diff options
| author | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2023-07-17 16:32:17 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-07-17 16:32:17 (GMT) |
| commit | 497bfd5047d2088718d0b2d8f14fc8022abec502 (patch) | |
| tree | a5fd879b35729c66fc2de4141e9e58fe30044c34 /Lib | |
| parent | 11b3d38310e98d1fc079938c0ec1b3992a0c7c03 (diff) | |
| download | cpython-497bfd5047d2088718d0b2d8f14fc8022abec502.zip cpython-497bfd5047d2088718d0b2d8f14fc8022abec502.tar.gz cpython-497bfd5047d2088718d0b2d8f14fc8022abec502.tar.bz2 | |
[3.12] gh-106687: _ssl: use uint64_t for SSL options (GH-106700) (#106827)
gh-106687: _ssl: use uint64_t for SSL options (GH-106700)
SSL_CTX_get_options() uses uint64_t for options:
https://www.openssl.org/docs/man3.1/man3/SSL_CTX_get_options.html
Fix this compiler warning on Windows with MSC:
conversion from 'uint64_t' to 'long', possible loss of data
(cherry picked from commit ad95c7253a70e559e7d3f25d53f4772f28bb8b44)
Co-authored-by: Victor Stinner <vstinner@python.org>
Diffstat (limited to 'Lib')
| -rw-r--r-- | Lib/test/test_ssl.py | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index d46ce5e..6117ca3 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -339,6 +339,15 @@ class BasicSocketTests(unittest.TestCase): ssl.OP_NO_TLSv1_2 self.assertEqual(ssl.PROTOCOL_TLS, ssl.PROTOCOL_SSLv23) + def test_options(self): + # gh-106687: SSL options values are unsigned integer (uint64_t) + for name in dir(ssl): + if not name.startswith('OP_'): + continue + with self.subTest(option=name): + value = getattr(ssl, name) + self.assertGreaterEqual(value, 0, f"ssl.{name}") + def test_ssl_types(self): ssl_types = [ _ssl._SSLContext, @@ -951,6 +960,7 @@ class ContextTests(unittest.TestCase): ) def test_options(self): + # Test default SSLContext options ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) # OP_ALL | OP_NO_SSLv2 | OP_NO_SSLv3 is the default value default = (ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3) @@ -959,16 +969,30 @@ class ContextTests(unittest.TestCase): OP_SINGLE_DH_USE | OP_SINGLE_ECDH_USE | OP_ENABLE_MIDDLEBOX_COMPAT) self.assertEqual(default, ctx.options) + + # disallow TLSv1 with warnings_helper.check_warnings(): ctx.options |= ssl.OP_NO_TLSv1 self.assertEqual(default | ssl.OP_NO_TLSv1, ctx.options) + + # allow TLSv1 with warnings_helper.check_warnings(): ctx.options = (ctx.options & ~ssl.OP_NO_TLSv1) self.assertEqual(default, ctx.options) + + # clear all options ctx.options = 0 # Ubuntu has OP_NO_SSLv3 forced on by default self.assertEqual(0, ctx.options & ~ssl.OP_NO_SSLv3) + # invalid options + with self.assertRaises(OverflowError): + ctx.options = -1 + with self.assertRaises(OverflowError): + ctx.options = 2 ** 100 + with self.assertRaises(TypeError): + ctx.options = "abc" + def test_verify_mode_protocol(self): with warnings_helper.check_warnings(): ctx = ssl.SSLContext(ssl.PROTOCOL_TLS) |