From d4ff3dd430f6358b98dd104a4eb51bbc2a7ce844 Mon Sep 17 00:00:00 2001
From: Paul Howarth <paul@city-fan.org>
Date: Sun, 20 Mar 2022 21:09:54 +0000
Subject: Skip tests requiring sha1 signing if the backend doesn't support that

Red Hat Enterprise Linux 9 will have SHA-1 signatures disabled by
default. It is likely that SHA-1 signatures will disappear elsewhere
over time too. This change detects if sha1 signatures are not
supported by the backend and skips tests that rely on that
functionality. This is a workaround for #2004.

It would be good to reduce the reliance of the test suite on sha1
signatures except in the cases where that is explicitly being tested,
and the markers added here give a decent starting point for seeing where
to change things.
---
 tests/test_transport.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'tests/test_transport.py')

diff --git a/tests/test_transport.py b/tests/test_transport.py
index a9262f3d..8124f129 100644
--- a/tests/test_transport.py
+++ b/tests/test_transport.py
@@ -61,7 +61,7 @@ from paramiko.common import (
 from paramiko.py3compat import bytes, byte_chr
 from paramiko.message import Message
 
-from .util import needs_builtin, _support, slow
+from .util import needs_builtin, _support, sha1_signing_unsupported, slow
 from .loop import LoopSocket
 
 
@@ -77,6 +77,9 @@ Note: An SSH banner may eventually appear.
 Maybe.
 """
 
+requires_sha1_signing = unittest.skipIf(
+    sha1_signing_unsupported(), "SHA-1 signing not supported"
+)
 
 class NullServer(ServerInterface):
     paranoid_did_password = False
@@ -1283,6 +1286,7 @@ class TestSHA2SignatureKeyExchange(unittest.TestCase):
     # are new tests in test_pkey.py which use known signature blobs to prove
     # the SHA2 family was in fact used!
 
+    @requires_sha1_signing
     def test_base_case_ssh_rsa_still_used_as_fallback(self):
         # Prove that ssh-rsa is used if either, or both, participants have SHA2
         # algorithms disabled
@@ -1405,6 +1409,7 @@ class TestSHA2SignaturePubkeys(unittest.TestCase):
         ) as (tc, ts, err):
             assert isinstance(err, AuthenticationException)
 
+    @requires_sha1_signing
     def test_ssh_rsa_still_used_when_sha2_disabled(self):
         privkey = RSAKey.from_private_key_file(_support("test_rsa.key"))
         # NOTE: this works because key obj comparison uses public bytes
-- 
cgit v1.2.1