get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/patches/1526550/
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 1526550,
    "url": "http://patchwork.ozlabs.org/api/patches/1526550/",
    "web_url": "http://patchwork.ozlabs.org/project/openvswitch/patch/057c448a2071837817697a74aab3746b921b001f.1631284442.git.tredaelli@redhat.com/",
    "project": {
        "id": 47,
        "url": "http://patchwork.ozlabs.org/api/projects/47/",
        "name": "Open vSwitch",
        "link_name": "openvswitch",
        "list_id": "ovs-dev.openvswitch.org",
        "list_email": "ovs-dev@openvswitch.org",
        "web_url": "http://openvswitch.org/",
        "scm_url": "git@github.com:openvswitch/ovs.git",
        "webscm_url": "https://github.com/openvswitch/ovs",
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<057c448a2071837817697a74aab3746b921b001f.1631284442.git.tredaelli@redhat.com>",
    "list_archive_url": null,
    "date": "2021-09-10T14:34:02",
    "name": "[ovs-dev] python: replace pyOpenSSL with ssl",
    "commit_ref": null,
    "pull_url": null,
    "state": "superseded",
    "archived": false,
    "hash": "d8b38bffffa55b1bb5c170978769853533b9ffc0",
    "submitter": {
        "id": 70949,
        "url": "http://patchwork.ozlabs.org/api/people/70949/",
        "name": "Timothy Redaelli",
        "email": "tredaelli@redhat.com"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/openvswitch/patch/057c448a2071837817697a74aab3746b921b001f.1631284442.git.tredaelli@redhat.com/mbox/",
    "series": [
        {
            "id": 261788,
            "url": "http://patchwork.ozlabs.org/api/series/261788/",
            "web_url": "http://patchwork.ozlabs.org/project/openvswitch/list/?series=261788",
            "date": "2021-09-10T14:34:02",
            "name": "[ovs-dev] python: replace pyOpenSSL with ssl",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/261788/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/1526550/comments/",
    "check": "success",
    "checks": "http://patchwork.ozlabs.org/api/patches/1526550/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<ovs-dev-bounces@openvswitch.org>",
        "X-Original-To": [
            "incoming@patchwork.ozlabs.org",
            "dev@openvswitch.org"
        ],
        "Delivered-To": [
            "patchwork-incoming@bilbo.ozlabs.org",
            "ovs-dev@lists.linuxfoundation.org"
        ],
        "Authentication-Results": [
            "ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (1024-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=hhvzNuNj;\n\tdkim-atps=neutral",
            "ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org\n (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org;\n envelope-from=ovs-dev-bounces@openvswitch.org; receiver=<UNKNOWN>)",
            "smtp1.osuosl.org (amavisd-new);\n dkim=pass (1024-bit key) header.d=redhat.com",
            "relay.mimecast.com;\n auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=tredaelli@redhat.com"
        ],
        "Received": [
            "from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest\n SHA256)\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 4H5dfy2mXbz9sRf\n\tfor <incoming@patchwork.ozlabs.org>; Sat, 11 Sep 2021 00:34:18 +1000 (AEST)",
            "from localhost (localhost [127.0.0.1])\n\tby smtp3.osuosl.org (Postfix) with ESMTP id AF68A6077C;\n\tFri, 10 Sep 2021 14:34:15 +0000 (UTC)",
