Commit Graph

379 Commits

Author SHA1 Message Date
Martin Panter 3464ea2807 Issue #26173: Separate bad cert file tests and client rejection test
Test test_wrong_cert() runs a server that rejects the client's certificate,
so ECONNRESET is reasonable in addition to SSLError. On the other hand, the
other three tests don't even need to run a server because they are just
testing the parsing of invalid certificate files.

Also fix a ResourceWarning by closing the wrapped socket.
2016-02-01 21:58:11 +00:00
Martin Panter 407b62f3e5 Issue #26173: Fix test_ssl confusion with non-existing cert and wrongcert.pem
Testing for a non-existing certificate file is already done in test_errors().
Copy wrongcert.pem from Python 2 and use it to test the behaviour with a
mismatched certificate.
2016-01-30 03:41:43 +00:00
Martin Panter a8b43b5fc3 Issue #25940: Merge ETIMEDOUT fix from 3.4 into 3.5 2016-01-15 02:28:59 +00:00
Martin Panter 3f2240ccb6 Issue #25940: Merge ETIMEDOUT fix from 3.3 into 3.4 2016-01-15 02:18:31 +00:00
Martin Panter fab75d9bb9 Issue #25940: Merge ETIMEDOUT fix from 3.2 into 3.3 2016-01-15 02:08:13 +00:00
Martin Panter 035583b389 Issue #25940: On Windows, connecting to port 444 returns ETIMEDOUT 2016-01-15 01:16:41 +00:00
Martin Panter 40b97ec57a Issue #25940: Update new SSL tests for self-signed.pythontest.net
Removed SSL_ERROR_SYSCALL checking from ssl_io_loop() so that the loop can
terminate when unwrap() raises that error.
2016-01-14 13:05:46 +00:00
Martin Panter 17cbee49d6 Issue #25940: Merge self-signed.pythontest.net testing from 3.4 into 3.5 2016-01-14 13:22:29 +00:00
Martin Panter b55f8b79af Issue #25940: Update new SSL tests for self-signed.pythontest.net 2016-01-14 12:53:56 +00:00
Martin Panter 514bb0711f Issue #25940: Merge self-signed.pythontest.net testing from 3.3 into 3.4 2016-01-14 12:46:49 +00:00
Martin Panter 73f55076f6 Issue #25940: Merge self-signed.pythontest.net testing from 3.2 into 3.3 2016-01-14 12:21:02 +00:00
Martin Panter 3d81d93f34 Issue #25940: Use self-signed.pythontest.net in SSL tests
This is instead of svn.python.org, whose certificate recently expired, and
whose new certificate uses a different root certificate.

The certificate used at the pythontest server was modifed to set the "basic
constraints" CA flag. This flag seems to be required for test_get_ca_certs_
capath() to work (in Python 3.4+).

Added the new self-signed certificate to capath with the following commands:

cp Lib/test/{selfsigned_pythontestdotnet.pem,capath/}
c_rehash -v Lib/test/capath/
c_rehash -v -old Lib/test/capath/
# Note the generated file names
cp Lib/test/capath/{selfsigned_pythontestdotnet.pem,0e4015b9.0}
mv Lib/test/capath/{selfsigned_pythontestdotnet.pem,ce7b8643.0}

