|
 |
64324fa |
bpo-36576: Skip test_ssl and test_asyncio tests failing with OpenSSL 1.1.1
|
|
|
64324fa |
|
|
|
64324fa |
Some test_ssl and test_asyncio are written for OpenSSL 1.0 and TLS
|
|
|
64324fa |
1.0, but fail with OpenSSL 1.1.1 and TLS 1.3.
|
|
|
64324fa |
|
|
|
64324fa |
Fixing these needs require to backport new ssl flags like
|
|
|
64324fa |
ssl.OP_NO_TLSv1_3 or ssl.OP_NO_COMPRESSION which cannot be done in a
|
|
|
64324fa |
minor 3.5.x release. Moreover, it is not really worth it: the code
|
|
|
64324fa |
works fine, issues are in the tests.
|
|
|
64324fa |
|
|
|
64324fa |
Backport of: https://github.com/python/cpython/pull/12694
|
|
|
64324fa |
|
|
|
64324fa |
Resolves: rhbz#1685609
|
|
|
64324fa |
|
|
|
64324fa |
diff --git a/Lib/test/test_asyncio/test_events.py b/Lib/test/test_asyncio/test_events.py
|
|
|
64324fa |
index 6373618..3db3707 100644
|
|
|
64324fa |
--- a/Lib/test/test_asyncio/test_events.py
|
|
|
64324fa |
+++ b/Lib/test/test_asyncio/test_events.py
|
|
|
64324fa |
@@ -33,6 +33,12 @@ except ImportError:
|
|
|
64324fa |
from asyncio import test_support as support
|
|
|
64324fa |
|
|
|
64324fa |
|
|
|
64324fa |
+if ssl is not None:
|
|
|
64324fa |
+ IS_OPENSSL_1_1_1 = ssl.OPENSSL_VERSION_INFO >= (1, 1, 1)
|
|
|
64324fa |
+else:
|
|
|
64324fa |
+ IS_OPENSSL_1_1_1 = False
|
|
|
64324fa |
+
|
|
|
64324fa |
+
|
|
|
64324fa |
def data_file(filename):
|
|
|
64324fa |
if hasattr(support, 'TEST_HOME_DIR'):
|
|
|
64324fa |
fullname = os.path.join(support.TEST_HOME_DIR, filename)
|
|
|
64324fa |
@@ -1049,6 +1055,7 @@ class EventLoopTestsMixin:
|
|
|
64324fa |
self.test_create_unix_server_ssl_verify_failed()
|
|
|
64324fa |
|
|
|
64324fa |
@unittest.skipIf(ssl is None, 'No ssl module')
|
|
|
64324fa |
+ @unittest.skipIf(IS_OPENSSL_1_1_1, "bpo-36576: fail on OpenSSL 1.1.1")
|
|
|
64324fa |
def test_create_server_ssl_match_failed(self):
|
|
|
64324fa |
proto = MyProto(loop=self.loop)
|
|
|
64324fa |
server, host, port = self._make_ssl_server(
|
|
|
64324fa |
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
|
|
|
64324fa |
index 401cc2f..8edf055 100644
|
|
|
64324fa |
--- a/Lib/test/test_ssl.py
|
|
|
64324fa |
+++ b/Lib/test/test_ssl.py
|
|
|
64324fa |
@@ -24,6 +24,7 @@ ssl = support.import_module("ssl")
|
|
|
64324fa |
PROTOCOLS = sorted(ssl._PROTOCOL_NAMES)
|
|
|
64324fa |
HOST = support.HOST
|
|
|
64324fa |
IS_LIBRESSL = ssl.OPENSSL_VERSION.startswith('LibreSSL')
|
|
|
64324fa |
+IS_OPENSSL_1_1_1 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 1)
|
|
|
64324fa |
|
|
|
64324fa |
|
|
|
64324fa |
def data_file(*name):
|
|
|
64324fa |
@@ -697,6 +698,7 @@ class ContextTests(unittest.TestCase):
|
|
|
64324fa |
ctx.set_ciphers("^$:,;?*'dorothyx")
|
|
|
64324fa |
|
|
|
64324fa |
@skip_if_broken_ubuntu_ssl
|
|
|
64324fa |
+ @unittest.skipIf(IS_OPENSSL_1_1_1, "bpo-36576: fail on OpenSSL 1.1.1")
|
|
|
64324fa |
def test_options(self):
|
|
|
64324fa |
ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
|
|
|
64324fa |
# OP_ALL | OP_NO_SSLv2 | OP_NO_SSLv3 is the default value
|
|
|
64324fa |
@@ -2655,6 +2657,7 @@ else:
|
|
|
64324fa |
self.assertIn("no shared cipher", str(server.conn_errors[0]))
|
|
|
64324fa |
|
|
|
64324fa |
@unittest.skipUnless(ssl.HAS_ECDH, "test requires ECDH-enabled OpenSSL")
|
|
|
64324fa |
+ @unittest.skipIf(IS_OPENSSL_1_1_1, "bpo-36576: fail on OpenSSL 1.1.1")
|
|
|
64324fa |
def test_default_ecdh_curve(self):
|
|
|
64324fa |
# Issue #21015: elliptic curve-based Diffie Hellman key exchange
|
|
|
64324fa |
# should be enabled by default on SSL contexts.
|