Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
C
cpython
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
cpython
Commits
73f55076
Commit
73f55076
authored
Jan 14, 2016
by
Martin Panter
Browse files
Options
Browse Files
Download
Plain Diff
Issue #25940: Merge self-signed.pythontest.net testing from 3.2 into 3.3
parents
0e617e22
3d81d93f
Changes
7
Show whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
111 additions
and
89 deletions
+111
-89
Lib/test/capath/0e4015b9.0
Lib/test/capath/0e4015b9.0
+16
-0
Lib/test/capath/ce7b8643.0
Lib/test/capath/ce7b8643.0
+16
-0
Lib/test/https_svn_python_org_root.pem
Lib/test/https_svn_python_org_root.pem
+0
-41
Lib/test/selfsigned_pythontestdotnet.pem
Lib/test/selfsigned_pythontestdotnet.pem
+16
-0
Lib/test/test_httplib.py
Lib/test/test_httplib.py
+8
-7
Lib/test/test_ssl.py
Lib/test/test_ssl.py
+48
-41
Misc/NEWS
Misc/NEWS
+7
-0
No files found.
Lib/test/capath/0e4015b9.0
0 → 100644
View file @
73f55076
-----BEGIN CERTIFICATE-----
MIIClTCCAf6gAwIBAgIJAKGU95wKR8pTMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
BAYTAlhZMRcwFQYDVQQHDA5DYXN0bGUgQW50aHJheDEjMCEGA1UECgwaUHl0aG9u
IFNvZnR3YXJlIEZvdW5kYXRpb24xIzAhBgNVBAMMGnNlbGYtc2lnbmVkLnB5dGhv
bnRlc3QubmV0MB4XDTE0MTEwMjE4MDkyOVoXDTI0MTAzMDE4MDkyOVowcDELMAkG
A1UEBhMCWFkxFzAVBgNVBAcMDkNhc3RsZSBBbnRocmF4MSMwIQYDVQQKDBpQeXRo
b24gU29mdHdhcmUgRm91bmRhdGlvbjEjMCEGA1UEAwwac2VsZi1zaWduZWQucHl0
aG9udGVzdC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANDXQXW9tjyZ
Xt0Iv2tLL1+jinr4wGg36ioLDLFkMf+2Y1GL0v0BnKYG4N1OKlAU15LXGeGer8vm
Sv/yIvmdrELvhAbbo3w4a9TMYQA4XkIVLdvu3mvNOAet+8PMJxn26dbDhG809ALv
EHY57lQsBS3G59RZyBPVqAqmImWNJnVzAgMBAAGjNzA1MCUGA1UdEQQeMByCGnNl
bGYtc2lnbmVkLnB5dGhvbnRlc3QubmV0MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN
AQEFBQADgYEAIuzAhgMouJpNdf3URCHIineyoSt6WK/9+eyUcjlKOrDoXNZaD72h
TXMeKYoWvJyVcSLKL8ckPtDobgP2OTt0UkyAaj0n+ZHaqq1lH2yVfGUA1ILJv515
C8BqbvVZuqm3i7ygmw3bqE/lYMgOrYtXXnqOrz6nvsE6Yc9V9rFflOM=
-----END CERTIFICATE-----
Lib/test/capath/ce7b8643.0
0 → 100644
View file @
73f55076
-----BEGIN CERTIFICATE-----
MIIClTCCAf6gAwIBAgIJAKGU95wKR8pTMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
BAYTAlhZMRcwFQYDVQQHDA5DYXN0bGUgQW50aHJheDEjMCEGA1UECgwaUHl0aG9u
IFNvZnR3YXJlIEZvdW5kYXRpb24xIzAhBgNVBAMMGnNlbGYtc2lnbmVkLnB5dGhv
bnRlc3QubmV0MB4XDTE0MTEwMjE4MDkyOVoXDTI0MTAzMDE4MDkyOVowcDELMAkG
A1UEBhMCWFkxFzAVBgNVBAcMDkNhc3RsZSBBbnRocmF4MSMwIQYDVQQKDBpQeXRo
b24gU29mdHdhcmUgRm91bmRhdGlvbjEjMCEGA1UEAwwac2VsZi1zaWduZWQucHl0
aG9udGVzdC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANDXQXW9tjyZ
Xt0Iv2tLL1+jinr4wGg36ioLDLFkMf+2Y1GL0v0BnKYG4N1OKlAU15LXGeGer8vm
Sv/yIvmdrELvhAbbo3w4a9TMYQA4XkIVLdvu3mvNOAet+8PMJxn26dbDhG809ALv
EHY57lQsBS3G59RZyBPVqAqmImWNJnVzAgMBAAGjNzA1MCUGA1UdEQQeMByCGnNl
