Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package python-pyOpenSSL for 
openSUSE:Factory checked in at 2021-11-03 17:25:25
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-pyOpenSSL (Old)
 and      /work/SRC/openSUSE:Factory/.python-pyOpenSSL.new.1890 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "python-pyOpenSSL"

Wed Nov  3 17:25:25 2021 rev:41 rq:928309 version:21.0.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/python-pyOpenSSL/python-pyOpenSSL.changes        
2021-02-04 20:23:51.054805865 +0100
+++ 
/work/SRC/openSUSE:Factory/.python-pyOpenSSL.new.1890/python-pyOpenSSL.changes  
    2021-11-03 17:26:13.589335929 +0100
@@ -1,0 +2,17 @@
+Sat Oct 30 19:08:35 UTC 2021 - Matej Cepl <mc...@suse.com>
+
+- Add check_inv_ALPN_lists.patch checks for invalid ALPN lists
+  before calling OpenSSL (gh#pyca/pyopenssl#1056).
+
+-------------------------------------------------------------------
+Tue Oct 26 20:27:12 UTC 2021 - Dirk M??ller <dmuel...@suse.com>
+
+- update to 21.0.0:
+  - The minimum ``cryptography`` version is now 3.3.
+  - Drop support for Python 3.5
+  - Raise an error when an invalid ALPN value is set.
+  - Added ``OpenSSL.SSL.Context.set_min_proto_version`` and 
``OpenSSL.SSL.Context.set_max_proto_version``
+  - Updated ``to_cryptography`` and ``from_cryptography`` methods to support an
+    upcoming release of ``cryptography`` without raising deprecation warnings.
+
+-------------------------------------------------------------------

Old:
----
  pyOpenSSL-20.0.1.tar.gz

New:
----
  check_inv_ALPN_lists.patch
  pyOpenSSL-21.0.0.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python-pyOpenSSL.spec ++++++
--- /var/tmp/diff_new_pack.pBulzv/_old  2021-11-03 17:26:14.037336175 +0100
+++ /var/tmp/diff_new_pack.pBulzv/_new  2021-11-03 17:26:14.041336176 +0100
@@ -19,7 +19,7 @@
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 %define oldpython python
 Name:           python-pyOpenSSL
-Version:        20.0.1
+Version:        21.0.0
 Release:        0
 Summary:        Python wrapper module around the OpenSSL library
 License:        Apache-2.0
@@ -28,8 +28,11 @@
 # PATCH-FIX-UPSTREAM skip-networked-test.patch gh#pyca/pyopenssl#68 
mc...@suse.com
 # Mark tests requiring network access
 Patch0:         skip-networked-test.patch
+# PATCH-FIX-UPSTREAM check_inv_ALPN_lists.patch gh#pyca/pyopenssl#1056 
mc...@suse.com
+#  Check for invalid ALPN lists before calling OpenSSL
+Patch1:         check_inv_ALPN_lists.patch
 BuildRequires:  %{python_module cffi}
-BuildRequires:  %{python_module cryptography >= 2.8}
+BuildRequires:  %{python_module cryptography >= 3.3}
 BuildRequires:  %{python_module flaky}
 BuildRequires:  %{python_module pretend}
 BuildRequires:  %{python_module pytest >= 3.0.1}
@@ -40,7 +43,7 @@
 BuildRequires:  openssl
 BuildRequires:  python-rpm-macros
 Requires:       python-cffi
-Requires:       python-cryptography >= 2.8
+Requires:       python-cryptography >= 3.3
 Requires:       python-six >= 1.5.2
 Provides:       pyOpenSSL = %{version}
 BuildArch:      noarch

++++++ check_inv_ALPN_lists.patch ++++++
>From cc5c00ae5fd3c19d07fff79b5c4a08f5e58697ad Mon Sep 17 00:00:00 2001
From: "Nathaniel J. Smith" <n...@pobox.com>
Date: Wed, 27 Oct 2021 11:54:08 -0700
Subject: [PATCH 1/2] Check for invalid ALPN lists before calling OpenSSL, for
 consistency

Fixes gh-1043
---
 src/OpenSSL/SSL.py |   12 ++++++++++++
 tests/test_ssl.py  |    2 +-
 2 files changed, 13 insertions(+), 1 deletion(-)

--- a/src/OpenSSL/SSL.py
+++ b/src/OpenSSL/SSL.py
@@ -1423,6 +1423,12 @@ class Context(object):
             This list should be a Python list of bytestrings representing the
             protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``.
         """
+        # Different versions of OpenSSL are inconsistent about how they handle
+        # empty proto lists (see #1043), so we avoid the problem entirely by
+        # rejecting them ourselves.
+        if not protos:
+            raise ValueError("at least one protocol must be specified")
+
         # Take the list of protocols and join them together, prefixing them
         # with their lengths.
         protostr = b"".join(
@@ -2451,6 +2457,12 @@ class Connection(object):
             This list should be a Python list of bytestrings representing the
             protocols to offer, e.g. ``[b'http/1.1', b'spdy/2']``.
         """
+        # Different versions of OpenSSL are inconsistent about how they handle
+        # empty proto lists (see #1043), so we avoid the problem entirely by
+        # rejecting them ourselves.
+        if not protos:
+            raise ValueError("at least one protocol must be specified")
+
         # Take the list of protocols and join them together, prefixing them
         # with their lengths.
         protostr = b"".join(
--- a/tests/test_ssl.py
+++ b/tests/test_ssl.py
@@ -1934,7 +1934,7 @@ class TestApplicationLayerProtoNegotiati
         protocols list. Ensure that we produce a user-visible error.
         """
         context = Context(SSLv23_METHOD)
-        with pytest.raises(Error):
+        with pytest.raises(ValueError):
             context.set_alpn_protos([])
 
     def test_alpn_set_on_connection(self):
++++++ pyOpenSSL-20.0.1.tar.gz -> pyOpenSSL-21.0.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/pyOpenSSL-20.0.1/CHANGELOG.rst 
new/pyOpenSSL-21.0.0/CHANGELOG.rst
--- old/pyOpenSSL-20.0.1/CHANGELOG.rst  2020-12-15 16:30:54.000000000 +0100
+++ new/pyOpenSSL-21.0.0/CHANGELOG.rst  2021-09-29 00:58:24.000000000 +0200
@@ -4,6 +4,28 @@
 Versions are year-based with a strict backward-compatibility policy.
 The third digit is only for regressions.
 
