Issue #25940: Merge self-signed.pythontest.net testing from 3.2 into 3.3
This commit is contained in:
Martin Panter
commit
73f55076f6
|
|
@ -0,0 +1,16 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIClTCCAf6gAwIBAgIJAKGU95wKR8pTMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
|
||||||
|
BAYTAlhZMRcwFQYDVQQHDA5DYXN0bGUgQW50aHJheDEjMCEGA1UECgwaUHl0aG9u
|
||||||
|
IFNvZnR3YXJlIEZvdW5kYXRpb24xIzAhBgNVBAMMGnNlbGYtc2lnbmVkLnB5dGhv
|
||||||
|
bnRlc3QubmV0MB4XDTE0MTEwMjE4MDkyOVoXDTI0MTAzMDE4MDkyOVowcDELMAkG
|
||||||
|
A1UEBhMCWFkxFzAVBgNVBAcMDkNhc3RsZSBBbnRocmF4MSMwIQYDVQQKDBpQeXRo
|
||||||
|
b24gU29mdHdhcmUgRm91bmRhdGlvbjEjMCEGA1UEAwwac2VsZi1zaWduZWQucHl0
|
||||||
|
aG9udGVzdC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANDXQXW9tjyZ
|
||||||
|
Xt0Iv2tLL1+jinr4wGg36ioLDLFkMf+2Y1GL0v0BnKYG4N1OKlAU15LXGeGer8vm
|
||||||
|
Sv/yIvmdrELvhAbbo3w4a9TMYQA4XkIVLdvu3mvNOAet+8PMJxn26dbDhG809ALv
|
||||||
|
EHY57lQsBS3G59RZyBPVqAqmImWNJnVzAgMBAAGjNzA1MCUGA1UdEQQeMByCGnNl
|
||||||
|
bGYtc2lnbmVkLnB5dGhvbnRlc3QubmV0MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN
|
||||||
|
AQEFBQADgYEAIuzAhgMouJpNdf3URCHIineyoSt6WK/9+eyUcjlKOrDoXNZaD72h
|
||||||
|
TXMeKYoWvJyVcSLKL8ckPtDobgP2OTt0UkyAaj0n+ZHaqq1lH2yVfGUA1ILJv515
|
||||||
|
C8BqbvVZuqm3i7ygmw3bqE/lYMgOrYtXXnqOrz6nvsE6Yc9V9rFflOM=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
@ -0,0 +1,16 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIClTCCAf6gAwIBAgIJAKGU95wKR8pTMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
|
||||||
|
BAYTAlhZMRcwFQYDVQQHDA5DYXN0bGUgQW50aHJheDEjMCEGA1UECgwaUHl0aG9u
|
||||||
|
IFNvZnR3YXJlIEZvdW5kYXRpb24xIzAhBgNVBAMMGnNlbGYtc2lnbmVkLnB5dGhv
|
||||||
|
bnRlc3QubmV0MB4XDTE0MTEwMjE4MDkyOVoXDTI0MTAzMDE4MDkyOVowcDELMAkG
|
||||||
|
A1UEBhMCWFkxFzAVBgNVBAcMDkNhc3RsZSBBbnRocmF4MSMwIQYDVQQKDBpQeXRo
|
||||||
|
b24gU29mdHdhcmUgRm91bmRhdGlvbjEjMCEGA1UEAwwac2VsZi1zaWduZWQucHl0
|
||||||
|
aG9udGVzdC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANDXQXW9tjyZ
|
||||||
|
Xt0Iv2tLL1+jinr4wGg36ioLDLFkMf+2Y1GL0v0BnKYG4N1OKlAU15LXGeGer8vm
|
||||||
|
Sv/yIvmdrELvhAbbo3w4a9TMYQA4XkIVLdvu3mvNOAet+8PMJxn26dbDhG809ALv
|
||||||
|
EHY57lQsBS3G59RZyBPVqAqmImWNJnVzAgMBAAGjNzA1MCUGA1UdEQQeMByCGnNl
|
||||||
|
bGYtc2lnbmVkLnB5dGhvbnRlc3QubmV0MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN
|
||||||
|
AQEFBQADgYEAIuzAhgMouJpNdf3URCHIineyoSt6WK/9+eyUcjlKOrDoXNZaD72h
|
||||||
|
TXMeKYoWvJyVcSLKL8ckPtDobgP2OTt0UkyAaj0n+ZHaqq1lH2yVfGUA1ILJv515
|
||||||
|
C8BqbvVZuqm3i7ygmw3bqE/lYMgOrYtXXnqOrz6nvsE6Yc9V9rFflOM=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
@ -1,41 +0,0 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
|
|
||||||
IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
|
|
||||||
IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
|
|
||||||
Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
|
|
||||||
BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
|
|
||||||
MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
|
|
||||||
ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
|
|
||||||
CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
|
|
||||||
8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
|
|
||||||
zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
|
|
||||||
fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
|
|
||||||
w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
|
|
||||||
G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
|
|
||||||
epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
|
|
||||||
laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
|
|
||||||
QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
|
|
||||||
fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
|
|
||||||
YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w
|
|
||||||
ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY
|
|
||||||
gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe
|
|
||||||
MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0
|
|
||||||
IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy
|
|
||||||
dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw
|
|
||||||
czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0
|
|
||||||
dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl
|
|
||||||
aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC
|
|
||||||
AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg
|
|
||||||
b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB
|
|
||||||
ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc
|
|
||||||
nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg
|
|
||||||
18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c
|
|
||||||
gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl
|
|
||||||
Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY
|
|
||||||
sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T
|
|
||||||
SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF
|
|
||||||
CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum
|
|
||||||
GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk
|
|
||||||
zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW
|
|
||||||
omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
|
|
@ -0,0 +1,16 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIClTCCAf6gAwIBAgIJAKGU95wKR8pTMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
|
||||||
|
BAYTAlhZMRcwFQYDVQQHDA5DYXN0bGUgQW50aHJheDEjMCEGA1UECgwaUHl0aG9u
|
||||||
|
IFNvZnR3YXJlIEZvdW5kYXRpb24xIzAhBgNVBAMMGnNlbGYtc2lnbmVkLnB5dGhv
|
||||||
|
bnRlc3QubmV0MB4XDTE0MTEwMjE4MDkyOVoXDTI0MTAzMDE4MDkyOVowcDELMAkG
|
||||||
|
A1UEBhMCWFkxFzAVBgNVBAcMDkNhc3RsZSBBbnRocmF4MSMwIQYDVQQKDBpQeXRo
|
||||||
|
b24gU29mdHdhcmUgRm91bmRhdGlvbjEjMCEGA1UEAwwac2VsZi1zaWduZWQucHl0
|
||||||
|
aG9udGVzdC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANDXQXW9tjyZ
|
||||||
|
Xt0Iv2tLL1+jinr4wGg36ioLDLFkMf+2Y1GL0v0BnKYG4N1OKlAU15LXGeGer8vm
|
||||||
|
Sv/yIvmdrELvhAbbo3w4a9TMYQA4XkIVLdvu3mvNOAet+8PMJxn26dbDhG809ALv
|
||||||
|
EHY57lQsBS3G59RZyBPVqAqmImWNJnVzAgMBAAGjNzA1MCUGA1UdEQQeMByCGnNl
|
||||||
|
bGYtc2lnbmVkLnB5dGhvbnRlc3QubmV0MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN
|
||||||
|
AQEFBQADgYEAIuzAhgMouJpNdf3URCHIineyoSt6WK/9+eyUcjlKOrDoXNZaD72h
|
||||||
|
TXMeKYoWvJyVcSLKL8ckPtDobgP2OTt0UkyAaj0n+ZHaqq1lH2yVfGUA1ILJv515
|
||||||
|
C8BqbvVZuqm3i7ygmw3bqE/lYMgOrYtXXnqOrz6nvsE6Yc9V9rFflOM=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
@ -15,8 +15,8 @@ here = os.path.dirname(__file__)
|
||||||
CERT_localhost = os.path.join(here, 'keycert.pem')
|
CERT_localhost = os.path.join(here, 'keycert.pem')
|
||||||
# Self-signed cert file for 'fakehostname'
|
# Self-signed cert file for 'fakehostname'
|
||||||
CERT_fakehostname = os.path.join(here, 'keycert2.pem')
|
CERT_fakehostname = os.path.join(here, 'keycert2.pem')
|
||||||
# Root cert file (CA) for svn.python.org's cert
|
# Self-signed cert file for self-signed.pythontest.net
|
||||||
CACERT_svn_python_org = os.path.join(here, 'https_svn_python_org_root.pem')
|
CERT_selfsigned_pythontestdotnet = os.path.join(here, 'selfsigned_pythontestdotnet.pem')
|
||||||
|
|
||||||
HOST = support.HOST
|
HOST = support.HOST
|
||||||
|
|
||||||
|
|
@ -758,17 +758,18 @@ class HTTPSTest(TestCase):
|
||||||
self._check_svn_python_org(resp)
|
self._check_svn_python_org(resp)
|
||||||
|
|
||||||
def test_networked_good_cert(self):
|
def test_networked_good_cert(self):
|
||||||
# We feed a CA cert that validates the server's cert
|
# We feed the server's cert as a validating cert
|
||||||
import ssl
|
import ssl
|
||||||
support.requires('network')
|
support.requires('network')
|
||||||
with support.transient_internet('svn.python.org'):
|
with support.transient_internet('self-signed.pythontest.net'):
|
||||||
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
|
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
|
||||||
context.verify_mode = ssl.CERT_REQUIRED
|
context.verify_mode = ssl.CERT_REQUIRED
|
||||||
context.load_verify_locations(CACERT_svn_python_org)
|
context.load_verify_locations(CERT_selfsigned_pythontestdotnet)
|
||||||
h = client.HTTPSConnection('svn.python.org', 443, context=context)
|
h = client.HTTPSConnection('self-signed.pythontest.net', 443, context=context)
|
||||||
h.request('GET', '/')
|
h.request('GET', '/')
|
||||||
resp = h.getresponse()
|
resp = h.getresponse()
|
||||||
self._check_svn_python_org(resp)
|
server_string = resp.getheader('server')
|
||||||
|
self.assertIn('nginx', server_string)
|
||||||
|
|
||||||
def test_networked_bad_cert(self):
|
def test_networked_bad_cert(self):
|
||||||
# We feed a "CA" cert that is unrelated to the server's cert
|
# We feed a "CA" cert that is unrelated to the server's cert
|
||||||
|
|
|
||||||
|
|
@ -29,7 +29,8 @@ if hasattr(ssl, 'PROTOCOL_SSLv2'):
|
||||||
|
|
||||||
HOST = support.HOST
|
HOST = support.HOST
|
||||||
|
|
||||||
data_file = lambda name: os.path.join(os.path.dirname(__file__), name)
|
def data_file(*name):
|
||||||
|
return os.path.join(os.path.dirname(__file__), *name)
|
||||||
|
|
||||||
# The custom key and certificate files used in test_ssl are generated
|
# The custom key and certificate files used in test_ssl are generated
|
||||||
# using Lib/test/make_ssl_certs.py.
|
# using Lib/test/make_ssl_certs.py.
|
||||||
|
|
@ -47,8 +48,10 @@ ONLYKEY_PROTECTED = data_file("ssl_key.passwd.pem")
|
||||||
KEY_PASSWORD = "somepass"
|
KEY_PASSWORD = "somepass"
|
||||||
CAPATH = data_file("capath")
|
CAPATH = data_file("capath")
|
||||||
BYTES_CAPATH = os.fsencode(CAPATH)
|
BYTES_CAPATH = os.fsencode(CAPATH)
|
||||||
|
CAFILE_CACERT = data_file("capath", "5ed36f99.0")
|
||||||
|
|
||||||
SVN_PYTHON_ORG_ROOT_CERT = data_file("https_svn_python_org_root.pem")
|
REMOTE_HOST = "self-signed.pythontest.net"
|
||||||
|
REMOTE_ROOT_CERT = data_file("selfsigned_pythontestdotnet.pem")
|
||||||
|
|
||||||
EMPTYCERT = data_file("nullcert.pem")
|
EMPTYCERT = data_file("nullcert.pem")
|
||||||
BADCERT = data_file("badcert.pem")
|
BADCERT = data_file("badcert.pem")
|
||||||
|
|
@ -229,7 +232,7 @@ class BasicSocketTests(unittest.TestCase):
|
||||||
self.assertEqual(p['subjectAltName'], san)
|
self.assertEqual(p['subjectAltName'], san)
|
||||||
|
|
||||||
def test_DER_to_PEM(self):
|
def test_DER_to_PEM(self):
|
||||||
with open(SVN_PYTHON_ORG_ROOT_CERT, 'r') as f:
|
with open(CAFILE_CACERT, 'r') as f:
|
||||||
pem = f.read()
|
pem = f.read()
|
||||||
d1 = ssl.PEM_cert_to_DER_cert(pem)
|
d1 = ssl.PEM_cert_to_DER_cert(pem)
|
||||||
p2 = ssl.DER_cert_to_PEM_cert(d1)
|
p2 = ssl.DER_cert_to_PEM_cert(d1)
|
||||||
|
|
@ -592,7 +595,7 @@ class ContextTests(unittest.TestCase):
|
||||||
# Mismatching key and cert
|
# Mismatching key and cert
|
||||||
ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
|
ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
|
||||||
with self.assertRaisesRegex(ssl.SSLError, "key values mismatch"):
|
with self.assertRaisesRegex(ssl.SSLError, "key values mismatch"):
|
||||||
ctx.load_cert_chain(SVN_PYTHON_ORG_ROOT_CERT, ONLYKEY)
|
ctx.load_cert_chain(CAFILE_CACERT, ONLYKEY)
|
||||||
# Password protected key and cert
|
# Password protected key and cert
|
||||||
ctx.load_cert_chain(CERTFILE_PROTECTED, password=KEY_PASSWORD)
|
ctx.load_cert_chain(CERTFILE_PROTECTED, password=KEY_PASSWORD)
|
||||||
ctx.load_cert_chain(CERTFILE_PROTECTED, password=KEY_PASSWORD.encode())
|
ctx.load_cert_chain(CERTFILE_PROTECTED, password=KEY_PASSWORD.encode())
|
||||||
|
|
@ -759,11 +762,11 @@ class SSLErrorTests(unittest.TestCase):
|
||||||
class NetworkedTests(unittest.TestCase):
|
class NetworkedTests(unittest.TestCase):
|
||||||
|
|
||||||
def test_connect(self):
|
def test_connect(self):
|
||||||
with support.transient_internet("svn.python.org"):
|
with support.transient_internet(REMOTE_HOST):
|
||||||
s = ssl.wrap_socket(socket.socket(socket.AF_INET),
|
s = ssl.wrap_socket(socket.socket(socket.AF_INET),
|
||||||
cert_reqs=ssl.CERT_NONE)
|
cert_reqs=ssl.CERT_NONE)
|
||||||
try:
|
try:
|
||||||
s.connect(("svn.python.org", 443))
|
s.connect((REMOTE_HOST, 443))
|
||||||
self.assertEqual({}, s.getpeercert())
|
self.assertEqual({}, s.getpeercert())
|
||||||
finally:
|
finally:
|
||||||
s.close()
|
s.close()
|
||||||
|
|
@ -772,27 +775,27 @@ class NetworkedTests(unittest.TestCase):
|
||||||
s = ssl.wrap_socket(socket.socket(socket.AF_INET),
|
s = ssl.wrap_socket(socket.socket(socket.AF_INET),
|
||||||
cert_reqs=ssl.CERT_REQUIRED)
|
cert_reqs=ssl.CERT_REQUIRED)
|
||||||
self.assertRaisesRegex(ssl.SSLError, "certificate verify failed",
|
self.assertRaisesRegex(ssl.SSLError, "certificate verify failed",
|
||||||
s.connect, ("svn.python.org", 443))
|
s.connect, (REMOTE_HOST, 443))
|
||||||
s.close()
|
s.close()
|
||||||
|
|
||||||
# this should succeed because we specify the root cert
|
# this should succeed because we specify the root cert
|
||||||
s = ssl.wrap_socket(socket.socket(socket.AF_INET),
|
s = ssl.wrap_socket(socket.socket(socket.AF_INET),
|
||||||
cert_reqs=ssl.CERT_REQUIRED,
|
cert_reqs=ssl.CERT_REQUIRED,
|
||||||
ca_certs=SVN_PYTHON_ORG_ROOT_CERT)
|
ca_certs=REMOTE_ROOT_CERT)
|
||||||
try:
|
try:
|
||||||
s.connect(("svn.python.org", 443))
|
s.connect((REMOTE_HOST, 443))
|
||||||
self.assertTrue(s.getpeercert())
|
self.assertTrue(s.getpeercert())
|
||||||
finally:
|
finally:
|
||||||
s.close()
|
s.close()
|
||||||
|
|
||||||
def test_connect_ex(self):
|
def test_connect_ex(self):
|
||||||
# Issue #11326: check connect_ex() implementation
|
# Issue #11326: check connect_ex() implementation
|
||||||
with support.transient_internet("svn.python.org"):
|
with support.transient_internet(REMOTE_HOST):
|
||||||
s = ssl.wrap_socket(socket.socket(socket.AF_INET),
|
s = ssl.wrap_socket(socket.socket(socket.AF_INET),
|
||||||
cert_reqs=ssl.CERT_REQUIRED,
|
cert_reqs=ssl.CERT_REQUIRED,
|
||||||
ca_certs=SVN_PYTHON_ORG_ROOT_CERT)
|
ca_certs=REMOTE_ROOT_CERT)
|
||||||
try:
|
try:
|
||||||
self.assertEqual(0, s.connect_ex(("svn.python.org", 443)))
|
self.assertEqual(0, s.connect_ex((REMOTE_HOST, 443)))
|
||||||
self.assertTrue(s.getpeercert())
|
self.assertTrue(s.getpeercert())
|
||||||
finally:
|
finally:
|
||||||
s.close()
|
s.close()
|
||||||
|
|
@ -800,14 +803,14 @@ class NetworkedTests(unittest.TestCase):
|
||||||
def test_non_blocking_connect_ex(self):
|
def test_non_blocking_connect_ex(self):
|
||||||
# Issue #11326: non-blocking connect_ex() should allow handshake
|
# Issue #11326: non-blocking connect_ex() should allow handshake
|
||||||
# to proceed after the socket gets ready.
|
# to proceed after the socket gets ready.
|
||||||
with support.transient_internet("svn.python.org"):
|
with support.transient_internet(REMOTE_HOST):
|
||||||
s = ssl.wrap_socket(socket.socket(socket.AF_INET),
|
s = ssl.wrap_socket(socket.socket(socket.AF_INET),
|
||||||
cert_reqs=ssl.CERT_REQUIRED,
|
cert_reqs=ssl.CERT_REQUIRED,
|
||||||
ca_certs=SVN_PYTHON_ORG_ROOT_CERT,
|
ca_certs=REMOTE_ROOT_CERT,
|
||||||
do_handshake_on_connect=False)
|
do_handshake_on_connect=False)
|
||||||
try:
|
try:
|
||||||
s.setblocking(False)
|
s.setblocking(False)
|
||||||
rc = s.connect_ex(('svn.python.org', 443))
|
rc = s.connect_ex((REMOTE_HOST, 443))
|
||||||
# EWOULDBLOCK under Windows, EINPROGRESS elsewhere
|
# EWOULDBLOCK under Windows, EINPROGRESS elsewhere
|
||||||
self.assertIn(rc, (0, errno.EINPROGRESS, errno.EWOULDBLOCK))
|
self.assertIn(rc, (0, errno.EINPROGRESS, errno.EWOULDBLOCK))
|
||||||
# Wait for connect to finish
|
# Wait for connect to finish
|
||||||
|
|
@ -829,61 +832,65 @@ class NetworkedTests(unittest.TestCase):
|
||||||
def test_timeout_connect_ex(self):
|
def test_timeout_connect_ex(self):
