From 0f5349e2e02716611a2fe4beb0605f74fcf63fe3 Mon Sep 17 00:00:00 2001
From: Noah Stapp <noah.stapp@mongodb.com>
Date: Tue, 23 Jul 2024 13:41:51 -0700
Subject: [PATCH] PYTHON-4572 - Fix type errors caused by new PyOpenSSL type
 hints (#1743)

---
 pymongo/pyopenssl_context.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pymongo/pyopenssl_context.py b/pymongo/pyopenssl_context.py
index 4afb3e17b..c1b85af12 100644
--- a/pymongo/pyopenssl_context.py
+++ b/pymongo/pyopenssl_context.py
@@ -292,7 +292,7 @@ class SSLContext:
         # Password callback MUST be set first or it will be ignored.
         if password:
 
-            def _pwcb(_max_length: int, _prompt_twice: bool, _user_data: bytes) -> bytes:
+            def _pwcb(_max_length: int, _prompt_twice: bool, _user_data: Optional[bytes]) -> bytes:
                 # XXX:We could check the password length against what OpenSSL
                 # tells us is the max, but we can't raise an exception, so...
                 # warn?
@@ -332,6 +332,7 @@ class SSLContext:
     def _load_wincerts(self, store: str) -> None:
         """Attempt to load CA certs from Windows trust store."""
         cert_store = self._ctx.get_cert_store()
+        assert cert_store is not None
         oid = _stdlibssl.Purpose.SERVER_AUTH.oid
 
         for cert, encoding, trust in _stdlibssl.enum_certificates(store):  # type: ignore