            "from smtp3.osuosl.org ([127.0.0.1])\n\tby localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n\twith ESMTP id GypGbTA65ra2; Fri, 10 Sep 2021 14:34:14 +0000 (UTC)",
            "from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56])\n\tby smtp3.osuosl.org (Postfix) with ESMTPS id BFC626001B;\n\tFri, 10 Sep 2021 14:34:13 +0000 (UTC)",
            "from lf-lists.osuosl.org (localhost [127.0.0.1])\n\tby lists.linuxfoundation.org (Postfix) with ESMTP id 9404BC000F;\n\tFri, 10 Sep 2021 14:34:13 +0000 (UTC)",
            "from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138])\n by lists.linuxfoundation.org (Postfix) with ESMTP id C5449C000D\n for <dev@openvswitch.org>; Fri, 10 Sep 2021 14:34:11 +0000 (UTC)",
            "from localhost (localhost [127.0.0.1])\n by smtp1.osuosl.org (Postfix) with ESMTP id B4D9180F65\n for <dev@openvswitch.org>; Fri, 10 Sep 2021 14:34:11 +0000 (UTC)",
            "from smtp1.osuosl.org ([127.0.0.1])\n by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)\n with ESMTP id gpxWDSUZ1kYO for <dev@openvswitch.org>;\n Fri, 10 Sep 2021 14:34:10 +0000 (UTC)",
            "from us-smtp-delivery-124.mimecast.com\n (us-smtp-delivery-124.mimecast.com [216.205.24.124])\n by smtp1.osuosl.org (Postfix) with ESMTPS id 38FCD80F89\n for <dev@openvswitch.org>; Fri, 10 Sep 2021 14:34:10 +0000 (UTC)",
            "from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com\n [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id\n us-mta-451-UDYEvxfCN3C7OyiayPIv0Q-1; Fri, 10 Sep 2021 10:34:07 -0400",
            "from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com\n [10.5.11.22])\n (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n (No client certificate requested)\n by mimecast-mx01.redhat.com (Postfix) with ESMTPS id BE00881431C\n for <dev@openvswitch.org>; Fri, 10 Sep 2021 14:34:06 +0000 (UTC)",
            "from carbon.redhat.com (unknown [10.39.192.61])\n by smtp.corp.redhat.com (Postfix) with ESMTP id EF0ED100EBC1\n for <dev@openvswitch.org>; Fri, 10 Sep 2021 14:34:05 +0000 (UTC)"
        ],
        "X-Virus-Scanned": [
            "amavisd-new at osuosl.org",
            "amavisd-new at osuosl.org"
        ],
        "X-Greylist": "domain auto-whitelisted by SQLgrey-1.8.0",
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;\n s=mimecast20190719; t=1631284449;\n h=from:from:reply-to:subject:subject:date:date:message-id:message-id:\n to:to:cc:mime-version:mime-version:content-type:content-type:\n content-transfer-encoding:content-transfer-encoding;\n bh=Fe22c9c2LZgeVdFk9twqllee/ioqeTUIWYsDJtVzX08=;\n b=hhvzNuNjqo/sKiYh8/3I4IBlYm1WgbPqBHZ2W2subZDKs0q2ZzZmM/u+YDDR/pyZAYllxa\n mJB32T0voX4vXMhT7BRb4v6084a5GdbFGQWLt4muvhVi3a1btnRBpBJR8opwqwVdsKnhtS\n i4WDPdYoBvvJYk3Njja/mEqPRnJxCd4=",
        "X-MC-Unique": "UDYEvxfCN3C7OyiayPIv0Q-1",
        "From": "Timothy Redaelli <tredaelli@redhat.com>",
        "To": "dev@openvswitch.org",
        "Date": "Fri, 10 Sep 2021 16:34:02 +0200",
        "Message-Id": "\n <057c448a2071837817697a74aab3746b921b001f.1631284442.git.tredaelli@redhat.com>",
        "MIME-Version": "1.0",
        "X-Scanned-By": "MIMEDefang 2.84 on 10.5.11.22",
        "X-Mimecast-Spam-Score": "0",
        "X-Mimecast-Originator": "redhat.com",
        "Subject": "[ovs-dev] [PATCH] python: replace pyOpenSSL with ssl",
        "X-BeenThere": "ovs-dev@openvswitch.org",
        "X-Mailman-Version": "2.1.15",
        "Precedence": "list",
        "List-Id": "<ovs-dev.openvswitch.org>",
        "List-Unsubscribe": "<https://mail.openvswitch.org/mailman/options/ovs-dev>,\n <mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>",
        "List-Archive": "<http://mail.openvswitch.org/pipermail/ovs-dev/>",
        "List-Post": "<mailto:ovs-dev@openvswitch.org>",
        "List-Help": "<mailto:ovs-dev-request@openvswitch.org?subject=help>",
        "List-Subscribe": "<https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,\n <mailto:ovs-dev-request@openvswitch.org?subject=subscribe>",
        "Content-Type": "text/plain; charset=\"us-ascii\"",
        "Content-Transfer-Encoding": "7bit",
        "Errors-To": "ovs-dev-bounces@openvswitch.org",
        "Sender": "\"dev\" <ovs-dev-bounces@openvswitch.org>"
    },
    "content": "Currently, pyOpenSSL is half-deprecated upstream and so it's removed on\nsome distributions (for example on CentOS Stream 9,\nhttps://issues.redhat.com/browse/CS-336), but since OVS only\nsupports Python 3 it's possible to replace pyOpenSSL with \"import ssl\"\nincluded in base Python 3.\n\nStream recv and send had to be splitted as _recv and _send, since SSLError\nis a subclass of socket.error and so it was not possible to except for\nSSLWantReadError and SSLWantWriteError in recv and send of SSLStream.\n\nReported-by: Timothy Redaelli <tredaelli@redhat.com>\nReported-at: https://bugzilla.redhat.com/1988429\nSigned-off-by: Timothy Redaelli <tredaelli@redhat.com>\n---\n .ci/linux-prepare.sh |  2 +-\n .cirrus.yml          |  2 +-\n .travis.yml          |  1 -\n python/ovs/poller.py |  6 ++--\n python/ovs/stream.py | 75 +++++++++++++++++++++++---------------------\n tests/ovsdb-idl.at   |  2 +-\n 6 files changed, 46 insertions(+), 42 deletions(-)",
    "diff": "diff --git a/.ci/linux-prepare.sh b/.ci/linux-prepare.sh\nindex c55125cf7..b9b499bad 100755\n--- a/.ci/linux-prepare.sh\n+++ b/.ci/linux-prepare.sh\n@@ -21,7 +21,7 @@ make -j4 HAVE_LLVM= HAVE_SQLITE= install\n cd ..\n \n pip3 install --disable-pip-version-check --user \\\n-    flake8 hacking sphinx pyOpenSSL wheel setuptools\n+    flake8 hacking sphinx wheel setuptools\n pip3 install --user --upgrade docutils\n pip3 install --user  'meson==0.47.1'\n \ndiff --git a/.cirrus.yml b/.cirrus.yml\nindex 358f2ba25..bb206f35f 100644\n--- a/.cirrus.yml\n+++ b/.cirrus.yml\n@@ -9,7 +9,7 @@ freebsd_build_task:\n \n   env:\n     DEPENDENCIES: automake libtool gmake gcc wget openssl python3\n-    PY_DEPS:      sphinx|openssl\n+    PY_DEPS:      sphinx\n     matrix:\n       COMPILER: gcc\n       COMPILER: clang\ndiff --git a/.travis.yml b/.travis.yml\nindex 51d051108..c7aeede06 100644\n--- a/.travis.yml\n+++ b/.travis.yml\n@@ -17,7 +17,6 @@ addons:\n       - libjemalloc-dev\n       - libnuma-dev\n       - libpcap-dev\n-      - python3-openssl\n       - python3-pip\n       - python3-sphinx\n       - libelf-dev\ndiff --git a/python/ovs/poller.py b/python/ovs/poller.py\nindex 3624ec865..157719c3a 100644\n--- a/python/ovs/poller.py\n+++ b/python/ovs/poller.py\n@@ -26,9 +26,9 @@ if sys.platform == \"win32\":\n     import ovs.winutils as winutils\n \n try:\n-    from OpenSSL import SSL\n+    import ssl\n except ImportError:\n-    SSL = None\n+    ssl = None\n \n try:\n     from eventlet import patcher as eventlet_patcher\n@@ -73,7 +73,7 @@ class _SelectSelect(object):\n     def register(self, fd, events):\n         if isinstance(fd, socket.socket):\n             fd = fd.fileno()\n-        if SSL and isinstance(fd, SSL.Connection):\n+        if ssl and isinstance(fd, ssl.SSLSocket):\n             fd = fd.fileno()\n \n         if sys.platform != 'win32':\ndiff --git a/python/ovs/stream.py b/python/ovs/stream.py\nindex f5a520862..cd74b46be 100644\n--- a/python/ovs/stream.py\n+++ b/python/ovs/stream.py\n@@ -22,9 +22,9 @@ import ovs.socket_util\n import ovs.vlog\n \n try:\n-    from OpenSSL import SSL\n+    import ssl\n except ImportError:\n-    SSL = None\n+    ssl = None\n \n if sys.platform == 'win32':\n     import ovs.winutils as winutils\n@@ -322,6 +322,12 @@ class Stream(object):\n         The recv function will not block waiting for data to arrive.  If no\n         data have been received, it returns (errno.EAGAIN, \"\") immediately.\"\"\"\n \n+        try:\n+            return self._recv(n)\n+        except socket.error as e:\n+            return (ovs.socket_util.get_exception_errno(e), \"\")\n+\n+    def _recv(self, n):\n         retval = self.connect()\n         if retval != 0:\n             return (retval, \"\")\n@@ -331,10 +337,7 @@ class Stream(object):\n         if sys.platform == 'win32' and self.socket is None:\n             return self.__recv_windows(n)\n \n-        try:\n-            return (0, self.socket.recv(n))\n-        except socket.error as e:\n-            return (ovs.socket_util.get_exception_errno(e), \"\")\n+        return (0, self.socket.recv(n))\n \n     def __recv_windows(self, n):\n         if self._read_pending:\n@@ -396,6 +399,12 @@ class Stream(object):\n         Will not block.  If no bytes can be immediately accepted for\n         transmission, returns -errno.EAGAIN immediately.\"\"\"\n \n+        try:\n+            return self._send(buf)\n+        except socket.error as e:\n+            return -ovs.socket_util.get_exception_errno(e)\n+\n+    def _send(self, buf):\n         retval = self.connect()\n         if retval != 0:\n             return -retval\n@@ -409,10 +418,7 @@ class Stream(object):\n         if sys.platform == 'win32' and self.socket is None:\n             return self.__send_windows(buf)\n \n-        try:\n-            return self.socket.send(buf)\n-        except socket.error as e:\n-            return -ovs.socket_util.get_exception_errno(e)\n+        return self.socket.send(buf)\n \n     def __send_windows(self, buf):\n         if self._write_pending:\n@@ -769,17 +775,13 @@ class SSLStream(Stream):\n     def check_connection_completion(sock):\n         try:\n             return Stream.check_connection_completion(sock)\n-        except SSL.SysCallError as e:\n+        except ssl.SSLSyscallError as e:\n             return ovs.socket_util.get_exception_errno(e)\n \n     @staticmethod\n     def needs_probes():\n         return True\n \n-    @staticmethod\n-    def verify_cb(conn, cert, errnum, depth, ok):\n-        return ok\n-\n     @staticmethod\n     def _open(suffix, dscp):\n         error, sock = TCPStream._open(suffix, dscp)\n@@ -787,17 +789,16 @@ class SSLStream(Stream):\n             return error, None\n \n         # Create an SSL context\n-        ctx = SSL.Context(SSL.SSLv23_METHOD)\n-        ctx.set_verify(SSL.VERIFY_PEER, SSLStream.verify_cb)\n-        ctx.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)\n+        ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)\n+        ctx.verify_mode = ssl.CERT_REQUIRED\n+        ctx.options |= ssl.OP_NO_SSLv2\n+        ctx.options |= ssl.OP_NO_SSLv3\n         # If the client has not set the SSL configuration files\n         # exception would be raised.\n-        ctx.use_privatekey_file(Stream._SSL_private_key_file)\n-        ctx.use_certificate_file(Stream._SSL_certificate_file)\n         ctx.load_verify_locations(Stream._SSL_ca_cert_file)\n-\n-        ssl_sock = SSL.Connection(ctx, sock)\n-        ssl_sock.set_connect_state()\n+        ctx.load_cert_chain(Stream._SSL_certificate_file,\n+                            Stream._SSL_private_key_file)\n+        ssl_sock = ctx.wrap_socket(sock, do_handshake_on_connect=False)\n         return error, ssl_sock\n \n     def connect(self):\n@@ -809,40 +810,44 @@ class SSLStream(Stream):\n         # TCP Connection is successful. Now do the SSL handshake\n         try:\n             self.socket.do_handshake()\n-        except SSL.WantReadError:\n+        except ssl.SSLWantReadError:\n             return errno.EAGAIN\n-        except SSL.SysCallError as e:\n+        except ssl.SSLSyscallError as e:\n             return ovs.socket_util.get_exception_errno(e)\n \n         return 0\n \n     def recv(self, n):\n         try:\n-            return super(SSLStream, self).recv(n)\n-        except SSL.WantReadError:\n+            return super(SSLStream, self)._recv(n)\n+        except ssl.SSLWantReadError:\n             return (errno.EAGAIN, \"\")\n-        except SSL.SysCallError as e:\n+        except ssl.SSLSyscallError as e:\n             return (ovs.socket_util.get_exception_errno(e), \"\")\n-        except SSL.ZeroReturnError:\n+        except ssl.SSLZeroReturnError:\n             return (0, \"\")\n+        except socket.error as e:\n+            return (ovs.socket_util.get_exception_errno(e), \"\")\n \n     def send(self, buf):\n         try:\n-            return super(SSLStream, self).send(buf)\n-        except SSL.WantWriteError:\n+            return super(SSLStream, self)._send(buf)\n+        except ssl.SSLWantWriteError:\n             return -errno.EAGAIN\n-        except SSL.SysCallError as e:\n+        except ssl.SSLSyscallError as e:\n+            return -ovs.socket_util.get_exception_errno(e)\n+        except socket.error as e:\n             return -ovs.socket_util.get_exception_errno(e)\n \n     def close(self):\n         if self.socket:\n             try:\n-                self.socket.shutdown()\n-            except SSL.Error:\n+                self.socket.shutdown(socket.SHUT_RDWR)\n+            except (socket.error, OSError, ValueError):\n                 pass\n         return super(SSLStream, self).close()\n \n \n-if SSL:\n+if ssl:\n     # Register SSL only if the OpenSSL module is available\n     Stream.register_method(\"ssl\", SSLStream)\ndiff --git a/tests/ovsdb-idl.at b/tests/ovsdb-idl.at\nindex 501c13b81..0f229b2f9 100644\n--- a/tests/ovsdb-idl.at\n+++ b/tests/ovsdb-idl.at\n@@ -225,7 +225,7 @@ m4_define([OVSDB_CHECK_IDL_TCP6_MULTIPLE_REMOTES_PY],\n m4_define([OVSDB_CHECK_IDL_SSL_PY],\n   [AT_SETUP([$1 - Python3 - SSL])\n    AT_SKIP_IF([test \"$HAVE_OPENSSL\" = no])\n-   $PYTHON3 -c \"import OpenSSL.SSL\"\n+   $PYTHON3 -c \"import ssl\"\n    SSL_PRESENT=$?\n    AT_SKIP_IF([test $SSL_PRESENT != 0])\n    AT_KEYWORDS([ovsdb server idl positive Python with ssl socket $5])\n",
    "prefixes": [
        "ovs-dev"
    ]
}