From 069909af77171b1d925aed6cefe168a7e5e50f50 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 12 May 2022 06:33:36 +0800 Subject: repair CI (#1116) * repair CI * more fixes * pypy39 requires latest cryptography * Apply suggestions from code review Co-authored-by: Alex Gaynor * use constant * bump minimum version * remove unneeded try * fix Co-authored-by: Alex Gaynor --- .github/workflows/ci.yml | 8 +++----- CHANGELOG.rst | 1 + setup.py | 2 +- src/OpenSSL/SSL.py | 18 ++++++++++++++++++ tests/test_crypto.py | 10 +++++++--- tests/test_ssl.py | 36 ++++++++++++++++++++++++------------ tox.ini | 11 ++--------- 7 files changed, 56 insertions(+), 30 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2b79f5b..841016f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -23,15 +23,14 @@ jobs: - {VERSION: "3.8", TOXENV: "py38-cryptographyMain"} - {VERSION: "3.9", TOXENV: "py39-cryptographyMain"} - {VERSION: "3.10", TOXENV: "py310-cryptographyMain"} - - {VERSION: "pypy-3.7", TOXENV: "pypy3-cryptographyMain"} - {VERSION: "pypy-3.8", TOXENV: "pypy3-cryptographyMain"} + - {VERSION: "pypy-3.9", TOXENV: "pypy3-cryptographyMain"} # -cryptographyMinimum - {VERSION: "3.6", TOXENV: "py36-cryptographyMinimum"} - {VERSION: "3.7", TOXENV: "py37-cryptographyMinimum"} - {VERSION: "3.8", TOXENV: "py38-cryptographyMinimum"} - {VERSION: "3.9", TOXENV: "py39-cryptographyMinimum"} - {VERSION: "3.10", TOXENV: "py310-cryptographyMinimum"} - - {VERSION: "pypy-3.7", TOXENV: "pypy3-cryptographyMinimum"} - {VERSION: "pypy-3.8", TOXENV: "pypy3-cryptographyMinimum"} # Cryptography wheels - {VERSION: "3.9", TOXENV: "py39-cryptographyMinimum-useWheel"} @@ -42,7 +41,6 @@ jobs: - {VERSION: "3.7", TOXENV: "py37-twistedTrunk"} # Meta - {VERSION: "3.9", TOXENV: "check-manifest"} - - {VERSION: "3.9", TOXENV: "pypi-readme"} - {VERSION: "3.9", TOXENV: "flake8"} - {VERSION: "3.9", TOXENV: "docs"} name: "${{ matrix.PYTHON.TOXENV }}" @@ -69,11 +67,11 @@ jobs: TEST: - {CONTAINER: "ubuntu-bionic", TOXENV: "py36"} # cryptographyMain used since there's no wheel - - {CONTAINER: "ubuntu-rolling", TOXENV: "py39-cryptographyMain"} + - {CONTAINER: "ubuntu-rolling", TOXENV: "py310-cryptographyMain"} name: "${{ matrix.TEST.TOXENV }} on ${{ matrix.TEST.CONTAINER }}" steps: - uses: actions/checkout@v3 - - run: tox -v + - run: /venv/bin/tox -v env: TOXENV: ${{ matrix.TEST.TOXENV }} RUSTUP_HOME: /root/.rustup diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 1f7b063..d91b1a1 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -11,6 +11,7 @@ Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Remove support for SSLv2 and SSLv3. +- The minimum ``cryptography`` version is now 37.0.2. Deprecations: ^^^^^^^^^^^^^ diff --git a/setup.py b/setup.py index 6cbc259..b30c159 100755 --- a/setup.py +++ b/setup.py @@ -96,7 +96,7 @@ if __name__ == "__main__": package_dir={"": "src"}, install_requires=[ # Fix cryptographyMinimum in tox.ini when changing this! - "cryptography>=35.0", + "cryptography>=37.0.2", ], extras_require={ "test": ["flaky", "pretend", "pytest>=3.0.1"], diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py index 3e6ee1b..d100e6c 100644 --- a/src/OpenSSL/SSL.py +++ b/src/OpenSSL/SSL.py @@ -1685,6 +1685,24 @@ class Connection: else: # TODO: This is untested. _raise_current_error() + elif error == _lib.SSL_ERROR_SSL and _lib.ERR_peek_error() != 0: + # In 3.0.x an unexpected EOF no longer triggers syscall error + # but we want to maintain compatibility so we check here and + # raise syscall if it is an EOF. Since we're not actually sure + # what else could raise SSL_ERROR_SSL we check for the presence + # of the OpenSSL 3 constant