◐ Shell
clean mode source ↗

[3.9] gh-94208: Add more TLS version/protocol checks for FreeBSD (GH-94347) by ambv · Pull Request #95312 · python/cpython

python

Expand Up @@ -4,7 +4,7 @@ import unittest import unittest.mock from test import support from test.support import socket_helper from test.support import socket_helper, warnings_helper import socket import select import time Expand Down Expand Up @@ -1129,8 +1129,12 @@ class ContextTests(unittest.TestCase):
def test_constructor(self): for protocol in PROTOCOLS: ssl.SSLContext(protocol) ctx = ssl.SSLContext() if has_tls_protocol(protocol): with warnings_helper.check_warnings(): ctx = ssl.SSLContext(protocol) self.assertEqual(ctx.protocol, protocol) with warnings_helper.check_warnings(): ctx = ssl.SSLContext() self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLS) self.assertRaises(ValueError, ssl.SSLContext, -1) self.assertRaises(ValueError, ssl.SSLContext, 42) Expand Down Expand Up @@ -1281,7 +1285,7 @@ def test_min_max_version(self): ctx.maximum_version = ssl.TLSVersion.MINIMUM_SUPPORTED self.assertIn( ctx.maximum_version, {ssl.TLSVersion.TLSv1, ssl.TLSVersion.SSLv3} {ssl.TLSVersion.TLSv1, ssl.TLSVersion.TLSv1_1, ssl.TLSVersion.SSLv3} )
ctx.minimum_version = ssl.TLSVersion.MAXIMUM_SUPPORTED Expand All @@ -1293,19 +1297,19 @@ def test_min_max_version(self): with self.assertRaises(ValueError): ctx.minimum_version = 42
ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_1)
self.assertIn( ctx.minimum_version, minimum_range ) self.assertEqual( ctx.maximum_version, ssl.TLSVersion.MAXIMUM_SUPPORTED ) with self.assertRaises(ValueError): ctx.minimum_version = ssl.TLSVersion.MINIMUM_SUPPORTED with self.assertRaises(ValueError): ctx.maximum_version = ssl.TLSVersion.TLSv1 if has_tls_protocol(ssl.PROTOCOL_TLSv1_1): ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_1)
self.assertIn( ctx.minimum_version, minimum_range ) self.assertEqual( ctx.maximum_version, ssl.TLSVersion.MAXIMUM_SUPPORTED ) with self.assertRaises(ValueError): ctx.minimum_version = ssl.TLSVersion.MINIMUM_SUPPORTED with self.assertRaises(ValueError): ctx.maximum_version = ssl.TLSVersion.TLSv1
@unittest.skipUnless(have_verify_flags(), "verify_flags need OpenSSL > 0.9.8") Expand Down Expand Up @@ -1692,10 +1696,12 @@ def test__create_stdlib_context(self): self.assertFalse(ctx.check_hostname) self._assert_context_options(ctx)
ctx = ssl._create_stdlib_context(ssl.PROTOCOL_TLSv1) self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLSv1) self.assertEqual(ctx.verify_mode, ssl.CERT_NONE) self._assert_context_options(ctx) if has_tls_protocol(ssl.PROTOCOL_TLSv1): with warnings_helper.check_warnings(): ctx = ssl._create_stdlib_context(ssl.PROTOCOL_TLSv1) self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLSv1) self.assertEqual(ctx.verify_mode, ssl.CERT_NONE) self._assert_context_options(ctx)
ctx = ssl._create_stdlib_context(ssl.PROTOCOL_TLSv1, cert_reqs=ssl.CERT_REQUIRED, Expand Down Expand Up @@ -3411,10 +3417,12 @@ def test_protocol_tlsv1_2(self): client_options=ssl.OP_NO_TLSv1_2)
try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLSv1_2, 'TLSv1.2') try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1, False) try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1_2, False) try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1_1, False) try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLSv1_2, False) if has_tls_protocol(ssl.PROTOCOL_TLSv1): try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1, False) try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1_2, False) if has_tls_protocol(ssl.PROTOCOL_TLSv1_1): try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1_1, False) try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLSv1_2, False)
def test_starttls(self): """Switching from clear text to encrypted and back again.""" Expand Down