[Python-checkins] [3.9] gh-94208: Add even more TLS version/protocol checks for FreeBSD (#98037)

Fri Oct 7 14:49:33 EDT 2022

https://github.com/python/cpython/commit/da1fe3873a592eebe6f0d961b2e3b36d29b4838e
commit: da1fe3873a592eebe6f0d961b2e3b36d29b4838e
branch: 3.9
author: Łukasz Langa <lukasz at langa.pl>
committer: ambv <lukasz at langa.pl>
date: 2022-10-07T11:49:28-07:00
summary:

[3.9] gh-94208: Add even more TLS version/protocol checks for FreeBSD (#98037)

Otherwise, buildbot builds would fail since there's no TLS 1.0/1.1 support.

files:
M .gitignore
M Lib/test/test_ssl.py

diff --git a/.gitignore b/.gitignore
index 1ba44ec5d635..8d9717dd8210 100644
--- a/.gitignore
+++ b/.gitignore
@@ -140,5 +140,7 @@ Tools/ssl/win32
 # Artifacts generated by 3.11 lying around when switching branches:
 /_bootstrap_python
 /Programs/_freeze_module
+/Modules/Setup.bootstrap
+/Modules/Setup.stdlib
 /Python/deepfreeze/
 /Python/frozen_modules/ 
\ No newline at end of file
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 6faa2ee0bbe6..e270f44cf3fb 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -1141,8 +1141,10 @@ def test_constructor(self):
 
     def test_protocol(self):
         for proto in PROTOCOLS:
-            ctx = ssl.SSLContext(proto)
-            self.assertEqual(ctx.protocol, proto)
+            if has_tls_protocol(proto):
+                with warnings_helper.check_warnings():
+                    ctx = ssl.SSLContext(proto)
+                self.assertEqual(ctx.protocol, proto)
 
     def test_ciphers(self):
         ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
@@ -1524,7 +1526,10 @@ def test_load_dh_params(self):
 
     def test_session_stats(self):
         for proto in PROTOCOLS:
-            ctx = ssl.SSLContext(proto)
+            if not has_tls_protocol(proto):
+                continue
+            with warnings_helper.check_warnings():
+                ctx = ssl.SSLContext(proto)
             self.assertEqual(ctx.session_stats(), {
                 'number': 0,
                 'connect': 0,
@@ -1715,13 +1720,14 @@ def test__create_stdlib_context(self):
             self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
             self._assert_context_options(ctx)
 
-        ctx = ssl._create_stdlib_context(ssl.PROTOCOL_TLSv1,
-                                         cert_reqs=ssl.CERT_REQUIRED,
-                                         check_hostname=True)
-        self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLSv1)
-        self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
-        self.assertTrue(ctx.check_hostname)
-        self._assert_context_options(ctx)
+            with warnings_helper.check_warnings():
+                ctx = ssl._create_stdlib_context(ssl.PROTOCOL_TLSv1,
+                                                cert_reqs=ssl.CERT_REQUIRED,
+                                                check_hostname=True)
+            self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLSv1)
+            self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
+            self.assertTrue(ctx.check_hostname)
+            self._assert_context_options(ctx)
 
         ctx = ssl._create_stdlib_context(purpose=ssl.Purpose.CLIENT_AUTH)
         self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLS)

