dev-python/pyopenssl: Backport fixes for openssl-1.0.2

Package-Manager: portage-2.2.26
Signed-off-by: Justin Lecher <jlec@gentoo.org>

4 files changed, 191 insertions, 0 deletions

diff --git a/dev-python/pyopenssl/files/pyopenssl-0.15.1-openssl-1.0.2-backport-1.patch b/dev-python/pyopenssl/files/pyopenssl-0.15.1-openssl-1.0.2-backport-1.patch
new file mode 100644
index 000000000000..3e2c06c1abd1
--- /dev/null
+++ b/dev-python/pyopenssl/files/pyopenssl-0.15.1-openssl-1.0.2-backport-1.patch
@@ -0,0 +1,19 @@
+ OpenSSL/test/test_ssl.py | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/OpenSSL/test/test_ssl.py b/OpenSSL/test/test_ssl.py
+index bb1c9ae..d3bffe7 100644
+--- a/OpenSSL/test/test_ssl.py
++++ b/OpenSSL/test/test_ssl.py
+@@ -1416,6 +1416,11 @@ class ContextTests(TestCase, _LoopbackMixin):
+         """
+         context = Context(TLSv1_METHOD)
+         for curve in get_elliptic_curves():
++            if curve.name.startswith(u"Oakley-"):
++                # Setting Oakley-EC2N-4 and Oakley-EC2N-3 adds
++                # ('bignum routines', 'BN_mod_inverse', 'no inverse') to the
++                # error queue on OpenSSL 1.0.2.
++                continue
+             # The only easily "assertable" thing is that it does not raise an
+             # exception.
+             context.set_tmp_ecdh(curve)
diff --git a/dev-python/pyopenssl/files/pyopenssl-0.15.1-openssl-1.0.2-backport-2.patch b/dev-python/pyopenssl/files/pyopenssl-0.15.1-openssl-1.0.2-backport-2.patch
new file mode 100644
index 000000000000..be3c18039480
--- /dev/null
+++ b/dev-python/pyopenssl/files/pyopenssl-0.15.1-openssl-1.0.2-backport-2.patch
@@ -0,0 +1,31 @@
+ OpenSSL/crypto.py           | 3 +++
+ OpenSSL/test/test_crypto.py | 2 +-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/OpenSSL/crypto.py b/OpenSSL/crypto.py
+index 555ba24..2c1eddb 100644
+--- a/OpenSSL/crypto.py
++++ b/OpenSSL/crypto.py
+@@ -464,6 +464,9 @@ class X509Name(object):
+         if isinstance(value, _text_type):
+             value = value.encode('utf-8')
+ 
++        # Make it so OpenSSL generates utf-8 strings.
++        _lib.ASN1_STRING_set_default_mask_asc(b'utf8only')
++
+         add_result = _lib.X509_NAME_add_entry_by_NID(
+             self._name, nid, _lib.MBSTRING_UTF8, value, -1, -1, 0)
+         if not add_result:
+diff --git a/OpenSSL/test/test_crypto.py b/OpenSSL/test/test_crypto.py
+index 1620623..b817451 100644
+--- a/OpenSSL/test/test_crypto.py
++++ b/OpenSSL/test/test_crypto.py
+@@ -1003,7 +1003,7 @@ class X509NameTests(TestCase):
+         self.assertEqual(
+             a.der(),
+             b('0\x1b1\x0b0\t\x06\x03U\x04\x06\x13\x02US'
+-              '1\x0c0\n\x06\x03U\x04\x03\x13\x03foo'))
++              '1\x0c0\n\x06\x03U\x04\x03\x0c\x03foo'))
+ 
+ 
+     def test_get_components(self):
diff --git a/dev-python/pyopenssl/files/pyopenssl-0.15.1-openssl-1.0.2-backport.patch b/dev-python/pyopenssl/files/pyopenssl-0.15.1-openssl-1.0.2-backport.patch
new file mode 100644
index 000000000000..048ede23786e
--- /dev/null
+++ b/dev-python/pyopenssl/files/pyopenssl-0.15.1-openssl-1.0.2-backport.patch
@@ -0,0 +1,84 @@
+From fc18f7bed12f58100c3a5eef3dbae29c9a26f18a Mon Sep 17 00:00:00 2001
+From: Jeff Tang <mrjefftang@users.noreply.github.com>
+Date: Wed, 15 Apr 2015 17:42:33 -0400
+Subject: [PATCH] OpenSSL 1.0.2 Compatibility
+
+- Perform the time comparison in python to fix #192
+- Add root cert has_expired test
+- Self sign test cert to fix issue in #149
+- Change test case to verify digest of a valid certficate
+---
+ OpenSSL/crypto.py           |  9 +++++----
+ OpenSSL/test/test_crypto.py | 15 +++++++++++++--
+ 2 files changed, 18 insertions(+), 6 deletions(-)
+
+diff --git a/OpenSSL/crypto.py b/OpenSSL/crypto.py
+index c7bdabc..1b1058e 100644
+--- a/OpenSSL/crypto.py
++++ b/OpenSSL/crypto.py
+@@ -1,5 +1,6 @@
+-from time import time
++from time import time, strptime
+ from base64 import b16encode
++from calendar import timegm
+ from functools import partial
