traverseda
/
cpython
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merged revisions 80596 via svnmerge from 

svn+ssh://pythondev@svn.python.org/python/trunk

........
  r80596 | antoine.pitrou | 2010-04-28 23:11:01 +0200 (mer., 28 avril 2010) | 3 lines

  Fix style issues in test_ssl
........
This commit is contained in:
Antoine Pitrou 2010-04-28 21:12:43 +00:00
parent f34c4c6a77
commit d2867642c0
1 changed files with 139 additions and 133 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

238
Lib/test/test_ssl.py
View File

@ -40,7 +40,7 @@ def handle_error(prefix):
class BasicTests(unittest.TestCase): class BasicTests(unittest.TestCase):
def testSimpleSSLwrap(self): def test_sslwrap_simple(self):
# A crude test for the legacy API # A crude test for the legacy API
try: try:
ssl.sslwrap_simple(socket.socket(socket.AF_INET)) ssl.sslwrap_simple(socket.socket(socket.AF_INET))
@ -57,7 +57,7 @@ class BasicTests(unittest.TestCase):
else: else:
raise raise
def testSSLconnect(self): def test_connect(self):
if not test_support.is_resource_enabled('network'): if not test_support.is_resource_enabled('network'):
return return
s = ssl.wrap_socket(socket.socket(socket.AF_INET), s = ssl.wrap_socket(socket.socket(socket.AF_INET),
@ -78,7 +78,7 @@ class BasicTests(unittest.TestCase):
finally: finally:
s.close() s.close()
def testCrucialConstants(self): def test_constants(self):
ssl.PROTOCOL_SSLv2 ssl.PROTOCOL_SSLv2
ssl.PROTOCOL_SSLv23 ssl.PROTOCOL_SSLv23
ssl.PROTOCOL_SSLv3 ssl.PROTOCOL_SSLv3
@ -87,7 +87,7 @@ class BasicTests(unittest.TestCase):
ssl.CERT_OPTIONAL ssl.CERT_OPTIONAL
ssl.CERT_REQUIRED ssl.CERT_REQUIRED
def testRAND(self): def test_random(self):
v = ssl.RAND_status() v = ssl.RAND_status()
if test_support.verbose: if test_support.verbose:
sys.stdout.write("\n RAND_status is %d (%s)\n" sys.stdout.write("\n RAND_status is %d (%s)\n"
@ -101,7 +101,7 @@ class BasicTests(unittest.TestCase):
print "didn't raise TypeError" print "didn't raise TypeError"
ssl.RAND_add("this is a random string", 75.0) ssl.RAND_add("this is a random string", 75.0)
def testParseCert(self): def test_parse_cert(self):
# note that this uses an 'unofficial' function in _ssl.c, # note that this uses an 'unofficial' function in _ssl.c,
# provided solely for this test, to exercise the certificate # provided solely for this test, to exercise the certificate
# parsing code # parsing code
@ -109,9 +109,9 @@ class BasicTests(unittest.TestCase):
if test_support.verbose: if test_support.verbose:
sys.stdout.write("\n" + pprint.pformat(p) + "\n") sys.stdout.write("\n" + pprint.pformat(p) + "\n")
def testDERtoPEM(self): def test_DER_to_PEM(self):
with open(SVN_PYTHON_ORG_ROOT_CERT, 'r') as f:
pem = open(SVN_PYTHON_ORG_ROOT_CERT, 'r').read() pem = f.read()
d1 = ssl.PEM_cert_to_DER_cert(pem) d1 = ssl.PEM_cert_to_DER_cert(pem)
p2 = ssl.DER_cert_to_PEM_cert(d1) p2 = ssl.DER_cert_to_PEM_cert(d1)
d2 = ssl.PEM_cert_to_DER_cert(p2) d2 = ssl.PEM_cert_to_DER_cert(p2)
@ -133,7 +133,7 @@ class BasicTests(unittest.TestCase):
class NetworkedTests(unittest.TestCase): class NetworkedTests(unittest.TestCase):
def testConnect(self): def test_connect(self):
s = ssl.wrap_socket(socket.socket(socket.AF_INET), s = ssl.wrap_socket(socket.socket(socket.AF_INET),
cert_reqs=ssl.CERT_NONE) cert_reqs=ssl.CERT_NONE)
s.connect(("svn.python.org", 443)) s.connect(("svn.python.org", 443))
@ -186,7 +186,7 @@ class NetworkedTests(unittest.TestCase):
else: else:
self.fail("OSError wasn't raised") self.fail("OSError wasn't raised")
def testNonBlockingHandshake(self): def test_non_blocking_handshake(self):
s = socket.socket(socket.AF_INET) s = socket.socket(socket.AF_INET)
s.connect(("svn.python.org", 443)) s.connect(("svn.python.org", 443))
s.setblocking(False) s.setblocking(False)
@ -210,8 +210,7 @@ class NetworkedTests(unittest.TestCase):
if test_support.verbose: if test_support.verbose:
sys.stdout.write("\nNeeded %d calls to do_handshake() to establish session.\n" % count) sys.stdout.write("\nNeeded %d calls to do_handshake() to establish session.\n" % count)
def testFetchServerCert(self): def test_get_server_certificate(self):
pem = ssl.get_server_certificate(("svn.python.org", 443)) pem = ssl.get_server_certificate(("svn.python.org", 443))
if not pem: if not pem:
self.fail("No server certificate on svn.python.org:443!") self.fail("No server certificate on svn.python.org:443!")
