mirror of https://github.com/python/cpython
Issue #25940: Update new SSL tests for self-signed.pythontest.net
This commit is contained in:
Martin Panter
parent
514bb0711f
commit
b55f8b79af
|
|
@ -971,7 +971,7 @@ class ContextTests(unittest.TestCase):
|
|||
ctx.load_verify_locations(CERTFILE)
|
||||
self.assertEqual(ctx.cert_store_stats(),
|
||||
{'x509_ca': 0, 'crl': 0, 'x509': 1})
|
||||
ctx.load_verify_locations(SVN_PYTHON_ORG_ROOT_CERT)
|
||||
ctx.load_verify_locations(CAFILE_CACERT)
|
||||
self.assertEqual(ctx.cert_store_stats(),
|
||||
{'x509_ca': 1, 'crl': 0, 'x509': 2})
|
||||
|
||||
|
|
@ -981,8 +981,8 @@ class ContextTests(unittest.TestCase):
|
|||
# CERTFILE is not flagged as X509v3 Basic Constraints: CA:TRUE
|
||||
ctx.load_verify_locations(CERTFILE)
|
||||
self.assertEqual(ctx.get_ca_certs(), [])
|
||||
# but SVN_PYTHON_ORG_ROOT_CERT is a CA cert
|
||||
ctx.load_verify_locations(SVN_PYTHON_ORG_ROOT_CERT)
|
||||
# but CAFILE_CACERT is a CA cert
|
||||
ctx.load_verify_locations(CAFILE_CACERT)
|
||||
self.assertEqual(ctx.get_ca_certs(),
|
||||
[{'issuer': ((('organizationName', 'Root CA'),),
|
||||
(('organizationalUnitName', 'http://www.cacert.org'),),
|
||||
|
|
@ -998,7 +998,7 @@ class ContextTests(unittest.TestCase):
|
|||
(('emailAddress', 'support@cacert.org'),)),
|
||||
'version': 3}])
|
||||
|
||||
with open(SVN_PYTHON_ORG_ROOT_CERT) as f:
|
||||
with open(CAFILE_CACERT) as f:
|
||||
pem = f.read()
|
||||
der = ssl.PEM_cert_to_DER_cert(pem)
|
||||
self.assertEqual(ctx.get_ca_certs(True), [der])
|
||||
|
|
@ -1335,15 +1335,15 @@ class NetworkedTests(unittest.TestCase):
|
|||
s.close()
|
||||
|
||||
def test_connect_cadata(self):
|
||||
with open(CAFILE_CACERT) as f:
|
||||
with open(REMOTE_ROOT_CERT) as f:
|
||||
pem = f.read()
|
||||
der = ssl.PEM_cert_to_DER_cert(pem)
|
||||
with support.transient_internet("svn.python.org"):
|
||||
with support.transient_internet(REMOTE_HOST):
|
||||
ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
|
||||
ctx.verify_mode = ssl.CERT_REQUIRED
|
||||
ctx.load_verify_locations(cadata=pem)
|
||||
with ctx.wrap_socket(socket.socket(socket.AF_INET)) as s:
|
||||
s.connect(("svn.python.org", 443))
|
||||
s.connect((REMOTE_HOST, 443))
|
||||
cert = s.getpeercert()
|
||||
self.assertTrue(cert)
|
||||
|
||||
|
|
@ -1352,7 +1352,7 @@ class NetworkedTests(unittest.TestCase):
|
|||
ctx.verify_mode = ssl.CERT_REQUIRED
|
||||
ctx.load_verify_locations(cadata=der)
|
||||
with ctx.wrap_socket(socket.socket(socket.AF_INET)) as s:
|
||||
s.connect(("svn.python.org", 443))
|
||||
s.connect((REMOTE_HOST, 443))
|
||||
cert = s.getpeercert()
|
||||
self.assertTrue(cert)
|
||||
|
||||
|
|
@ -1475,13 +1475,13 @@ class NetworkedTests(unittest.TestCase):
|
|||
|
||||
def test_get_ca_certs_capath(self):
|
||||
# capath certs are loaded on request
|
||||
with support.transient_internet("svn.python.org"):
|
||||
with support.transient_internet(REMOTE_HOST):
|
||||
ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
|
||||
ctx.verify_mode = ssl.CERT_REQUIRED
|
||||
ctx.load_verify_locations(capath=CAPATH)
|
||||
self.assertEqual(ctx.get_ca_certs(), [])
|
||||
s = ctx.wrap_socket(socket.socket(socket.AF_INET))
|
||||
s.connect(("svn.python.org", 443))
|
||||
s.connect((REMOTE_HOST, 443))
|
||||
try:
|
||||
cert = s.getpeercert()
|
||||
self.assertTrue(cert)
|
||||
|
|
@ -1492,12 +1492,12 @@ class NetworkedTests(unittest.TestCase):
|
|||
@needs_sni
|
||||
def test_context_setget(self):
|
||||
# Check that the context of a connected socket can be replaced.
|
||||
with support.transient_internet("svn.python.org"):
|
||||
with support.transient_internet(REMOTE_HOST):
|
||||
ctx1 = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
|
||||
ctx2 = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
|
||||
s = socket.socket(socket.AF_INET)
|
||||
with ctx1.wrap_socket(s) as ss:
|
||||
ss.connect(("svn.python.org", 443))
|
||||
ss.connect((REMOTE_HOST, 443))
|
||||
self.assertIs(ss.context, ctx1)
|
||||
self.assertIs(ss._sslobj.context, ctx1)
|
||||
ss.context = ctx2
|
||||
|
|
|
|||
Loading…
Reference in New Issue