gh-108303: Move all certificates to `Lib/test/certdata/` (#109489)

This commit is contained in:
Nikita Sobolev 2023-09-16 19:47:18 +03:00 committed by GitHub
parent 929cc4e4a0
commit e57ecf6bbc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
41 changed files with 31 additions and 28 deletions

View File

@ -14,7 +14,7 @@ from test.support import socket_helper
here = os.path.dirname(__file__)
HOST = socket_helper.HOST
CERTFILE = os.path.join(here, 'keycert.pem')
CERTFILE = os.path.join(here, 'certdata', 'keycert.pem')
# This one's based on HTTPServer, which is based on socketserver

View File

@ -36,21 +36,21 @@ from test.support import socket_helper
from test.support import threading_helper
def data_file(filename):
def data_file(*filename):
if hasattr(support, 'TEST_HOME_DIR'):
fullname = os.path.join(support.TEST_HOME_DIR, filename)
fullname = os.path.join(support.TEST_HOME_DIR, *filename)
if os.path.isfile(fullname):
return fullname
fullname = os.path.join(os.path.dirname(__file__), '..', filename)
fullname = os.path.join(os.path.dirname(__file__), '..', *filename)
if os.path.isfile(fullname):
return fullname
raise FileNotFoundError(filename)
raise FileNotFoundError(os.path.join(filename))
ONLYCERT = data_file('ssl_cert.pem')
ONLYKEY = data_file('ssl_key.pem')
SIGNED_CERTFILE = data_file('keycert3.pem')
SIGNING_CA = data_file('pycacert.pem')
ONLYCERT = data_file('certdata', 'ssl_cert.pem')
ONLYKEY = data_file('certdata', 'ssl_key.pem')
SIGNED_CERTFILE = data_file('certdata', 'keycert3.pem')
SIGNING_CA = data_file('certdata', 'pycacert.pem')
PEERCERT = {
'OCSP': ('http://testca.pythontest.net/testca/ocsp/',),
'caIssuers': ('http://testca.pythontest.net/testca/pycacert.cer',),

View File

@ -325,8 +325,8 @@ class DummyFTPServer(asyncore.dispatcher, threading.Thread):
if ssl is not None:
CERTFILE = os.path.join(os.path.dirname(__file__), "keycert3.pem")
CAFILE = os.path.join(os.path.dirname(__file__), "pycacert.pem")
CERTFILE = os.path.join(os.path.dirname(__file__), "certdata", "keycert3.pem")
CAFILE = os.path.join(os.path.dirname(__file__), "certdata", "pycacert.pem")
class SSLConnection(asyncore.dispatcher):
"""An asyncore.dispatcher subclass supporting TLS/SSL."""

View File

@ -21,11 +21,13 @@ support.requires_working_socket(module=True)
here = os.path.dirname(__file__)
# Self-signed cert file for 'localhost'
CERT_localhost = os.path.join(here, 'keycert.pem')
CERT_localhost = os.path.join(here, 'certdata', 'keycert.pem')
# Self-signed cert file for 'fakehostname'
CERT_fakehostname = os.path.join(here, 'keycert2.pem')
CERT_fakehostname = os.path.join(here, 'certdata', 'keycert2.pem')
# Self-signed cert file for self-signed.pythontest.net
CERT_selfsigned_pythontestdotnet = os.path.join(here, 'selfsigned_pythontestdotnet.pem')
CERT_selfsigned_pythontestdotnet = os.path.join(
here, 'certdata', 'selfsigned_pythontestdotnet.pem',
)
# constants for testing chunked encoding
chunked_start = (

View File

@ -23,8 +23,8 @@ except ImportError:
support.requires_working_socket(module=True)
CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "keycert3.pem")
CAFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "pycacert.pem")
CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "certdata", "keycert3.pem")
CAFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "certdata", "pycacert.pem")
class TestImaplib(unittest.TestCase):

View File

@ -2170,7 +2170,7 @@ class HTTPHandlerTest(BaseTest):
sslctx = None
else:
here = os.path.dirname(__file__)
localhost_cert = os.path.join(here, "keycert.pem")
localhost_cert = os.path.join(here, "certdata", "keycert.pem")
sslctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
sslctx.load_cert_chain(localhost_cert)

View File

@ -29,8 +29,8 @@ if hasattr(poplib, 'POP3_SSL'):
import ssl
SUPPORTS_SSL = True
CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "keycert3.pem")
CAFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "pycacert.pem")
CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "certdata", "keycert3.pem")
CAFILE = os.path.join(os.path.dirname(__file__) or os.curdir, "certdata", "pycacert.pem")
requires_ssl = skipUnless(SUPPORTS_SSL, 'SSL not supported')

View File

@ -60,10 +60,10 @@ for proto, ver in (
PROTOCOL_TO_TLS_VERSION[proto] = ver
def data_file(*name):
return os.path.join(os.path.dirname(__file__), *name)
return os.path.join(os.path.dirname(__file__), "certdata", *name)
# The custom key and certificate files used in test_ssl are generated
# using Lib/test/make_ssl_certs.py.
# using Lib/test/certdata/make_ssl_certs.py.
# Other certificates are simply fetched from the internet servers they
# are meant to authenticate.
@ -641,7 +641,7 @@ class BasicSocketTests(unittest.TestCase):
def bad_cert_test(self, certfile):
"""Check that trying to use the given client certificate fails"""
certfile = os.path.join(os.path.dirname(__file__) or os.curdir,
certfile)
"certdata", certfile)
sock = socket.socket()
self.addCleanup(sock.close)
with self.assertRaises(ssl.SSLError):
@ -3309,12 +3309,12 @@ class ThreadedTests(unittest.TestCase):
# try to connect
if support.verbose:
sys.stdout.write('\n')
with open(CERTFILE, 'rb') as f:
# Get this test file itself:
with open(__file__, 'rb') as f:
d1 = f.read()
d2 = ''
# now fetch the same data from the HTTPS server
url = 'https://localhost:%d/%s' % (
server.port, os.path.split(CERTFILE)[1])
url = f'https://localhost:{server.port}/test_ssl.py'
context = ssl.create_default_context(cafile=SIGNING_CA)
f = urllib.request.urlopen(url, context=context)
try:

View File

@ -21,9 +21,9 @@ support.requires_working_socket(module=True)
here = os.path.dirname(__file__)
# Self-signed cert file for 'localhost'
CERT_localhost = os.path.join(here, 'keycert.pem')
CERT_localhost = os.path.join(here, 'certdata', 'keycert.pem')
# Self-signed cert file for 'fakehostname'
CERT_fakehostname = os.path.join(here, 'keycert2.pem')
CERT_fakehostname = os.path.join(here, 'certdata', 'keycert2.pem')
# Loopback http server infrastructure

View File

@ -2141,7 +2141,8 @@ LIBSUBDIRS= asyncio \
TESTSUBDIRS= idlelib/idle_test \
test \
test/audiodata \
test/capath \
test/certdata \
test/certdata/capath \
test/cjkencodings \
test/crashers \
test/data \