diff options
author | Paul Howarth <paul@city-fan.org> | 2022-03-20 21:09:54 +0000 |
---|---|---|
committer | Paul Howarth <paul@city-fan.org> | 2022-03-20 21:09:54 +0000 |
commit | d4ff3dd430f6358b98dd104a4eb51bbc2a7ce844 (patch) | |
tree | 2c677e80d1a6c192760de5f2cb4017c4a9c17c50 /tests/test_transport.py | |
parent | 361a60d44a00e469d8ff6e84519ae5afcbaa7e9f (diff) | |
download | paramiko-d4ff3dd430f6358b98dd104a4eb51bbc2a7ce844.tar.gz |
Skip tests requiring sha1 signing if the backend doesn't support that
Red Hat Enterprise Linux 9 will have SHA-1 signatures disabled by
default. It is likely that SHA-1 signatures will disappear elsewhere
over time too. This change detects if sha1 signatures are not
supported by the backend and skips tests that rely on that
functionality. This is a workaround for #2004.
It would be good to reduce the reliance of the test suite on sha1
signatures except in the cases where that is explicitly being tested,
and the markers added here give a decent starting point for seeing where
to change things.
Diffstat (limited to 'tests/test_transport.py')
-rw-r--r-- | tests/test_transport.py | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/tests/test_transport.py b/tests/test_transport.py index a9262f3d..8124f129 100644 --- a/tests/test_transport.py +++ b/tests/test_transport.py @@ -61,7 +61,7 @@ from paramiko.common import ( from paramiko.py3compat import bytes, byte_chr from paramiko.message import Message -from .util import needs_builtin, _support, slow +from .util import needs_builtin, _support, sha1_signing_unsupported, slow from .loop import LoopSocket @@ -77,6 +77,9 @@ Note: An SSH banner may eventually appear. Maybe. """ +requires_sha1_signing = unittest.skipIf( + sha1_signing_unsupported(), "SHA-1 signing not supported" +) class NullServer(ServerInterface): paranoid_did_password = False @@ -1283,6 +1286,7 @@ class TestSHA2SignatureKeyExchange(unittest.TestCase): # are new tests in test_pkey.py which use known signature blobs to prove # the SHA2 family was in fact used! + @requires_sha1_signing def test_base_case_ssh_rsa_still_used_as_fallback(self): # Prove that ssh-rsa is used if either, or both, participants have SHA2 # algorithms disabled @@ -1405,6 +1409,7 @@ class TestSHA2SignaturePubkeys(unittest.TestCase): ) as (tc, ts, err): assert isinstance(err, AuthenticationException) + @requires_sha1_signing def test_ssh_rsa_still_used_when_sha2_disabled(self): privkey = RSAKey.from_private_key_file(_support("test_rsa.key")) # NOTE: this works because key obj comparison uses public bytes |