Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CCT-266: Update TLS flags #3374

Merged
merged 1 commit into from
Jan 19, 2024
Merged

CCT-266: Update TLS flags #3374

merged 1 commit into from
Jan 19, 2024

Conversation

m-horky
Copy link
Contributor

@m-horky m-horky commented Jan 19, 2024

  • Card ID: CCT-266
  • The flag PROTOCOL_SSLv23 is an alias to PROTOCOL_TLS since Python 3.6.
  • The flag PROTOCOL_TLS is deprecated since Python 3.10.
  • The flag PROTOCOL_TLS_CLIENT has been introduced in Python 3.6 and should be used for client-side contexts.

This patch uses PROTOCOL_TLS_CLIENT instead of PROTOCOL_SSLv23.

  • There is no need to use OP_NO_SSLv2 and OP_NO_SSLv3 flags explicitly now; SSLContext disables these by default.

  • The flag PROTOCOL_TLS_CLIENT enables the check_hostname by default. For insecure contexts we need to disable this flag explicitly.

@m-horky
CCT-266: Update TLS flags
a210426 
* Card ID: CCT-266

- The flag PROTOCOL_SSLv23 is an alias to PROTOCOL_TLS since Python 3.6.
- The flag PROTOCOL_TLS is deprecated since Python 3.10.
- The flag PROTOCOL_TLS_CLIENT has been introduced in Python 3.6 and
  should be used for client-side contexts.

This patch uses PROTOCOL_TLS_CLIENT instead of PROTOCOL_SSLv23.

- There is no need to use OP_NO_SSLv2 and OP_NO_SSLv3 flags explicitly
  now; SSLContext disables these by default.

- The flag PROTOCOL_TLS_CLIENT enables the check_hostname by default.
  For insecure contexts we need to disable this flag explicitly.
@cnsnyder cnsnyder requested review from a team and wottop and removed request for a team January 19, 2024 13:03
@github-actions GitHub Actions
Copy link

Coverage

Coverage (computed on Fedora latest) •
FileStmtsMissCoverMissing
rhsm
   connection.py101646154%48–49, 53, 55–56, 81, 101–102, 109, 150, 284, 315, 381–386, 390–399, 460, 462, 564, 567, 574–580, 641, 676–680, 682, 695, 722, 725–726, 728–729, 731, 742–746, 750, 754, 756–757, 776, 779, 783–784, 789, 792–793, 808, 812, 814–815, 842–843, 845, 848, 853–854, 857–858, 860, 862–866, 868–869, 872–879, 881–891, 893, 895–896, 907–909, 911–913, 915–917, 919–921, 923, 926–932, 934–935, 937–938, 940, 951–953, 955–956, 958–960, 962, 974–977, 982, 1046, 1048–1053, 1055, 1060–1064, 1070–1073, 1075–1080, 1084–1089, 1096, 1133, 1135, 1140, 1151, 1160–1163, 1167, 1169–1171, 1175–1176, 1178–1185, 1187, 1189, 1192–1199, 1202–1203, 1208, 1210, 1260, 1277–1280, 1304, 1326, 1356, 1361, 1364, 1367–1368, 1373, 1376, 1381, 1384, 1427–1431, 1438–1439, 1441, 1449–1450, 1452, 1469, 1482–1484, 1487, 1500, 1507, 1511, 1539–1541, 1546–1547, 1549–1550, 1552–1553, 1555–1569, 1571–1573, 1575–1586, 1588, 1605–1607, 1609–1611, 1613–1615, 1620, 1625–1627, 1632, 1659, 1691–1719, 1724–1725, 1727–1729, 1732–1733, 1736–1737, 1740–1741, 1760–1761, 1770–1771, 1781–1782, 1789–1790, 1796–1799, 1805–1808, 1814–1815, 1821–1822, 1842–1843, 1852–1856, 1864–1865, 1891–1894, 1919–1920, 1929–1930, 1938–1939, 1960, 1962–1964, 1966, 1968, 1971, 1973–1986, 1988–1989, 1998–2000, 2012–2013, 2022–2023, 2025, 2027–2029, 2036–2038, 2047–2049, 2057–2058, 2069, 2071–2072, 2074, 2076–2079, 2081–2083, 2086, 2088, 2095–2096, 2103–2104, 2114–2115, 2125–2128, 2138–2144, 2151–2154
TOTAL18221460974% 

Tests Skipped Failures Errors Time
2640 14 💤 0 ❌ 0 🔥 43.354s ⏱️

@jirihnidek jirihnidek self-assigned this Jan 19, 2024
jirihnidek
jirihnidek approved these changes Jan 19, 2024
View reviewed changes
Copy link
Contributor

@jirihnidek jirihnidek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jirihnidek jirihnidek merged commit b593913 into main Jan 19, 2024
16 of 17 checks passed
@jirihnidek jirihnidek deleted the mhorky/tls branch January 19, 2024 14:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jirihnidek jirihnidek jirihnidek approved these changes

@wottop wottop Awaiting requested review from wottop wottop was automatically assigned from candlepin/client-tools

Assignees

@jirihnidek jirihnidek

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@m-horky @jirihnidek