@ -261,7 +260,6 @@ try:
except ImportError: except ImportError:
_have_threads = False _have_threads = False
else: else:
_have_threads = True _have_threads = True
class ThreadedEchoServer(threading.Thread): class ThreadedEchoServer(threading.Thread):
@ -293,7 +291,7 @@ else:
if test_support.verbose and self.server.chatty: if test_support.verbose and self.server.chatty:
sys.stdout.write(" server: connection cipher is now " + str(cipher) + "\n") sys.stdout.write(" server: connection cipher is now " + str(cipher) + "\n")
def wrap_conn (self): def wrap_conn(self):
try: try:
self.sslconn = ssl.wrap_socket(self.sock, server_side=True, self.sslconn = ssl.wrap_socket(self.sock, server_side=True,
certfile=self.server.certificate, certfile=self.server.certificate,
@ -332,7 +330,7 @@ else:
else: else:
self.sock._sock.close() self.sock._sock.close()
def run (self): def run(self):
self.running = True self.running = True
if not self.server.starttls_server: if not self.server.starttls_server:
if isinstance(self.sock, ssl.SSLSocket): if isinstance(self.sock, ssl.SSLSocket):
@ -413,11 +411,11 @@ else:
threading.Thread.__init__(self) threading.Thread.__init__(self)
self.daemon = True self.daemon = True
def start (self, flag=None): def start(self, flag=None):
self.flag = flag self.flag = flag
threading.Thread.start(self) threading.Thread.start(self)
def run (self): def run(self):
self.sock.settimeout(0.05) self.sock.settimeout(0.05)
self.sock.listen(5) self.sock.listen(5)
self.active = True self.active = True
@ -438,14 +436,14 @@ else:
self.stop() self.stop()
self.sock.close() self.sock.close()
def stop (self): def stop(self):
self.active = False self.active = False
class AsyncoreEchoServer(threading.Thread): class AsyncoreEchoServer(threading.Thread):
class EchoServer (asyncore.dispatcher): class EchoServer(asyncore.dispatcher):
class ConnectionHandler (asyncore.dispatcher_with_send): class ConnectionHandler(asyncore.dispatcher_with_send):
def __init__(self, conn, certfile): def __init__(self, conn, certfile):
asyncore.dispatcher_with_send.__init__(self, conn) asyncore.dispatcher_with_send.__init__(self, conn)
@ -519,18 +517,18 @@ else:
def __str__(self): def __str__(self):
return "<%s %s>" % (self.__class__.__name__, self.server) return "<%s %s>" % (self.__class__.__name__, self.server)
def start (self, flag=None): def start(self, flag=None):
self.flag = flag self.flag = flag
threading.Thread.start(self) threading.Thread.start(self)
def run (self): def run(self):
self.active = True self.active = True
if self.flag: if self.flag:
self.flag.set() self.flag.set()
while self.active: while self.active:
asyncore.loop(0.05) asyncore.loop(0.05)
def stop (self): def stop(self):
self.active = False self.active = False
self.server.close() self.server.close()
@ -539,12 +537,9 @@ else:
class HTTPSServer(HTTPServer): class HTTPSServer(HTTPServer):
def __init__(self, server_address, RequestHandlerClass, certfile): def __init__(self, server_address, RequestHandlerClass, certfile):
HTTPServer.__init__(self, server_address, RequestHandlerClass) HTTPServer.__init__(self, server_address, RequestHandlerClass)
# we assume the certfile contains both private key and certificate # we assume the certfile contains both private key and certificate
self.certfile = certfile self.certfile = certfile
self.active = False
self.active_lock = threading.Lock()
self.allow_reuse_address = True self.allow_reuse_address = True
def __str__(self): def __str__(self):
@ -553,7 +548,7 @@ else:
self.server_name, self.server_name,
self.server_port)) self.server_port))
def get_request (self): def get_request(self):
# override this to wrap socket with SSL # override this to wrap socket with SSL
sock, addr = self.socket.accept() sock, addr = self.socket.accept()
sslconn = ssl.wrap_socket(sock, server_side=True, sslconn = ssl.wrap_socket(sock, server_side=True,
@ -561,7 +556,6 @@ else:
return sslconn, addr return sslconn, addr
class RootedHTTPRequestHandler(SimpleHTTPRequestHandler): class RootedHTTPRequestHandler(SimpleHTTPRequestHandler):
# need to override translate_path to get a known root, # need to override translate_path to get a known root,
# instead of using os.curdir, since the test could be # instead of using os.curdir, since the test could be
# run from anywhere # run from anywhere
@ -606,7 +600,6 @@ else:
def __init__(self, certfile): def __init__(self, certfile):
self.flag = None self.flag = None
self.active = False
self.RootedHTTPRequestHandler.root = os.path.split(CERTFILE)[0] self.RootedHTTPRequestHandler.root = os.path.split(CERTFILE)[0]
self.server = self.HTTPSServer( self.server = self.HTTPSServer(
(HOST, 0), self.RootedHTTPRequestHandler, certfile) (HOST, 0), self.RootedHTTPRequestHandler, certfile)
@ -617,23 +610,24 @@ else:
def __str__(self): def __str__(self):
return "<%s %s>" % (self.__class__.__name__, self.server) return "<%s %s>" % (self.__class__.__name__, self.server)
def start (self, flag=None): def start(self, flag=None):
self.flag = flag self.flag = flag
threading.Thread.start(self) threading.Thread.start(self)
def run (self): def run(self):
self.active = True
if self.flag: if self.flag:
self.flag.set() self.flag.set()
self.server.serve_forever(0.05) self.server.serve_forever(0.05)
self.active = False
def stop (self): def stop(self):
self.active = False
self.server.shutdown() self.server.shutdown()
def badCertTest (certfile): def bad_cert_test(certfile):
"""
Launch a server with CERT_REQUIRED, and check that trying to
connect to it with the given client certificate fails.
"""
server = ThreadedEchoServer(CERTFILE, server = ThreadedEchoServer(CERTFILE,
certreqs=ssl.CERT_REQUIRED, certreqs=ssl.CERT_REQUIRED,
cacerts=CERTFILE, chatty=False) cacerts=CERTFILE, chatty=False)
@ -660,11 +654,14 @@ else:
server.stop() server.stop()
server.join() server.join()
def serverParamsTest (certfile, protocol, certreqs, cacertsfile, def server_params_test(certfile, protocol, certreqs, cacertsfile,
client_certfile, client_protocol=None, indata="FOO\n", client_certfile, client_protocol=None, indata="FOO\n",
chatty=True, connectionchatty=False, chatty=True, connectionchatty=False,
wrap_accepting_socket=False): wrap_accepting_socket=False):
"""
Launch a server, connect a client to it and try various reads
and writes.
