From 984d7bb9d7ed596854e9a4524903dc6a93b0f394 Mon Sep 17 00:00:00 2001
From: Seth Michael Larson <sethmichaellarson@gmail.com>
Date: Sat, 4 May 2024 20:04:54 -0500
Subject: [PATCH 1/2] Use source cffi, add Windows and macOS to CI

---
 .github/workflows/ci.yml | 5 +----
 dev-requirements.txt     | 5 +++--
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index aebfbfd..7bced2f 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -38,10 +38,7 @@ jobs:
       fail-fast: false
       matrix:
         os: [macos-latest, windows-latest, ubuntu-latest]
-        python-version: ["3.10", "3.11", "3.12", "pypy3.10"]
-        include:
-          - os: ubuntu-latest
-            python-version: "3.13"
+        python-version: ["3.10", "3.11", "3.12", "3.13", "pypy3.10"]
 
     runs-on: ${{ matrix.os }}
     name: ${{ fromJson('{"macos-latest":"macOS","windows-latest":"Windows","ubuntu-latest":"Ubuntu"}')[matrix.os] }} Python ${{ matrix.python-version }}
diff --git a/dev-requirements.txt b/dev-requirements.txt
index f8dc8f7..19fb047 100644
--- a/dev-requirements.txt
+++ b/dev-requirements.txt
@@ -7,6 +7,7 @@ urllib3
 requests
 flaky
 httpx
+trustme
 
-# Requires 'cryptography' which doesn't yet support Python 3.13
-trustme; python_version < "3.13"
+# Temporary stop-gap until cffi supports 3.13
+cffi @ https://github.com/python-cffi/cffi/archive/refs/heads/main.zip; python_version > "3.12"

From 4e7819d452cb26a6dc69e10f3abb3b1591eb9a1e Mon Sep 17 00:00:00 2001
From: Seth Michael Larson <sethmichaellarson@gmail.com>
Date: Sat, 4 May 2024 20:26:12 -0500
Subject: [PATCH 2/2] Detect when certificate needs to be turned to bytes

---
 src/truststore/_api.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/truststore/_api.py b/src/truststore/_api.py
index ac79699..7396f86 100644
--- a/src/truststore/_api.py
+++ b/src/truststore/_api.py
@@ -5,6 +5,8 @@
 import sys
 import typing
 
+import _ssl  # type: ignore[import-not-found]
+
 from ._ssl_constants import (
     _original_SSLContext,
     _original_super_SSLContext,
@@ -279,10 +281,12 @@ def verify_mode(self, value: ssl.VerifyMode) -> None:
 
     def _get_unverified_chain_bytes(sslobj: ssl.SSLObject) -> list[bytes]:
         unverified_chain = sslobj.get_unverified_chain() or ()  # type: ignore[attr-defined]
-        return [cert for cert in unverified_chain]
+        return [
+            cert if isinstance(cert, bytes) else cert.public_bytes(_ssl.ENCODING_DER)
+            for cert in unverified_chain
+        ]
 
 else:
-    import _ssl  # type: ignore[import-not-found]
 
     def _get_unverified_chain_bytes(sslobj: ssl.SSLObject) -> list[bytes]:
         unverified_chain = sslobj.get_unverified_chain() or ()  # type: ignore[attr-defined]