Blame SOURCES/0001-Fixed-4380-do-not-assume-TLSv1-is-available-in-OpenS.patch

c69fad
From 2716cd2fa55cc867656a3e797797f5a1386afd69 Mon Sep 17 00:00:00 2001
c69fad
From: Alex Gaynor <alex.gaynor@gmail.com>
c69fad
Date: Sun, 12 Aug 2018 15:48:24 -0400
c69fad
Subject: [PATCH] Fixed #4380 -- do not assume TLSv1 is available in OpenSSL
c69fad
 (#4389)
c69fad
c69fad
* Fixed #4380 -- do not assume TLSv1 is available in OpenSSL
c69fad
c69fad
Hallelujah! It's starting to become the case that some OpenSSLs are disabling it.
c69fad
c69fad
* cover this file as well
c69fad
---
c69fad
 tests/hazmat/backends/test_openssl.py | 2 +-
c69fad
 tests/hazmat/bindings/test_openssl.py | 9 ++++++---
c69fad
 2 files changed, 7 insertions(+), 4 deletions(-)
c69fad
c69fad
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
c69fad
index 31b34cd0..e77f5dc3 100644
c69fad
--- a/tests/hazmat/backends/test_openssl.py
c69fad
+++ b/tests/hazmat/backends/test_openssl.py
c69fad
@@ -115,7 +115,7 @@ class TestOpenSSL(object):
c69fad
         assert len(errors) == 10
c69fad
 
c69fad
     def test_ssl_ciphers_registered(self):
c69fad
-        meth = backend._lib.TLSv1_method()
c69fad
+        meth = backend._lib.SSLv23_method()
c69fad
         ctx = backend._lib.SSL_CTX_new(meth)
c69fad
         assert ctx != backend._ffi.NULL
c69fad
         backend._lib.SSL_CTX_free(ctx)
c69fad
diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py
c69fad
index 488f64e1..f317f07f 100644
c69fad
--- a/tests/hazmat/bindings/test_openssl.py
c69fad
+++ b/tests/hazmat/bindings/test_openssl.py
c69fad
@@ -37,7 +37,8 @@ class TestOpenSSL(object):
c69fad
         # Test that we're properly handling 32-bit unsigned on all platforms.
c69fad
         b = Binding()
c69fad
         assert b.lib.SSL_OP_ALL > 0
c69fad
-        ctx = b.lib.SSL_CTX_new(b.lib.TLSv1_method())
c69fad
+        ctx = b.lib.SSL_CTX_new(b.lib.SSLv23_method())
c69fad
+        assert ctx != b.ffi.NULL
c69fad
         ctx = b.ffi.gc(ctx, b.lib.SSL_CTX_free)
c69fad
         current_options = b.lib.SSL_CTX_get_options(ctx)
c69fad
         resp = b.lib.SSL_CTX_set_options(ctx, b.lib.SSL_OP_ALL)
c69fad
@@ -49,7 +50,8 @@ class TestOpenSSL(object):
c69fad
         # Test that we're properly handling 32-bit unsigned on all platforms.
c69fad
         b = Binding()
c69fad
         assert b.lib.SSL_OP_ALL > 0
c69fad
-        ctx = b.lib.SSL_CTX_new(b.lib.TLSv1_method())
c69fad
+        ctx = b.lib.SSL_CTX_new(b.lib.SSLv23_method())
c69fad
+        assert ctx != b.ffi.NULL
c69fad
         ctx = b.ffi.gc(ctx, b.lib.SSL_CTX_free)
c69fad
         ssl = b.lib.SSL_new(ctx)
c69fad
         ssl = b.ffi.gc(ssl, b.lib.SSL_free)
c69fad
@@ -63,7 +65,8 @@ class TestOpenSSL(object):
c69fad
         # Test that we're properly handling 32-bit unsigned on all platforms.
c69fad
         b = Binding()
c69fad
         assert b.lib.SSL_OP_ALL > 0
c69fad
-        ctx = b.lib.SSL_CTX_new(b.lib.TLSv1_method())
c69fad
+        ctx = b.lib.SSL_CTX_new(b.lib.SSLv23_method())
c69fad
+        assert ctx != b.ffi.NULL
c69fad
         ctx = b.ffi.gc(ctx, b.lib.SSL_CTX_free)
c69fad
         ssl = b.lib.SSL_new(ctx)
c69fad
         ssl = b.ffi.gc(ssl, b.lib.SSL_free)
c69fad
-- 
c69fad
2.17.1
c69fad