Commit Graph

572 Commits

Author SHA1 Message Date
Alexander Kanavin 53930cbe47
gh-107562: make_ssl_certs.py: produce test certificates that expire far in the future by default (GH-107594)
This allows testing Y2038 with system time set to after that,
so that actual Y2038 issues can be exposed, and not masked
by expired certificate errors.

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
2024-10-09 11:16:08 +02:00
Alexander Kanavin 1ff1b899ce
gh-119400: make_ssl_certs: update reference test data automatically, pass in expiration dates as parameters #119400 (GH-119401)
* Lib/test/certdata: do not hardcode reference cert data into tests

The script was simply printing the reference data and asking
users to update it by hand into the test suites. This can
be easily improved by writing the data into files and
having the test cases load the files.

* make_ssl_certs: make it possible to pass in expiration dates from command line

Note that in this commit, the defaults are same as they were,
so if nothing is specified the script works as before.

---------

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
2024-09-25 21:23:47 +00:00
Mateusz Nowak 8ef358dae1
gh-118658: Return consistent types from `get_un/verified_chain` in `SSLObject` and `SSLSocket` (#118669)
Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
2024-08-16 22:27:44 +02:00
Victor Stinner 069de14cb9
gh-115627: Fix ssl test_pha_required_nocert() (#117821)
Accept also BrokenPipeError error message.
2024-04-12 20:41:16 +02:00
Sam Gross a214f55b27
gh-117483: Accept "Broken pipe" as valid error message in `test_wrong_cert_tls13` (GH-117484)
On macOS, the closed connection can lead to a "Broken pipe" error instead of
a "Connection reset by peer" error.
2024-04-03 14:29:02 +02:00
Gregory P. Smith 2e9be80c99
Fix reversed assertRegex checks in test_ssl. (#117351) 2024-03-28 17:58:37 -07:00
yevgeny hong ea9a296fce
gh-115627: Fix PySSL_SetError handling SSL_ERROR_SYSCALL (GH-115628)
Python 3.10 changed from using SSL_write() and SSL_read() to SSL_write_ex() and
SSL_read_ex(), but did not update handling of the return value.

Change error handling so that the return value is not examined.
OSError (not EOF) is now returned when retval is 0.

According to *recent* man pages of all functions for which we call
PySSL_SetError, (in OpenSSL 3.0 and 1.1.1), their return value should
be used to determine whether an error happened (i.e. if PySSL_SetError
should be called), but not what kind of error happened (so,
PySSL_SetError shouldn't need retval). To get the error,
we need to use SSL_get_error.

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Petr Viktorin <encukou@gmail.com>
2024-03-26 08:45:43 +01:00
Will Childs-Klein c85d84166a
gh-116333: Relax error string text expectations in SSL-related tests (GH-116334)
* Relax error string text expectations in SSL-related tests

As suggested [here][1], this change relaxes the OpenSSL error string
text expectations in a number of tests. This was specifically done in
support of more easily building CPython [AWS-LC][2], but because AWS-LC
is a fork of [BoringSSL][3], it should increase compatibility with that
library as well.

In addition to the error string relaxations, we also add some guards
around the `tls-unique` channel binding being used with TLSv1.3, as that
feature (described in [RFC 6929][4]) is [not defined][5] for TLSv1.3.

[1]: https://discuss.python.org/t/support-building-ssl-and-hashlib-modules-against-aws-lc/44505/4
[2]: https://github.com/aws/aws-lc
[3]: https://github.com/google/boringssl
[4]: https://datatracker.ietf.org/doc/html/rfc5929#section-3
[5]: https://datatracker.ietf.org/doc/html/rfc8446#appendix-C.5
2024-03-21 19:16:36 +00:00
Malcolm Smith 872c0714fc
gh-71052: Change Android's `sys.platform` from "linux" to "android"
Co-authored-by: Erlend E. Aasland <erlend.aasland@protonmail.com>
2024-03-11 19:25:39 +00:00
William Woodruff 0876b921b2
gh-107361: strengthen default SSL context flags (#112389)
This adds `VERIFY_X509_STRICT` to make the default
SSL context perform stricter (per RFC 5280) validation, as well
as `VERIFY_X509_PARTIAL_CHAIN` to enforce more standards-compliant
path-building behavior.

As part of this changeset, I had to tweak `make_ssl_certs.py`
slightly to emit 5280-conforming CA certs. This changeset includes
the regenerated certificates after that change.

