diff --git a/.github/workflows/build_wheels.yml b/.github/workflows/build_wheels.yml index 7a4b4e4..5b14538 100644 --- a/.github/workflows/build_wheels.yml +++ b/.github/workflows/build_wheels.yml @@ -15,7 +15,7 @@ jobs: os: [ubuntu-22.04, macos-12, windows-2022] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Install Windows 8.1 SDK shell: powershell @@ -31,16 +31,16 @@ jobs: Start-Process -Wait vs_enterprise.exe -ArgumentList 'modify', '--installPath "C:\Program Files\Microsoft Visual Studio\2022\Enterprise"', '--add', 'Microsoft.VisualStudio.Component.VC.140', '--quiet', '--norestart', '--wait' if: runner.os == 'Windows' - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v5 name: Install Python - name: Install cibuildwheel - run: python -m pip install "cibuildwheel<2.13" + run: python -m pip install "cibuildwheel>=2.16,<2.17" - name: Build wheels run: python -m cibuildwheel --output-dir wheelhouse env: - CIBW_BUILD: "cp37-* cp38-* cp39-* cp310-* cp311-*" + CIBW_BUILD: "cp38-* cp39-* cp310-* cp311-* cp312-*" CIBW_SKIP: "*-win32 pp* *-musllinux_i686" # Skip win32, PyPy and muslinux32 builds # Build wheels for Apple x86_64 only; we use another workflow for Apple arm64 CIBW_ARCHS_MACOS: "x86_64" diff --git a/.github/workflows/run_tests.yml b/.github/workflows/run_tests.yml index 49ae318..957ffd0 100644 --- a/.github/workflows/run_tests.yml +++ b/.github/workflows/run_tests.yml @@ -8,19 +8,22 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - name: Set up Python 3.11 - uses: actions/setup-python@v2 + - uses: actions/checkout@v4 + - name: Set up Python 3.12 + uses: actions/setup-python@v5 with: - python-version: "3.11" + python-version: "3.12" - name: Install Python dependencies run: | - python -m pip install --upgrade pip + python -m pip install --upgrade pip setuptools wheel pip install -r requirements-dev.txt - name: Build C extension run: invoke build.all - - name: Lint and test - run: invoke test + - name: Lint + run: invoke lint + + - name: Test + run: invoke test \ No newline at end of file diff --git a/.gitignore b/.gitignore index a1e7d99..37d02d4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,11 +1,10 @@ .venv -.venv311 bin .cache -requirements.txt deps .pytest_cache - +.vscode +.ruff_cache/ .mypy_cache/ # OpenSSL build artifacts diff --git a/MANIFEST.in b/MANIFEST.in deleted file mode 100644 index 53b05a1..0000000 --- a/MANIFEST.in +++ /dev/null @@ -1,3 +0,0 @@ -# Include the license file -include LICENSE.txt -include README.md diff --git a/README.md b/README.md index fc0dfb3..a20e423 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ nassl [![PyPI wheel](https://img.shields.io/pypi/wheel/nassl.svg)](https://pypi.org/project/nassl/) [![PyPI version](https://img.shields.io/pypi/pyversions/nassl.svg)](https://pypi.org/project/nassl/) -Experimental OpenSSL wrapper for Python 3.7+ and [SSLyze](https://github.com/nabla-c0d3/sslyze). +Experimental OpenSSL wrapper for Python 3.8+ and [SSLyze](https://github.com/nabla-c0d3/sslyze). **Do NOT use for anything serious**. This code has not been properly tested/reviewed and is not production ready. diff --git a/build_tasks.py b/build_tasks.py index 6047698..6b6a413 