Blame SOURCES/wget-1.19.5-Don-t-limit-the-test-suite-HTTPS-server-to-TLSv1.patch

aa6d84
From 8990d706da3e32b12debd9b8dea7b42134631770 Mon Sep 17 00:00:00 2001
aa6d84
From: Tomas Hozza <thozza@redhat.com>
aa6d84
Date: Fri, 10 Aug 2018 14:32:13 +0200
aa6d84
Subject: [PATCH] Don't limit the test suite HTTPS server to TLSv1
aa6d84
aa6d84
In Fedora, we are implementing crypto policies, in order to enhance the
aa6d84
security of user systems. This is done on the system level by global
aa6d84
configuration. It may happen that due to the active policy, only
aa6d84
TLSv1.2 or higher will be available in crypto libraries. While wget as
aa6d84
a client will by default determine the minimal TLS version supported by
aa6d84
both client and server, the HTTPS server implementation in testenv/
aa6d84
hardcodes use of TLSv1. As a result all HTTPS related tests fail in
aa6d84
case a more hardened crypto policy is set on the Fedora system.
aa6d84
aa6d84
This change removes the explicit TLS version setting and leaves the
aa6d84
determination of the minimal supported TLS version on the server and
aa6d84
client.
aa6d84
aa6d84
More information about Fedora change can be found here:
aa6d84
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings
aa6d84
aa6d84
Signed-off-by: Tomas Hozza <thozza@redhat.com>
aa6d84
---
aa6d84
 testenv/server/http/http_server.py | 1 -
aa6d84
 1 file changed, 1 deletion(-)
aa6d84
aa6d84
diff --git a/testenv/server/http/http_server.py b/testenv/server/http/http_server.py
aa6d84
index 434666dd..6d8fc9e8 100644
aa6d84
--- a/testenv/server/http/http_server.py
aa6d84
+++ b/testenv/server/http/http_server.py
aa6d84
@@ -49,7 +49,6 @@ class HTTPSServer(StoppableHTTPServer):
aa6d84
                                                'server-key.pem'))
aa6d84
         self.socket = ssl.wrap_socket(
aa6d84
             sock=socket.socket(self.address_family, self.socket_type),
aa6d84
-            ssl_version=ssl.PROTOCOL_TLSv1,
aa6d84
             certfile=CERTFILE,
aa6d84
             keyfile=KEYFILE,
aa6d84
             server_side=True
aa6d84
-- 
aa6d84
2.17.1
aa6d84