Update pyOpenSSL (#5639)

* [requires.io] dependency update

* [requires.io] dependency update

* [requires.io] dependency update

* [requires.io] dependency update

* [requires.io] dependency update

* [requires.io] dependency update

* [requires.io] dependency update

* [requires.io] dependency update

* [requires.io] dependency update

* [requires.io] dependency update

* [requires.io] dependency update

* [requires.io] dependency update

* Update setup.py

* use latest pyOpenSSL APIs

Co-authored-by: requires.io <support@requires.io>

mitmproxy/addons/tlsconfig.py

@@ -175,11 +175,8 @@ class TlsConfig:
         )
         tls_start.ssl_conn = SSL.Connection(ssl_ctx)
 
-        # Use pyOpenSSL API once it has shipped: https://github.com/pyca/pyopenssl/pull/1121
+        tls_start.ssl_conn.use_certificate(entry.cert.to_pyopenssl())
-        ok = SSL._lib.SSL_use_certificate(tls_start.ssl_conn._ssl, entry.cert.to_pyopenssl()._x509)  # type: ignore
+        tls_start.ssl_conn.use_privatekey(crypto.PKey.from_cryptography_key(entry.privatekey))
-        SSL._openssl_assert(ok == 1)  # type: ignore
-        ok = SSL._lib.SSL_use_PrivateKey(tls_start.ssl_conn._ssl, crypto.PKey.from_cryptography_key(entry.privatekey)._pkey)  # type: ignore
-        SSL._openssl_assert(ok == 1)  # type: ignore
 
         # Force HTTP/1 for secure web proxies, we currently don't support CONNECT over HTTP/2.
         # There is a proof-of-concept branch at https://github.com/mhils/mitmproxy/tree/http2-proxy,

setup.py

@@ -77,7 +77,7 @@ setup(
         "certifi>=2019.9.11",  # no semver here - this should always be on the last release!
         "cryptography>=38.0,<38.1",
         "flask>=1.1.1,<2.3",
-        "h11>=0.11,<0.14",
+        "h11>=0.11,<0.15",
         "h2>=4.1,<5",
         "hyperframe>=6.0,<7",
         "kaitaistruct>=0.10,<0.11",
@@ -86,7 +86,7 @@ setup(
         "msgpack>=1.0.0, <1.1.0",
         "passlib>=1.6.5, <1.8",
         "protobuf>=3.14,<5",
-        "pyOpenSSL>=22.0,<22.1",
+        "pyOpenSSL>=22.1,<22.2",
         "pyparsing>=2.4.2,<3.1",
         "pyperclip>=1.6.0,<1.9",
         "ruamel.yaml>=0.16,<0.18",
@@ -96,7 +96,7 @@ setup(
         "wsproto>=1.0,<1.3",
         "publicsuffix2>=2.20190812,<3",
         "zstandard>=0.11,<0.19",
-        "typing-extensions>=4.3,<4.4; python_version<'3.10'",
+        "typing-extensions>=4.3,<4.5; python_version<'3.10'",
     ],
     extras_require={
         ':sys_platform == "win32"': [
@@ -107,9 +107,9 @@ setup(
             "hypothesis>=5.8,<7",
             "parver>=0.1,<2.0",
             "pdoc>=4.0.0",
-            "pyinstaller==5.4.1",
+            "pyinstaller==5.5",
             "pytest-asyncio>=0.17,<0.20",
-            "pytest-cov>=2.7.1,<3.1",
+            "pytest-cov>=2.7.1,<4.1",
             "pytest-timeout>=1.3.3,<2.2",
             "pytest-xdist>=2.1.0,<3",
             "pytest>=6.1.0,<8",

test/mitmproxy/net/test_tls.py

@@ -47,11 +47,8 @@ def test_sslkeylogfile(tdata, monkeypatch):
     server = SSL.Connection(sctx)
     server.set_accept_state()
 
-    # Use pyOpenSSL API once it has shipped: https://github.com/pyca/pyopenssl/pull/1121
+    server.use_certificate(entry.cert.to_pyopenssl())
-    ok = SSL._lib.SSL_use_certificate(server._ssl, entry.cert.to_pyopenssl()._x509)  # type: ignore
+    server.use_privatekey(crypto.PKey.from_cryptography_key(entry.privatekey))
-    SSL._openssl_assert(ok == 1)  # type: ignore
-    ok = SSL._lib.SSL_use_PrivateKey(server._ssl, crypto.PKey.from_cryptography_key(entry.privatekey)._pkey)  # type: ignore
-    SSL._openssl_assert(ok == 1)  # type: ignore
 
     client = SSL.Connection(cctx)
     client.set_connect_state()

tox.ini

@@ -29,13 +29,13 @@ commands =
 
 [testenv:mypy]
 deps =
-  mypy==0.971
+  mypy==0.982
   types-certifi==2021.10.8.3
   types-Flask==1.1.6
   types-Werkzeug==1.0.9
-  types-requests==2.28.10
+  types-requests==2.28.11.2
   types-cryptography==3.3.23
-  types-pyOpenSSL==22.0.10
+  types-pyOpenSSL==22.1.0.0
   -e .[dev]
 
 commands =