Log message:
py-OpenSSL: remove unused patch

Log message:
py-OpenSSL: updated to 24.3.0

24.3.0 (2024-11-27)

Backward-incompatible changes:

- Removed the deprecated ``OpenSSL.crypto.CRL``, ``OpenSSL.crypto.Revoked``, \ 
``OpenSSL.crypto.dump_crl``, and ``OpenSSL.crypto.load_crl``. \ 
``cryptography.x509``'s CRL functionality should be used instead.
- Removed the deprecated ``OpenSSL.crypto.sign`` and ``OpenSSL.crypto.verify``. \ 
``cryptography.hazmat.primitives.asymmetric``'s signature APIs should be used \ 
instead.

Deprecations:

- Deprecated ``OpenSSL.rand`` - callers should use ``os.urandom()`` instead.
- Deprecated ``add_extensions`` and ``get_extensions`` on \ 
``OpenSSL.crypto.X509Req`` and ``OpenSSL.crypto.X509``. These should have been \ 
deprecated at the same time ``X509Extension`` was. Users should use \ 
pyca/cryptography's X.509 APIs instead.
- Deprecated ``OpenSSL.crypto.get_elliptic_curves`` and \ 
``OpenSSL.crypto.get_elliptic_curve``, as well as passing the reult of them to \ 
``OpenSSL.SSL.Context.set_tmp_ecdh``, users should instead pass curves from \ 
``cryptography``.
- Deprecated passing ``X509`` objects to \ 
``OpenSSL.SSL.Context.use_certificate``, \ 
``OpenSSL.SSL.Connection.use_certificate``, \ 
``OpenSSL.SSL.Context.add_extra_chain_cert``, and \ 
``OpenSSL.SSL.Context.add_client_ca``, users should instead pass \ 
``cryptography.x509.Certificate`` instances. This is in preparation for \ 
deprecating pyOpenSSL's ``X509`` entirely.
- Deprecated passing ``PKey`` objects to ``OpenSSL.SSL.Context.use_privatekey`` \ 
and ``OpenSSL.SSL.Connection.use_privatekey``, users should instead pass \ 
``cryptography`` priate key instances. This is in preparation for deprecating \ 
pyOpenSSL's ``PKey`` entirely.

Changes:

* ``cryptography`` maximum version has been increased to 44.0.x.
* ``OpenSSL.SSL.Connection.get_certificate``, \ 
``OpenSSL.SSL.Connection.get_peer_certificate``, \ 
``OpenSSL.SSL.Connection.get_peer_cert_chain``, and \ 
``OpenSSL.SSL.Connection.get_verified_chain`` now take an ``as_cryptography`` \ 
keyword-argument. When ``True`` is passed then ``cryptography.x509.Certificate`` \ 
are returned, instead of ``OpenSSL.crypto.X509``. In the future, passing \ 
``False`` (the default) will be deprecated.

Log message:
py-*: remove unused tool dependency

py-setuptools includes the py-wheel functionality nowadays

Log message:
py-OpenSSL: update to 24.2.1.

24.2.1 (2024-07-20)
-------------------

Changes:
^^^^^^^^

- Fixed changelog to remove sphinx specific restructured text strings.

24.2.0 (2024-07-20)
-------------------

Deprecations:
^^^^^^^^^^^^^

- Deprecated ``OpenSSL.crypto.X509Req``, \ 
``OpenSSL.crypto.load_certificate_request``, \ 
``OpenSSL.crypto.dump_certificate_request``. Instead, \ 
``cryptography.x509.CertificateSigningRequest``, \ 
``cryptography.x509.CertificateSigningRequestBuilder``, \ 
``cryptography.x509.load_der_x509_csr``, or \ 
``cryptography.x509.load_pem_x509_csr`` should be used.

Changes:
^^^^^^^^

- Added type hints for the ``SSL`` module.
  `#1308 <https://github.com/pyca/pyopenssl/pull/1308>`_.
- Changed ``OpenSSL.crypto.PKey.from_cryptography_key`` to accept public and \ 
private EC, ED25519, ED448 keys.
  `#1310 <https://github.com/pyca/pyopenssl/pull/1310>`_.

Log message:
py-OpenSSL: updated to 24.1.0

24.1.0 (2024-03-09)

Backward-incompatible changes:

* Removed the deprecated ``OpenSSL.crypto.PKCS12`` and
  ``OpenSSL.crypto.NetscapeSPKI``. ``OpenSSL.crypto.PKCS12`` may be replaced
  by the PKCS#12 APIs in the ``cryptography`` package.

Log message:
py-OpenSSL: updated to 24.0.0

24.0.0 (2024-01-22)

Changes:
- Added ``OpenSSL.SSL.Connection.get_selected_srtp_profile`` to determine which \ 
SRTP profile was negotiated.

Log message:
py-OpenSSL: updated to 23.3.0

23.3.0 (2023-10-25)
-------------------

Backward-incompatible changes:

- Dropped support for Python 3.6.
- The minimum ``cryptography`` version is now 41.0.5.
- Removed ``OpenSSL.crypto.loads_pkcs7`` and ``OpenSSL.crypto.loads_pkcs12`` \ 
which had been deprecated for 3 years.
- Added ``OpenSSL.SSL.OP_LEGACY_SERVER_CONNECT`` to allow legacy insecure \ 
renegotiation between OpenSSL and unpatched servers.

Deprecations:

- Deprecated ``OpenSSL.crypto.PKCS12`` (which was intended to have been \ 
deprecated at the same time as ``OpenSSL.crypto.load_pkcs12``).
- Deprecated ``OpenSSL.crypto.NetscapeSPKI``.
- Deprecated ``OpenSSL.crypto.CRL``
- Deprecated ``OpenSSL.crypto.Revoked``
- Deprecated ``OpenSSL.crypto.load_crl`` and ``OpenSSL.crypto.dump_crl``
- Deprecated ``OpenSSL.crypto.sign`` and ``OpenSSL.crypto.verify``
- Deprecated ``OpenSSL.crypto.X509Extension``

Changes:

- Changed ``OpenSSL.crypto.X509Store.add_crl`` to also accept
  ``cryptography``'s ``x509.CertificateRevocationList`` arguments in addition
  to the now deprecated ``OpenSSL.crypto.CRL`` arguments.
- Fixed ``test_set_default_verify_paths`` test so that it is skipped if no
  network connection is available.

Log message:
*: bump for openssl 3

Log message:
Mass-change BUILD_DEPENDS to TOOL_DEPENDS outside mk/.

Almost all uses, if not all of them, are wrong, according to the
semantics of BUILD_DEPENDS (packages built for target available for
use _by_ tools at build-time) and TOOL_DEPEPNDS (packages built for
host available for use _as_ tools at build-time).

No change to BUILD_DEPENDS as used correctly inside buildlink3.

As proposed on tech-pkg:
https://mail-index.netbsd.org/tech-pkg/2023/06/03/msg027632.html

Log message:
py-OpenSSL: updated to 23.2.0

23.2.0 (2023-05-30)

Backward-incompatible changes:
- Removed ``X509StoreFlags.NOTIFY_POLICY``.

Changes:
- ``cryptography`` maximum version has been increased to 41.0.x.
- Invalid versions are now rejected in ``OpenSSL.crypto.X509Req.set_version``.
- Added ``X509VerificationCodes`` to ``OpenSSL.SSL``.