mirror of https://github.com/python/cpython
gh-94172: Remove ssl.PROTOCOL_SSLv2 dead code (#94312)
Remove dead code related to ssl.PROTOCOL_SSLv2. ssl.PROTOCOL_SSLv2 was already removed in Python 3.10. In test_ssl, @requires_tls_version('SSLv2') always returned False. Extract of the removed code: "OpenSSL has removed support for SSLv2".
This commit is contained in:
parent
4b854b7466
commit
600c65c094
|
@ -645,21 +645,6 @@ Constants
|
|||
|
||||
Use :data:`PROTOCOL_TLS` instead.
|
||||
|
||||
.. data:: PROTOCOL_SSLv2
|
||||
|
||||
Selects SSL version 2 as the channel encryption protocol.
|
||||
|
||||
This protocol is not available if OpenSSL is compiled with the
|
||||
``no-ssl2`` option.
|
||||
|
||||
.. warning::
|
||||
|
||||
SSL version 2 is insecure. Its use is highly discouraged.
|
||||
|
||||
.. deprecated:: 3.6
|
||||
|
||||
OpenSSL has removed support for SSLv2.
|
||||
|
||||
.. data:: PROTOCOL_SSLv3
|
||||
|
||||
Selects SSL version 3 as the channel encryption protocol.
|
||||
|
@ -1438,11 +1423,10 @@ to speed up repeated connections from the same clients.
|
|||
The context is created with secure default values. The options
|
||||
:data:`OP_NO_COMPRESSION`, :data:`OP_CIPHER_SERVER_PREFERENCE`,
|
||||
:data:`OP_SINGLE_DH_USE`, :data:`OP_SINGLE_ECDH_USE`,
|
||||
:data:`OP_NO_SSLv2` (except for :data:`PROTOCOL_SSLv2`),
|
||||
:data:`OP_NO_SSLv2`,
|
||||
and :data:`OP_NO_SSLv3` (except for :data:`PROTOCOL_SSLv3`) are
|
||||
set by default. The initial cipher suite list contains only ``HIGH``
|
||||
ciphers, no ``NULL`` ciphers and no ``MD5`` ciphers (except for
|
||||
:data:`PROTOCOL_SSLv2`).
|
||||
ciphers, no ``NULL`` ciphers and no ``MD5`` ciphers.
|
||||
|
||||
.. deprecated:: 3.10
|
||||
|
||||
|
|
|
@ -208,10 +208,6 @@ def has_tls_version(version):
|
|||
:param version: TLS version name or ssl.TLSVersion member
|
||||
:return: bool
|
||||
"""
|
||||
if version == "SSLv2":
|
||||
# never supported and not even in TLSVersion enum
|
||||
return False
|
||||
|
||||
if isinstance(version, str):
|
||||
version = ssl.TLSVersion.__members__[version]
|
||||
|
||||
|
@ -3129,37 +3125,10 @@ class ThreadedTests(unittest.TestCase):
|
|||
self.assertIn(msg, repr(e))
|
||||
self.assertIn('certificate verify failed', repr(e))
|
||||
|
||||
@requires_tls_version('SSLv2')
|
||||
def test_protocol_sslv2(self):
|
||||
"""Connecting to an SSLv2 server with various client options"""
|
||||
if support.verbose:
|
||||
sys.stdout.write("\n")
|
||||
try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True)
|
||||
try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_OPTIONAL)
|
||||
try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_REQUIRED)
|
||||
try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLS, False)
|
||||
if has_tls_version('SSLv3'):
|
||||
try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv3, False)
|
||||
try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLSv1, False)
|
||||
# SSLv23 client with specific SSL options
|
||||
try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLS, False,
|
||||
client_options=ssl.OP_NO_SSLv3)
|
||||
try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLS, False,
|
||||
client_options=ssl.OP_NO_TLSv1)
|
||||
|
||||
def test_PROTOCOL_TLS(self):
|
||||
"""Connecting to an SSLv23 server with various client options"""
|
||||
if support.verbose:
|
||||
sys.stdout.write("\n")
|
||||
if has_tls_version('SSLv2'):
|
||||
try:
|
||||
try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_SSLv2, True)
|
||||
except OSError as x:
|
||||
# this fails on some older versions of OpenSSL (0.9.7l, for instance)
|
||||
if support.verbose:
|
||||
sys.stdout.write(
|
||||
" SSL2 client to SSL23 server test unexpectedly failed:\n %s\n"
