Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / octavia-tempest-plugin / 6b2be2fea36b6e13b2b1fb2e0e10c44660045538^! / .
commit6b2be2fea36b6e13b2b1fb2e0e10c44660045538[log] [tgz]
authorGregory Thiemonge <gthiemon@redhat.com>Mon May 02 08:09:44 2022 +0200
committerGregory Thiemonge <gthiemon@redhat.com>Mon May 02 08:11:44 2022 +0200
tree1adc0abd0d9b98e9f4864f27d3974e5a772c5bba
parent5de58101c21910c170ff176d023c39dfe31b76c8 [diff]
Remove deprecated OpenSSL methods

TLSv1_2_METHOD and SSLv23_METHOD are deprecated in OpenSSL [0], update
SSL.Context to use the generic TLS_METHOD.

This change also fixes the c9s-based FIPS jobs (they don't support
TLSv1.2).

[0] https://www.pyopenssl.org/en/stable/api/ssl.html#context-objects

Story 2009942
Task 44847

Change-Id: I39e293db39d2a9287b581833cfe9fd469f701a7c

diff --git a/octavia_tempest_plugin/tests/barbican_scenario/v2/test_tls_barbican.py b/octavia_tempest_plugin/tests/barbican_scenario/v2/test_tls_barbican.py
index 3f41892..29b73c6 100644
--- a/octavia_tempest_plugin/tests/barbican_scenario/v2/test_tls_barbican.py
+++ b/octavia_tempest_plugin/tests/barbican_scenario/v2/test_tls_barbican.py

@@ -337,7 +337,7 @@
                 return False
             return True
 
-        context = SSL.Context(SSL.SSLv23_METHOD)
+        context = SSL.Context(SSL.TLS_METHOD)
         context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
                            _verify_cb)
         ca_store = context.get_cert_store()
@@ -473,7 +473,7 @@
             return True
 
         # Test that the default certificate is used with no SNI host request
-        context = SSL.Context(SSL.SSLv23_METHOD)
+        context = SSL.Context(SSL.TLS_METHOD)
         context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
                            _verify_server_cb)
         ca_store = context.get_cert_store()
@@ -485,7 +485,7 @@
         sock.do_handshake()
 
         # Test that the default certificate is used with bogus SNI host request
-        context = SSL.Context(SSL.TLSv1_2_METHOD)
+        context = SSL.Context(SSL.TLS_METHOD)
         context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
                            _verify_server_cb)
         ca_store = context.get_cert_store()
@@ -498,7 +498,7 @@
         sock.do_handshake()
 
         # Test that the SNI1 certificate is used when SNI1 host is specified
-        context = SSL.Context(SSL.TLSv1_2_METHOD)
+        context = SSL.Context(SSL.TLS_METHOD)
         context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
                            _verify_SNI1_cb)
         ca_store = context.get_cert_store()
@@ -512,7 +512,7 @@
         sock.do_handshake()
 
         # Test that the SNI2 certificate is used when SNI2 host is specified
-        context = SSL.Context(SSL.SSLv23_METHOD)
+        context = SSL.Context(SSL.TLS_METHOD)
         context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
                            _verify_SNI2_cb)
         ca_store = context.get_cert_store()
@@ -634,7 +634,7 @@
             return True
 
         # Test that the default certificate is used with no SNI host request
-        context = SSL.Context(SSL.SSLv23_METHOD)
+        context = SSL.Context(SSL.TLS_METHOD)
         context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
                            _verify_server_cb)
         ca_store = context.get_cert_store()
@@ -646,7 +646,7 @@
         sock.do_handshake()
 
         # Test that the SNI1 certificate is used when SNI1 host is specified
-        context = SSL.Context(SSL.TLSv1_2_METHOD)
+        context = SSL.Context(SSL.TLS_METHOD)
         context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
                            _verify_SNI1_cb)
         ca_store = context.get_cert_store()
@@ -660,7 +660,7 @@
         sock.do_handshake()
 
         # Test that the default certificate is used when SNI2 host is specified
-        context = SSL.Context(SSL.SSLv23_METHOD)
+        context = SSL.Context(SSL.TLS_METHOD)
         context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
                            _verify_server_cb)
         ca_store = context.get_cert_store()
@@ -675,7 +675,7 @@
 
         # Test that the SNI2 certificate is used with no SNI host request
         # on listener 2, SNI2 is the default cert for listener 2
-        context = SSL.Context(SSL.SSLv23_METHOD)
+        context = SSL.Context(SSL.TLS_METHOD)
         context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
                            _verify_SNI2_cb)
         ca_store = context.get_cert_store()
@@ -688,7 +688,7 @@
 
         # Test that the SNI2 certificate is used with listener 1 host request
         # on listener 2, SNI2 is the default cert for listener 2
-        context = SSL.Context(SSL.SSLv23_METHOD)
+        context = SSL.Context(SSL.TLS_METHOD)
         context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
                            _verify_SNI2_cb)
         ca_store = context.get_cert_store()
@@ -703,7 +703,7 @@
 
         # Test that the SNI2 certificate is used with SNI1 host request
         # on listener 2, SNI2 is the default cert for listener 2
-        context = SSL.Context(SSL.SSLv23_METHOD)
+        context = SSL.Context(SSL.TLS_METHOD)
         context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
                            _verify_SNI2_cb)
         ca_store = context.get_cert_store()