|
||||||
# Issue #12065: on a timeout, connect_ex() should return the original
|
# Issue #12065: on a timeout, connect_ex() should return the original
|
||||||
# errno (mimicking the behaviour of non-SSL sockets).
|
# errno (mimicking the behaviour of non-SSL sockets).
|
||||||
with support.transient_internet("svn.python.org"):
|
with support.transient_internet(REMOTE_HOST):
|
||||||
s = ssl.wrap_socket(socket.socket(socket.AF_INET),
|
s = ssl.wrap_socket(socket.socket(socket.AF_INET),
|
||||||
cert_reqs=ssl.CERT_REQUIRED,
|
cert_reqs=ssl.CERT_REQUIRED,
|
||||||
ca_certs=SVN_PYTHON_ORG_ROOT_CERT,
|
ca_certs=REMOTE_ROOT_CERT,
|
||||||
do_handshake_on_connect=False)
|
do_handshake_on_connect=False)
|
||||||
try:
|
try:
|
||||||
s.settimeout(0.0000001)
|
s.settimeout(0.0000001)
|
||||||
rc = s.connect_ex(('svn.python.org', 443))
|
rc = s.connect_ex((REMOTE_HOST, 443))
|
||||||
if rc == 0:
|
if rc == 0:
|
||||||
self.skipTest("svn.python.org responded too quickly")
|
self.skipTest("REMOTE_HOST responded too quickly")
|
||||||
self.assertIn(rc, (errno.EAGAIN, errno.EWOULDBLOCK))
|
self.assertIn(rc, (errno.EAGAIN, errno.EWOULDBLOCK))
|
||||||
finally:
|
finally:
|
||||||
s.close()
|
s.close()
|
||||||
|
|
||||||
def test_connect_ex_error(self):
|
def test_connect_ex_error(self):
|
||||||
with support.transient_internet("svn.python.org"):
|
with support.transient_internet(REMOTE_HOST):
|
||||||
s = ssl.wrap_socket(socket.socket(socket.AF_INET),
|
s = ssl.wrap_socket(socket.socket(socket.AF_INET),
|
||||||
cert_reqs=ssl.CERT_REQUIRED,
|
cert_reqs=ssl.CERT_REQUIRED,
|
||||||
ca_certs=SVN_PYTHON_ORG_ROOT_CERT)
|
ca_certs=REMOTE_ROOT_CERT)
|
||||||
try:
|
try:
|
||||||
rc = s.connect_ex(("svn.python.org", 444))
|
rc = s.connect_ex((REMOTE_HOST, 444))
|
||||||
# Issue #19919: Windows machines or VMs hosted on Windows
|
# Issue #19919: Windows machines or VMs hosted on Windows
|
||||||
# machines sometimes return EWOULDBLOCK.
|
# machines sometimes return EWOULDBLOCK.
|
||||||
self.assertIn(rc, (errno.ECONNREFUSED, errno.EWOULDBLOCK))
|
errors = (
|
||||||
|
errno.ECONNREFUSED, errno.EHOSTUNREACH,
|
||||||
|
errno.EWOULDBLOCK,
|
||||||
|
)
|
||||||
|
self.assertIn(rc, errors)
|
||||||
finally:
|
finally:
|
||||||
s.close()
|
s.close()
|
||||||
|
|
||||||
def test_connect_with_context(self):
|
def test_connect_with_context(self):
|
||||||
with support.transient_internet("svn.python.org"):
|
with support.transient_internet(REMOTE_HOST):
|
||||||
# Same as test_connect, but with a separately created context
|
# Same as test_connect, but with a separately created context
|
||||||
ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
|
ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
|
||||||
s = ctx.wrap_socket(socket.socket(socket.AF_INET))
|
s = ctx.wrap_socket(socket.socket(socket.AF_INET))
|
||||||
s.connect(("svn.python.org", 443))
|
s.connect((REMOTE_HOST, 443))
|
||||||
try:
|
try:
|
||||||
self.assertEqual({}, s.getpeercert())
|
self.assertEqual({}, s.getpeercert())
|
||||||
finally:
|
finally:
|
||||||
s.close()
|
s.close()
|
||||||
# Same with a server hostname
|
# Same with a server hostname
|
||||||
s = ctx.wrap_socket(socket.socket(socket.AF_INET),
|
s = ctx.wrap_socket(socket.socket(socket.AF_INET),
|
||||||
server_hostname="svn.python.org")
|
server_hostname=REMOTE_HOST)
