Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython3 / 6ca7183b3549d3eaa8a0c3b73255eeac24d7974d^! / . / Lib / test
commit6ca7183b3549d3eaa8a0c3b73255eeac24d7974d[log] [tgz]
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>Fri Jan 18 07:29:08 2019 -0800
committerGitHub <noreply@github.com>Fri Jan 18 07:29:08 2019 -0800
tree2461c2d84136b517dd9a29ad80f15dd9dfdfb016
parentc2647f2e45d2741fc44fd621966e05d15f2cd26a [diff]
bpo-35045: Accept TLSv1 default in min max test (GH-11510)


Make ssl tests less strict and also accept TLSv1 as system default. The
changes unbreaks test_min_max_version on Fedora 29.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 34de2d312b3687994ddbc29adb66e88f672034c7)

Co-authored-by: Christian Heimes <christian@python.org>
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index b6794ce..38ecddd 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py

@@ -1108,8 +1108,11 @@
                          "required OpenSSL 1.1.0g")
     def test_min_max_version(self):
         ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
-        self.assertEqual(
-            ctx.minimum_version, ssl.TLSVersion.MINIMUM_SUPPORTED
+        # OpenSSL default is MINIMUM_SUPPORTED, however some vendors like
+        # Fedora override the setting to TLS 1.0.
+        self.assertIn(
+            ctx.minimum_version,
+            {ssl.TLSVersion.MINIMUM_SUPPORTED, ssl.TLSVersion.TLSv1}
         )
         self.assertEqual(
             ctx.maximum_version, ssl.TLSVersion.MAXIMUM_SUPPORTED