diff options
author | Morgan Fainberg <morgan.fainberg@gmail.com> | 2015-04-06 15:41:29 -0700 |
---|---|---|
committer | Morgan Fainberg <morgan.fainberg@gmail.com> | 2015-04-06 15:41:29 -0700 |
commit | 1d4a6db158e3118181ae9d96a03832c49ff8998f (patch) | |
tree | a7ef186d994e2f13e02201b74079e2ef385e7a34 | |
parent | ae61c5c081e1917213ef94e33dda43ae0c9c4b55 (diff) | |
download | keystone-1d4a6db158e3118181ae9d96a03832c49ff8998f.tar.gz |
Skip SSL tests because some platforms do not enable SSLv3
For "damned good security reasons" (POODLE) some platforms have
patched out SSLv3 from OpenSSL. Because Evenetlet cannot be configured
for specific versions (or ciphers) and httplib is extremely limited,
the tests for SSL have been explicitly skipped. These tests should
be potentially re-enabled in the functional suite for SSL terminated
endpoints.
This comes back to "do not terminate SSL in the eventlet wsgi" that
was determined in bug 1381365.
Change-Id: Ic4b446ceee9034de5b6530c2d79d798a903fcbbf
Related-Bug: #1381365
Closes-Bug: #1435174
-rw-r--r-- | keystone/tests/unit/test_ssl.py | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/keystone/tests/unit/test_ssl.py b/keystone/tests/unit/test_ssl.py index c5f443b0b..3b86bb2d6 100644 --- a/keystone/tests/unit/test_ssl.py +++ b/keystone/tests/unit/test_ssl.py @@ -36,6 +36,16 @@ CLIENT = os.path.join(CERTDIR, 'middleware.pem') class SSLTestCase(tests.TestCase): def setUp(self): super(SSLTestCase, self).setUp() + raise self.skipTest('SSL Version and Ciphers cannot be configured ' + 'with eventlet, some platforms have disabled ' + 'SSLv3. See bug 1381365.') + # NOTE(morganfainberg): It has been determined that this + # will not be fixed. These tests should be re-enabled for the full + # functional test suite when run against an SSL terminated + # endpoint. Some distributions/environments have patched OpenSSL to + # not have SSLv3 at all due to POODLE and this causes differing + # behavior depending on platform. See bug 1381365 for more information. + # NOTE(jamespage): # Deal with more secure certificate chain verification # introduced in python 2.7.9 under PEP-0476 |