diff options
| author | David Benjamin <davidben@google.com> | 2022-07-22 00:38:15 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-07-22 00:38:15 (GMT) |
| commit | 934b25dcc492dcbca4da9d63d0d71dc940fc0375 (patch) | |
| tree | 3b701ad77c7c4ae53dcb9223672855a84aaa69d8 | |
| parent | d06c552e35fa80f71d927daa4c8465ee13f37cfc (diff) | |
| download | cpython-934b25dcc492dcbca4da9d63d0d71dc940fc0375.zip cpython-934b25dcc492dcbca4da9d63d0d71dc940fc0375.tar.gz cpython-934b25dcc492dcbca4da9d63d0d71dc940fc0375.tar.bz2 | |
Fix typo in PROTOCOL_TO_TLS_VERSION in test_ssl (GH-95119)
This appears to be a typo. It causes try_protocol_combo to try to turn
on SSL 3.0 when testing PROTOCOL_SSLv23 (aka PROTOCOL_TLS), which
doesn't make any sense. Fix it to be PROTOCOL_SSLv3.
Without this, try_protocol_combo is actually setting
context.minimum_version to SSLv3 when called as
try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLS, True)
One would think this causes a no-ssl3 OpenSSL build to fail, but OpenSSL
forgot to make SSL_CTX_set_min_proto_version(SSL3_VERSION) does not
notice no-ssl3, so this typo has gone undetected. But we should still
fix the typo because, presumably, a future version of OpenSSL will
remove SSL 3.0 and do so more thoroughly, at which point this will
break.
| -rw-r--r-- | Lib/test/test_ssl.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 65f5d4a..0d0d14a 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -47,7 +47,7 @@ PY_SSL_DEFAULT_CIPHERS = sysconfig.get_config_var('PY_SSL_DEFAULT_CIPHERS') PROTOCOL_TO_TLS_VERSION = {} for proto, ver in ( - ("PROTOCOL_SSLv23", "SSLv3"), + ("PROTOCOL_SSLv3", "SSLv3"), ("PROTOCOL_TLSv1", "TLSv1"), ("PROTOCOL_TLSv1_1", "TLSv1_1"), ): |