tests: bump min/max tls versions, remove problematic test_min_tls_ver…

…sion httplib2#192
mgorny · Nov 18, 2021 · f77f29c · f77f29c
1 parent be13bba
commit f77f29c
Showing 1 changed file with 3 additions and 24 deletions.
diff --git a/tests/test_https.py b/tests/test_https.py
@@ -92,36 +92,16 @@ def test_set_tls_version(attr, version):
         assert expect_success
 
 
-@pytest.mark.skipif(
-    not hasattr(tests.ssl_context(), "minimum_version"),
-    reason="ssl doesn't support TLS min/max",
-)
-def test_min_tls_version():
-    def setup_tls(context, server, skip_errors):
-        skip_errors.append("WRONG_VERSION_NUMBER")
-        context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_1)
-        context.load_cert_chain(tests.SERVER_CHAIN)
-        return context.wrap_socket(server, server_side=True)
-
-    http = httplib2.Http(ca_certs=tests.CA_CERTS, tls_minimum_version="TLSv1_2")
-    with tests.server_const_http(tls=setup_tls) as uri:
-        try:
-            http.request(uri)
-            assert False, "expected SSLError"
-        except ssl.SSLError as e:
-            assert e.reason in ("UNSUPPORTED_PROTOCOL", "VERSION_TOO_LOW")
-
-
 @pytest.mark.skipif(
     not hasattr(tests.ssl_context(), "maximum_version"),
     reason="ssl doesn't support TLS min/max",
 )
 def test_max_tls_version():
-    http = httplib2.Http(ca_certs=tests.CA_CERTS, tls_maximum_version="TLSv1")
+    http = httplib2.Http(ca_certs=tests.CA_CERTS, tls_maximum_version="TLSv1_2")
     with tests.server_const_http(tls=True) as uri:
         http.request(uri)
         _, tls_ver, _ = http.connections.popitem()[1].sock.cipher()
-        assert tls_ver == "TLSv1.0"
+        assert tls_ver == "TLSv1.2"
 
 
 def test_client_cert_verified():
@@ -162,8 +142,7 @@ def handler(request):
     http = httplib2.Http(ca_certs=tests.CA_CERTS)
     with tests.server_request(handler, tls=setup_tls) as uri:
         uri_parsed = urllib.parse.urlparse(uri)
-        http.add_certificate(tests.CLIENT_ENCRYPTED_PEM, tests.CLIENT_ENCRYPTED_PEM,
-                             uri_parsed.netloc, password="12345")
+        http.add_certificate(tests.CLIENT_ENCRYPTED_PEM, tests.CLIENT_ENCRYPTED_PEM, uri_parsed.netloc, password="12345")
         http.request(uri)
 
     assert len(cert_log) == 1