[3.9] gh-94208: Add more TLS version/protocol checks for FreeBSD (GH-94347) (GH-95312)

Three test cases were failing on FreeBSD with latest OpenSSL. (cherry picked from commit 1bc86c2625) Co-authored-by: Christian Heimes <christian@python.org>
2025-08-16 06:40:56 +00:00 · 2022-07-27 23:43:02 +02:00 · 2022-07-27 23:43:02 +02:00 · 017080f0fa
commit 017080f0fa
parent cd0a59f1fa
2 changed files with 34 additions and 24 deletions
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@ -4,7 +4,7 @@ import sys
 import unittest
 import unittest.mock
 from test import support
-from test.support import socket_helper
+from test.support import socket_helper, warnings_helper
 import socket
 import select
 import time
@ -1129,7 +1129,11 @@ class ContextTests(unittest.TestCase):

    def test_constructor(self):
        for protocol in PROTOCOLS:
-            ssl.SSLContext(protocol)
+            if has_tls_protocol(protocol):
+                with warnings_helper.check_warnings():
+                    ctx = ssl.SSLContext(protocol)
+                self.assertEqual(ctx.protocol, protocol)
+        with warnings_helper.check_warnings():
            ctx = ssl.SSLContext()
        self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLS)
        self.assertRaises(ValueError, ssl.SSLContext, -1)
@ -1281,7 +1285,7 @@ class ContextTests(unittest.TestCase):
        ctx.maximum_version = ssl.TLSVersion.MINIMUM_SUPPORTED
        self.assertIn(
            ctx.maximum_version,
-            {ssl.TLSVersion.TLSv1, ssl.TLSVersion.SSLv3}
+            {ssl.TLSVersion.TLSv1, ssl.TLSVersion.TLSv1_1, ssl.TLSVersion.SSLv3}
        )

        ctx.minimum_version = ssl.TLSVersion.MAXIMUM_SUPPORTED
@ -1293,6 +1297,7 @@ class ContextTests(unittest.TestCase):
        with self.assertRaises(ValueError):
            ctx.minimum_version = 42

+        if has_tls_protocol(ssl.PROTOCOL_TLSv1_1):
            ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_1)

            self.assertIn(
@ -1306,7 +1311,6 @@ class ContextTests(unittest.TestCase):
            with self.assertRaises(ValueError):
                ctx.maximum_version = ssl.TLSVersion.TLSv1

-
    @unittest.skipUnless(have_verify_flags(),
                         "verify_flags need OpenSSL > 0.9.8")
    def test_verify_flags(self):
@ -1692,6 +1696,8 @@ class ContextTests(unittest.TestCase):
        self.assertFalse(ctx.check_hostname)
        self._assert_context_options(ctx)

+        if has_tls_protocol(ssl.PROTOCOL_TLSv1):
+            with warnings_helper.check_warnings():
                ctx = ssl._create_stdlib_context(ssl.PROTOCOL_TLSv1)
            self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLSv1)
            self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
@ -3411,8 +3417,10 @@ class ThreadedTests(unittest.TestCase):
                           client_options=ssl.OP_NO_TLSv1_2)

        try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLSv1_2, 'TLSv1.2')
+        if has_tls_protocol(ssl.PROTOCOL_TLSv1):
            try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1, False)
            try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1_2, False)
+        if has_tls_protocol(ssl.PROTOCOL_TLSv1_1):
            try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1_1, False)
            try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLSv1_2, False)

--- a/Misc/NEWS.d/next/Tests/2022-06-27-21-27-20.gh-issue-94208.VR6HX-.rst
+++ b/Misc/NEWS.d/next/Tests/2022-06-27-21-27-20.gh-issue-94208.VR6HX-.rst
@ -0,0 +1,2 @@
+``test_ssl`` is now checking for supported TLS version and protocols in more
+tests.