bpo-35045: Fix test_ssl.test_min_max_version()#11508
Conversation
|
cc @stratakis |
test_ssl.test_min_max_version() no longer tests the default minimum_version: it depends on the OpenSSL configuration, it is not always equal to TLSVersion.MINIMUM_SUPPORTED.
tiran
left a comment
There was a problem hiding this comment.
-1
Fedora's crypto policy modifies the settings. You have to disable the crypto policy for your test session.
|
When you're done making the requested changes, leave the comment: And if you don't make the requested changes, you will be poked with soft cushions! |
|
can we change the environment variable as part of that test instead? |
|
Yes, that's my plan. I'm working on a PR right now. |
script = '''
import ssl
ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
print(ctx.minimum_version)
'''
proc = subprocess.run([sys.executable, '-c', script],
capture_output=True,
text=True,
check=True,
env={**os.environ, 'OPENSSL_CONF': '/non-existing-file'})
assert proc.stdout.strip() == 'TLSVersion.MINIMUM_SUPPORTED' |
|
11 lines of code just to test the default value of an OpenSSL constant, is it really worth it? Well, I rely on @tiran for ssl changes :-) |
If nobody comes with a better fix for this test on Fedora, I will merge this change at the end of the week. Note: Even if I merge my change, it i will be trivial to revert my change later for a better solution ;-) |
|
I abandon my PR in favor of PR #11510 which is a better fix. |
test_ssl.test_min_max_version() no longer tests the default
minimum_version: it depends on the OpenSSL configuration, it is not
always equal to TLSVersion.MINIMUM_SUPPORTED.
https://bugs.python.org/issue35045