diff options
| author | Anuj Mittal <anuj.mittal@intel.com> | 2018-10-04 13:09:16 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-10-08 14:13:54 +0100 |
| commit | 2b4dce4925627c81ee2f27a0eeb2422e15029c3e (patch) | |
| tree | 48e0333d2e1a1f5f5de14c3a0972de326c82418e /meta/recipes-devtools/python/python/0004-bpo-34836-fix-test_default_ecdh_curve-needs-no-tlsv1.patch | |
| parent | 4b8fd52f6d3682be287cc63d73bd06cb751751f4 (diff) | |
| download | poky-2b4dce4925627c81ee2f27a0eeb2422e15029c3e.tar.gz | |
python: fix failing ssl tests
Backport two and pick some other in-review patches from Ubuntu to fix
ssl test failures because of OpenSSL 1.1.x changes.
Fixes [YOCTO #12788]
(From OE-Core rev: 4f4bbb936231dd30c3745ef573993f1062937ffd)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/python/python/0004-bpo-34836-fix-test_default_ecdh_curve-needs-no-tlsv1.patch')
| -rw-r--r-- | meta/recipes-devtools/python/python/0004-bpo-34836-fix-test_default_ecdh_curve-needs-no-tlsv1.patch | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python/0004-bpo-34836-fix-test_default_ecdh_curve-needs-no-tlsv1.patch b/meta/recipes-devtools/python/python/0004-bpo-34836-fix-test_default_ecdh_curve-needs-no-tlsv1.patch new file mode 100644 index 0000000000..39e1bcfc86 --- /dev/null +++ b/meta/recipes-devtools/python/python/0004-bpo-34836-fix-test_default_ecdh_curve-needs-no-tlsv1.patch | |||
| @@ -0,0 +1,34 @@ | |||
| 1 | From 946a7969345c6697697effd226ec396d3fea05b7 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Dimitri John Ledkov <xnox@ubuntu.com> | ||
| 3 | Date: Fri, 28 Sep 2018 17:30:19 +0100 | ||
| 4 | Subject: [PATCH 4/4] bpo-34836: fix test_default_ecdh_curve, needs no tlsv1.3. | ||
| 5 | |||
| 6 | Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com> | ||
| 7 | |||
| 8 | https://bugs.python.org/issue34836 | ||
| 9 | |||
| 10 | Patch taken from Ubuntu. | ||
| 11 | Upstream-Status: Submitted [https://github.com/python/cpython/pull/9626] | ||
| 12 | |||
| 13 | Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> | ||
| 14 | --- | ||
| 15 | Lib/test/test_ssl.py | 3 +++ | ||
| 16 | 1 file changed, 3 insertions(+) | ||
| 17 | |||
| 18 | diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py | ||
| 19 | index efc906a5ba..4a3286cd5f 100644 | ||
| 20 | --- a/Lib/test/test_ssl.py | ||
| 21 | +++ b/Lib/test/test_ssl.py | ||
| 22 | @@ -2836,6 +2836,9 @@ else: | ||
| 23 | # should be enabled by default on SSL contexts. | ||
| 24 | context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) | ||
| 25 | context.load_cert_chain(CERTFILE) | ||
| 26 | + # TLSv1.3 defaults to PFS key agreement and no longer has KEA in | ||
| 27 | + # cipher name. | ||
| 28 | + context.options |= ssl.OP_NO_TLSv1_3 | ||
| 29 | # Prior to OpenSSL 1.0.0, ECDH ciphers have to be enabled | ||
| 30 | # explicitly using the 'ECCdraft' cipher alias. Otherwise, | ||
| 31 | # our default cipher list should prefer ECDH-based ciphers | ||
| 32 | -- | ||
| 33 | 2.17.1 | ||
| 34 | |||