Commit Graph

29 Commits

Author SHA1 Message Date
Bill Janssen eb257ac97d fix for release blocker 3910, 2.6 regression in socket.ssl method 2008-09-29 18:56:38 +00:00
Bill Janssen 61c001a939 incorporate fixes from issue 3162; SSL doc patch 2008-09-08 16:37:24 +00:00
Benjamin Peterson 26f521668a fix old API names in test_ssl 2008-08-18 18:39:57 +00:00
Bill Janssen 39295c2650 remove duplicate close() from ssl.py; expose unwrap and add test for it 2008-08-12 16:31:21 +00:00
Bill Janssen 0c1dbf8792 catch socket.error errors in badCertTest 2008-07-17 18:01:57 +00:00
Bill Janssen de34d91eb0 make sure we close the active channels when eof is received on them 2008-06-28 23:00:39 +00:00
Bill Janssen 934b16d0c2 various SSL fixes; issues 1251, 3162, 3212 2008-06-28 22:19:33 +00:00
Trent Nelson e41b0061dd - Issue #2550: The approach used by client/server code for obtaining ports
to listen on in network-oriented tests has been refined in an effort to
  facilitate running multiple instances of the entire regression test suite
  in parallel without issue.  test_support.bind_port() has been fixed such
  that it will always return a unique port -- which wasn't always the case
  with the previous implementation, especially if socket options had been
  set that affected address reuse (i.e. SO_REUSEADDR, SO_REUSEPORT).  The
  new implementation of bind_port() will actually raise an exception if it
  is passed an AF_INET/SOCK_STREAM socket with either the SO_REUSEADDR or
  SO_REUSEPORT socket option set.  Furthermore, if available, bind_port()
  will set the SO_EXCLUSIVEADDRUSE option on the socket it's been passed.
  This currently only applies to Windows.  This option prevents any other
  sockets from binding to the host/port we've bound to, thus removing the
  possibility of the 'non-deterministic' behaviour, as Microsoft puts it,
  that occurs when a second SOCK_STREAM socket binds and accepts to a
  host/port that's already been bound by another socket.  The optional
  preferred port parameter to bind_port() has been removed.  Under no
  circumstances should tests be hard coding ports!

  test_support.find_unused_port() has also been introduced, which will pass
  a temporary socket object to bind_port() in order to obtain an unused port.
  The temporary socket object is then closed and deleted, and the port is
  returned.  This method should only be used for obtaining an unused port
  in order to pass to an external program (i.e. the -accept [port] argument
  to openssl's s_server mode) or as a parameter to a server-oriented class
  that doesn't give you direct access to the underlying socket used.

  Finally, test_support.HOST has been introduced, which should be used for
  the host argument of any relevant socket calls (i.e. bind and connect).

  The following tests were updated to following the new conventions:
    test_socket, test_smtplib, test_asyncore, test_ssl, test_httplib,
    test_poplib, test_ftplib, test_telnetlib, test_socketserver,
    test_asynchat and test_socket_ssl.

  It is now possible for multiple instances of the regression test suite to
  run in parallel without issue.
2008-04-08 23:47:30 +00:00
Neal Norwitz d0a91afa70 Apply same patch from 3k branch to try and prevent this test from hanging
on various platforms, most recently the Alpha Tru64.
2008-04-02 05:54:27 +00:00
Benjamin Peterson 5b63acd31e #2503 make singletons compared with "is" not == or !=
Thanks to Wummel for the patch
2008-03-29 15:24:25 +00:00
Neal Norwitz 0098c9d609 Introduce a lock to fix a race condition which caused an exception in the test.
Some buildbots were consistently failing (e.g., amd64).
Also remove a couple of semi-colons.
2008-03-09 19:03:42 +00:00
Christian Heimes 6c29be54a5 Disabled test_xmlrpc:test_404. It's causing lots of false alarms.
I also disabled a test in test_ssl which requires network access to svn.python.org. This fixes a bug Skip has reported a while ago.
2008-01-19 16:39:27 +00:00
Bill Janssen bf10c47389 use binary mode when reading files for testAsyncore to make Windows happy 2007-09-16 23:16:46 +00:00
Bill Janssen 296a59d3be Add support for asyncore server-side SSL support. This requires
adding the 'makefile' method to ssl.SSLSocket, and importing the
requisite fakefile class from socket.py, and making the appropriate
changes to it to make it use the SSL connection.

