Skip to content

Commit

Permalink
handle openssl3 error in ssl tests
Browse files Browse the repository at this point in the history
Using OpenSSL 3, the expected error string caught in ssl tests has changed.
E       AssertionError: assert 'wrong version number' in
                                 '[SSL] record layer failure (_ssl.c:1000)'

This is already handled for OpenSSL pre-1.1 and gte-1.1, adding handling
for OpenSSL 3+

Fixes: #645
  • Loading branch information
radez committed Apr 2, 2024
1 parent 41584b8 commit 52f3fe6
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 3 deletions.
2 changes: 2 additions & 0 deletions cheroot/_compat.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,11 @@
try:
import ssl
IS_ABOVE_OPENSSL10 = ssl.OPENSSL_VERSION_INFO >= (1, 1)
IS_ABOVE_OPENSSL31 = ssl.OPENSSL_VERSION_INFO >= (3, 2)
del ssl
except ImportError:
IS_ABOVE_OPENSSL10 = None
IS_OPENSSL3 = None


IS_CI = bool(os.getenv('CI'))
Expand Down
1 change: 1 addition & 0 deletions cheroot/_compat.pyi
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ from typing import Any, ContextManager, Optional, Type, Union
def suppress(*exceptions: Type[BaseException]) -> ContextManager[None]: ...

IS_ABOVE_OPENSSL10: Optional[bool]
IS_ABOVE_OPENSSL31: Optional[bool]
IS_CI: bool
IS_GITHUB_ACTIONS_WORKFLOW: bool
IS_PYPY: bool
Expand Down
7 changes: 4 additions & 3 deletions cheroot/test/test_ssl.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
import trustme

from .._compat import bton, ntob, ntou
from .._compat import IS_ABOVE_OPENSSL10, IS_CI, IS_PYPY
from .._compat import IS_ABOVE_OPENSSL10, IS_ABOVE_OPENSSL31, IS_CI, IS_PYPY
from .._compat import IS_LINUX, IS_MACOS, IS_WINDOWS
from ..server import HTTPServer, get_ssl_adapter_class
from ..testing import (
Expand Down Expand Up @@ -597,8 +597,9 @@ def test_https_over_http_error(http_server, ip_addr):
),
).request('GET', '/')
expected_substring = (
'wrong version number' if IS_ABOVE_OPENSSL10
else 'unknown protocol'
'record layer failure' if IS_ABOVE_OPENSSL31
else 'wrong version number' if IS_ABOVE_OPENSSL10
else 'unknown protocol'
)
assert expected_substring in ssl_err.value.args[-1]

Expand Down

0 comments on commit 52f3fe6

Please sign in to comment.