|
||||||
if ssl.HAS_SNI:
|
if ssl.HAS_SNI:
|
||||||
s.connect(("svn.python.org", 443))
|
s.connect((REMOTE_HOST, 443))
|
||||||
s.close()
|
s.close()
|
||||||
else:
|
else:
|
||||||
self.assertRaises(ValueError, s.connect, ("svn.python.org", 443))
|
self.assertRaises(ValueError, s.connect, (REMOTE_HOST, 443))
|
||||||
# This should fail because we have no verification certs
|
# This should fail because we have no verification certs
|
||||||
ctx.verify_mode = ssl.CERT_REQUIRED
|
ctx.verify_mode = ssl.CERT_REQUIRED
|
||||||
s = ctx.wrap_socket(socket.socket(socket.AF_INET))
|
s = ctx.wrap_socket(socket.socket(socket.AF_INET))
|
||||||
self.assertRaisesRegex(ssl.SSLError, "certificate verify failed",
|
self.assertRaisesRegex(ssl.SSLError, "certificate verify failed",
|
||||||
s.connect, ("svn.python.org", 443))
|
s.connect, (REMOTE_HOST, 443))
|
||||||
s.close()
|
s.close()
|
||||||
# This should succeed because we specify the root cert
|
# This should succeed because we specify the root cert
|
||||||
ctx.load_verify_locations(SVN_PYTHON_ORG_ROOT_CERT)
|
ctx.load_verify_locations(REMOTE_ROOT_CERT)
|
||||||
s = ctx.wrap_socket(socket.socket(socket.AF_INET))
|
s = ctx.wrap_socket(socket.socket(socket.AF_INET))
|
||||||
s.connect(("svn.python.org", 443))
|
s.connect((REMOTE_HOST, 443))
|
||||||
try:
|
try:
|
||||||
cert = s.getpeercert()
|
cert = s.getpeercert()
|
||||||
self.assertTrue(cert)
|
self.assertTrue(cert)
|
||||||
|
|
@ -896,12 +903,12 @@ class NetworkedTests(unittest.TestCase):
|
||||||
# OpenSSL 0.9.8n and 1.0.0, as a result the capath directory must
|
# OpenSSL 0.9.8n and 1.0.0, as a result the capath directory must
|
||||||
# contain both versions of each certificate (same content, different
|
# contain both versions of each certificate (same content, different
|
||||||
# filename) for this test to be portable across OpenSSL releases.
|
# filename) for this test to be portable across OpenSSL releases.
|
||||||
with support.transient_internet("svn.python.org"):
|
with support.transient_internet(REMOTE_HOST):
|
||||||
ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
|
ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
|
||||||
ctx.verify_mode = ssl.CERT_REQUIRED
|
ctx.verify_mode = ssl.CERT_REQUIRED
|
||||||
ctx.load_verify_locations(capath=CAPATH)
|
ctx.load_verify_locations(capath=CAPATH)
|
||||||
s = ctx.wrap_socket(socket.socket(socket.AF_INET))
|
s = ctx.wrap_socket(socket.socket(socket.AF_INET))
|
||||||
s.connect(("svn.python.org", 443))
|
s.connect((REMOTE_HOST, 443))
|
||||||
try:
|
try:
|
||||||
cert = s.getpeercert()
|
cert = s.getpeercert()
|
||||||
self.assertTrue(cert)
|
self.assertTrue(cert)
|
||||||
|
|
@ -912,7 +919,7 @@ class NetworkedTests(unittest.TestCase):
|
||||||
ctx.verify_mode = ssl.CERT_REQUIRED
|
ctx.verify_mode = ssl.CERT_REQUIRED
|
||||||
ctx.load_verify_locations(capath=BYTES_CAPATH)
|
ctx.load_verify_locations(capath=BYTES_CAPATH)
|
||||||
s = ctx.wrap_socket(socket.socket(socket.AF_INET))
|
s = ctx.wrap_socket(socket.socket(socket.AF_INET))
|
||||||
s.connect(("svn.python.org", 443))
|
s.connect((REMOTE_HOST, 443))
|
||||||
try:
|
try:
|
||||||
cert = s.getpeercert()
|
cert = s.getpeercert()
|
||||||
self.assertTrue(cert)
|
self.assertTrue(cert)
|
||||||
|
|
@ -924,9 +931,9 @@ class NetworkedTests(unittest.TestCase):
