forked from pool/python-truststore
Markéta Machová
bc9b10c8bc
* Added support for macOS 10.13 and earlier using the `SecTrustEvaluate`
API. Note that this API doesn't return fine-grained errors like
`SecTrustEvaluateWithError` (requires macOS 10.14+).
* Added `SSLContext.set_default_verify_paths()` method.
* Changed method for disabling hostname verification for macOS and
Windows. Previously would ignore hostname verification errors if
`SSLContext.check_hostname` was `False`.
Now for both macOS and Windows the certificate verification policy
is configured to not check certificate hostname. This should have
no effect on users.
- from version 0.9.2
* Fixed an issue where implementations supporting Python 3.10 but not
the peer certificate chain APIs would fail during the handshake instead
of when importing the `truststore` module. The module now raises an error
immediately instead of on first handshake. This was added for the GraalPy
implementation specifically, but there may be others.
- Skip test_wrong_host_succeeds_with_hostname_verification_disabled test
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-truststore?expand=0&rev=11
114 lines
3.5 KiB
Diff
114 lines
3.5 KiB
Diff
---
|
|
pyproject.toml | 3 +++
|
|
test_truststore.py | 7 +++----
|
|
2 files changed, 6 insertions(+), 4 deletions(-)
|
|
|
|
Index: truststore-0.8.0/pyproject.toml
|
|
===================================================================
|
|
--- truststore-0.8.0.orig/pyproject.toml
|
|
+++ truststore-0.8.0/pyproject.toml
|
|
@@ -26,6 +26,9 @@ classifiers = [
|
|
]
|
|
dynamic = ["version", "description"]
|
|
requires-python = ">= 3.10"
|
|
+markers = [
|
|
+ "network: test case requires network connection",
|
|
+]
|
|
|
|
[project.urls]
|
|
Source = "https://github.com/sethmlarson/truststore"
|
|
@@ -38,3 +41,6 @@ filterwarnings = [
|
|
# See: aio-libs/aiohttp#7545
|
|
"ignore:.*datetime.utcfromtimestamp().*:DeprecationWarning",
|
|
]
|
|
+markers = [
|
|
+ "network: test case requires network connection",
|
|
+]
|
|
Index: truststore-0.8.0/tests/conftest.py
|
|
===================================================================
|
|
--- truststore-0.8.0.orig/tests/conftest.py
|
|
+++ truststore-0.8.0/tests/conftest.py
|
|
@@ -18,7 +18,7 @@ SUBPROCESS_TIMEOUT = 5
|
|
original_SSLContext = ssl.SSLContext
|
|
|
|
|
|
-successful_hosts = pytest.mark.parametrize("host", ["example.com", "1.1.1.1"])
|
|
+successful_hosts = pytest.mark.network
|
|
|
|
logger = logging.getLogger("aiohttp.web")
|
|
|
|
Index: truststore-0.8.0/tests/test_api.py
|
|
===================================================================
|
|
--- truststore-0.8.0.orig/tests/test_api.py
|
|
+++ truststore-0.8.0/tests/test_api.py
|
|
@@ -27,8 +27,8 @@ pytestmark = pytest.mark.flaky
|
|
# if the client drops the connection due to a cert verification error
|
|
socket.setdefaulttimeout(10)
|
|
|
|
-successful_hosts = pytest.mark.parametrize("host", ["example.com", "1.1.1.1"])
|
|
|
|
+successful_hosts = pytest.mark.network
|
|
|
|
@dataclass
|
|
class FailureHost:
|
|
@@ -118,9 +118,7 @@ failure_hosts_list = [
|
|
),
|
|
]
|
|
|
|
-failure_hosts_no_revocation = pytest.mark.parametrize(
|
|
- "failure", failure_hosts_list.copy(), ids=attrgetter("host")
|
|
-)
|
|
+failure_hosts_no_revocation = pytest.mark.network
|
|
|
|
if platform.system() != "Linux":
|
|
failure_hosts_list.append(
|
|
@@ -139,9 +137,7 @@ if platform.system() != "Linux":
|
|
)
|
|
)
|
|
|
|
-failure_hosts = pytest.mark.parametrize(
|
|
- "failure", failure_hosts_list, ids=attrgetter("host")
|
|
-)
|
|
+failure_hosts = pytest.mark.network
|
|
|
|
|
|
@pytest.fixture(scope="session")
|
|
@@ -317,7 +313,7 @@ def test_trustme_cert_loaded_via_capath(
|
|
assert resp.status == 200
|
|
assert len(resp.data) > 0
|
|
|
|
-
|
|
+@pytest.mark.network
|
|
def test_trustme_cert_still_uses_system_certs(trustme_ca):
|
|
ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
|
|
trustme_ca.configure_trust(ctx)
|
|
Index: truststore-0.8.0/tests/test_sslcontext.py
|
|
===================================================================
|
|
--- truststore-0.8.0.orig/tests/test_sslcontext.py
|
|
+++ truststore-0.8.0/tests/test_sslcontext.py
|
|
@@ -7,7 +7,7 @@ from urllib3.exceptions import InsecureR
|
|
|
|
import truststore
|
|
|
|
-
|
|
+@pytest.mark.network
|
|
def test_minimum_maximum_version():
|
|
ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
|
|
ctx.maximum_version = ssl.TLSVersion.TLSv1_2
|
|
@@ -24,6 +24,7 @@ def test_minimum_maximum_version():
|
|
assert ctx.maximum_version == ssl.TLSVersion.TLSv1_2
|
|
|
|
|
|
+@pytest.mark.network
|
|
def test_check_hostname_false():
|
|
ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
|
|
assert ctx.check_hostname is True
|
|
@@ -35,6 +36,7 @@ def test_check_hostname_false():
|
|
assert "match" in str(e.value)
|
|
|
|
|
|
+@pytest.mark.network
|
|
def test_verify_mode_cert_none():
|
|
ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
|
|
assert ctx.check_hostname is True
|