Commit Graph

386 Commits

Author SHA1 Message Date
Martin Panter 519f91215b Issue #25951: Fix SSLSocket.sendall() to return None, by Aviv Palivoda 2016-04-03 02:12:54 +00:00
Martin Panter ef4bb1e994 Issue #23804: Merge SSL zero read fix from 3.5 2016-03-28 01:09:13 +00:00
Martin Panter f6b1d66a3c Issue #23804: Fix SSL recv/read(0) to not return 1024 bytes 2016-03-28 00:22:09 +00:00
Martin Panter afd465d497 Issue #26644: Merge SSL negative read fix from 3.5 2016-03-27 10:40:22 +00:00
Martin Panter 5503d4731e Issue #26644: Raise ValueError for negative SSLSocket.recv() and read() 2016-03-27 05:35:19 +00:00
Martin Panter 3840b2ac67 Issue #25940: Use internal local server more in test_ssl
Move many tests from NetworkedTests and NetworkedBIOTests to a new Simple-
BackgroundTests class, using the existing ThreadedEchoServer and SIGNED_
CERTFILE infrastructure.

For tests that cause the server to crash by rejecting its certificate,
separate them into independent test methods.

Added custom root certificate to capath with the following commands:

cp Lib/test/{pycacert.pem,capath/}
# Edit copy to remove part before certificate
c_rehash -v Lib/test/capath/
c_rehash -v -old Lib/test/capath/
# Note the generated file names
cp Lib/test/capath/{pycacert.pem,b1930218.0}
mv Lib/test/capath/{pycacert.pem,ceff1710.0}

Change to pure PEM version of SIGNING_CA because PEM_cert_to_DER_cert() does
not like the extra text at the start.

Moved test_connect_ex_error() into BasicSocketTests and rewrote it to connect
to a reserved localhost port.

NetworkedTests.test_get_server_certificate_ipv6() split out because it needs
to connect to an IPv6 DNS address.

The only reference left to self-signed.pythontest.net is test_timeout_
connect_ex(), which needs a remote server to reliably time out the
connection, but does not rely on the server running SSL.

Made ThreadedEchoServer call unwrap() by default when it sees the client has
shut the connection down, so that the client can cleanly call unwrap().
2016-03-27 01:53:46 +00:00
Victor Stinner e0b75b7e87 Fix test_ssl.test_refcycle()
Issue #26590: support.check_warnings() stores warnins, but ResourceWarning now
comes with a reference to the socket object which indirectly keeps the socket
alive.
2016-03-21 17:26:04 +01:00
Martin Panter 3464ea2807 Issue #26173: Separate bad cert file tests and client rejection test
Test test_wrong_cert() runs a server that rejects the client's certificate,
so ECONNRESET is reasonable in addition to SSLError. On the other hand, the
other three tests don't even need to run a server because they are just
testing the parsing of invalid certificate files.

Also fix a ResourceWarning by closing the wrapped socket.
2016-02-01 21:58:11 +00:00
Martin Panter 407b62f3e5 Issue #26173: Fix test_ssl confusion with non-existing cert and wrongcert.pem
Testing for a non-existing certificate file is already done in test_errors().
Copy wrongcert.pem from Python 2 and use it to test the behaviour with a
mismatched certificate.
2016-01-30 03:41:43 +00:00
Martin Panter a8b43b5fc3 Issue #25940: Merge ETIMEDOUT fix from 3.4 into 3.5 2016-01-15 02:28:59 +00:00
Martin Panter 3f2240ccb6 Issue #25940: Merge ETIMEDOUT fix from 3.3 into 3.4 2016-01-15 02:18:31 +00:00
Martin Panter fab75d9bb9 Issue #25940: Merge ETIMEDOUT fix from 3.2 into 3.3 2016-01-15 02:08:13 +00:00
Martin Panter 035583b389 Issue #25940: On Windows, connecting to port 444 returns ETIMEDOUT 2016-01-15 01:16:41 +00:00
Martin Panter 40b97ec57a Issue #25940: Update new SSL tests for self-signed.pythontest.net
Removed SSL_ERROR_SYSCALL checking from ssl_io_loop() so that the loop can
terminate when unwrap() raises that error.
2016-01-14 13:05:46 +00:00
Martin Panter 17cbee49d6 Issue #25940: Merge self-signed.pythontest.net testing from 3.4 into 3.5 2016-01-14 13:22:29 +00:00
Martin Panter b55f8b79af Issue #25940: Update new SSL tests for self-signed.pythontest.net 2016-01-14 12:53:56 +00:00
Martin Panter 514bb0711f Issue #25940: Merge self-signed.pythontest.net testing from 3.3 into 3.4 2016-01-14 12:46:49 +00:00
Martin Panter 73f55076f6 Issue #25940: Merge self-signed.pythontest.net testing from 3.2 into 3.3 2016-01-14 12:21:02 +00:00
Martin Panter 3d81d93f34 Issue #25940: Use self-signed.pythontest.net in SSL tests
This is instead of svn.python.org, whose certificate recently expired, and
whose new certificate uses a different root certificate.

