diff options
| author | Oto Šťáva <oto.stava@nic.cz> | 2024-05-06 13:35:02 +0200 |
|---|---|---|
| committer | Oto Šťáva <oto.stava@nic.cz> | 2024-05-13 15:09:21 +0200 |
| commit | 6c5949d8e0e767569ad4e4572db19bd117c9eb28 (patch) | |
| tree | 86f0f54e04c5908fa1ed87de2024eee64d64f600 /tests | |
| parent | Silence Clang-Tidy (diff) | |
| download | knot-resolver-6c5949d8e0e767569ad4e4572db19bd117c9eb28.tar.xz knot-resolver-6c5949d8e0e767569ad4e4572db19bd117c9eb28.zip | |
tests/pytests: remove deprecated calls
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/pytests/conftest.py | 2 | ||||
| -rw-r--r-- | tests/pytests/test_tls.py | 2 | ||||
| -rw-r--r-- | tests/pytests/utils.py | 17 |
3 files changed, 8 insertions, 13 deletions
diff --git a/tests/pytests/conftest.py b/tests/pytests/conftest.py index 4c711f84..fcf4b05f 100644 --- a/tests/pytests/conftest.py +++ b/tests/pytests/conftest.py @@ -86,7 +86,7 @@ def query_before(request): # whether to send an initial query return request.param -@pytest.mark.optionalhook +@pytest.hookimpl(optionalhook=True) def pytest_metadata(metadata): # filter potentially sensitive data from GitLab CI keys_to_delete = [] for key in metadata.keys(): diff --git a/tests/pytests/test_tls.py b/tests/pytests/test_tls.py index 3e1328ab..7f5fa42f 100644 --- a/tests/pytests/test_tls.py +++ b/tests/pytests/test_tls.py @@ -73,7 +73,7 @@ def test_tls_session_resumption(tmpdir, sf1, sf2, sf3): with make_kresd(workdir, 'tt') as kresd: ctx = utils.make_ssl_context( - verify_location=kresd.tls_cert_path, extra_options=[ssl.OP_NO_TLSv1_3]) + verify_location=kresd.tls_cert_path, maximum_tls=ssl.TLSVersion.TLSv1_2) session = connect(kresd, ctx, sf1) # initial conn connect(kresd, ctx, sf2, session) # resume session on the same instance diff --git a/tests/pytests/utils.py b/tests/pytests/utils.py index 4b995d4b..7792c047 100644 --- a/tests/pytests/utils.py +++ b/tests/pytests/utils.py @@ -110,17 +110,12 @@ def expect_kresd_close(rst_ok=False): pytest.fail("kresd didn't close the connection") -def make_ssl_context(insecure=False, verify_location=None, extra_options=None): - # set TLS v1.2+ - context = ssl.SSLContext(ssl.PROTOCOL_TLS) - context.options |= ssl.OP_NO_SSLv2 - context.options |= ssl.OP_NO_SSLv3 - context.options |= ssl.OP_NO_TLSv1 - context.options |= ssl.OP_NO_TLSv1_1 - - if extra_options is not None: - for option in extra_options: - context.options |= option +def make_ssl_context(insecure=False, verify_location=None, + minimum_tls=ssl.TLSVersion.TLSv1_2, + maximum_tls=ssl.TLSVersion.MAXIMUM_SUPPORTED): + context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) + context.minimum_version = minimum_tls + context.maximum_version = maximum_tls if insecure: # turn off certificate verification |