bpo-32069: Drop legacy SSL transport (#4451)

* Drop legacy SSL transport * Drop unused import * Fix Windows tests * Drop never executed on Python 3.4+ code

bpo-32069: Drop legacy SSL transport (#4451)
* Drop legacy SSL transport * Drop unused import * Fix Windows tests * Drop never executed on Python 3.4+ code
51d546ae · Andrew Svetlov · GitHub · f02f5e5c · 51d546ae · 51d546ae
Commit 51d546ae authored Nov 18, 2017 by Andrew Svetlov Committed by GitHub Nov 18, 2017
7 changed files
--- a/Lib/asyncio/proactor_events.py
+++ b/Lib/asyncio/proactor_events.py
@@ -392,11 +392,6 @@ class BaseProactorEventLoop(base_events.BaseEventLoop):
    def _make_ssl_transport(self, rawsock, protocol, sslcontext, waiter=None,
                            *, server_side=False, server_hostname=None,
                            extra=None, server=None):
-        if not sslproto._is_sslproto_available():
-            raise NotImplementedError("Proactor event loop requires Python 3.5"
-                                      " or newer (ssl.MemoryBIO) to support "
-                                      "SSL")
-
        ssl_protocol = sslproto.SSLProtocol(self, protocol, sslcontext, waiter,
                                            server_side, server_hostname)
        _ProactorSocketTransport(self, rawsock, ssl_protocol,

--- a/Lib/asyncio/selector_events.py
+++ b/Lib/asyncio/selector_events.py
--- a/Lib/asyncio/sslproto.py
+++ b/Lib/asyncio/sslproto.py
@@ -18,25 +18,13 @@ def _create_transport_context(server_side, server_hostname):
    # Client side may pass ssl=True to use a default
    # context; in that case the sslcontext passed is None.
    # The default is secure for client connections.
-    if hasattr(ssl, 'create_default_context'):
-        # Python 3.4+: use up-to-date strong settings.
-        sslcontext = ssl.create_default_context()
-        if not server_hostname:
-            sslcontext.check_hostname = False
-    else:
-        # Fallback for Python 3.3.
-        sslcontext = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
-        sslcontext.options |= ssl.OP_NO_SSLv2
-        sslcontext.options |= ssl.OP_NO_SSLv3
-        sslcontext.set_default_verify_paths()
-        sslcontext.verify_mode = ssl.CERT_REQUIRED
+    # Python 3.4+: use up-to-date strong settings.
+    sslcontext = ssl.create_default_context()
+    if not server_hostname:
+        sslcontext.check_hostname = False
    return sslcontext


-def _is_sslproto_available():
-    return hasattr(ssl, "MemoryBIO")
-
-
 # States of an _SSLPipe.
 _UNWRAPPED = "UNWRAPPED"
 _DO_HANDSHAKE = "DO_HANDSHAKE"

--- a/Lib/asyncio/test_utils.py
+++ b/Lib/asyncio/test_utils.py
@@ -508,8 +508,3 @@ def mock_nonblocking_socket(proto=socket.IPPROTO_TCP, type=socket.SOCK_STREAM,
    sock.family = family
    sock.gettimeout.return_value = 0.0
    return sock
-
-
-def force_legacy_ssl_support():
-    return mock.patch('asyncio.sslproto._is_sslproto_available',
-                      return_value=False)
--- a/Lib/test/test_asyncio/test_events.py
+++ b/Lib/test/test_asyncio/test_events.py
@@ -736,10 +736,6 @@ class EventLoopTestsMixin:
            self._test_create_ssl_connection(httpd, create_connection,
                                             peername=httpd.address)

-    def test_legacy_create_ssl_connection(self):
-        with test_utils.force_legacy_ssl_support():
-            self.test_create_ssl_connection()
-
    @unittest.skipIf(ssl is None, 'No ssl module')
    @unittest.skipUnless(hasattr(socket, 'AF_UNIX'), 'No UNIX Sockets')
    def test_create_ssl_unix_connection(self):
@@ -757,10 +753,6 @@ class EventLoopTestsMixin:
                                             check_sockname,
                                             peername=httpd.address)

-    def test_legacy_create_ssl_unix_connection(self):
-        with test_utils.force_legacy_ssl_support():
-            self.test_create_ssl_unix_connection()
-
    def test_create_connection_local_addr(self):
        with test_utils.run_test_server() as httpd:
            port = support.find_unused_port()
@@ -1061,10 +1053,6 @@ class EventLoopTestsMixin:
        # stop serving
        server.close()

-    def test_legacy_create_server_ssl(self):
-        with test_utils.force_legacy_ssl_support():
-            self.test_create_server_ssl()
-
    @unittest.skipIf(ssl is None, 'No ssl module')
    @unittest.skipUnless(hasattr(socket, 'AF_UNIX'), 'No UNIX Sockets')
    def test_create_unix_server_ssl(self):
@@ -1096,10 +1084,6 @@ class EventLoopTestsMixin:
        # stop serving
        server.close()

