diff mbox series

[v2,1/4] python3: Backport TLS test fix

Message ID 20260213230130.757732-2-colinmca242@gmail.com
State New
Headers show
Series Disable OpenSSL and Python3-cryptography legacy features by default | expand

Commit Message

Colin Pinnell McAllister Feb. 13, 2026, 11:01 p.m. UTC 
Backports fix for Python3 that allows TLS 1.2 to be the minimum version.

Signed-off-by: Colin Pinnell McAllister <colinmca242@gmail.com>
---
v2 changes:
* Add this patch to fix python3 ptest build failures

 ...Allow-TLS-v1.2-to-be-minimum-version.patch | 39 +++++++++++++++++++
 .../recipes-devtools/python/python3_3.14.2.bb |  1 +
 2 files changed, 40 insertions(+)
 create mode 100644 meta/recipes-devtools/python/python3/0001-gh-144787-tests-Allow-TLS-v1.2-to-be-minimum-version.patch
diff mbox series

Patch

diff --git a/meta/recipes-devtools/python/python3/0001-gh-144787-tests-Allow-TLS-v1.2-to-be-minimum-version.patch b/meta/recipes-devtools/python/python3/0001-gh-144787-tests-Allow-TLS-v1.2-to-be-minimum-version.patch
new file mode 100644
index 0000000000..3b0e98bf51
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/0001-gh-144787-tests-Allow-TLS-v1.2-to-be-minimum-version.patch
@@ -0,0 +1,39 @@ 
+From bcd6e2535cb0dbf72b677eb6bddb644cb035ed51 Mon Sep 17 00:00:00 2001
+From: Colin McAllister <colinmca242@gmail.com>
+Date: Fri, 13 Feb 2026 11:17:53 -0600
+Subject: [PATCH 1/1] gh-144787: [tests] Allow TLS v1.2 to be minimum version
+ (GH-144790)
+
+Allow TLS v1.2 to be minimum version
+
+Updates test_min_max_version to allow TLS v1.2 to be minimum version if
+TLS 1.0 and 1.1 are disabled in OpenSSL.
+
+Upstream-Status: Backport [https://github.com/python/cpython/commit/f24009feeb78f605a3ee177d9e7cfb63d5890ee1]
+
+Signed-off-by: Colin Pinnell McAllister <colinmca242@gmail.com>
+---
+ Lib/test/test_ssl.py | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
+index 6023c89bca..7e9ba735b3 100644
+--- a/Lib/test/test_ssl.py
++++ b/Lib/test/test_ssl.py
+@@ -1156,7 +1156,12 @@ def test_min_max_version(self):
+         ctx.maximum_version = ssl.TLSVersion.MINIMUM_SUPPORTED
+         self.assertIn(
+             ctx.maximum_version,
+-            {ssl.TLSVersion.TLSv1, ssl.TLSVersion.TLSv1_1, ssl.TLSVersion.SSLv3}
++            {
++                ssl.TLSVersion.TLSv1,
++                ssl.TLSVersion.TLSv1_1,
++                ssl.TLSVersion.TLSv1_2,
++                ssl.TLSVersion.SSLv3,
++            }
+         )
+ 
+         ctx.minimum_version = ssl.TLSVersion.MAXIMUM_SUPPORTED
+-- 
+2.49.1
+
diff --git a/meta/recipes-devtools/python/python3_3.14.2.bb b/meta/recipes-devtools/python/python3_3.14.2.bb
index 7481e70e13..6324151f4e 100644
--- a/meta/recipes-devtools/python/python3_3.14.2.bb
+++ b/meta/recipes-devtools/python/python3_3.14.2.bb
@@ -33,6 +33,7 @@  SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
 	   file://0001-test_pyrepl-skip-test_unix_console.test_cursor_back_.patch \
 	   file://0001-test_sysconfig-skip-test_sysconfig.test_sysconfigdat.patch \
            file://0001-Skip-flaky-test_default_timeout-tests.patch \
+           file://0001-gh-144787-tests-Allow-TLS-v1.2-to-be-minimum-version.patch \
            "
 SRC_URI:append:class-native = " \
            file://0001-Lib-sysconfig.py-use-prefix-value-from-build-configu.patch \