Remove deprecated OpenSSL methods
TLSv1_2_METHOD and SSLv23_METHOD are deprecated in OpenSSL [0], update SSL.Context to use the generic TLS_METHOD. This change also fixes the c9s-based FIPS jobs (they don't support TLSv1.2). [0] https://www.pyopenssl.org/en/stable/api/ssl.html#context-objects Story 2009942 Task 44847 Change-Id: I39e293db39d2a9287b581833cfe9fd469f701a7c
This commit is contained in:
parent
5de58101c2
commit
6b2be2fea3
|
@ -337,7 +337,7 @@ class TLSWithBarbicanTest(test_base.LoadBalancerBaseTestWithCompute):
|
|||
return False
|
||||
return True
|
||||
|
||||
context = SSL.Context(SSL.SSLv23_METHOD)
|
||||
context = SSL.Context(SSL.TLS_METHOD)
|
||||
context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
|
||||
_verify_cb)
|
||||
ca_store = context.get_cert_store()
|
||||
|
@ -473,7 +473,7 @@ class TLSWithBarbicanTest(test_base.LoadBalancerBaseTestWithCompute):
|
|||
return True
|
||||
|
||||
# Test that the default certificate is used with no SNI host request
|
||||
context = SSL.Context(SSL.SSLv23_METHOD)
|
||||
context = SSL.Context(SSL.TLS_METHOD)
|
||||
context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
|
||||
_verify_server_cb)
|
||||
ca_store = context.get_cert_store()
|
||||
|
@ -485,7 +485,7 @@ class TLSWithBarbicanTest(test_base.LoadBalancerBaseTestWithCompute):
|
|||
sock.do_handshake()
|
||||
|
||||
# Test that the default certificate is used with bogus SNI host request
|
||||
context = SSL.Context(SSL.TLSv1_2_METHOD)
|
||||
context = SSL.Context(SSL.TLS_METHOD)
|
||||
context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
|
||||
_verify_server_cb)
|
||||
ca_store = context.get_cert_store()
|
||||
|
@ -498,7 +498,7 @@ class TLSWithBarbicanTest(test_base.LoadBalancerBaseTestWithCompute):
|
|||
sock.do_handshake()
|
||||
|
||||
# Test that the SNI1 certificate is used when SNI1 host is specified
|
||||
context = SSL.Context(SSL.TLSv1_2_METHOD)
|
||||
context = SSL.Context(SSL.TLS_METHOD)
|
||||
context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
|
||||
_verify_SNI1_cb)
|
||||
ca_store = context.get_cert_store()
|
||||
|
@ -512,7 +512,7 @@ class TLSWithBarbicanTest(test_base.LoadBalancerBaseTestWithCompute):
|
|||
sock.do_handshake()
|
||||
|
||||
# Test that the SNI2 certificate is used when SNI2 host is specified
|
||||
context = SSL.Context(SSL.SSLv23_METHOD)
|
||||
context = SSL.Context(SSL.TLS_METHOD)
|
||||
context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
|
||||
_verify_SNI2_cb)
|
||||
ca_store = context.get_cert_store()
|
||||
|
@ -634,7 +634,7 @@ class TLSWithBarbicanTest(test_base.LoadBalancerBaseTestWithCompute):
|
|||
return True
|
||||
|
||||
# Test that the default certificate is used with no SNI host request
|
||||
context = SSL.Context(SSL.SSLv23_METHOD)
|
||||
context = SSL.Context(SSL.TLS_METHOD)
|
||||
context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
|
||||
_verify_server_cb)
|
||||
ca_store = context.get_cert_store()
|
||||
|
@ -646,7 +646,7 @@ class TLSWithBarbicanTest(test_base.LoadBalancerBaseTestWithCompute):
|
|||
sock.do_handshake()
|
||||
|
||||
# Test that the SNI1 certificate is used when SNI1 host is specified
|
||||
context = SSL.Context(SSL.TLSv1_2_METHOD)
|
||||
context = SSL.Context(SSL.TLS_METHOD)
|
||||
context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
|
||||
_verify_SNI1_cb)
|
||||
ca_store = context.get_cert_store()
|
||||
|
@ -660,7 +660,7 @@ class TLSWithBarbicanTest(test_base.LoadBalancerBaseTestWithCompute):
|
|||
sock.do_handshake()
|
||||
|
||||
# Test that the default certificate is used when SNI2 host is specified
|
||||
context = SSL.Context(SSL.SSLv23_METHOD)
|
||||
context = SSL.Context(SSL.TLS_METHOD)
|
||||
context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
|
||||
_verify_server_cb)
|
||||
ca_store = context.get_cert_store()
|
||||
|
@ -675,7 +675,7 @@ class TLSWithBarbicanTest(test_base.LoadBalancerBaseTestWithCompute):
|
|||
|
||||
# Test that the SNI2 certificate is used with no SNI host request
|
||||
# on listener 2, SNI2 is the default cert for listener 2
|
||||
context = SSL.Context(SSL.SSLv23_METHOD)
|
||||
context = SSL.Context(SSL.TLS_METHOD)
|
||||
context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
|
||||
_verify_SNI2_cb)
|
||||
ca_store = context.get_cert_store()
|
||||
|
@ -688,7 +688,7 @@ class TLSWithBarbicanTest(test_base.LoadBalancerBaseTestWithCompute):
|
|||
|
||||
# Test that the SNI2 certificate is used with listener 1 host request
|
||||
# on listener 2, SNI2 is the default cert for listener 2
|
||||
context = SSL.Context(SSL.SSLv23_METHOD)
|
||||
context = SSL.Context(SSL.TLS_METHOD)
|
||||
context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
|
||||
_verify_SNI2_cb)
|
||||
ca_store = context.get_cert_store()
|
||||
|
@ -703,7 +703,7 @@ class TLSWithBarbicanTest(test_base.LoadBalancerBaseTestWithCompute):
|
|||
|
||||
# Test that the SNI2 certificate is used with SNI1 host request
|
||||
# on listener 2, SNI2 is the default cert for listener 2
|
||||
context = SSL.Context(SSL.SSLv23_METHOD)
|
||||
context = SSL.Context(SSL.TLS_METHOD)
|
||||
context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
|
||||
_verify_SNI2_cb)
|
||||
ca_store = context.get_cert_store()
|
||||
|
|
Loading…
Reference in New Issue