From 4bc75833ff300f338af97dc27bb517f6cf6e4569 Mon Sep 17 00:00:00 2001 From: Eli Schwartz Date: Wed, 14 Aug 2024 21:09:57 -0400 Subject: [PATCH] tests: fix SSL test on python 3.13 by being more lenient about VERIFY_X509_STRICT In python 3.13, this flag was added to the default created ctx. This seems reasonable for production validation, but the unittest code generates a certificate that fails this. Inside test code, it seems fine to relax the constraints again. Our goal is to test the server itself, anyway, not the ssl module. See also: https://github.com/python/cpython/issues/107361 --- src/calibre/srv/tests/loop.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/calibre/srv/tests/loop.py b/src/calibre/srv/tests/loop.py index 7e4ea0e857e8..f3f4cecadd79 100644 --- a/src/calibre/srv/tests/loop.py +++ b/src/calibre/srv/tests/loop.py @@ -201,6 +201,8 @@ def test_ssl(self): cert_file, key_file, ca_file = map(lambda x:os.path.join(tdir, x), 'cka') create_server_cert(address, ca_file, cert_file, key_file, key_size=2048) ctx = ssl.create_default_context(cafile=ca_file) + # python 3.13 added this flag to validate stricter RFC compliance. It is unneeded complexity for the testsuite. + ctx.verify_flags &= ~ssl.VERIFY_X509_STRICT with TestServer( lambda data:(data.path[0] + data.read().decode('utf-8')), ssl_certfile=cert_file, ssl_keyfile=key_file, listen_on=address, port=0) as server: