Commit Graph

62 Commits

Author SHA1 Message Date
Nikita Sobolev e56e33d271
gh-72719: Remove asyncore and asynchat modules (#96580)
Remove modules asyncore and asynchat, which were deprecated by PEP 594.

Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
2022-11-08 16:48:58 +01:00
Victor Stinner ef0e72b31d
gh-94172: Remove keyfile, certfile and check_hostname parameters (#94173)
Remove the keyfile, certfile and check_hostname parameters,
deprecated since Python 3.6, in modules: ftplib, http.client,
imaplib, poplib and smtplib. Use the context parameter (ssl_context
in imaplib) instead.

Parameters following the removed parameters become keyword-only
parameters.

ftplib: Remove the FTP_TLS.ssl_version class attribute: use the
context parameter instead.
2022-11-03 18:32:25 +01:00
Hugo van Kemenade 9b027d4cea
gh-92169: Use warnings_helper.import_deprecated() to import deprecated modules uniformly in tests (GH-92170) 2022-05-03 10:17:54 +03:00
Christian Heimes deeaac49e2
bpo-40280: Skip socket, fork, subprocess tests on Emscripten (GH-31986)
- Add requires_fork and requires_subprocess to more tests
- Skip extension import tests if dlopen is not available
- Don't assume that _testcapi is a shared extension
- Skip a lot of socket tests that don't work on Emscripten
- Skip mmap tests, mmap emulation is incomplete
- venv does not work yet
- Cannot get libc from executable

The "entire" test suite is now passing on Emscripten with EMSDK from git head (91 suites are skipped).
2022-03-22 03:04:36 -07:00
Christian Heimes 443b308fee
bpo-40479: Fix hashlib's usedforsecurity for OpenSSL 3.0.0 (GH-30455) 2022-01-13 09:46:38 +01:00
Victor Stinner cf7eaa4617
Revert "bpo-28533: Remove asyncore, asynchat, smtpd modules (GH-29521)" (GH-29951)
This reverts commit 9bf2cbc4c4.
2021-12-07 12:31:04 +01:00
Victor Stinner 9bf2cbc4c4
bpo-28533: Remove asyncore, asynchat, smtpd modules (GH-29521)
Remove the asyncore and asynchat modules, deprecated in Python
3.6: use the asyncio module instead.

Remove the smtpd module, deprecated in Python 3.6: the aiosmtpd
module can be used instead, it is based on asyncio.

* Remove asyncore, asynchat and smtpd documentation
* Remove test_asyncore, test_asynchat and test_smtpd
* Rename Lib/asynchat.py to Lib/test/support/_asynchat.py
* Rename Lib/asyncore.py to Lib/test/support/_asyncore.py
* Rename Lib/smtpd.py to Lib/test/support/_smtpd.py
* Remove DeprecationWarning from private _asyncore, _asynchat and
  _smtpd modules
* _smtpd: remove deprecated properties
2021-11-16 00:29:17 +01:00
Serhiy Storchaka 40348acc18
bpo-45229: Remove test_main in many tests (GH-28405)
Instead of explicitly enumerate test classes for run_unittest()
use the unittest ability to discover tests. This also makes these
tests discoverable and runnable with unittest.

