From 0c25b3ba1ad752b7866d3e50b3022530f9bfd8a0 Mon Sep 17 00:00:00 2001
From: Maarten Sijm <9739541+mpsijm@users.noreply.github.com>
Date: Fri, 13 Jun 2025 01:45:18 +0200
Subject: [PATCH 1/4] PYTHON-5414 Fix "module service_identity has no attribute
 SICertificateError" when using pyopenssl (#2382)

(cherry picked from commit c2aefc2edab2c34d10e34d69793431b0d6800d24)
---
 pymongo/pyopenssl_context.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pymongo/pyopenssl_context.py b/pymongo/pyopenssl_context.py
index 0d4f27cf55..08fe99c889 100644
--- a/pymongo/pyopenssl_context.py
+++ b/pymongo/pyopenssl_context.py
@@ -420,9 +420,9 @@ def wrap_socket(
                         pyopenssl.verify_ip_address(ssl_conn, server_hostname)
                     else:
                         pyopenssl.verify_hostname(ssl_conn, server_hostname)
-                except (  # type:ignore[misc]
-                    service_identity.SICertificateError,
-                    service_identity.SIVerificationError,
+                except (
+                    service_identity.CertificateError,
+                    service_identity.VerificationError,
                 ) as exc:
                     raise _CertificateError(str(exc)) from None
         return ssl_conn

From cbe31e76cd0beb3e86bdf010295b3d796419ba66 Mon Sep 17 00:00:00 2001
From: Shane Harvey <shnhrv@gmail.com>
Date: Fri, 13 Jun 2025 11:45:47 -0700
Subject: [PATCH 2/4] PYTHON-5414 Add test for hostname verification error
 message regression (#2385)

(cherry picked from commit c16ef0a13e97dd04d1f4234f21ecda0627aaee8c)
---
 test/asynchronous/test_ssl.py | 4 +++-
 test/test_ssl.py              | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/test/asynchronous/test_ssl.py b/test/asynchronous/test_ssl.py
index 023ee91680..a05bc9379d 100644
--- a/test/asynchronous/test_ssl.py
+++ b/test/asynchronous/test_ssl.py
@@ -323,7 +323,7 @@ async def test_cert_ssl_validation_hostname_matching(self):
 
         response = await self.client.admin.command(HelloCompat.LEGACY_CMD)
 
-        with self.assertRaises(ConnectionFailure):
+        with self.assertRaises(ConnectionFailure) as cm:
             await connected(
                 self.simple_client(
                     "server",
@@ -335,6 +335,8 @@ async def test_cert_ssl_validation_hostname_matching(self):
                     **self.credentials,  # type: ignore[arg-type]
                 )
             )
+        # PYTHON-5414 Check for "module service_identity has no attribute SICertificateError"
+        self.assertNotIn("has no attribute", str(cm.exception))
 
         await connected(
             self.simple_client(
diff --git a/test/test_ssl.py b/test/test_ssl.py
index 93a4b4e6ec..3ac0a4555a 100644
--- a/test/test_ssl.py
+++ b/test/test_ssl.py
@@ -323,7 +323,7 @@ def test_cert_ssl_validation_hostname_matching(self):
 
         response = self.client.admin.command(HelloCompat.LEGACY_CMD)
 
-        with self.assertRaises(ConnectionFailure):
+        with self.assertRaises(ConnectionFailure) as cm:
             connected(
                 self.simple_client(
                     "server",
@@ -335,6 +335,8 @@ def test_cert_ssl_validation_hostname_matching(self):
                     **self.credentials,  # type: ignore[arg-type]
                 )
             )
+        # PYTHON-5414 Check for "module service_identity has no attribute SICertificateError"
+        self.assertNotIn("has no attribute", str(cm.exception))
 
         connected(
             self.simple_client(

From 8006135920758fecd4d74fa50c6a809e119a7dce Mon Sep 17 00:00:00 2001
From: Shane Harvey <shnhrv@gmail.com>
Date: Fri, 13 Jun 2025 11:52:42 -0700
Subject: [PATCH 3/4] PYTHON-5414 Add changelog

---
 doc/changelog.rst | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/doc/changelog.rst b/doc/changelog.rst
index 56ec8d5ccd..ea7d06831a 100644
--- a/doc/changelog.rst
+++ b/doc/changelog.rst
@@ -1,6 +1,21 @@
 Changelog
 =========
 
+Changes in Version 4.13.2 (2025/06/17)
+--------------------------------------
+
+Version 4.13.1 is a bug fix release.
+
+- Fixed a bug that resulted in confusing error messages after hostname verification errors when using PyOpenSSL.
+
+Issues Resolved
+...............
+
+See the `PyMongo 4.13.2 release notes in JIRA`_ for the list of resolved issues
+in this release.
+
+.. _PyMongo 4.13.2 release notes in JIRA: https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004&version=43937
+
 Changes in Version 4.13.1 (2025/06/10)
 --------------------------------------
 

From e7114f4e7bf915c5a066f68f0170daf6af1334f8 Mon Sep 17 00:00:00 2001
From: Shane Harvey <shnhrv@gmail.com>
Date: Fri, 13 Jun 2025 12:14:21 -0700
Subject: [PATCH 4/4] PYTHON-5414 Fix version

---
 doc/changelog.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/changelog.rst b/doc/changelog.rst
index ea7d06831a..f44fa144d4 100644
--- a/doc/changelog.rst
+++ b/doc/changelog.rst
@@ -4,7 +4,7 @@ Changelog
 Changes in Version 4.13.2 (2025/06/17)
 --------------------------------------
 
-Version 4.13.1 is a bug fix release.
+Version 4.13.2 is a bug fix release.
 
 - Fixed a bug that resulted in confusing error messages after hostname verification errors when using PyOpenSSL.