Description of problem: Any chance to update to 1.9, or are there too many differences? 1.9 - 2017-05-29 BACKWARDS INCOMPATIBLE: Elliptic Curve signature verification no longer returns True on success. This brings it in line with the interface’s documentation, and our intent. The correct way to use verify() has always been to check whether or not InvalidSignature was raised. BACKWARDS INCOMPATIBLE: Dropped support for macOS 10.7 and 10.8. BACKWARDS INCOMPATIBLE: The minimum supported PyPy version is now 5.3. None of these appear to be show stoppers. Version-Release number of selected component (if applicable): 1.7.2-3.el7
Ping? I think I'm going to proceed with this update.
Some issues: - need asn1crypto - see https://src.fedoraproject.org/rpms/python-asn1crypto/pull-request/1 - test failures: =================================== FAILURES =================================== __ TestNameConstraintsExtension.test_permitted_with_leading_period[backend0] ___ self = <tests.test_x509_ext.TestNameConstraintsExtension object at 0x7f3da5419940> backend = <cryptography.hazmat.backends.openssl.backend.Backend object at 0x7f3db526aba8> def test_permitted_with_leading_period(self, backend): cert = _load_cert( os.path.join( "x509", "custom", "nc_permitted.pem" ), x509.load_pem_x509_certificate, backend ) > nc = cert.extensions.get_extension_for_oid( ExtensionOID.NAME_CONSTRAINTS ).value tests/test_x509_ext.py:2915: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ src/cryptography/hazmat/backends/openssl/x509.py:130: in extensions return _CERTIFICATE_EXTENSION_PARSER.parse(self._backend, self._x509) src/cryptography/hazmat/backends/openssl/decode_asn1.py:249: in parse value = handler(backend, ext_data) src/cryptography/hazmat/backends/openssl/decode_asn1.py:441: in _decode_name_constraints permitted = _decode_general_subtrees(backend, nc.permittedSubtrees) src/cryptography/hazmat/backends/openssl/decode_asn1.py:458: in _decode_general_subtrees name = _decode_general_name(backend, obj.base) src/cryptography/hazmat/backends/openssl/decode_asn1.py:101: in _decode_general_name decoded = idna.decode(data) /usr/lib/python3.4/site-packages/idna/core.py:392: in decode s = ulabel(label) /usr/lib/python3.4/site-packages/idna/core.py:307: in ulabel check_label(label) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ label = '' def check_label(label): if isinstance(label, (bytes, bytearray)): label = label.decode('utf-8') if len(label) == 0: > raise IDNAError('Empty Label') E idna.core.IDNAError: Empty Label /usr/lib/python3.4/site-packages/idna/core.py:239: IDNAError ___ TestNameConstraintsExtension.test_excluded_with_leading_period[backend0] ___ self = <tests.test_x509_ext.TestNameConstraintsExtension object at 0x7f3db3c9a588> backend = <cryptography.hazmat.backends.openssl.backend.Backend object at 0x7f3db526aba8> def test_excluded_with_leading_period(self, backend): cert = _load_cert( os.path.join( "x509", "custom", "nc_excluded.pem" ), x509.load_pem_x509_certificate, backend ) > nc = cert.extensions.get_extension_for_oid( ExtensionOID.NAME_CONSTRAINTS ).value tests/test_x509_ext.py:2934: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ src/cryptography/hazmat/backends/openssl/x509.py:130: in extensions return _CERTIFICATE_EXTENSION_PARSER.parse(self._backend, self._x509) src/cryptography/hazmat/backends/openssl/decode_asn1.py:249: in parse value = handler(backend, ext_data) src/cryptography/hazmat/backends/openssl/decode_asn1.py:442: in _decode_name_constraints excluded = _decode_general_subtrees(backend, nc.excludedSubtrees) src/cryptography/hazmat/backends/openssl/decode_asn1.py:458: in _decode_general_subtrees name = _decode_general_name(backend, obj.base) src/cryptography/hazmat/backends/openssl/decode_asn1.py:101: in _decode_general_name decoded = idna.decode(data) /usr/lib/python3.4/site-packages/idna/core.py:392: in decode s = ulabel(label) /usr/lib/python3.4/site-packages/idna/core.py:307: in ulabel check_label(label) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ label = '' def check_label(label): if isinstance(label, (bytes, bytearray)): label = label.decode('utf-8') if len(label) == 0: > raise IDNAError('Empty Label') E idna.core.IDNAError: Empty Label /usr/lib/python3.4/site-packages/idna/core.py:239: IDNAError ___ TestNameConstraintsExtension.test_permitted_excluded_with_ips[backend0] ____ self = <tests.test_x509_ext.TestNameConstraintsExtension object at 0x7f3da518c5c0> backend = <cryptography.hazmat.backends.openssl.backend.Backend object at 0x7f3db526aba8> def test_permitted_excluded_with_ips(self, backend): cert = _load_cert( os.path.join( "x509", "custom", "nc_permitted_excluded.pem" ), x509.load_pem_x509_certificate, backend ) > nc = cert.extensions.get_extension_for_oid( ExtensionOID.NAME_CONSTRAINTS ).value tests/test_x509_ext.py:2953: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ src/cryptography/hazmat/backends/openssl/x509.py:130: in extensions return _CERTIFICATE_EXTENSION_PARSER.parse(self._backend, self._x509) src/cryptography/hazmat/backends/openssl/decode_asn1.py:249: in parse value = handler(backend, ext_data) src/cryptography/hazmat/backends/openssl/decode_asn1.py:442: in _decode_name_constraints excluded = _decode_general_subtrees(backend, nc.excludedSubtrees) src/cryptography/hazmat/backends/openssl/decode_asn1.py:458: in _decode_general_subtrees name = _decode_general_name(backend, obj.base) src/cryptography/hazmat/backends/openssl/decode_asn1.py:101: in _decode_general_name decoded = idna.decode(data) /usr/lib/python3.4/site-packages/idna/core.py:392: in decode s = ulabel(label) /usr/lib/python3.4/site-packages/idna/core.py:307: in ulabel check_label(label) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ label = '' def check_label(label): if isinstance(label, (bytes, bytearray)): label = label.decode('utf-8') if len(label) == 0: > raise IDNAError('Empty Label') E idna.core.IDNAError: Empty Label /usr/lib/python3.4/site-packages/idna/core.py:239: IDNAError ___________ TestNameConstraintsExtension.test_certbuilder[backend0] ____________ self = <tests.test_x509_ext.TestNameConstraintsExtension object at 0x7f3db3564eb8> backend = <cryptography.hazmat.backends.openssl.backend.Backend object at 0x7f3db526aba8> def test_certbuilder(self, backend): permitted = [u'.example.org', u'.\xf5\xe4\xf6\xfc.example.com', u'foobar.example.net'] private_key = RSA_KEY_2048.private_key(backend) builder = _make_certbuilder(private_key) builder = builder.add_extension( NameConstraints(permitted_subtrees=list(map(DNSName, permitted)), excluded_subtrees=[]), True) cert = builder.sign(private_key, hashes.SHA1(), backend) > result = [x.value for x in cert.extensions.get_extension_for_class( NameConstraints).value.permitted_subtrees] tests/test_x509_ext.py:3009: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ src/cryptography/hazmat/backends/openssl/x509.py:130: in extensions return _CERTIFICATE_EXTENSION_PARSER.parse(self._backend, self._x509) src/cryptography/hazmat/backends/openssl/decode_asn1.py:249: in parse value = handler(backend, ext_data) src/cryptography/hazmat/backends/openssl/decode_asn1.py:441: in _decode_name_constraints permitted = _decode_general_subtrees(backend, nc.permittedSubtrees) src/cryptography/hazmat/backends/openssl/decode_asn1.py:458: in _decode_general_subtrees name = _decode_general_name(backend, obj.base) src/cryptography/hazmat/backends/openssl/decode_asn1.py:101: in _decode_general_name decoded = idna.decode(data) /usr/lib/python3.4/site-packages/idna/core.py:392: in decode s = ulabel(label) /usr/lib/python3.4/site-packages/idna/core.py:307: in ulabel check_label(label) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ label = '' def check_label(label): if isinstance(label, (bytes, bytearray)): label = label.decode('utf-8') if len(label) == 0: > raise IDNAError('Empty Label') E idna.core.IDNAError: Empty Label /usr/lib/python3.4/site-packages/idna/core.py:239: IDNAError __________________________ test_deprecated_maccontext __________________________ def test_deprecated_maccontext(): with pytest.warns(utils.DeprecatedIn19): from cryptography.hazmat.primitives.interfaces import MACContext > assert MACContext E Failed: DID NOT WARN tests/hazmat/primitives/test_mac.py:15: Failed ============ 5 failed, 80181 passed, 6311 skipped in 250.50 seconds ============ - Would need to set to see if it breaks deps (jwt and paramiko) See https://src.fedoraproject.org/rpms/python3-cryptography/pull-request/2
EL7 is now at version 2.3-2.el7.