fix test suite failures in rawhide due to new crypto policy

This commit is contained in:
Dan Callaghan 2020-08-30 16:19:56 +10:00
parent 2466647220
commit bd69e44e6f
2 changed files with 37 additions and 0 deletions

View file

@ -0,0 +1,35 @@
From 3e752ec4544dadfd7e3cc96d77b8a30bec36c49a Mon Sep 17 00:00:00 2001
From: Dan Callaghan <djc@djc.id.au>
Date: Sun, 30 Aug 2020 13:28:29 +1000
Subject: [PATCH] Use TLSv1.2 for fake servers in tests
Some Linux distros have begun disabling TLSv1.0 and TLSv1.1 by default
for security reasons, for example in Fedora 33 onwards:
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2
Use TLSv1.2 for the fake TLS servers created in the test suite, to avoid
failures due to OpenSSL disallowing TLSv1.0:
<twisted.python.failure.Failure OpenSSL.SSL.Error: [('SSL routines',
'ssl_choose_client_version', 'unsupported protocol')]>
---
tests/http/__init__.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/http/__init__.py b/tests/http/__init__.py
index 2096ba3c9..7486d092b 100644
--- a/tests/http/__init__.py
+++ b/tests/http/__init__.py
@@ -145,7 +145,7 @@ def __init__(self, sanlist):
self._cert_file = create_test_cert_file(sanlist)
def serverConnectionForTLS(self, tlsProtocol):
- ctx = SSL.Context(SSL.TLSv1_METHOD)
+ ctx = SSL.Context(SSL.TLSv1_2_METHOD)
ctx.use_certificate_file(self._cert_file)
ctx.use_privatekey_file(get_test_key_file())
return Connection(ctx, None)
--
2.26.2

View file

@ -14,6 +14,8 @@ URL: https://github.com/matrix-org/%{srcname}
Source0: %{url}/archive/v%{version}%{rcx}/%{srcname}-%{version}%{rcx}.tar.gz Source0: %{url}/archive/v%{version}%{rcx}/%{srcname}-%{version}%{rcx}.tar.gz
Source1: synapse.sysconfig Source1: synapse.sysconfig
Source2: synapse.service Source2: synapse.service
# https://github.com/matrix-org/synapse/pull/8208
Patch1: 0001-Use-TLSv1.2-for-fake-servers-in-tests.patch
BuildArch: noarch BuildArch: noarch
BuildRequires: python3-devel BuildRequires: python3-devel