bGYtc2lnbmVkLnB5dGhvbnRlc3QubmV0MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN
AQEFBQADgYEAIuzAhgMouJpNdf3URCHIineyoSt6WK/9+eyUcjlKOrDoXNZaD72h
TXMeKYoWvJyVcSLKL8ckPtDobgP2OTt0UkyAaj0n+ZHaqq1lH2yVfGUA1ILJv515
C8BqbvVZuqm3i7ygmw3bqE/lYMgOrYtXXnqOrz6nvsE6Yc9V9rFflOM=
-----END CERTIFICATE-----
Lib/test/https_svn_python_org_root.pem
deleted
100644 → 0
View file @
0e617e22
-----BEGIN CERTIFICATE-----
MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w
ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY
gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe
MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0
IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy
dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw
czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0
dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl
aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC
AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg
b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB
ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc
nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg
18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c
gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl
Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY
sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T
SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF
CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum
GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk
zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW
omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD
-----END CERTIFICATE-----
Lib/test/selfsigned_pythontestdotnet.pem
0 → 100644
View file @
73f55076
-----BEGIN CERTIFICATE-----
MIIClTCCAf6gAwIBAgIJAKGU95wKR8pTMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
BAYTAlhZMRcwFQYDVQQHDA5DYXN0bGUgQW50aHJheDEjMCEGA1UECgwaUHl0aG9u
IFNvZnR3YXJlIEZvdW5kYXRpb24xIzAhBgNVBAMMGnNlbGYtc2lnbmVkLnB5dGhv
bnRlc3QubmV0MB4XDTE0MTEwMjE4MDkyOVoXDTI0MTAzMDE4MDkyOVowcDELMAkG
A1UEBhMCWFkxFzAVBgNVBAcMDkNhc3RsZSBBbnRocmF4MSMwIQYDVQQKDBpQeXRo
b24gU29mdHdhcmUgRm91bmRhdGlvbjEjMCEGA1UEAwwac2VsZi1zaWduZWQucHl0
aG9udGVzdC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANDXQXW9tjyZ
Xt0Iv2tLL1+jinr4wGg36ioLDLFkMf+2Y1GL0v0BnKYG4N1OKlAU15LXGeGer8vm
Sv/yIvmdrELvhAbbo3w4a9TMYQA4XkIVLdvu3mvNOAet+8PMJxn26dbDhG809ALv
EHY57lQsBS3G59RZyBPVqAqmImWNJnVzAgMBAAGjNzA1MCUGA1UdEQQeMByCGnNl
bGYtc2lnbmVkLnB5dGhvbnRlc3QubmV0MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN
AQEFBQADgYEAIuzAhgMouJpNdf3URCHIineyoSt6WK/9+eyUcjlKOrDoXNZaD72h
TXMeKYoWvJyVcSLKL8ckPtDobgP2OTt0UkyAaj0n+ZHaqq1lH2yVfGUA1ILJv515
C8BqbvVZuqm3i7ygmw3bqE/lYMgOrYtXXnqOrz6nvsE6Yc9V9rFflOM=
-----END CERTIFICATE-----
Lib/test/test_httplib.py
View file @
73f55076
...
...