The certificate used at the pythontest server was modifed to set the "basic
constraints" CA flag. This flag seems to be required for test_get_ca_certs_
capath() to work (in Python 3.4+).

Added the new self-signed certificate to capath with the following commands:

cp Lib/test/{selfsigned_pythontestdotnet.pem,capath/}
c_rehash -v Lib/test/capath/
c_rehash -v -old Lib/test/capath/
# Note the generated file names
cp Lib/test/capath/{selfsigned_pythontestdotnet.pem,0e4015b9.0}
mv Lib/test/capath/{selfsigned_pythontestdotnet.pem,ce7b8643.0}

The new server responds with "No route to host" when connecting to port 444.
2016-01-14 09:36:00 +00:00
Benjamin Peterson 45bde5d2ee merge 3.4 (#25530) 2015-11-11 22:45:22 -08:00
Benjamin Peterson a9dcdabccb always set OP_NO_SSLv3 by default (closes #25530) 2015-11-11 22:38:41 -08:00
Berker Peksag 9e7990ae21 Issue #24210: Silence more PendingDeprecationWarning warnings in tests. 2015-05-16 23:21:26 +03:00
Benjamin Peterson 4b9df0d33b merge 3.4 (#23844) 2015-04-02 00:08:10 -04:00
Benjamin Peterson a7eaf56a6d replace 512 bit dh key with a 2014 bit one (closes #23844)
Patch by Cédric Krier.
2015-04-02 00:04:06 -04:00
Serhiy Storchaka 8490f5acfe Issue #23001: Few functions in modules mmap, ossaudiodev, socket, ssl, and
codecs, that accepted only read-only bytes-like object now accept writable
bytes-like object too.
2015-03-20 09:00:36 +02:00
Berker Peksag 18987a11ce Issue #20617: Remove unused import in test_ssl.
Patch by Mark Lawrence.
2015-03-12 18:50:49 +02:00
Berker Peksag 4a0e14730b Issue #20617: Remove unused import in test_ssl.
Patch by Mark Lawrence.
2015-03-12 18:51:16 +02:00
Benjamin Peterson 3e2500d6db merge 3.4 2015-03-04 23:20:23 -05:00
Benjamin Peterson c3d9c5ca0a adjust test_crl_check for trusted first being default 2015-03-04 23:18:48 -05:00
Benjamin Peterson de8eca4638 merge 3.4 2015-03-04 22:50:25 -05:00
Benjamin Peterson 990fcaac3c expose X509_V_FLAG_TRUSTED_FIRST 2015-03-04 22:49:41 -05:00
Antoine Pitrou c481bfb3f6 Issue #23239: ssl.match_hostname() now supports matching of IP addresses. 2015-02-15 18:12:20 +01:00
Ned Deily 7aa4428835 Issue #23345: merge from 3.4 2015-02-05 17:24:00 +11:00
Ned Deily 05784a706e Issue #23345: Prevent test_ssl failures with large OpenSSL patch level
values (like 0.9.8zc).
2015-02-05 17:20:13 +11:00
Benjamin Peterson 8861502e07 prefer server alpn ordering over the client's 2015-01-23 17:30:26 -05:00
Benjamin Peterson cca2732a82 add support for ALPN (closes #20188) 2015-01-23 16:35:37 -05:00
Benjamin Peterson 15042921ad enable cert validation in test 2015-01-07 22:12:43 -06:00
Benjamin Peterson 23ef9fac16 trying again 2015-01-07 21:21:34 -06:00
Benjamin Peterson e6838e08ef reorder cipher prefs 2015-01-07 20:52:40 -06:00
Benjamin Peterson 44c77791ab drop 256 2015-01-07 20:30:59 -06:00
Benjamin Peterson 359f2982f4 try using AES256 2015-01-07 20:03:27 -06:00
Benjamin Peterson 8791d697e0 fix assertions after ciphers were changed 2015-01-07 14:29:45 -06:00
Benjamin Peterson f78b78aed4 rc4 is a long time favorite 2015-01-07 14:21:22 -06:00
Benjamin Peterson 438a8db763 everyone should support AES ciphers 2015-01-07 13:28:40 -06:00
Benjamin Peterson 9f6eceab46 include some more ciphers 2015-01-07 12:59:20 -06:00
Benjamin Peterson aacd524118 force test server to speak tlsv1 2015-01-07 11:42:38 -06:00
Benjamin Peterson e27a421354 remove apparently wrong assertion about des bit size 2015-01-07 11:33:51 -06:00
Benjamin Peterson 4cb17812d9 expose the client's cipher suites from the handshake (closes #23186) 2015-01-07 11:14:26 -06:00
Victor Stinner fcfed19913 Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The
availability of the function is checked during the compilation. Patch written
by Bernard Spil.
2015-01-06 13:54:58 +01:00
Victor Stinner 789b805700 test_ssl: add more debug to investigate test_openssl_version() failure on
OpenBSD with LibreSSL.
2015-01-06 11:51:06 +01:00