Martin Panter
3464ea2807
Issue #26173 : Separate bad cert file tests and client rejection test
...
Test test_wrong_cert() runs a server that rejects the client's certificate,
so ECONNRESET is reasonable in addition to SSLError. On the other hand, the
other three tests don't even need to run a server because they are just
testing the parsing of invalid certificate files.
Also fix a ResourceWarning by closing the wrapped socket.
2016-02-01 21:58:11 +00:00
Martin Panter
407b62f3e5
Issue #26173 : Fix test_ssl confusion with non-existing cert and wrongcert.pem
...
Testing for a non-existing certificate file is already done in test_errors().
Copy wrongcert.pem from Python 2 and use it to test the behaviour with a
mismatched certificate.
2016-01-30 03:41:43 +00:00
Martin Panter
a8b43b5fc3
Issue #25940 : Merge ETIMEDOUT fix from 3.4 into 3.5
2016-01-15 02:28:59 +00:00
Martin Panter
3f2240ccb6
Issue #25940 : Merge ETIMEDOUT fix from 3.3 into 3.4
2016-01-15 02:18:31 +00:00
Martin Panter
fab75d9bb9
Issue #25940 : Merge ETIMEDOUT fix from 3.2 into 3.3
2016-01-15 02:08:13 +00:00
Martin Panter
035583b389
Issue #25940 : On Windows, connecting to port 444 returns ETIMEDOUT
2016-01-15 01:16:41 +00:00
Martin Panter
40b97ec57a
Issue #25940 : Update new SSL tests for self-signed.pythontest.net
...
Removed SSL_ERROR_SYSCALL checking from ssl_io_loop() so that the loop can
terminate when unwrap() raises that error.
2016-01-14 13:05:46 +00:00
Martin Panter
17cbee49d6
Issue #25940 : Merge self-signed.pythontest.net testing from 3.4 into 3.5
2016-01-14 13:22:29 +00:00
Martin Panter
b55f8b79af
Issue #25940 : Update new SSL tests for self-signed.pythontest.net
2016-01-14 12:53:56 +00:00
Martin Panter
514bb0711f
Issue #25940 : Merge self-signed.pythontest.net testing from 3.3 into 3.4
2016-01-14 12:46:49 +00:00
Martin Panter
73f55076f6
Issue #25940 : Merge self-signed.pythontest.net testing from 3.2 into 3.3
2016-01-14 12:21:02 +00:00
Martin Panter
3d81d93f34
Issue #25940 : Use self-signed.pythontest.net in SSL tests
...
This is instead of svn.python.org, whose certificate recently expired, and
whose new certificate uses a different root certificate.
The certificate used at the pythontest server was modifed to set the "basic
constraints" CA flag. This flag seems to be required for test_get_ca_certs_
capath() to work (in Python 3.4+).
Added the new self-signed certificate to capath with the following commands:
cp Lib/test/{selfsigned_pythontestdotnet.pem,capath/}
c_rehash -v Lib/test/capath/
c_rehash -v -old Lib/test/capath/
# Note the generated file names
cp Lib/test/capath/{selfsigned_pythontestdotnet.pem,0e4015b9.0}
mv Lib/test/capath/{selfsigned_pythontestdotnet.pem,ce7b8643.0}
The new server responds with "No route to host" when connecting to port 444.
2016-01-14 09:36:00 +00:00
Benjamin Peterson
45bde5d2ee
merge 3.4 ( #25530 )
2015-11-11 22:45:22 -08:00
Benjamin Peterson
a9dcdabccb
always set OP_NO_SSLv3 by default ( closes #25530 )
2015-11-11 22:38:41 -08:00
Berker Peksag
9e7990ae21
Issue #24210 : Silence more PendingDeprecationWarning warnings in tests.
2015-05-16 23:21:26 +03:00
Benjamin Peterson
4b9df0d33b
merge 3.4 ( #23844 )
2015-04-02 00:08:10 -04:00
Benjamin Peterson
a7eaf56a6d
replace 512 bit dh key with a 2014 bit one ( closes #23844 )
...
Patch by Cédric Krier.
2015-04-02 00:04:06 -04:00
Serhiy Storchaka
8490f5acfe
Issue #23001 : Few functions in modules mmap, ossaudiodev, socket, ssl, and
...
codecs, that accepted only read-only bytes-like object now accept writable
bytes-like object too.
2015-03-20 09:00:36 +02:00
Berker Peksag
18987a11ce
Issue #20617 : Remove unused import in test_ssl.
...
Patch by Mark Lawrence.
