No TLS 1.0 in tests, fixes FTBFS RHBZ#1615143
This commit is contained in:
parent
aa22128d5f
commit
f0e48c20b6
@ -0,0 +1,66 @@
|
||||
From 2716cd2fa55cc867656a3e797797f5a1386afd69 Mon Sep 17 00:00:00 2001
|
||||
From: Alex Gaynor <alex.gaynor@gmail.com>
|
||||
Date: Sun, 12 Aug 2018 15:48:24 -0400
|
||||
Subject: [PATCH] Fixed #4380 -- do not assume TLSv1 is available in OpenSSL
|
||||
(#4389)
|
||||
|
||||
* Fixed #4380 -- do not assume TLSv1 is available in OpenSSL
|
||||
|
||||
Hallelujah! It's starting to become the case that some OpenSSLs are disabling it.
|
||||
|
||||
* cover this file as well
|
||||
---
|
||||
tests/hazmat/backends/test_openssl.py | 2 +-
|
||||
tests/hazmat/bindings/test_openssl.py | 9 ++++++---
|
||||
2 files changed, 7 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
|
||||
index 31b34cd0..e77f5dc3 100644
|
||||
--- a/tests/hazmat/backends/test_openssl.py
|
||||
+++ b/tests/hazmat/backends/test_openssl.py
|
||||
@@ -115,7 +115,7 @@ class TestOpenSSL(object):
|
||||
assert len(errors) == 10
|
||||
|
||||
def test_ssl_ciphers_registered(self):
|
||||
- meth = backend._lib.TLSv1_method()
|
||||
+ meth = backend._lib.SSLv23_method()
|
||||
ctx = backend._lib.SSL_CTX_new(meth)
|
||||
assert ctx != backend._ffi.NULL
|
||||
backend._lib.SSL_CTX_free(ctx)
|
||||
diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py
|
||||
index 488f64e1..f317f07f 100644
|
||||
--- a/tests/hazmat/bindings/test_openssl.py
|
||||
+++ b/tests/hazmat/bindings/test_openssl.py
|
||||
@@ -37,7 +37,8 @@ class TestOpenSSL(object):
|
||||
# Test that we're properly handling 32-bit unsigned on all platforms.
|
||||
b = Binding()
|
||||
assert b.lib.SSL_OP_ALL > 0
|
||||
- ctx = b.lib.SSL_CTX_new(b.lib.TLSv1_method())
|
||||
+ ctx = b.lib.SSL_CTX_new(b.lib.SSLv23_method())
|
||||
+ assert ctx != b.ffi.NULL
|
||||
ctx = b.ffi.gc(ctx, b.lib.SSL_CTX_free)
|
||||
current_options = b.lib.SSL_CTX_get_options(ctx)
|
||||
resp = b.lib.SSL_CTX_set_options(ctx, b.lib.SSL_OP_ALL)
|
||||
@@ -49,7 +50,8 @@ class TestOpenSSL(object):
|
||||
# Test that we're properly handling 32-bit unsigned on all platforms.
|
||||
b = Binding()
|
||||
assert b.lib.SSL_OP_ALL > 0
|
||||
- ctx = b.lib.SSL_CTX_new(b.lib.TLSv1_method())
|
||||
+ ctx = b.lib.SSL_CTX_new(b.lib.SSLv23_method())
|
||||
+ assert ctx != b.ffi.NULL
|
||||
ctx = b.ffi.gc(ctx, b.lib.SSL_CTX_free)
|
||||
ssl = b.lib.SSL_new(ctx)
|
||||
ssl = b.ffi.gc(ssl, b.lib.SSL_free)
|
||||
@@ -63,7 +65,8 @@ class TestOpenSSL(object):
|
||||
# Test that we're properly handling 32-bit unsigned on all platforms.
|
||||
b = Binding()
|
||||
assert b.lib.SSL_OP_ALL > 0
|
||||
- ctx = b.lib.SSL_CTX_new(b.lib.TLSv1_method())
|
||||
+ ctx = b.lib.SSL_CTX_new(b.lib.SSLv23_method())
|
||||
+ assert ctx != b.ffi.NULL
|
||||
ctx = b.ffi.gc(ctx, b.lib.SSL_CTX_free)
|
||||
ssl = b.lib.SSL_new(ctx)
|
||||
ssl = b.ffi.gc(ssl, b.lib.SSL_free)
|
||||
--
|
||||
2.17.1
|
||||
|
@ -11,7 +11,7 @@
|
||||
|
||||
Name: python-%{srcname}
|
||||
Version: 2.3
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: PyCA's cryptography library
|
||||
|
||||
Group: Development/Libraries
|
||||
@ -19,6 +19,8 @@ License: ASL 2.0 or BSD
|
||||
URL: https://cryptography.io/en/latest/
|
||||
Source0: https://pypi.io/packages/source/c/%{srcname}/%{srcname}-%{version}.tar.gz
|
||||
|
||||
Patch0001: 0001-Fixed-4380-do-not-assume-TLSv1-is-available-in-OpenS.patch
|
||||
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: gcc
|
||||
|
||||
@ -161,6 +163,9 @@ popd
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Aug 13 2018 Christian Heimes <cheimes@redhat.com> - 2.3-2
|
||||
- Use TLSv1.2 in test as workaround for RHBZ#1615143
|
||||
|
||||
* Wed Jul 18 2018 Christian Heimes <cheimes@redhat.com> - 2.3-1
|
||||
- New upstream release 2.3
|
||||
- Fix AEAD tag truncation bug, RHBZ#1602752
|
||||
|
Loading…
Reference in New Issue
Block a user