gh-94208: Add more TLS version/protocol checks for FreeBSD (GH-94347)

Three test cases were failing on FreeBSD with latest OpenSSL.
2025-09-19 15:10:58 +00:00 · 2022-06-28 09:33:06 +02:00 · 2022-06-28 09:33:06 +02:00 · 1bc86c2625
commit 1bc86c2625
parent 01ef1f95da
2 changed files with 35 additions and 27 deletions
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@ -610,6 +610,8 @@ class BasicSocketTests(unittest.TestCase):
                )
        for protocol in protocols:
            if not has_tls_protocol(protocol):
                continue
            with self.subTest(protocol=protocol):
                with self.assertWarns(DeprecationWarning) as cm:
                    ssl.SSLContext(protocol)
@ -619,6 +621,8 @@ class BasicSocketTests(unittest.TestCase):
                )
        for version in versions:
            if not has_tls_version(version):
                continue
            with self.subTest(version=version):
                ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
                with self.assertWarns(DeprecationWarning) as cm:
@ -934,9 +938,10 @@ class ContextTests(unittest.TestCase):
    def test_constructor(self):
        for protocol in PROTOCOLS:
-            with warnings_helper.check_warnings():
+            if has_tls_protocol(protocol):
-                ctx = ssl.SSLContext(protocol)
+                with warnings_helper.check_warnings():
-            self.assertEqual(ctx.protocol, protocol)
+                    ctx = ssl.SSLContext(protocol)
                self.assertEqual(ctx.protocol, protocol)
        with warnings_helper.check_warnings():
            ctx = ssl.SSLContext()
        self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLS)
@ -1081,7 +1086,7 @@ class ContextTests(unittest.TestCase):
        ctx.maximum_version = ssl.TLSVersion.MINIMUM_SUPPORTED
        self.assertIn(
            ctx.maximum_version,
-            {ssl.TLSVersion.TLSv1, ssl.TLSVersion.SSLv3}
+            {ssl.TLSVersion.TLSv1, ssl.TLSVersion.TLSv1_1, ssl.TLSVersion.SSLv3}
        )
        ctx.minimum_version = ssl.TLSVersion.MAXIMUM_SUPPORTED
@ -1093,19 +1098,19 @@ class ContextTests(unittest.TestCase):
        with self.assertRaises(ValueError):
            ctx.minimum_version = 42
-        ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_1)
+        if has_tls_protocol(ssl.PROTOCOL_TLSv1_1):
-
+            ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_1)
        self.assertIn(
            ctx.minimum_version, minimum_range
        )
        self.assertEqual(
            ctx.maximum_version, ssl.TLSVersion.MAXIMUM_SUPPORTED
        )
        with self.assertRaises(ValueError):
            ctx.minimum_version = ssl.TLSVersion.MINIMUM_SUPPORTED
        with self.assertRaises(ValueError):
            ctx.maximum_version = ssl.TLSVersion.TLSv1
            self.assertIn(
                ctx.minimum_version, minimum_range
            )
            self.assertEqual(
                ctx.maximum_version, ssl.TLSVersion.MAXIMUM_SUPPORTED
            )
            with self.assertRaises(ValueError):
                ctx.minimum_version = ssl.TLSVersion.MINIMUM_SUPPORTED
            with self.assertRaises(ValueError):
                ctx.maximum_version = ssl.TLSVersion.TLSv1
    @unittest.skipUnless(
        hasattr(ssl.SSLContext, 'security_level'),
@ -1502,8 +1507,6 @@ class ContextTests(unittest.TestCase):
        self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
        self._assert_context_options(ctx)
    def test__create_stdlib_context(self):
        ctx = ssl._create_stdlib_context()
        self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLS_CLIENT)
@ -1511,11 +1514,12 @@ class ContextTests(unittest.TestCase):
        self.assertFalse(ctx.check_hostname)
        self._assert_context_options(ctx)
-        with warnings_helper.check_warnings():
+        if has_tls_protocol(ssl.PROTOCOL_TLSv1):
-            ctx = ssl._create_stdlib_context(ssl.PROTOCOL_TLSv1)
+            with warnings_helper.check_warnings():
-        self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLSv1)
+                ctx = ssl._create_stdlib_context(ssl.PROTOCOL_TLSv1)
-        self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
+            self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLSv1)
-        self._assert_context_options(ctx)
+            self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
            self._assert_context_options(ctx)
        with warnings_helper.check_warnings():
            ctx = ssl._create_stdlib_context(
@ -3249,10 +3253,12 @@ class ThreadedTests(unittest.TestCase):
                           client_options=ssl.OP_NO_TLSv1_2)
        try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLSv1_2, 'TLSv1.2')
-        try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1, False)
+        if has_tls_protocol(ssl.PROTOCOL_TLSv1):
-        try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1_2, False)
+            try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1, False)
-        try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1_1, False)
+            try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1_2, False)
-        try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLSv1_2, False)
+        if has_tls_protocol(ssl.PROTOCOL_TLSv1_1):
            try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1_1, False)
            try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLSv1_2, False)
    def test_starttls(self):
        """Switching from clear text to encrypted and back again."""
--- a/Misc/NEWS.d/next/Tests/2022-06-27-21-27-20.gh-issue-94208.VR6HX-.rst
+++ b/Misc/NEWS.d/next/Tests/2022-06-27-21-27-20.gh-issue-94208.VR6HX-.rst
@ -0,0 +1,2 @@
 ``test_ssl`` is now checking for supported TLS version and protocols in more
 tests.
		`@ -0,0 +1,2 @@`
							``test_ssl`` is now checking for supported TLS version and protocols in more
							`tests.`