load_tests() can be used for dynamic generating tests and adding
doctests. setUpModule(), tearDownModule() and addModuleCleanup()
can be used for running code before and after all module tests.
2021-09-19 15:27:33 +03:00
Irit Katriel 22e7effad5
bpo-44498: suppress DeprecationWarnings for asynchat, asyncore and smtpd in tests (GH-26905) 2021-06-25 00:20:40 +01:00
Christian Heimes 2875c603b2
bpo-43880: Show DeprecationWarnings for deprecated ssl module features (GH-25455)
* ssl.OP_NO_SSLv2
* ssl.OP_NO_SSLv3
* ssl.OP_NO_TLSv1
* ssl.OP_NO_TLSv1_1
* ssl.OP_NO_TLSv1_2
* ssl.OP_NO_TLSv1_3
* ssl.PROTOCOL_SSLv2
* ssl.PROTOCOL_SSLv3
* ssl.PROTOCOL_SSLv23 (alias for PROTOCOL_TLS)
* ssl.PROTOCOL_TLS
* ssl.PROTOCOL_TLSv1
* ssl.PROTOCOL_TLSv1_1
* ssl.PROTOCOL_TLSv1_2
* ssl.TLSVersion.SSLv3
* ssl.TLSVersion.TLSv1
* ssl.TLSVersion.TLSv1_1
* ssl.wrap_socket()
* ssl.RAND_pseudo_bytes()
* ssl.RAND_egd() (already removed since it's not supported by OpenSSL 1.1.1)
* ssl.SSLContext() without a protocol argument
* ssl.match_hostname()
* hashlib.pbkdf2_hmac() (pure Python implementation, fast OpenSSL
  function will stay)

Signed-off-by: Christian Heimes <christian@python.org>
2021-04-19 07:27:10 +02:00
Christian Heimes 03c8ddd9e9
bpo-42413: socket.timeout is now an alias of TimeoutError (GH-23413)
Signed-off-by: Christian Heimes <christian@python.org>
2020-11-20 00:26:07 -08:00
Hai Shi e80697d687
bpo-40275: Adding threading_helper submodule in test.support (GH-20263) 2020-05-28 00:10:27 +02:00
Hai Shi 66abe98a81
bpo-40275: Move requires_hashdigest() to test.support.hashlib_helper (GH-19716)
Add a new test.support.hashlib_helper submodule.
2020-04-29 03:11:29 +02:00
Serhiy Storchaka 16994912c9
bpo-40275: Avoid importing socket in test.support (GH-19603)
* Move socket related functions from test.support to socket_helper.
* Import socket, nntplib and urllib.error lazily in transient_internet().
* Remove importing multiprocess.
2020-04-25 10:06:29 +03:00
Dong-hee Na c39b52f152 bpo-39259: poplib now rejects timeout = 0 (GH-17912)
poplib.POP3 and poplib.POP3_SSL now raise a ValueError
if the given timeout for their constructor is zero to
prevent the creation of a non-blocking socket.
2020-01-10 15:34:05 +01:00
Victor Stinner 7772b1af5e
bpo-38614: Use support timeout constants (GH-17572) 2019-12-11 22:17:04 +01:00
Christian Heimes c64a1a61e6 bpo-38270: Check for hash digest algorithms and avoid MD5 (GH-16382)
Make it easier to run and test Python on systems with restrict crypto policies:

* add requires_hashdigest to test.support to check if a hash digest algorithm is available and working
* avoid MD5 in test_hmac
* replace MD5 with SHA256 in test_tarfile
* mark network tests that require MD5 for MD5-based digest auth or CRAM-MD5


https://bugs.python.org/issue38270
2019-09-25 07:30:20 -07:00
Christian Heimes 529525fb5a
bpo-33618: Enable TLS 1.3 in tests (GH-7079)
TLS 1.3 behaves slightly different than TLS 1.2. Session tickets and TLS
client cert auth are now handled after the initialy handshake. Tests now
either send/recv data to trigger session and client certs. Or tests
ignore ConnectionResetError / BrokenPipeError on the server side to
handle clients that force-close the socket fd.

To test TLS 1.3, OpenSSL 1.1.1-pre7-dev (git master + OpenSSL PR
https://github.com/openssl/openssl/pull/6340) is required.

Signed-off-by: Christian Heimes <christian@python.org>
2018-05-23 22:24:45 +02:00
Steve Dower e5f41d2f1e
bpo-33522: Enable CI builds on Visual Studio Team Services (#6865) 2018-05-16 17:50:29 -04:00
Jamie Davis 0e6c8ee235 bpo-32981: Fix catastrophic backtracking vulns (#5955)
* Prevent low-grade poplib REDOS (CVE-2018-1060)

The regex to test a mail server's timestamp is susceptible to
catastrophic backtracking on long evil responses from the server.

