From 2be0c8677e77dca03829e1a588a627e1ee037111 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Fri, 19 Mar 2021 19:36:39 -0400
Subject: Attempt to test with system OpenSSL on recent Ubuntu (#1003)

* Attempt to test with system OpenSSL on recent Ubuntu

* attempted fix for this test
---
 .github/workflows/ci.yml |  2 ++
 tests/test_ssl.py        | 17 +++++++++++++++--
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 2d45c88..8f7db96 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -65,6 +65,8 @@ jobs:
         TEST:
           - {CONTAINER: "stretch", TOXENV: "py27"}
           - {CONTAINER: "ubuntu-bionic", TOXENV: "py36"}
+          # cryptographyMaster used since there's no wheel
+          - {CONTAINER: "ubuntu-rolling", TOXENV: "py38-cryptographyMaster"}
     name: "${{ matrix.TEST.TOXENV }} on ${{ matrix.TEST.CONTAINER }}"
     steps:
       - uses: actions/checkout@v2
diff --git a/tests/test_ssl.py b/tests/test_ssl.py
index e79d9fa..e604164 100644
--- a/tests/test_ssl.py
+++ b/tests/test_ssl.py
@@ -53,6 +53,7 @@ from OpenSSL.SSL import (
     SSLEAY_VERSION,
     SSLEAY_CFLAGS,
     TLS_METHOD,
+    TLS1_3_VERSION,
     TLS1_2_VERSION,
     TLS1_1_VERSION,
 )
@@ -136,6 +137,11 @@ try:
 except ImportError:
     SSL_ST_INIT = SSL_ST_BEFORE = SSL_ST_OK = SSL_ST_RENEGOTIATE = None
 
+try:
+    from OpenSSL.SSL import OP_NO_TLSv1_3
+except ImportError:
+    OP_NO_TLSv1_3 = None
+
 from .util import WARNING_TYPE_EXPECTED, NON_ASCII, is_consistent_type
 from .test_crypto import (
     client_cert_pem,
@@ -1047,6 +1053,13 @@ class TestContext(object):
         assert all(b"CLIENT_RANDOM" in line for conn, line in called)
 
     def test_set_proto_version(self):
+        if OP_NO_TLSv1_3 is None:
+            high_version = TLS1_2_VERSION
+            low_version = TLS1_1_VERSION
+        else:
+            high_version = TLS1_3_VERSION
+            low_version = TLS1_2_VERSION
+
         server_context = Context(TLS_METHOD)
         server_context.use_certificate(
             load_certificate(FILETYPE_PEM, root_cert_pem)
@@ -1054,10 +1067,10 @@ class TestContext(object):
         server_context.use_privatekey(
             load_privatekey(FILETYPE_PEM, root_key_pem)
         )
-        server_context.set_min_proto_version(TLS1_2_VERSION)
+        server_context.set_min_proto_version(high_version)
 
         client_context = Context(TLS_METHOD)
-        client_context.set_max_proto_version(TLS1_1_VERSION)
+        client_context.set_max_proto_version(low_version)
 
         with pytest.raises(Error, match="unsupported protocol"):
             self._handshake_test(server_context, client_context)
-- 
cgit v1.2.1