[Python-checkins] Fix typo in PROTOCOL_TO_TLS_VERSION in test_ssl (GH-95119)
miss-islington
webhook-mailer at python.org
Thu Jul 21 20:38:20 EDT 2022
https://github.com/python/cpython/commit/934b25dcc492dcbca4da9d63d0d71dc940fc0375
commit: 934b25dcc492dcbca4da9d63d0d71dc940fc0375
branch: main
author: David Benjamin <davidben at google.com>
committer: miss-islington <31488909+miss-islington at users.noreply.github.com>
date: 2022-07-21T17:38:15-07:00
summary:
Fix typo in PROTOCOL_TO_TLS_VERSION in test_ssl (GH-95119)
This appears to be a typo. It causes try_protocol_combo to try to turn
on SSL 3.0 when testing PROTOCOL_SSLv23 (aka PROTOCOL_TLS), which
doesn't make any sense. Fix it to be PROTOCOL_SSLv3.
Without this, try_protocol_combo is actually setting
context.minimum_version to SSLv3 when called as
try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLS, True)
One would think this causes a no-ssl3 OpenSSL build to fail, but OpenSSL
forgot to make SSL_CTX_set_min_proto_version(SSL3_VERSION) does not
notice no-ssl3, so this typo has gone undetected. But we should still
fix the typo because, presumably, a future version of OpenSSL will
remove SSL 3.0 and do so more thoroughly, at which point this will
break.
files:
M Lib/test/test_ssl.py
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 65f5d4a6d7094..0d0d14ac00260 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -47,7 +47,7 @@
PROTOCOL_TO_TLS_VERSION = {}
for proto, ver in (
- ("PROTOCOL_SSLv23", "SSLv3"),
+ ("PROTOCOL_SSLv3", "SSLv3"),
("PROTOCOL_TLSv1", "TLSv1"),
("PROTOCOL_TLSv1_1", "TLSv1_1"),
):
More information about the Python-checkins
mailing list