Remove deprecated OpenSSL methods

TLSv1_2_METHOD and SSLv23_METHOD are deprecated in OpenSSL [0], update SSL.Context to use the generic TLS_METHOD. This change also fixes the c9s-based FIPS jobs (they don't support TLSv1.2). [0] https://www.pyopenssl.org/en/stable/api/ssl.html#context-objects Story 2009942 Task 44847 Change-Id: I39e293db39d2a9287b581833cfe9fd469f701a7c
2022-05-02 08:09:44 +02:00 · 2022-05-02 08:09:44 +02:00 · 6b2be2fea3
parent 5de58101c2
commit 6b2be2fea3
1 changed files with 11 additions and 11 deletions
--- a/octavia_tempest_plugin/tests/barbican_scenario/v2/test_tls_barbican.py
+++ b/octavia_tempest_plugin/tests/barbican_scenario/v2/test_tls_barbican.py
@ -337,7 +337,7 @@ class TLSWithBarbicanTest(test_base.LoadBalancerBaseTestWithCompute):
                return False
            return True

-        context = SSL.Context(SSL.SSLv23_METHOD)
+        context = SSL.Context(SSL.TLS_METHOD)
        context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
                           _verify_cb)
        ca_store = context.get_cert_store()
@ -473,7 +473,7 @@ class TLSWithBarbicanTest(test_base.LoadBalancerBaseTestWithCompute):
            return True

        # Test that the default certificate is used with no SNI host request
-        context = SSL.Context(SSL.SSLv23_METHOD)
+        context = SSL.Context(SSL.TLS_METHOD)
        context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
                           _verify_server_cb)
        ca_store = context.get_cert_store()
@ -485,7 +485,7 @@ class TLSWithBarbicanTest(test_base.LoadBalancerBaseTestWithCompute):
        sock.do_handshake()

        # Test that the default certificate is used with bogus SNI host request
-        context = SSL.Context(SSL.TLSv1_2_METHOD)
+        context = SSL.Context(SSL.TLS_METHOD)
        context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
                           _verify_server_cb)
        ca_store = context.get_cert_store()
@ -498,7 +498,7 @@ class TLSWithBarbicanTest(test_base.LoadBalancerBaseTestWithCompute):
        sock.do_handshake()

        # Test that the SNI1 certificate is used when SNI1 host is specified
-        context = SSL.Context(SSL.TLSv1_2_METHOD)
+        context = SSL.Context(SSL.TLS_METHOD)
        context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
                           _verify_SNI1_cb)
        ca_store = context.get_cert_store()
@ -512,7 +512,7 @@ class TLSWithBarbicanTest(test_base.LoadBalancerBaseTestWithCompute):
        sock.do_handshake()

        # Test that the SNI2 certificate is used when SNI2 host is specified
-        context = SSL.Context(SSL.SSLv23_METHOD)
+        context = SSL.Context(SSL.TLS_METHOD)
        context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
                           _verify_SNI2_cb)
        ca_store = context.get_cert_store()
@ -634,7 +634,7 @@ class TLSWithBarbicanTest(test_base.LoadBalancerBaseTestWithCompute):
            return True

        # Test that the default certificate is used with no SNI host request
-        context = SSL.Context(SSL.SSLv23_METHOD)
+        context = SSL.Context(SSL.TLS_METHOD)
        context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
                           _verify_server_cb)
        ca_store = context.get_cert_store()
@ -646,7 +646,7 @@ class TLSWithBarbicanTest(test_base.LoadBalancerBaseTestWithCompute):
        sock.do_handshake()

        # Test that the SNI1 certificate is used when SNI1 host is specified
-        context = SSL.Context(SSL.TLSv1_2_METHOD)
+        context = SSL.Context(SSL.TLS_METHOD)
        context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
                           _verify_SNI1_cb)
        ca_store = context.get_cert_store()
@ -660,7 +660,7 @@ class TLSWithBarbicanTest(test_base.LoadBalancerBaseTestWithCompute):
        sock.do_handshake()

        # Test that the default certificate is used when SNI2 host is specified
-        context = SSL.Context(SSL.SSLv23_METHOD)
+        context = SSL.Context(SSL.TLS_METHOD)
        context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
                           _verify_server_cb)
        ca_store = context.get_cert_store()
@ -675,7 +675,7 @@ class TLSWithBarbicanTest(test_base.LoadBalancerBaseTestWithCompute):

        # Test that the SNI2 certificate is used with no SNI host request
        # on listener 2, SNI2 is the default cert for listener 2
-        context = SSL.Context(SSL.SSLv23_METHOD)
+        context = SSL.Context(SSL.TLS_METHOD)
        context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
                           _verify_SNI2_cb)
        ca_store = context.get_cert_store()
@ -688,7 +688,7 @@ class TLSWithBarbicanTest(test_base.LoadBalancerBaseTestWithCompute):

        # Test that the SNI2 certificate is used with listener 1 host request
        # on listener 2, SNI2 is the default cert for listener 2
-        context = SSL.Context(SSL.SSLv23_METHOD)
+        context = SSL.Context(SSL.TLS_METHOD)
        context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
                           _verify_SNI2_cb)
        ca_store = context.get_cert_store()
@ -703,7 +703,7 @@ class TLSWithBarbicanTest(test_base.LoadBalancerBaseTestWithCompute):

        # Test that the SNI2 certificate is used with SNI1 host request
        # on listener 2, SNI2 is the default cert for listener 2
-        context = SSL.Context(SSL.SSLv23_METHOD)
+        context = SSL.Context(SSL.TLS_METHOD)
        context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
                           _verify_SNI2_cb)
        ca_store = context.get_cert_store()