mirror of
https://github.com/python/cpython.git
synced 2025-08-16 14:50:43 +00:00
[3.9] gh-94208: Add more TLS version/protocol checks for FreeBSD (GH-94347) (GH-95312)
Three test cases were failing on FreeBSD with latest OpenSSL.
(cherry picked from commit 1bc86c2625)
Co-authored-by: Christian Heimes <christian@python.org>
This commit is contained in:
Łukasz Langa
GitHub
parent
cd0a59f1fa
commit
017080f0fa
2 changed files with 34 additions and 24 deletions
|
|
@ -4,7 +4,7 @@ import sys
|
||||||
import unittest
|
import unittest
|
||||||
import unittest.mock
|
import unittest.mock
|
||||||
from test import support
|
from test import support
|
||||||
from test.support import socket_helper
|
from test.support import socket_helper, warnings_helper
|
||||||
import socket
|
import socket
|
||||||
import select
|
import select
|
||||||
import time
|
import time
|
||||||
|
|
@ -1129,8 +1129,12 @@ class ContextTests(unittest.TestCase):
|
||||||
|
|
||||||
def test_constructor(self):
|
def test_constructor(self):
|
||||||
for protocol in PROTOCOLS:
|
for protocol in PROTOCOLS:
|
||||||
ssl.SSLContext(protocol)
|
if has_tls_protocol(protocol):
|
||||||
ctx = ssl.SSLContext()
|
with warnings_helper.check_warnings():
|
||||||
|
ctx = ssl.SSLContext(protocol)
|
||||||
|
self.assertEqual(ctx.protocol, protocol)
|
||||||
|
with warnings_helper.check_warnings():
|
||||||
|
ctx = ssl.SSLContext()
|
||||||
self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLS)
|
self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLS)
|
||||||
self.assertRaises(ValueError, ssl.SSLContext, -1)
|
self.assertRaises(ValueError, ssl.SSLContext, -1)
|
||||||
self.assertRaises(ValueError, ssl.SSLContext, 42)
|
self.assertRaises(ValueError, ssl.SSLContext, 42)
|
||||||
|
|
@ -1281,7 +1285,7 @@ class ContextTests(unittest.TestCase):
|
||||||
ctx.maximum_version = ssl.TLSVersion.MINIMUM_SUPPORTED
|
ctx.maximum_version = ssl.TLSVersion.MINIMUM_SUPPORTED
|
||||||
self.assertIn(
|
self.assertIn(
|
||||||
ctx.maximum_version,
|
ctx.maximum_version,
|
||||||
{ssl.TLSVersion.TLSv1, ssl.TLSVersion.SSLv3}
|
{ssl.TLSVersion.TLSv1, ssl.TLSVersion.TLSv1_1, ssl.TLSVersion.SSLv3}
|
||||||
)
|
)
|
||||||
|
|
||||||
ctx.minimum_version = ssl.TLSVersion.MAXIMUM_SUPPORTED
|
ctx.minimum_version = ssl.TLSVersion.MAXIMUM_SUPPORTED
|
||||||
|
|
@ -1293,19 +1297,19 @@ class ContextTests(unittest.TestCase):
|
||||||
with self.assertRaises(ValueError):
|
with self.assertRaises(ValueError):
|
||||||
ctx.minimum_version = 42
|
ctx.minimum_version = 42
|
||||||
|
|
||||||
ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_1)
|
if has_tls_protocol(ssl.PROTOCOL_TLSv1_1):
|
||||||
|
ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_1)
|
||||||
self.assertIn(
|
|
||||||
ctx.minimum_version, minimum_range
|
|
||||||
)
|
|
||||||
self.assertEqual(
|
|
||||||
ctx.maximum_version, ssl.TLSVersion.MAXIMUM_SUPPORTED
|
|
||||||
)
|
|
||||||
with self.assertRaises(ValueError):
|
|
||||||
ctx.minimum_version = ssl.TLSVersion.MINIMUM_SUPPORTED
|
|
||||||
with self.assertRaises(ValueError):
|
|
||||||
ctx.maximum_version = ssl.TLSVersion.TLSv1
|
|
||||||
|
|
||||||
|
self.assertIn(
|
||||||
|
ctx.minimum_version, minimum_range
|
||||||
|
)
|
||||||
|
self.assertEqual(
|
||||||
|
ctx.maximum_version, ssl.TLSVersion.MAXIMUM_SUPPORTED
|
||||||
|
)
|
||||||
|
with self.assertRaises(ValueError):
|
||||||
|
ctx.minimum_version = ssl.TLSVersion.MINIMUM_SUPPORTED
|
||||||
|
with self.assertRaises(ValueError):
|
||||||
|
ctx.maximum_version = ssl.TLSVersion.TLSv1
|
||||||
|
|
||||||
@unittest.skipUnless(have_verify_flags(),
|
@unittest.skipUnless(have_verify_flags(),
|
||||||
"verify_flags need OpenSSL > 0.9.8")
|
"verify_flags need OpenSSL > 0.9.8")
|
||||||
|
|
@ -1692,10 +1696,12 @@ class ContextTests(unittest.TestCase):
|
||||||
self.assertFalse(ctx.check_hostname)
|
self.assertFalse(ctx.check_hostname)
|
||||||
self._assert_context_options(ctx)
|
self._assert_context_options(ctx)
|
||||||
|
|
||||||
ctx = ssl._create_stdlib_context(ssl.PROTOCOL_TLSv1)
|
if has_tls_protocol(ssl.PROTOCOL_TLSv1):
|
||||||
self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLSv1)
|
with warnings_helper.check_warnings():
|
||||||
self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
|
ctx = ssl._create_stdlib_context(ssl.PROTOCOL_TLSv1)
|
||||||
self._assert_context_options(ctx)
|
self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLSv1)
|
||||||
|
self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
|
||||||
|
self._assert_context_options(ctx)
|
||||||
|
|
||||||
ctx = ssl._create_stdlib_context(ssl.PROTOCOL_TLSv1,
|
ctx = ssl._create_stdlib_context(ssl.PROTOCOL_TLSv1,
|
||||||
cert_reqs=ssl.CERT_REQUIRED,
|
cert_reqs=ssl.CERT_REQUIRED,
|
||||||
|
|
@ -3411,10 +3417,12 @@ class ThreadedTests(unittest.TestCase):
|
||||||
client_options=ssl.OP_NO_TLSv1_2)
|
client_options=ssl.OP_NO_TLSv1_2)
|
||||||
|
|
||||||
try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLSv1_2, 'TLSv1.2')
|
try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLSv1_2, 'TLSv1.2')
|
||||||
try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1, False)
|
if has_tls_protocol(ssl.PROTOCOL_TLSv1):
|
||||||
try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1_2, False)
|
try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1, False)
|
||||||
try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1_1, False)
|
try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1_2, False)
|
||||||
try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLSv1_2, False)
|
if has_tls_protocol(ssl.PROTOCOL_TLSv1_1):
|
||||||
|
try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1_1, False)
|
||||||
|
try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLSv1_2, False)
|
||||||
|
|
||||||
def test_starttls(self):
|
def test_starttls(self):
|
||||||
"""Switching from clear text to encrypted and back again."""
|
"""Switching from clear text to encrypted and back again."""
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,2 @@
|
||||||
|
``test_ssl`` is now checking for supported TLS version and protocols in more
|
||||||
|
tests.
|
||||||
Loading…
Add table
Add a link
Reference in a new issue