From: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Date: Mon, 2 Dec 2019 16:35:50 +0000 (-0800)
Subject: bpo-38815: Accept TLSv3 default in min max test (GH-NNNN) (GH-17437)
X-Git-Tag: v3.7.6rc1~19
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1f4f28cbf3ca4c7f85b41b1f7b9455a375415cc0;p=thirdparty%2FPython%2Fcpython.git

bpo-38815: Accept TLSv3 default in min max test (GH-NNNN) (GH-17437)


Make ssl tests less strict and also accept TLSv3 as the default maximum
version. This change unbreaks test_min_max_version on Fedora 32.

https://bugs.python.org/issue38815
(cherry picked from commit 34864d1cffdbfc620f8517dab9a68ae9a37b8c53)

Co-authored-by: torsava <torsava@redhat.com>
---

diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index e21e7e07455c..a01999f6aa3d 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -1220,12 +1220,18 @@ class ContextTests(unittest.TestCase):
             # RHEL 8 uses TLS 1.2 by default
             ssl.TLSVersion.TLSv1_2
         }
+        maximum_range = {
+            # stock OpenSSL
+            ssl.TLSVersion.MAXIMUM_SUPPORTED,
+            # Fedora 32 uses TLS 1.3 by default
+            ssl.TLSVersion.TLSv1_3
+        }
 
         self.assertIn(
             ctx.minimum_version, minimum_range
         )
-        self.assertEqual(
-            ctx.maximum_version, ssl.TLSVersion.MAXIMUM_SUPPORTED
+        self.assertIn(
+            ctx.maximum_version, maximum_range
         )
 
         ctx.minimum_version = ssl.TLSVersion.TLSv1_1