Hello community, here is the log from the commit of package python-trustme for openSUSE:Factory checked in at 2019-05-03 22:35:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-trustme (Old) and /work/SRC/openSUSE:Factory/.python-trustme.new.5148 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "python-trustme" Fri May 3 22:35:21 2019 rev:3 rq:698096 version:0.5.1 Changes: -------- --- /work/SRC/openSUSE:Factory/python-trustme/python-trustme.changes 2019-03-29 20:35:58.378536980 +0100 +++ /work/SRC/openSUSE:Factory/.python-trustme.new.5148/python-trustme.changes 2019-05-03 22:35:22.441168550 +0200 @@ -1,0 +2,6 @@ +Fri Apr 26 07:54:32 UTC 2019 - pgajdos@suse.com + +- version update to 0.5.1 + * Update key size to 2048 bits + +------------------------------------------------------------------- Old: ---- trustme-0.5.0.tar.gz New: ---- trustme-0.5.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-trustme.spec ++++++ --- /var/tmp/diff_new_pack.HEWEeT/_old 2019-05-03 22:35:23.381178908 +0200 +++ /var/tmp/diff_new_pack.HEWEeT/_new 2019-05-03 22:35:23.381178908 +0200 @@ -18,7 +18,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-trustme -Version: 0.5.0 +Version: 0.5.1 Release: 0 Summary: Fake CA provider for Python tests License: MIT OR Apache-2.0 ++++++ trustme-0.5.0.tar.gz -> trustme-0.5.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trustme-0.5.0/PKG-INFO new/trustme-0.5.1/PKG-INFO --- old/trustme-0.5.0/PKG-INFO 2019-01-22 06:10:11.000000000 +0100 +++ new/trustme-0.5.1/PKG-INFO 2019-04-15 11:14:58.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: trustme -Version: 0.5.0 +Version: 0.5.1 Summary: #1 quality TLS certs while you wait, for the discerning tester Home-page: https://github.com/python-trio/trustme Author: Nathaniel J. Smith diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trustme-0.5.0/docs/source/index.rst new/trustme-0.5.1/docs/source/index.rst --- old/trustme-0.5.0/docs/source/index.rst 2019-01-22 06:09:17.000000000 +0100 +++ new/trustme-0.5.1/docs/source/index.rst 2019-04-15 09:09:36.000000000 +0200 @@ -50,6 +50,15 @@ .. towncrier release notes start +Trustme 0.5.1 (2019-04-15) +-------------------------- + +Bugfixes +~~~~~~~~ + +- Update key size to 2048 bits, as required by recent Debian. (`#45 https://github.com/python-trio/trustme/issues/45`__) + + Trustme 0.5.0 (2019-01-21) -------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trustme-0.5.0/docs/source/trustme-trio-example.py new/trustme-0.5.1/docs/source/trustme-trio-example.py --- old/trustme-0.5.0/docs/source/trustme-trio-example.py 2019-01-22 06:07:24.000000000 +0100 +++ new/trustme-0.5.1/docs/source/trustme-trio-example.py 2019-04-15 09:09:05.000000000 +0200 @@ -2,6 +2,7 @@ import trustme import trio +import ssl # Create our fake certificates ca = trustme.CA() @@ -10,8 +11,8 @@ async def demo_server(server_raw_stream): - server_ssl_context = trio.ssl.create_default_context( - trio.ssl.Purpose.CLIENT_AUTH) + server_ssl_context = ssl.create_default_context( + ssl.Purpose.CLIENT_AUTH) # Set up the server's SSLContext to use our fake server cert server_cert.configure_cert(server_ssl_context) @@ -21,9 +22,9 @@ ca.configure_trust(server_ssl_context) # Verify that client sent us their TLS cert signed by a trusted CA - server_ssl_context.verify_mode = trio.ssl.CERT_REQUIRED + server_ssl_context.verify_mode = ssl.CERT_REQUIRED - server_ssl_stream = trio.ssl.SSLStream( + server_ssl_stream = trio.SSLStream( server_raw_stream, server_ssl_context, server_side=True, @@ -36,7 +37,7 @@ async def demo_client(client_raw_stream): - client_ssl_context = trio.ssl.create_default_context() + client_ssl_context = ssl.create_default_context() # Set up the client's SSLContext to trust our fake CA, that signed # our server cert, so that it can validate server's cert. @@ -45,7 +46,7 @@ # Set up the client's SSLContext to use our fake client cert client_cert.configure_cert(client_ssl_context) - client_ssl_stream = trio.ssl.SSLStream( + client_ssl_stream = trio.SSLStream( client_raw_stream, client_ssl_context, # Tell the client that it's looking for a trusted cert for this diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trustme-0.5.0/trustme/__init__.py new/trustme-0.5.1/trustme/__init__.py --- old/trustme-0.5.0/trustme/__init__.py 2019-01-22 06:07:24.000000000 +0100 +++ new/trustme-0.5.1/trustme/__init__.py 2019-04-15 09:09:05.000000000 +0200 @@ -30,10 +30,11 @@ except NameError: unicode = str -# On my laptop, making a CA + server certificate using 1024 bit keys takes ~40 -# ms, and using 4096 bit keys takes ~2 seconds. We want tests to run in 40 ms, -# not 2 seconds. -_KEY_SIZE = 1024 +# On my laptop, making a CA + server certificate using 2048 bit keys takes ~160 +# ms, and using 4096 bit keys takes ~2 seconds. We want tests to run in 160 ms, +# not 2 seconds. And we can't go lower, since Debian (and probably others) +# by default reject any keys with <2048 bits (see #45). +_KEY_SIZE = 2048 def _name(name, common_name=None): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trustme-0.5.0/trustme/_version.py new/trustme-0.5.1/trustme/_version.py --- old/trustme-0.5.0/trustme/_version.py 2019-01-22 06:08:07.000000000 +0100 +++ new/trustme-0.5.1/trustme/_version.py 2019-04-15 09:09:26.000000000 +0200 @@ -1 +1 @@ -__version__ = "0.5.0" +__version__ = "0.5.1" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/trustme-0.5.0/trustme.egg-info/PKG-INFO new/trustme-0.5.1/trustme.egg-info/PKG-INFO --- old/trustme-0.5.0/trustme.egg-info/PKG-INFO 2019-01-22 06:10:11.000000000 +0100 +++ new/trustme-0.5.1/trustme.egg-info/PKG-INFO 2019-04-15 11:14:58.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: trustme -Version: 0.5.0 +Version: 0.5.1 Summary: #1 quality TLS certs while you wait, for the discerning tester Home-page: https://github.com/python-trio/trustme Author: Nathaniel J. Smith