+21.0.0 (2020-09-28)
+-------------------
+
+Backward-incompatible changes:
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+- The minimum ``cryptography`` version is now 3.3.
+- Drop support for Python 3.5
+
+Deprecations:
+^^^^^^^^^^^^^
+
+Changes:
+^^^^^^^^
+
+- Raise an error when an invalid ALPN value is set.
+  `#993 <https://github.com/pyca/pyopenssl/pull/993>`_
+- Added ``OpenSSL.SSL.Context.set_min_proto_version`` and 
``OpenSSL.SSL.Context.set_max_proto_version``
+  to set the minimum and maximum supported TLS version `#985 
<https://github.com/pyca/pyopenssl/pull/985>`_.
+- Updated ``to_cryptography`` and ``from_cryptography`` methods to support an 
upcoming release of ``cryptography`` without raising deprecation warnings.
+  `#1030 <https://github.com/pyca/pyopenssl/pull/1030>`_
+
 20.0.1 (2020-12-15)
 -------------------
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/pyOpenSSL-20.0.1/CONTRIBUTING.rst 
new/pyOpenSSL-21.0.0/CONTRIBUTING.rst
--- old/pyOpenSSL-20.0.1/CONTRIBUTING.rst       2020-12-15 16:30:54.000000000 
+0100
+++ new/pyOpenSSL-21.0.0/CONTRIBUTING.rst       2021-09-29 00:58:24.000000000 
+0200
@@ -116,5 +116,5 @@
 .. _members of PyCA: https://github.com/orgs/pyca/people
 .. _semantic newlines: 
http://rhodesmill.org/brandon/2012/one-sentence-per-line/
 .. _reStructuredText: http://sphinx-doc.org/rest.html
-.. _CHANGELOG.rst: https://github.com/pyca/pyopenssl/blob/master/CHANGELOG.rst
-.. _`Code of Conduct`: 
https://github.com/pyca/pyopenssl/blob/master/CODE_OF_CONDUCT.rst
+.. _CHANGELOG.rst: https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst
+.. _`Code of Conduct`: 
https://github.com/pyca/pyopenssl/blob/main/CODE_OF_CONDUCT.rst
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/pyOpenSSL-20.0.1/MANIFEST.in 
new/pyOpenSSL-21.0.0/MANIFEST.in
--- old/pyOpenSSL-20.0.1/MANIFEST.in    2020-12-15 16:30:54.000000000 +0100
+++ new/pyOpenSSL-21.0.0/MANIFEST.in    2021-09-29 00:58:24.000000000 +0200
@@ -1,6 +1,5 @@
 include             LICENSE MANIFEST.in *.rst tox.ini .coveragerc
-exclude             codecov.yml
+exclude             codecov.yml .readthedocs.yml
 recursive-include   tests           *.py
 recursive-include   doc             *
 prune               doc/_build
-prune               .travis
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/pyOpenSSL-20.0.1/PKG-INFO 
new/pyOpenSSL-21.0.0/PKG-INFO
--- old/pyOpenSSL-20.0.1/PKG-INFO       2020-12-15 16:31:35.327834800 +0100
+++ new/pyOpenSSL-21.0.0/PKG-INFO       2021-09-29 00:59:59.148302300 +0200
@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: pyOpenSSL
-Version: 20.0.1
+Version: 21.0.0
 Summary: Python wrapper module around the OpenSSL library
 Home-page: https://pyopenssl.org/
 Author: The pyOpenSSL developers
@@ -14,16 +14,15 @@
            :target: https://pyopenssl.org/en/stable/
            :alt: Stable Docs
         
-        .. image:: https://travis-ci.com/pyca/pyopenssl.svg?branch=master
-           :target: https://travis-ci.com/pyca/pyopenssl
-           :alt: Build status
+        .. image:: 
https://github.com/pyca/pyopenssl/workflows/CI/badge.svg?branch=main
+           :target: 
https://github.com/pyca/pyopenssl/actions?query=workflow%3ACI+branch%3Amain
         
-        .. image:: 
https://codecov.io/github/pyca/pyopenssl/branch/master/graph/badge.svg
+        .. image:: 
https://codecov.io/github/pyca/pyopenssl/branch/main/graph/badge.svg
            :target: https://codecov.io/github/pyca/pyopenssl
            :alt: Test coverage
         
         **Note:** The Python Cryptographic Authority **strongly suggests** the 
use of `pyca/cryptography`_
-        where possible. If you are using pyOpenSSL for anything other than 
making a TLS connection 
+        where possible. If you are using pyOpenSSL for anything other than 
making a TLS connection
         **you should move to cryptography and drop your pyOpenSSL dependency**.
         
