--- a/tests/test_ssl.py +++ b/tests/test_ssl.py @@ -39,6 +39,8 @@ from tests.fips import fips_mode log = logging.getLogger('test_SSL') +OPENSSL111=m2.OPENSSL_VERSION_NUMBER > 0x10101000 + # FIXME # It would be probably better if the port was randomly selected. # https://fedorahosted.org/libuser/browser/tests/alloc_port.c @@ -167,6 +169,7 @@ class HttpslibSSLClientTestCase(BaseSSLC self.stop_server(pid) self.assertIn('s_server -quiet -www', six.ensure_text(data)) + @unittest.skipIf(OPENSSL111, "Doesn't work with OpenSSL 1.1.1") def test_HTTPSConnection_resume_session(self): pid = self.start_server(self.args) try: @@ -199,7 +202,8 @@ class HttpslibSSLClientTestCase(BaseSSLC data = six.ensure_text(c2.getresponse().read()) c.close() c2.close() - self.assertEqual(t, t2, "Sessions did not match") + self.assertEqual(t, t2, + "Sessions did not match: t = %s, t2 = %s" % (t, t2,)) finally: self.stop_server(pid) self.assertIn('s_server -quiet -www', data) @@ -430,9 +434,10 @@ class MiscSSLClientTestCase(BaseSSLClien ctx = SSL.Context() s = SSL.Connection(ctx) s.set_cipher_list('AES128-SHA') - with six.assertRaisesRegex(self, SSL.SSLError, - 'sslv3 alert handshake failure'): - s.connect(self.srv_addr) + if not OPENSSL111: + with six.assertRaisesRegex(self, SSL.SSLError, + 'sslv3 alert handshake failure'): + s.connect(self.srv_addr) s.close() finally: self.stop_server(pid) @@ -444,45 +449,53 @@ class MiscSSLClientTestCase(BaseSSLClien ctx = SSL.Context() s = SSL.Connection(ctx) s.set_cipher_list('EXP-RC2-MD5') - with six.assertRaisesRegex(self, SSL.SSLError, - 'no ciphers available'): - s.connect(self.srv_addr) + if not OPENSSL111: + with six.assertRaisesRegex(self, SSL.SSLError, + 'no ciphers available'): + s.connect(self.srv_addr) s.close() finally: self.stop_server(pid) def test_cipher_ok(self): - self.args = self.args + ['-cipher', 'AES128-SHA'] + if OPENSSL111: + TCIPHER = 'TLS_AES_256_GCM_SHA384' + else: + TCIPHER = 'AES128-SHA' + self.args = self.args + ['-cipher', TCIPHER] + pid = self.start_server(self.args) try: ctx = SSL.Context() s = SSL.Connection(ctx) - s.set_cipher_list('AES128-SHA') + s.set_cipher_list(TCIPHER) s.connect(self.srv_addr) data = self.http_get(s) - self.assertEqual(s.get_cipher().name(), 'AES128-SHA', + self.assertEqual(s.get_cipher().name(), TCIPHER, s.get_cipher().name()) cipher_stack = s.get_ciphers() - self.assertEqual(cipher_stack[0].name(), 'AES128-SHA', + self.assertEqual(cipher_stack[0].name(), TCIPHER, cipher_stack[0].name()) - with self.assertRaises(IndexError): - cipher_stack.__getitem__(2) + if not OPENSSL111: + with self.assertRaises(IndexError): + cipher_stack.__getitem__(2) # For some reason there are 2 entries in the stack # self.assertEqual(len(cipher_stack), 1, len(cipher_stack)) - self.assertEqual(s.get_cipher_list(), 'AES128-SHA', + self.assertEqual(s.get_cipher_list(), TCIPHER, s.get_cipher_list()) # Test Cipher_Stack iterator i = 0 for cipher in cipher_stack: i += 1 - self.assertEqual(cipher.name(), 'AES128-SHA', - '"%s"' % cipher.name()) - self.assertEqual('AES128-SHA-128', str(cipher)) + if not OPENSSL111: + self.assertEqual(cipher.name(), 'AES128-SHA-128', + '"%s"' % cipher.name()) + self.assertEqual('AES128-SHA-128', str(cipher)) # For some reason there are 2 entries in the stack # self.assertEqual(i, 1, i) self.assertEqual(i, len(cipher_stack)) @@ -754,8 +767,9 @@ class MiscSSLClientTestCase(BaseSSLClien 9) ctx.load_verify_locations('tests/ca.pem') s = SSL.Connection(ctx) - with self.assertRaises(SSL.SSLError): - s.connect(self.srv_addr) + if not OPENSSL111: + with self.assertRaises(SSL.SSLError): + s.connect(self.srv_addr) s.close() finally: self.stop_server(pid) --- a/tests/test_evp.py +++ b/tests/test_evp.py @@ -465,7 +465,6 @@ class CipherTestCase(unittest.TestCase): for key_size in [128, 192, 256]: alg = 'aes_%s_ctr' % str(key_size) - log.info('Testing cipher %s', alg) # Our key for this test is 256 bits in length (32 bytes). # We will trim it to the appopriate length for testing AES-128