100644 --- a/build_tasks.py +++ b/build_tasks.py @@ -9,13 +9,6 @@ from typing import Optional, Any, List from urllib.request import urlopen -# Monkeypatch for Python 3.11 -# TODO: Remove after this is fixed: https://github.com/pyinvoke/invoke/issues/833 -import inspect - -if not hasattr(inspect, "getargspec"): - inspect.getargspec = inspect.getfullargspec - try: from invoke import task, Context except ImportError: @@ -206,9 +199,16 @@ def build( _OPENSSL_CONF_CMD: str = None def _run_configure_command( - self, ctx: Context, openssl_target: str, zlib_lib_path: Path, zlib_include_path: Path + self, + ctx: Context, + openssl_target: str, + zlib_lib_path: Path, + zlib_include_path: Path, ) -> None: - if self.platform in [SupportedPlatformEnum.WINDOWS_32, SupportedPlatformEnum.WINDOWS_64]: + if self.platform in [ + SupportedPlatformEnum.WINDOWS_32, + SupportedPlatformEnum.WINDOWS_64, + ]: extra_args = "-no-asm -DZLIB_WINAPI" # *hate* zlib # On Windows OpenSSL wants the full path to the lib file final_zlib_path = zlib_lib_path @@ -227,15 +227,16 @@ def _run_configure_command( ) def _run_build_steps(self, ctx: Context) -> None: - if self.platform in [SupportedPlatformEnum.WINDOWS_32, SupportedPlatformEnum.WINDOWS_64]: + if self.platform in [ + SupportedPlatformEnum.WINDOWS_32, + SupportedPlatformEnum.WINDOWS_64, + ]: if self.platform == SupportedPlatformEnum.WINDOWS_32: ctx.run("ms\\do_ms") else: ctx.run("ms\\do_win64a.bat") - ctx.run( - "nmake -f ms\\nt.mak clean", warn=True - ) # Does not work if tmp32 does not exist (fresh build) + ctx.run("nmake -f ms\\nt.mak clean", warn=True) # Does not work if tmp32 does not exist (fresh build) ctx.run("nmake -f ms\\nt.mak") else: @@ -268,28 +269,40 @@ def _get_build_target(self, should_build_for_debug: bool) -> str: @property def include_path(self) -> Path: - if self.platform in [SupportedPlatformEnum.WINDOWS_32, SupportedPlatformEnum.WINDOWS_64]: + if self.platform in [ + SupportedPlatformEnum.WINDOWS_32, + SupportedPlatformEnum.WINDOWS_64, + ]: return self.src_path / "inc32" else: return self.src_path / "include" @property def libcrypto_path(self) -> Path: - if self.platform in [SupportedPlatformEnum.WINDOWS_32, SupportedPlatformEnum.WINDOWS_64]: + if self.platform in [ + SupportedPlatformEnum.WINDOWS_32, + SupportedPlatformEnum.WINDOWS_64, + ]: return self.src_path / "out32" / "libeay32.lib" else: return self.src_path / "libcrypto.a" @property def libssl_path(self) -> Path: - if self.platform in [SupportedPlatformEnum.WINDOWS_32, SupportedPlatformEnum.WINDOWS_64]: + if self.platform in [ + SupportedPlatformEnum.WINDOWS_32, + SupportedPlatformEnum.WINDOWS_64, + ]: return self.src_path / "out32" / "ssleay32.lib" else: return self.src_path / "libssl.a" @property def exe_path(self) -> Path: - if self.platform in [SupportedPlatformEnum.WINDOWS_32, SupportedPlatformEnum.WINDOWS_64]: + if self.platform in [ + SupportedPlatformEnum.WINDOWS_32, + SupportedPlatformEnum.WINDOWS_64, + ]: return self.src_path / "out32" / "openssl.exe" else: return self.src_path / "apps" / "openssl" @@ -307,7 +320,10 @@ def _openssl_git_tag(self) -> str: ) def _run_build_steps(self, ctx: Context) -> None: - if