         High-level wrapper around a subset of the OpenSSL library. Includes
@@ -58,6 +57,28 @@
         Release Information
         ===================
         
+        21.0.0 (2020-09-28)
+        -------------------
+        
+        Backward-incompatible changes:
+        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+        
+        - The minimum ``cryptography`` version is now 3.3.
+        - Drop support for Python 3.5
+        
+        Deprecations:
+        ^^^^^^^^^^^^^
+        
+        Changes:
+        ^^^^^^^^
+        
+        - Raise an error when an invalid ALPN value is set.
+          `#993 <https://github.com/pyca/pyopenssl/pull/993>`_
+        - Added ``OpenSSL.SSL.Context.set_min_proto_version`` and 
``OpenSSL.SSL.Context.set_max_proto_version``
+          to set the minimum and maximum supported TLS version `#985 
<https://github.com/pyca/pyopenssl/pull/985>`_.
+        - Updated ``to_cryptography`` and ``from_cryptography`` methods to 
support an upcoming release of ``cryptography`` without raising deprecation 
warnings.
+          `#1030 <https://github.com/pyca/pyopenssl/pull/1030>`_
+        
         20.0.1 (2020-12-15)
         -------------------
         
@@ -154,7 +175,6 @@
 Classifier: Programming Language :: Python :: 2
 Classifier: Programming Language :: Python :: 2.7
 Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.5
 Classifier: Programming Language :: Python :: 3.6
 Classifier: Programming Language :: Python :: 3.7
 Classifier: Programming Language :: Python :: 3.8
@@ -164,6 +184,6 @@
 Classifier: Topic :: Security :: Cryptography
 Classifier: Topic :: Software Development :: Libraries :: Python Modules
 Classifier: Topic :: System :: Networking
-Requires-Python: >=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*
-Provides-Extra: docs
+Requires-Python: >=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*
 Provides-Extra: test
+Provides-Extra: docs
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/pyOpenSSL-20.0.1/README.rst 
new/pyOpenSSL-21.0.0/README.rst
--- old/pyOpenSSL-20.0.1/README.rst     2020-12-15 16:30:54.000000000 +0100
+++ new/pyOpenSSL-21.0.0/README.rst     2021-09-29 00:58:24.000000000 +0200
@@ -6,16 +6,15 @@
    :target: https://pyopenssl.org/en/stable/
    :alt: Stable Docs
 
-.. image:: https://travis-ci.com/pyca/pyopenssl.svg?branch=master
-   :target: https://travis-ci.com/pyca/pyopenssl
-   :alt: Build status
+.. image:: https://github.com/pyca/pyopenssl/workflows/CI/badge.svg?branch=main
+   :target: 
https://github.com/pyca/pyopenssl/actions?query=workflow%3ACI+branch%3Amain
 
-.. image:: 
https://codecov.io/github/pyca/pyopenssl/branch/master/graph/badge.svg
+.. image:: https://codecov.io/github/pyca/pyopenssl/branch/main/graph/badge.svg
    :target: https://codecov.io/github/pyca/pyopenssl
    :alt: Test coverage
 
 **Note:** The Python Cryptographic Authority **strongly suggests** the use of 
`pyca/cryptography`_
-where possible. If you are using pyOpenSSL for anything other than making a 
TLS connection 
+where possible. If you are using pyOpenSSL for anything other than making a 
TLS connection
 **you should move to cryptography and drop your pyOpenSSL dependency**.
 
 High-level wrapper around a subset of the OpenSSL library. Includes
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/pyOpenSSL-20.0.1/doc/api/crypto.rst 
new/pyOpenSSL-21.0.0/doc/api/crypto.rst
--- old/pyOpenSSL-20.0.1/doc/api/crypto.rst     2020-12-15 16:30:54.000000000 
+0100
+++ new/pyOpenSSL-21.0.0/doc/api/crypto.rst     2021-09-29 00:58:24.000000000 
+0200
@@ -149,7 +149,6 @@
     .. data:: INHIBIT_MAP
     .. data:: NOTIFY_POLICY
     .. data:: CHECK_SS_SIGNATURE
-    .. data:: CB_ISSUER_CHECK
 
 .. _openssl-x509storeflags:
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/pyOpenSSL-20.0.1/doc/api/ssl.rst 
new/pyOpenSSL-21.0.0/doc/api/ssl.rst
--- old/pyOpenSSL-20.0.1/doc/api/ssl.rst        2020-12-15 16:30:54.000000000 
+0100
+++ new/pyOpenSSL-21.0.0/doc/api/ssl.rst        2021-09-29 00:58:24.000000000 
+0200
@@ -10,7 +10,10 @@
 This module handles things specific to SSL. There are two objects defined:
 Context, Connection.
 
-.. py:data:: SSLv2_METHOD
+.. py:data:: TLS_METHOD
+             TLS_SERVER_METHOD
+             TLS_CLIENT_METHOD
+             SSLv2_METHOD
              SSLv3_METHOD
              SSLv23_METHOD
              TLSv1_METHOD
@@ -18,11 +21,21 @@
              TLSv1_2_METHOD
 
     These constants represent the different SSL methods to use when creating a
-    context object.  If the underlying OpenSSL build is missing support for any
-    of these protocols, constructing a :py:class:`Context` using the
+    context object. New code should only use ``TLS_METHOD``, 
``TLS_SERVER_METHOD``,
+    or ``TLS_CLIENT_METHOD``. If the underlying OpenSSL build is missing 
support
+    for any of these protocols, constructing a :py:class:`Context` using the
     corresponding :py:const:`*_METHOD` will raise an exception.
 
 
+.. py:data:: SSL3_VERSION
+             TLS1_VERSION
+             TLS1_1_VERSION
+             TLS1_2_VERSION
+             TLS1_3_VERSION
+
+    These constants represent the different TLS versions to use when
+    setting the minimum or maximum TLS version.
+
 .. py:data:: VERIFY_NONE
              VERIFY_PEER
              VERIFY_FAIL_IF_NO_PEER_CERT
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/pyOpenSSL-20.0.1/doc/introduction.rst 
new/pyOpenSSL-21.0.0/doc/introduction.rst
--- old/pyOpenSSL-20.0.1/doc/introduction.rst   2020-12-15 16:30:54.000000000 
+0100
+++ new/pyOpenSSL-21.0.0/doc/introduction.rst   2021-09-29 00:58:24.000000000 
+0200
@@ -14,7 +14,7 @@
 Later it was maintained by `Jean-Paul Calderone`_ who among other things 
managed to make pyOpenSSL a pure Python project which the current maintainers 
are *very* grateful for.
 