-    def test_legacy_create_unix_server_ssl(self):
-        with test_utils.force_legacy_ssl_support():
-            self.test_create_unix_server_ssl()
-
    @unittest.skipIf(ssl is None, 'No ssl module')
    def test_create_server_ssl_verify_failed(self):
        proto = MyProto(loop=self.loop)
@@ -1129,10 +1113,6 @@ class EventLoopTestsMixin:
        self.assertIsNone(proto.transport)
        server.close()

-    def test_legacy_create_server_ssl_verify_failed(self):
-        with test_utils.force_legacy_ssl_support():
-            self.test_create_server_ssl_verify_failed()
-
    @unittest.skipIf(ssl is None, 'No ssl module')
    @unittest.skipUnless(hasattr(socket, 'AF_UNIX'), 'No UNIX Sockets')
    def test_create_unix_server_ssl_verify_failed(self):
@@ -1163,11 +1143,6 @@ class EventLoopTestsMixin:
        self.assertIsNone(proto.transport)
        server.close()

-
-    def test_legacy_create_unix_server_ssl_verify_failed(self):
-        with test_utils.force_legacy_ssl_support():
-            self.test_create_unix_server_ssl_verify_failed()
-
    @unittest.skipIf(ssl is None, 'No ssl module')
    def test_create_server_ssl_match_failed(self):
        proto = MyProto(loop=self.loop)
@@ -1196,10 +1171,6 @@ class EventLoopTestsMixin:
        proto.transport.close()
        server.close()

-    def test_legacy_create_server_ssl_match_failed(self):
-        with test_utils.force_legacy_ssl_support():
-            self.test_create_server_ssl_match_failed()
-
    @unittest.skipIf(ssl is None, 'No ssl module')
    @unittest.skipUnless(hasattr(socket, 'AF_UNIX'), 'No UNIX Sockets')
    def test_create_unix_server_ssl_verified(self):
@@ -1226,10 +1197,6 @@ class EventLoopTestsMixin:
        server.close()
        self.loop.run_until_complete(proto.done)

-    def test_legacy_create_unix_server_ssl_verified(self):
-        with test_utils.force_legacy_ssl_support():
-            self.test_create_unix_server_ssl_verified()
-
    @unittest.skipIf(ssl is None, 'No ssl module')
    def test_create_server_ssl_verified(self):
        proto = MyProto(loop=self.loop)
@@ -1259,10 +1226,6 @@ class EventLoopTestsMixin:
        server.close()
        self.loop.run_until_complete(proto.done)

-    def test_legacy_create_server_ssl_verified(self):
-        with test_utils.force_legacy_ssl_support():
-            self.test_create_server_ssl_verified()
-
    def test_create_server_sock(self):
        proto = asyncio.Future(loop=self.loop)

@@ -2159,37 +2122,6 @@ if sys.platform == 'win32':
        def create_event_loop(self):
            return asyncio.ProactorEventLoop()

-        if not sslproto._is_sslproto_available():
-            def test_create_ssl_connection(self):
-                raise unittest.SkipTest("need python 3.5 (ssl.MemoryBIO)")
-
-            def test_create_server_ssl(self):
-                raise unittest.SkipTest("need python 3.5 (ssl.MemoryBIO)")
-
-            def test_create_server_ssl_verify_failed(self):
-                raise unittest.SkipTest("need python 3.5 (ssl.MemoryBIO)")
-
-            def test_create_server_ssl_match_failed(self):
-                raise unittest.SkipTest("need python 3.5 (ssl.MemoryBIO)")
-
-            def test_create_server_ssl_verified(self):
-                raise unittest.SkipTest("need python 3.5 (ssl.MemoryBIO)")
-
-        def test_legacy_create_ssl_connection(self):
-            raise unittest.SkipTest("IocpEventLoop incompatible with legacy SSL")
-
-        def test_legacy_create_server_ssl(self):
-            raise unittest.SkipTest("IocpEventLoop incompatible with legacy SSL")
-
-        def test_legacy_create_server_ssl_verify_failed(self):
-            raise unittest.SkipTest("IocpEventLoop incompatible with legacy SSL")
-
-        def test_legacy_create_server_ssl_match_failed(self):
-            raise unittest.SkipTest("IocpEventLoop incompatible with legacy SSL")
-
-        def test_legacy_create_server_ssl_verified(self):
-            raise unittest.SkipTest("IocpEventLoop incompatible with legacy SSL")
-
        def test_reader_callback(self):
            raise unittest.SkipTest("IocpEventLoop does not have add_reader()")


--- a/Lib/test/test_asyncio/test_selector_events.py
+++ b/Lib/test/test_asyncio/test_selector_events.py
--- a/Misc/NEWS.d/next/Library/2017-11-18-17-09-01.bpo-32069.S0wyy4.rst
+++ b/Misc/NEWS.d/next/Library/2017-11-18-17-09-01.bpo-32069.S0wyy4.rst
+Drop legacy SSL transport from asyncio, ssl.MemoryBIO is always used anyway.