[Python-checkins] bpo-35045: Accept TLSv1 default in min max test (GH-11510)
Miss Islington (bot)
webhook-mailer at python.org
Fri Jan 18 10:29:13 EST 2019
https://github.com/python/cpython/commit/6ca7183b3549d3eaa8a0c3b73255eeac24d7974d
commit: 6ca7183b3549d3eaa8a0c3b73255eeac24d7974d
branch: 3.7
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: GitHub <noreply at github.com>
date: 2019-01-18T07:29:08-08:00
summary:
bpo-35045: Accept TLSv1 default in min max test (GH-11510)
Make ssl tests less strict and also accept TLSv1 as system default. The
changes unbreaks test_min_max_version on Fedora 29.
Signed-off-by: Christian Heimes <christian at python.org>
(cherry picked from commit 34de2d312b3687994ddbc29adb66e88f672034c7)
Co-authored-by: Christian Heimes <christian at python.org>
files:
A Misc/NEWS.d/next/Tests/2019-01-10-18-35-42.bpo-35045.qdd6d9.rst
M Lib/test/test_ssl.py
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index b6794ce3a817..38ecddd07d98 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -1108,8 +1108,11 @@ def test_hostname_checks_common_name(self):
"required OpenSSL 1.1.0g")
def test_min_max_version(self):
ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
- self.assertEqual(
- ctx.minimum_version, ssl.TLSVersion.MINIMUM_SUPPORTED
+ # OpenSSL default is MINIMUM_SUPPORTED, however some vendors like
+ # Fedora override the setting to TLS 1.0.
+ self.assertIn(
+ ctx.minimum_version,
+ {ssl.TLSVersion.MINIMUM_SUPPORTED, ssl.TLSVersion.TLSv1}
)
self.assertEqual(
ctx.maximum_version, ssl.TLSVersion.MAXIMUM_SUPPORTED
diff --git a/Misc/NEWS.d/next/Tests/2019-01-10-18-35-42.bpo-35045.qdd6d9.rst b/Misc/NEWS.d/next/Tests/2019-01-10-18-35-42.bpo-35045.qdd6d9.rst
new file mode 100644
index 000000000000..630a22d77868
--- /dev/null
+++ b/Misc/NEWS.d/next/Tests/2019-01-10-18-35-42.bpo-35045.qdd6d9.rst
@@ -0,0 +1,2 @@
+Make ssl tests less strict and also accept TLSv1 as system default. The
+changes unbreaks test_min_max_version on Fedora 29.
More information about the Python-checkins
mailing list