From 7fa62f5471b71008cb98ca5abffa5be432dae39b Mon Sep 17 00:00:00 2001 From: Lumir Balhar Date: Wed, 11 Oct 2023 15:35:02 +0200 Subject: [PATCH] gh-108310: Fix TestPreHandshakeClose tests in test_ssl The new class is part of the fix for CVE-2023-40217: https://github.com/python/cpython/commit/b4bcc06a9cfe13d96d5270809d963f8ba278f89b but it's not in the lists of tests so they're not executed. The new tests also need `SHORT_TIMEOUT` constant not available in test.support in 3.8. --- Lib/test/test_ssl.py | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 67d3c09d36276c..e729c627064287 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -150,6 +150,9 @@ def data_file(*name): OP_ENABLE_MIDDLEBOX_COMPAT = getattr(ssl, "OP_ENABLE_MIDDLEBOX_COMPAT", 0) OP_IGNORE_UNEXPECTED_EOF = getattr(ssl, "OP_IGNORE_UNEXPECTED_EOF", 0) +# *_TIMEOUT constants are available in test.support in 3.9+ +SHORT_TIMEOUT = 30.0 + # Ubuntu has patched OpenSSL and changed behavior of security level 2 # see https://bugs.python.org/issue41561#msg389003 def is_ubuntu(): @@ -4835,7 +4838,7 @@ def __init__(self, *, name, call_after_accept, timeout=None): self.listener = None # set by .start() self.port = None # set by .start() if timeout is None: - self.timeout = support.SHORT_TIMEOUT + self.timeout = SHORT_TIMEOUT else: self.timeout = timeout super().__init__(name=name) @@ -4917,7 +4920,7 @@ def test_preauth_data_to_tls_server(self): def call_after_accept(unused): server_accept_called.set() - if not ready_for_server_wrap_socket.wait(support.SHORT_TIMEOUT): + if not ready_for_server_wrap_socket.wait(SHORT_TIMEOUT): raise RuntimeError("wrap_socket event never set, test may fail.") return False # Tell the server thread to continue. @@ -4961,7 +4964,7 @@ def test_preauth_data_to_tls_client(self): client_can_continue_with_wrap_socket = threading.Event() def call_after_accept(conn_to_client): - if not server_can_continue_with_wrap_socket.wait(support.SHORT_TIMEOUT): + if not server_can_continue_with_wrap_socket.wait(SHORT_TIMEOUT): print("ERROR: test client took too long") # This forces an immediate connection close via RST on .close(). @@ -4987,7 +4990,7 @@ def call_after_accept(conn_to_client): client.connect(server.listener.getsockname()) server_can_continue_with_wrap_socket.set() - if not client_can_continue_with_wrap_socket.wait(support.SHORT_TIMEOUT): + if not client_can_continue_with_wrap_socket.wait(SHORT_TIMEOUT): self.fail("test server took too long") ssl_ctx = ssl.create_default_context() try: @@ -5026,7 +5029,7 @@ def connect(self): http.client.HTTPConnection.connect(self) # Wait for our fault injection server to have done its thing. - if not server_responding.wait(support.SHORT_TIMEOUT) and support.verbose: + if not server_responding.wait(SHORT_TIMEOUT) and support.verbose: sys.stdout.write("server_responding event never set.") self.sock = self._context.wrap_socket( self.sock, server_hostname=self.host) @@ -5104,7 +5107,7 @@ def test_main(verbose=False): tests = [ ContextTests, BasicSocketTests, SSLErrorTests, MemoryBIOTests, SSLObjectTests, SimpleBackgroundTests, ThreadedTests, - TestPostHandshakeAuth, TestSSLDebug + TestPostHandshakeAuth, TestSSLDebug, TestPreHandshakeClose ] if support.is_resource_enabled('network'):