diff --git a/openssl-1_1_1-compat.patch b/openssl-1_1_1-compat.patch deleted file mode 100644 index 832f109..0000000 --- a/openssl-1_1_1-compat.patch +++ /dev/null @@ -1,142 +0,0 @@ ---- a/tests/test_ssl.py -+++ b/tests/test_ssl.py -@@ -39,6 +39,8 @@ from tests.fips import fips_mode - - log = logging.getLogger('test_SSL') - -+OPENSSL111=m2.OPENSSL_VERSION_NUMBER > 0x10101000 -+ - # FIXME - # It would be probably better if the port was randomly selected. - # https://fedorahosted.org/libuser/browser/tests/alloc_port.c -@@ -167,6 +169,7 @@ class HttpslibSSLClientTestCase(BaseSSLC - self.stop_server(pid) - self.assertIn('s_server -quiet -www', six.ensure_text(data)) - -+ @unittest.skipIf(OPENSSL111, "Doesn't work with OpenSSL 1.1.1") - def test_HTTPSConnection_resume_session(self): - pid = self.start_server(self.args) - try: -@@ -199,7 +202,8 @@ class HttpslibSSLClientTestCase(BaseSSLC - data = six.ensure_text(c2.getresponse().read()) - c.close() - c2.close() -- self.assertEqual(t, t2, "Sessions did not match") -+ self.assertEqual(t, t2, -+ "Sessions did not match: t = %s, t2 = %s" % (t, t2,)) - finally: - self.stop_server(pid) - self.assertIn('s_server -quiet -www', data) -@@ -430,9 +434,10 @@ class MiscSSLClientTestCase(BaseSSLClien - ctx = SSL.Context() - s = SSL.Connection(ctx) - s.set_cipher_list('AES128-SHA') -- with six.assertRaisesRegex(self, SSL.SSLError, -- 'sslv3 alert handshake failure'): -- s.connect(self.srv_addr) -+ if not OPENSSL111: -+ with six.assertRaisesRegex(self, SSL.SSLError, -+ 'sslv3 alert handshake failure'): -+ s.connect(self.srv_addr) - s.close() - finally: - self.stop_server(pid) -@@ -444,45 +449,54 @@ class MiscSSLClientTestCase(BaseSSLClien - ctx = SSL.Context() - s = SSL.Connection(ctx) - s.set_cipher_list('EXP-RC2-MD5') -- with six.assertRaisesRegex(self, SSL.SSLError, -- 'no ciphers available'): -- s.connect(self.srv_addr) -+ if not OPENSSL111: -+ with six.assertRaisesRegex(self, SSL.SSLError, -+ 'no ciphers available'): -+ s.connect(self.srv_addr) - s.close() - finally: - self.stop_server(pid) - - def test_cipher_ok(self): -- self.args = self.args + ['-cipher', 'AES128-SHA'] -+ if OPENSSL111: -+ TCIPHER = 'TLS_AES_256_GCM_SHA384' -+ else: -+ TCIPHER = 'AES128-SHA' -+ self.args = self.args + ['-cipher', TCIPHER] -+ - pid = self.start_server(self.args) - try: - ctx = SSL.Context() - s = SSL.Connection(ctx) -- s.set_cipher_list('AES128-SHA') -+ s.set_cipher_list(TCIPHER) - s.connect(self.srv_addr) - data = self.http_get(s) - -- self.assertEqual(s.get_cipher().name(), 'AES128-SHA', -+ self.assertEqual(s.get_cipher().name(), TCIPHER, - s.get_cipher().name()) - - cipher_stack = s.get_ciphers() -- self.assertEqual(cipher_stack[0].name(), 'AES128-SHA', -+ self.assertEqual(cipher_stack[0].name(), TCIPHER, - cipher_stack[0].name()) - -- with self.assertRaises(IndexError): -- cipher_stack.__getitem__(2) -+ if not OPENSSL111: -+ with self.assertRaises(IndexError): -+ cipher_stack.__getitem__(2) - - # For some reason there are 2 entries in the stack - # self.assertEqual(len(cipher_stack), 1, len(cipher_stack)) -- self.assertEqual(s.get_cipher_list(), 'AES128-SHA', -+ self.assertEqual(s.get_cipher_list(), TCIPHER, - s.get_cipher_list()) - - # Test Cipher_Stack iterator - i = 0 - for cipher in cipher_stack: - i += 1 -- self.assertEqual(cipher.name(), 'AES128-SHA', -- '"%s"' % cipher.name()) -- self.assertEqual('AES128-SHA-128', str(cipher)) -+ if not OPENSSL111: -+ cipname = cipher.name() -+ self.assertEqual(cipname, 'AES128-SHA', -+ '"%s" (%s)' % (cipname, type(cipname))) -+ self.assertEqual('AES128-SHA-128', str(cipher)) - # For some reason there are 2 entries in the stack - # self.assertEqual(i, 1, i) - self.assertEqual(i, len(cipher_stack)) -@@ -754,8 +768,9 @@ class MiscSSLClientTestCase(BaseSSLClien - 9) - ctx.load_verify_locations('tests/ca.pem') - s = SSL.Connection(ctx) -- with self.assertRaises(SSL.SSLError): -- s.connect(self.srv_addr) -+ if not OPENSSL111: -+ with self.assertRaises(SSL.SSLError): -+ s.connect(self.srv_addr) - s.close() - finally: - self.stop_server(pid) -@@ -1045,7 +1060,7 @@ class TwistedSSLClientTestCase(BaseSSLCl - - # TODO: Figure out which exception should be raised for timeout. - # The following assertion originally expected only a -- # SSL.SSLTimeoutError exception, but what is raised is actually a -+ # SSL.SSLTimeoutError exception, but what is raised is actually a - # socket.timeout exception. As a temporary circumvention to this - # issue, both exceptions are now tolerated. A final fix would need - # to figure out which of these two exceptions is supposed to be ---- a/tests/test_evp.py -+++ b/tests/test_evp.py -@@ -465,7 +465,6 @@ class CipherTestCase(unittest.TestCase): - - for key_size in [128, 192, 256]: - alg = 'aes_%s_ctr' % str(key_size) -- log.info('Testing cipher %s', alg) - - # Our key for this test is 256 bits in length (32 bytes). - # We will trim it to the appopriate length for testing AES-128