diff options
| author | Paul Monson <paulmon@users.noreply.github.com> | 2019-05-15 15:38:55 -0700 |
|---|---|---|
| committer | Steve Dower <steve.dower@python.org> | 2019-05-15 15:38:55 -0700 |
| commit | fb7e7505ed1337bf40fa7b8b68317d1e86675a86 (patch) | |
| tree | 5448f7cb8bf06f7b6c04012c1903c8934f761fd0 /Lib | |
| parent | d9e006bcefe6fac859b1b5d741725b9a91991044 (diff) | |
| download | cpython-git-fb7e7505ed1337bf40fa7b8b68317d1e86675a86.tar.gz | |
bpo-35926: Add support for OpenSSL 1.1.1b on Windows (GH-11779)
Diffstat (limited to 'Lib')
| -rw-r--r-- | Lib/test/test_asyncio/test_sslproto.py | 4 | ||||
| -rw-r--r-- | Lib/test/test_ssl.py | 19 |
2 files changed, 19 insertions, 4 deletions
diff --git a/Lib/test/test_asyncio/test_sslproto.py b/Lib/test/test_asyncio/test_sslproto.py index 7bc2ccf0bd..079b255855 100644 --- a/Lib/test/test_asyncio/test_sslproto.py +++ b/Lib/test/test_asyncio/test_sslproto.py @@ -497,8 +497,8 @@ class BaseStartTLS(func_tests.FunctionalTestCaseMixin): server_context = test_utils.simple_server_sslcontext() client_context = test_utils.simple_client_sslcontext() - if sys.platform.startswith('freebsd'): - # bpo-35031: Some FreeBSD buildbots fail to run this test + if sys.platform.startswith('freebsd') or sys.platform.startswith('win'): + # bpo-35031: Some FreeBSD and Windows buildbots fail to run this test # as the eof was not being received by the server if the payload # size is not big enough. This behaviour only appears if the # client is using TLS1.3. diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 5b53b8250f..d48d6e5569 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -2188,7 +2188,7 @@ class ThreadedEchoServer(threading.Thread): self.sock, server_side=True) self.server.selected_npn_protocols.append(self.sslconn.selected_npn_protocol()) self.server.selected_alpn_protocols.append(self.sslconn.selected_alpn_protocol()) - except (ConnectionResetError, BrokenPipeError) as e: + except (ConnectionResetError, BrokenPipeError, ConnectionAbortedError) as e: # We treat ConnectionResetError as though it were an # SSLError - OpenSSL on Ubuntu abruptly closes the # connection when asked to use an unsupported protocol. @@ -2196,6 +2196,9 @@ class ThreadedEchoServer(threading.Thread): # BrokenPipeError is raised in TLS 1.3 mode, when OpenSSL # tries to send session tickets after handshake. # https://github.com/openssl/openssl/issues/6342 + # + # ConnectionAbortedError is raised in TLS 1.3 mode, when OpenSSL + # tries to send session tickets after handshake when using WinSock. self.server.conn_errors.append(str(e)) if self.server.chatty: handle_error("\n server: bad connection attempt from " + repr(self.addr) + ":\n") @@ -2326,7 +2329,7 @@ class ThreadedEchoServer(threading.Thread): sys.stdout.write(" server: read %r (%s), sending back %r (%s)...\n" % (msg, ctype, msg.lower(), ctype)) self.write(msg.lower()) - except ConnectionResetError: + except (ConnectionResetError, ConnectionAbortedError): # XXX: OpenSSL 1.1.1 sometimes raises ConnectionResetError # when connection is not shut down gracefully. if self.server.chatty and support.verbose: @@ -2336,6 +2339,18 @@ class ThreadedEchoServer(threading.Thread): ) self.close() self.running = False + except ssl.SSLError as err: + # On Windows sometimes test_pha_required_nocert receives the + # PEER_DID_NOT_RETURN_A_CERTIFICATE exception + # before the 'tlsv13 alert certificate required' exception. + # If the server is stopped when PEER_DID_NOT_RETURN_A_CERTIFICATE + # is received test_pha_required_nocert fails with ConnectionResetError + # because the underlying socket is closed + if 'PEER_DID_NOT_RETURN_A_CERTIFICATE' == err.reason: + if self.server.chatty and support.verbose: + sys.stdout.write(err.args[1]) + # test_pha_required_nocert is expecting this exception + raise ssl.SSLError('tlsv13 alert certificate required') except OSError: if self.server.chatty: handle_error("Test server failure:\n") |