community/py3-oscrypto: disable various broken tests

See: * wbond/oscrypto#82 * wbond/oscrypto#80
alpinelinux · Jul 10, 2024 · 4debf53 · 4debf53
1 parent 00c7bbd
commit 4debf53
Show file tree

Hide file tree

Showing 3 changed files with 146 additions and 0 deletions.
diff --git a/community/py3-oscrypto/APKBUILD b/community/py3-oscrypto/APKBUILD
@@ -16,6 +16,8 @@ checkdepends="openssl-dev>3" # only for .so symlinks
 subpackages="$pkgname-doc $pkgname-pyc"
 source="$pkgname-$pkgver.tar.gz::https://github.com/wbond/oscrypto/archive/$pkgver.tar.gz
 	use-importlib-instead-of-deprecated-imp-module-on-Py.patch
+	test-failures-with-openssl-3.0.patch
+	disable-badtls-tests.patch
 	"
 builddir="$srcdir/$_pkgname-$pkgver"
 
@@ -39,4 +41,6 @@ package() {
 sha512sums="
 b5baf72e1a09615b267be4d1c4baf2375bb939b5bd3d717ca9ca70776541f590a8608bef95991967e23f3794e6220709ed2fe5acdedfe9bfce1921c879a74bec  py3-oscrypto-1.3.0.tar.gz
 3947d3e975d0fe17b3b25524a0b77de9b41b8e537283422b4074a33645ce36688270d89bf9eb728e967f1a217629a78e362949428ab95d78267d39a3709264a8  use-importlib-instead-of-deprecated-imp-module-on-Py.patch
+8357502a71f2b0067d2e55e47fc2a87201132e7d79fdb8e405667e0583e2966d33278d20ed630850a8d5e4117cbfc31b5c755b487b5e5a289fe5db6a0dd035c0  test-failures-with-openssl-3.0.patch
+4b348178ce320a2087e91007b8048948eb5fe1a92d82ecf2dd21d7d8915255ddbccc75e45c86f11961f54681377537ae255602f079a4273dd5a636af5120d54c  disable-badtls-tests.patch
 "
diff --git a/community/py3-oscrypto/disable-badtls-tests.patch b/community/py3-oscrypto/disable-badtls-tests.patch
@@ -0,0 +1,121 @@
+See https://github.com/wbond/oscrypto/issues/82
+
+diff -upr oscrypto-1.3.0.orig/tests/test_tls.py oscrypto-1.3.0/tests/test_tls.py
+--- oscrypto-1.3.0.orig/tests/test_tls.py	2024-07-10 15:13:24.273901857 +0200
++++ oscrypto-1.3.0/tests/test_tls.py	2024-07-10 15:14:21.530695208 +0200
+@@ -90,7 +90,6 @@ class TLSTests(unittest.TestCase):
+         return (
+             ('google', 'www.google.com', 443),
+             ('package_control', 'packagecontrol.io', 443),
+-            ('dh1024', 'dh1024.badtls.io', 10005),
+         )
+
+     @data('tls_hosts', True)
+@@ -142,35 +141,41 @@ class TLSTests(unittest.TestCase):
+                 s.close()
+             socket.setdefaulttimeout(def_timeout)
+
++    @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234')
+     @connection_timeout()
+     def test_tls_error_missing_issuer(self):
+         expected = 'certificate issuer not found in trusted root certificate store'
+         with assert_exception(self, errors.TLSVerificationError, expected):
+             tls.TLSSocket('domain-match.badtls.io', 10000)
+
++    @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234')
+     @connection_timeout()
+     def test_tls_error_domain_mismatch(self):
+         session = tls.TLSSession(extra_trust_roots=[badtls_ca_path])
+         with assert_exception(self, errors.TLSVerificationError, 'does not match'):
+             tls.TLSSocket('domain-mismatch.badtls.io', 11002, session=session)
+
++    @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234')
+     @connection_timeout()
+     def test_tls_error_san_mismatch(self):
+         session = tls.TLSSession(extra_trust_roots=[badtls_ca_path])
+         with assert_exception(self, errors.TLSVerificationError, 'does not match'):
+             tls.TLSSocket('san-mismatch.badtls.io', 11003, session=session)
+
++    @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234')
+     @connection_timeout()
+     def test_tls_wildcard_success(self):
+         session = tls.TLSSession(extra_trust_roots=[badtls_ca_path])
+         tls.TLSSocket('wildcard-match.badtls.io', 10001, session=session)
+
++    @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234')
+     @connection_timeout()
+     def test_tls_error_not_yet_valid(self):
+         session = tls.TLSSession(extra_trust_roots=[badtls_ca_path])
+         with assert_exception(self, errors.TLSVerificationError, 'not valid until'):
+             tls.TLSSocket('future.badtls.io', 11001, session=session)
+
++    @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234')
+     @connection_timeout()
+     def test_tls_error_expired_2(self):
+         session = tls.TLSSession(extra_trust_roots=[badtls_ca_path])
+@@ -179,30 +184,35 @@ class TLSTests(unittest.TestCase):
+         with assert_exception(self, errors.TLSVerificationError, 'certificate expired|not valid until'):
+             tls.TLSSocket('expired-1963.badtls.io', 11000, session=session)
+
++    @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234')