2015-03-12 18:50:49 +02:00
Berker Peksag
4a0e14730b
Issue #20617 : Remove unused import in test_ssl.
...
Patch by Mark Lawrence.
2015-03-12 18:51:16 +02:00
Benjamin Peterson
3e2500d6db
merge 3.4
2015-03-04 23:20:23 -05:00
Benjamin Peterson
c3d9c5ca0a
adjust test_crl_check for trusted first being default
2015-03-04 23:18:48 -05:00
Benjamin Peterson
de8eca4638
merge 3.4
2015-03-04 22:50:25 -05:00
Benjamin Peterson
990fcaac3c
expose X509_V_FLAG_TRUSTED_FIRST
2015-03-04 22:49:41 -05:00
Antoine Pitrou
c481bfb3f6
Issue #23239 : ssl.match_hostname() now supports matching of IP addresses.
2015-02-15 18:12:20 +01:00
Ned Deily
7aa4428835
Issue #23345 : merge from 3.4
2015-02-05 17:24:00 +11:00
Ned Deily
05784a706e
Issue #23345 : Prevent test_ssl failures with large OpenSSL patch level
...
values (like 0.9.8zc).
2015-02-05 17:20:13 +11:00
Benjamin Peterson
8861502e07
prefer server alpn ordering over the client's
2015-01-23 17:30:26 -05:00
Benjamin Peterson
cca2732a82
add support for ALPN ( closes #20188 )
2015-01-23 16:35:37 -05:00
Benjamin Peterson
15042921ad
enable cert validation in test
2015-01-07 22:12:43 -06:00
Benjamin Peterson
23ef9fac16
trying again
2015-01-07 21:21:34 -06:00
Benjamin Peterson
e6838e08ef
reorder cipher prefs
2015-01-07 20:52:40 -06:00
Benjamin Peterson
44c77791ab
drop 256
2015-01-07 20:30:59 -06:00
Benjamin Peterson
359f2982f4
try using AES256
2015-01-07 20:03:27 -06:00
Benjamin Peterson
8791d697e0
fix assertions after ciphers were changed
2015-01-07 14:29:45 -06:00
Benjamin Peterson
f78b78aed4
rc4 is a long time favorite
2015-01-07 14:21:22 -06:00
Benjamin Peterson
438a8db763
everyone should support AES ciphers
2015-01-07 13:28:40 -06:00
Benjamin Peterson
9f6eceab46
include some more ciphers
2015-01-07 12:59:20 -06:00
Benjamin Peterson
aacd524118
force test server to speak tlsv1
2015-01-07 11:42:38 -06:00
Benjamin Peterson
e27a421354
remove apparently wrong assertion about des bit size
2015-01-07 11:33:51 -06:00
Benjamin Peterson
4cb17812d9
expose the client's cipher suites from the handshake ( closes #23186 )
2015-01-07 11:14:26 -06:00
Victor Stinner
fcfed19913
Issue #21356 : Make ssl.RAND_egd() optional to support LibreSSL. The
...
availability of the function is checked during the compilation. Patch written
by Bernard Spil.
2015-01-06 13:54:58 +01:00
Victor Stinner
789b805700
test_ssl: add more debug to investigate test_openssl_version() failure on
...
OpenBSD with LibreSSL.
2015-01-06 11:51:06 +01:00
Victor Stinner
3f7e064b2b
Issue #22935 : Fix test_ssl when the SSLv3 protocol is not supported
2014-12-12 12:27:08 +01:00
Benjamin Peterson
e32467cf6a
allow ssl module to compile if openssl doesn't support SSL 3 ( closes #22935 )
...
Patch by Kurt Roeckx.
2014-12-05 21:59:35 -05:00
Benjamin Peterson
7243b574e5
don't require OpenSSL SNI to pass hostname to ssl functions ( #22921 )
...
Patch by Donald Stufft.
2014-11-23 17:04:34 -06:00
Victor Stinner
648b862017
Issue #22935 : Fix test_ssl when the SSLv3 protocol is not supported
2014-12-12 12:23:59 +01:00
Benjamin Peterson
22293df016
merge 3.4 ( #22935 )
2014-12-05 22:11:33 -05:00
Victor Stinner
beeb512fe1
Issue #21356 : Make ssl.RAND_egd() optional to support LibreSSL. The
...
availability of the function is checked during the compilation.
Patch written by Bernard Spil.
2014-11-28 13:28:25 +01:00
Benjamin Peterson
f9284ae8ed
merge 3.4 ( #22921 )
2014-11-23 17:06:39 -06:00