diff --git a/Lib/ssl.py b/Lib/ssl.py index fdd1615744347e..d2031535e96873 100644 --- a/Lib/ssl.py +++ b/Lib/ssl.py @@ -157,12 +157,16 @@ class TLSVersion(_IntEnum): MINIMUM_SUPPORTED = _ssl.PROTO_MINIMUM_SUPPORTED + if OPENSSL_VERSION.startswith('LibreSSL'): + MINIMUM_AVAILABLE = _ssl.PROTO_MINIMUM_AVAILABLE SSLv3 = _ssl.PROTO_SSLv3 TLSv1 = _ssl.PROTO_TLSv1 TLSv1_1 = _ssl.PROTO_TLSv1_1 TLSv1_2 = _ssl.PROTO_TLSv1_2 TLSv1_3 = _ssl.PROTO_TLSv1_3 MAXIMUM_SUPPORTED = _ssl.PROTO_MAXIMUM_SUPPORTED + if OPENSSL_VERSION.startswith('LibreSSL'): + MAXIMUM_AVAILABLE = _ssl.PROTO_MAXIMUM_AVAILABLE if sys.platform == "win32": diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 73d3e3bbcdaeb8..8ace2ffec04e13 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -1062,12 +1062,20 @@ def test_hostname_checks_common_name(self): "required OpenSSL 1.1.0g") def test_min_max_version(self): ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) - self.assertEqual( - ctx.minimum_version, ssl.TLSVersion.MINIMUM_SUPPORTED - ) - self.assertEqual( - ctx.maximum_version, ssl.TLSVersion.MAXIMUM_SUPPORTED - ) + if IS_LIBRESSL: + self.assertEqual( + ctx.minimum_version, ssl.TLSVersion.MINIMUM_AVAILABLE + ) + self.assertEqual( + ctx.maximum_version, ssl.TLSVersion.MAXIMUM_AVAILABLE + ) + else: + self.assertEqual( + ctx.minimum_version, ssl.TLSVersion.MINIMUM_SUPPORTED + ) + self.assertEqual( + ctx.maximum_version, ssl.TLSVersion.MAXIMUM_SUPPORTED + ) ctx.minimum_version = ssl.TLSVersion.TLSv1_1 ctx.maximum_version = ssl.TLSVersion.TLSv1_2 @@ -1080,41 +1088,72 @@ def test_min_max_version(self): ctx.minimum_version = ssl.TLSVersion.MINIMUM_SUPPORTED ctx.maximum_version = ssl.TLSVersion.TLSv1 - self.assertEqual( - ctx.minimum_version, ssl.TLSVersion.MINIMUM_SUPPORTED - ) + if IS_LIBRESSL: + self.assertEqual( + ctx.minimum_version, ssl.TLSVersion.MINIMUM_AVAILABLE + ) + else: + self.assertEqual( + ctx.minimum_version, ssl.TLSVersion.MINIMUM_SUPPORTED + ) self.assertEqual( ctx.maximum_version, ssl.TLSVersion.TLSv1 ) ctx.maximum_version = ssl.TLSVersion.MAXIMUM_SUPPORTED - self.assertEqual( - ctx.maximum_version, ssl.TLSVersion.MAXIMUM_SUPPORTED - ) + if IS_LIBRESSL: + ctx.minimum_version = ssl.TLSVersion.MAXIMUM_SUPPORTED + self.assertEqual( + ctx.maximum_version, ssl.TLSVersion.MAXIMUM_AVAILABLE + ) + ctx.minimum_version = ssl.TLSVersion.MINIMUM_SUPPORTED + else: + self.assertEqual( + ctx.maximum_version, ssl.TLSVersion.MAXIMUM_SUPPORTED + ) ctx.maximum_version = ssl.TLSVersion.MINIMUM_SUPPORTED - self.assertIn( - ctx.maximum_version, - {ssl.TLSVersion.TLSv1, ssl.TLSVersion.SSLv3} - ) + if IS_LIBRESSL: + self.assertEqual( + ctx.maximum_version, ssl.TLSVersion.MINIMUM_AVAILABLE + ) + ctx.maximum_version = ssl.TLSVersion.MAXIMUM_SUPPORTED + else: + self.assertIn( + ctx.maximum_version, + {ssl.TLSVersion.TLSv1, ssl.TLSVersion.SSLv3} + ) ctx.minimum_version = ssl.TLSVersion.MAXIMUM_SUPPORTED - self.assertIn( - ctx.minimum_version, - {ssl.TLSVersion.TLSv1_2, ssl.TLSVersion.TLSv1_3} - ) + if IS_LIBRESSL: + self.assertEqual( + ctx.minimum_version, ssl.TLSVersion.MAXIMUM_AVAILABLE + ) + else: + self.assertIn( + ctx.minimum_version, + {ssl.TLSVersion.TLSv1_2, ssl.TLSVersion.TLSv1_3} + ) with self.assertRaises(ValueError): ctx.minimum_version = 42 ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_1) - self.assertEqual( - ctx.minimum_version, ssl.TLSVersion.MINIMUM_SUPPORTED - ) - self.assertEqual( - ctx.maximum_version, ssl.TLSVersion.MAXIMUM_SUPPORTED - ) + if IS_LIBRESSL: + self.assertEqual( + ctx.minimum_version, ssl.TLSVersion.TLSv1_1 + ) + self.assertEqual( + ctx.maximum_version, ssl.TLSVersion.TLSv1_1 + ) + else: + self.assertEqual( + ctx.minimum_version, ssl.TLSVersion.MINIMUM_SUPPORTED + ) + self.assertEqual( + ctx.maximum_version, ssl.TLSVersion.MAXIMUM_SUPPORTED + ) with self.assertRaises(ValueError): ctx.minimum_version = ssl.TLSVersion.MINIMUM_SUPPORTED with self.assertRaises(ValueError): diff --git a/Misc/NEWS.d/next/Tests/2018-07-02-10-00-28.bpo-33995.pkTqdm.rst b/Misc/NEWS.d/next/Tests/2018-07-02-10-00-28.bpo-33995.pkTqdm.rst new file mode 100644 index 00000000000000..fda45406d3a8fe --- /dev/null +++ b/Misc/NEWS.d/next/Tests/2018-07-02-10-00-28.bpo-33995.pkTqdm.rst @@ -0,0 +1 @@ +Fix tests when the ssl module is built with LibreSSL. diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 2bce4816d26fe7..d49bd4286bc9ff 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -5879,6 +5879,10 @@ PyInit__ssl(void) PY_PROTO_MINIMUM_SUPPORTED); PyModule_AddIntConstant(m, "PROTO_MAXIMUM_SUPPORTED", PY_PROTO_MAXIMUM_SUPPORTED); + PyModule_AddIntConstant(m, "PROTO_MINIMUM_AVAILABLE", + PY_PROTO_MINIMUM_AVAILABLE); + PyModule_AddIntConstant(m, "PROTO_MAXIMUM_AVAILABLE", + PY_PROTO_MAXIMUM_AVAILABLE); PyModule_AddIntConstant(m, "PROTO_SSLv3", PY_PROTO_SSLv3); PyModule_AddIntConstant(m, "PROTO_TLSv1", PY_PROTO_TLSv1); PyModule_AddIntConstant(m, "PROTO_TLSv1_1", PY_PROTO_TLSv1_1);