Happily, the maximum length of malicious inputs is 2K thanks
to a limit introduced in the fix for CVE-2013-1752.

A 2KB evil response from the mail server would result in small slowdowns
(milliseconds vs. microseconds) accumulated over many apop calls.
This is a potential DOS vector via accumulated slowdowns.

Replace it with a similar non-vulnerable regex.

The new regex is RFC compliant.
The old regex was non-compliant in edge cases.

* Prevent difflib REDOS (CVE-2018-1061)

The default regex for IS_LINE_JUNK is susceptible to
catastrophic backtracking.
This is a potential DOS vector.

Replace it with an equivalent non-vulnerable regex.

Also introduce unit and REDOS tests for difflib.

Co-authored-by: Tim Peters <tim.peters@gmail.com>
Co-authored-by: Christian Heimes <christian@python.org>
2018-03-03 21:33:32 -08:00
Christian Heimes 05d9fe32a1
bpo-32947: OpenSSL 1.1.1-pre1 / TLS 1.3 fixes (#5663)
* bpo-32947: OpenSSL 1.1.1-pre1 / TLS 1.3 fixes

Misc fixes and workarounds for compatibility with OpenSSL 1.1.1-pre1 and
TLS 1.3 support. With OpenSSL 1.1.1, Python negotiates TLS 1.3 by
default. Some test cases only apply to TLS 1.2. Other tests currently
fail because the threaded or async test servers stop after failure.

I'm going to address these issues when OpenSSL 1.1.1 reaches beta.

OpenSSL 1.1.1 has added a new option OP_ENABLE_MIDDLEBOX_COMPAT for TLS
1.3. The feature is enabled by default for maximum compatibility with
broken middle boxes. Users should be able to disable the hack and CPython's test suite needs
it to verify default options.

Signed-off-by: Christian Heimes <christian@python.org>
2018-02-27 08:55:39 +01:00
Christian Heimes 61d478c71c
bpo-31399: Let OpenSSL verify hostname and IP address (#3462)
bpo-31399: Let OpenSSL verify hostname and IP

The ssl module now uses OpenSSL's X509_VERIFY_PARAM_set1_host() and
X509_VERIFY_PARAM_set1_ip() API to verify hostname and IP addresses.

* Remove match_hostname calls
* Check for libssl with set1_host, libssl must provide X509_VERIFY_PARAM_set1_host()
* Add documentation for OpenSSL 1.0.2 requirement
* Don't support OpenSSL special mode with a leading dot, e.g. ".example.org" matches "www.example.org". It's not standard conform.
* Add hostname_checks_common_name

Signed-off-by: Christian Heimes <christian@python.org>
2018-01-27 15:51:38 +01:00
Christian Heimes a170fa162d bpo-31346: Use PROTOCOL_TLS_CLIENT/SERVER (#3058)
Replaces PROTOCOL_TLSv* and PROTOCOL_SSLv23 with PROTOCOL_TLS_CLIENT and
PROTOCOL_TLS_SERVER.

Signed-off-by: Christian Heimes <christian@python.org>
2017-09-15 20:27:30 +02:00
Victor Stinner d165e14e29 bpo-31448, test_poplib: Fix ResourceWarning (#3542)
Call POP3.close(), don't close close directly the sock attribute.
2017-09-13 05:53:10 -07:00
Victor Stinner d403a29c00 bpo-31234: Fix dangling thread in test_ftp/poplib (#3540)
Explicitly clear the server attribute in test_ftplib and test_poplib
to prevent dangling thread.
2017-09-13 03:58:25 -07:00
Antoine Pitrou a6a4dc816d bpo-31370: Remove support for threads-less builds (#3385)
* Remove Setup.config
* Always define WITH_THREAD for compatibility.
2017-09-07 18:56:24 +02:00
Christian Heimes d04863771b Issue #28022: Deprecate ssl-related arguments in favor of SSLContext.
The deprecation include manual creation of SSLSocket and certfile/keyfile
(or similar) in ftplib, httplib, imaplib, smtplib, poplib and urllib.

