diff --git a/Lib/test/test_httplib.py b/Lib/test/test_httplib.py index 7dc83d7d92d8b3c..6e63a8872d9c6e1 100644 --- a/Lib/test/test_httplib.py +++ b/Lib/test/test_httplib.py @@ -2066,7 +2066,7 @@ def test_host_port(self): def test_tls13_pha(self): import ssl - if not ssl.HAS_TLSv1_3 or "AWS-LC" in ssl.OPENSSL_VERSION: + if not ssl.HAS_TLSv1_3: self.skipTest('TLS 1.3 support required') # just check status of PHA flag h = client.HTTPSConnection('localhost', 443) diff --git a/Lib/test/test_site.py b/Lib/test/test_site.py index e23531f1478c0c9..0502181854f52b5 100644 --- a/Lib/test/test_site.py +++ b/Lib/test/test_site.py @@ -564,7 +564,6 @@ def test_customization_modules_on_startup(self): def test_license_exists_at_url(self): # This test is a bit fragile since it depends on the format of the # string displayed by license in the absence of a LICENSE file. - #import ssl url = license._Printer__data.split()[1] req = urllib.request.Request(url, method='HEAD') # Reset global urllib.request._opener diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 61a01730f79c2c3..ba04e87c39dbcf7 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -3930,7 +3930,6 @@ def test_no_legacy_server_connect(self): sni_name=hostname) @unittest.skipIf(Py_DEBUG_WIN32, "Avoid mixing debug/release CRT on Windows") - @unittest.skipIf(Py_OPENSSL_IS_AWSLC, "AWS-LC doesn't support (FF)DHE") def test_dh_params(self): # Check we can get a connection with ephemeral Diffie-Hellman client_context, server_context, hostname = testing_context() @@ -4392,10 +4391,7 @@ def server_callback(identity): s.connect((HOST, server.port)) -@unittest.skipUnless( - has_tls_version('TLSv1_3') and not Py_OPENSSL_IS_AWSLC, - "Test needs TLS 1.3; AWS-LC doesn't support PHA" -) +@unittest.skipUnless(has_tls_version('TLSv1_3'), "Test needs TLS 1.3") class TestPostHandshakeAuth(unittest.TestCase): def test_pha_setter(self): protocols = [ @@ -4671,31 +4667,6 @@ def test_internal_chain_server(self): self.assertEqual(res, b'\x02\n') -@unittest.skipUnless(Py_OPENSSL_IS_AWSLC, "Only test this against AWS-LC") -class TestPostHandshakeAuthAwsLc(unittest.TestCase): - def test_pha(self): - protocols = [ - ssl.PROTOCOL_TLS_SERVER, ssl.PROTOCOL_TLS_CLIENT - ] - for protocol in protocols: - client_ctx, server_ctx, hostname = testing_context() - client_ctx.load_cert_chain(SIGNED_CERTFILE) - self.assertEqual(client_ctx.post_handshake_auth, None) - with self.assertRaises(AttributeError): - client_ctx.post_handshake_auth = True - with self.assertRaises(AttributeError): - server_ctx.post_handshake_auth = True - - with ThreadedEchoServer(context=server_ctx) as server: - with client_ctx.wrap_socket( - socket.socket(), - server_hostname=hostname - ) as ssock: - ssock.connect((HOST, server.port)) - with self.assertRaises(NotImplementedError): - ssock.verify_client_post_handshake() - - HAS_KEYLOG = hasattr(ssl.SSLContext, 'keylog_filename') requires_keylog = unittest.skipUnless( HAS_KEYLOG, 'test requires OpenSSL 1.1.1 with keylog callback') diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 153b3fd77a3353b..51527c23faa7316 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -2069,12 +2069,7 @@ _ssl__SSLSocket_shared_ciphers_impl(PySSLSocket *self) len = 0; for (i = 0; i < sk_SSL_CIPHER_num(server_ciphers); i++) { cipher = sk_SSL_CIPHER_value(server_ciphers, i); -#if defined(OPENSSL_IS_AWSLC) - size_t unused_idx; - if (sk_SSL_CIPHER_find(client_ciphers, &unused_idx, cipher) < 0) -#else if (sk_SSL_CIPHER_find(client_ciphers, cipher) < 0) -#endif continue; PyObject *tup = cipher_to_tuple(cipher);