Index: Lib/test/test_ssl.py =================================================================== --- Lib/test/test_ssl.py (révision 80789) +++ Lib/test/test_ssl.py (copie de travail) @@ -31,6 +31,7 @@ HOST = test_support.HOST CERTFILE = None SVN_PYTHON_ORG_ROOT_CERT = None +OPENSSL_VERSION = None def handle_error(prefix): exc_format = ' '.join(traceback.format_exception(*sys.exc_info())) @@ -210,10 +211,10 @@ # Test disabled: OPENSSL_VERSION* not available in Python 2.6 def test_algorithms(self): - if test_support.verbose: - sys.stdout.write("test_algorithms disabled, " - "as it fails on some old OpenSSL versions") - return + # SHA256 was added in OpenSSL 0.9.8 + if not OPENSSL_VERSION or OPENSSL_VERSION < (0, 9, 8): + sys.stdout.write(" skipping: SHA256 not available on %r\n" % (OPENSSL_VERSION,)) + return # Issue #8484: all algorithms should be available when verifying a # certificate. # NOTE: https://sha256.tbs-internet.com is another possible test host @@ -716,7 +717,7 @@ raise else: if not expect_success: - self.fail( + raise AssertionError( "Client protocol %s succeeded with server protocol %s!" % (ssl.get_protocol_name(client_protocol), ssl.get_protocol_name(server_protocol))) @@ -833,6 +834,9 @@ """Connecting to an SSLv2 server with various client options""" if test_support.verbose: sys.stdout.write("\n") + if not OPENSSL_VERSION or OPENSSL_VERSION >= (1, 0, 0): + sys.stdout.write(" test can't work properly without setting cipher list, skipping\n") + return try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True) try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_OPTIONAL) try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_REQUIRED) @@ -844,6 +848,9 @@ """Connecting to an SSLv23 server with various client options""" if test_support.verbose: sys.stdout.write("\n") + if not OPENSSL_VERSION or OPENSSL_VERSION >= (1, 0, 0): + sys.stdout.write(" test can't work properly without setting cipher list, skipping\n") + return try: try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv2, True) except (ssl.SSLError, socket.error), x: @@ -868,6 +875,9 @@ """Connecting to an SSLv3 server with various client options""" if test_support.verbose: sys.stdout.write("\n") + if not OPENSSL_VERSION or OPENSSL_VERSION >= (1, 0, 0): + sys.stdout.write(" test can't work properly without setting cipher list, skipping\n") + return try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, True) try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, True, ssl.CERT_OPTIONAL) try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, True, ssl.CERT_REQUIRED) @@ -879,6 +889,9 @@ """Connecting to a TLSv1 server with various client options""" if test_support.verbose: sys.stdout.write("\n") + if not OPENSSL_VERSION or OPENSSL_VERSION >= (1, 0, 0): + sys.stdout.write(" test can't work properly without setting cipher list, skipping\n") + return try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, True) try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, True, ssl.CERT_OPTIONAL) try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, True, ssl.CERT_REQUIRED) @@ -1201,7 +1214,8 @@ if skip_expected: raise test_support.TestSkipped("No SSL support") - global CERTFILE, SVN_PYTHON_ORG_ROOT_CERT + global CERTFILE, SVN_PYTHON_ORG_ROOT_CERT, OPENSSL_VERSION + CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "keycert.pem") SVN_PYTHON_ORG_ROOT_CERT = os.path.join( @@ -1212,6 +1226,18 @@ not os.path.exists(SVN_PYTHON_ORG_ROOT_CERT)): raise test_support.TestFailed("Can't read certificate files!") + # Try to read OpenSSL version + try: + output = subprocess.Popen(["openssl", "version", "-v"], + stdout=subprocess.PIPE).communicate()[0] + version = output.splitlines()[0].split()[1] + OPENSSL_VERSION = tuple(map(int, version.split('.'))) + except (OSError, ValueError, IndexError): + pass + + if test_support.verbose: + sys.stdout.write("OpenSSL version is %r\n" % (OPENSSL_VERSION,)) + tests = [BasicTests] if test_support.is_resource_enabled('network'):