more fix

youknowone · youknowone · commit b0422cbbecff · 2025-10-29T17:29:49.000+09:00
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
@@ -586,7 +586,6 @@ def test_refcycle(self):
             del ss
         self.assertEqual(wr(), None)
 
-    @unittest.expectedFailure  # TODO: RUSTPYTHON
     def test_wrapped_unconnected(self):
         # Methods on an unconnected SSLSocket propagate the original
         # OSError raise by the underlying socket object.
@@ -1670,7 +1669,6 @@ def test_context_client_server(self):
         self.assertFalse(ctx.check_hostname)
         self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
 
-    @unittest.expectedFailure  # TODO: RUSTPYTHON
     def test_context_custom_class(self):
         class MySSLSocket(ssl.SSLSocket):
             pass
@@ -1687,7 +1685,6 @@ class MySSLObject(ssl.SSLObject):
         obj = ctx.wrap_bio(ssl.MemoryBIO(), ssl.MemoryBIO(), server_side=True)
         self.assertIsInstance(obj, MySSLObject)
 
-    @unittest.expectedFailure  # TODO: RUSTPYTHON
     def test_num_tickest(self):
         ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
         self.assertEqual(ctx.num_tickets, 2)
@@ -1896,7 +1893,6 @@ def setUp(self):
         self.enterContext(server)
         self.server_addr = (HOST, server.port)
 
-    @unittest.expectedFailure  # TODO: RUSTPYTHON
     def test_connect(self):
         with test_wrap_socket(socket.socket(socket.AF_INET),
                             cert_reqs=ssl.CERT_NONE) as s:
@@ -1963,7 +1959,6 @@ def test_non_blocking_connect_ex(self):
         # SSL established
         self.assertTrue(s.getpeercert())
 
-    @unittest.expectedFailure  # TODO: RUSTPYTHON
     def test_connect_with_context(self):
         # Same as test_connect, but with a separately created context
         ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
@@ -2090,7 +2085,6 @@ def test_non_blocking_handshake(self):
     def test_get_server_certificate(self):
         _test_get_server_certificate(self, *self.server_addr, cert=SIGNING_CA)
 
-    @unittest.expectedFailure  # TODO: RUSTPYTHON
     def test_get_server_certificate_sni(self):
         host, port = self.server_addr
         server_names = []
@@ -2117,7 +2111,6 @@ def test_get_server_certificate_fail(self):
         # independent test method
         _test_get_server_certificate_fail(self, *self.server_addr)
 
-    @unittest.expectedFailure  # TODO: RUSTPYTHON
     def test_get_server_certificate_timeout(self):
         def servername_cb(ssl_sock, server_name, initial_context):
             time.sleep(0.2)
@@ -2153,7 +2146,6 @@ def test_get_ca_certs_capath(self):
             self.assertTrue(cert)
         self.assertEqual(len(ctx.get_ca_certs()), 1)
 
-    @unittest.expectedFailure  # TODO: RUSTPYTHON
     def test_context_setget(self):
         # Check that the context of a connected socket can be replaced.
         ctx1 = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
@@ -3038,7 +3030,6 @@ def test_crl_check(self):
                 cert = s.getpeercert()
                 self.assertTrue(cert, "Can't get peer certificate.")
 
-    @unittest.expectedFailure  # TODO: RUSTPYTHON
     def test_check_hostname(self):
         if support.verbose:
             sys.stdout.write("\n")
@@ -3179,7 +3170,6 @@ def test_dual_rsa_ecc(self):
                 cipher = s.cipher()[0].split('-')
                 self.assertTrue(cipher[:2], ('ECDHE', 'ECDSA'))
 
-    @unittest.expectedFailure  # TODO: RUSTPYTHON
     def test_check_hostname_idn(self, warnings_filters=True):
         if support.verbose:
             sys.stdout.write("\n")
@@ -3367,7 +3357,6 @@ def connector():
         finally:
             t.join()
 
-    @unittest.expectedFailure  # TODO: RUSTPYTHON
     def test_ssl_cert_verify_error(self):
         if support.verbose:
             sys.stdout.write("\n")
@@ -3474,7 +3463,6 @@ def test_protocol_tlsv1_1(self):
         try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1_1, False)
 
     @requires_tls_version('TLSv1_2')
-    @unittest.expectedFailure  # TODO: RUSTPYTHON
     def test_protocol_tlsv1_2(self):
         """Connecting to a TLSv1.2 server with various client options.
            Testing against older TLS versions."""
@@ -3921,7 +3909,6 @@ def test_do_handshake_enotconn(self):
                 sock.do_handshake()
             self.assertEqual(cm.exception.errno, errno.ENOTCONN)
 
