey entirely.

Changes: ^^^^^^^^

• cryptography maximum version has been increased to 44.0.x.
• OpenSSL.SSL.Connection.get_certificate, OpenSSL.SSL.Connection.get_peer_certificate, OpenSSL.SSL.Connection.get_peer_cert_chain, and OpenSSL.SSL.Connection.get_verified_chain now take an as_cryptography keyword-argument. When True is passed then cryptography.x509.Certificate are returned, instead of OpenSSL.crypto.X509. In the future, passing False (the default) will be deprecated.

Commits

• 9f82d97 Raise cryptography version and prepare the 24.3.0 release (#1381)
• 7e1660b Remove APIs that have been deprecated for a year (#1374)
• a6678a9 make deprecation warnings more prominent in docs (#1379)
• 0baa319 Reorganize how we test downstreams and add more (#1377)
• 24cc2c1 Refactor two tests that rely on deprecated APIs (#1375)
• a378d53 Bump actions/upload-artifact in /.github/actions/upload-coverage (#1372)
• ace2244 Bump actions/upload-artifact from 4.4.2 to 4.4.3 (#1371)
• f8ef486 Bump actions/upload-artifact in /.github/actions/upload-coverage (#1370)
• f8c2d99 Bump actions/upload-artifact from 4.4.1 to 4.4.2 (#1369)
• bad5ba4 Bump actions/upload-artifact in /.github/actions/upload-coverage (#1367)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[A5rocks]

This needs a release to fix trio's CI.

[A5rocks]

@pquentin could this get a review? I'm not 100% sure of my changes here because IDK why this didn't previously use the cryptography versions of things.

[pquentin]

Thanks! I'm assuming this used the pyOpenSSL way because this was supported there. Now that this is deprecated in pyOpenSSL, switching makes sense, thank you!

And sorry for the reviewing delay.