aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/patches/python-pyopenssl-skip-network-test.patch50
-rw-r--r--gnu/packages/python.scm13
3 files changed, 61 insertions, 3 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index a06f359435..89d1e83b4b 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -815,6 +815,7 @@ dist_patch_DATA = \
%D%/packages/patches/python-configobj-setuptools.patch \
%D%/packages/patches/python-paste-remove-website-test.patch \
%D%/packages/patches/python-paste-remove-timing-test.patch \
+ %D%/packages/patches/python-pyopenssl-skip-network-test.patch \
%D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \
%D%/packages/patches/qemu-CVE-2016-8576.patch \
%D%/packages/patches/qemu-CVE-2016-8577.patch \
diff --git a/gnu/packages/patches/python-pyopenssl-skip-network-test.patch b/gnu/packages/patches/python-pyopenssl-skip-network-test.patch
new file mode 100644
index 0000000000..a24eaf69a0
--- /dev/null
+++ b/gnu/packages/patches/python-pyopenssl-skip-network-test.patch
@@ -0,0 +1,50 @@
+This test tries connecting to an external server which is not supported
+in the build environment. See discussion at:
+
+https://lists.gnu.org/archive/html/guix-devel/2016-12/msg00650.html
+
+diff --git a/tests/test_ssl.py b/tests/test_ssl.py
+index ee849fd..60048b8 100644
+--- a/tests/test_ssl.py
++++ b/tests/test_ssl.py
+@@ -1180,40 +1180,6 @@ class ContextTests(TestCase, _LoopbackMixin):
+ TypeError, context.load_verify_locations, None, None, None
+ )
+
+- @pytest.mark.skipif(
+- platform == "win32",
+- reason="set_default_verify_paths appears not to work on Windows. "
+- "See LP#404343 and LP#404344."
+- )
+- def test_set_default_verify_paths(self):
+- """
+- :py:obj:`Context.set_default_verify_paths` causes the
+- platform-specific CA certificate locations to be used for
+- verification purposes.
+- """
+- # Testing this requires a server with a certificate signed by one
+- # of the CAs in the platform CA location. Getting one of those
+- # costs money. Fortunately (or unfortunately, depending on your
+- # perspective), it's easy to think of a public server on the
+- # internet which has such a certificate. Connecting to the network
+- # in a unit test is bad, but it's the only way I can think of to
+- # really test this. -exarkun
+-
+- # Arg, verisign.com doesn't speak anything newer than TLS 1.0
+- context = Context(SSLv23_METHOD)
+- context.set_default_verify_paths()
+- context.set_verify(
+- VERIFY_PEER,
+- lambda conn, cert, errno, depth, preverify_ok: preverify_ok)
+-
+- client = socket()
+- client.connect(("encrypted.google.com", 443))
+- clientSSL = Connection(context, client)
+- clientSSL.set_connect_state()
+- clientSSL.do_handshake()
+- clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")
+- self.assertTrue(clientSSL.recv(1024))
+-
+ def test_set_default_verify_paths_signature(self):
+ """
+ :py:obj:`Context.set_default_verify_paths` takes no arguments and
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index fece7cdb75..dce46cec34 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -6672,11 +6672,18 @@ message digests and key derivation functions.")
(uri (pypi-uri "pyOpenSSL" version))
(sha256
(base32
- "0vji4yrfshs15xpczbhzhasnjrwcarsqg87n98ixnyafnyxs6ybp"))))
+ "0vji4yrfshs15xpczbhzhasnjrwcarsqg87n98ixnyafnyxs6ybp"))
+ (patches
+ (search-patches "python-pyopenssl-skip-network-test.patch"))))
(build-system python-build-system)
(arguments
- ;; FIXME: Some tests fail with "NameError: name 'long' is not defined".
- '(#:tests? #f))
+ '(#:phases
+ (modify-phases %standard-phases
+ (delete 'check)
+ (add-after 'install 'check
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ (add-installed-pythonpath inputs outputs)
+ (zero? (system* "py.test" "-v")))))))
(propagated-inputs
`(("python-cryptography" ,python-cryptography)
("python-six" ,python-six)))