Skip to content

Commit

Permalink
tests: _assert_connect to support min/max SSL version
Browse files Browse the repository at this point in the history 
`ssl.wrap_socket` supported only `ssl_version` and hence this was what
`_assert_connect` used. `SSLContext` OTOH supports settings explicitly
minimum and maximum supported SSL versions. Use that to properly fix SSL
tests.

Signed-off-by: Mikhail Koviazin <[email protected]>
  • Loading branch information
@mkmkme
mkmkme committed Nov 26, 2024
1 parent f63df9c commit 1e10250
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 11 deletions.
10 changes: 5 additions & 5 deletions tests/test_asyncio/test_connect.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@ async def test_tcp_ssl_version_mismatch(tcp_address):
tcp_address,
certfile=certfile,
keyfile=keyfile,
ssl_version=ssl.TLSVersion.TLSv1_2,
maximum_ssl_version=ssl.TLSVersion.TLSv1_2,
)
await conn.disconnect()

Expand All @@ -135,7 +135,8 @@ async def _assert_connect(
server_address,
certfile=None,
keyfile=None,
ssl_version=None,
minimum_ssl_version=ssl.TLSVersion.TLSv1_2,
maximum_ssl_version=ssl.TLSVersion.TLSv1_3,
):
stop_event = asyncio.Event()
finished = asyncio.Event()
Expand All @@ -153,9 +154,8 @@ async def _handler(reader, writer):
elif certfile:
host, port = server_address
context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
if ssl_version is not None:
context.minimum_version = ssl_version
context.maximum_version = ssl_version
context.minimum_version = minimum_ssl_version
context.maximum_version = maximum_ssl_version
context.load_cert_chain(certfile=certfile, keyfile=keyfile)
server = await asyncio.start_server(_handler, host=host, port=port, ssl=context)
else:
Expand Down
13 changes: 7 additions & 6 deletions tests/test_connect.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,6 @@ def test_tcp_ssl_tls12_custom_ciphers(tcp_address, ssl_ciphers):
tcp_address,
certfile=certfile,
keyfile=keyfile,
ssl_version=ssl.TLSVersion.TLSv1_2,
)


Expand Down Expand Up @@ -141,7 +140,7 @@ def test_tcp_ssl_version_mismatch(tcp_address):
tcp_address,
certfile=certfile,
keyfile=keyfile,
ssl_version=ssl.TLSVersion.TLSv1_2,
maximum_ssl_version=ssl.TLSVersion.TLSv1_2,
)


Expand Down Expand Up @@ -170,14 +169,16 @@ def __init__(
*args,
certfile=None,
keyfile=None,
ssl_version=ssl.TLSVersion.TLSv1,
minimum_ssl_version=ssl.TLSVersion.TLSv1_2,
maximum_ssl_version=ssl.TLSVersion.TLSv1_3,
**kw,
) -> None:
self._ready_event = threading.Event()
self._stop_requested = False
self._certfile = certfile
self._keyfile = keyfile
self._ssl_version = ssl_version
self._minimum_ssl_version = minimum_ssl_version
self._maximum_ssl_version = maximum_ssl_version
super().__init__(*args, **kw)

def service_actions(self):
Expand All @@ -199,8 +200,8 @@ def get_request(self):
newsocket, fromaddr = self.socket.accept()
sslctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
sslctx.load_cert_chain(self._certfile, self._keyfile)
sslctx.minimum_version = self._ssl_version
sslctx.maximum_version = self._ssl_version
sslctx.minimum_version = self._minimum_ssl_version
sslctx.maximum_version = self._maximum_ssl_version
connstream = sslctx.wrap_socket(
newsocket,
server_side=True,
Expand Down

0 comments on commit 1e10250

Please sign in to comment.