bpo-34001: Change handling of SSL protocol bounds with LibreSSL#8055
bpo-34001: Change handling of SSL protocol bounds with LibreSSL#8055alanhuang122 wants to merge 5 commits into
Conversation
c3547a9 to
21cd2f3
Compare
Under LibreSSL, bounds cannot be set such that minimum_version > maximum_version. This commit codifies that behavior, and introduces a new error message to indicate the issue.
LibreSSL behaves differently than OpenSSL when setting protocol bounds. This commit fixes some failing tests and adds checks and more detailed error messages.
6f890dc to
2df8050
Compare
This commit fixes tests by removing invalid range settings.
This commit adds tests for the new {min,max}imum_version restrictions.
Attempting to set an invalid range should ValueError, and the value
should not be changed after the attempt.
|
Hi, thanks for your patch. OpenSSL may validate min and max protocol version soon, too. There is currently a patch under development. I'd prefer to wait how the OpenSSL patch plays out. |
|
Hi. First, thank you for all the work done to get LibreSSL compatibility. Python-3.7.1 with LibreSSL-2.8.2 and patches from #8055 and #8050 A detailed list of all the patches that I use for my python-3.7.1 compilation with LibreSSL-2.8.2: FAIL: test_min_max_version (test.test_ssl.ContextTests)Traceback (most recent call last): The complete compilation log: |
|
@tiran, any updates after your last comment from July 2018? Thanks! |
|
https://bugs.python.org/issue34001 is closed. What is the status of this PR? |
|
The issue was closed with a different PR. |
There are two substantial changes made in this pull request:
set_min_max_proto_versionon all builds to reflect that behavior, and introduces a new error message to indicate the issue.https://bugs.python.org/issue34001