Disable advanced test on older OpenSSL.

Jean-Daniel Dupas · Jean-Daniel Dupas · commit d0300a895fd3 · 2019-07-08T16:55:20.000+02:00
diff --git a/tests/test_ssl.py b/tests/test_ssl.py
@@ -477,46 +477,46 @@ def test_set_sigalgs_list_wrong_type(self, context):
         with pytest.raises(TypeError):
             context.set_sigalgs_list(object())
 
-    def test_set_sigalgs_list_invalid_name(self, context):
-        """
-        `Context.set_cipher_list` raises `OpenSSL.SSL.Error` with a
-        `"no cipher match"` reason string regardless of the TLS
-        version.
-        """
-        with pytest.raises(Error):
-            context.set_sigalgs_list(b"imaginary-sigalg")
-
-    def test_set_sigalgs_list_not_supported(self):
-        """
-        If no signature algorithms supported by the server are set, the handshake
-        fails with a `"no suitable signature algorithm"` reason string.
-        """
+    if _lib.Cryptography_HAS_SIGALGS:
+        def test_set_sigalgs_list_invalid_name(self, context):
+            """
+            `Context.set_cipher_list` raises `OpenSSL.SSL.Error` with a
+            `"no cipher match"` reason string regardless of the TLS
+            version.
+            """
+            with pytest.raises(Error):
+                context.set_sigalgs_list(b"imaginary-sigalg")
 
-        def make_client(socket):
-            context = Context(TLSv1_2_METHOD)
-            context.set_sigalgs_list(b"ECDSA+SHA256:ECDSA+SHA384")
-            c = Connection(context, socket)
-            c.set_connect_state()
-            return c
+        def test_set_sigalgs_list_not_supported(self):
+            """
+            If no signature algorithms supported by the server are set, the handshake
+            fails with a `"no suitable signature algorithm"` reason string.
+            """
 
-        with pytest.raises(Error) as excinfo:
-            loopback(client_factory=make_client)
-        assert excinfo.value.args == (
-                [
-                    (
-                        'SSL routines',
-                        'tls_choose_sigalg',
-                        'no suitable signature algorithm',
-                    ),
-                ],
-            )
+            def make_client(socket):
+                context = Context(TLSv1_2_METHOD)
+                context.set_sigalgs_list(b"ECDSA+SHA256:ECDSA+SHA384")
+                c = Connection(context, socket)
+                c.set_connect_state()
+                return c
+
+            with pytest.raises(Error) as excinfo:
+                loopback(client_factory=make_client)
+            assert excinfo.value.args == (
+                    [
+                        (
+                            'SSL routines',
+                            'tls_choose_sigalg',
+                            'no suitable signature algorithm',
+                        ),
+                    ],
+                )
 
     def test_get_sigalgs(self):
         """
         `Connection.get_sigalgs` returns the signature algorithms send by the client to the server.
          This is supported only in TLS1_2 and later.
         """
-
         def make_client(socket):
             context = Context(TLSv1_2_METHOD)
             context.set_sigalgs_list(b"RSA-PSS+SHA256:ECDSA+SHA384")
@@ -529,8 +529,12 @@ def make_client(socket):
             client_factory=make_client)
 
         sigalgs = srv.get_sigalgs()
-        assert 0x0804 in sigalgs  # rsa_pss_rsae_sha256
-        assert 0x0503 in sigalgs  # ecdsa_secp384r1_sha384
+        if _lib.Cryptography_HAS_SIGALGS:
+            assert 0x0804 in sigalgs  # rsa_pss_rsae_sha256
+            assert 0x0503 in sigalgs  # ecdsa_secp384r1_sha384
+        else:
+            # gracefully degrades on older OpenSSL versions
+            assert len(sigalgs) == 0
 
     def test_load_client_ca(self, context, ca_file):
         """
