tests: replace use of ssl.wrap_socket that throws warnings in Python 3.10
The function ssl.wrap_socket() is deprecated starting Python 3.7 because it does not support hostname matching (which is considered insecure). In Python 3.10, the function now throws warnings at runtime, which makes Ubuntu / Debian autopkgtest fail. The function ssl.SSLContext.wrap_socket comes in as the replacement and has support for SNI and hostname matching. Replaced all uses of ssl.wrap_socket() by equivalent using ssl.SSLContext.wrap_socket(). Signed-off-by: Olivier Gayot <olivier.gayot@canonical.com>
This commit is contained in:
parent
3cbe805e71
commit
b7fb911428
@ -34,7 +34,9 @@ publish_packet = mosq_test.gen_publish("bridge/ssl/test", qos=0, payload="messag
|
||||
|
||||
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
|
||||
ssock = ssl.wrap_socket(sock, ca_certs="../ssl/all-ca.crt", keyfile="../ssl/server.key", certfile="../ssl/server.crt", server_side=True)
|
||||
context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH, cafile="../ssl/all-ca.crt")
|
||||
context.load_cert_chain(certfile="../ssl/server.crt", keyfile="../ssl/server.key")
|
||||
ssock = context.wrap_socket(sock, server_side=True)
|
||||
ssock.settimeout(20)
|
||||
ssock.bind(('', port1))
|
||||
ssock.listen(5)
|
||||
|
@ -31,7 +31,9 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2,
|
||||
|
||||
try:
|
||||
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
ssock = ssl.wrap_socket(sock, ca_certs="../ssl/test-root-ca.crt", certfile="../ssl/client.crt", keyfile="../ssl/client.key", cert_reqs=ssl.CERT_REQUIRED)
|
||||
context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH, cafile="../ssl/test-root-ca.crt")
|
||||
context.load_cert_chain(certfile="../ssl/client.crt", keyfile="../ssl/client.key")
|
||||
ssock = context.wrap_socket(sock, server_hostname="localhost")
|
||||
ssock.settimeout(20)
|
||||
ssock.connect(("localhost", port1))
|
||||
|
||||
|
@ -31,7 +31,9 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2,
|
||||
|
||||
try:
|
||||
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
ssock = ssl.wrap_socket(sock, ca_certs="../ssl/test-root-ca.crt", certfile="../ssl/client-expired.crt", keyfile="../ssl/client-expired.key", cert_reqs=ssl.CERT_REQUIRED)
|
||||
context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH, cafile="../ssl/test-root-ca.crt")
|
||||
context.load_cert_chain(certfile="../ssl/client-expired.crt", keyfile="../ssl/client-expired.key")
|
||||
ssock = context.wrap_socket(sock, server_hostname="localhost")
|
||||
ssock.settimeout(20)
|
||||
try:
|
||||
ssock.connect(("localhost", port1))
|
||||
|
@ -30,7 +30,9 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2,
|
||||
|
||||
try:
|
||||
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
ssock = ssl.wrap_socket(sock, ca_certs="../ssl/test-root-ca.crt", certfile="../ssl/client-revoked.crt", keyfile="../ssl/client-revoked.key", cert_reqs=ssl.CERT_REQUIRED)
|
||||
context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH, cafile="../ssl/test-root-ca.crt")
|
||||
context.load_cert_chain(certfile="../ssl/client-revoked.crt", keyfile="../ssl/client-revoked.key")
|
||||
ssock = context.wrap_socket(sock, server_hostname="localhost")
|
||||
ssock.settimeout(20)
|
||||
try:
|
||||
ssock.connect(("localhost", port1))
|
||||
|
@ -28,7 +28,8 @@ connect_packet = mosq_test.gen_connect("connect-cert-test", keepalive=keepalive)
|
||||
broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2, use_conf=True)
|
||||
|
||||
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
ssock = ssl.wrap_socket(sock, ca_certs="../ssl/test-root-ca.crt", cert_reqs=ssl.CERT_REQUIRED)
|
||||
context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
|
||||
ssock = context.wrap_socket(sock, server_hostname="localhost")
|
||||
ssock.settimeout(20)
|
||||
try:
|
||||
ssock.connect(("localhost", port1))
|
||||
|
@ -32,7 +32,9 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2,
|
||||
|
||||
try:
|
||||
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
ssock = ssl.wrap_socket(sock, ca_certs="../ssl/test-root-ca.crt", certfile="../ssl/client.crt", keyfile="../ssl/client.key", cert_reqs=ssl.CERT_REQUIRED)
|
||||
context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH, cafile="../ssl/test-root-ca.crt")
|
||||
context.load_cert_chain(certfile="../ssl/client.crt", keyfile="../ssl/client.key")
|
||||
ssock = context.wrap_socket(sock, server_hostname="localhost")
|
||||
ssock.settimeout(20)
|
||||
ssock.connect(("localhost", port1))
|
||||
|
||||
|
@ -33,7 +33,9 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2,
|
||||
|
||||
try:
|
||||
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
ssock = ssl.wrap_socket(sock, ca_certs="../ssl/test-root-ca.crt", certfile="../ssl/client.crt", keyfile="../ssl/client.key", cert_reqs=ssl.CERT_REQUIRED)
|
||||
context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH, cafile="../ssl/test-root-ca.crt")
|
||||
context.load_cert_chain(certfile="../ssl/client.crt", keyfile="../ssl/client.key")
|
||||
ssock = context.wrap_socket(sock, server_hostname="localhost")
|
