diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2019-01-21 12:24:02 -0600 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2019-01-21 12:24:02 -0600 |
commit | 7d5a3bfd55c7c9de71af877e773dce4554cf455b (patch) | |
tree | 8a58b2279c0ce53790e06f5e5c29ede75d46f91c /src/OpenSSL/SSL.py | |
parent | 37e6022e8a907ef52a3eba4c53edac8c32bedfc0 (diff) | |
download | pyopenssl-7d5a3bfd55c7c9de71af877e773dce4554cf455b.tar.gz |
Hypothetically fixes pyOpenSSL tests (#805)
* fix openssl CLI testing for 1.1.1
* various 1.1.1 related fixes
some of which are just admitting TLS 1.3 is fundamentally different and
pinning the tests to TLS 1.2
* flake8 fixes
* allow travis_infra env var through
* fix twisted
Diffstat (limited to 'src/OpenSSL/SSL.py')
-rw-r--r-- | src/OpenSSL/SSL.py | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/OpenSSL/SSL.py b/src/OpenSSL/SSL.py index 5cf39c0..0687fc3 100644 --- a/src/OpenSSL/SSL.py +++ b/src/OpenSSL/SSL.py @@ -1185,6 +1185,19 @@ class Context(object): _openssl_assert( _lib.SSL_CTX_set_cipher_list(self._context, cipher_list) == 1 ) + # In OpenSSL 1.1.1 setting the cipher list will always return TLS 1.3 + # ciphers even if you pass an invalid cipher. Applications (like + # Twisted) have tests that depend on an error being raised if an + # invalid cipher string is passed, but without the following check + # for the TLS 1.3 specific cipher suites it would never error. + tmpconn = Connection(self, None) + _openssl_assert( + tmpconn.get_cipher_list() != [ + 'TLS_AES_256_GCM_SHA384', + 'TLS_CHACHA20_POLY1305_SHA256', + 'TLS_AES_128_GCM_SHA256' + ] + ) def set_client_ca_list(self, certificate_authorities): """ |