Patchwork [1,of,2,STABLE] test-https: turn off system OpenSSL configuration

login
register
mail settings
Submitter Yuya Nishihara
Date March 17, 2019, 3:56 a.m.
Message ID <13ee301f9ecedcb8b087.1552795004@mimosa>
Download mbox | patch
Permalink /patch/39306/
State Accepted
Headers show

Comments

Yuya Nishihara - March 17, 2019, 3:56 a.m.
# HG changeset patch
# User Yuya Nishihara <yuya@tcha.org>
# Date 1552793877 -32400
#      Sun Mar 17 12:37:57 2019 +0900
# Branch stable
# Node ID 13ee301f9ecedcb8b087c1e71dc535fa1fdf19be
# Parent  25fc5b96d1c30468417ee0d690c2979db362edd0
test-https: turn off system OpenSSL configuration

This mostly fixes the test failure on Debian sid where TLS 1.0 and 1.1 are
disabled by default.

https://sources.debian.org/patches/openssl/1.1.1a-1/Set-systemwide-default-settings-for-libssl-users.patch/

$OPENSSL_CONF could be set by run-tests.py, but the other tests should work
without a "legacy" TLS, so I decided to not.
Anton Shestakov - March 17, 2019, 5:49 p.m.
On Sun, 17 Mar 2019 12:56:44 +0900
Yuya Nishihara <yuya@tcha.org> wrote:

> # HG changeset patch
> # User Yuya Nishihara <yuya@tcha.org>
> # Date 1552793877 -32400
> #      Sun Mar 17 12:37:57 2019 +0900
> # Branch stable
> # Node ID 13ee301f9ecedcb8b087c1e71dc535fa1fdf19be
> # Parent  25fc5b96d1c30468417ee0d690c2979db362edd0
> test-https: turn off system OpenSSL configuration
> 
> This mostly fixes the test failure on Debian sid where TLS 1.0 and 1.1 are
> disabled by default.

Fixes test-https.t on Debian testing here. Series LGTM.
Pulkit Goyal - March 17, 2019, 6:17 p.m.
On Sun, Mar 17, 2019 at 8:52 PM Anton Shestakov <av6@dwimlabs.net> wrote:

> On Sun, 17 Mar 2019 12:56:44 +0900
> Yuya Nishihara <yuya@tcha.org> wrote:
>
> > # HG changeset patch
> > # User Yuya Nishihara <yuya@tcha.org>
> > # Date 1552793877 -32400
> > #      Sun Mar 17 12:37:57 2019 +0900
> > # Branch stable
> > # Node ID 13ee301f9ecedcb8b087c1e71dc535fa1fdf19be
> > # Parent  25fc5b96d1c30468417ee0d690c2979db362edd0
> > test-https: turn off system OpenSSL configuration
> >
> > This mostly fixes the test failure on Debian sid where TLS 1.0 and 1.1
> are
> > disabled by default.
>
> Fixes test-https.t on Debian testing here. Series LGTM.
>

Thanks av6 for review. Queued the series for stable.

Patch

diff --git a/tests/test-https.t b/tests/test-https.t
--- a/tests/test-https.t
+++ b/tests/test-https.t
@@ -2,6 +2,12 @@ 
 
 Proper https client requires the built-in ssl from Python 2.6.
 
+Disable the system configuration which may set stricter TLS requirements.
+This test expects that legacy TLS versions are supported.
+
+  $ OPENSSL_CONF=
+  $ export OPENSSL_CONF
+
 Make server certificates:
 
   $ CERTSDIR="$TESTDIR/sslcerts"