self.platform in [SupportedPlatformEnum.WINDOWS_32, SupportedPlatformEnum.WINDOWS_64]: + if self.platform in [ + SupportedPlatformEnum.WINDOWS_32, + SupportedPlatformEnum.WINDOWS_64, + ]: ctx.run("nmake clean", warn=True) ctx.run("nmake") else: @@ -315,14 +331,20 @@ def _run_build_steps(self, ctx: Context) -> None: @property def libcrypto_path(self) -> Path: - if self.platform in [SupportedPlatformEnum.WINDOWS_32, SupportedPlatformEnum.WINDOWS_64]: + if self.platform in [ + SupportedPlatformEnum.WINDOWS_32, + SupportedPlatformEnum.WINDOWS_64, + ]: return self.src_path / "libcrypto.lib" else: return self.src_path / "libcrypto.a" @property def libssl_path(self) -> Path: - if self.platform in [SupportedPlatformEnum.WINDOWS_32, SupportedPlatformEnum.WINDOWS_64]: + if self.platform in [ + SupportedPlatformEnum.WINDOWS_32, + SupportedPlatformEnum.WINDOWS_64, + ]: return self.src_path / "libssl.lib" else: return self.src_path / "libssl.a" @@ -333,7 +355,10 @@ def include_path(self) -> Path: @property def exe_path(self) -> Path: - if self.platform in [SupportedPlatformEnum.WINDOWS_32, SupportedPlatformEnum.WINDOWS_64]: + if self.platform in [ + SupportedPlatformEnum.WINDOWS_32, + SupportedPlatformEnum.WINDOWS_64, + ]: return self.src_path / "apps" / "openssl.exe" else: return self.src_path / "apps" / "openssl" @@ -349,7 +374,10 @@ def src_path(self) -> Path: return _DEPS_PATH / "zlib-1.2.13" def build(self, ctx: Context) -> None: - if self.platform in [SupportedPlatformEnum.WINDOWS_32, SupportedPlatformEnum.WINDOWS_64]: + if self.platform in [ + SupportedPlatformEnum.WINDOWS_32, + SupportedPlatformEnum.WINDOWS_64, + ]: if self.platform == SupportedPlatformEnum.WINDOWS_32: build_platform = "Win32" else: @@ -363,9 +391,7 @@ def build(self, ctx: Context) -> None: vs_contrib_path = self.src_path / "contrib" / "vstudio" with ctx.cd(str(vs_contrib_path)): - ctx.run( - f'"{msbuild_path}" vc14\\zlibvc.sln /P:Configuration=Release /P:Platform={build_platform}' - ) + ctx.run(f'"{msbuild_path}" vc14\\zlibvc.sln /P:Configuration=Release /P:Platform={build_platform}') else: # Linux/macOS build @@ -376,11 +402,12 @@ def build(self, ctx: Context) -> None: @property def libz_path(self) -> Path: - if self.platform in [SupportedPlatformEnum.WINDOWS_32, SupportedPlatformEnum.WINDOWS_64]: + if self.platform in [ + SupportedPlatformEnum.WINDOWS_32, + SupportedPlatformEnum.WINDOWS_64, + ]: arch = "x86" if self.platform == SupportedPlatformEnum.WINDOWS_32 else "x64" - zlib_lib_path = ( - self.src_path / "contrib" / "vstudio" / "vc14" / arch / "ZlibStatRelease" / "zlibstat.lib" - ) + zlib_lib_path = self.src_path / "contrib" / "vstudio" / "vc14" / arch / "ZlibStatRelease" / "zlibstat.lib" else: zlib_lib_path = self.src_path / "libz.a" return zlib_lib_path diff --git a/nassl/__init__.py b/nassl/__init__.py index d34aeb0..a09220a 100644 --- a/nassl/__init__.py +++ b/nassl/__init__.py @@ -1,2 +1,2 @@ __author__ = "Alban Diquet" -__version__ = "5.1.0" +__version__ = "5.2.0" diff --git a/nassl/ephemeral_key_info.py b/nassl/ephemeral_key_info.py index 3b419d2..8d7fcfd 100644 --- a/nassl/ephemeral_key_info.py +++ b/nassl/ephemeral_key_info.py @@ -146,7 +146,11 @@ class EphemeralKeyInfo(ABC): def __post_init__(self) -> None: # Required because of frozen=True; https://docs.python.org/3/library/dataclasses.html#frozen-instances - object.