Wire TLS keys in Python for cross-tests
Configure Python test client/server to use shared test keys and CA for SSL.
Remove Python SSL entries from known failures to re-enable SSL coverage.
diff --git a/lib/py/src/server/THttpServer.py b/lib/py/src/server/THttpServer.py
index 21f2c86..dc744e2 100644
--- a/lib/py/src/server/THttpServer.py
+++ b/lib/py/src/server/THttpServer.py
@@ -117,10 +117,18 @@
self.httpd = server_class(server_address, RequestHander)
if (kwargs.get('cafile') or kwargs.get('cert_file') or kwargs.get('key_file')):
- context = ssl.create_default_context(cafile=kwargs.get('cafile'))
- context.check_hostname = False
+ if hasattr(ssl, 'PROTOCOL_TLS_SERVER'):
+ context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
+ else:
+ context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
+ cafile = kwargs.get('cafile')
+ if cafile:
+ context.load_verify_locations(cafile=cafile)
+ context.verify_mode = ssl.CERT_REQUIRED
+ else:
+ context.verify_mode = ssl.CERT_NONE
context.load_cert_chain(kwargs.get('cert_file'), kwargs.get('key_file'))
- context.verify_mode = ssl.CERT_REQUIRED if kwargs.get('cafile') else ssl.CERT_NONE
+ context.check_hostname = False
self.httpd.socket = context.wrap_socket(self.httpd.socket, server_side=True)
def serve(self):