Signed-off-by: William Woodruff <william@yossarian.net>
Co-authored-by: Victor Stinner <vstinner@python.org>
2024-03-06 13:44:58 -08:00
Serhiy Storchaka 0ea366240b
gh-113280: Always close socket if SSLSocket creation failed (GH-114659)
Co-authored-by: Thomas Grainger <tagrain@gmail.com>
2024-02-04 15:28:07 +00:00
Grant Ramsay e413daf5f6
gh-112454: Disable TLS-PSK if OpenSSL was built without PSK support (#112491)
If OpenSSL was built without PSK support, the python TLS-PSK
methods will raise "NotImplementedError" if called.

Add a constant "ssl.HAS_PSK" to check if TLS-PSK is supported
2023-11-28 16:15:39 -08:00
Zackery Spytz 812360fddd
gh-84443: SSLSocket.recv_into() now support buffer protocol with itemsize != 1 (GH-20310)
It is also no longer use __len__().

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
2023-11-27 19:15:39 +02:00
Grant Ramsay e954ac7205
gh-63284: Add support for TLS-PSK (pre-shared key) to the ssl module (#103181)
Add support for TLS-PSK (pre-shared key) to the ssl module.

---------

Co-authored-by: Oleg Iarygin <oleg@arhadthedev.net>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
2023-11-27 04:01:44 +00:00
Furkan Onder 9376728ce4
gh-67565: Add tests for C-contiguity checks (GH-110951) 2023-10-20 01:09:57 +03:00
Nikita Sobolev e57ecf6bbc
gh-108303: Move all certificates to `Lib/test/certdata/` (#109489) 2023-09-16 18:47:18 +02:00
Serhiy Storchaka 1e0d62793a
gh-108416: Mark slow but not CPU bound test methods with requires_resource('walltime') (GH-108480) 2023-09-05 17:56:30 +03:00
Victor Stinner 592bacb6fc
gh-108342: Make ssl TestPreHandshakeClose more reliable (#108370)
* In preauth tests of test_ssl, explicitly break reference cycles
  invoving SingleConnectionTestServerThread to make sure that the
  thread is deleted. Otherwise, the test marks the environment as
  altered because the threading module sees a "dangling thread"
  (SingleConnectionTestServerThread). This test leak was introduced
  by the test added for the fix of issue gh-108310.
* Use support.SHORT_TIMEOUT instead of hardcoded 1.0 or 2.0 seconds
  timeout.
* SingleConnectionTestServerThread.run() catchs TimeoutError
* Fix a race condition (missing synchronization) in
  test_preauth_data_to_tls_client(): the server now waits until the
  client connect() completed in call_after_accept().
* test_https_client_non_tls_response_ignored() calls server.join()
  explicitly.
* Replace "localhost" with server.listener.getsockname()[0].
2023-08-23 21:57:11 +00:00
Łukasz Langa 0cb0c238d5
gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw (#108315)
Instances of `ssl.SSLSocket` were vulnerable to a bypass of the TLS handshake
and included protections (like certificate verification) and treating sent
unencrypted data as if it were post-handshake TLS encrypted data.

The vulnerability is caused when a socket is connected, data is sent by the
malicious peer and stored in a buffer, and then the malicious peer closes the
socket within a small timing window before the other peers’ TLS handshake can
begin. After this sequence of events the closed socket will not immediately
attempt a TLS handshake due to not being connected but will also allow the
buffered data to be read as if a successful TLS handshake had occurred.

Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
2023-08-22 19:53:15 +02:00
Victor Stinner ad95c7253a
gh-106687: _ssl: use uint64_t for SSL options (#106700)
SSL_CTX_get_options() uses uint64_t for options:
https://www.openssl.org/docs/man3.1/man3/SSL_CTX_get_options.html

Fix this compiler warning on Windows with MSC:

    conversion from 'uint64_t' to 'long', possible loss of data
2023-07-17 17:55:30 +02:00
Irit Katriel 482b6eeadc
gh-102799: use sys.exception() instead of sys.exc_info() in tests (#103293) 2023-04-06 11:08:25 +01:00
David Benjamin acfe02f3b0
gh-100372: Use BIO_eof to detect EOF for SSL_FILETYPE_ASN1 (GH-100373)
In PEM, we need to parse until error and then suppress `PEM_R_NO_START_LINE`, because PEM allows arbitrary leading and trailing data. DER, however, does not. Parsing until error and suppressing `ASN1_R_HEADER_TOO_LONG` doesn't quite work because that error also covers some cases that should be rejected.

Instead, check `BIO_eof` early and stop the loop that way.

