bpo-35925: Skip SSL tests that fail due to weak external certs. #13124
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Modern Linux distros such as Debian Buster have default OpenSSL system configurations that reject connections to servers with weak certificates by default. This causes our test suite run with external networking resources enabled to skip these tests when they encounter such a failure. Fixing the network servers being used is a separate issue.
|
Thanks @gpshead for the PR 🌮🎉.. I'm working now to backport this PR to: 2.7, 3.6, 3.7. |
|
GH-13139 is a backport of this pull request to the 3.7 branch. |
|
Sorry, @gpshead, I could not cleanly backport this to |
|
Sorry, @gpshead, I could not cleanly backport this to |
miss-islington
pushed a commit
to miss-islington/cpython
that referenced
this pull request
May 6, 2019
…onGH-13124) Modern Linux distros such as Debian Buster have default OpenSSL system configurations that reject connections to servers with weak certificates by default. This causes our test suite run with external networking resources enabled to skip these tests when they encounter such a failure. Fixing the network servers is a separate issue. (cherry picked from commit 2cc0223) Co-authored-by: Gregory P. Smith <greg@krypto.org>
miss-islington
added a commit
that referenced
this pull request
May 7, 2019
…3124) Modern Linux distros such as Debian Buster have default OpenSSL system configurations that reject connections to servers with weak certificates by default. This causes our test suite run with external networking resources enabled to skip these tests when they encounter such a failure. Fixing the network servers is a separate issue. (cherry picked from commit 2cc0223) Co-authored-by: Gregory P. Smith <greg@krypto.org>
CuriousLearner
added a commit
to CuriousLearner/cpython
that referenced
this pull request
May 7, 2019
* master: (1204 commits) bpo-31855: unittest.mock.mock_open() results now respects the argument of read([size]) (pythonGH-11521) Forbid creating of stream objects outside of asyncio (python#13101) bpo-35925: Skip SSL tests that fail due to weak external certs. (pythonGH-13124) Fix rst formatting for several links in ssl documentation (pythonGH-13133) bpo-36542: Allow to overwrite the signature for Python functions. (pythonGH-12705) bpo-36793: Remove unneeded __str__ definitions. (pythonGH-13081) bpo-36766: Typos in docs and code comments (pythonGH-13116) bpo-36275: enhance documentation for venv.create() (pythonGH-13114) Clarify the download unit in the download section (pythonGH-13122) bpo-30668: add missing word in license.rst (pythonGH-13115) Unroll import-team in CODEOWNERS (python#13118) bpo-36594: Fix incorrect use of %p in format strings (pythonGH-12769) bpo-36798: Updating f-string docs for := use case (pythonGH-13107) Update wsgiref.rst (python#10488) Doc/c-api/exceptions.rst: fix grammar (python#12091) bpo-36811: Fix a C compiler warning in _elementtree.c. (pythonGH-13109) Only count number of members once (python#12691) bpo-16024: Doc cleanup regarding path_fd, dir_fd, follow_symlinks (pythonGH-5505) bpo-36791: Safer detection of integer overflow in sum(). (pythonGH-13080) bpo-33530: Implement Happy Eyeballs in asyncio, v2 (pythonGH-7237) ...
gpshead
added a commit
to gpshead/cpython
that referenced
this pull request
May 11, 2019
…pythonGH-13124) Modern Linux distros such as Debian Buster have default OpenSSL system configurations that reject connections to servers with weak certificates by default. This causes our test suite run with external networking resources enabled to skip these tests when they encounter such a failure. Fixing the network servers is a separate issue.. (cherry picked from commit 2cc0223) Co-authored-by: Gregory P. Smith <greg@krypto.org>
|
GH-13252 is a backport of this pull request to the 3.6 branch. |
gpshead
added a commit
to gpshead/cpython
that referenced
this pull request
May 11, 2019
…or old TLS (pythonGH-13124) Modern Linux distros such as Debian Buster have default OpenSSL system configurations that reject connections to servers with weak certificates by default. This causes our test suite run with external networking resources enabled to skip these tests when they encounter such a failure. Fixing the network servers is a separate issue. (cherry picked from commit 2cc0223) Changes to test_ssl.py required as 2.7 has legacy protocol tests. The test_httplib.py change is omitted from this backport as self-signed.pythontest.net's certificate was updated and the test_nntplib.py change is not applicable on 2.7. Authored-by: Gregory P. Smith greg@krypto.org
|
GH-13253 is a backport of this pull request to the 2.7 branch. |
gpshead
added a commit
that referenced
this pull request
May 13, 2019
…or old TLS (GH-13124) (GH-13253) Modern Linux distros such as Debian Buster have default OpenSSL system configurations that reject connections to servers with weak certificates by default. This causes our test suite run with external networking resources enabled to skip these tests when they encounter such a failure. Fixing the network servers is a separate issue. (cherry picked from commit 2cc0223) Changes to test_ssl.py required as 2.7 has legacy protocol tests. The test_httplib.py change is omitted from this backport as self-signed.pythontest.net's certificate was updated and the test_nntplib.py change is not applicable on 2.7. Authored-by: Gregory P. Smith greg@krypto.org
ned-deily
pushed a commit
that referenced
this pull request
May 29, 2019
…or old TLS (GH-13124) (GH-13252) * [3.6] bpo-35925: Skip SSL tests that fail due to weak external certs. (GH-13124) Modern Linux distros such as Debian Buster have default OpenSSL system configurations that reject connections to servers with weak certificates by default. This causes our test suite run with external networking resources enabled to skip these tests when they encounter such a failure. Fixing the network servers is a separate issue.. (cherry picked from commit 2cc0223) Co-authored-by: Gregory P. Smith <greg@krypto.org> * Also skip ssl tests that fail when the system rejects TLSv1. * Remove the test_httplib change; server was updated. self-signed.pythontest.net was updated so the test_httplib change is no longer necessary.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Modern Linux distros such as Debian Buster have default OpenSSL system
configurations that reject connections to servers with weak certificates
by default. This causes our test suite run with external networking
resources enabled to skip these tests when they encounter such a failure.
Fixing the network servers being used are separate side issues.
https://bugs.python.org/issue35925
https://bugs.python.org/issue36816 tracks updating self-signed.pythontest.net's certificate.