Skip to content

[2.7] bpo-35925: Skip SSL tests that fail due to weak external certs or old TLS (GH-13124) #13253

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 13, 2019
Merged

[2.7] bpo-35925: Skip SSL tests that fail due to weak external certs or old TLS (GH-13124) #13253

merged 1 commit into from
May 13, 2019

Conversation

gpshead
Copy link
Member

@gpshead gpshead commented May 11, 2019
edited by bedevere-bot
Loading

Modern Linux distros such as Debian Buster have default OpenSSL system
configurations that reject connections to servers with weak certificates
and the use of TLS versions less than TLSv1.2 by default. This causes our
test suite run with external networking resources enabled to skip these tests
when they encounter such a failure or configuration.

(cherry picked from commit 2cc0223)

Changes to test_ssl.py required as 2.7 has legacy protocol tests.

The test_httplib.py change is omitted from this backport as
self-signed.pythontest.net's certificate was updated and the
test_nntplib.py change is not applicable on 2.7.

Authored-by: Gregory P. Smith [email protected]

https://bugs.python.org/issue35925

@gpshead
[2.7] bpo-35925: Skip SSL tests that fail due to weak external certs …
dba6346 
…or old TLS (pythonGH-13124)

Modern Linux distros such as Debian Buster have default OpenSSL system
configurations that reject connections to servers with weak certificates
by default. This causes our test suite run with external networking
resources enabled to skip these tests when they encounter such a
failure.

Fixing the network servers is a separate issue.
(cherry picked from commit 2cc0223)

Changes to test_ssl.py required as 2.7 has legacy protocol tests.

The test_httplib.py change is omitted from this backport as
self-signed.pythontest.net's certificate was updated and the
test_nntplib.py change is not applicable on 2.7.

Authored-by: Gregory P. Smith [email protected]
@bedevere-bot bedevere-bot mentioned this pull request May 11, 2019
Merged
@gpshead gpshead self-assigned this May 11, 2019
@gpshead gpshead requested a review from tiran May 11, 2019 20:45
@gpshead gpshead removed the sprint label May 11, 2019
@gpshead
Copy link
Member Author

gpshead commented May 11, 2019

This one is derived from the 3.6 change in #13252 as it and 2.7 are both old enough to have some test_ssl things to update.

@gpshead gpshead merged commit 7346a16 into python:2.7 May 13, 2019
@gpshead gpshead deleted the backport-2cc0223-2.7 branch May 13, 2019 20:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tiran tiran Awaiting requested review from tiran

Assignees

@gpshead gpshead

Labels
tests Tests in the Lib/test dir
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gpshead @the-knights-who-say-ni @bedevere-bot