diff options
Diffstat (limited to 'debian/patches/update-tls-protocol2.diff')
-rw-r--r-- | debian/patches/update-tls-protocol2.diff | 98 |
1 files changed, 98 insertions, 0 deletions
diff --git a/debian/patches/update-tls-protocol2.diff b/debian/patches/update-tls-protocol2.diff new file mode 100644 index 0000000..7dbe9d8 --- /dev/null +++ b/debian/patches/update-tls-protocol2.diff @@ -0,0 +1,98 @@ +# Don't apply yet, still test failures .. + +Index: b/Lib/test/test_ssl.py +=================================================================== +--- a/Lib/test/test_ssl.py ++++ b/Lib/test/test_ssl.py +@@ -147,7 +147,7 @@ def skip_if_broken_ubuntu_ssl(func): + needs_sni = unittest.skipUnless(ssl.HAS_SNI, "SNI support needed for this test") + + +-def test_wrap_socket(sock, ssl_version=ssl.PROTOCOL_TLS, *, ++def test_wrap_socket(sock, ssl_version=ssl.PROTOCOL_TLSv1_2, *, + cert_reqs=ssl.CERT_NONE, ca_certs=None, + ciphers=None, certfile=None, keyfile=None, + **kwargs): +@@ -883,7 +883,7 @@ class ContextTests(unittest.TestCase): + self.assertEqual(ctx.protocol, proto) + + def test_ciphers(self): +- ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1) ++ ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) + ctx.set_ciphers("ALL") + ctx.set_ciphers("DEFAULT") + with self.assertRaisesRegex(ssl.SSLError, "No cipher can be selected"): +@@ -1542,7 +1542,7 @@ class SimpleBackgroundTests(unittest.Tes + + def test_connect_with_context(self): + # Same as test_connect, but with a separately created context +- ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23) ++ ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) + with ctx.wrap_socket(socket.socket(socket.AF_INET)) as s: + s.connect(self.server_addr) + self.assertEqual({}, s.getpeercert()) +@@ -1562,7 +1562,7 @@ class SimpleBackgroundTests(unittest.Tes + # This should fail because we have no verification certs. Connection + # failure crashes ThreadedEchoServer, so run this in an independent + # test method. +- ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23) ++ ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) + ctx.verify_mode = ssl.CERT_REQUIRED + s = ctx.wrap_socket(socket.socket(socket.AF_INET)) + self.addCleanup(s.close) +@@ -1595,7 +1595,7 @@ class SimpleBackgroundTests(unittest.Tes + with open(SIGNING_CA) as f: + pem = f.read() + der = ssl.PEM_cert_to_DER_cert(pem) +- ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23) ++ ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) + ctx.verify_mode = ssl.CERT_REQUIRED + ctx.load_verify_locations(cadata=pem) + with ctx.wrap_socket(socket.socket(socket.AF_INET)) as s: +@@ -1604,7 +1604,7 @@ class SimpleBackgroundTests(unittest.Tes + self.assertTrue(cert) + + # same with DER +- ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23) ++ ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) + ctx.verify_mode = ssl.CERT_REQUIRED + ctx.load_verify_locations(cadata=der) + with ctx.wrap_socket(socket.socket(socket.AF_INET)) as s: +@@ -1676,7 +1676,7 @@ class SimpleBackgroundTests(unittest.Tes + + def test_get_ca_certs_capath(self): + # capath certs are loaded on request +- ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23) ++ ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) + ctx.verify_mode = ssl.CERT_REQUIRED + ctx.load_verify_locations(capath=CAPATH) + self.assertEqual(ctx.get_ca_certs(), []) +@@ -1689,8 +1689,8 @@ class SimpleBackgroundTests(unittest.Tes + @needs_sni + def test_context_setget(self): + # Check that the context of a connected socket can be replaced. +- ctx1 = ssl.SSLContext(ssl.PROTOCOL_TLSv1) +- ctx2 = ssl.SSLContext(ssl.PROTOCOL_SSLv23) ++ ctx1 = ssl.SSLContext(ssl.PROTOCOL_TLSv1_1) ++ ctx2 = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) + s = socket.socket(socket.AF_INET) + with ctx1.wrap_socket(s) as ss: + ss.connect(self.server_addr) +@@ -1740,7 +1740,7 @@ class SimpleBackgroundTests(unittest.Tes + sock.connect(self.server_addr) + incoming = ssl.MemoryBIO() + outgoing = ssl.MemoryBIO() +- ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23) ++ ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) + ctx.verify_mode = ssl.CERT_REQUIRED + ctx.load_verify_locations(SIGNING_CA) + ctx.check_hostname = True +@@ -1773,7 +1773,7 @@ class SimpleBackgroundTests(unittest.Tes + sock.connect(self.server_addr) + incoming = ssl.MemoryBIO() + outgoing = ssl.MemoryBIO() +- ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23) ++ ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) + ctx.verify_mode = ssl.CERT_NONE + sslobj = ctx.wrap_bio(incoming, outgoing, False) + self.ssl_io_loop(sock, incoming, outgoing, sslobj.do_handshake) |