File skip_SSL_tests.patch of Package python3.39333
From 63a72beddcf516185066e4e4da4ea002f8af5588 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Cepl?= <mcepl@cepl.eu>
Date: Wed, 3 Apr 2024 11:59:02 +0200
Subject: [PATCH] skip SSL tests incompatible with OpenSSL 1.1.1 and higher
Fixes: bpo#9425
Patch: skip_SSL_tests.patch
---
 Lib/test/test_asyncio/test_events.py                 |  6 ++++++
 Lib/test/test_ssl.py                                 | 12 ++++++++----
 .../Tests/2019-04-05-10-34-29.bpo-36576.7Cp2kK.rst   |  1 +
 3 files changed, 15 insertions(+), 4 deletions(-)
 create mode 100644 Misc/NEWS.d/next/Tests/2019-04-05-10-34-29.bpo-36576.7Cp2kK.rst
diff --git a/Lib/test/test_asyncio/test_events.py b/Lib/test/test_asyncio/test_events.py
index f5a0b139b2f..4a12a1097b7 100644
--- a/Lib/test/test_asyncio/test_events.py
+++ b/Lib/test/test_asyncio/test_events.py
@@ -38,6 +38,11 @@ try:
 except ImportError:
     from asyncio import test_support as support
 
+if ssl is not None:
+    from test.test_ssl import IS_OPENSSL_1_1_1
+else:
+    IS_OPENSSL_1_1_1 = False
+
 
 def osx_tiger():
     """Return True if the platform is Mac OS 10.4 or older."""
@@ -1161,6 +1166,7 @@ class EventLoopTestsMixin:
             self.test_create_unix_server_ssl_verify_failed()
 
     @unittest.skipIf(ssl is None, 'No ssl module')
+    @unittest.skipIf(IS_OPENSSL_1_1_1, "bpo-36576: fail on OpenSSL 1.1.1")
     def test_create_server_ssl_match_failed(self):
         proto = MyProto(loop=self.loop)
         server, host, port = self._make_ssl_server(
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 74adebc0fb9..1b56d1a945a 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -36,7 +36,8 @@ else:
 PROTOCOLS = sorted(ssl._PROTOCOL_NAMES)
 HOST = support.HOST
 IS_LIBRESSL = ssl.OPENSSL_VERSION.startswith('LibreSSL')
-IS_OPENSSL_1_1 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0)
+IS_OPENSSL_1_1 = not IS_LIBRESSL and (ssl.OPENSSL_VERSION_INFO >= (1, 1, 0) and ssl.OPENSSL_VERSION_INFO < (2, 0))
+IS_OPENSSL_1_1_1 = not IS_LIBRESSL and (ssl.OPENSSL_VERSION_INFO >= (1, 1, 1) and ssl.OPENSSL_VERSION_INFO < (2, 0))
 
 
 def data_file(*name):
@@ -138,9 +139,8 @@ def skip_if_broken_ubuntu_ssl(func):
             try:
                 ssl.SSLContext(ssl.PROTOCOL_SSLv2)
             except ssl.SSLError:
-                if (ssl.OPENSSL_VERSION_INFO == (0, 9, 8, 15, 15) and
-                    platform.linux_distribution() == ('debian', 'squeeze/sid', '')):
-                    raise unittest.SkipTest("Patched Ubuntu OpenSSL breaks behaviour")
+                if ssl.OPENSSL_VERSION_INFO < (1, 1, 1):
+                    raise unittest.SkipTest("Old OpenSSL breaks behaviour")
             return func(*args, **kwargs)
         return f
     else:
@@ -961,6 +961,7 @@ class ContextTests(unittest.TestCase):
         self.assertIn('AES128-GCM-SHA256', names)
 
     @skip_if_broken_ubuntu_ssl
+    @unittest.skipIf(IS_OPENSSL_1_1_1, "bpo-36576: fail on OpenSSL 1.1.1")
     def test_options(self):
         ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
         # OP_ALL | OP_NO_SSLv2 | OP_NO_SSLv3 is the default value
@@ -3240,6 +3241,7 @@ if _have_threads:
                     ])
 
         @unittest.skipUnless(ssl.HAS_ECDH, "test requires ECDH-enabled OpenSSL")
+        @unittest.skipIf(IS_OPENSSL_1_1_1, "bpo-36576: fail on OpenSSL 1.1.1")
         def test_default_ecdh_curve(self):
             # Issue #21015: elliptic curve-based Diffie Hellman key exchange
             # should be enabled by default on SSL contexts.
@@ -3372,6 +3374,7 @@ if _have_threads:
             self.assertIs(stats['client_alpn_protocol'], None)
 
         @unittest.skipUnless(ssl.HAS_ALPN, "ALPN support needed for this test")
+        @unittest.skipIf(IS_OPENSSL_1_1_1, "bpo-36576: fail on OpenSSL 1.1.1")
         def test_alpn_protocols(self):
             server_protocols = ['foo', 'bar', 'milkshake']
             protocol_tests = [
@@ -3553,6 +3556,7 @@ if _have_threads:
             self.assertEqual(cm.exception.reason, 'TLSV1_ALERT_INTERNAL_ERROR')
             self.assertIn("TypeError", stderr.getvalue())
 
+        @unittest.skipIf(IS_OPENSSL_1_1_1, "bpo-36576: fail on OpenSSL 1.1.1")
         def test_shared_ciphers(self):
             server_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
             server_context.load_cert_chain(SIGNED_CERTFILE)
diff --git a/Misc/NEWS.d/next/Tests/2019-04-05-10-34-29.bpo-36576.7Cp2kK.rst b/Misc/NEWS.d/next/Tests/2019-04-05-10-34-29.bpo-36576.7Cp2kK.rst
new file mode 100644
index 00000000000..4d15bdf4279
--- /dev/null
+++ b/Misc/NEWS.d/next/Tests/2019-04-05-10-34-29.bpo-36576.7Cp2kK.rst
@@ -0,0 +1 @@
+Skip test_ssl and test_asyncio tests failing with OpenSSL 1.1.1.
-- 
2.45.0