[3.6] bpo-41183: Skip ssl tests for disabled versions (GH-16427) by hroncok · Pull Request #21882 · python/cpython
| return False | ||
|
|
||
| if isinstance(version, str): | ||
| version = ssl.TLSVersion.__members__[version] |
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So this entire thing does not exist on 3.6 yet.
| version = ssl.TLSVersion.__members__[version] | ||
|
|
||
| # check compile time flags like ssl.HAS_TLSv1_2 | ||
| if not getattr(ssl, f'HAS_{version.name}'): |
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Neither does this.
| ctx = ssl.SSLContext() | ||
| if ( | ||
| hasattr(ctx, 'minimum_version') and | ||
| ctx.minimum_version != ssl.TLSVersion.MINIMUM_SUPPORTED and |
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yet the most importantly, and that I believe is what is problematic on newer systems is that this (and MAXIMUM_SUPPORTED) is also not here yet.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change requires #5259 to be backported. However even if we backport that, it relies on some features from #5128 . So in general I don't think it's possible to pull this off with this approach. And it's easy to figure out the baked/compiled in versions of supported protocols in openssl but no easy way, without those features, to determine the runtime config.