Added sample HTTPS server to test_ssl.py, and test that uses it.

Change SSL tests to use https://svn.python.org/, instead of
www.sf.net and pop.gmail.com.

Added utility function to ssl module, get_server_certificate,
to wrap up the several things to be done to pull a certificate
from a remote server.
2007-09-16 22:06:00 +00:00
Bill Janssen e3f1d7d059 Make sure test_ssl doesn't reference the ssl module in a
context where it can't be imported.
2007-09-11 01:09:19 +00:00
Bill Janssen 119c7a623a A better way of finding an open port to test with. 2007-09-10 23:41:24 +00:00
Bill Janssen 98d19dafd9 More work on SSL support.
* Much expanded test suite:

  All protocols tested against all other protocols.
  All protocols tested with all certificate options.
  Tests for bad key and bad cert.
  Test of STARTTLS functionality.
  Test of RAND_* functions.

* Fixes for threading/malloc bug.

* Issue 1065 fixed:

  sslsocket class renamed to SSLSocket.
  sslerror class renamed to SSLError.
  Function "wrap_socket" now used to wrap an existing socket.

* Issue 1583946 finally fixed:

  Support for subjectAltName added.
  Subject name now returned as proper DN list of RDNs.

* SSLError exported from socket as "sslerror".

* RAND_* functions properly exported from ssl.py.

* Documentation improved:

  Example of how to create a self-signed certificate.
  Better indexing.
2007-09-10 21:51:02 +00:00
Bill Janssen ffe576dc78 SSL certificate distinguished names should be represented by tuples 2007-09-05 00:46:27 +00:00
Guido van Rossum ba8c5653cc > Regardless, building a fixed test certificate and checking it in sounds like
> the better option.  Then the openssl command in the test code can be turned
> into a comment describing how the test data was pregenerated.

Here's a patch that does that.

Bill
2007-08-27 17:19:42 +00:00
Neal Norwitz 9eb9b10751 If we can't create a certificate, print a warning, but don't fail the test.
Modified patch from what Bill Janssen sent on python-3000.
2007-08-27 01:15:33 +00:00
Neal Norwitz 3e533c2290 Make a utility function for handling (printing) an error 2007-08-27 01:03:18 +00:00
Neal Norwitz f6f525b7c9 Stop using string.join (from the module) to ease upgrade to py3k 2007-08-27 00:58:33 +00:00
Neal Norwitz d6a51e64d7 Another patch from Bill Janssen that:
1)  Fixes the bug that two class names are initial-lower-case.
2)  Replaces the poll waiting for the server to become ready with
    a threading.Event signal.
2007-08-26 22:20:03 +00:00
Neal Norwitz 15d4e56c40 Get the test passing by commenting out some writes (should they be removed?) 2007-08-26 21:40:16 +00:00
Guido van Rossum e472933e27 Bill Janssen wrote:
Here's a patch which makes test_ssl a better player in the buildbots
environment.  I deep-ended on "try-except-else" clauses.
2007-08-26 19:35:09 +00:00
Neal Norwitz 7fc8e2993a Fail gracefully if the cert files cannot be created 2007-08-26 18:50:39 +00:00
Neal Norwitz 8e58b34ee8 Try to get this test to pass for systems that do not have SO_REUSEPORT 2007-08-25 17:25:17 +00:00
Neal Norwitz ce7fa56aac Fix test so it is skipped properly if there is no SSL support. 2007-08-25 16:54:38 +00:00
Guido van Rossum 4f2c3ddca4 Server-side SSL and certificate validation, by Bill Janssen.
While cleaning up Bill's C style, I may have cleaned up some code
he didn't touch as well (in _ssl.c).
2007-08-25 15:08:43 +00:00