From 23f39952f5c5d824a7e55b2a035311d74d275a26 Mon Sep 17 00:00:00 2001
From: Victor Stinner <vstinner@redhat.com>
Date: Feb 03 2019 12:37:59 +0000
Subject: test_ssl fixes for TLS 1.3 and OpenSSL 1.1.1


Without this patch, test_ssl fails randomly.

Resolves: rhbz#1639531

---

diff --git a/00318-test-ssl-fix-for-tls-13.patch b/00318-test-ssl-fix-for-tls-13.patch
new file mode 100644
index 0000000..7b00d75
--- /dev/null
+++ b/00318-test-ssl-fix-for-tls-13.patch
@@ -0,0 +1,44 @@
+bpo-32947: test_ssl fixes for TLS 1.3 and OpenSSL 1.1.1
+
+Backport partially commit 529525fb5a8fd9b96ab4021311a598c77588b918:
+complete the previous partial backport (commit
+2a4ee8aa01d61b6a9c8e9c65c211e61bdb471826.
+
+Reported upstream:
+
+* https://bugs.python.org/issue32947#msg333990
+* https://github.com/python/cpython/pull/11612
+
+diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
+index 7f8f636..05c09a6 100644
+--- a/Lib/test/test_ssl.py
++++ b/Lib/test/test_ssl.py
+@@ -2021,6 +2021,16 @@ if _have_threads:
+                                 sys.stdout.write(" server: read %r (%s), sending back %r (%s)...\n"
+                                                  % (msg, ctype, msg.lower(), ctype))
+                             self.write(msg.lower())
++                    except ConnectionResetError:
++                        # XXX: OpenSSL 1.1.1 sometimes raises ConnectionResetError
++                        # when connection is not shut down gracefully.
++                        if self.server.chatty and support.verbose:
++                            sys.stdout.write(
++                                " Connection reset by peer: {}\n".format(
++                                    self.addr)
++                            )
++                        self.close()
++                        self.running = False
+                     except OSError:
+                         if self.server.chatty:
+                             handle_error("Test server failure:\n")
+@@ -2100,6 +2110,11 @@ if _have_threads:
+                     pass
+                 except KeyboardInterrupt:
+                     self.stop()
++                except BaseException as e:
++                    if support.verbose and self.chatty:
++                        sys.stdout.write(
++                            ' connection handling failed: ' + repr(e) + '\n')
++
+             self.sock.close()
+
+         def stop(self):
diff --git a/python36.spec b/python36.spec
index d4ce115..0a86f6b 100644
--- a/python36.spec
+++ b/python36.spec
@@ -356,6 +356,11 @@ Patch294: 00294-define-TLS-cipher-suite-on-build-time.patch
 # Fixed upstream https://bugs.python.org/issue35746
 Patch317: 00317-CVE-2019-5010.patch
 
+# 00318 #
+# test_ssl fixes for TLS 1.3 and OpenSSL 1.1.1
+# https://bugzilla.redhat.com/show_bug.cgi?id=1639531
+Patch318: 00318-test-ssl-fix-for-tls-13.patch
+
 # (New patches go here ^^^)
 #
 # When adding new patches to "python" and "python3" in Fedora, EL, etc.,
@@ -682,6 +687,7 @@ rm Lib/ensurepip/_bundled/*.whl
 %patch292 -p1
 %patch294 -p1
 %patch317 -p1
+%patch318 -p1
 
 
 # Remove files that should be generated by the build