osc_pkgs/python36
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
OpenSSL32
python36/bpo4379-skipTLS10-11-OpenSSL3.patch
Matěj Cepl 4812bf97a2
Current state
2024-01-24 13:26:56 +01:00

82 lines
3.3 KiB
Diff
Raw Permalink Blame History

From f40ff1f075f5425711fddfa9e3a2c0748f3218dc Mon Sep 17 00:00:00 2001
From: Christian Heimes <christian@python.org>
Date: Fri, 9 Apr 2021 15:15:01 +0200
Subject: [PATCH] bpo-4379: Skip TLS 1.0/1.1 tests under OpenSSL 3.0.0
Signed-off-by: Christian Heimes <christian@python.org>
---
Lib/test/test_ssl.py | 16 ++++++++++
Misc/NEWS.d/next/Tests/2021-04-09-15-10-38.bpo-43791.4KxiXK.rst | 2 +
2 files changed, 18 insertions(+)
create mode 100644 Misc/NEWS.d/next/Tests/2021-04-09-15-10-38.bpo-43791.4KxiXK.rst
Index: Python-3.6.15/Lib/test/test_ssl.py
===================================================================
--- Python-3.6.15.orig/Lib/test/test_ssl.py
+++ Python-3.6.15/Lib/test/test_ssl.py
@@ -41,6 +41,7 @@ HOST = support.HOST
IS_LIBRESSL = ssl.OPENSSL_VERSION.startswith('LibreSSL')
IS_OPENSSL_1_1 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0)
IS_OPENSSL_1_1_1 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 1)
+IS_OPENSSL_3_0_0 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (3, 0, 0)
def data_file(*name):
@@ -159,6 +160,17 @@ def skip_if_broken_ubuntu_ssl(func):
else:
return func
+# Issue #4379: OpenSSL 3.0.0: TLS 1.0 / 1.1 connections fail with TLSV1_ALERT_INTERNAL_ERROR
+def skip_if_OpenSSL30(func):
+ if IS_OPENSSL_3_0_0:
+ @functools.wraps(func)
+ def f(*args, **kwargs):
+ raise unittest.SkipTest("bpo43791: 3.0.0-alpha14 fails with TLSV1_ALERT_INTERNAL_ERROR")
+ return func(*args, **kwargs)
+ return f
+ else:
+ return func
+
def skip_if_openssl_cnf_minprotocol_gt_tls1(func):
"""Skip a test if the OpenSSL config MinProtocol is > TLSv1.
@@ -191,6 +203,7 @@ def skip_if_openssl_cnf_minprotocol_gt_t
return f
+
needs_sni = unittest.skipUnless(ssl.HAS_SNI, "SNI support needed for this test")
@@ -3544,6 +3557,7 @@ if _have_threads:
self.check_common_name(stats, 'localhost')
self.assertEqual(calls, [])
+ @skip_if_OpenSSL30
@needs_sni
def test_sni_callback_alert(self):
# Returning a TLS alert is reflected to the connecting client
@@ -3559,6 +3573,7 @@ if _have_threads:
sni_name='supermessage')
self.assertEqual(cm.exception.reason, 'TLSV1_ALERT_ACCESS_DENIED')
+ @skip_if_OpenSSL30
@needs_sni
def test_sni_callback_raising(self):
# Raising fails the connection with a TLS handshake failure alert.
@@ -3576,6 +3591,7 @@ if _have_threads:
self.assertEqual(cm.exception.reason, 'SSLV3_ALERT_HANDSHAKE_FAILURE')
self.assertIn("ZeroDivisionError", stderr.getvalue())
+ @skip_if_OpenSSL30
@needs_sni
def test_sni_callback_wrong_return_type(self):
# Returning the wrong return type terminates the TLS connection
Index: Python-3.6.15/Misc/NEWS.d/next/Tests/2021-04-09-15-10-38.bpo-43791.4KxiXK.rst
===================================================================
--- /dev/null
+++ Python-3.6.15/Misc/NEWS.d/next/Tests/2021-04-09-15-10-38.bpo-43791.4KxiXK.rst
@@ -0,0 +1,2 @@
+OpenSSL 3.0.0: Disable testing of legacy protocols TLS 1.0 and 1.1. Tests
+are failing with TLSV1_ALERT_INTERNAL_ERROR.
Reference in New Issue View Git Blame Copy Permalink