diff options
| author | Will Childs-Klein <willck93@gmail.com> | 2024-03-21 19:16:36 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-03-21 19:16:36 (GMT) |
| commit | c85d84166a84a5cb2d724012726bad34229ad24e (patch) | |
| tree | f12b215b319d1088b45794a58ad809bc111d7fe7 /Lib/test/test_asyncio/test_events.py | |
| parent | 1f72fb5447ef3f8892b4a7a6213522579c618e8e (diff) | |
| download | cpython-c85d84166a84a5cb2d724012726bad34229ad24e.zip cpython-c85d84166a84a5cb2d724012726bad34229ad24e.tar.gz cpython-c85d84166a84a5cb2d724012726bad34229ad24e.tar.bz2 | |
gh-116333: Relax error string text expectations in SSL-related tests (GH-116334)
* Relax error string text expectations in SSL-related tests
As suggested [here][1], this change relaxes the OpenSSL error string
text expectations in a number of tests. This was specifically done in
support of more easily building CPython [AWS-LC][2], but because AWS-LC
is a fork of [BoringSSL][3], it should increase compatibility with that
library as well.
In addition to the error string relaxations, we also add some guards
around the `tls-unique` channel binding being used with TLSv1.3, as that
feature (described in [RFC 6929][4]) is [not defined][5] for TLSv1.3.
[1]: https://discuss.python.org/t/support-building-ssl-and-hashlib-modules-against-aws-lc/44505/4
[2]: https://github.com/aws/aws-lc
[3]: https://github.com/google/boringssl
[4]: https://datatracker.ietf.org/doc/html/rfc5929#section-3
[5]: https://datatracker.ietf.org/doc/html/rfc8446#appendix-C.5
Diffstat (limited to 'Lib/test/test_asyncio/test_events.py')
| -rw-r--r-- | Lib/test/test_asyncio/test_events.py | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/Lib/test/test_asyncio/test_events.py b/Lib/test/test_asyncio/test_events.py index 5b9c871..ae0bff0 100644 --- a/Lib/test/test_asyncio/test_events.py +++ b/Lib/test/test_asyncio/test_events.py @@ -1125,12 +1125,16 @@ class EventLoopTestsMixin: # incorrect server_hostname f_c = self.loop.create_connection(MyProto, host, port, ssl=sslcontext_client) + + # Allow for flexible libssl error messages. + regex = re.compile(r"""( + IP address mismatch, certificate is not valid for '127.0.0.1' # OpenSSL + | + CERTIFICATE_VERIFY_FAILED # AWS-LC + )""", re.X) with mock.patch.object(self.loop, 'call_exception_handler'): with test_utils.disable_logger(): - with self.assertRaisesRegex( - ssl.CertificateError, - "IP address mismatch, certificate is not valid for " - "'127.0.0.1'"): + with self.assertRaisesRegex(ssl.CertificateError, regex): self.loop.run_until_complete(f_c) # close connection |