mirror of
https://github.com/certbot/certbot.git
synced 2025-08-06 16:42:41 +03:00
e8265dbf9c
Fixes https://github.com/certbot/certbot/issues/9058. The changes to the CI config are equivalent to the ones made in https://github.com/certbot/certbot/pull/8460. Other than ignoring some warnings raised by botocore, the main additional work that had to be done here was switching away from using `distutils.version.LooseVersion` since the entire `distutils` module was deprecated in Python 3.10. To do that, I took a few different approaches: * If the version strings being parsed are from Python packages such as Certbot or setuptools, I switched to using [pkg_resources.parse_version](https://setuptools.pypa.io/en/latest/pkg_resources.html#parsing-utilities) from `setuptools`. This functionality has been available since [setuptools 8.0 from 2014](https://setuptools.pypa.io/en/latest/history.html#id865). * If the version strings being parsed are not from Python packages, I added code equivalent to `distutils.version.LooseVersion` in `certbot.util.parse_loose_version`. * The code for `CERTBOT_PIP_NO_BINARY` can be completely removed since that variable isn't used or referenced anywhere in this repo. * add python 3.10 support * make some version changes * don't use looseversion in setup.py * switch to pkg_resources * deprecate get_strict_version * fix route53 tests * remove unused CERTBOT_PIP_NO_BINARY code * stop using distutils in letstest * add unit tests * more changelog entries
32 lines
1.2 KiB
Python
32 lines
1.2 KiB
Python
#!/usr/bin/env python
|
|
# Test script for OpenSSL version checking
|
|
import sys
|
|
|
|
from certbot import util
|
|
|
|
|
|
def main(openssl_version, apache_version):
|
|
if not openssl_version.strip():
|
|
raise Exception("No OpenSSL version found.")
|
|
if not apache_version.strip():
|
|
raise Exception("No Apache version found.")
|
|
conf_file_location = "/etc/letsencrypt/options-ssl-apache.conf"
|
|
with open(conf_file_location) as f:
|
|
contents = f.read()
|
|
if util.parse_loose_version(apache_version.strip()) < util.parse_loose_version('2.4.11') or \
|
|
util.parse_loose_version(openssl_version.strip()) < util.parse_loose_version('1.0.2l'):
|
|
# should be old version
|
|
# assert SSLSessionTickets not in conf file
|
|
if "SSLSessionTickets" in contents:
|
|
raise Exception("Apache or OpenSSL version is too old, "
|
|
"but SSLSessionTickets is set.")
|
|
else:
|
|
# should be current version
|
|
# assert SSLSessionTickets in conf file
|
|
if "SSLSessionTickets" not in contents:
|
|
raise Exception("Apache and OpenSSL versions are sufficiently new, "
|
|
"but SSLSessionTickets is not set.")
|
|
|
|
if __name__ == '__main__':
|
|
main(*sys.argv[1:])
|