Automerge-Triggered-By: GH:Yhg1s
2023-03-24 06:04:30 -07:00
Benjamin Fogle af9c34f6ef
gh-96931: Fix incorrect results in ssl.SSLSocket.shared_ciphers (#96932) 2023-03-22 15:08:41 +01:00
David Benjamin 420bbb783b
GH-95494: Fix transport EOF handling in OpenSSL 3.0 (GH-95495)
GH-25309 enabled SSL_OP_IGNORE_UNEXPECTED_EOF by default, with a comment
that it restores OpenSSL 1.1.1 behavior, but this wasn't quite right.
That option causes OpenSSL to treat transport EOF as the same as
close_notify (i.e. SSL_ERROR_ZERO_RETURN), whereas Python actually has
distinct SSLEOFError and SSLZeroReturnError exceptions. (The latter is
usually mapped to a zero return from read.) In OpenSSL 1.1.1, the ssl
module would raise them for transport EOF and close_notify,
respectively. In OpenSSL 3.0, both act like close_notify.

Fix this by, instead, just detecting SSL_R_UNEXPECTED_EOF_WHILE_READING
and mapping that to the other exception type.

There doesn't seem to have been any unit test of this error, so fill in
the missing one. This had to be done with the BIO path because it's
actually slightly tricky to simulate a transport EOF with Python's fd
based APIs. (If you instruct the server to close the socket, it gets
confused, probably because the server's SSL object is still referencing
the now dead fd?)
2023-03-22 13:16:26 +01:00
Thomas Grainger 79ccc03b62
gh-89051: Add ssl.OP_LEGACY_SERVER_CONNECT (#93927)
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Co-authored-by: Christian Heimes <christian@python.org>
Co-authored-by: Hugo van Kemenade <hugovk@users.noreply.github.com>
Fixes https://github.com/python/cpython/issues/89051
2022-12-20 09:10:30 +02:00
Nikita Sobolev e56e33d271
gh-72719: Remove asyncore and asynchat modules (#96580)
Remove modules asyncore and asynchat, which were deprecated by PEP 594.

Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
2022-11-08 16:48:58 +01:00
Christian Heimes 565403038b
gh-95280: Fix test_get_ciphers on systems without RSA key exchange (GH-95282) 2022-07-27 09:19:49 +02:00
David Benjamin 934b25dcc4
Fix typo in PROTOCOL_TO_TLS_VERSION in test_ssl (GH-95119)
This appears to be a typo. It causes try_protocol_combo to try to turn
on SSL 3.0 when testing PROTOCOL_SSLv23 (aka PROTOCOL_TLS), which
doesn't make any sense. Fix it to be PROTOCOL_SSLv3.

Without this, try_protocol_combo is actually setting
context.minimum_version to SSLv3 when called as
try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLS, True)

One would think this causes a no-ssl3 OpenSSL build to fail, but OpenSSL
forgot to make SSL_CTX_set_min_proto_version(SSL3_VERSION) does not
notice no-ssl3, so this typo has gone undetected. But we should still
fix the typo because, presumably, a future version of OpenSSL will
remove SSL 3.0 and do so more thoroughly, at which point this will
break.
2022-07-21 17:38:15 -07:00
Victor Stinner 00464bbed6
gh-94199: Remove the ssl.wrap_socket() function (#94203)
Remove the ssl.wrap_socket() function, deprecated in Python 3.7:
instead, create a ssl.SSLContext object and call its
sl.SSLContext.wrap_socket() method. Any package that still uses
ssl.wrap_socket() is broken and insecure. The function neither sends
a SNI TLS extension nor validates server hostname. Code is subject to
CWE-295 : Improper Certificate Validation.
2022-07-08 15:20:15 +02:00
Victor Stinner 600c65c094
gh-94172: Remove ssl.PROTOCOL_SSLv2 dead code (#94312)
Remove dead code related to ssl.PROTOCOL_SSLv2. ssl.PROTOCOL_SSLv2
was already removed in Python 3.10.

In test_ssl, @requires_tls_version('SSLv2') always returned False.