|
||||||
# Issue #5238: creating a file-like object with makefile() shouldn't
|
# Issue #5238: creating a file-like object with makefile() shouldn't
|
||||||
# delay closing the underlying "real socket" (here tested with its
|
# delay closing the underlying "real socket" (here tested with its
|
||||||
# file descriptor, hence skipping the test under Windows).
|
# file descriptor, hence skipping the test under Windows).
|
||||||
with support.transient_internet("svn.python.org"):
|
with support.transient_internet(REMOTE_HOST):
|
||||||
ss = ssl.wrap_socket(socket.socket(socket.AF_INET))
|
ss = ssl.wrap_socket(socket.socket(socket.AF_INET))
|
||||||
ss.connect(("svn.python.org", 443))
|
ss.connect((REMOTE_HOST, 443))
|
||||||
fd = ss.fileno()
|
fd = ss.fileno()
|
||||||
f = ss.makefile()
|
f = ss.makefile()
|
||||||
f.close()
|
f.close()
|
||||||
|
|
@ -940,9 +947,9 @@ class NetworkedTests(unittest.TestCase):
|
||||||
self.assertEqual(e.exception.errno, errno.EBADF)
|
self.assertEqual(e.exception.errno, errno.EBADF)
|
||||||
|
|
||||||
def test_non_blocking_handshake(self):
|
def test_non_blocking_handshake(self):
|
||||||
with support.transient_internet("svn.python.org"):
|
with support.transient_internet(REMOTE_HOST):
|
||||||
s = socket.socket(socket.AF_INET)
|
s = socket.socket(socket.AF_INET)
|
||||||
s.connect(("svn.python.org", 443))
|
s.connect((REMOTE_HOST, 443))
|
||||||
s.setblocking(False)
|
s.setblocking(False)
|
||||||
s = ssl.wrap_socket(s,
|
s = ssl.wrap_socket(s,
|
||||||
cert_reqs=ssl.CERT_NONE,
|
cert_reqs=ssl.CERT_NONE,
|
||||||
|
|
@ -988,12 +995,12 @@ class NetworkedTests(unittest.TestCase):
|
||||||
if support.verbose:
|
if support.verbose:
|
||||||
sys.stdout.write("\nVerified certificate for %s:%s is\n%s\n" % (host, port ,pem))
|
sys.stdout.write("\nVerified certificate for %s:%s is\n%s\n" % (host, port ,pem))
|
||||||
|
|
||||||
_test_get_server_certificate('svn.python.org', 443, SVN_PYTHON_ORG_ROOT_CERT)
|
_test_get_server_certificate(REMOTE_HOST, 443, REMOTE_ROOT_CERT)
|
||||||
if support.IPV6_ENABLED:
|
if support.IPV6_ENABLED:
|
||||||
_test_get_server_certificate('ipv6.google.com', 443)
|
_test_get_server_certificate('ipv6.google.com', 443)
|
||||||
|
|
||||||
def test_ciphers(self):
|
def test_ciphers(self):
|
||||||
remote = ("svn.python.org", 443)
|
remote = (REMOTE_HOST, 443)
|
||||||
with support.transient_internet(remote[0]):
|
with support.transient_internet(remote[0]):
|
||||||
with ssl.wrap_socket(socket.socket(socket.AF_INET),
|
with ssl.wrap_socket(socket.socket(socket.AF_INET),
|
||||||
cert_reqs=ssl.CERT_NONE, ciphers="ALL") as s:
|
cert_reqs=ssl.CERT_NONE, ciphers="ALL") as s:
|
||||||
|
|
@ -2150,7 +2157,7 @@ def test_main(verbose=False):
|
||||||
print(" HAS_SNI = %r" % ssl.HAS_SNI)
|
print(" HAS_SNI = %r" % ssl.HAS_SNI)
|
||||||
|
|
||||||
for filename in [
|
for filename in [
|
||||||
CERTFILE, SVN_PYTHON_ORG_ROOT_CERT, BYTES_CERTFILE,
|
CERTFILE, REMOTE_ROOT_CERT, BYTES_CERTFILE,
|
||||||
ONLYCERT, ONLYKEY, BYTES_ONLYCERT, BYTES_ONLYKEY,
|
ONLYCERT, ONLYKEY, BYTES_ONLYCERT, BYTES_ONLYKEY,
|
||||||
BADCERT, BADKEY, EMPTYCERT]:
|
BADCERT, BADKEY, EMPTYCERT]:
|
||||||
if not os.path.exists(filename):
|
if not os.path.exists(filename):
|
||||||
|
|
|
||||||
|
|
@ -52,6 +52,13 @@ C API
|
||||||
|
|
||||||
- Issue #23998: PyImport_ReInitLock() now checks for lock allocation error
|
- Issue #23998: PyImport_ReInitLock() now checks for lock allocation error
|
||||||
|
|
||||||
|
Tests
|
||||||
|
-----
|
||||||
|
|
||||||
|
- Issue #25940: Changed test_ssl and test_httplib to use
|
||||||
|
self-signed.pythontest.net. This avoids relying on svn.python.org, which
|
||||||
|
recently changed root certificate.
|
||||||
|
|
||||||
|
|
||||||
What's New in Python 3.3.6?
|
What's New in Python 3.3.6?
|
||||||
===========================
|
===========================
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue