From 9bc4286a27a904706533a7b73e2312f2da15ac63 Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Fri, 1 Nov 2019 15:00:22 -0700 Subject: [PATCH] Deprecate more code related to TLS-SNI-01 (#7483) I tried to finish up #7214 by removing the code in acme but we can't really do that until #7478 is resolved which we cannot do until we release 0.40.0. Since we have to wait, this PR adds deprecation warnings for code that uses the TLS-SNI-01 code or was only used by the long deprecated TLS-SNI-01 code. I'd like this PR to land before our next release. * Deprecate more code related to TLS-SNI-01. * Assert about warning message. --- CHANGELOG.md | 3 +++ acme/acme/__init__.py | 2 +- acme/acme/standalone.py | 8 ++++---- acme/acme/standalone_test.py | 27 +++++++++++++++++++++++---- 4 files changed, 31 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2334aa666..8477525b1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,9 @@ Certbot adheres to [Semantic Versioning](https://semver.org/). * CLI flags --tls-sni-01-port and --tls-sni-01-address have been removed. * The values tls-sni and tls-sni-01 for the --preferred-challenges flag are no longer accepted. +* acme.standalone.BaseRequestHandlerWithLogging and + acme.standalone.simple_tls_sni_01_server have been deprecated and will be + removed in a future release of the library. ### Fixed diff --git a/acme/acme/__init__.py b/acme/acme/__init__.py index 13bdd41aa..e68ebd765 100644 --- a/acme/acme/__init__.py +++ b/acme/acme/__init__.py @@ -35,7 +35,7 @@ class _TLSSNI01DeprecationModule(object): self.__dict__['_module'] = module def __getattr__(self, attr): - if 'TLSSNI01' in attr: + if 'TLSSNI01' in attr or attr == 'BaseRequestHandlerWithLogging': warnings.warn('{0} attribute is deprecated, and will be removed soon.'.format(attr), DeprecationWarning, stacklevel=2) return getattr(self._module, attr) diff --git a/acme/acme/standalone.py b/acme/acme/standalone.py index 844960b2f..69c35fb6f 100644 --- a/acme/acme/standalone.py +++ b/acme/acme/standalone.py @@ -7,6 +7,7 @@ import os import socket import sys import threading +import warnings from six.moves import BaseHTTPServer # type: ignore # pylint: disable=import-error from six.moves import http_client # pylint: disable=import-error @@ -267,6 +268,9 @@ class HTTP01RequestHandler(BaseHTTPServer.BaseHTTPRequestHandler): def simple_tls_sni_01_server(cli_args, forever=True): """Run simple standalone TLSSNI01 server.""" + warnings.warn( + 'simple_tls_sni_01_server is deprecated and will be removed soon.', + DeprecationWarning, stacklevel=2) logging.basicConfig(level=logging.DEBUG) parser = argparse.ArgumentParser() @@ -299,7 +303,3 @@ def simple_tls_sni_01_server(cli_args, forever=True): # Patching ourselves to warn about TLS-SNI challenge deprecation and removal. sys.modules[__name__] = _TLSSNI01DeprecationModule(sys.modules[__name__]) - - -if __name__ == "__main__": - sys.exit(simple_tls_sni_01_server(sys.argv)) # pragma: no cover diff --git a/acme/acme/standalone_test.py b/acme/acme/standalone_test.py index 86ceaa316..c14f82d39 100644 --- a/acme/acme/standalone_test.py +++ b/acme/acme/standalone_test.py @@ -6,6 +6,7 @@ import socket import threading import tempfile import unittest +import warnings import time from contextlib import closing @@ -67,6 +68,18 @@ class TLSSNI01ServerTest(unittest.TestCase): jose.ComparableX509(self.certs[b'localhost'][1])) +class BaseRequestHandlerWithLoggingTest(unittest.TestCase): + """Test for acme.standalone.BaseRequestHandlerWithLogging.""" + + def test_it(self): + with mock.patch('acme.standalone.warnings.warn') as mock_warn: + # pylint: disable=unused-variable + from acme.standalone import BaseRequestHandlerWithLogging + self.assertTrue(mock_warn.called) + msg = mock_warn.call_args[0][0] + self.assertTrue(msg.startswith('BaseRequestHandlerWithLogging')) + + class HTTP01ServerTest(unittest.TestCase): """Tests for acme.standalone.HTTP01Server.""" @@ -266,8 +279,7 @@ class TestSimpleTLSSNI01Server(unittest.TestCase): sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) self.port = sock.getsockname()[1] - from acme.standalone import simple_tls_sni_01_server - self.process = multiprocessing.Process(target=simple_tls_sni_01_server, + self.process = multiprocessing.Process(target=_simple_tls_sni_01_server_no_warnings, args=(['path', '-p', str(self.port)],)) self.old_cwd = os.getcwd() os.chdir(self.test_cwd) @@ -284,8 +296,8 @@ class TestSimpleTLSSNI01Server(unittest.TestCase): @mock.patch('acme.standalone.TLSSNI01Server.handle_request') def test_mock(self, handle): - from acme.standalone import simple_tls_sni_01_server - simple_tls_sni_01_server(cli_args=['path', '-p', str(self.port)], forever=False) + _simple_tls_sni_01_server_no_warnings(cli_args=['path', '-p', str(self.port)], + forever=False) self.assertEqual(handle.call_count, 1) def test_live(self): @@ -302,5 +314,12 @@ class TestSimpleTLSSNI01Server(unittest.TestCase): test_util.load_comparable_cert('rsa2048_cert.pem')) +def _simple_tls_sni_01_server_no_warnings(*args, **kwargs): + with warnings.catch_warnings(): + warnings.filterwarnings('ignore', 'simple_tls.*') + from acme.standalone import simple_tls_sni_01_server + return simple_tls_sni_01_server(*args, **kwargs) + + if __name__ == "__main__": unittest.main() # pragma: no cover