No TLS 1.0 in tests, fixes FTBFS RHBZ#1615143

0001-Fixed-4380-do-not-assume-TLSv1-is-available-in-OpenS.patch

@@ -0,0 +1,66 @@
+From 2716cd2fa55cc867656a3e797797f5a1386afd69 Mon Sep 17 00:00:00 2001
+From: Alex Gaynor <alex.gaynor@gmail.com>
+Date: Sun, 12 Aug 2018 15:48:24 -0400
+Subject: [PATCH] Fixed #4380 -- do not assume TLSv1 is available in OpenSSL
+ (#4389)
+
+* Fixed #4380 -- do not assume TLSv1 is available in OpenSSL
+
+Hallelujah! It's starting to become the case that some OpenSSLs are disabling it.
+
+* cover this file as well
+---
+ tests/hazmat/backends/test_openssl.py | 2 +-
+ tests/hazmat/bindings/test_openssl.py | 9 ++++++---
+ 2 files changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/tests/hazmat/backends/test_openssl.py b/tests/hazmat/backends/test_openssl.py
+index 31b34cd0..e77f5dc3 100644
+--- a/tests/hazmat/backends/test_openssl.py
++++ b/tests/hazmat/backends/test_openssl.py
+@@ -115,7 +115,7 @@ class TestOpenSSL(object):
+         assert len(errors) == 10
+ 
+     def test_ssl_ciphers_registered(self):
+-        meth = backend._lib.TLSv1_method()
++        meth = backend._lib.SSLv23_method()
+         ctx = backend._lib.SSL_CTX_new(meth)
+         assert ctx != backend._ffi.NULL
+         backend._lib.SSL_CTX_free(ctx)
+diff --git a/tests/hazmat/bindings/test_openssl.py b/tests/hazmat/bindings/test_openssl.py
+index 488f64e1..f317f07f 100644
+--- a/tests/hazmat/bindings/test_openssl.py
++++ b/tests/hazmat/bindings/test_openssl.py
+@@ -37,7 +37,8 @@ class TestOpenSSL(object):
+         # Test that we're properly handling 32-bit unsigned on all platforms.
+         b = Binding()
+         assert b.lib.SSL_OP_ALL > 0
+-        ctx = b.lib.SSL_CTX_new(b.lib.TLSv1_method())
++        ctx = b.lib.SSL_CTX_new(b.lib.SSLv23_method())
++        assert ctx != b.ffi.NULL
+         ctx = b.ffi.gc(ctx, b.lib.SSL_CTX_free)
+         current_options = b.lib.SSL_CTX_get_options(ctx)
+         resp = b.lib.SSL_CTX_set_options(ctx, b.lib.SSL_OP_ALL)
+@@ -49,7 +50,8 @@ class TestOpenSSL(object):
+         # Test that we're properly handling 32-bit unsigned on all platforms.
+         b = Binding()
+         assert b.lib.SSL_OP_ALL > 0
+-        ctx = b.lib.SSL_CTX_new(b.lib.TLSv1_method())
++        ctx = b.lib.SSL_CTX_new(b.lib.SSLv23_method())
++        assert ctx != b.ffi.NULL
+         ctx = b.ffi.gc(ctx, b.lib.SSL_CTX_free)
+         ssl = b.lib.SSL_new(ctx)
+         ssl = b.ffi.gc(ssl, b.lib.SSL_free)
+@@ -63,7 +65,8 @@ class TestOpenSSL(object):
+         # Test that we're properly handling 32-bit unsigned on all platforms.
+         b = Binding()
+         assert b.lib.SSL_OP_ALL > 0
+-        ctx = b.lib.SSL_CTX_new(b.lib.TLSv1_method())
++        ctx = b.lib.SSL_CTX_new(b.lib.SSLv23_method())
++        assert ctx != b.ffi.NULL
+         ctx = b.ffi.gc(ctx, b.lib.SSL_CTX_free)
+         ssl = b.lib.SSL_new(ctx)
+         ssl = b.ffi.gc(ssl, b.lib.SSL_free)
+-- 
+2.17.1
+

python-cryptography.spec

@@ -11,7 +11,7 @@
 
 Name:           python-%{srcname}
 Version:        2.3
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        PyCA's cryptography library
 
 Group:          Development/Libraries
@@ -19,6 +19,8 @@ License:        ASL 2.0 or BSD
 URL:            https://cryptography.io/en/latest/
 Source0:        https://pypi.io/packages/source/c/%{srcname}/%{srcname}-%{version}.tar.gz
 
+Patch0001:      0001-Fixed-4380-do-not-assume-TLSv1-is-available-in-OpenS.patch
+
 BuildRequires:  openssl-devel
 BuildRequires:  gcc
 
@@ -161,6 +163,9 @@ popd
 
 
 %changelog
+* Mon Aug 13 2018 Christian Heimes <cheimes@redhat.com> - 2.3-2
+- Use TLSv1.2 in test as workaround for RHBZ#1615143
+
 * Wed Jul 18 2018 Christian Heimes <cheimes@redhat.com> - 2.3-1
 - New upstream release 2.3
 - Fix AEAD tag truncation bug, RHBZ#1602752