 Over the time the standard library's ``ssl`` module improved, never reaching 
the completeness of pyOpenSSL's API coverage.
-Despite `PEP 466`_ many useful features remain Python 3-only and pyOpenSSL 
remains the only alternative for full-featured TLS code across all noteworthy 
Python versions from 2.7 through 3.5 and PyPy_.
+Despite `PEP 466`_ many useful features remain Python 3-only and pyOpenSSL 
remains the only alternative for full-featured TLS code across all noteworthy 
Python versions from 2.7 through 3.6 and PyPy_.
 
 
 Development
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/pyOpenSSL-20.0.1/pyproject.toml 
new/pyOpenSSL-21.0.0/pyproject.toml
--- old/pyOpenSSL-20.0.1/pyproject.toml 1970-01-01 01:00:00.000000000 +0100
+++ new/pyOpenSSL-21.0.0/pyproject.toml 2021-09-29 00:58:24.000000000 +0200
@@ -0,0 +1,4 @@
+[tool.black]
+line-length = 79
+target-version = ["py27"]
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/pyOpenSSL-20.0.1/setup.py 
new/pyOpenSSL-21.0.0/setup.py
--- old/pyOpenSSL-20.0.1/setup.py       2020-12-15 16:30:54.000000000 +0100
+++ new/pyOpenSSL-21.0.0/setup.py       2021-09-29 00:58:24.000000000 +0200
@@ -79,7 +79,6 @@
             "Programming Language :: Python :: 2",
             "Programming Language :: Python :: 2.7",
             "Programming Language :: Python :: 3",
-            "Programming Language :: Python :: 3.5",
             "Programming Language :: Python :: 3.6",
             "Programming Language :: Python :: 3.7",
             "Programming Language :: Python :: 3.8",
@@ -90,12 +89,14 @@
             "Topic :: Software Development :: Libraries :: Python Modules",
             "Topic :: System :: Networking",
         ],
-        python_requires=">=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*",
+        python_requires=(
+            ">=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*"
+        ),
         packages=find_packages(where="src"),
         package_dir={"": "src"},
         install_requires=[
             # Fix cryptographyMinimum in tox.ini when changing this!
-            "cryptography>=3.2",
+            "cryptography>=3.3",
             "six>=1.5.2",
         ],
         extras_require={
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/pyOpenSSL-20.0.1/src/OpenSSL/SSL.py 
new/pyOpenSSL-21.0.0/src/OpenSSL/SSL.py
--- old/pyOpenSSL-20.0.1/src/OpenSSL/SSL.py     2020-12-15 16:30:54.000000000 
+0100
+++ new/pyOpenSSL-21.0.0/src/OpenSSL/SSL.py     2021-09-29 00:58:24.000000000 
+0200
@@ -12,7 +12,6 @@
     UNSPECIFIED as _UNSPECIFIED,
     exception_from_error_queue as _exception_from_error_queue,
     ffi as _ffi,
-    from_buffer as _from_buffer,
     lib as _lib,
     make_assert as _make_assert,
     native as _native,
@@ -45,6 +44,14 @@
     "TLSv1_METHOD",
     "TLSv1_1_METHOD",
     "TLSv1_2_METHOD",
+    "TLS_METHOD",
+    "TLS_SERVER_METHOD",
+    "TLS_CLIENT_METHOD",
+    "SSL3_VERSION",
+    "TLS1_VERSION",
+    "TLS1_1_VERSION",
+    "TLS1_2_VERSION",
+    "TLS1_3_VERSION",
     "OP_NO_SSLv2",
     "OP_NO_SSLv3",
     "OP_NO_TLSv1",
@@ -110,6 +117,7 @@
     "WantX509LookupError",
     "ZeroReturnError",
     "SysCallError",
+    "NO_OVERLAPPING_PROTOCOLS",
     "SSLeay_version",
     "Session",
     "Context",
@@ -140,6 +148,24 @@
 TLSv1_METHOD = 4
 TLSv1_1_METHOD = 5
 TLSv1_2_METHOD = 6
+TLS_METHOD = 7
+TLS_SERVER_METHOD = 8
+TLS_CLIENT_METHOD = 9
+
+try:
+    SSL3_VERSION = _lib.SSL3_VERSION
+    TLS1_VERSION = _lib.TLS1_VERSION
+    TLS1_1_VERSION = _lib.TLS1_1_VERSION
+    TLS1_2_VERSION = _lib.TLS1_2_VERSION
+    TLS1_3_VERSION = _lib.TLS1_3_VERSION
+except AttributeError:
+    # Hardcode constants for cryptography < 3.4, see
+    # https://github.com/pyca/pyopenssl/pull/985#issuecomment-775186682
+    SSL3_VERSION = 768
+    TLS1_VERSION = 769
+    TLS1_1_VERSION = 770
+    TLS1_2_VERSION = 771
+    TLS1_3_VERSION = 772
 
 OP_NO_SSLv2 = _lib.SSL_OP_NO_SSLv2
 OP_NO_SSLv3 = _lib.SSL_OP_NO_SSLv3
@@ -604,8 +630,9 @@
     :class:`OpenSSL.SSL.Context` instances define the parameters for setting
     up new SSL connections.
 
