Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython3 / 72ef4fc32b354f8e56eec64f4c15ac2e07d118be^! / . / Tools / ssl
commit72ef4fc32b354f8e56eec64f4c15ac2e07d118be[log] [tgz]
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>Wed May 23 13:49:04 2018 -0700
committerChristian Heimes <christian@python.org>Wed May 23 22:49:04 2018 +0200
tree79cca6305c0c23bd2e285665a939f59c17703d3f
parent508d7693bc09affd99fdaa4a321cc3da0638c8a0 [diff]
[3.7] bpo-33618: Enable TLS 1.3 in tests (GH-7079) (GH-7082)

TLS 1.3 behaves slightly different than TLS 1.2. Session tickets and TLS
client cert auth are now handled after the initialy handshake. Tests now
either send/recv data to trigger session and client certs. Or tests
ignore ConnectionResetError / BrokenPipeError on the server side to
handle clients that force-close the socket fd.

To test TLS 1.3, OpenSSL 1.1.1-pre7-dev (git master + OpenSSL PR
https://github.com/openssl/openssl/pull/6340) is required.

Signed-off-by: Christian Heimes <christian@python.org>
(cherry picked from commit 529525fb5a8fd9b96ab4021311a598c77588b918)

diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py
index bbc5c66..c4ebe31 100755
--- a/Tools/ssl/multissltests.py
+++ b/Tools/ssl/multissltests.py

@@ -47,7 +47,7 @@
 OPENSSL_RECENT_VERSIONS = [
     "1.0.2o",
     "1.1.0h",
-    "1.1.1-pre6",
+    # "1.1.1-pre7",
 ]
 
 LIBRESSL_OLD_VERSIONS = [
@@ -73,7 +73,7 @@
 parser.add_argument(
     '--debug',
     action='store_true',
-    help="Enable debug mode",
+    help="Enable debug logging",
 )
 parser.add_argument(
     '--disable-ancient',
@@ -130,6 +130,18 @@
     default='',
     help="Override the automatic system type detection."
 )
+parser.add_argument(
+    '--force',
+    action='store_true',
+    dest='force',
+    help="Force build and installation."
+)
+parser.add_argument(
+    '--keep-sources',
+    action='store_true',
+    dest='keep_sources',
+    help="Keep original sources for debugging."
+)
 
 
 class AbstractBuilder(object):
@@ -260,26 +272,31 @@
         """Now build openssl"""
         log.info("Running build in {}".format(self.build_dir))
         cwd = self.build_dir
-        cmd = ["./config", "shared", "--prefix={}".format(self.install_dir)]
-        env = None
+        cmd = [
+            "./config",
+            "shared", "--debug",
+            "--prefix={}".format(self.install_dir)
+        ]
+        env = os.environ.copy()
+        # set rpath
+        env["LD_RUN_PATH"] = self.lib_dir
         if self.system:
-            env = os.environ.copy()
             env['SYSTEM'] = self.system
         self._subprocess_call(cmd, cwd=cwd, env=env)
         # Old OpenSSL versions do not support parallel builds.
         self._subprocess_call(["make", "-j1"], cwd=cwd, env=env)
 
-    def _make_install(self, remove=True):
+    def _make_install(self):
         self._subprocess_call(
             ["make", "-j1", self.install_target],
             cwd=self.build_dir
         )
-        if remove:
+        if not self.args.keep_sources:
             shutil.rmtree(self.build_dir)
 
     def install(self):
         log.info(self.openssl_cli)
-        if not self.has_openssl:
+        if not self.has_openssl or self.args.force:
             if not self.has_src:
                 self._download_src()
             else: