Barry A. Warsaw <ba...@python.org> added the comment: I'm not sure I particularly like this patch, and I can't test it on anything other than Debian/Ubuntu right now, but it does "fix" the test (defined as: making it pass :).
AFAICT, there's no way to tell openssl to revert back to trying SSLv2 client hello when the library has been compiled with no-ssl, but still setting OP_NO_SSLv2 or OP_NO_TLSv1 kind of seems like keeping a couple of tests that can't possibly succeed (because neither v2 nor v3, nor tlsv1 will be tried). The other thing is that testing the flags on the client context doesn't seem to work: Python 3.2.2+ (3.2:03ef6108beae, Oct 25 2011, 10:57:32) [GCC 4.6.1] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import ssl >>> cc = ssl.SSLContext(ssl.PROTOCOL_SSLv23) >>> cc.options & ssl.OP_NO_SSLv2 0 Now, the other way to go is to set OP_NO_SSLv2 on both tests and change the sense of it from False to True, so that we'd always expect the connection to succeed. I'll attach that patch next, and it does seem a bit more sane. Let me know what you think. ---------- Added file: http://bugs.python.org/file23517/issue13218.diff _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue13218> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