-    @unittest.expectedFailure  # TODO: RUSTPYTHON
     def test_no_shared_ciphers(self):
         client_context, server_context, hostname = testing_context()
         # OpenSSL enables all TLS 1.3 ciphers, enforce TLS 1.2 for test
@@ -4153,7 +4140,6 @@ def test_no_legacy_server_connect(self):
                                    chatty=True, connectionchatty=True,
                                    sni_name=hostname)
 
-    @unittest.expectedFailure  # TODO: RUSTPYTHON
     def test_dh_params(self):
         # Check we can get a connection with ephemeral finite-field
         # Diffie-Hellman (if supported).
@@ -4752,7 +4738,6 @@ def test_pha_optional(self):
                 s.write(b'HASCERT')
                 self.assertEqual(s.recv(1024), b'TRUE\n')
 
-    @unittest.expectedFailure  # TODO: RUSTPYTHON
     def test_pha_optional_nocert(self):
         if support.verbose:
             sys.stdout.write("\n")
@@ -4775,7 +4760,6 @@ def test_pha_optional_nocert(self):
                 s.write(b'HASCERT')
                 self.assertEqual(s.recv(1024), b'FALSE\n')
 
-    @unittest.expectedFailure  # TODO: RUSTPYTHON
     def test_pha_no_pha_client(self):
         client_context, server_context, hostname = testing_context()
         server_context.post_handshake_auth = True
@@ -4792,7 +4776,6 @@ def test_pha_no_pha_client(self):
                 s.write(b'PHA')
                 self.assertIn(b'extension not received', s.recv(1024))
 
-    @unittest.expectedFailure  # TODO: RUSTPYTHON
     def test_pha_no_pha_server(self):
         # server doesn't have PHA enabled, cert is requested in handshake
         client_context, server_context, hostname = testing_context()
@@ -4813,7 +4796,6 @@ def test_pha_no_pha_server(self):
                 s.write(b'HASCERT')
                 self.assertEqual(s.recv(1024), b'TRUE\n')
 
-    @unittest.expectedFailure  # TODO: RUSTPYTHON
     def test_pha_not_tls13(self):
         # TLS 1.2
         client_context, server_context, hostname = testing_context()
diff --git a/stdlib/src/ssl.rs b/stdlib/src/ssl.rs
@@ -1258,7 +1258,6 @@ mod _ssl {
             Ok(dict.into())
         }
 
-        // CPython: cpython/Modules/_ssl.c:4502-4539
         #[pymethod]
         fn session_stats(&self, vm: &VirtualMachine) -> PyResult {
             let ctx = self.ctx();
@@ -1505,7 +1504,7 @@ mod _ssl {
                 }
             }
 
-            // Configure post-handshake authentication (PHA) - CPython: bpo-37428
+            // Configure post-handshake authentication (PHA)
             #[cfg(ossl111)]
             if *zelf.post_handshake_auth.lock() {
                 unsafe {
@@ -1644,7 +1643,7 @@ mod _ssl {
                 sys::SSL_set_bio(ssl.as_ptr(), inbio_ptr, outbio_ptr);
             }
 
-            // Configure post-handshake authentication (PHA) - CPython: bpo-37428
+            // Configure post-handshake authentication (PHA)
             #[cfg(ossl111)]
             if *zelf.post_handshake_auth.lock() {
                 unsafe {
@@ -3002,6 +3001,33 @@ mod _ssl {
     ) -> PyBaseExceptionRef {
         match err.errors().last() {
             Some(e) => {
+                // Check if this is a system library error (file not found, etc.)
+                // CPython: Modules/_ssl.c:667-670, 697-701
+                let lib = sys::ERR_GET_LIB(e.code());
+                let library_str = e.library().unwrap_or("");
+
+                // Check both lib code and library string for system errors
+                if lib == sys::ERR_LIB_SYS || library_str == "SSL routines" {
+                    let reason = sys::ERR_GET_REASON(e.code());
+                    let reason_str = e.reason().unwrap_or("");
+
+                    // Check if it's a system lib error by reason string
+                    if reason_str == "system lib" || lib == sys::ERR_LIB_SYS {
+                        // errno 2 = ENOENT = FileNotFoundError
+                        let exc_type = if reason == 2 {
+                            vm.ctx.exceptions.file_not_found_error.to_owned()
+                        } else {
+                            vm.ctx.exceptions.os_error.to_owned()
+                        };
+                        let exc = vm.new_exception(exc_type, vec![vm.ctx.new_int(reason).into()]);
+                        // Set errno attribute explicitly
+                        let _ = exc
+                            .as_object()
+                            .set_attr("errno", vm.ctx.new_int(reason), vm);
+                        return exc;
+                    }
+                }
+
                 let caller = std::panic::Location::caller();
                 let (file, line) = (caller.file(), caller.line());
                 let file = file
