summaryrefslogtreecommitdiffstats
path: root/tests/pytests/utils.py
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-05 04:15:13 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-05 04:15:13 +0000
commit672fd03e83f0333e8d8cb98c222520cd61a2f7a9 (patch)
tree271a0f975ff09b00661f2aba4b9eb2cf21e8457b /tests/pytests/utils.py
parentAdding debian version 5.7.2-1. (diff)
downloadknot-resolver-672fd03e83f0333e8d8cb98c222520cd61a2f7a9.tar.xz
knot-resolver-672fd03e83f0333e8d8cb98c222520cd61a2f7a9.zip
Merging upstream version 5.7.3.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--tests/pytests/utils.py19
1 files changed, 7 insertions, 12 deletions
diff --git a/tests/pytests/utils.py b/tests/pytests/utils.py
index 4b995d4..8af71aa 100644
--- a/tests/pytests/utils.py
+++ b/tests/pytests/utils.py
@@ -99,7 +99,7 @@ def ping_alive(sock, msgid=None):
@contextmanager
def expect_kresd_close(rst_ok=False):
- with pytest.raises(BrokenPipeError):
+ with pytest.raises((BrokenPipeError, ssl.SSLEOFError)):
try:
time.sleep(0.2) # give kresd time to close connection with TCP FIN
yield
@@ -110,17 +110,12 @@ def expect_kresd_close(rst_ok=False):
pytest.fail("kresd didn't close the connection")
-def make_ssl_context(insecure=False, verify_location=None, extra_options=None):
- # set TLS v1.2+
- context = ssl.SSLContext(ssl.PROTOCOL_TLS)
- context.options |= ssl.OP_NO_SSLv2
- context.options |= ssl.OP_NO_SSLv3
- context.options |= ssl.OP_NO_TLSv1
- context.options |= ssl.OP_NO_TLSv1_1
-
- if extra_options is not None:
- for option in extra_options:
- context.options |= option
+def make_ssl_context(insecure=False, verify_location=None,
+ minimum_tls=ssl.TLSVersion.TLSv1_2,
+ maximum_tls=ssl.TLSVersion.MAXIMUM_SUPPORTED):
+ context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+ context.minimum_version = minimum_tls
+ context.maximum_version = maximum_tls
if insecure:
# turn off certificate verification