SSL_R_UNEXPECTED_EOF_WHILE_READING + # and if it's not present we just raise an error, which matches + # the behavior before we added this elif section + peeked_error = _lib.ERR_peek_error() + reason = _lib.ERR_GET_REASON(peeked_error) + if _lib.Cryptography_HAS_UNEXPECTED_EOF_WHILE_READING: + _openssl_assert( + reason == _lib.SSL_R_UNEXPECTED_EOF_WHILE_READING + ) + _lib.ERR_clear_error() + raise SysCallError(-1, "Unexpected EOF") + else: + _raise_current_error() elif error == _lib.SSL_ERROR_NONE: pass else: diff --git a/tests/test_crypto.py b/tests/test_crypto.py index 8e8484c..6d60347 100644 --- a/tests/test_crypto.py +++ b/tests/test_crypto.py @@ -2077,8 +2077,8 @@ class TestX509(_PKeyInteractionTestsMixin): b"DNS:altnull.python.org\x00example.com, " b"email:null@python.org\x00user@example.org, " b"URI:http://null.python.org\x00http://example.org, " - b"IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1\n" - == str(ext).encode("ascii") + b"IP Address:192.0.2.1, IP Address:2001:DB8:0:0:0:0:0:1" + == str(ext).encode("ascii").strip() ) def test_invalid_digest_algorithm(self): @@ -4090,7 +4090,11 @@ class TestX509StoreContext: with pytest.raises(X509StoreContextError) as exc: store_ctx.verify_certificate() - assert exc.value.args[0][2] == "self signed certificate" + # OpenSSL 1.1.x and 3.0.x have different error messages + assert exc.value.args[0][2] in [ + "self signed certificate", + "self-signed certificate", + ] assert exc.value.certificate.get_subject().CN == "Testing Root CA" def test_invalid_chain_no_root(self): diff --git a/tests/test_ssl.py b/tests/test_ssl.py index a02dc4b..56748fa 100644 --- a/tests/test_ssl.py +++ b/tests/test_ssl.py @@ -517,15 +517,20 @@ class TestContext: """ with pytest.raises(Error) as excinfo: context.set_cipher_list(b"imaginary-cipher") - assert excinfo.value.args == ( - [ - ( - "SSL routines", - "SSL_CTX_set_cipher_list", - "no cipher match", - ) - ], - ) + assert excinfo.value.args[0][0] in [ + # 1.1.x + ( + "SSL routines", + "SSL_CTX_set_cipher_list", + "no cipher match", + ), + # 3.0.x + ( + "SSL routines", + "", + "no cipher match", + ), + ] def test_load_client_ca(self, context, ca_file): """ @@ -564,13 +569,20 @@ class TestContext: with pytest.raises(Error) as e: context.set_session_id(b"abc" * 1000) - assert [ + assert e.value.args[0][0] in [ + # 1.1.x ( "SSL routines", "SSL_CTX_set_session_id_context", "ssl session id context too long", - ) - ] == e.value.args[0] + ), + # 3.0.x + ( + "SSL routines", + "", + "ssl session id context too long", + ), + ] def test_set_session_id_unicode(self, context): """ diff --git a/tox.ini b/tox.ini index 93432dc..1c99fcb 100644 --- a/tox.ini +++ b/tox.ini @@ -1,5 +1,5 @@ [tox] -envlist = {pypy,pypy3,py36,py37,py38,py39,py310}{,-cryptographyMain,-cryptographyMinimum}{,-useWheel}{,-randomorder},py37-twistedTrunk,pypi-readme,check-manifest,flake8,docs,coverage-report +envlist = {pypy,pypy3,py36,py37,py38,py39,py310}{,-cryptographyMain,-cryptographyMinimum}{,-useWheel}{,-randomorder},py37-twistedTrunk,check-manifest,flake8,docs,coverage-report [testenv] whitelist_externals = @@ -10,7 +10,7 @@ extras = deps = coverage>=4.2 cryptographyMain: git+https://github.com/pyca/cryptography.git - cryptographyMinimum: cryptography==35.0 + cryptographyMinimum: cryptography==37.0.2 randomorder: pytest-randomly setenv = # Do not allow the executing environment to pollute the test environment @@ -44,13 +44,6 @@ commands = black --check . flake8 . -[testenv:pypi-readme] -deps = - readme_renderer -skip_install = true -commands = - python setup.py check -r -s - [testenv:check-manifest] deps = check-manifest -- cgit v1.2.1