From: Ben Darnell <ben@bendarnell.com>
Date: Tue, 10 Jan 2012 18:24:10 +0000 (-0800)
Subject: Some python/openssl builds don't have SSLv2 compiled in, so skip the
X-Git-Tag: v2.2.0~40
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b8939293f39f21abe4f37fd98cbe0cefdad7ca4d;p=thirdparty%2Ftornado.git

Some python/openssl builds don't have SSLv2 compiled in, so skip the
test in this case.
---

diff --git a/tornado/test/httpserver_test.py b/tornado/test/httpserver_test.py
index a55ca92fc..9a5c201ee 100644
--- a/tornado/test/httpserver_test.py
+++ b/tornado/test/httpserver_test.py
@@ -104,22 +104,31 @@ class SSLv3Test(BaseSSLTest, SSLTestMixin):
 class TLSv1Test(BaseSSLTest, SSLTestMixin):
     def get_ssl_version(self): return ssl.PROTOCOL_TLSv1
 
-class SSLv2Test(BaseSSLTest):
-    def get_ssl_version(self): return ssl.PROTOCOL_SSLv2
-
-    def test_sslv2_fail(self):
-        # This is really more of a client test, but run it here since
-        # we've got all the other ssl version tests here.
-        # Clients should have SSLv2 disabled by default.
-        response = self.fetch('/')
-        self.assertEqual(response.code, 599)
+if hasattr(ssl, 'PROTOCOL_SSLv2'):
+    class SSLv2Test(BaseSSLTest):
+        def get_ssl_version(self): return ssl.PROTOCOL_SSLv2
+
+        def test_sslv2_fail(self):
+            # This is really more of a client test, but run it here since
+            # we've got all the other ssl version tests here.
+            # Clients should have SSLv2 disabled by default.
+            try:
+                response = self.fetch('/')
+            except ssl.SSLError:
+                # In some python/ssl builds the PROTOCOL_SSLv2 constant
+                # exists but SSLv2 support is still compiled out, which
+                # would result in an SSLError here (details vary depending
+                # on python version).  The important thing is that
+                # SSLv2 request's don't succeed, so we can just ignore
+                # the errors here.
+                return
+            self.assertEqual(response.code, 599)
 
 if ssl is None:
     del BaseSSLTest
     del SSLv23Test
     del SSLv3Test
     del TLSv1Test
-    del SSLv2Test
 elif getattr(ssl, 'OPENSSL_VERSION_INFO', (0,0)) < (1,0):
     # In pre-1.0 versions of openssl, SSLv23 clients always send SSLv2
     # ClientHello messages, which are rejected by SSLv3 and TLSv1