"""
server = ThreadedEchoServer(certfile, server = ThreadedEchoServer(certfile,
certreqs=certreqs, certreqs=certreqs,
ssl_version=protocol, ssl_version=protocol,
@ -709,39 +706,37 @@ else:
server.stop() server.stop()
server.join() server.join()
def tryProtocolCombo (server_protocol, def try_protocol_combo(server_protocol,
client_protocol, client_protocol,
expectedToWork, expect_success,
certsreqs=None): certsreqs=None):
if certsreqs is None: if certsreqs is None:
certsreqs = ssl.CERT_NONE certsreqs = ssl.CERT_NONE
certtype = {
if certsreqs == ssl.CERT_NONE: ssl.CERT_NONE: "CERT_NONE",
certtype = "CERT_NONE" ssl.CERT_OPTIONAL: "CERT_OPTIONAL",
elif certsreqs == ssl.CERT_OPTIONAL: ssl.CERT_REQUIRED: "CERT_REQUIRED",
certtype = "CERT_OPTIONAL" }[certsreqs]
elif certsreqs == ssl.CERT_REQUIRED:
certtype = "CERT_REQUIRED"
if test_support.verbose: if test_support.verbose:
formatstr = (expectedToWork and " %s->%s %s\n") or " {%s->%s} %s\n" formatstr = (expect_success and " %s->%s %s\n") or " {%s->%s} %s\n"
sys.stdout.write(formatstr % sys.stdout.write(formatstr %
(ssl.get_protocol_name(client_protocol), (ssl.get_protocol_name(client_protocol),
ssl.get_protocol_name(server_protocol), ssl.get_protocol_name(server_protocol),
certtype)) certtype))
try: try:
serverParamsTest(CERTFILE, server_protocol, certsreqs, server_params_test(CERTFILE, server_protocol, certsreqs,
CERTFILE, CERTFILE, client_protocol, chatty=False) CERTFILE, CERTFILE, client_protocol,
chatty=False)
# Protocol mismatch can result in either an SSLError, or a # Protocol mismatch can result in either an SSLError, or a
# "Connection reset by peer" error. # "Connection reset by peer" error.
except ssl.SSLError: except ssl.SSLError:
if expectedToWork: if expect_success:
raise raise
except socket.error as e: except socket.error as e:
if expectedToWork or e.errno != errno.ECONNRESET: if expect_success or e.errno != errno.ECONNRESET:
raise raise
else: else:
if not expectedToWork: if not expect_success:
self.fail( self.fail(
"Client protocol %s succeeded with server protocol %s!" "Client protocol %s succeeded with server protocol %s!"
% (ssl.get_protocol_name(client_protocol), % (ssl.get_protocol_name(client_protocol),
@ -750,8 +745,10 @@ else:
class ThreadedTests(unittest.TestCase): class ThreadedTests(unittest.TestCase):
def testRudeShutdown(self): def test_rude_shutdown(self):
"""A brutal shutdown of an SSL server should raise an IOError
in the client when attempting handshake.
"""
listener_ready = threading.Event() listener_ready = threading.Event()
listener_gone = threading.Event() listener_gone = threading.Event()
@ -788,16 +785,15 @@ else:
finally: finally:
t.join() t.join()
def testEcho (self): def test_echo(self):
"""Basic test of an SSL client connecting to a server"""
if test_support.verbose: if test_support.verbose:
sys.stdout.write("\n") sys.stdout.write("\n")
serverParamsTest(CERTFILE, ssl.PROTOCOL_TLSv1, ssl.CERT_NONE, server_params_test(CERTFILE, ssl.PROTOCOL_TLSv1, ssl.CERT_NONE,
CERTFILE, CERTFILE, ssl.PROTOCOL_TLSv1, CERTFILE, CERTFILE, ssl.PROTOCOL_TLSv1,
chatty=True, connectionchatty=True) chatty=True, connectionchatty=True)
def testReadCert(self): def test_getpeercert(self):
if test_support.verbose: if test_support.verbose:
sys.stdout.write("\n") sys.stdout.write("\n")
s2 = socket.socket() s2 = socket.socket()
@ -837,74 +833,82 @@ else:
server.stop() server.stop()
server.join() server.join()
def testNULLcert(self): def test_empty_cert(self):
badCertTest(os.path.join(os.path.dirname(__file__) or os.curdir, """Connecting with an empty cert file"""
bad_cert_test(os.path.join(os.path.dirname(__file__) or os.curdir,
"nullcert.pem")) "nullcert.pem"))
def testMalformedCert(self): def test_malformed_cert(self):
badCertTest(os.path.join(os.path.dirname(__file__) or os.curdir, """Connecting with a badly formatted certificate (syntax error)"""
bad_cert_test(os.path.join(os.path.dirname(__file__) or os.curdir,
"badcert.pem")) "badcert.pem"))
def testWrongCert(self): def test_nonexisting_cert(self):
badCertTest(os.path.join(os.path.dirname(__file__) or os.curdir, """Connecting with a non-existing cert file"""
bad_cert_test(os.path.join(os.path.dirname(__file__) or os.curdir,
"wrongcert.pem")) "wrongcert.pem"))
def testMalformedKey(self): def test_malformed_key(self):
badCertTest(os.path.join(os.path.dirname(__file__) or os.curdir, """Connecting with a badly formatted key (syntax error)"""
bad_cert_test(os.path.join(os.path.dirname(__file__) or os.curdir,
"badkey.pem")) "badkey.pem"))
def testProtocolSSL2(self): def test_protocol_sslv2(self):
"""Connecting to an SSLv2 server with various client options"""
if test_support.verbose: if test_support.verbose:
sys.stdout.write("\n") sys.stdout.write("\n")
tryProtocolCombo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True) try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True)
tryProtocolCombo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_OPTIONAL) try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_OPTIONAL)
tryProtocolCombo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_REQUIRED) try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_REQUIRED)
