[Python-checkins] [3.8] bpo-43791: Skip TLS 1.0/1.1 tests under OpenSSL 3.0.0 (GH-25304) (GH-25308)

miss-islington webhook-mailer at python.org
Fri Apr 9 10:02:13 EDT 2021


https://github.com/python/cpython/commit/4e710d1c88cbebdb17578de00997457b3b26874d
commit: 4e710d1c88cbebdb17578de00997457b3b26874d
branch: 3.8
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: miss-islington <31488909+miss-islington at users.noreply.github.com>
date: 2021-04-09T07:02:03-07:00
summary:

[3.8] bpo-43791: Skip TLS 1.0/1.1 tests under OpenSSL 3.0.0 (GH-25304) (GH-25308)



Signed-off-by: Christian Heimes <christian at python.org>
(cherry picked from commit 5151d642004c59cce58d669be85d9a5e987f51d3)


Co-authored-by: Christian Heimes <christian at python.org>

Automerge-Triggered-By: GH:tiran

files:
A Misc/NEWS.d/next/Tests/2021-04-09-15-10-38.bpo-43791.4KxiXK.rst
M Lib/test/test_ssl.py

diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index ec7bb74d28ce6..292794c69b5a0 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -34,6 +34,7 @@
 IS_LIBRESSL = ssl.OPENSSL_VERSION.startswith('LibreSSL')
 IS_OPENSSL_1_1_0 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0)
 IS_OPENSSL_1_1_1 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 1)
+IS_OPENSSL_3_0_0 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (3, 0, 0)
 PY_SSL_DEFAULT_CIPHERS = sysconfig.get_config_var('PY_SSL_DEFAULT_CIPHERS')
 
 PROTOCOL_TO_TLS_VERSION = {}
@@ -204,6 +205,10 @@ def has_tls_version(version):
     if not getattr(ssl, f'HAS_{version.name}'):
         return False
 
+    if IS_OPENSSL_3_0_0 and version < ssl.TLSVersion.TLSv1_2:
+        # bpo43791: 3.0.0-alpha14 fails with TLSV1_ALERT_INTERNAL_ERROR
+        return False
+
     # check runtime and dynamic crypto policy settings. A TLS version may
     # be compiled in but disabled by a policy or config option.
     ctx = ssl.SSLContext()
diff --git a/Misc/NEWS.d/next/Tests/2021-04-09-15-10-38.bpo-43791.4KxiXK.rst b/Misc/NEWS.d/next/Tests/2021-04-09-15-10-38.bpo-43791.4KxiXK.rst
new file mode 100644
index 0000000000000..964ae5abb3d88
--- /dev/null
+++ b/Misc/NEWS.d/next/Tests/2021-04-09-15-10-38.bpo-43791.4KxiXK.rst
@@ -0,0 +1,2 @@
+OpenSSL 3.0.0: Disable testing of legacy protocols TLS 1.0 and 1.1. Tests
+are failing with TLSV1_ALERT_INTERNAL_ERROR.



More information about the Python-checkins mailing list