bpo-35045: Accept TLSv1 default in min max test (GH-11510)

Make ssl tests less strict and also accept TLSv1 as system default. The changes unbreaks test_min_max_version on Fedora 29. Signed-off-by: Christian Heimes <christian@python.org>
2019-01-18 16:09:30 +01:00 · 2019-01-18 16:09:30 +01:00 · 34de2d312b
parent 36d9e9a4d5
commit 34de2d312b
2 changed files with 7 additions and 2 deletions
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@ -1088,8 +1088,11 @@ class ContextTests(unittest.TestCase):
                         "required OpenSSL 1.1.0g")
    def test_min_max_version(self):
        ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
-        self.assertEqual(
-            ctx.minimum_version, ssl.TLSVersion.MINIMUM_SUPPORTED
+        # OpenSSL default is MINIMUM_SUPPORTED, however some vendors like
+        # Fedora override the setting to TLS 1.0.
+        self.assertIn(
+            ctx.minimum_version,
+            {ssl.TLSVersion.MINIMUM_SUPPORTED, ssl.TLSVersion.TLSv1}
        )
        self.assertEqual(
            ctx.maximum_version, ssl.TLSVersion.MAXIMUM_SUPPORTED
--- a/Misc/NEWS.d/next/Tests/2019-01-10-18-35-42.bpo-35045.qdd6d9.rst
+++ b/Misc/NEWS.d/next/Tests/2019-01-10-18-35-42.bpo-35045.qdd6d9.rst
@ -0,0 +1,2 @@
+Make ssl tests less strict and also accept TLSv1 as system default. The
+changes unbreaks test_min_max_version on Fedora 29.