3 files changed, 13 insertions, 50 deletions

diff --git a/gnu/local.mk b/gnu/local.mk
index 22df8dfdda..3b68a4d48c 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -952,7 +952,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/python-paste-remove-timing-test.patch	\
   %D%/packages/patches/python-pillow-freetype-2.7-test-failure.patch	\
   %D%/packages/patches/python-pygit2-disable-network-tests.patch	\
-  %D%/packages/patches/python-pyopenssl-skip-network-test.patch	\
   %D%/packages/patches/python-pycrypto-CVE-2013-7459.patch	\
   %D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \
   %D%/packages/patches/python-pygpgme-fix-pinentry-tests.patch	\
diff --git a/gnu/packages/patches/python-pyopenssl-skip-network-test.patch b/gnu/packages/patches/python-pyopenssl-skip-network-test.patch
deleted file mode 100644
index 1ac7324c8b..0000000000
--- a/gnu/packages/patches/python-pyopenssl-skip-network-test.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-This test tries connecting to an external server which is not supported
-in the build environment. See discussion at:
-
-https://lists.gnu.org/archive/html/guix-devel/2016-12/msg00650.html
-
-diff --git a/tests/test_ssl.py b/tests/test_ssl.py
-index ee849fd..60048b8 100644
---- a/tests/test_ssl.py
-+++ b/tests/test_ssl.py
-@@ -1113,33 +1113,6 @@ class TestContext(object):
-         reason="set_default_verify_paths appears not to work on Windows.  "
-         "See LP#404343 and LP#404344."
-     )
--    def test_set_default_verify_paths(self):
--        """
--        `Context.set_default_verify_paths` causes the platform-specific CA
--        certificate locations to be used for verification purposes.
--        """
--        # Testing this requires a server with a certificate signed by one
--        # of the CAs in the platform CA location.  Getting one of those
--        # costs money.  Fortunately (or unfortunately, depending on your
--        # perspective), it's easy to think of a public server on the
--        # internet which has such a certificate.  Connecting to the network
--        # in a unit test is bad, but it's the only way I can think of to
--        # really test this. -exarkun
--
--        # Arg, verisign.com doesn't speak anything newer than TLS 1.0
--        context = Context(SSLv23_METHOD)
--        context.set_default_verify_paths()
--        context.set_verify(
--            VERIFY_PEER,
--            lambda conn, cert, errno, depth, preverify_ok: preverify_ok)
--
--        client = socket()
--        client.connect(("encrypted.google.com", 443))
--        clientSSL = Connection(context, client)
--        clientSSL.set_connect_state()
--        clientSSL.do_handshake()
--        clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")
--        assert clientSSL.recv(1024)
- 
-     def test_add_extra_chain_cert_invalid_cert(self):
-         """
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 5ddb82ed47..f34f2d39f6 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -7459,16 +7459,14 @@ message digests and key derivation functions.")
 (define-public python-pyopenssl
   (package
     (name "python-pyopenssl")
-    (version "17.0.0")
+    (version "17.1.0")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "pyOpenSSL" version))
        (sha256
         (base32
-         "1pdg1gpmkzj8yasg6cmkhcivxcdp4c12nif88y4qvsxq5ffzxas8"))
-       (patches
-        (search-patches "python-pyopenssl-skip-network-test.patch"))))
+         "0qwmqhfsq84ydir9dz273ypmlcvs7v71m1jns0sd4k0h6lfsa82s"))))
     (build-system python-build-system)
     (arguments
      '(#:phases
@@ -7477,14 +7475,23 @@ message digests and key derivation functions.")
          (add-after 'install 'check
            (lambda* (#:key inputs outputs #:allow-other-keys)
              (add-installed-pythonpath inputs outputs)
-             (zero? (system* "py.test" "-v")))))))
+             (zero? (system* "py.test" "-v" "-k"
+                             (string-append
+                              ;; This test tries to look up certificates from
+                              ;; the compiled-in default path in OpenSSL, which
+                              ;; does not exist in the build environment.
+                              "not test_fallback_default_verify_paths "
+                              ;; This test attempts to make a connection to
+                              ;; an external web service.
+                              "and not test_set_default_verify_paths"))))))))
     (propagated-inputs
      `(("python-cryptography" ,python-cryptography)
        ("python-six" ,python-six)))
     (inputs
      `(("openssl" ,openssl)))
     (native-inputs
-     `(("python-pytest" ,python-pytest-3.0)))
+     `(("python-pretend" ,python-pretend)
+       ("python-pytest" ,python-pytest-3.0)))
     (home-page "https://github.com/pyca/pyopenssl")
     (synopsis "Python wrapper module around the OpenSSL library")
     (description