+ from operator import __eq__, __ne__, __lt__, __le__, __gt__, __ge__
+ from warnings import warn as _warn
+@@ -1161,10 +1162,10 @@ def has_expired(self):
+         :return: True if the certificate has expired, false otherwise
+         """
+         now = int(time())
+-        notAfter = _lib.X509_get_notAfter(self._x509)
+-        return _lib.ASN1_UTCTIME_cmp_time_t(
+-            _ffi.cast('ASN1_UTCTIME*', notAfter), now) < 0
++        notAfter = self.get_notAfter().decode('utf-8')
++        notAfterSecs = timegm(strptime(notAfter, '%Y%m%d%H%M%SZ'))
+ 
++        return now > notAfterSecs
+ 
+     def _get_boundary_time(self, which):
+         return _get_asn1_time(which(self._x509))
+diff --git a/OpenSSL/test/test_crypto.py b/OpenSSL/test/test_crypto.py
+index 73e9cc7..b817451 100644
+--- a/OpenSSL/test/test_crypto.py
++++ b/OpenSSL/test/test_crypto.py
+@@ -1562,19 +1562,29 @@ def test_has_not_expired(self):
+         cert.gmtime_adj_notAfter(2)
+         self.assertFalse(cert.has_expired())
+ 
++    def test_root_has_not_expired(self):
++        """
++        :py:obj:`X509Type.has_expired` returns :py:obj:`False` if the certificate's not-after
++        time is in the future.
++        """
++        cert = load_certificate(FILETYPE_PEM, root_cert_pem)
++        self.assertFalse(cert.has_expired())
++
+ 
+     def test_digest(self):
+         """
+         :py:obj:`X509.digest` returns a string giving ":"-separated hex-encoded words
+         of the digest of the certificate.
+         """
+-        cert = X509()
++        cert = load_certificate(FILETYPE_PEM, root_cert_pem)
+         self.assertEqual(
+             # This is MD5 instead of GOOD_DIGEST because the digest algorithm
+             # actually matters to the assertion (ie, another arbitrary, good
+             # digest will not product the same digest).
++            # Digest verified with the command:
++            # openssl x509 -in root_cert.pem -noout -fingerprint -md5
+             cert.digest("MD5"),
+-            b("A8:EB:07:F8:53:25:0A:F2:56:05:C5:A5:C4:C4:C7:15"))
++            b("19:B3:05:26:2B:F8:F2:FF:0B:8F:21:07:A8:28:B8:75"))
+ 
+ 
+     def _extcert(self, pkey, extensions):
+@@ -1587,6 +1597,7 @@ def _extcert(self, pkey, extensions):
+         cert.set_notAfter(when)
+ 
+         cert.add_extensions(extensions)
++        cert.sign(pkey, 'sha1')
+         return load_certificate(
+             FILETYPE_PEM, dump_certificate(FILETYPE_PEM, cert))
+ 
diff --git a/dev-python/pyopenssl/pyopenssl-0.15.1-r1.ebuild b/dev-python/pyopenssl/pyopenssl-0.15.1-r1.ebuild
new file mode 100644
index 000000000000..0391eff6b536
--- /dev/null
+++ b/dev-python/pyopenssl/pyopenssl-0.15.1-r1.ebuild
@@ -0,0 +1,57 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+PYTHON_COMPAT=( python2_7 python3_{3,4,5} pypy )
+PYTHON_REQ_USE="threads(+)"
+
+inherit distutils-r1 flag-o-matic
+
+MY_PN=pyOpenSSL
+MY_P=${MY_PN}-${PV}
+
+DESCRIPTION="Python interface to the OpenSSL library"
+HOMEPAGE="
+	http://pyopenssl.sourceforge.net/
+	https://launchpad.net/pyopenssl
+	https://pypi.python.org/pypi/pyOpenSSL
+"
+SRC_URI="mirror://pypi/${MY_PN:0:1}/${MY_PN}/${MY_P}.tar.gz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~x86-freebsd ~x86-interix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris"
+IUSE="doc examples"
+
+RDEPEND="
+	>=dev-python/six-1.5.2[${PYTHON_USEDEP}]
+	>=dev-python/cryptography-0.7[${PYTHON_USEDEP}]"
+DEPEND="${RDEPEND}
+	doc? ( dev-python/sphinx[${PYTHON_USEDEP}] )"
+
+S=${WORKDIR}/${MY_P}
+
+PATCHES=(
+	"${FILESDIR}"/${P}-openssl-1.0.2-backport.patch
+	"${FILESDIR}"/${P}-openssl-1.0.2-backport-1.patch
+	"${FILESDIR}"/${P}-openssl-1.0.2-backport-2.patch
+)
+
+python_compile_all() {
+	use doc && emake -C doc html
+}
+
+python_test() {
+	esetup.py test
+
+	# https://bugs.launchpad.net/pyopenssl/+bug/1237953
+	rm -rf tmp* *.key *.pem || die
+}
+
+python_install_all() {
+	use doc && local HTML_DOCS=( doc/_build/html/. )
+	use examples && local EXAMPLES=( examples/. )
+	distutils-r1_python_install_all
+}