Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
|
cc @stratakis |
test_ssl.test_min_max_version() no longer tests the default minimum_version: it depends on the OpenSSL configuration, it is not always equal to TLSVersion.MINIMUM_SUPPORTED.
There was a problem hiding this comment.
The reason will be displayed to describe this comment to others. Learn more.
-1
Fedora's crypto policy modifies the settings. You have to disable the crypto policy for your test session.
|
When you're done making the requested changes, leave the comment: And if you don't make the requested changes, you will be poked with soft cushions! |
|
can we change the environment variable as part of that test instead? |
|
Yes, that's my plan. I'm working on a PR right now. |
script = '''
import ssl
ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
print(ctx.minimum_version)
'''
proc = subprocess.run([sys.executable, '-c', script],
capture_output=True,
text=True,
check=True,
env={**os.environ, 'OPENSSL_CONF': '/non-existing-file'})
assert proc.stdout.strip() == 'TLSVersion.MINIMUM_SUPPORTED' |
|
11 lines of code just to test the default value of an OpenSSL constant, is it really worth it? Well, I rely on @tiran for ssl changes :-) |
If nobody comes with a better fix for this test on Fedora, I will merge this change at the end of the week. Note: Even if I merge my change, it i will be trivial to revert my change later for a better solution ;-) |
|
I abandon my PR in favor of PR #11510 which is a better fix. |
test_ssl.test_min_max_version() no longer tests the default
minimum_version: it depends on the OpenSSL configuration, it is not
always equal to TLSVersion.MINIMUM_SUPPORTED.
https://bugs.python.org/issue35045