traverseda
/
cpython
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

bpo-28414: ssl module idna test (#5395) 

Add test cases for IDNA 2003 and 2008 host names. IDNA 2003
internationalized host names are working since bpo-31399 has landed. IDNA
2008 deviations are still broken and will be fixed in another patch.

Signed-off-by: Christian Heimes <christian@python.org>
This commit is contained in:
Christian Heimes 2018-01-29 14:25:13 +01:00 committed by GitHub
parent 892d66e422
commit 66e5742bec
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 68 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
Lib/test/test_ssl.py
View File

@ -105,6 +105,7 @@ SIGNED_CERTFILE_ECC_HOSTNAME = 'localhost-ecc'
SIGNING_CA = data_file("capath", "ceff1710.0")
# cert with all kinds of subject alt names
ALLSANFILE = data_file("allsans.pem")
IDNSANSFILE = data_file("idnsans.pem")
REMOTE_HOST = "self-signed.pythontest.net"
@ -1612,7 +1613,6 @@ class MemoryBIOTests(unittest.TestCase):
class SimpleBackgroundTests(unittest.TestCase):
"""Tests that connect to a simple server running in the background"""
def setUp(self):
@ -2630,6 +2630,70 @@ class ThreadedTests(unittest.TestCase):
cipher = s.cipher()[0].split('-')
self.assertTrue(cipher[:2], ('ECDHE', 'ECDSA'))
def test_check_hostname_idn(self):
if support.verbose:
sys.stdout.write("\n")
server_context = ssl.SSLContext(ssl.PROTOCOL_TLS)
server_context.load_cert_chain(IDNSANSFILE)
context = ssl.SSLContext(ssl.PROTOCOL_TLS)
context.verify_mode = ssl.CERT_REQUIRED
context.check_hostname = True
context.load_verify_locations(SIGNING_CA)
# correct hostname should verify, when specified in several
# different ways
idn_hostnames = [
('könig.idn.pythontest.net',
'könig.idn.pythontest.net',),
('xn--knig-5qa.idn.pythontest.net',
'xn--knig-5qa.idn.pythontest.net'),
(b'xn--knig-5qa.idn.pythontest.net',
b'xn--knig-5qa.idn.pythontest.net'),
('königsgäßchen.idna2003.pythontest.net',
'königsgäßchen.idna2003.pythontest.net'),
('xn--knigsgsschen-lcb0w.idna2003.pythontest.net',
'xn--knigsgsschen-lcb0w.idna2003.pythontest.net'),
(b'xn--knigsgsschen-lcb0w.idna2003.pythontest.net',
b'xn--knigsgsschen-lcb0w.idna2003.pythontest.net'),
]
for server_hostname, expected_hostname in idn_hostnames:
server = ThreadedEchoServer(context=server_context, chatty=True)
with server:
with context.wrap_socket(socket.socket(),
server_hostname=server_hostname) as s:
self.assertEqual(s.server_hostname, expected_hostname)
s.connect((HOST, server.port))
cert = s.getpeercert()
self.assertEqual(s.server_hostname, expected_hostname)
self.assertTrue(cert, "Can't get peer certificate.")
with ssl.SSLSocket(socket.socket(),
server_hostname=server_hostname) as s:
s.connect((HOST, server.port))
s.getpeercert()
self.assertEqual(s.server_hostname, expected_hostname)
# bug https://bugs.python.org/issue28414
# IDNA 2008 deviations are broken
idna2008 = 'xn--knigsgchen-b4a3dun.idna2008.pythontest.net'
server = ThreadedEchoServer(context=server_context, chatty=True)
with server:
with self.assertRaises(UnicodeError):
with context.wrap_socket(socket.socket(),
server_hostname=idna2008) as s:
s.connect((HOST, server.port))
# incorrect hostname should raise an exception
server = ThreadedEchoServer(context=server_context, chatty=True)
with server:
with context.wrap_socket(socket.socket(),
server_hostname="python.example.org") as s:
with self.assertRaises(ssl.CertificateError):
s.connect((HOST, server.port))
def test_wrong_cert(self):
"""Connecting when the server rejects the client's certificate

3
Misc/NEWS.d/next/Tests/2018-01-28-21-19-13.bpo-28414.a6Onzt.rst Normal file
View File

@ -0,0 +1,3 @@
Add test cases for IDNA 2003 and 2008 host names. IDNA 2003
internationalized host names are working since bpo-31399 has landed. IDNA
2008 are still broken.