bpo-41195: Add getter for Openssl security level (GH-21282)

Add an accessor under SSLContext.security_level as a wrapper around SSL_CTX_get_security_level, see: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_get_security_level.html ------ This is my first time contributing, so please pull me up on all the things I missed or did incorrectly. Automerge-Triggered-By: @tiran
2025-11-03 03:22:27 +00:00 · 2020-07-17 09:59:15 +01:00 · 2020-07-17 09:59:15 +01:00 · 8e836bb21c
commit 8e836bb21c
parent 38d3864efe
4 changed files with 44 additions and 0 deletions
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@ -1270,6 +1270,25 @@ class ContextTests(unittest.TestCase):
            ctx.maximum_version = ssl.TLSVersion.TLSv1


+    @unittest.skipUnless(
+        hasattr(ssl.SSLContext, 'security_level'),
+        "requires OpenSSL >= 1.1.0"
+    )
+    def test_security_level(self):
+        ctx = ssl.SSLContext()
+        # The default security callback allows for levels between 0-5
+        # with OpenSSL defaulting to 1, however some vendors override the
+        # default value (e.g. Debian defaults to 2)
+        security_level_range = {
+            0,
+            1, # OpenSSL default
+            2, # Debian
+            3,
+            4,
+            5,
+        }
+        self.assertIn(ctx.security_level, security_level_range)
+
    @unittest.skipUnless(have_verify_flags(),
                         "verify_flags need OpenSSL > 0.9.8")
    def test_verify_flags(self):