git » kxd » commit a3195eb

tests: Assert negotiated cipher secret size >= 128 bits

author Alberto Bertogli
2014-10-05 20:45:13 UTC
committer Alberto Bertogli
2014-10-05 20:45:13 UTC
parent 2af6c0892cf34ca25e66cc7be328b75d6444970c
tests: Assert negotiated cipher secret size >= 128 bits

Currently, the tests assert that the negotiated cipher secret size is > 128
bits. Due to recent changes (probably in openssl), in Debian testing we end up
negotiating ECDHE-RSA-AES128-GCM-SHA256 which has a 128 bit key.

That causes the test to fail.

There's nothing wrong with 128 bit keys in this context, and probably the
original intention was to use >= but got stuck with > as it worked.

While the value of this check is arguable, let's keep it for now, just
changing the check to >= so 128 bit secrets don't cause the test to fail.

Signed-off-by: Alberto Bertogli <albertito@blitiri.com.ar>
tests/run_tests +2 -2 
diff --git a/tests/run_tests b/tests/run_tests
index 23bfadf..85531ee 100755
--- a/tests/run_tests
+++ b/tests/run_tests
@@ -404,8 +404,8 @@ class TrickyRequests(TestCase):
                                certfile=self.client.cert_path())
 
         # We don't check the cipher itself, as it depends on the environment,
-        # but we should be using > 128 bit secrets.
-        self.assertTrue(sock.cipher()[2] > 128)
+        # but we should be using >= 128 bit secrets.
+        self.assertTrue(sock.cipher()[2] >= 128)
 
         server_cert = ssl.DER_cert_to_PEM_cert(
             sock.getpeercert(binary_form=True))