diff --git a/tests/ci/integration/python_patch/3.10/aws-lc-cpython.patch b/tests/ci/integration/python_patch/3.10/aws-lc-cpython.patch index ccd81e42571..ea6127f2878 100644 --- a/tests/ci/integration/python_patch/3.10/aws-lc-cpython.patch +++ b/tests/ci/integration/python_patch/3.10/aws-lc-cpython.patch @@ -66,7 +66,7 @@ index b5c78a5..41235c1 100644 client = self.imap_class(*server.server_address, ssl_context=ssl_context) diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py -index a1a581a..c69e711 100644 +index a1a581a..6f42437 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -44,6 +44,7 @@ @@ -253,7 +253,16 @@ index a1a581a..c69e711 100644 def test_version_basic(self): """ -@@ -4046,6 +4061,9 @@ def test_tls_unique_channel_binding(self): +@@ -4004,7 +4016,7 @@ def test_min_max_version_mismatch(self): + server_hostname=hostname) as s: + with self.assertRaises(ssl.SSLError) as e: + s.connect((HOST, server.port)) +- self.assertIn("alert", str(e.exception)) ++ self.assertRegex(str(e.exception), "(alert|ALERT)") + + @requires_tls_version('SSLv3') + def test_min_max_version_sslv3(self): +@@ -4046,6 +4058,9 @@ def test_tls_unique_channel_binding(self): client_context, server_context, hostname = testing_context() @@ -263,7 +272,7 @@ index a1a581a..c69e711 100644 server = ThreadedEchoServer(context=server_context, chatty=True, connectionchatty=False) -@@ -4118,6 +4136,7 @@ def test_compression_disabled(self): +@@ -4118,6 +4133,7 @@ def test_compression_disabled(self): self.assertIs(stats['compression'], None) @unittest.skipIf(Py_DEBUG_WIN32, "Avoid mixing debug/release CRT on Windows") @@ -271,7 +280,7 @@ index a1a581a..c69e711 100644 def test_dh_params(self): # Check we can get a connection with ephemeral Diffie-Hellman client_context, server_context, hostname = testing_context() -@@ -4132,7 +4151,7 @@ def test_dh_params(self): +@@ -4132,7 +4148,7 @@ def test_dh_params(self): cipher = stats["cipher"][0] parts = cipher.split("-") if "ADH" not in parts and "EDH" not in parts and "DHE" not in parts: @@ -280,7 +289,7 @@ index a1a581a..c69e711 100644 def test_ecdh_curve(self): # server secp384r1, client auto -@@ -4299,8 +4318,10 @@ def cb_raising(ssl_sock, server_name, initial_context): +@@ -4299,8 +4315,10 @@ def cb_raising(ssl_sock, server_name, initial_context): chatty=False, sni_name='supermessage') @@ -293,7 +302,7 @@ index a1a581a..c69e711 100644 self.assertEqual(catch.unraisable.exc_type, ZeroDivisionError) def test_sni_callback_wrong_return_type(self): -@@ -4476,7 +4497,10 @@ def test_session_handling(self): +@@ -4476,7 +4494,10 @@ def test_session_handling(self): 'Session refers to a different SSLContext.') @@ -305,7 +314,7 @@ index a1a581a..c69e711 100644 class TestPostHandshakeAuth(unittest.TestCase): def test_pha_setter(self): protocols = [ -@@ -4752,6 +4776,31 @@ def test_internal_chain_server(self): +@@ -4752,6 +4773,31 @@ def test_internal_chain_server(self): self.assertEqual(res, b'\x02\n') @@ -338,7 +347,7 @@ index a1a581a..c69e711 100644 requires_keylog = unittest.skipUnless( HAS_KEYLOG, 'test requires OpenSSL 1.1.1 with keylog callback') diff --git a/Modules/Setup b/Modules/Setup -index 87c6a15..f67d7ec 100644 +index 87c6a15..1a7257c 100644 --- a/Modules/Setup +++ b/Modules/Setup @@ -208,8 +208,8 @@ _symtable symtablemodule.c @@ -391,7 +400,7 @@ index 35addf4..77a12c6 100644 }; diff --git a/Modules/_ssl.c b/Modules/_ssl.c -index 7a28f2d..b0d2ea1 100644 +index e637830..dc99dd8 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -181,6 +181,12 @@ extern const SSL_METHOD *TLSv1_2_method(void); @@ -442,7 +451,7 @@ index 7a28f2d..b0d2ea1 100644 if (ret < 1) return PySSL_SetError(self, ret, __FILE__, __LINE__); if (PySSL_ChainExceptions(self) < 0) -@@ -2771,7 +2783,7 @@ static PyObject * +@@ -2771,7 +2778,7 @@ static PyObject * _ssl__SSLSocket_verify_client_post_handshake_impl(PySSLSocket *self) /*[clinic end generated code: output=532147f3b1341425 input=6bfa874810a3d889]*/ { @@ -451,7 +460,7 @@ index 7a28f2d..b0d2ea1 100644 int err = SSL_verify_client_post_handshake(self->ssl); if (err == 0) return _setSSLError(get_state_sock(self), NULL, 0, __FILE__, __LINE__); -@@ -3199,7 +3211,7 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version) +@@ -3199,7 +3206,7 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version) X509_VERIFY_PARAM_set_flags(params, X509_V_FLAG_TRUSTED_FIRST); X509_VERIFY_PARAM_set_hostflags(params, self->hostflags); @@ -460,7 +469,7 @@ index 7a28f2d..b0d2ea1 100644 self->post_handshake_auth = 0; SSL_CTX_set_post_handshake_auth(self->ctx, self->post_handshake_auth); #endif -@@ -3573,7 +3585,7 @@ set_maximum_version(PySSLContext *self, PyObject *arg, void *c) +@@ -3573,7 +3580,7 @@ set_maximum_version(PySSLContext *self, PyObject *arg, void *c) return set_min_max_proto_version(self, arg, 1); } @@ -469,7 +478,7 @@ index 7a28f2d..b0d2ea1 100644 static PyObject * get_num_tickets(PySSLContext *self, void *c) { -@@ -3604,7 +3616,7 @@ set_num_tickets(PySSLContext *self, PyObject *arg, void *c) +@@ -3604,7 +3611,7 @@ set_num_tickets(PySSLContext *self, PyObject *arg, void *c) PyDoc_STRVAR(PySSLContext_num_tickets_doc, "Control the number of TLSv1.3 session tickets"); @@ -478,7 +487,7 @@ index 7a28f2d..b0d2ea1 100644 static PyObject * get_security_level(PySSLContext *self, void *c) -@@ -3694,14 +3706,14 @@ set_check_hostname(PySSLContext *self, PyObject *arg, void *c) +@@ -3694,14 +3701,14 @@ set_check_hostname(PySSLContext *self, PyObject *arg, void *c) static PyObject * get_post_handshake_auth(PySSLContext *self, void *c) { @@ -495,7 +504,7 @@ index 7a28f2d..b0d2ea1 100644 static int set_post_handshake_auth(PySSLContext *self, PyObject *arg, void *c) { if (arg == NULL) { -@@ -4651,14 +4663,14 @@ static PyGetSetDef context_getsetlist[] = { +@@ -4706,14 +4713,14 @@ static PyGetSetDef context_getsetlist[] = { (setter) _PySSLContext_set_msg_callback, NULL}, {"sni_callback", (getter) get_sni_callback, (setter) set_sni_callback, PySSLContext_sni_callback_doc},