tryProtocolCombo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv23, True) try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv23, True)
tryProtocolCombo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv3, False) try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv3, False)
tryProtocolCombo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLSv1, False) try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLSv1, False)
def testProtocolSSL23(self): def test_protocol_sslv23(self):
"""Connecting to an SSLv23 server with various client options"""
if test_support.verbose: if test_support.verbose:
sys.stdout.write("\n") sys.stdout.write("\n")
try: try:
tryProtocolCombo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv2, True) try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv2, True)
except (ssl.SSLError, socket.error), x: except (ssl.SSLError, socket.error), x:
# this fails on some older versions of OpenSSL (0.9.7l, for instance) # this fails on some older versions of OpenSSL (0.9.7l, for instance)
if test_support.verbose: if test_support.verbose:
sys.stdout.write( sys.stdout.write(
" SSL2 client to SSL23 server test unexpectedly failed:\n %s\n" " SSL2 client to SSL23 server test unexpectedly failed:\n %s\n"
% str(x)) % str(x))
tryProtocolCombo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True) try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True)
tryProtocolCombo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True) try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True)
tryProtocolCombo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True) try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True)
tryProtocolCombo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True, ssl.CERT_OPTIONAL) try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True, ssl.CERT_OPTIONAL)
tryProtocolCombo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True, ssl.CERT_OPTIONAL) try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True, ssl.CERT_OPTIONAL)
tryProtocolCombo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True, ssl.CERT_OPTIONAL) try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True, ssl.CERT_OPTIONAL)
tryProtocolCombo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True, ssl.CERT_REQUIRED) try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True, ssl.CERT_REQUIRED)
tryProtocolCombo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True, ssl.CERT_REQUIRED) try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True, ssl.CERT_REQUIRED)
tryProtocolCombo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True, ssl.CERT_REQUIRED) try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True, ssl.CERT_REQUIRED)
def testProtocolSSL3(self): def test_protocol_sslv3(self):
"""Connecting to an SSLv3 server with various client options"""
if test_support.verbose: if test_support.verbose:
sys.stdout.write("\n") sys.stdout.write("\n")
tryProtocolCombo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, True) try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, True)
tryProtocolCombo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, True, ssl.CERT_OPTIONAL) try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, True, ssl.CERT_OPTIONAL)
tryProtocolCombo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, True, ssl.CERT_REQUIRED) try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, True, ssl.CERT_REQUIRED)
tryProtocolCombo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv2, False) try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv2, False)
tryProtocolCombo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv23, False) try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv23, False)
tryProtocolCombo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_TLSv1, False) try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_TLSv1, False)
def testProtocolTLS1(self): def test_protocol_tlsv1(self):
"""Connecting to a TLSv1 server with various client options"""
if test_support.verbose: if test_support.verbose:
sys.stdout.write("\n") sys.stdout.write("\n")
tryProtocolCombo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, True) try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, True)
tryProtocolCombo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, True, ssl.CERT_OPTIONAL) try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, True, ssl.CERT_OPTIONAL)
tryProtocolCombo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, True, ssl.CERT_REQUIRED) try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, True, ssl.CERT_REQUIRED)
tryProtocolCombo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv2, False) try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv2, False)
tryProtocolCombo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv3, False) try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv3, False)
tryProtocolCombo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv23, False) try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv23, False)
def testSTARTTLS (self):
def test_starttls(self):
"""Switching from clear text to encrypted and back again."""
