https://github.com/python/cpython/commit/0df2eb5b267fb56d93faf561024548a8816a0269 commit: 0df2eb5b267fb56d93faf561024548a8816a0269 branch: 3.8 author: Lumír 'Frenzy' Balhar <[email protected]> committer: ambv <[email protected]> date: 2024-01-17T14:43:00+01:00 summary:
[3.8] gh-108310: Fix TestPreHandshakeClose tests in test_ssl (#110718) The new class is part of the fix for CVE-2023-40217: https://github.com/python/cpython/commit/b4bcc06a9cfe13d96d5270809d963f8ba278f89b but it's not in the lists of tests so they're not executed. The new tests also need `SHORT_TIMEOUT` constant not available in test.support in 3.8. Co-authored-by: Łukasz Langa <[email protected]> files: A Misc/NEWS.d/next/Tests/2023-10-11-16-02-55.gh-issue-108310.URRe8Y.rst M Lib/test/test_ssl.py diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 67d3c09d36276c..e729c627064287 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -150,6 +150,9 @@ def data_file(*name): OP_ENABLE_MIDDLEBOX_COMPAT = getattr(ssl, "OP_ENABLE_MIDDLEBOX_COMPAT", 0) OP_IGNORE_UNEXPECTED_EOF = getattr(ssl, "OP_IGNORE_UNEXPECTED_EOF", 0) +# *_TIMEOUT constants are available in test.support in 3.9+ +SHORT_TIMEOUT = 30.0 + # Ubuntu has patched OpenSSL and changed behavior of security level 2 # see https://bugs.python.org/issue41561#msg389003 def is_ubuntu(): @@ -4835,7 +4838,7 @@ def __init__(self, *, name, call_after_accept, timeout=None): self.listener = None # set by .start() self.port = None # set by .start() if timeout is None: - self.timeout = support.SHORT_TIMEOUT + self.timeout = SHORT_TIMEOUT else: self.timeout = timeout super().__init__(name=name) @@ -4917,7 +4920,7 @@ def test_preauth_data_to_tls_server(self): def call_after_accept(unused): server_accept_called.set() - if not ready_for_server_wrap_socket.wait(support.SHORT_TIMEOUT): + if not ready_for_server_wrap_socket.wait(SHORT_TIMEOUT): raise RuntimeError("wrap_socket event never set, test may fail.") return False # Tell the server thread to continue. @@ -4961,7 +4964,7 @@ def test_preauth_data_to_tls_client(self): client_can_continue_with_wrap_socket = threading.Event() def call_after_accept(conn_to_client): - if not server_can_continue_with_wrap_socket.wait(support.SHORT_TIMEOUT): + if not server_can_continue_with_wrap_socket.wait(SHORT_TIMEOUT): print("ERROR: test client took too long") # This forces an immediate connection close via RST on .close(). @@ -4987,7 +4990,7 @@ def call_after_accept(conn_to_client): client.connect(server.listener.getsockname()) server_can_continue_with_wrap_socket.set() - if not client_can_continue_with_wrap_socket.wait(support.SHORT_TIMEOUT): + if not client_can_continue_with_wrap_socket.wait(SHORT_TIMEOUT): self.fail("test server took too long") ssl_ctx = ssl.create_default_context() try: @@ -5026,7 +5029,7 @@ def connect(self): http.client.HTTPConnection.connect(self) # Wait for our fault injection server to have done its thing. - if not server_responding.wait(support.SHORT_TIMEOUT) and support.verbose: + if not server_responding.wait(SHORT_TIMEOUT) and support.verbose: sys.stdout.write("server_responding event never set.") self.sock = self._context.wrap_socket( self.sock, server_hostname=self.host) @@ -5104,7 +5107,7 @@ def test_main(verbose=False): tests = [ ContextTests, BasicSocketTests, SSLErrorTests, MemoryBIOTests, SSLObjectTests, SimpleBackgroundTests, ThreadedTests, - TestPostHandshakeAuth, TestSSLDebug + TestPostHandshakeAuth, TestSSLDebug, TestPreHandshakeClose ] if support.is_resource_enabled('network'): diff --git a/Misc/NEWS.d/next/Tests/2023-10-11-16-02-55.gh-issue-108310.URRe8Y.rst b/Misc/NEWS.d/next/Tests/2023-10-11-16-02-55.gh-issue-108310.URRe8Y.rst new file mode 100644 index 00000000000000..87f0a3b0ddfd30 --- /dev/null +++ b/Misc/NEWS.d/next/Tests/2023-10-11-16-02-55.gh-issue-108310.URRe8Y.rst @@ -0,0 +1,2 @@ +SSL tests for pre-handshake close were previously not enabled on Python 3.8 +due to an incorrect backport. This is now fixed. Patch by Lumír Balhar. _______________________________________________ Python-checkins mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3/lists/python-checkins.python.org/ Member address: [email protected]