||||
ssock.settimeout(20)
|
||||
ssock.connect(("localhost", port1))
|
||||
|
||||
|
@ -29,7 +29,8 @@ connack_packet = mosq_test.gen_connack(rc=0)
|
||||
broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2, use_conf=True)
|
||||
|
||||
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
ssock = ssl.wrap_socket(sock, ca_certs="../ssl/test-alt-ca.crt", cert_reqs=ssl.CERT_REQUIRED)
|
||||
context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH, cafile="../ssl/test-alt-ca.crt")
|
||||
ssock = context.wrap_socket(sock, server_hostname="localhost")
|
||||
ssock.settimeout(20)
|
||||
try:
|
||||
ssock.connect(("localhost", port1))
|
||||
|
@ -32,7 +32,8 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2,
|
||||
|
||||
try:
|
||||
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
ssock = ssl.wrap_socket(sock, ca_certs="../ssl/test-root-ca.crt", cert_reqs=ssl.CERT_REQUIRED)
|
||||
context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH, cafile="../ssl/test-root-ca.crt")
|
||||
ssock = context.wrap_socket(sock, server_hostname="localhost")
|
||||
ssock.settimeout(20)
|
||||
ssock.connect(("localhost", port1))
|
||||
|
||||
|
@ -32,7 +32,8 @@ broker = mosq_test.start_broker(filename=os.path.basename(__file__), port=port2,
|
||||
|
||||
try:
|
||||
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
ssock = ssl.wrap_socket(sock, ca_certs="../ssl/test-root-ca.crt", cert_reqs=ssl.CERT_REQUIRED)
|
||||
context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH, cafile="../ssl/test-root-ca.crt")
|
||||
ssock = context.wrap_socket(sock, server_hostname="localhost")
|
||||
ssock.settimeout(20)
|
||||
ssock.connect(("localhost", port1))
|
||||
|
||||
|
@ -43,7 +43,9 @@ def do_test(option):
|
||||
|
||||
try:
|
||||
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
ssock = ssl.wrap_socket(sock, ca_certs="../ssl/test-root-ca.crt", certfile="../ssl/client.crt", keyfile="../ssl/client.key", cert_reqs=ssl.CERT_REQUIRED)
|
||||
context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH, cafile="../ssl/test-root-ca.crt")
|
||||
context.load_cert_chain(certfile="../ssl/client.crt", keyfile="../ssl/client.key")
|
||||
ssock = context.wrap_socket(sock, server_hostname="localhost")
|
||||
ssock.settimeout(20)
|
||||
ssock.connect(("localhost", port))
|
||||
mosq_test.do_send_receive(ssock, connect_packet, connack_packet, "connack")
|
||||
|
@ -26,9 +26,10 @@ disconnect_packet = mosq_test.gen_disconnect()
|
||||
|
||||
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
|
||||
ssock = ssl.wrap_socket(sock, ca_certs="../ssl/all-ca.crt",
|
||||
keyfile="../ssl/server.key", certfile="../ssl/server.crt",
|
||||
server_side=True, cert_reqs=ssl.CERT_REQUIRED)
|
||||
context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH, cafile="../ssl/all-ca.crt")
|
||||
context.load_cert_chain(certfile="../ssl/server.crt", keyfile="../ssl/server.key")
|
||||
context.verify_mode = ssl.CERT_REQUIRED
|
||||
ssock = context.wrap_socket(sock, server_side=True)
|
||||
ssock.settimeout(10)
|
||||
ssock.bind(('', port))
|
||||
ssock.listen(5)
|
||||
|
@ -26,9 +26,10 @@ disconnect_packet = mosq_test.gen_disconnect()
|
||||
|
||||
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
|
||||
ssock = ssl.wrap_socket(sock, ca_certs="../ssl/all-ca.crt",
|
||||
keyfile="../ssl/server.key", certfile="../ssl/server.crt",
|
||||
server_side=True, cert_reqs=ssl.CERT_REQUIRED)
|
||||
context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH, cafile="../ssl/all-ca.crt")
|
||||
context.load_cert_chain(certfile="../ssl/server.crt", keyfile="../ssl/server.key")
|
||||
context.verify_mode = ssl.CERT_REQUIRED
|
||||
ssock = context.wrap_socket(sock, server_side=True)
|
||||
ssock.settimeout(10)
|
||||
ssock.bind(('', port))
|
||||
ssock.listen(5)
|
||||
|
@ -25,7 +25,9 @@ disconnect_packet = mosq_test.gen_disconnect()
|
||||
|
||||
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
|
||||
ssock = ssl.wrap_socket(sock, ca_certs="../ssl/all-ca.crt", keyfile="../ssl/server.key", certfile="../ssl/server.crt", server_side=True)
|
||||
context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH, cafile="../ssl/all-ca.crt")
|
||||
context.load_cert_chain(certfile="../ssl/server.crt", keyfile="../ssl/server.key")
|
||||
ssock = context.wrap_socket(sock, server_side=True)
|
||||
ssock.settimeout(10)
|
||||
ssock.bind(('', port))
|
||||
ssock.listen(5)
|
||||
|
@ -10,9 +10,10 @@ if sys.version < '2.7':
|
||||
|
||||
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
|
||||
ssock = ssl.wrap_socket(sock, ca_certs="../ssl/all-ca.crt",
|
||||
keyfile="../ssl/server.key", certfile="../ssl/server.crt",
|
||||
server_side=True, cert_reqs=ssl.CERT_REQUIRED)
|
||||
context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH, cafile="../ssl/all-ca.crt")
|
||||
context.load_cert_chain(certfile="../ssl/server.crt", keyfile="../ssl/server.key")
|
||||
context.verify_mode = ssl.CERT_REQUIRED
|
||||
ssock = context.wrap_socket(sock, server_side=True)
|
||||
ssock.settimeout(10)
|
||||
ssock.bind(('', port))
|
||||
ssock.listen(5)
|
||||
|
Loading…
Reference in New Issue
Block a user