msgs = ("msg 1", "MSG 2", "STARTTLS", "MSG 3", "msg 4", "ENDTLS", "msg 5", "msg 6") msgs = ("msg 1", "MSG 2", "STARTTLS", "MSG 3", "msg 4", "ENDTLS", "msg 5", "msg 6")
server = ThreadedEchoServer(CERTFILE, server = ThreadedEchoServer(CERTFILE,
@ -936,6 +940,7 @@ else:
outdata = s.recv(1024) outdata = s.recv(1024)
if (indata == "STARTTLS" and if (indata == "STARTTLS" and
outdata.strip().lower().startswith("ok")): outdata.strip().lower().startswith("ok")):
# STARTTLS ok, switch to secure mode
if test_support.verbose: if test_support.verbose:
sys.stdout.write( sys.stdout.write(
" client: read %s from server, starting TLS...\n" " client: read %s from server, starting TLS...\n"
@ -944,6 +949,7 @@ else:
wrapped = True wrapped = True
elif (indata == "ENDTLS" and elif (indata == "ENDTLS" and
outdata.strip().lower().startswith("ok")): outdata.strip().lower().startswith("ok")):
# ENDTLS ok, switch back to clear text
if test_support.verbose: if test_support.verbose:
sys.stdout.write( sys.stdout.write(
" client: read %s from server, ending TLS...\n" " client: read %s from server, ending TLS...\n"
@ -965,8 +971,8 @@ else:
server.stop() server.stop()
server.join() server.join()
def testSocketServer(self): def test_socketserver(self):
"""Using a SocketServer to create and manage SSL connections."""
server = SocketServerHTTPSServer(CERTFILE) server = SocketServerHTTPSServer(CERTFILE)
flag = threading.Event() flag = threading.Event()
server.start(flag) server.start(flag)
@ -976,7 +982,8 @@ else:
try: try:
if test_support.verbose: if test_support.verbose:
sys.stdout.write('\n') sys.stdout.write('\n')
d1 = open(CERTFILE, 'rb').read() with open(CERTFILE, 'rb') as f:
d1 = f.read()
d2 = '' d2 = ''
# now fetch the same data from the HTTPS server # now fetch the same data from the HTTPS server
url = 'https://127.0.0.1:%d/%s' % ( url = 'https://127.0.0.1:%d/%s' % (
@ -995,18 +1002,17 @@ else:
server.stop() server.stop()
server.join() server.join()
def testWrappedAccept (self): def test_wrapped_accept(self):
"""Check the accept() method on SSL sockets."""
if test_support.verbose: if test_support.verbose:
sys.stdout.write("\n") sys.stdout.write("\n")
serverParamsTest(CERTFILE, ssl.PROTOCOL_SSLv23, ssl.CERT_REQUIRED, server_params_test(CERTFILE, ssl.PROTOCOL_SSLv23, ssl.CERT_REQUIRED,
CERTFILE, CERTFILE, ssl.PROTOCOL_SSLv23, CERTFILE, CERTFILE, ssl.PROTOCOL_SSLv23,
chatty=True, connectionchatty=True, chatty=True, connectionchatty=True,
wrap_accepting_socket=True) wrap_accepting_socket=True)
def test_asyncore_server(self):
def testAsyncoreServer (self): """Check the example asyncore integration."""
indata = "TEST MESSAGE of mixed case\n" indata = "TEST MESSAGE of mixed case\n"
if test_support.verbose: if test_support.verbose:
@ -1041,9 +1047,8 @@ else:
# wait for server thread to end # wait for server thread to end
server.join() server.join()
def test_recv_send(self):
def testAllRecvAndSendMethods(self): """Test recv(), send() and friends."""
if test_support.verbose: if test_support.verbose:
sys.stdout.write("\n") sys.stdout.write("\n")
@ -1238,8 +1243,9 @@ def test_main(verbose=False):
if thread_info and test_support.is_resource_enabled('network'): if thread_info and test_support.is_resource_enabled('network'):
tests.append(ThreadedTests) tests.append(ThreadedTests)
try:
test_support.run_unittest(*tests) test_support.run_unittest(*tests)
finally:
if _have_threads: if _have_threads:
test_support.threading_cleanup(*thread_info) test_support.threading_cleanup(*thread_info)