Skip to content

Commit

Permalink
Fix python main patch
Browse files Browse the repository at this point in the history
  • Loading branch information
WillChilds-Klein committed Jan 23, 2024
1 parent 4bb49cd commit a78908c
Show file tree
Hide file tree
Showing 2 changed files with 46 additions and 6 deletions.
49 changes: 45 additions & 4 deletions tests/ci/integration/python_patch/main/aws-lc-cpython.patch
Original file line number Diff line number Diff line change
Expand Up @@ -66,10 +66,10 @@ index b97474acca..f5980598c9 100644
client = self.imap_class(*server.server_address,
ssl_context=ssl_context)
diff --git a/Lib/test/test_site.py b/Lib/test/test_site.py
index 9f199d9069..e64184f296 100644
index 0502181854..e23531f147 100644
--- a/Lib/test/test_site.py
+++ b/Lib/test/test_site.py
@@ -510,6 +510,7 @@ def test_customization_modules_on_startup(self):
@@ -564,6 +564,7 @@ def test_customization_modules_on_startup(self):
def test_license_exists_at_url(self):
# This test is a bit fragile since it depends on the format of the
# string displayed by license in the absence of a LICENSE file.
Expand All @@ -78,7 +78,7 @@ index 9f199d9069..e64184f296 100644
req = urllib.request.Request(url, method='HEAD')
# Reset global urllib.request._opener
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 3fdfa29605..9192d09149 100644
index 3fdfa29605..6f6fea7c36 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -41,6 +41,7 @@
Expand Down Expand Up @@ -338,6 +338,38 @@ index 3fdfa29605..9192d09149 100644
class TestPostHandshakeAuth(unittest.TestCase):
def test_pha_setter(self):
protocols = [
@@ -4636,6 +4660,31 @@ def test_internal_chain_server(self):
self.assertEqual(res, b'\x02\n')


+@unittest.skipUnless(Py_OPENSSL_IS_AWSLC, "Only test this against AWS-LC")
+class TestPostHandshakeAuthAwsLc(unittest.TestCase):
+ def test_pha(self):
+ protocols = [
+ ssl.PROTOCOL_TLS_SERVER, ssl.PROTOCOL_TLS_CLIENT
+ ]
+ for protocol in protocols:
+ client_ctx, server_ctx, hostname = testing_context()
+ client_ctx.load_cert_chain(SIGNED_CERTFILE)
+ self.assertEqual(client_ctx.post_handshake_auth, None)
+ with self.assertRaises(AttributeError):
+ client_ctx.post_handshake_auth = True
+ with self.assertRaises(AttributeError):
+ server_ctx.post_handshake_auth = True
+
+ with ThreadedEchoServer(context=server_ctx) as server:
+ with client_ctx.wrap_socket(
+ socket.socket(),
+ server_hostname=hostname
+ ) as ssock:
+ ssock.connect((HOST, server.port))
+ with self.assertRaises(NotImplementedError):
+ ssock.verify_client_post_handshake()
+
+
HAS_KEYLOG = hasattr(ssl.SSLContext, 'keylog_filename')
requires_keylog = unittest.skipUnless(
HAS_KEYLOG, 'test requires OpenSSL 1.1.1 with keylog callback')
diff --git a/Modules/Setup b/Modules/Setup
index 8ad9a5aebb..6138085c61 100644
--- a/Modules/Setup
Expand Down Expand Up @@ -377,7 +409,7 @@ index 0e230f332f..390d6e0ed9 100644
};

diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 04c9f7daad..e3a2c88b19 100644
index bc30290942..e0e59b97e5 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -187,6 +187,13 @@ extern const SSL_METHOD *TLSv1_2_method(void);
Expand Down Expand Up @@ -451,6 +483,15 @@ index 04c9f7daad..e3a2c88b19 100644
int err = SSL_verify_client_post_handshake(self->ssl);
if (err == 0)
return _setSSLError(get_state_sock(self), NULL, 0, __FILE__, __LINE__);
@@ -3203,7 +3216,7 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version)

/* Set SSL_MODE_RELEASE_BUFFERS. This potentially greatly reduces memory
usage for no cost at all. */
- SSL_CTX_set_mode(self->ctx, SSL_MODE_RELEASE_BUFFERS);
+ SSL_CTX_set_mode(self->ctx, SSL_MODE_RELEASE_BUFFERS | SSL_MODE_AUTO_RETRY);

params = SSL_CTX_get0_param(self->ctx);
/* Improve trust chain building when cross-signed intermediate
@@ -3211,7 +3224,7 @@ _ssl__SSLContext_impl(PyTypeObject *type, int proto_version)
X509_VERIFY_PARAM_set_flags(params, X509_V_FLAG_TRUSTED_FIRST);
X509_VERIFY_PARAM_set_hostflags(params, self->hostflags);
Expand Down
3 changes: 1 addition & 2 deletions tests/ci/integration/run_python_integration.sh
Original file line number Diff line number Diff line change
Expand Up @@ -107,8 +107,7 @@ echo 0 >/proc/sys/net/ipv6/conf/all/disable_ipv6 || /bin/true

# NOTE: cpython keeps a unique branch per version, add version branches here
# TODO: As we add more versions to support, we may want to parallelize here
for branch in 3.10 3.11 3.12; do
#for branch in 3.10 3.11 3.12 main; do
for branch in 3.10 3.11 3.12 main; do
python_patch ${branch}
python_build ${branch}
python_run_tests ${branch}
Expand Down

0 comments on commit a78908c

Please sign in to comment.