Vendor truststore 0.8.0

Author: sethmlarson

news/truststore.vendor.rst

@@ -1 +1 @@
-Add truststore 0.7.0
+Add truststore 0.8.0

src/pip/_vendor/truststore/__init__.py

@@ -10,4 +10,4 @@
 del _api, _sys  # type: ignore[name-defined] # noqa: F821
 
 __all__ = ["SSLContext", "inject_into_ssl", "extract_from_ssl"]
-__version__ = "0.7.0"
+__version__ = "0.8.0"

src/pip/_vendor/truststore/_api.py

@@ -1,16 +1,17 @@
-import array
-import ctypes
-import mmap
 import os
-import pickle
 import platform
 import socket
 import ssl
 import typing
 
 import _ssl  # type: ignore[import]
 
-from ._ssl_constants import _original_SSLContext, _original_super_SSLContext
+from ._ssl_constants import (
+    _original_SSLContext,
+    _original_super_SSLContext,
+    _truststore_SSLContext_dunder_class,
+    _truststore_SSLContext_super_class,
+)
 
 if platform.system() == "Windows":
     from ._windows import _configure_context, _verify_peercerts_impl
@@ -19,21 +20,13 @@
 else:
     from ._openssl import _configure_context, _verify_peercerts_impl
 
+if typing.TYPE_CHECKING:
+    from pip._vendor.typing_extensions import Buffer
+
 # From typeshed/stdlib/ssl.pyi
 _StrOrBytesPath: typing.TypeAlias = str | bytes | os.PathLike[str] | os.PathLike[bytes]
 _PasswordType: typing.TypeAlias = str | bytes | typing.Callable[[], str | bytes]
 
-# From typeshed/stdlib/_typeshed/__init__.py
-_ReadableBuffer: typing.TypeAlias = typing.Union[
-    bytes,
-    memoryview,
-    bytearray,
-    "array.array[typing.Any]",
-    mmap.mmap,
-    "ctypes._CData",
-    pickle.PickleBuffer,
-]
-
 
 def inject_into_ssl() -> None:
     """Injects the :class:`truststore.SSLContext` into the ``ssl``
@@ -61,9 +54,16 @@ def extract_from_ssl() -> None:
         pass
 
 
-class SSLContext(ssl.SSLContext):
+class SSLContext(_truststore_SSLContext_super_class):  # type: ignore[misc]
     """SSLContext API that uses system certificates on all platforms"""
 
+    @property  # type: ignore[misc]
+    def __class__(self) -> type:
+        # Dirty hack to get around isinstance() checks
+        # for ssl.SSLContext instances in aiohttp/trustme
+        # when using non-CPython implementations.
+        return _truststore_SSLContext_dunder_class or SSLContext
+
     def __init__(self, protocol: int = None) -> None:  # type: ignore[assignment]
         self._ctx = _original_SSLContext(protocol)
 
@@ -129,7 +129,7 @@ def load_verify_locations(
         self,
         cafile: str | bytes | os.PathLike[str] | os.PathLike[bytes] | None = None,
         capath: str | bytes | os.PathLike[str] | os.PathLike[bytes] | None = None,
-        cadata: str | _ReadableBuffer | None = None,
+        cadata: typing.Union[str, "Buffer", None] = None,
     ) -> None:
         return self._ctx.load_verify_locations(
             cafile=cafile, capath=capath, cadata=cadata
@@ -252,7 +252,7 @@ def protocol(self) -> ssl._SSLMethod:
         return self._ctx.protocol
 
     @property
-    def security_level(self) -> int:  # type: ignore[override]
+    def security_level(self) -> int:
         return self._ctx.security_level
 
     @property

src/pip/_vendor/truststore/_ssl_constants.py

@@ -1,10 +1,29 @@
 import ssl
+import sys
+import typing
 
 # Hold on to the original class so we can create it consistently
 # even if we inject our own SSLContext into the ssl module.
 _original_SSLContext = ssl.SSLContext
 _original_super_SSLContext = super(_original_SSLContext, _original_SSLContext)
 
+# CPython is known to be good, but non-CPython implementations
+# may implement SSLContext differently so to be safe we don't
+# subclass the SSLContext.
+
+# This is returned by truststore.SSLContext.__class__()
+_truststore_SSLContext_dunder_class: typing.Optional[type]
+
+# This value is the superclass of truststore.SSLContext.
+_truststore_SSLContext_super_class: type
+
+if sys.implementation.name == "cpython":
+    _truststore_SSLContext_super_class = _original_SSLContext
+    _truststore_SSLContext_dunder_class = None
+else:
+    _truststore_SSLContext_super_class = object
+    _truststore_SSLContext_dunder_class = _original_SSLContext
+
 
 def _set_ssl_context_verify_mode(
     ssl_context: ssl.SSLContext, verify_mode: ssl.VerifyMode

src/pip/_vendor/vendor.txt

@@ -20,5 +20,5 @@ setuptools==68.0.0
 six==1.16.0
 tenacity==8.2.2
 tomli==2.0.1
-truststore==0.7.0
+truststore==0.8.0
 webencodings==0.5.1