Extract of the removed code: "OpenSSL has removed support for SSLv2".
2022-06-28 13:57:08 +02:00
Christian Heimes 1bc86c2625
gh-94208: Add more TLS version/protocol checks for FreeBSD (GH-94347)
Three test cases were failing on FreeBSD with latest OpenSSL.
2022-06-28 09:33:06 +02:00
Victor Stinner 944c7d8a85
gh-94199: Remove ssl.match_hostname() function (#94224) 2022-06-25 12:54:11 +02:00
Victor Stinner d435a18c53
gh-94199: Remove ssl.RAND_pseudo_bytes() function (#94202)
Remove the ssl.RAND_pseudo_bytes() function, deprecated in Python
3.6: use os.urandom() or ssl.RAND_bytes() instead.
2022-06-24 11:05:53 +02:00
Victor Stinner 7e9eaad864
Add test.support.busy_retry() (#93770)
Add busy_retry() and sleeping_retry() functions to test.support.
2022-06-15 11:42:10 +02:00
Victor Stinner 5185956527
gh-69443: Add test.support.Py_DEBUG constant (#93226) 2022-05-26 00:12:54 +02:00
Serhiy Storchaka 086c6b1b0f
bpo-45046: Support context managers in unittest (GH-28045)
Add methods enterContext() and enterClassContext() in TestCase.
Add method enterAsyncContext() in IsolatedAsyncioTestCase.
Add function enterModuleContext().
2022-05-08 17:49:09 +03:00
Hugo van Kemenade 9b027d4cea
gh-92169: Use warnings_helper.import_deprecated() to import deprecated modules uniformly in tests (GH-92170) 2022-05-03 10:17:54 +03:00
Ethan Furman 62a6594e66
bpo-40066: [Enum] fix tests (GH-30643)
- skip doctest that changes depending on target system
- skip doctest that only fails on CI
- substitute in values that change depending on target system
2022-01-17 08:52:42 -08:00
Kumar Aditya 83d544b929
bpo-40066: [Enum] skip failing doc test (GH-30637) 2022-01-17 07:18:13 -08:00
Victor Stinner 42a64c03ec
Revert "bpo-40066: [Enum] update str() and format() output (GH-30582)" (GH-30632)
This reverts commit acf7403f9b.
2022-01-17 13:58:40 +01:00
Ethan Furman acf7403f9b
bpo-40066: [Enum] update str() and format() output (GH-30582)
Undo rejected PEP-663 changes:

- restore `repr()` to its 3.10 status
- restore `str()` to its 3.10 status

New changes:

- `IntEnum` and `IntFlag` now leave `__str__` as the original `int.__str__` so that str() and format() return the same result
- zero-valued flags without a name have a slightly changed repr(), e.g. `repr(Color(0)) == '<Color: 0>'`
- update `dir()` for mixed-in types to return all the methods and attributes of the mixed-in type
- added `_numeric_repr_` to `Flag` to control display of unnamed values
- enums without doc strings have a more comprehensive doc string added
- `ReprEnum` added -- inheriting from this makes it so only `__repr__` is replaced, not `__str__` nor `__format__`; `IntEnum`, `IntFlag`, and `StrEnum` all inherit from `ReprEnum`
2022-01-15 22:41:43 -08:00
Christian Heimes 2985feac4e
bpo-46114: Fix OpenSSL version check for 3.0.1 (GH-30170) 2021-12-17 16:17:32 +01:00
Victor Stinner cf7eaa4617
Revert "bpo-28533: Remove asyncore, asynchat, smtpd modules (GH-29521)" (GH-29951)
This reverts commit 9bf2cbc4c4.
2021-12-07 12:31:04 +01:00
Victor Stinner 9bf2cbc4c4
bpo-28533: Remove asyncore, asynchat, smtpd modules (GH-29521)
Remove the asyncore and asynchat modules, deprecated in Python
3.6: use the asyncio module instead.

Remove the smtpd module, deprecated in Python 3.6: the aiosmtpd
module can be used instead, it is based on asyncio.

* Remove asyncore, asynchat and smtpd documentation
* Remove test_asyncore, test_asynchat and test_smtpd
* Rename Lib/asynchat.py to Lib/test/support/_asynchat.py
* Rename Lib/asyncore.py to Lib/test/support/_asyncore.py
* Rename Lib/smtpd.py to Lib/test/support/_smtpd.py
* Remove DeprecationWarning from private _asyncore, _asynchat and
  _smtpd modules
* _smtpd: remove deprecated properties
2021-11-16 00:29:17 +01:00
Serhiy Storchaka a624177386
bpo-45229: Fix setUpModule in test_ssl (GH-28454) 2021-09-19 16:18:16 +03:00
Serhiy Storchaka 40348acc18
bpo-45229: Remove test_main in many tests (GH-28405)
Instead of explicitly enumerate test classes for run_unittest()
use the unittest ability to discover tests. This also makes these
tests discoverable and runnable with unittest.

load_tests() can be used for dynamic generating tests and adding
doctests. setUpModule(), tearDownModule() and addModuleCleanup()
can be used for running code before and after all module tests.
2021-09-19 15:27:33 +03:00
Nikita Sobolev d897579a80
bpo-45185: enables `TestEnumerations` in `test_ssl` (GH-28330) 2021-09-15 19:57:03 +03:00
Mariusz Felisiak 11749e2dc2
bpo-44740: Lowercase "internet" and "web" where appropriate. (#27378)
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
2021-07-27 00:11:55 +02:00
Irit Katriel 22e7effad5
bpo-44498: suppress DeprecationWarnings for asynchat, asyncore and smtpd in tests (GH-26905) 2021-06-25 00:20:40 +01:00
Erlend Egeberg Aasland b5a52eef67
bpo-44229: Ignore spurious EPROTOTYPE on macOS in test_ssl (GH-26893) 2021-06-24 13:05:42 +01:00