Use cryptography to load the pyOpenSSL certificates

docs-requirements.txt

@@ -28,7 +28,7 @@ jinja2==3.1.2
     # via sphinx
 markupsafe==3.0.2
     # via jinja2
-packaging==24.1
+packaging==24.2
     # via sphinx
 pycparser==2.22
     # via cffi

lint-requirements.txt

@@ -26,7 +26,7 @@ mypy-extensions==1.0.0
     # via
     #   black
     #   mypy
-packaging==24.1
+packaging==24.2
     # via
     #   black
     #   pytest
@@ -44,7 +44,7 @@ types-cffi==1.16.0.20240331
     # via types-pyopenssl
 types-pyopenssl==24.1.0.20240722
     # via -r lint-requirements.in
-types-setuptools==75.2.0.20241025
+types-setuptools==75.6.0.20241126
     # via types-cffi
 typing-extensions==4.12.2
     # via mypy

src/trustme/__init__.py

@@ -8,7 +8,7 @@
 from contextlib import contextmanager
 from enum import Enum
 from tempfile import NamedTemporaryFile
-from typing import TYPE_CHECKING, Generator, List, Optional, Union
+from typing import TYPE_CHECKING, Generator, List, Optional, Union, cast
 
 import idna
 from cryptography import x509
@@ -545,15 +545,13 @@ def configure_cert(self, ctx: Union[ssl.SSLContext, OpenSSL.SSL.Context]) -> Non
             with self.private_key_and_cert_chain_pem.tempfile() as path:
                 ctx.load_cert_chain(path)
         elif _smells_like_pyopenssl(ctx):
-            from OpenSSL.crypto import FILETYPE_PEM, load_certificate, load_privatekey
-
-            key = load_privatekey(FILETYPE_PEM, self.private_key_pem.bytes())
-            ctx.use_privatekey(key)
-            cert = load_certificate(FILETYPE_PEM, self.cert_chain_pems[0].bytes())
-            ctx.use_certificate(cert)
+            key = load_pem_private_key(self.private_key_pem.bytes(), None)
+            ctx.use_privatekey(key)  # type: ignore[arg-type]
+            cert = x509.load_pem_x509_certificate(self.cert_chain_pems[0].bytes())
+            ctx.use_certificate(cert)  # type: ignore[arg-type]
             for pem in self.cert_chain_pems[1:]:
-                cert = load_certificate(FILETYPE_PEM, pem.bytes())
-                ctx.add_extra_chain_cert(cert)
+                cert = x509.load_pem_x509_certificate(pem.bytes())
+                ctx.add_extra_chain_cert(cert)  # type: ignore[arg-type]
         else:
             raise TypeError(
                 "unrecognized context type {!r}".format(ctx.__class__.__name__)

test-requirements.txt

@@ -8,7 +8,7 @@ attrs==24.2.0
     # via service-identity
 cffi==1.17.1
     # via cryptography
-coverage[toml]==7.6.4
+coverage[toml]==7.6.8
     # via -r test-requirements.in
 cryptography==43.0.3
     # via
@@ -19,7 +19,7 @@ idna==3.10
     # via -r test-requirements.in
 iniconfig==2.0.0
     # via pytest
-packaging==24.1
+packaging==24.2
     # via pytest
 pluggy==1.5.0
     # via pytest
@@ -31,7 +31,7 @@ pyasn1-modules==0.4.1
     # via service-identity
 pycparser==2.22
     # via cffi
-pyopenssl==24.2.1
+pyopenssl==24.3.0
     # via -r test-requirements.in
 pytest==8.3.3
     # via -r test-requirements.in