Skip to content

Commit 2037e2d

Browse files
fantixfantix
committed
Fix for Python 3.6 and lack of TLSv1.1
1 parent 3ffdde5 commit 2037e2d

File tree

2 files changed

+20
-8
lines changed

2 files changed

+20
-8
lines changed

‎asyncpg/connect_utils.py‎

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -222,6 +222,10 @@ def _parse_hostlist(hostlist, port, *, unquote=False):
222222

223223

224224
def_parse_tls_version(tls_version):
225+
ifnothasattr(ssl_module, 'TLSVersion'):
226+
raiseValueError(
227+
"TLSVersion is not supported in this version of Python"
228+
)
225229
iftls_version.startswith('SSL'):
226230
raiseValueError(
227231
f"Unsupported TLS version: {tls_version}"
@@ -552,13 +556,17 @@ def _parse_connect_dsn_and_args(*, dsn, host, port, user,
552556
ssl.options&=~ssl_module.OP_NO_COMPRESSION
553557

554558
ifssl_min_protocol_versionisNone:
555-
ssl_min_protocol_version=os.getenv(
556-
'PGSSLMINPROTOCOLVERSION', 'TLSv1.2'
557-
)
559+
ssl_min_protocol_version=os.getenv('PGSSLMINPROTOCOLVERSION')
558560
ifssl_min_protocol_version:
559561
ssl.minimum_version=_parse_tls_version(
560562
ssl_min_protocol_version
561563
)
564+
else:
565+
try:
566+
ssl.minimum_version=_parse_tls_version('TLSv1.2')
567+
exceptValueError:
568+
# Python 3.6 does not have ssl.TLSVersion
569+
pass
562570

563571
ifssl_max_protocol_versionisNone:
564572
ssl_max_protocol_version=os.getenv('PGSSLMAXPROTOCOLVERSION')

‎tests/test_connect.py‎

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313
importshutil
1414
importssl
1515
importstat
16+
importsys
1617
importtempfile
1718
importtextwrap
1819
importunittest
@@ -1340,13 +1341,13 @@ async def verify_fails(sslmode, *, host='localhost', exn_type):
13401341
awaitverify_works('allow')
13411342
awaitverify_works('prefer')
13421343
awaitverify_fails('require',
1343-
exn_type=ssl.CertificateError)
1344+
exn_type=ssl.SSLError)
13441345
awaitverify_fails('verify-ca',
1345-
exn_type=ssl.CertificateError)
1346+
exn_type=ssl.SSLError)
13461347
awaitverify_fails('verify-ca', host='127.0.0.1',
1347-
exn_type=ssl.CertificateError)
1348+
exn_type=ssl.SSLError)
13481349
awaitverify_fails('verify-full',
1349-
exn_type=ssl.CertificateError)
1350+
exn_type=ssl.SSLError)
13501351

13511352
asyncdeftest_ssl_connection_default_context(self):
13521353
# XXX: uvloop artifact
@@ -1410,6 +1411,9 @@ async def test_executemany_uvloop_ssl_issue_700(self):
14101411
finally:
14111412
awaitcon.close()
14121413

1414+
@unittest.skipIf(
1415+
sys.version_info< (3, 7), "Python < 3.7 doesn't have ssl.TLSVersion"
1416+
)
14131417
asyncdeftest_tls_version(self):
14141418
# XXX: uvloop artifact
14151419
old_handler=self.loop.get_exception_handler()
@@ -1420,7 +1424,7 @@ async def test_tls_version(self):
14201424
dsn='postgresql://ssl_user@localhost/postgres'
14211425
'?sslmode=require&ssl_min_protocol_version=TLSv1.3'
14221426
)
1423-
withself.assertRaisesRegex(ssl.SSLError, 'protocol version'):
1427+
withself.assertRaises(ssl.SSLError):
14241428
awaitself.connect(
14251429
dsn='postgresql://ssl_user@localhost/postgres'
14261430
'?sslmode=require'

0 commit comments

Comments
(0)