Blame SOURCES/wget-1.19.5-Don-t-limit-the-test-suite-HTTPS-server-to-TLSv1.patch

11f80c
From 8990d706da3e32b12debd9b8dea7b42134631770 Mon Sep 17 00:00:00 2001
11f80c
From: Tomas Hozza <thozza@redhat.com>
11f80c
Date: Fri, 10 Aug 2018 14:32:13 +0200
11f80c
Subject: [PATCH] Don't limit the test suite HTTPS server to TLSv1
11f80c
11f80c
In Fedora, we are implementing crypto policies, in order to enhance the
11f80c
security of user systems. This is done on the system level by global
11f80c
configuration. It may happen that due to the active policy, only
11f80c
TLSv1.2 or higher will be available in crypto libraries. While wget as
11f80c
a client will by default determine the minimal TLS version supported by
11f80c
both client and server, the HTTPS server implementation in testenv/
11f80c
hardcodes use of TLSv1. As a result all HTTPS related tests fail in
11f80c
case a more hardened crypto policy is set on the Fedora system.
11f80c
11f80c
This change removes the explicit TLS version setting and leaves the
11f80c
determination of the minimal supported TLS version on the server and
11f80c
client.
11f80c
11f80c
More information about Fedora change can be found here:
11f80c
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings
11f80c
11f80c
Signed-off-by: Tomas Hozza <thozza@redhat.com>
11f80c
---
11f80c
 testenv/server/http/http_server.py | 1 -
11f80c
 1 file changed, 1 deletion(-)
11f80c
11f80c
diff --git a/testenv/server/http/http_server.py b/testenv/server/http/http_server.py
11f80c
index 434666dd..6d8fc9e8 100644
11f80c
--- a/testenv/server/http/http_server.py
11f80c
+++ b/testenv/server/http/http_server.py
11f80c
@@ -49,7 +49,6 @@ class HTTPSServer(StoppableHTTPServer):
11f80c
                                                'server-key.pem'))
11f80c
         self.socket = ssl.wrap_socket(
11f80c
             sock=socket.socket(self.address_family, self.socket_type),
11f80c
-            ssl_version=ssl.PROTOCOL_TLSv1,
11f80c
             certfile=CERTFILE,
11f80c
             keyfile=KEYFILE,
11f80c
             server_side=True
11f80c
-- 
11f80c
2.17.1
11f80c