undo other changes

blink1073 · blink1073 · commit 6365e70b7242 · 2025-09-19T06:54:54.000-05:00
diff --git a/pymongo/ocsp_support.py b/pymongo/ocsp_support.py
@@ -347,8 +347,13 @@ def _ocsp_callback(conn: Connection, ocsp_bytes: bytes, user_data: Optional[_Cal
         _LOGGER.debug("No peer cert?")
         return False
     cert = pycert.to_cryptography()
-    pychain = conn.get_verified_chain()
-    trusted_ca_certs = None
+    # Use the verified chain when available (pyopenssl>=20.0).
+    if hasattr(conn, "get_verified_chain"):
+        pychain = conn.get_verified_chain()
+        trusted_ca_certs = None
+    else:
+        pychain = conn.get_peer_cert_chain()
+        trusted_ca_certs = user_data.trusted_ca_certs
     if not pychain:
         _LOGGER.debug("No peer cert chain?")
         return False
diff --git a/pymongo/pyopenssl_context.py b/pymongo/pyopenssl_context.py
@@ -35,7 +35,7 @@
 from pymongo.errors import ConfigurationError as _ConfigurationError
 from pymongo.errors import _CertificateError  # type:ignore[attr-defined]
 from pymongo.ocsp_cache import _OCSPCache
-from pymongo.ocsp_support import _ocsp_callback
+from pymongo.ocsp_support import _load_trusted_ca_certs, _ocsp_callback
 from pymongo.socket_checker import SocketChecker as _SocketChecker
 from pymongo.socket_checker import _errno_from_exception
 from pymongo.write_concern import validate_boolean
@@ -322,6 +322,10 @@ def load_verify_locations(
         ssl.CERT_NONE.
         """
         self._ctx.load_verify_locations(cafile, capath)
+        # Manually load the CA certs when get_verified_chain is not available (pyopenssl<20).
+        if not hasattr(_SSL.Connection, "get_verified_chain"):
+            assert cafile is not None
+            self._callback_data.trusted_ca_certs = _load_trusted_ca_certs(cafile)
 
     def _load_certifi(self) -> None:
         """Attempt to load CA certs from certifi."""
diff --git a/test/asynchronous/test_dns.py b/test/asynchronous/test_dns.py
@@ -30,11 +30,8 @@
     unittest,
 )
 from test.utils_shared import async_wait_until
-from test.version import Version
 from unittest.mock import MagicMock, patch
 
-import pytest
-
 from pymongo.asynchronous.uri_parser import parse_uri
 from pymongo.common import validate_read_preference_tags
 from pymongo.errors import ConfigurationError
diff --git a/test/test_dns.py b/test/test_dns.py
@@ -30,11 +30,8 @@
     unittest,
 )
 from test.utils_shared import wait_until
-from test.version import Version
 from unittest.mock import MagicMock, patch
 
-import pytest
-
 from pymongo.common import validate_read_preference_tags
 from pymongo.errors import ConfigurationError
 from pymongo.synchronous.uri_parser import parse_uri