__setattr__(self, "type_name", _OPENSSL_EVP_PKEY_TO_NAME_MAPPING.get(self.type, "UNKNOWN")) + object.__setattr__( + self, + "type_name", + _OPENSSL_EVP_PKEY_TO_NAME_MAPPING.get(self.type, "UNKNOWN"), + ) @dataclass(frozen=True) @@ -156,9 +160,7 @@ class EcDhEphemeralKeyInfo(EphemeralKeyInfo): def __post_init__(self) -> None: super().__post_init__() - curve_name = _OPENSSL_NID_TO_SECG_ANSI_X9_62.get( - self.curve, f"unknown-curve-with-openssl-id-{self.curve}" - ) + curve_name = _OPENSSL_NID_TO_SECG_ANSI_X9_62.get(self.curve, f"unknown-curve-with-openssl-id-{self.curve}") # Required because of frozen=True; https://docs.python.org/3/library/dataclasses.html#frozen-instances object.__setattr__(self, "curve_name", curve_name) diff --git a/nassl/ocsp_response.py b/nassl/ocsp_response.py index 2d646c3..cb95566 100644 --- a/nassl/ocsp_response.py +++ b/nassl/ocsp_response.py @@ -28,6 +28,7 @@ def verify_ocsp_response(ocsp_response: _nassl.OCSP_RESPONSE, trust_store_path: except _nassl.OpenSSLError as e: if "certificate verify error" in str(e): raise OcspResponseNotTrustedError( - "OCSP Response verification failed: the response is not trusted", trust_store_path + "OCSP Response verification failed: the response is not trusted", + trust_store_path, ) raise diff --git a/nassl/ssl_client.py b/nassl/ssl_client.py index accb970..0d38de0 100755 --- a/nassl/ssl_client.py +++ b/nassl/ssl_client.py @@ -8,11 +8,7 @@ from enum import IntEnum from typing import List, Any -try: - from typing import Protocol -except ImportError: - # Will happen on Python 3.7 - from typing_extensions import Protocol # type: ignore +from typing import Protocol from typing import Optional @@ -123,7 +119,9 @@ def __init__( self._ssl.set_tlsext_host_name(server_name_indication) def _init_base_objects( - self, ssl_version: OpenSslVersionEnum, underlying_socket: Optional[socket.socket] + self, + ssl_version: OpenSslVersionEnum, + underlying_socket: Optional[socket.socket], ) -> None: """Setup the socket and SSL_CTX objects.""" self._is_handshake_completed = False @@ -133,9 +131,7 @@ def _init_base_objects( # A Python socket handles transmission of the data self._sock = underlying_socket - def _init_server_authentication( - self, ssl_verify: OpenSslVerifyEnum, ssl_verify_locations: Optional[Path] - ) -> None: + def _init_server_authentication(self, ssl_verify: OpenSslVerifyEnum, ssl_verify_locations: Optional[Path]) -> None: """Setup the certificate validation logic for authenticating the server.""" self._ssl_ctx.set_verify(ssl_verify.value) if ssl_verify_locations: @@ -154,13 +150,16 @@ def _init_client_authentication( ) -> None: """Setup client authentication using the supplied certificate and key.""" if client_certificate_chain is not None and client_key is not None: - self._use_private_key(client_certificate_chain, client_key, client_key_type, client_key_password) + self._use_private_key( + client_certificate_chain, + client_key, + client_key_type, + client_key_password, + ) if ignore_client_authentication_requests: if client_certificate_chain: - raise ValueError( - "Cannot enable both client_certchain_file and ignore_client_authentication_requests" - ) + raise ValueError("Cannot enable both client_certchain_file and ignore_client_authentication_requests") self._ssl_ctx.set_client_cert_cb_NULL() diff --git a/pyproject.toml b/pyproject.toml index 9b32909..6b9a145 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,23 +1,8 @@ -[tool.black] -line-length = 110 -target_version = ['py37'] -include = '\.pyi?$' -exclude = ''' +[tool.ruff] +line-length = 120 -( - /( - \.eggs # exclude a few common directories in the - | \.git # root of the project - | \.hg - | \.mypy_cache - | \.tox - | \.venv - | \.venv311 - | _build - | buck-out - | build - | dist - | deps # OpenSSL has some Python scripts that black rejects - )/ -) -''' \ No newline at end of file +[tool.mypy] +python_version = "3.8" +ignore_missing_imports = true +strict_optional = true +disallow_untyped_defs = true diff --git a/requirements-dev.txt b/requirements-dev.txt index e673c1b..8c07ece 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -1,8 +1,6 @@ -mypy -typing_extensions; python_version < '3.8' # For typing.Protocol -flake8 -invoke -pytest<7.3.0 +mypy==1.8 +invoke>=2,<3 +pytest>=7.4,<8 twine -black==22.10.0 pytest-cov +ruff==0.2.2 \ No newline at end of file diff --git a/setup.cfg b/setup.cfg deleted file mode 100644 index 64f87e7..0000000 --- a/setup.cfg +++ /dev/null @@ -1,14 +0,0 @@ -[metadata] -description_file = README.md - -[flake8] -max-line-length = 110 -select = C,E,F,W,B,B950 -ignore = E203, E501, W503 -exclude = deps .git dist .venv .venv311 - -[mypy] -python_version = 3.7 -ignore_missing_imports = True -strict_optional = True -disallow_untyped_defs = True diff --git a/setup.py b/setup.py index 8a967c6..d0b4cfb 100644 --- a/setup.py +++ b/setup.py @@ -28,22 +28,22 @@ "nassl.ocsp_response", "nassl.cert_chain_verifier", ], - "description": "Experimental OpenSSL wrapper for Python 3.7+ and SSLyze.", + "description": "Experimental OpenSSL wrapper for Python 3.8+ and SSLyze.", "author": __author__, "author_email": "nabla.c0d3@gmail.com", "url": "https://github.com/nabla-c0d3/nassl", - "python_requires": ">=3.7", + "python_requires": ">=3.8", "classifiers": [ "Development Status :: 4 - Beta", "Intended Audience :: Developers", "Intended Audience :: System Administrators", "Natural Language :: French", "License :: OSI Approved :: GNU Affero General Public License v3", - "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", "Programming Language :: Python :: 3.10", "Programming Language :: Python :: 3.11", + "Programming Language :: Python :: 3.12", "Topic :: System :: Networking", "Topic :: System :: Monitoring", "Topic :: System :: Networking :: Monitoring", @@ -71,14 +71,24 @@ ], } -if CURRENT_PLATFORM in [SupportedPlatformEnum.WINDOWS_32, SupportedPlatformEnum.WINDOWS_64]: +if CURRENT_PLATFORM in [ + SupportedPlatformEnum.WINDOWS_32, + SupportedPlatformEnum.WINDOWS_64, +]: # Build using the Python that was used to run this script; will not work for cross-compiling PYTHON_LIBS_PATH = Path(sys.executable).parent / "libs" BASE_NASSL_EXT_SETUP.update( { "library_dirs": [str(PYTHON_LIBS_PATH)], - "libraries": ["user32", "kernel32", "Gdi32", "Advapi32", "Ws2_32", "crypt32"], + "libraries": [ + "user32", + "kernel32", + "Gdi32", + "Advapi32", + "Ws2_32", + "crypt32", + ], } ) else: @@ -131,12 +141,13 @@ ], } ) -MODERN_NASSL_EXT_SETUP["sources"].append( - "nassl/_nassl/nassl_X509_STORE_CTX.c" -) # API only available in modern nassl +MODERN_NASSL_EXT_SETUP["sources"].append("nassl/_nassl/nassl_X509_STORE_CTX.c") # API only available in modern nassl -if CURRENT_PLATFORM in [SupportedPlatformEnum.WINDOWS_32, SupportedPlatformEnum.WINDOWS_64]: +if CURRENT_PLATFORM in [ + SupportedPlatformEnum.WINDOWS_32, + SupportedPlatformEnum.WINDOWS_64, +]: if SHOULD_BUILD_FOR_DEBUG: LEGACY_NASSL_EXT_SETUP.update({"extra_compile_args": ["/Zi"], "extra_link_args": ["/DEBUG"]}) MODERN_NASSL_EXT_SETUP.update({"extra_compile_args": ["/Zi"], "extra_link_args": ["/DEBUG"]}) @@ -147,7 +158,12 @@ NASSL_SETUP.update( - {"ext_modules": [Extension(**LEGACY_NASSL_EXT_SETUP), Extension(**MODERN_NASSL_EXT_SETUP)]} + { + "ext_modules": [ + Extension(**LEGACY_NASSL_EXT_SETUP), + Extension(**MODERN_NASSL_EXT_SETUP), + ] + } ) diff --git a/tasks.py b/tasks.py index b5c2208..fd3b0e7 100644 --- a/tasks.py +++ b/tasks.py @@ -1,12 +1,5 @@ from pathlib import Path -# Monkeypatch for Python 3.11 -# TODO: Remove after this is fixed: https://github.com/pyinvoke/invoke/issues/833 -import inspect - -if not hasattr(inspect, "getargspec"): - inspect.getargspec = inspect.getfullargspec - from invoke import task, Collection import build_tasks @@ -17,31 +10,22 @@ @task def test(ctx): - # Run linters - ctx.run("mypy sample_client.py") - ctx.run("flake8") - ctx.run("black . --check") - - # Run the test suite ctx.run("pytest --durations 5") - ctx.run("python sample_client.py") @task -def autoformat(ctx): - ctx.run("black .") +def lint(ctx): + ctx.run("ruff format .") + ctx.run("ruff check . --fix") + ctx.run("mypy sample_client.py nassl") @task def package_linux_wheels(ctx): """Build the Linux 32 and 64 bit wheels using Docker.""" - ctx.run( - f"docker run --rm -v {root_path}:/io quay.io/pypa/manylinux2010_i686 bash /io/build_linux_wheels.sh" - ) - ctx.run( - f"docker run --rm -v {root_path}:/io quay.io/pypa/manylinux2010_x86_64 bash /io/build_linux_wheels.sh" - ) + ctx.run(f"docker run --rm -v {root_path}:/io quay.io/pypa/manylinux2010_i686 bash /io/build_linux_wheels.sh") + ctx.run(f"docker run --rm -v {root_path}:/io quay.io/pypa/manylinux2010_x86_64 bash /io/build_linux_wheels.sh") @task @@ -86,7 +70,7 @@ def release(ctx): ns = Collection() ns.add_task(release) ns.add_task(test) -ns.add_task(autoformat) +ns.add_task(lint) package = Collection("package") diff --git a/tests/SSL_test.py b/tests/SSL_test.py index c67119c..4fb2104 100644 --- a/tests/SSL_test.py +++ b/tests/SSL_test.py @@ -137,7 +137,6 @@ def test_set_ciphersuites_bad_string(self): class TestLegacySSL: - # The following tests don't pass with modern OpenSSL - the API might have changed def test_set_cipher_list_bad(self): # Invalid cipher string diff --git a/tests/build_config_test.py b/tests/build_config_test.py index 1a77f43..359c2ce 100644 --- a/tests/build_config_test.py +++ b/tests/build_config_test.py @@ -4,7 +4,8 @@ import pytest can_only_run_on_linux_64 = pytest.mark.skipif( - condition=platform not in ["linux", "linux2"], reason="The test suite it not being run on Linux" + condition=platform not in ["linux", "linux2"], + reason="The test suite it not being run on Linux", ) diff --git a/tests/cert_chain_verifier_test.py b/tests/cert_chain_verifier_test.py index dfa80c6..55c5919 100644 --- a/tests/cert_chain_verifier_test.py +++ b/tests/cert_chain_verifier_test.py @@ -4,7 +4,10 @@ import pytest -from nassl.cert_chain_verifier import CertificateChainVerifier, CertificateChainVerificationFailed +from nassl.cert_chain_verifier import ( + CertificateChainVerifier, + CertificateChainVerificationFailed, +) from nassl._nassl import X509 diff --git a/tests/openssl_server/__init__.py b/tests/openssl_server/__init__.py index fa58f1d..34e8106 100644 --- a/tests/openssl_server/__init__.py +++ b/tests/openssl_server/__init__.py @@ -141,13 +141,19 @@ def __init__( def __enter__(self): _logger.warning(f'Running s_server with command: "{self._command_line}"') - if CURRENT_PLATFORM in [SupportedPlatformEnum.WINDOWS_64, SupportedPlatformEnum.WINDOWS_32]: + if CURRENT_PLATFORM in [ + SupportedPlatformEnum.WINDOWS_64, + SupportedPlatformEnum.WINDOWS_32, + ]: args = self._command_line else: args = shlex.split(self._command_line) try: self._process = subprocess.Popen( - args, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.STDOUT + args, + stdin=subprocess.PIPE, + stdout=subprocess.PIPE, + stderr=subprocess.STDOUT, ) self._server_io_manager = _OpenSslServerIOManager(self._process.stdout, self._process.stdin) @@ -194,7 +200,6 @@ def __init__( cipher: Optional[str] = None, prefer_server_order: bool = False, ) -> None: - extra_args = [] if prefer_server_order: diff --git a/tests/ssl_client_test.py b/tests/ssl_client_test.py index 3ee22b5..4cf9d6a 100644 --- a/tests/ssl_client_test.py +++ b/tests/ssl_client_test.py @@ -21,7 +21,11 @@ EcDhEphemeralKeyInfo, ) from nassl.cert_chain_verifier import CertificateChainVerificationFailed -from tests.openssl_server import ModernOpenSslServer, ClientAuthConfigEnum, LegacyOpenSslServer +from tests.openssl_server import ( + ModernOpenSslServer, + ClientAuthConfigEnum, + LegacyOpenSslServer, +) # TODO(AD): Switch to legacy server and add a TODO; skip tests for TLS 1.3 @@ -295,7 +299,8 @@ def test_get_dh_info_ecdh_x25519(self): def test_set_groups_curve_secp192k1(self): # Given a server that supports a bunch of curves with ModernOpenSslServer( - cipher="ECDHE-RSA-AES256-SHA", groups="X25519:prime256v1:secp384r1:secp192k1" + cipher="ECDHE-RSA-AES256-SHA", + groups="X25519:prime256v1:secp384r1:secp192k1", ) as server: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(5) @@ -324,7 +329,8 @@ def test_set_groups_curve_secp192k1(self): def test_set_groups_curve_x448(self): # Given a server that supports a bunch of curves with ModernOpenSslServer( - cipher="ECDHE-RSA-AES256-SHA", groups="X25519:prime256v1:X448:secp384r1:secp192k1" + cipher="ECDHE-RSA-AES256-SHA", + groups="X25519:prime256v1:X448:secp384r1:secp192k1", ) as server: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(5)