ssl.wrap_socket() is not marked as deprecated yet.
2016-09-10 23:23:33 +02:00
Serhiy Storchaka e437a10d15 Issue #23277: Remove unused imports in tests. 2016-04-24 21:41:02 +03:00
R David Murray b8cd3e4e30 #21804: Add RFC 6856 (UTF8) support to poplib.
Patch by Milan Oberkirch.
2015-05-16 15:05:53 -04:00
Benjamin Peterson f9284ae8ed merge 3.4 (#22921) 2014-11-23 17:06:39 -06:00
Benjamin Peterson 7243b574e5 don't require OpenSSL SNI to pass hostname to ssl functions (#22921)
Patch by Donald Stufft.
2014-11-23 17:04:34 -06:00
Charles-François Natali 6e20460dc6 Issue #21566: Make use of socket.listen() default backlog. 2014-07-23 19:28:13 +01:00
Antoine Pitrou 3f73e4c715 Fix failure in test_poplib after issue #20951. 2014-04-29 10:27:09 +02:00
Serhiy Storchaka 1ff23d7542 Issue #20549: Use specific asserts in mailbox, smtplib and poplib tests. 2014-02-08 15:06:43 +02:00
Serhiy Storchaka 578c6777aa Issue #20549: Use specific asserts in mailbox, smtplib and poplib tests. 2014-02-08 15:06:08 +02:00
Christian Heimes e8a257cdb1 test_poplib: skip stls_context test when SNI is not available 2013-12-15 21:44:43 +01:00
Victor Stinner 28dd6deca8 Fix #19830: Fix a ResourceWarning in test_poplib.
Patch written by Vajrasky Kok.
2013-12-09 01:15:10 +01:00
Christian Heimes 1bc7068d7f Issue #19784: poplib now supports SSLContext.check_hostname and server name
indication for TLS/SSL connections.
2013-12-02 20:10:50 +01:00
Serhiy Storchaka 43767638a9 Issue #18702: All skipped tests now reported as skipped. 2013-11-03 21:31:38 +02:00
Serhiy Storchaka 7908068627 Issue #18702: All skipped tests now reported as skipped. 2013-11-03 21:31:18 +02:00
Georg Brandl 7e27abbb39 Issue #16041: CVE-2013-1752: poplib: Limit maximum line lengths to 2048 to
prevent readline() calls from consuming too much memory.  Patch by Jyrki
Pulliainen.
2013-10-27 07:23:53 +01:00
Georg Brandl b89b5df9c9 merge with 3.3 2013-10-27 07:46:09 +01:00
Andrew Svetlov 0832af6628 Issue #16717: get rid of socket.error, replace with OSError 2012-12-18 23:10:48 +02:00
Antoine Pitrou 8618d7457b Issue #4473: Add a POP3.stls() to switch a clear-text POP3 session into an encrypted POP3 session, on supported servers.
Patch by Lorenzo Catucci.
2012-11-23 20:13:48 +01:00
Antoine Pitrou 25cee19beb Issue #4473: Add a POP3.capa() method to query the capabilities advertised by the POP3 server.
Patch by Lorenzo Catucci.
2012-11-23 20:07:39 +01:00
Charles-François Natali 77e1bfc377 Issue #13453: Fix a race condition in test_poplib. 2011-12-14 19:29:56 +01:00
Charles-François Natali 83ef2549de Issue #13453: Fix a race condition in test_poplib. 2011-12-14 19:28:56 +01:00
Giampaolo Rodolà 95bcb93041 Issue 11291: poplib suppresses errors on QUIT. 2011-02-25 22:28:24 +00:00
Giampaolo Rodolà 977c707b42 Fix issue 6706: adds new handle_accepted() method to asyncore.dispatcher 2010-10-04 21:08:36 +00:00
Giampaolo Rodolà 42382fedcc fix issue #8807: adds a context parameter to POP3_SSL class. 2010-08-17 16:09:53 +00:00