+     @connection_timeout()
+     def test_tls_error_client_cert_required(self):
+         session = tls.TLSSession(extra_trust_roots=[badtls_ca_path])
+         with assert_exception(self, errors.TLSError, 'client authentication'):
+             tls.TLSSocket('required-auth.badtls.io', 10003, session=session)
+
++    @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234')
+     @connection_timeout()
+     def test_tls_error_handshake_error_3(self):
+         session = tls.TLSSession(extra_trust_roots=[badtls_ca_path])
+         with assert_exception(self, errors.TLSError, 'weak certificate signature algorithm'):
+             tls.TLSSocket('weak-sig.badtls.io', 11004, session=session)
+
++    @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234')
+     @connection_timeout()
+     def test_tls_error_non_web(self):
+         session = tls.TLSSession(extra_trust_roots=[badtls_ca_path])
+         with assert_exception(self, errors.TLSVerificationError, 'verification failed'):
+             tls.TLSSocket('bad-key-usage.badtls.io', 11005, session=session)
+
++    @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234')
+     @connection_timeout()
+     def test_tls_error_wildcard_mismatch(self):
+         session = tls.TLSSession(extra_trust_roots=[badtls_ca_path])
+         with assert_exception(self, errors.TLSVerificationError, 'does not match'):
+             tls.TLSSocket('wildcard.mismatch.badtls.io', 11007, session=session)
+
++    @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234')
+     @connection_timeout()
+     def test_tls_error_expired(self):
+         session = tls.TLSSession(extra_trust_roots=[badtls_ca_path])
+@@ -225,18 +235,21 @@ class TLSTests(unittest.TestCase):
+         with assert_exception(self, errors.TLSError, regex):
+             tls.TLSSocket('dh512.badssl.com', 443)
+
++    @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234')
+     @connection_timeout()
+     def test_tls_error_handshake_error(self):
+         session = tls.TLSSession(extra_trust_roots=[badtls_ca_path])
+         with assert_exception(self, errors.TLSError, 'TLS handshake failed'):
+             tls.TLSSocket('rc4-md5.badtls.io', 11009, session=session)
+
++    @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234')
+     @connection_timeout()
+     def test_tls_error_handshake_error_2(self):
+         session = tls.TLSSession(extra_trust_roots=[badtls_ca_path])
+         with assert_exception(self, errors.TLSError, 'TLS handshake failed'):
+             tls.TLSSocket('rc4.badtls.io', 11008, session=session)
+
++    @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234')
+     @connection_timeout()
+     def test_tls_extra_trust_roots_no_match(self):
+         expected = 'certificate issuer not found in trusted root certificate store'
+@@ -244,6 +257,7 @@ class TLSTests(unittest.TestCase):
+             session = tls.TLSSession(extra_trust_roots=[digicert_ca_path])
+             tls.TLSSocket('domain-match.badtls.io', 10000, session=session)
+
++    @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234')
+     @connection_timeout()
+     def test_tls_extra_trust_roots(self):
+         session = tls.TLSSession(extra_trust_roots=[badtls_ca_path, digicert_ca_path])
diff --git a/community/py3-oscrypto/test-failures-with-openssl-3.0.patch b/community/py3-oscrypto/test-failures-with-openssl-3.0.patch
@@ -0,0 +1,21 @@
+See https://github.com/wbond/oscrypto/issues/80
+
+diff -upr oscrypto-1.3.0.orig/tests/test_tls.py oscrypto-1.3.0/tests/test_tls.py
+--- oscrypto-1.3.0.orig/tests/test_tls.py	2024-07-10 15:15:55.074256024 +0200
++++ oscrypto-1.3.0/tests/test_tls.py	2024-07-10 15:19:13.478110756 +0200
+@@ -123,6 +123,7 @@ class TLSTests(unittest.TestCase):
+                 return
+         tls.TLSSocket('global-root-ca-revoked.chain-demos.digicert.com', 443)
+
++    @unittest.skip('broken with OpenSSL 3.0, see https://github.com/wbond/oscrypto/issues/80')
+     @connection_timeout()
+     def test_tls_error_http(self):
+         with assert_exception(self, errors.TLSError, 'server responded using HTTP'):
+@@ -214,6 +215,7 @@ class TLSTests(unittest.TestCase):
+         with assert_exception(self, errors.TLSVerificationError, 'self-signed'):
+             tls.TLSSocket('self-signed.badssl.com', 443)
+
++    @unittest.skip('broken with OpenSSL 3.0, see https://github.com/wbond/oscrypto/issues/80')
+     @connection_timeout()
+     def test_tls_error_weak_dh_params(self):
+         # badssl.com uses SNI, which Windows XP does not support