-    :param method: One of SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, or
-        TLSv1_METHOD.
+    :param method: One of TLS_METHOD, TLS_CLIENT_METHOD, or TLS_SERVER_METHOD.
+                   SSLv23_METHOD, TLSv1_METHOD, etc. are deprecated and should
+                   not be used.
     """
 
     _methods = {
@@ -615,6 +642,9 @@
         TLSv1_METHOD: "TLSv1_method",
         TLSv1_1_METHOD: "TLSv1_1_method",
         TLSv1_2_METHOD: "TLSv1_2_method",
+        TLS_METHOD: "TLS_method",
+        TLS_SERVER_METHOD: "TLS_server_method",
+        TLS_CLIENT_METHOD: "TLS_client_method",
     }
     _methods = dict(
         (identifier, getattr(_lib, name))
@@ -662,6 +692,32 @@
 
         self.set_mode(_lib.SSL_MODE_ENABLE_PARTIAL_WRITE)
 
+    def set_min_proto_version(self, version):
+        """
+        Set the minimum supported protocol version. Setting the minimum
+        version to 0 will enable protocol versions down to the lowest version
+        supported by the library.
+
+        If the underlying OpenSSL build is missing support for the selected
+        version, this method will raise an exception.
+        """
+        _openssl_assert(
+            _lib.SSL_CTX_set_min_proto_version(self._context, version) == 1
+        )
+
+    def set_max_proto_version(self, version):
+        """
+        Set the maximum supported protocol version. Setting the maximum
+        version to 0 will enable protocol versions up to the highest version
+        supported by the library.
+
+        If the underlying OpenSSL build is missing support for the selected
+        version, this method will raise an exception.
+        """
+        _openssl_assert(
+            _lib.SSL_CTX_set_max_proto_version(self._context, version) == 1
+        )
+
     def load_verify_locations(self, cafile, capath=None):
         """
         Let SSL know where we can find trusted certificates for the certificate
@@ -1376,7 +1432,17 @@
         # Build a C string from the list. We don't need to save this off
         # because OpenSSL immediately copies the data out.
         input_str = _ffi.new("unsigned char[]", protostr)
-        _lib.SSL_CTX_set_alpn_protos(self._context, input_str, len(protostr))
+
+        # 
https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set_alpn_protos.html:
+        # SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos()
+        # return 0 on success, and non-0 on failure.
+        # WARNING: these functions reverse the return value convention.
+        _openssl_assert(
+            _lib.SSL_CTX_set_alpn_protos(
+                self._context, input_str, len(protostr)
+            )
+            == 0
+        )
 
     @_requires_alpn
     def set_alpn_select_callback(self, callback):
@@ -1641,7 +1707,7 @@
         # Backward compatibility
         buf = _text_to_bytes_and_warn("buf", buf)
 
-        with _from_buffer(buf) as data:
+        with _ffi.from_buffer(buf) as data:
             # check len(buf) instead of len(data) for testability
             if len(buf) > 2147483647:
                 raise ValueError(
@@ -1668,7 +1734,7 @@
         """
         buf = _text_to_bytes_and_warn("buf", buf)
 
-        with _from_buffer(buf) as data:
+        with _ffi.from_buffer(buf) as data:
 
             left_to_send = len(buf)
             total_sent = 0
@@ -1798,7 +1864,7 @@
         if self._into_ssl is None:
             raise TypeError("Connection sock was not None")
 
-        with _from_buffer(buf) as data:
+        with _ffi.from_buffer(buf) as data:
             result = _lib.BIO_write(self._into_ssl, data, len(data))
             if result <= 0:
                 self._handle_bio_errors(self._into_ssl, result)
@@ -2394,7 +2460,14 @@
         # Build a C string from the list. We don't need to save this off
         # because OpenSSL immediately copies the data out.
         input_str = _ffi.new("unsigned char[]", protostr)
-        _lib.SSL_set_alpn_protos(self._ssl, input_str, len(protostr))
+
+        # 
https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set_alpn_protos.html:
+        # SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos()
+        # return 0 on success, and non-0 on failure.
+        # WARNING: these functions reverse the return value convention.
+        _openssl_assert(
+            _lib.SSL_set_alpn_protos(self._ssl, input_str, len(protostr)) == 0
+        )
 
     @_requires_alpn
     def get_alpn_proto_negotiated(self):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/pyOpenSSL-20.0.1/src/OpenSSL/_util.py 
new/pyOpenSSL-21.0.0/src/OpenSSL/_util.py
--- old/pyOpenSSL-20.0.1/src/OpenSSL/_util.py   2020-12-15 16:30:54.000000000 
+0100
+++ new/pyOpenSSL-21.0.0/src/OpenSSL/_util.py   2021-09-29 00:58:24.000000000 
+0200
@@ -153,6 +153,3 @@
         )
         return obj.encode("utf-8")
     return obj
-
-
-from_buffer = ffi.from_buffer
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/pyOpenSSL-20.0.1/src/OpenSSL/crypto.py 
new/pyOpenSSL-21.0.0/src/OpenSSL/crypto.py
--- old/pyOpenSSL-20.0.1/src/OpenSSL/crypto.py  2020-12-15 16:30:54.000000000 
+0100
+++ new/pyOpenSSL-21.0.0/src/OpenSSL/crypto.py  2021-09-29 00:58:24.000000000 
+0200
@@ -244,11 +244,18 @@
 
         .. versionadded:: 16.1.0
         """
+        from cryptography.hazmat.primitives.serialization import (
+            load_der_private_key,
+            load_der_public_key,
+        )
+
         backend = _get_backend()
         if self._only_public:
-            return backend._evp_pkey_to_public_key(self._pkey)
+            der = dump_publickey(FILETYPE_ASN1, self)
+            return load_der_public_key(der, backend)
         else:
-            return backend._evp_pkey_to_private_key(self._pkey)
+            der = dump_privatekey(FILETYPE_ASN1, self)
+            return load_der_private_key(der, None, backend)
 
     @classmethod
     def from_cryptography_key(cls, crypto_key):
@@ -262,7 +269,6 @@
 
         .. versionadded:: 16.1.0
         """
-        pkey = cls()
         if not isinstance(
             crypto_key,
             (
@@ -274,11 +280,25 @@
         ):
             raise TypeError("Unsupported key type")
 
