From 6d0a7403a6cdf4041d1a3f388dc60b2b95e5e857 Mon Sep 17 00:00:00 2001 From: Dan Radez Date: Tue, 2 Apr 2024 10:33:42 -0400 Subject: [PATCH 1/2] handle openssl3 error in ssl tests Using OpenSSL 3, the expected error string caught in ssl tests has changed. E AssertionError: assert 'wrong version number' in '[SSL] record layer failure (_ssl.c:1000)' This is already handled for OpenSSL pre-1.1 and gte-1.1, adding handling for OpenSSL 3+ Fixes: #645 --- cheroot/_compat.py | 2 ++ cheroot/_compat.pyi | 1 + cheroot/test/test_ssl.py | 7 ++++--- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/cheroot/_compat.py b/cheroot/_compat.py index dbe5c6d2ff..edbfe28dc6 100644 --- a/cheroot/_compat.py +++ b/cheroot/_compat.py @@ -8,9 +8,11 @@ try: import ssl IS_ABOVE_OPENSSL10 = ssl.OPENSSL_VERSION_INFO >= (1, 1) + IS_ABOVE_OPENSSL31 = ssl.OPENSSL_VERSION_INFO >= (3, 2) del ssl except ImportError: IS_ABOVE_OPENSSL10 = None + IS_ABOVE_OPENSSL31 = None IS_CI = bool(os.getenv('CI')) diff --git a/cheroot/_compat.pyi b/cheroot/_compat.pyi index 67d93cf6c2..785259d20e 100644 --- a/cheroot/_compat.pyi +++ b/cheroot/_compat.pyi @@ -3,6 +3,7 @@ from typing import Any, ContextManager, Optional, Type, Union def suppress(*exceptions: Type[BaseException]) -> ContextManager[None]: ... IS_ABOVE_OPENSSL10: Optional[bool] +IS_ABOVE_OPENSSL31: Optional[bool] IS_CI: bool IS_GITHUB_ACTIONS_WORKFLOW: bool IS_PYPY: bool diff --git a/cheroot/test/test_ssl.py b/cheroot/test/test_ssl.py index 1900e20d15..a084f4d447 100644 --- a/cheroot/test/test_ssl.py +++ b/cheroot/test/test_ssl.py @@ -17,7 +17,7 @@ import trustme from .._compat import bton, ntob, ntou -from .._compat import IS_ABOVE_OPENSSL10, IS_CI, IS_PYPY +from .._compat import IS_ABOVE_OPENSSL10, IS_ABOVE_OPENSSL31, IS_CI, IS_PYPY from .._compat import IS_LINUX, IS_MACOS, IS_WINDOWS from ..server import HTTPServer, get_ssl_adapter_class from ..testing import ( @@ -597,8 +597,9 @@ def test_https_over_http_error(http_server, ip_addr): ), ).request('GET', '/') expected_substring = ( - 'wrong version number' if IS_ABOVE_OPENSSL10 - else 'unknown protocol' + 'record layer failure' if IS_ABOVE_OPENSSL31 + else 'wrong version number' if IS_ABOVE_OPENSSL10 + else 'unknown protocol' ) assert expected_substring in ssl_err.value.args[-1] From b7e089bfa6997ca9ba230c05f2f2cedc9ec721a8 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Tue, 2 Apr 2024 16:55:12 +0000 Subject: [PATCH 2/2] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- cheroot/test/test_ssl.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cheroot/test/test_ssl.py b/cheroot/test/test_ssl.py index a084f4d447..900d39ed36 100644 --- a/cheroot/test/test_ssl.py +++ b/cheroot/test/test_ssl.py @@ -597,9 +597,9 @@ def test_https_over_http_error(http_server, ip_addr): ), ).request('GET', '/') expected_substring = ( - 'record layer failure' if IS_ABOVE_OPENSSL31 - else 'wrong version number' if IS_ABOVE_OPENSSL10 - else 'unknown protocol' + 'record layer failure' if IS_ABOVE_OPENSSL31 + else 'wrong version number' if IS_ABOVE_OPENSSL10 + else 'unknown protocol' ) assert expected_substring in ssl_err.value.args[-1]