diff options
| author | Christian Heimes <christian@python.org> | 2018-02-27 07:55:39 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-02-27 07:55:39 (GMT) |
| commit | 05d9fe32a1245b9a798e49e0c1eb91f110935b69 (patch) | |
| tree | 91689b53a92b61a2a2d7441a5d51c118cf140538 /Lib/test/test_ftplib.py | |
| parent | 2fa6b9eae07e2385e2acbf2e40093a21fb3a10c4 (diff) | |
| download | cpython-05d9fe32a1245b9a798e49e0c1eb91f110935b69.zip cpython-05d9fe32a1245b9a798e49e0c1eb91f110935b69.tar.gz cpython-05d9fe32a1245b9a798e49e0c1eb91f110935b69.tar.bz2 | |
bpo-32947: OpenSSL 1.1.1-pre1 / TLS 1.3 fixes (#5663)
* bpo-32947: OpenSSL 1.1.1-pre1 / TLS 1.3 fixes
Misc fixes and workarounds for compatibility with OpenSSL 1.1.1-pre1 and
TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
default. Some test cases only apply to TLS 1.2. Other tests currently
fail because the threaded or async test servers stop after failure.
I'm going to address these issues when OpenSSL 1.1.1 reaches beta.
OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
1.3. The feature is enabled by default for maximum compatibility with
broken middle boxes. Users should be able to disable the hack and CPython's test suite needs
it to verify default options.
Signed-off-by: Christian Heimes <christian@python.org>
Diffstat (limited to 'Lib/test/test_ftplib.py')
| -rw-r--r-- | Lib/test/test_ftplib.py | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/Lib/test/test_ftplib.py b/Lib/test/test_ftplib.py index 32aab04..1a8e2f9 100644 --- a/Lib/test/test_ftplib.py +++ b/Lib/test/test_ftplib.py @@ -312,6 +312,8 @@ if ssl is not None: def secure_connection(self): context = ssl.SSLContext() + # TODO: fix TLSv1.3 support + context.options |= ssl.OP_NO_TLSv1_3 context.load_cert_chain(CERTFILE) socket = context.wrap_socket(self.socket, suppress_ragged_eofs=False, @@ -908,6 +910,8 @@ class TestTLS_FTPClass(TestCase): def test_context(self): self.client.quit() ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) + # TODO: fix TLSv1.3 support + ctx.options |= ssl.OP_NO_TLSv1_3 ctx.check_hostname = False ctx.verify_mode = ssl.CERT_NONE self.assertRaises(ValueError, ftplib.FTP_TLS, keyfile=CERTFILE, @@ -940,6 +944,8 @@ class TestTLS_FTPClass(TestCase): def test_check_hostname(self): self.client.quit() ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) + # TODO: fix TLSv1.3 support + ctx.options |= ssl.OP_NO_TLSv1_3 self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED) self.assertEqual(ctx.check_hostname, True) ctx.load_verify_locations(CAFILE) |