Skip to content
This repository was archived by the owner on Oct 8, 2025. It is now read-only.

tests: Fix TLS tests with Python 3.13 #1568

Merged
merged 1 commit into from
Mar 27, 2025
Merged

tests: Fix TLS tests with Python 3.13 #1568

merged 1 commit into from
Mar 27, 2025

Conversation

ac000
Copy link
Member

@ac000 ac000 commented Mar 5, 2025 

    tests: Fix TLS tests with Python 3.13
    
    Python 3.13 sets the VERIFY_X509_STRICT flag by default in
    create_default_context().
    
    This breaks our TLS tests with dummy certificates. Remove this flag.
    
    Thanks to @zfouts for the hint about the flag.
    
    As an aside there is another Python 3.13 change which breaks the tests,
    in that the cgi module has been removed. However there is a legacy-cgi
    module you can install to get things going again (note this module is
    unmaintained). E.g. In Fedora 'dnf install python3-legacy-cgi'.
    
    Reported-by: Konstantin Pavlov <thresh@nginx.com>
    Closes: https://github.com/nginx/unit/issues/1545
    Link: <https://docs.python.org/3/whatsnew/3.13.html#ssl>
    Link: <https://docs.python.org/3.13/library/cgi.html>
    Signed-off-by: Andrew Clayton <a.clayton@nginx.com>

@ac000 ac000 linked an issue Mar 5, 2025 that may be closed by this pull request
Tests fail with Python 3.13 on Fedora 41 #1545
Closed
@ac000 ac000 marked this pull request as ready for review March 5, 2025 18:46
@ac000 ac000 requested a review from thresheek March 5, 2025 18:46
thresheek
thresheek approved these changes Mar 27, 2025
View reviewed changes
Copy link
Member

@thresheek thresheek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The tests pass now for me on Fedora 41!

@ac000
Copy link
Member Author

ac000 commented Mar 27, 2025

Great! Thanks for testing!

@ac000
tests: Fix TLS tests with Python 3.13
3b18ffe 
Python 3.13 sets the VERIFY_X509_STRICT flag by default in
create_default_context().

This breaks our TLS tests with dummy certificates. Remove this flag.

Thanks to @zfouts for the hint about the flag.

As an aside there is another Python 3.13 change which breaks the tests,
in that the cgi module has been removed. However there is a legacy-cgi
module you can install to get things going again (note this module is
unmaintained). E.g. In Fedora 'dnf install python3-legacy-cgi'.

Reported-by: Konstantin Pavlov <thresh@nginx.com>
Closes: nginx#1545
Link: <https://docs.python.org/3/whatsnew/3.13.html#ssl>
Link: <https://docs.python.org/3.13/library/cgi.html>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
@ac000
Copy link
Member Author

ac000 commented Mar 27, 2025

Rebased with master

@ac000 ac000 merged commit 3b18ffe into nginx:master Mar 27, 2025
@ac000 ac000 deleted the pytest-tls-fix branch March 27, 2025 23:42
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@thresheek thresheek thresheek approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Tests fail with Python 3.13 on Fedora 41

2 participants

@ac000 @thresheek