1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Remove support for SSLv2 in test suite when not defined. (#39183)

When running the test test/units/module_utils/urls/test_open_url.py
test_open_url_no_validate_certs, the test fails because of the SSLv2
check.

Test is run on a machine using openssl 1.1.0g. By reading the openssl
man page[1], one can see that support for SSLv2 has been removed.

> Support for SSLv2 and the corresponding SSLv2_method(),
> SSLv2_server_method() and SSLv2_client_method() functions where removed
> in OpenSSL 1.1.0.
>
> SSLv23_method(), SSLv23_server_method() and SSLv23_client_method() were
> deprecated and the preferred TLS_method(), TLS_server_method() and
> TLS_client_method() functions were introduced in OpenSSL 1.1.0.

Hence this commit remove the uses of this flag when it is not defined.

[1] https://www.openssl.org/docs/man1.1.0/ssl/SSLv23_method.html
This commit is contained in:
Yanis Guenane 2018-05-25 19:50:19 +02:00 committed by Adam Miller
parent bc2430694c
commit 496d10f7a8
2 changed files with 4 additions and 2 deletions

View file

@ -893,6 +893,7 @@ def open_url(url, data=None, headers=None, method=None, use_proxy=True,
if HAS_SSLCONTEXT and not validate_certs:
# In 2.7.9, the default context validates certificates
context = SSLContext(ssl.PROTOCOL_SSLv23)
if ssl.OP_NO_SSLv2:
context.options |= ssl.OP_NO_SSLv2
context.options |= ssl.OP_NO_SSLv3
context.verify_mode = ssl.CERT_NONE

View file

@ -217,6 +217,7 @@ def test_open_url_no_validate_certs(urlopen_mock, install_opener_mock):
assert ssl_handler is not None
context = ssl_handler._context
assert context.protocol == ssl.PROTOCOL_SSLv23
if ssl.OP_NO_SSLv2:
assert context.options & ssl.OP_NO_SSLv2
assert context.options & ssl.OP_NO_SSLv3
assert context.verify_mode == ssl.CERT_NONE