-        pkey._pkey = crypto_key._evp_pkey
+        from cryptography.hazmat.primitives.serialization import (
+            Encoding,
+            NoEncryption,
+            PrivateFormat,
+            PublicFormat,
+        )
+
         if isinstance(crypto_key, (rsa.RSAPublicKey, dsa.DSAPublicKey)):
-            pkey._only_public = True
-        pkey._initialized = True
-        return pkey
+            return load_publickey(
+                FILETYPE_ASN1,
+                crypto_key.public_bytes(
+                    Encoding.DER, PublicFormat.SubjectPublicKeyInfo
+                ),
+            )
+        else:
+            der = crypto_key.private_bytes(
+                Encoding.DER, PrivateFormat.PKCS8, NoEncryption()
+            )
+            return load_privatekey(FILETYPE_ASN1, der)
 
     def generate_key(self, type, bits):
         """
@@ -888,12 +908,12 @@
 
         .. versionadded:: 17.1.0
         """
-        from cryptography.hazmat.backends.openssl.x509 import (
-            _CertificateSigningRequest,
-        )
+        from cryptography.x509 import load_der_x509_csr
+
+        der = dump_certificate_request(FILETYPE_ASN1, self)
 
         backend = _get_backend()
-        return _CertificateSigningRequest(backend, self._req)
+        return load_der_x509_csr(der, backend)
 
     @classmethod
     def from_cryptography(cls, crypto_req):
@@ -910,9 +930,10 @@
         if not isinstance(crypto_req, x509.CertificateSigningRequest):
             raise TypeError("Must be a certificate signing request")
 
-        req = cls()
-        req._req = crypto_req._x509_req
-        return req
+        from cryptography.hazmat.primitives.serialization import Encoding
+
+        der = crypto_req.public_bytes(Encoding.DER)
+        return load_certificate_request(FILETYPE_ASN1, der)
 
     def set_pubkey(self, pkey):
         """
@@ -1109,10 +1130,11 @@
 
         .. versionadded:: 17.1.0
         """
-        from cryptography.hazmat.backends.openssl.x509 import _Certificate
+        from cryptography.x509 import load_der_x509_certificate
 
+        der = dump_certificate(FILETYPE_ASN1, self)
         backend = _get_backend()
-        return _Certificate(backend, self._x509)
+        return load_der_x509_certificate(der, backend)
 
     @classmethod
     def from_cryptography(cls, crypto_cert):
@@ -1129,9 +1151,10 @@
         if not isinstance(crypto_cert, x509.Certificate):
             raise TypeError("Must be a certificate")
 
-        cert = cls()
-        cert._x509 = crypto_cert._x509
-        return cert
+        from cryptography.hazmat.primitives.serialization import Encoding
+
+        der = crypto_cert.public_bytes(Encoding.DER)
+        return load_certificate(FILETYPE_ASN1, der)
 
     def set_version(self, version):
         """
@@ -1574,7 +1597,6 @@
     INHIBIT_MAP = _lib.X509_V_FLAG_INHIBIT_MAP
     NOTIFY_POLICY = _lib.X509_V_FLAG_NOTIFY_POLICY
     CHECK_SS_SIGNATURE = _lib.X509_V_FLAG_CHECK_SS_SIGNATURE
-    CB_ISSUER_CHECK = _lib.X509_V_FLAG_CB_ISSUER_CHECK
 
 
 class X509Store(object):
@@ -2260,12 +2282,12 @@
 
         .. versionadded:: 17.1.0
         """
-        from cryptography.hazmat.backends.openssl.x509 import (
-            _CertificateRevocationList,
-        )
+        from cryptography.x509 import load_der_x509_crl
+
+        der = dump_crl(FILETYPE_ASN1, self)
 
         backend = _get_backend()
-        return _CertificateRevocationList(backend, self._crl)
+        return load_der_x509_crl(der, backend)
 
     @classmethod
     def from_cryptography(cls, crypto_crl):
@@ -2282,9 +2304,10 @@
         if not isinstance(crypto_crl, x509.CertificateRevocationList):
             raise TypeError("Must be a certificate revocation list")
 
-        crl = cls()
-        crl._crl = crypto_crl._x509_crl
-        return crl
+        from cryptography.hazmat.primitives.serialization import Encoding
+
+        der = crypto_crl.public_bytes(Encoding.DER)
+        return load_crl(FILETYPE_ASN1, der)
 
     def get_revoked(self):
         """
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/pyOpenSSL-20.0.1/src/OpenSSL/version.py 
new/pyOpenSSL-21.0.0/src/OpenSSL/version.py
--- old/pyOpenSSL-20.0.1/src/OpenSSL/version.py 2020-12-15 16:30:54.000000000 
+0100
+++ new/pyOpenSSL-21.0.0/src/OpenSSL/version.py 2021-09-29 00:58:24.000000000 
+0200
@@ -17,7 +17,7 @@
     "__version__",
 ]
 
-__version__ = "20.0.1"
+__version__ = "21.0.0"
 
 __title__ = "pyOpenSSL"
 __uri__ = "https://pyopenssl.org/";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/pyOpenSSL-20.0.1/src/pyOpenSSL.egg-info/PKG-INFO 
new/pyOpenSSL-21.0.0/src/pyOpenSSL.egg-info/PKG-INFO
--- old/pyOpenSSL-20.0.1/src/pyOpenSSL.egg-info/PKG-INFO        2020-12-15 
16:31:35.000000000 +0100
+++ new/pyOpenSSL-21.0.0/src/pyOpenSSL.egg-info/PKG-INFO        2021-09-29 
00:59:59.000000000 +0200
@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: pyOpenSSL
-Version: 20.0.1
+Version: 21.0.0
 Summary: Python wrapper module around the OpenSSL library
 Home-page: https://pyopenssl.org/
 Author: The pyOpenSSL developers
@@ -14,16 +14,15 @@
            :target: https://pyopenssl.org/en/stable/
            :alt: Stable Docs
         
