From 18bada005355d354210278b8198df4ed33230290 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20V=C4=8Del=C3=A1k?= <jan.vcelak@ibm.com>
Date: Thu, 14 May 2026 10:12:38 +0200
Subject: [PATCH 1/3] Fix skipping TLS validation with Twisted 26

---
 ns1/rest/transport/twisted.py | 14 +-------------
 1 file changed, 1 insertion(+), 13 deletions(-)

diff --git a/ns1/rest/transport/twisted.py b/ns1/rest/transport/twisted.py
index 2ff8d92..316e9d9 100644
--- a/ns1/rest/transport/twisted.py
+++ b/ns1/rest/transport/twisted.py
@@ -34,7 +34,6 @@
     from twisted.web.http_headers import Headers
     from twisted.internet.defer import succeed
     from twisted.internet.ssl import CertificateOptions
-    from twisted.internet._sslverify import ClientTLSOptions
     from twisted.web.iweb import IPolicyForHTTPS
     from zope.interface import implementer
 
@@ -83,21 +82,10 @@ def stopProducing(self):
 
 
 if have_twisted:
-
-    class IgnoreHostnameClientTLSOptions(ClientTLSOptions):
-        def _identityVerifyingInfoCallback(self, connection, where, ret):
-            # override hostname validation
-
-            return
-
     @implementer(IPolicyForHTTPS)
     class NoValidationPolicy(object):
         def creatorForNetloc(self, hostname, port):
-            options = CertificateOptions(trustRoot=None)
-            ascii_hostname = hostname.decode("ascii")
-            context = options.getContext()
-
-            return IgnoreHostnameClientTLSOptions(ascii_hostname, context)
+            return CertificateOptions(verify=False)
 
 
 class TwistedTransport(TransportBase):

From 76a18ec452f99635da7cbe20ca923f5fa0dccba4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20V=C4=8Del=C3=A1k?= <jan.vcelak@ibm.com>
Date: Thu, 14 May 2026 10:15:21 +0200
Subject: [PATCH 2/3] cut new minor release

---
 CHANGELOG.md    | 5 +++++
 ns1/__init__.py | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c6438cc..aee5b6c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,8 @@
+## 0.27.4 (May 14th, 2026)
+
+BUG FIXES:
+* Fix compatibility with Twisted 26 and TLS certificate validation.
+
 ## 0.27.3 (February 17th, 2026)
 
 ENHANCEMENTS:
diff --git a/ns1/__init__.py b/ns1/__init__.py
index aa56d58..21703d5 100644
--- a/ns1/__init__.py
+++ b/ns1/__init__.py
@@ -5,7 +5,7 @@
 #
 from .config import Config
 
-version = "0.27.3"
+version = "0.27.4"
 
 
 class NS1:

From d3239b34f4d7ca24bfc57ad5a1eb5ddad66d2cf0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20V=C4=8Del=C3=A1k?= <jan.vcelak@ibm.com>
Date: Thu, 14 May 2026 11:03:54 +0200
Subject: [PATCH 3/3] review: use trustRoot=None instead of verify=False

---
 ns1/rest/transport/twisted.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ns1/rest/transport/twisted.py b/ns1/rest/transport/twisted.py
index 316e9d9..02ada9b 100644
--- a/ns1/rest/transport/twisted.py
+++ b/ns1/rest/transport/twisted.py
@@ -85,7 +85,7 @@ def stopProducing(self):
     @implementer(IPolicyForHTTPS)
     class NoValidationPolicy(object):
         def creatorForNetloc(self, hostname, port):
-            return CertificateOptions(verify=False)
+            return CertificateOptions(trustRoot=None)
 
 
 class TwistedTransport(TransportBase):