82 lines
3.3 KiB
Diff
82 lines
3.3 KiB
Diff
From f40ff1f075f5425711fddfa9e3a2c0748f3218dc Mon Sep 17 00:00:00 2001
|
|
From: Christian Heimes <christian@python.org>
|
|
Date: Fri, 9 Apr 2021 15:15:01 +0200
|
|
Subject: [PATCH] bpo-4379: Skip TLS 1.0/1.1 tests under OpenSSL 3.0.0
|
|
|
|
Signed-off-by: Christian Heimes <christian@python.org>
|
|
---
|
|
Lib/test/test_ssl.py | 16 ++++++++++
|
|
Misc/NEWS.d/next/Tests/2021-04-09-15-10-38.bpo-43791.4KxiXK.rst | 2 +
|
|
2 files changed, 18 insertions(+)
|
|
create mode 100644 Misc/NEWS.d/next/Tests/2021-04-09-15-10-38.bpo-43791.4KxiXK.rst
|
|
|
|
Index: Python-3.6.15/Lib/test/test_ssl.py
|
|
===================================================================
|
|
--- Python-3.6.15.orig/Lib/test/test_ssl.py
|
|
+++ Python-3.6.15/Lib/test/test_ssl.py
|
|
@@ -41,6 +41,7 @@ HOST = support.HOST
|
|
IS_LIBRESSL = ssl.OPENSSL_VERSION.startswith('LibreSSL')
|
|
IS_OPENSSL_1_1 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0)
|
|
IS_OPENSSL_1_1_1 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 1)
|
|
+IS_OPENSSL_3_0_0 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (3, 0, 0)
|
|
|
|
|
|
def data_file(*name):
|
|
@@ -159,6 +160,17 @@ def skip_if_broken_ubuntu_ssl(func):
|
|
else:
|
|
return func
|
|
|
|
+# Issue #4379: OpenSSL 3.0.0: TLS 1.0 / 1.1 connections fail with TLSV1_ALERT_INTERNAL_ERROR
|
|
+def skip_if_OpenSSL30(func):
|
|
+ if IS_OPENSSL_3_0_0:
|
|
+ @functools.wraps(func)
|
|
+ def f(*args, **kwargs):
|
|
+ raise unittest.SkipTest("bpo43791: 3.0.0-alpha14 fails with TLSV1_ALERT_INTERNAL_ERROR")
|
|
+ return func(*args, **kwargs)
|
|
+ return f
|
|
+ else:
|
|
+ return func
|
|
+
|
|
def skip_if_openssl_cnf_minprotocol_gt_tls1(func):
|
|
"""Skip a test if the OpenSSL config MinProtocol is > TLSv1.
|
|
|
|
@@ -191,6 +203,7 @@ def skip_if_openssl_cnf_minprotocol_gt_t
|
|
return f
|
|
|
|
|
|
+
|
|
needs_sni = unittest.skipUnless(ssl.HAS_SNI, "SNI support needed for this test")
|
|
|
|
|
|
@@ -3544,6 +3557,7 @@ if _have_threads:
|
|
self.check_common_name(stats, 'localhost')
|
|
self.assertEqual(calls, [])
|
|
|
|
+ @skip_if_OpenSSL30
|
|
@needs_sni
|
|
def test_sni_callback_alert(self):
|
|
# Returning a TLS alert is reflected to the connecting client
|
|
@@ -3559,6 +3573,7 @@ if _have_threads:
|
|
sni_name='supermessage')
|
|
self.assertEqual(cm.exception.reason, 'TLSV1_ALERT_ACCESS_DENIED')
|
|
|
|
+ @skip_if_OpenSSL30
|
|
@needs_sni
|
|
def test_sni_callback_raising(self):
|
|
# Raising fails the connection with a TLS handshake failure alert.
|
|
@@ -3576,6 +3591,7 @@ if _have_threads:
|
|
self.assertEqual(cm.exception.reason, 'SSLV3_ALERT_HANDSHAKE_FAILURE')
|
|
self.assertIn("ZeroDivisionError", stderr.getvalue())
|
|
|
|
+ @skip_if_OpenSSL30
|
|
@needs_sni
|
|
def test_sni_callback_wrong_return_type(self):
|
|
# Returning the wrong return type terminates the TLS connection
|
|
Index: Python-3.6.15/Misc/NEWS.d/next/Tests/2021-04-09-15-10-38.bpo-43791.4KxiXK.rst
|
|
===================================================================
|
|
--- /dev/null
|
|
+++ Python-3.6.15/Misc/NEWS.d/next/Tests/2021-04-09-15-10-38.bpo-43791.4KxiXK.rst
|
|
@@ -0,0 +1,2 @@
|
|
+OpenSSL 3.0.0: Disable testing of legacy protocols TLS 1.0 and 1.1. Tests
|
|
+are failing with TLSV1_ALERT_INTERNAL_ERROR.
|