-        .. image:: https://travis-ci.com/pyca/pyopenssl.svg?branch=master
-           :target: https://travis-ci.com/pyca/pyopenssl
-           :alt: Build status
+        .. image:: 
https://github.com/pyca/pyopenssl/workflows/CI/badge.svg?branch=main
+           :target: 
https://github.com/pyca/pyopenssl/actions?query=workflow%3ACI+branch%3Amain
         
-        .. image:: 
https://codecov.io/github/pyca/pyopenssl/branch/master/graph/badge.svg
+        .. image:: 
https://codecov.io/github/pyca/pyopenssl/branch/main/graph/badge.svg
            :target: https://codecov.io/github/pyca/pyopenssl
            :alt: Test coverage
         
         **Note:** The Python Cryptographic Authority **strongly suggests** the 
use of `pyca/cryptography`_
-        where possible. If you are using pyOpenSSL for anything other than 
making a TLS connection 
+        where possible. If you are using pyOpenSSL for anything other than 
making a TLS connection
         **you should move to cryptography and drop your pyOpenSSL dependency**.
         
         High-level wrapper around a subset of the OpenSSL library. Includes
@@ -58,6 +57,28 @@
         Release Information
         ===================
         
+        21.0.0 (2020-09-28)
+        -------------------
+        
+        Backward-incompatible changes:
+        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+        
+        - The minimum ``cryptography`` version is now 3.3.
+        - Drop support for Python 3.5
+        
+        Deprecations:
+        ^^^^^^^^^^^^^
+        
+        Changes:
+        ^^^^^^^^
+        
+        - Raise an error when an invalid ALPN value is set.
+          `#993 <https://github.com/pyca/pyopenssl/pull/993>`_
+        - Added ``OpenSSL.SSL.Context.set_min_proto_version`` and 
``OpenSSL.SSL.Context.set_max_proto_version``
+          to set the minimum and maximum supported TLS version `#985 
<https://github.com/pyca/pyopenssl/pull/985>`_.
+        - Updated ``to_cryptography`` and ``from_cryptography`` methods to 
support an upcoming release of ``cryptography`` without raising deprecation 
warnings.
+          `#1030 <https://github.com/pyca/pyopenssl/pull/1030>`_
+        
         20.0.1 (2020-12-15)
         -------------------
         
@@ -154,7 +175,6 @@
 Classifier: Programming Language :: Python :: 2
 Classifier: Programming Language :: Python :: 2.7
 Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.5
 Classifier: Programming Language :: Python :: 3.6
 Classifier: Programming Language :: Python :: 3.7
 Classifier: Programming Language :: Python :: 3.8
@@ -164,6 +184,6 @@
 Classifier: Topic :: Security :: Cryptography
 Classifier: Topic :: Software Development :: Libraries :: Python Modules
 Classifier: Topic :: System :: Networking
-Requires-Python: >=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*
-Provides-Extra: docs
+Requires-Python: >=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*
 Provides-Extra: test
+Provides-Extra: docs
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/pyOpenSSL-20.0.1/src/pyOpenSSL.egg-info/SOURCES.txt 
new/pyOpenSSL-21.0.0/src/pyOpenSSL.egg-info/SOURCES.txt
--- old/pyOpenSSL-20.0.1/src/pyOpenSSL.egg-info/SOURCES.txt     2020-12-15 
16:31:35.000000000 +0100
+++ new/pyOpenSSL-21.0.0/src/pyOpenSSL.egg-info/SOURCES.txt     2021-09-29 
00:59:59.000000000 +0200
@@ -6,6 +6,7 @@
 LICENSE
 MANIFEST.in
 README.rst
+pyproject.toml
 setup.cfg
 setup.py
 tox.ini
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/pyOpenSSL-20.0.1/src/pyOpenSSL.egg-info/requires.txt 
new/pyOpenSSL-21.0.0/src/pyOpenSSL.egg-info/requires.txt
--- old/pyOpenSSL-20.0.1/src/pyOpenSSL.egg-info/requires.txt    2020-12-15 
16:31:35.000000000 +0100
+++ new/pyOpenSSL-21.0.0/src/pyOpenSSL.egg-info/requires.txt    2021-09-29 
00:59:59.000000000 +0200
@@ -1,4 +1,4 @@
-cryptography>=3.2
+cryptography>=3.3
 six>=1.5.2
 
 [docs]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/pyOpenSSL-20.0.1/tests/test_crypto.py 
new/pyOpenSSL-21.0.0/tests/test_crypto.py
--- old/pyOpenSSL-20.0.1/tests/test_crypto.py   2020-12-15 16:30:54.000000000 
+0100
+++ new/pyOpenSSL-21.0.0/tests/test_crypto.py   2021-09-29 00:58:24.000000000 
+0200
@@ -1468,7 +1468,7 @@
 
     def signable(self):
         """
-        Return something with a `set_pubkey`, `set_pubkey`, and `sign` method.
+        Return something with `set_pubkey` and `sign` methods.
         """
         raise NotImplementedError()
 
@@ -1668,6 +1668,7 @@
         """
         request = X509Req()
         pkey = load_privatekey(FILETYPE_PEM, root_key_pem)
+        request.set_pubkey(pkey)
         request.sign(pkey, GOOD_DIGEST)
         another_pkey = load_privatekey(FILETYPE_PEM, client_key_pem)
         with pytest.raises(Error):
@@ -1680,6 +1681,7 @@
         """
         request = X509Req()
         pkey = load_privatekey(FILETYPE_PEM, root_key_pem)
+        request.set_pubkey(pkey)
         request.sign(pkey, GOOD_DIGEST)
         assert request.verify(pkey)
 
