Skip to content

Commit 6ca7183

Browse files
miss-islingtontiran
miss-islington
and
tiran
authored
bpo-35045: Accept TLSv1 default in min max test (GH-11510)
Make ssl tests less strict and also accept TLSv1 as system default. The changes unbreaks test_min_max_version on Fedora 29. Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit 34de2d3) Co-authored-by: Christian Heimes <christian@python.org>
1 parent c2647f2 commit 6ca7183

File tree

2 files changed

+7
-2
lines changed

2 files changed

+7
-2
lines changed

Lib/test/test_ssl.py

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1108,8 +1108,11 @@ def test_hostname_checks_common_name(self):
11081108
"required OpenSSL 1.1.0g")
11091109
def test_min_max_version(self):
11101110
ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
1111-
self.assertEqual(
1112-
ctx.minimum_version, ssl.TLSVersion.MINIMUM_SUPPORTED
1111+
# OpenSSL default is MINIMUM_SUPPORTED, however some vendors like
1112+
# Fedora override the setting to TLS 1.0.
1113+
self.assertIn(
1114+
ctx.minimum_version,
1115+
{ssl.TLSVersion.MINIMUM_SUPPORTED, ssl.TLSVersion.TLSv1}
11131116
)
11141117
self.assertEqual(
11151118
ctx.maximum_version, ssl.TLSVersion.MAXIMUM_SUPPORTED

Misc/NEWS.d/next/Tests/2019-01-10-18-35-42.bpo-35045.qdd6d9.rst

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
Make ssl tests less strict and also accept TLSv1 as system default. The
2+
changes unbreaks test_min_max_version on Fedora 29.

0 commit comments

Comments
 (0)