From: Ben Darnell Date: Thu, 11 Jul 2024 18:28:10 +0000 (-0400) Subject: test: Remove broken tests for legacy TLS versions X-Git-Tag: v6.5.0b1~41^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d45e87635fe624fb57d105f649ce51d91083c39e;p=thirdparty%2Ftornado.git test: Remove broken tests for legacy TLS versions The get_ssl_version method in these tests has been silently ignored for a long time (forever?) due to MRO issues (if they weren't ignored, they'd have started throwing deprecation warnings), and they were never updated for more recent versions of TLS. There doesn't appear to be much value in rehabilitating these tests so just get rid of all but the base configuration. --- diff --git a/tornado/test/httpserver_test.py b/tornado/test/httpserver_test.py index e6488420..3a90440d 100644 --- a/tornado/test/httpserver_test.py +++ b/tornado/test/httpserver_test.py @@ -19,7 +19,6 @@ from tornado.httputil import ( from tornado.iostream import IOStream from tornado.locks import Event from tornado.log import gen_log, app_log -from tornado.netutil import ssl_options_to_context from tornado.simple_httpclient import SimpleAsyncHTTPClient from tornado.testing import ( AsyncHTTPTestCase, @@ -100,41 +99,25 @@ class HelloWorldRequestHandler(RequestHandler): self.finish("Got %d bytes in POST" % len(self.request.body)) -# In pre-1.0 versions of openssl, SSLv23 clients always send SSLv2 -# ClientHello messages, which are rejected by SSLv3 and TLSv1 -# servers. Note that while the OPENSSL_VERSION_INFO was formally -# introduced in python3.2, it was present but undocumented in -# python 2.7 -skipIfOldSSL = unittest.skipIf( - getattr(ssl, "OPENSSL_VERSION_INFO", (0, 0)) < (1, 0), - "old version of ssl module and/or openssl", -) - - -class BaseSSLTest(AsyncHTTPSTestCase): +class SSLTest(AsyncHTTPSTestCase): def get_app(self): return Application([("/", HelloWorldRequestHandler, dict(protocol="https"))]) - -class SSLTestMixin: def get_ssl_options(self): return dict( - ssl_version=self.get_ssl_version(), + ssl_version=ssl.PROTOCOL_TLS_SERVER, **AsyncHTTPSTestCase.default_ssl_options(), ) - def get_ssl_version(self): - raise NotImplementedError() - - def test_ssl(self: typing.Any): + def test_ssl(self): response = self.fetch("/") self.assertEqual(response.body, b"Hello world") - def test_large_post(self: typing.Any): + def test_large_post(self): response = self.fetch("/", method="POST", body="A" * 5000) self.assertEqual(response.body, b"Got 5000 bytes in POST") - def test_non_ssl_request(self: typing.Any): + def test_non_ssl_request(self): # Make sure the server closes the connection when it gets a non-ssl # connection, rather than waiting for a timeout or otherwise # misbehaving. @@ -148,7 +131,7 @@ class SSLTestMixin: raise_error=True, ) - def test_error_logging(self: typing.Any): + def test_error_logging(self): # No stack traces are logged for SSL errors. with ExpectLog(gen_log, "SSL Error") as expect_log: with self.assertRaises((IOError, HTTPError)): # type: ignore @@ -158,38 +141,6 @@ class SSLTestMixin: self.assertFalse(expect_log.logged_stack) -# Python's SSL implementation differs significantly between versions. -# For example, SSLv3 and TLSv1 throw an exception if you try to read -# from the socket before the handshake is complete, but the default -# of SSLv23 allows it. - - -class SSLv23Test(BaseSSLTest, SSLTestMixin): - def get_ssl_version(self): - return ssl.PROTOCOL_SSLv23 - - -@skipIfOldSSL -class SSLv3Test(BaseSSLTest, SSLTestMixin): - def get_ssl_version(self): - return ssl.PROTOCOL_SSLv3 - - -@skipIfOldSSL -class TLSv1Test(BaseSSLTest, SSLTestMixin): - def get_ssl_version(self): - return ssl.PROTOCOL_TLSv1 - - -class SSLContextTest(BaseSSLTest, SSLTestMixin): - def get_ssl_options(self): - context = ssl_options_to_context( - AsyncHTTPSTestCase.get_ssl_options(self), server_side=True - ) - assert isinstance(context, ssl.SSLContext) - return context - - class BadSSLOptionsTest(unittest.TestCase): def test_missing_arguments(self): application = Application()