@@ -1713,7 +1715,12 @@
         """
         Create and return a new `X509`.
         """
-        return X509()
+        certificate = X509()
+        # Fill in placeholder validity values. signable only expects to call
+        # set_pubkey and sign.
+        certificate.gmtime_adj_notBefore(-24 * 60 * 60)
+        certificate.gmtime_adj_notAfter(24 * 60 * 60)
+        return certificate
 
     def test_type(self):
         """
@@ -3373,6 +3380,9 @@
         `NetscapeSPKI.b64_encode` encodes the certificate to a base64 blob.
         """
         nspki = NetscapeSPKI()
+        pkey = load_privatekey(FILETYPE_PEM, root_key_pem)
+        nspki.set_pubkey(pkey)
+        nspki.sign(pkey, GOOD_DIGEST)
         blob = nspki.b64_encode()
         assert isinstance(blob, bytes)
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/pyOpenSSL-20.0.1/tests/test_ssl.py 
new/pyOpenSSL-21.0.0/tests/test_ssl.py
--- old/pyOpenSSL-20.0.1/tests/test_ssl.py      2020-12-15 16:30:54.000000000 
+0100
+++ new/pyOpenSSL-21.0.0/tests/test_ssl.py      2021-09-29 00:58:24.000000000 
+0200
@@ -48,7 +48,15 @@
 from OpenSSL.crypto import dump_certificate, load_certificate
 from OpenSSL.crypto import get_elliptic_curves
 
-from OpenSSL.SSL import OPENSSL_VERSION_NUMBER, SSLEAY_VERSION, SSLEAY_CFLAGS
+from OpenSSL.SSL import (
+    OPENSSL_VERSION_NUMBER,
+    SSLEAY_VERSION,
+    SSLEAY_CFLAGS,
+    TLS_METHOD,
+    TLS1_3_VERSION,
+    TLS1_2_VERSION,
+    TLS1_1_VERSION,
+)
 from OpenSSL.SSL import SSLEAY_PLATFORM, SSLEAY_DIR, SSLEAY_BUILT_ON
 from OpenSSL.SSL import SENT_SHUTDOWN, RECEIVED_SHUTDOWN
 from OpenSSL.SSL import (
@@ -129,6 +137,11 @@
 except ImportError:
     SSL_ST_INIT = SSL_ST_BEFORE = SSL_ST_OK = SSL_ST_RENEGOTIATE = None
 
+try:
+    from OpenSSL.SSL import OP_NO_TLSv1_3
+except ImportError:
+    OP_NO_TLSv1_3 = None
+
 from .util import WARNING_TYPE_EXPECTED, NON_ASCII, is_consistent_type
 from .test_crypto import (
     client_cert_pem,
@@ -1039,6 +1052,32 @@
         assert all(isinstance(conn, Connection) for conn, line in called)
         assert all(b"CLIENT_RANDOM" in line for conn, line in called)
 
+    def test_set_proto_version(self):
+        if OP_NO_TLSv1_3 is None:
+            high_version = TLS1_2_VERSION
+            low_version = TLS1_1_VERSION
+        else:
+            high_version = TLS1_3_VERSION
+            low_version = TLS1_2_VERSION
+
+        server_context = Context(TLS_METHOD)
+        server_context.use_certificate(
+            load_certificate(FILETYPE_PEM, root_cert_pem)
+        )
+        server_context.use_privatekey(
+            load_privatekey(FILETYPE_PEM, root_key_pem)
+        )
+        server_context.set_min_proto_version(high_version)
+
+        client_context = Context(TLS_METHOD)
+        client_context.set_max_proto_version(low_version)
+
+        with pytest.raises(Error, match="unsupported protocol"):
+            self._handshake_test(server_context, client_context)
+
+        client_context.set_max_proto_version(0)
+        self._handshake_test(server_context, client_context)
+
     def _load_verify_locations_test(self, *args):
         """
         Create a client context which will verify the peer certificate and call
@@ -1888,6 +1927,15 @@
         assert server.get_alpn_proto_negotiated() == b"spdy/2"
         assert client.get_alpn_proto_negotiated() == b"spdy/2"
 
+    def test_alpn_call_failure(self):
+        """
+        SSL_CTX_set_alpn_protos does not like to be called with an empty
+        protocols list. Ensure that we produce a user-visible error.
+        """
+        context = Context(SSLv23_METHOD)
+        with pytest.raises(Error):
+            context.set_alpn_protos([])
+
     def test_alpn_set_on_connection(self):
         """
         The same as test_alpn_success, but setting the ALPN protocols on
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/pyOpenSSL-20.0.1/tox.ini new/pyOpenSSL-21.0.0/tox.ini
--- old/pyOpenSSL-20.0.1/tox.ini        2020-12-15 16:30:54.000000000 +0100
+++ new/pyOpenSSL-21.0.0/tox.ini        2021-09-29 00:58:24.000000000 +0200
@@ -1,5 +1,5 @@
 [tox]
-envlist = 
{pypy,pypy3,py27,py35,py36,py37,py38,py39}{,-cryptographyMaster,-cryptographyMinimum}{,-randomorder},py37-twistedMaster,pypi-readme,check-manifest,flake8,docs,coverage-report
+envlist = 
{pypy,pypy3,py27,py36,py37,py38,py39}{,-cryptographyMaster,-cryptographyMinimum}{,-randomorder},py37-twistedMaster,pypi-readme,check-manifest,flake8,docs,coverage-report
 
 [testenv]
 whitelist_externals =
@@ -10,7 +10,7 @@
 deps =
     coverage>=4.2
     cryptographyMaster: git+https://github.com/pyca/cryptography.git
-    cryptographyMinimum: cryptography==3.2
+    cryptographyMinimum: cryptography==3.3
     randomorder: pytest-randomly
 setenv =
     # Do not allow the executing environment to pollute the test environment

Reply via email to