|
|
ae2451 |
From a1d7acf899fccd0eda10e011e2d11d1d81c2d9e6 Mon Sep 17 00:00:00 2001
|
|
|
ae2451 |
From: Robert Kuska <rkuska@redhat.com>
|
|
|
ae2451 |
Date: Wed, 9 Mar 2016 20:16:17 +0100
|
|
|
ae2451 |
Subject: [PATCH] Expect a failure when trying to connect with SSLv2 client to
|
|
|
ae2451 |
SSLv23 server. Default value of options in tests enchanced to reflect SSLv2
|
|
|
ae2451 |
being disabled
|
|
|
ae2451 |
|
|
|
ae2451 |
---
|
|
|
ae2451 |
Lib/test/test_ssl.py | 4 ++--
|
|
|
ae2451 |
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
ae2451 |
|
|
|
ae2451 |
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
|
|
|
ae2451 |
index 11122db..b2ba186 100644
|
|
|
ae2451 |
--- a/Lib/test/test_ssl.py
|
|
|
ae2451 |
+++ b/Lib/test/test_ssl.py
|
|
|
ae2451 |
@@ -691,7 +691,7 @@ class ContextTests(unittest.TestCase):
|
|
|
ae2451 |
@skip_if_broken_ubuntu_ssl
|
|
|
ae2451 |
def test_options(self):
|
|
|
ae2451 |
ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
|
|
|
ae2451 |
- self.assertEqual(ssl.OP_ALL, ctx.options)
|
|
|
ae2451 |
+ self.assertEqual(ssl.OP_ALL | ssl.OP_NO_SSLv2, ctx.options)
|
|
|
ae2451 |
ctx.options |= ssl.OP_NO_SSLv2
|
|
|
ae2451 |
self.assertEqual(ssl.OP_ALL | ssl.OP_NO_SSLv2,
|
|
|
ae2451 |
ctx.options)
|
|
|
ae2451 |
@@ -2152,17 +2152,17 @@ else:
|
|
|
ae2451 |
try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True)
|
|
|
ae2451 |
try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_OPTIONAL)
|
|
|
ae2451 |
try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_REQUIRED)
|
|
|
ae2451 |
- try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv23, True)
|
|
|
ae2451 |
+ try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv23, False)
|
|
|
ae2451 |
try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv3, False)
|
|
|
ae2451 |
try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLSv1, False)
|
|
|
ae2451 |
# SSLv23 client with specific SSL options
|
|
|
ae2451 |
if no_sslv2_implies_sslv3_hello():
|
|
|
ae2451 |
# No SSLv2 => client will use an SSLv3 hello on recent OpenSSLs
|
|
|
ae2451 |
try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv23, False,
|
|
|
ae2451 |
client_options=ssl.OP_NO_SSLv2)
|
|
|
ae2451 |
- try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv23, True,
|
|
|
ae2451 |
+ try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv23, False,
|
|
|
ae2451 |
client_options=ssl.OP_NO_SSLv3)
|
|
|
ae2451 |
- try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv23, True,
|
|
|
ae2451 |
+ try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv23, False,
|
|
|
ae2451 |
client_options=ssl.OP_NO_TLSv1)
|
|
|
ae2451 |
|
|
|
ae2451 |
@skip_if_broken_ubuntu_ssl
|
|
|
ae2451 |
--
|
|
|
ae2451 |
2.5.0
|
|
|
ae2451 |
|