89 lines
3.8 KiB
Diff
89 lines
3.8 KiB
Diff
From 6f582ba86532d842f4b9fe55427488d2ac9dd229 Mon Sep 17 00:00:00 2001
|
|
From: Victor Stinner <vstinner@redhat.com>
|
|
Date: Fri, 5 Apr 2019 10:23:04 +0200
|
|
Subject: [PATCH] bpo-36576: Skip test_ssl and test_asyncio tests failing with
|
|
OpenSSL 1.1.1
|
|
|
|
Some test_ssl and test_asyncio are written for OpenSSL 1.0 and TLS
|
|
1.0, but fail with OpenSSL 1.1.1 and TLS 1.3.
|
|
|
|
Fixing these needs require to backport new ssl flags like
|
|
ssl.OP_NO_TLSv1_3 or ssl.OP_NO_COMPRESSION which cannot be done in a
|
|
minor 3.5.x release. Moreover, it is not really worth it: the code
|
|
works fine, issues are in the tests.
|
|
---
|
|
Lib/test/test_asyncio/test_events.py | 7 +++++++
|
|
Lib/test/test_ssl.py | 5 +++++
|
|
Misc/NEWS.d/next/Tests/2019-04-05-10-34-29.bpo-36576.7Cp2kK.rst | 1 +
|
|
3 files changed, 13 insertions(+)
|
|
create mode 100644 Misc/NEWS.d/next/Tests/2019-04-05-10-34-29.bpo-36576.7Cp2kK.rst
|
|
|
|
--- a/Lib/test/test_asyncio/test_events.py
|
|
+++ b/Lib/test/test_asyncio/test_events.py
|
|
@@ -39,6 +39,12 @@ except ImportError:
|
|
from asyncio import test_support as support
|
|
|
|
|
|
+if ssl is not None:
|
|
+ IS_OPENSSL_1_1_1 = ssl.OPENSSL_VERSION_INFO >= (1, 1, 1)
|
|
+else:
|
|
+ IS_OPENSSL_1_1_1 = False
|
|
+
|
|
+
|
|
def osx_tiger():
|
|
"""Return True if the platform is Mac OS 10.4 or older."""
|
|
if sys.platform != 'darwin':
|
|
@@ -1159,6 +1165,7 @@ class EventLoopTestsMixin:
|
|
self.test_create_unix_server_ssl_verify_failed()
|
|
|
|
@unittest.skipIf(ssl is None, 'No ssl module')
|
|
+ @unittest.skipIf(IS_OPENSSL_1_1_1, "bpo-36576: fail on OpenSSL 1.1.1")
|
|
def test_create_server_ssl_match_failed(self):
|
|
proto = MyProto(loop=self.loop)
|
|
server, host, port = self._make_ssl_server(
|
|
--- a/Lib/test/test_ssl.py
|
|
+++ b/Lib/test/test_ssl.py
|
|
@@ -37,6 +37,7 @@ PROTOCOLS = sorted(ssl._PROTOCOL_NAMES)
|
|
HOST = support.HOST
|
|
IS_LIBRESSL = ssl.OPENSSL_VERSION.startswith('LibreSSL')
|
|
IS_OPENSSL_1_1 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0)
|
|
+IS_OPENSSL_1_1_1 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 1)
|
|
|
|
|
|
def data_file(*name):
|
|
@@ -961,6 +962,7 @@ class ContextTests(unittest.TestCase):
|
|
self.assertIn('AES128-GCM-SHA256', names)
|
|
|
|
@skip_if_broken_ubuntu_ssl
|
|
+ @unittest.skipIf(IS_OPENSSL_1_1_1, "bpo-36576: fail on OpenSSL 1.1.1")
|
|
def test_options(self):
|
|
ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
|
|
# OP_ALL | OP_NO_SSLv2 | OP_NO_SSLv3 is the default value
|
|
@@ -3240,6 +3242,7 @@ if _have_threads:
|
|
])
|
|
|
|
@unittest.skipUnless(ssl.HAS_ECDH, "test requires ECDH-enabled OpenSSL")
|
|
+ @unittest.skipIf(IS_OPENSSL_1_1_1, "bpo-36576: fail on OpenSSL 1.1.1")
|
|
def test_default_ecdh_curve(self):
|
|
# Issue #21015: elliptic curve-based Diffie Hellman key exchange
|
|
# should be enabled by default on SSL contexts.
|
|
@@ -3372,6 +3375,7 @@ if _have_threads:
|
|
self.assertIs(stats['client_alpn_protocol'], None)
|
|
|
|
@unittest.skipUnless(ssl.HAS_ALPN, "ALPN support needed for this test")
|
|
+ @unittest.skipIf(IS_OPENSSL_1_1_1, "bpo-36576: fail on OpenSSL 1.1.1")
|
|
def test_alpn_protocols(self):
|
|
server_protocols = ['foo', 'bar', 'milkshake']
|
|
protocol_tests = [
|
|
@@ -3553,6 +3557,7 @@ if _have_threads:
|
|
self.assertEqual(cm.exception.reason, 'TLSV1_ALERT_INTERNAL_ERROR')
|
|
self.assertIn("TypeError", stderr.getvalue())
|
|
|
|
+ @unittest.skipIf(IS_OPENSSL_1_1_1, "bpo-36576: fail on OpenSSL 1.1.1")
|
|
def test_shared_ciphers(self):
|
|
server_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
|
|
server_context.load_cert_chain(SIGNED_CERTFILE)
|
|
--- /dev/null
|
|
+++ b/Misc/NEWS.d/next/Tests/2019-04-05-10-34-29.bpo-36576.7Cp2kK.rst
|
|
@@ -0,0 +1 @@
|
|
+Skip test_ssl and test_asyncio tests failing with OpenSSL 1.1.1.
|