m2crypto/test_ssl.patch

diff -urN M2Crypto-0.35.2.orig/tests/test_ssl.py M2Crypto-0.35.2/tests/test_ssl.py
--- M2Crypto-0.35.2.orig/tests/test_ssl.py	2021-03-10 15:32:16.986467989 +0300
+++ M2Crypto-0.35.2/tests/test_ssl.py	2021-03-10 16:10:01.466608064 +0300
@@ -32,7 +32,7 @@
 import warnings
 
 from M2Crypto import (Err, Rand, SSL, X509, ftpslib, httpslib, m2, m2urllib,
-                      m2urllib2, m2xmlrpclib, py27plus, six)
+                      m2urllib2, m2xmlrpclib, six)
 from M2Crypto.SSL.timeout import DEFAULT_TIMEOUT
 from tests import unittest
 from tests.fips import fips_mode
@@ -59,8 +59,13 @@
 
 
 def verify_cb_new_function(ok, store):
-    assert not ok
     err = store.get_error()
+    # If err is X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, then instead of
+    # aborting, this callback is called to retrieve additional error
+    # information.  In this case, ok might not be False.
+    # See https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58
+    if err != m2.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
+        assert not ok
     assert err in [m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT,
                    m2.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
                    m2.X509_V_ERR_CERT_UNTRUSTED,
@@ -397,6 +402,7 @@
 
     # TLS is required in FIPS mode
     @unittest.skipIf(fips_mode, "Can't be run in FIPS mode")
+    @unittest.skipIf(OPENSSL111, "Doesn't work with OpenSSL 1.1.1")
     def test_tls1_nok(self):
         self.args.append('-no_tls1')
         pid = self.start_server(self.args)
@@ -412,6 +418,7 @@
         finally:
             self.stop_server(pid)
 
+    @unittest.skipIf(OPENSSL111, "Doesn't work with OpenSSL 1.1.1")
     def test_tls1_ok(self):
         self.args.append('-tls1')
         pid = self.start_server(self.args)
@@ -618,7 +625,12 @@
 
     def verify_cb_old(self, ctx_ptr, x509_ptr, err, depth, ok):
         try:
-            self.assertFalse(ok)
+            # If err is X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, then instead of
+            # aborting, this callback is called to retrieve additional error
+            # information.  In this case, ok might not be False.
+            # See https://github.com/openssl/openssl/commit/2e06150e3928daa06d5ff70c32bffad8088ebe58
+            if err != m2.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
+                self.assertFalse(ok)
             self.assertIn(err,
                           [m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT,
                            m2.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
@@ -1047,8 +1059,6 @@
             self.stop_server(pid)
 
 
-@unittest.skipUnless(py27plus,
-                     "Twisted doesn't test well with Python 2.6")
 class TwistedSSLClientTestCase(BaseSSLClientTestCase):
 
     def test_timeout(self):
@@ -1211,21 +1221,20 @@
 
 def suite():
     suite = unittest.TestSuite()
-    suite.addTest(unittest.makeSuite(SessionTestCase))
-    suite.addTest(unittest.makeSuite(XmlRpcLibTestCase))
-    suite.addTest(unittest.makeSuite(FtpsLibTestCase))
-    suite.addTest(unittest.makeSuite(PassSSLClientTestCase))
-    suite.addTest(unittest.makeSuite(HttpslibSSLClientTestCase))
-    suite.addTest(unittest.makeSuite(HttpslibSSLSNIClientTestCase))
-    suite.addTest(unittest.makeSuite(UrllibSSLClientTestCase))
-    suite.addTest(unittest.makeSuite(Urllib2SSLClientTestCase))
-    suite.addTest(unittest.makeSuite(Urllib2TEChunkedSSLClientTestCase))
-    suite.addTest(unittest.makeSuite(MiscSSLClientTestCase))
-    suite.addTest(unittest.makeSuite(FtpslibTestCase))
+    suite.addTest(unittest.TestLoader().loadTestsFromTestCase(SessionTestCase))
+    suite.addTest(unittest.TestLoader().loadTestsFromTestCase(XmlRpcLibTestCase))
+    suite.addTest(unittest.TestLoader().loadTestsFromTestCase(FtpsLibTestCase))
+    suite.addTest(unittest.TestLoader().loadTestsFromTestCase(PassSSLClientTestCase))
+    suite.addTest(unittest.TestLoader().loadTestsFromTestCase(HttpslibSSLClientTestCase))
+    suite.addTest(unittest.TestLoader().loadTestsFromTestCase(HttpslibSSLSNIClientTestCase))
+    suite.addTest(unittest.TestLoader().loadTestsFromTestCase(UrllibSSLClientTestCase))
+    suite.addTest(unittest.TestLoader().loadTestsFromTestCase(Urllib2SSLClientTestCase))
+    suite.addTest(unittest.TestLoader().loadTestsFromTestCase(Urllib2TEChunkedSSLClientTestCase))
+    suite.addTest(unittest.TestLoader().loadTestsFromTestCase(MiscSSLClientTestCase))
+    suite.addTest(unittest.TestLoader().loadTestsFromTestCase(FtpslibTestCase))
     try:
-        if py27plus:
-            import M2Crypto.SSL.TwistedProtocolWrapper as wrapper  # noqa
-            suite.addTest(unittest.makeSuite(TwistedSSLClientTestCase))
+        import M2Crypto.SSL.TwistedProtocolWrapper as wrapper  # noqa
+        suite.addTest(unittest.TestLoader().loadTestsFromTestCase(TwistedSSLClientTestCase))
     except ImportError:
         pass
     return suite