[v4.13] PYTHON-5414 Fix "module service_identity has no attribute SICertificateError" when using pyopenssl (#2386)

Co-authored-by: Maarten Sijm <[email protected]>

Author: ShaneHarvey

doc/changelog.rst

@@ -8,6 +8,7 @@ Version 4.13.2 is a bug fix release.
 
 - Fixed a bug where ``AsyncMongoClient`` would block the event loop while creating new connections,
   potentially significantly increasing latency for ongoing operations.
+- Fixed a bug that resulted in confusing error messages after hostname verification errors when using PyOpenSSL.
 
 Issues Resolved
 ...............

pymongo/pyopenssl_context.py

@@ -420,9 +420,9 @@ def wrap_socket(
                         pyopenssl.verify_ip_address(ssl_conn, server_hostname)
                     else:
                         pyopenssl.verify_hostname(ssl_conn, server_hostname)
-                except (  # type:ignore[misc]
-                    service_identity.SICertificateError,
-                    service_identity.SIVerificationError,
+                except (
+                    service_identity.CertificateError,
+                    service_identity.VerificationError,
                 ) as exc:
                     raise _CertificateError(str(exc)) from None
         return ssl_conn

test/asynchronous/test_ssl.py

@@ -323,7 +323,7 @@ async def test_cert_ssl_validation_hostname_matching(self):
 
         response = await self.client.admin.command(HelloCompat.LEGACY_CMD)
 
-        with self.assertRaises(ConnectionFailure):
+        with self.assertRaises(ConnectionFailure) as cm:
             await connected(
                 self.simple_client(
                     "server",
@@ -335,6 +335,8 @@ async def test_cert_ssl_validation_hostname_matching(self):
                     **self.credentials,  # type: ignore[arg-type]
                 )
             )
+        # PYTHON-5414 Check for "module service_identity has no attribute SICertificateError"
+        self.assertNotIn("has no attribute", str(cm.exception))
 
         await connected(
             self.simple_client(

test/test_ssl.py

@@ -323,7 +323,7 @@ def test_cert_ssl_validation_hostname_matching(self):
 
         response = self.client.admin.command(HelloCompat.LEGACY_CMD)
 
-        with self.assertRaises(ConnectionFailure):
+        with self.assertRaises(ConnectionFailure) as cm:
             connected(
                 self.simple_client(
                     "server",
@@ -335,6 +335,8 @@ def test_cert_ssl_validation_hostname_matching(self):
                     **self.credentials,  # type: ignore[arg-type]
                 )
             )
+        # PYTHON-5414 Check for "module service_identity has no attribute SICertificateError"
+        self.assertNotIn("has no attribute", str(cm.exception))
 
         connected(
             self.simple_client(