The new server responds with "No route to host" when connecting to port 444.
2016-01-14 09:36:00 +00:00
Benjamin Peterson 45bde5d2ee merge 3.4 (#25530) 2015-11-11 22:45:22 -08:00
Benjamin Peterson a9dcdabccb always set OP_NO_SSLv3 by default (closes #25530) 2015-11-11 22:38:41 -08:00
Berker Peksag 9e7990ae21 Issue #24210: Silence more PendingDeprecationWarning warnings in tests. 2015-05-16 23:21:26 +03:00
Benjamin Peterson 4b9df0d33b merge 3.4 (#23844) 2015-04-02 00:08:10 -04:00
Benjamin Peterson a7eaf56a6d replace 512 bit dh key with a 2014 bit one (closes #23844)
Patch by Cédric Krier.
2015-04-02 00:04:06 -04:00
Serhiy Storchaka 8490f5acfe Issue #23001: Few functions in modules mmap, ossaudiodev, socket, ssl, and
codecs, that accepted only read-only bytes-like object now accept writable
bytes-like object too.
2015-03-20 09:00:36 +02:00
Berker Peksag 18987a11ce Issue #20617: Remove unused import in test_ssl.
Patch by Mark Lawrence.
2015-03-12 18:50:49 +02:00
Berker Peksag 4a0e14730b Issue #20617: Remove unused import in test_ssl.
Patch by Mark Lawrence.
2015-03-12 18:51:16 +02:00
Benjamin Peterson 3e2500d6db merge 3.4 2015-03-04 23:20:23 -05:00
Benjamin Peterson c3d9c5ca0a adjust test_crl_check for trusted first being default 2015-03-04 23:18:48 -05:00
Benjamin Peterson de8eca4638 merge 3.4 2015-03-04 22:50:25 -05:00
Benjamin Peterson 990fcaac3c expose X509_V_FLAG_TRUSTED_FIRST 2015-03-04 22:49:41 -05:00
Antoine Pitrou c481bfb3f6 Issue #23239: ssl.match_hostname() now supports matching of IP addresses. 2015-02-15 18:12:20 +01:00
Ned Deily 7aa4428835 Issue #23345: merge from 3.4 2015-02-05 17:24:00 +11:00
Ned Deily 05784a706e Issue #23345: Prevent test_ssl failures with large OpenSSL patch level
values (like 0.9.8zc).
2015-02-05 17:20:13 +11:00
Benjamin Peterson 8861502e07 prefer server alpn ordering over the client's 2015-01-23 17:30:26 -05:00
Benjamin Peterson cca2732a82 add support for ALPN (closes #20188) 2015-01-23 16:35:37 -05:00
Benjamin Peterson 15042921ad enable cert validation in test 2015-01-07 22:12:43 -06:00
Benjamin Peterson 23ef9fac16 trying again 2015-01-07 21:21:34 -06:00
Benjamin Peterson e6838e08ef reorder cipher prefs 2015-01-07 20:52:40 -06:00
Benjamin Peterson 44c77791ab drop 256 2015-01-07 20:30:59 -06:00
Benjamin Peterson 359f2982f4 try using AES256 2015-01-07 20:03:27 -06:00
Benjamin Peterson 8791d697e0 fix assertions after ciphers were changed 2015-01-07 14:29:45 -06:00
Benjamin Peterson f78b78aed4 rc4 is a long time favorite 2015-01-07 14:21:22 -06:00
Benjamin Peterson 438a8db763 everyone should support AES ciphers 2015-01-07 13:28:40 -06:00
Benjamin Peterson 9f6eceab46 include some more ciphers 2015-01-07 12:59:20 -06:00
Benjamin Peterson aacd524118 force test server to speak tlsv1 2015-01-07 11:42:38 -06:00
Benjamin Peterson e27a421354 remove apparently wrong assertion about des bit size 2015-01-07 11:33:51 -06:00
Benjamin Peterson 4cb17812d9 expose the client's cipher suites from the handshake (closes #23186) 2015-01-07 11:14:26 -06:00
Victor Stinner fcfed19913 Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The
availability of the function is checked during the compilation. Patch written
by Bernard Spil.
2015-01-06 13:54:58 +01:00
Victor Stinner 789b805700 test_ssl: add more debug to investigate test_openssl_version() failure on
OpenBSD with LibreSSL.
2015-01-06 11:51:06 +01:00
Victor Stinner 3f7e064b2b Issue #22935: Fix test_ssl when the SSLv3 protocol is not supported 2014-12-12 12:27:08 +01:00
Benjamin Peterson e32467cf6a allow ssl module to compile if openssl doesn't support SSL 3 (closes #22935)
Patch by Kurt Roeckx.
2014-12-05 21:59:35 -05:00
Benjamin Peterson 7243b574e5 don't require OpenSSL SNI to pass hostname to ssl functions (#22921)
Patch by Donald Stufft.
2014-11-23 17:04:34 -06:00
Victor Stinner 648b862017 Issue #22935: Fix test_ssl when the SSLv3 protocol is not supported 2014-12-12 12:23:59 +01:00
Benjamin Peterson 22293df016 merge 3.4 (#22935) 2014-12-05 22:11:33 -05:00
Victor Stinner beeb512fe1 Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. The
availability of the function is checked during the compilation.

Patch written by Bernard Spil.
2014-11-28 13:28:25 +01:00
Benjamin Peterson f9284ae8ed merge 3.4 (#22921) 2014-11-23 17:06:39 -06:00