From df32d610869c73abf0840e148a0d7cdc64b1f61e Mon Sep 17 00:00:00 2001
From: Karl Parkinson <karljparkinson@gmail.com>
Date: Thu, 11 Nov 2021 01:37:00 -0700
Subject: [PATCH] Remove pyopenssl cruft (#4897)

* remove old pyopenssl cruft

* bump minimum version of pyopenssl

* add extra spaces to conform to style guide

* update changelog

* replace getattr with direct SSL method calls

* put version check back in but remove setdefault method calls

* tweak changelog wording

* bumb tox.ini pyOpenSSL dependency version

Co-authored-by: Karl Parkinson <karlparkinson@Karls-MBP.hitronhub.home>
---
 CHANGELOG.md         |  1 +
 mitmproxy/net/tls.py | 20 +++++++-------------
 setup.py             |  2 +-
 tox.ini              |  2 +-
 4 files changed, 10 insertions(+), 15 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f7211e99b..8db2dd771 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@
 * Fix a crash caused when editing string option (#4852, @rbdixon)
 * Base container image bumped to Debian 11 Bullseye (@Kriechi)
 * Upstream replays don't do CONNECT on plaintext HTTP requests (#4876, @HoffmannP)
+* Remove workarounds for old pyOpenSSL versions (#4831, @KarlParkinson)
 
 ## 28 September 2021: mitmproxy 7.0.4
 
diff --git a/mitmproxy/net/tls.py b/mitmproxy/net/tls.py
index 7e85fd55e..35532675b 100644
--- a/mitmproxy/net/tls.py
+++ b/mitmproxy/net/tls.py
@@ -21,29 +21,23 @@ from mitmproxy.net import check
 
 # redeclared here for strict type checking
 class Method(Enum):
-    # TODO: just SSL attributes once https://github.com/pyca/pyopenssl/pull/985 has landed.
-    TLS_SERVER_METHOD = getattr(SSL, "TLS_SERVER_METHOD", 8)
-    TLS_CLIENT_METHOD = getattr(SSL, "TLS_CLIENT_METHOD", 9)
+    TLS_SERVER_METHOD = SSL.TLS_SERVER_METHOD
+    TLS_CLIENT_METHOD = SSL.TLS_CLIENT_METHOD
 
 
-# TODO: remove once https://github.com/pyca/pyopenssl/pull/985 has landed.
 try:
     SSL._lib.TLS_server_method  # type: ignore
 except AttributeError as e:  # pragma: no cover
     raise RuntimeError("Your installation of the cryptography Python package is outdated.") from e
 
-SSL.Context._methods.setdefault(Method.TLS_SERVER_METHOD.value, SSL._lib.TLS_server_method)  # type: ignore
-SSL.Context._methods.setdefault(Method.TLS_CLIENT_METHOD.value, SSL._lib.TLS_client_method)  # type: ignore
-
 
 class Version(Enum):
     UNBOUNDED = 0
-    # TODO: just SSL attributes once https://github.com/pyca/pyopenssl/pull/985 has landed.
-    SSL3 = getattr(SSL, "SSL3_VERSION", 768)
-    TLS1 = getattr(SSL, "TLS1_VERSION", 769)
-    TLS1_1 = getattr(SSL, "TLS1_1_VERSION", 770)
-    TLS1_2 = getattr(SSL, "TLS1_2_VERSION", 771)
-    TLS1_3 = getattr(SSL, "TLS1_3_VERSION", 772)
+    SSL3 = SSL.SSL3_VERSION
+    TLS1 = SSL.TLS1_VERSION
+    TLS1_1 = SSL.TLS1_1_VERSION
+    TLS1_2 = SSL.TLS1_2_VERSION
+    TLS1_3 = SSL.TLS1_3_VERSION
 
 
 class Verify(Enum):
diff --git a/setup.py b/setup.py
index ff52eef9c..59ef56389 100644
--- a/setup.py
+++ b/setup.py
@@ -82,7 +82,7 @@ setup(
         "msgpack>=1.0.0, <1.1.0",
         "passlib>=1.6.5, <1.8",
         "protobuf>=3.14,<3.19",
-        "pyOpenSSL>=20.0,<21.1",
+        "pyOpenSSL>=21.0,<21.1",
         "pyparsing>=2.4.2,<2.5",
         "pyperclip>=1.6.0,<1.9",
         "ruamel.yaml>=0.16,<0.17.17",
diff --git a/tox.ini b/tox.ini
index 3fb39b90b..cbd69e163 100644
--- a/tox.ini
+++ b/tox.ini
@@ -35,7 +35,7 @@ deps =
   types-Werkzeug==1.0.5
   types-requests==2.25.9
   types-cryptography==3.3.5
-  types-pyOpenSSL==20.0.6
+  types-pyOpenSSL==21.0.0
 
 commands =
   mypy {posargs}