|
||||
% str(x))
|
||||
if has_tls_version('SSLv3'):
|
||||
try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_SSLv3, False)
|
||||
try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLS, True)
|
||||
|
@ -3197,8 +3166,6 @@ class ThreadedTests(unittest.TestCase):
|
|||
try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, 'SSLv3')
|
||||
try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, 'SSLv3', ssl.CERT_OPTIONAL)
|
||||
try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, 'SSLv3', ssl.CERT_REQUIRED)
|
||||
if has_tls_version('SSLv2'):
|
||||
try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv2, False)
|
||||
try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_TLS, False,
|
||||
client_options=ssl.OP_NO_SSLv3)
|
||||
try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_TLSv1, False)
|
||||
|
@ -3211,8 +3178,6 @@ class ThreadedTests(unittest.TestCase):
|
|||
try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, 'TLSv1')
|
||||
try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, 'TLSv1', ssl.CERT_OPTIONAL)
|
||||
try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, 'TLSv1', ssl.CERT_REQUIRED)
|
||||
if has_tls_version('SSLv2'):
|
||||
try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv2, False)
|
||||
if has_tls_version('SSLv3'):
|
||||
try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv3, False)
|
||||
try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLS, False,
|
||||
|
@ -3225,8 +3190,6 @@ class ThreadedTests(unittest.TestCase):
|
|||
if support.verbose:
|
||||
sys.stdout.write("\n")
|
||||
try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLSv1_1, 'TLSv1.1')
|
||||
if has_tls_version('SSLv2'):
|
||||
try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_SSLv2, False)
|
||||
if has_tls_version('SSLv3'):
|
||||
try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_SSLv3, False)
|
||||
try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLS, False,
|
||||
|
@ -3245,8 +3208,6 @@ class ThreadedTests(unittest.TestCase):
|
|||
try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1_2, 'TLSv1.2',
|
||||
server_options=ssl.OP_NO_SSLv3|ssl.OP_NO_SSLv2,
|
||||
client_options=ssl.OP_NO_SSLv3|ssl.OP_NO_SSLv2,)
|
||||
if has_tls_version('SSLv2'):
|
||||
try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_SSLv2, False)
|
||||
if has_tls_version('SSLv3'):
|
||||
try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_SSLv3, False)
|
||||
try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLS, False,
|
||||
|
|
|
@ -138,9 +138,6 @@ extern const SSL_METHOD *TLSv1_2_method(void);
|
|||
#define INVALID_SOCKET (-1)
|
||||
#endif
|
||||
|
||||
/* OpenSSL 1.1 does not have SSL 2.0 */
|
||||
#define OPENSSL_NO_SSL2
|
||||
|
||||
/* Default cipher suites */
|
||||
#ifndef PY_SSL_DEFAULT_CIPHERS
|
||||
#define PY_SSL_DEFAULT_CIPHERS 1
|
||||
|
@ -5825,10 +5822,6 @@ sslmodule_init_constants(PyObject *m)
|
|||
#undef ADD_AD_CONSTANT
|
||||
|
||||
/* protocol versions */
|
||||
#ifndef OPENSSL_NO_SSL2
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
|
||||
PY_SSL_VERSION_SSL2);
|
||||
#endif
|
||||
#ifndef OPENSSL_NO_SSL3
|
||||
PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
|
||||
PY_SSL_VERSION_SSL3);
|
||||
|
@ -5938,11 +5931,7 @@ sslmodule_init_constants(PyObject *m)
|
|||
addbool(m, "HAS_NPN", 0);
|
||||
addbool(m, "HAS_ALPN", 1);
|
||||
|
||||
#if defined(SSL2_VERSION) && !defined(OPENSSL_NO_SSL2)
|
||||
addbool(m, "HAS_SSLv2", 1);
|
||||
#else
|
||||
addbool(m, "HAS_SSLv2", 0);
|
||||
#endif
|
||||
|
||||
#if defined(SSL3_VERSION) && !defined(OPENSSL_NO_SSL3)
|
||||
addbool(m, "HAS_SSLv3", 1);
|
||||
|
|
Loading…
Reference in New Issue