summaryrefslogtreecommitdiff
path: root/debian/patches/update-tls-protocol2.diff
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/update-tls-protocol2.diff')
-rw-r--r--debian/patches/update-tls-protocol2.diff98
1 files changed, 98 insertions, 0 deletions
diff --git a/debian/patches/update-tls-protocol2.diff b/debian/patches/update-tls-protocol2.diff
new file mode 100644
index 0000000..7dbe9d8
--- /dev/null
+++ b/debian/patches/update-tls-protocol2.diff
@@ -0,0 +1,98 @@
+# Don't apply yet, still test failures ..
+
+Index: b/Lib/test/test_ssl.py
+===================================================================
+--- a/Lib/test/test_ssl.py
++++ b/Lib/test/test_ssl.py
+@@ -147,7 +147,7 @@ def skip_if_broken_ubuntu_ssl(func):
+ needs_sni = unittest.skipUnless(ssl.HAS_SNI, "SNI support needed for this test")
+
+
+-def test_wrap_socket(sock, ssl_version=ssl.PROTOCOL_TLS, *,
++def test_wrap_socket(sock, ssl_version=ssl.PROTOCOL_TLSv1_2, *,
+ cert_reqs=ssl.CERT_NONE, ca_certs=None,
+ ciphers=None, certfile=None, keyfile=None,
+ **kwargs):
+@@ -883,7 +883,7 @@ class ContextTests(unittest.TestCase):
+ self.assertEqual(ctx.protocol, proto)
+
+ def test_ciphers(self):
+- ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
++ ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
+ ctx.set_ciphers("ALL")
+ ctx.set_ciphers("DEFAULT")
+ with self.assertRaisesRegex(ssl.SSLError, "No cipher can be selected"):
+@@ -1542,7 +1542,7 @@ class SimpleBackgroundTests(unittest.Tes
+
+ def test_connect_with_context(self):
+ # Same as test_connect, but with a separately created context
+- ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
++ ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
+ with ctx.wrap_socket(socket.socket(socket.AF_INET)) as s:
+ s.connect(self.server_addr)
+ self.assertEqual({}, s.getpeercert())
+@@ -1562,7 +1562,7 @@ class SimpleBackgroundTests(unittest.Tes
+ # This should fail because we have no verification certs. Connection
+ # failure crashes ThreadedEchoServer, so run this in an independent
+ # test method.
+- ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
++ ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
+ ctx.verify_mode = ssl.CERT_REQUIRED
+ s = ctx.wrap_socket(socket.socket(socket.AF_INET))
+ self.addCleanup(s.close)
+@@ -1595,7 +1595,7 @@ class SimpleBackgroundTests(unittest.Tes
+ with open(SIGNING_CA) as f:
+ pem = f.read()
+ der = ssl.PEM_cert_to_DER_cert(pem)
+- ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
++ ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
+ ctx.verify_mode = ssl.CERT_REQUIRED
+ ctx.load_verify_locations(cadata=pem)
+ with ctx.wrap_socket(socket.socket(socket.AF_INET)) as s:
+@@ -1604,7 +1604,7 @@ class SimpleBackgroundTests(unittest.Tes
+ self.assertTrue(cert)
+
+ # same with DER
+- ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
++ ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
+ ctx.verify_mode = ssl.CERT_REQUIRED
+ ctx.load_verify_locations(cadata=der)
+ with ctx.wrap_socket(socket.socket(socket.AF_INET)) as s:
+@@ -1676,7 +1676,7 @@ class SimpleBackgroundTests(unittest.Tes
+
+ def test_get_ca_certs_capath(self):
+ # capath certs are loaded on request
+- ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
++ ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
+ ctx.verify_mode = ssl.CERT_REQUIRED
+ ctx.load_verify_locations(capath=CAPATH)
+ self.assertEqual(ctx.get_ca_certs(), [])
+@@ -1689,8 +1689,8 @@ class SimpleBackgroundTests(unittest.Tes
+ @needs_sni
+ def test_context_setget(self):
+ # Check that the context of a connected socket can be replaced.
+- ctx1 = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
+- ctx2 = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
++ ctx1 = ssl.SSLContext(ssl.PROTOCOL_TLSv1_1)
++ ctx2 = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
+ s = socket.socket(socket.AF_INET)
+ with ctx1.wrap_socket(s) as ss:
+ ss.connect(self.server_addr)
+@@ -1740,7 +1740,7 @@ class SimpleBackgroundTests(unittest.Tes
+ sock.connect(self.server_addr)
+ incoming = ssl.MemoryBIO()
+ outgoing = ssl.MemoryBIO()
+- ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
++ ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
+ ctx.verify_mode = ssl.CERT_REQUIRED
+ ctx.load_verify_locations(SIGNING_CA)
+ ctx.check_hostname = True
+@@ -1773,7 +1773,7 @@ class SimpleBackgroundTests(unittest.Tes
+ sock.connect(self.server_addr)
+ incoming = ssl.MemoryBIO()
+ outgoing = ssl.MemoryBIO()
+- ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
++ ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
+ ctx.verify_mode = ssl.CERT_NONE
+ sslobj = ctx.wrap_bio(incoming, outgoing, False)
+ self.ssl_io_loop(sock, incoming, outgoing, sslobj.do_handshake)
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-21 05:40:29 +0000