See https://github.com/wbond/oscrypto/issues/82 diff -upr oscrypto-1.3.0.orig/tests/test_tls.py oscrypto-1.3.0/tests/test_tls.py --- oscrypto-1.3.0.orig/tests/test_tls.py 2024-07-10 15:13:24.273901857 +0200 +++ oscrypto-1.3.0/tests/test_tls.py 2024-07-10 15:14:21.530695208 +0200 @@ -90,7 +90,6 @@ class TLSTests(unittest.TestCase): return ( ('google', 'www.google.com', 443), ('package_control', 'packagecontrol.io', 443), - ('dh1024', 'dh1024.badtls.io', 10005), ) @data('tls_hosts', True) @@ -142,35 +141,41 @@ class TLSTests(unittest.TestCase): s.close() socket.setdefaulttimeout(def_timeout) + @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234') @connection_timeout() def test_tls_error_missing_issuer(self): expected = 'certificate issuer not found in trusted root certificate store' with assert_exception(self, errors.TLSVerificationError, expected): tls.TLSSocket('domain-match.badtls.io', 10000) + @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234') @connection_timeout() def test_tls_error_domain_mismatch(self): session = tls.TLSSession(extra_trust_roots=[badtls_ca_path]) with assert_exception(self, errors.TLSVerificationError, 'does not match'): tls.TLSSocket('domain-mismatch.badtls.io', 11002, session=session) + @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234') @connection_timeout() def test_tls_error_san_mismatch(self): session = tls.TLSSession(extra_trust_roots=[badtls_ca_path]) with assert_exception(self, errors.TLSVerificationError, 'does not match'): tls.TLSSocket('san-mismatch.badtls.io', 11003, session=session) + @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234') @connection_timeout() def test_tls_wildcard_success(self): session = tls.TLSSession(extra_trust_roots=[badtls_ca_path]) tls.TLSSocket('wildcard-match.badtls.io', 10001, session=session) + @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234') @connection_timeout() def test_tls_error_not_yet_valid(self): session = tls.TLSSession(extra_trust_roots=[badtls_ca_path]) with assert_exception(self, errors.TLSVerificationError, 'not valid until'): tls.TLSSocket('future.badtls.io', 11001, session=session) + @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234') @connection_timeout() def test_tls_error_expired_2(self): session = tls.TLSSession(extra_trust_roots=[badtls_ca_path]) @@ -179,30 +184,35 @@ class TLSTests(unittest.TestCase): with assert_exception(self, errors.TLSVerificationError, 'certificate expired|not valid until'): tls.TLSSocket('expired-1963.badtls.io', 11000, session=session) + @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234') @connection_timeout() def test_tls_error_client_cert_required(self): session = tls.TLSSession(extra_trust_roots=[badtls_ca_path]) with assert_exception(self, errors.TLSError, 'client authentication'): tls.TLSSocket('required-auth.badtls.io', 10003, session=session) + @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234') @connection_timeout() def test_tls_error_handshake_error_3(self): session = tls.TLSSession(extra_trust_roots=[badtls_ca_path]) with assert_exception(self, errors.TLSError, 'weak certificate signature algorithm'): tls.TLSSocket('weak-sig.badtls.io', 11004, session=session) + @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234') @connection_timeout() def test_tls_error_non_web(self): session = tls.TLSSession(extra_trust_roots=[badtls_ca_path]) with assert_exception(self, errors.TLSVerificationError, 'verification failed'): tls.TLSSocket('bad-key-usage.badtls.io', 11005, session=session) + @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234') @connection_timeout() def test_tls_error_wildcard_mismatch(self): session = tls.TLSSession(extra_trust_roots=[badtls_ca_path]) with assert_exception(self, errors.TLSVerificationError, 'does not match'): tls.TLSSocket('wildcard.mismatch.badtls.io', 11007, session=session) + @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234') @connection_timeout() def test_tls_error_expired(self): session = tls.TLSSession(extra_trust_roots=[badtls_ca_path]) @@ -225,18 +235,21 @@ class TLSTests(unittest.TestCase): with assert_exception(self, errors.TLSError, regex): tls.TLSSocket('dh512.badssl.com', 443) + @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234') @connection_timeout() def test_tls_error_handshake_error(self): session = tls.TLSSession(extra_trust_roots=[badtls_ca_path]) with assert_exception(self, errors.TLSError, 'TLS handshake failed'): tls.TLSSocket('rc4-md5.badtls.io', 11009, session=session) + @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234') @connection_timeout() def test_tls_error_handshake_error_2(self): session = tls.TLSSession(extra_trust_roots=[badtls_ca_path]) with assert_exception(self, errors.TLSError, 'TLS handshake failed'): tls.TLSSocket('rc4.badtls.io', 11008, session=session) + @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234') @connection_timeout() def test_tls_extra_trust_roots_no_match(self): expected = 'certificate issuer not found in trusted root certificate store' @@ -244,6 +257,7 @@ class TLSTests(unittest.TestCase): session = tls.TLSSession(extra_trust_roots=[digicert_ca_path]) tls.TLSSocket('domain-match.badtls.io', 10000, session=session) + @unittest.skip('badtls.io is defunct, see https://github.com/wbond/oscrypto/issues/82#issuecomment-2220451234') @connection_timeout() def test_tls_extra_trust_roots(self): session = tls.TLSSession(extra_trust_roots=[badtls_ca_path, digicert_ca_path])