In Ubuntu, I've just merged 0.21.1-2 to Precise. Most of our deltas can be dropped because they're now in Debian (yay! and thanks for that). Our remaining delta enables the test suite and adds skips for the SSLv23 tests which can't pass on Debian/Ubuntu.
Attached are our debian/rules file and our d/p/skip_sslv2_tests.patch Cheers, -Barry
rules
Description: Binary data
Description: When SSLv2 is disabled via openssl configuration, as it is in Debian and Ubuntu, SSLv23 will use SSLv3/TLSv1 client hello format, thus enabling connection to SSLv3/TLSv1 servers. The expected failure to connect embodied in this test will not happen. See Python issue 13218 for additional detail. Author: Barry Warsaw <ba...@ubuntu.com> Bug-Python: http://bugs.python.org/issue13218 Forwarded: not-needed --- a/tests/test_ssl.py +++ b/tests/test_ssl.py @@ -387,6 +387,12 @@ finally: self.stop_server(pid) + @unittest.skip( + 'When SSLv2 is disabled via openssl configuration, as it is in Debian ' + 'and Ubuntu, SSLv23 will use SSLv3/TLSv1 client hello format, thus ' + 'enabling connection to SSLv3/TLSv1 servers. The expected failure to ' + 'connect embodied in this test will not happen. See Python ' + 'issue 13218 for additional detail.') def test_sslv23_no_v2_no_service(self): if fips_mode: # TLS is required in FIPS mode return @@ -400,6 +406,12 @@ finally: self.stop_server(pid) + @unittest.skip( + 'When SSLv2 is disabled via openssl configuration, as it is in Debian ' + 'and Ubuntu, SSLv23 will use SSLv3/TLSv1 client hello format, thus ' + 'enabling connection to SSLv3/TLSv1 servers. The expected failure to ' + 'connect embodied in this test will not happen. See Python ' + 'issue 13218 for additional detail.') def test_sslv23_weak_crypto(self): if fips_mode: # TLS is required in FIPS mode return
signature.asc
Description: PGP signature