@@ -15,8 +15,8 @@ here = os.path.dirname(__file__)
CERT_localhost
=
os
.
path
.
join
(
here
,
'keycert.pem'
)
# Self-signed cert file for 'fakehostname'
CERT_fakehostname
=
os
.
path
.
join
(
here
,
'keycert2.pem'
)
#
Root cert file (CA) for svn.python.org's cer
t
C
ACERT_svn_python_org
=
os
.
path
.
join
(
here
,
'https_svn_python_org_roo
t.pem'
)
#
Self-signed cert file for self-signed.pythontest.ne
t
C
ERT_selfsigned_pythontestdotnet
=
os
.
path
.
join
(
here
,
'selfsigned_pythontestdotne
t.pem'
)
HOST
=
support
.
HOST
...
...
@@ -758,17 +758,18 @@ class HTTPSTest(TestCase):
self
.
_check_svn_python_org
(
resp
)
def
test_networked_good_cert
(
self
):
# We feed
a CA cert that validates the server's
cert
# We feed
the server's cert as a validating
cert
import
ssl
support
.
requires
(
'network'
)
with
support
.
transient_internet
(
's
vn.python.org
'
):
with
support
.
transient_internet
(
's
elf-signed.pythontest.net
'
):
context
=
ssl
.
SSLContext
(
ssl
.
PROTOCOL_TLSv1
)
context
.
verify_mode
=
ssl
.
CERT_REQUIRED
context
.
load_verify_locations
(
C
ACERT_svn_python_org
)
h
=
client
.
HTTPSConnection
(
's
vn.python.org
'
,
443
,
context
=
context
)
context
.
load_verify_locations
(
C
ERT_selfsigned_pythontestdotnet
)
h
=
client
.
HTTPSConnection
(
's
elf-signed.pythontest.net
'
,
443
,
context
=
context
)
h
.
request
(
'GET'
,
'/'
)
resp
=
h
.
getresponse
()
self
.
_check_svn_python_org
(
resp
)
server_string
=
resp
.
getheader
(
'server'
)
self
.
assertIn
(
'nginx'
,
server_string
)
def
test_networked_bad_cert
(
self
):
# We feed a "CA" cert that is unrelated to the server's cert
...
...
Lib/test/test_ssl.py
View file @
73f55076
...
...
@@ -29,7 +29,8 @@ if hasattr(ssl, 'PROTOCOL_SSLv2'):
HOST
=
support
.
HOST
data_file
=
lambda
name
:
os
.
path
.
join
(
os
.
path
.
dirname
(
__file__
),
name
)
def
data_file
(
*
name
):
return
os
.
path
.
join
(
os
.
path
.
dirname
(
__file__
),
*
name
)
# The custom key and certificate files used in test_ssl are generated
# using Lib/test/make_ssl_certs.py.
...
...
@@ -47,8 +48,10 @@ ONLYKEY_PROTECTED = data_file("ssl_key.passwd.pem")
KEY_PASSWORD
=
"somepass"
CAPATH
=
data_file
(
"capath"
)
BYTES_CAPATH
=
os
.
fsencode
(
CAPATH
)
CAFILE_CACERT
=
data_file
(
"capath"
,
"5ed36f99.0"
)
SVN_PYTHON_ORG_ROOT_CERT
=
data_file
(
"https_svn_python_org_root.pem"
)
REMOTE_HOST
=
"self-signed.pythontest.net"
REMOTE_ROOT_CERT
=
data_file
(
"selfsigned_pythontestdotnet.pem"
)
EMPTYCERT
=
data_file
(
"nullcert.pem"
)
BADCERT
=
data_file
(
"badcert.pem"
)
...
...
@@ -229,7 +232,7 @@ class BasicSocketTests(unittest.TestCase):
self
.
assertEqual
(
p
[
'subjectAltName'
],
san
)
def
test_DER_to_PEM
(
self
):
with
open
(
SVN_PYTHON_ORG_ROOT_
CERT
,
'r'
)
as
f
:
with
open
(
CAFILE_CA
CERT
,
'r'
)
as
f
:
pem
=
f
.
read
()
d1
=
ssl
.
PEM_cert_to_DER_cert
(
pem
)
p2
=
ssl
.
DER_cert_to_PEM_cert
(
d1
)
...
...
@@ -592,7 +595,7 @@ class ContextTests(unittest.TestCase):
# Mismatching key and cert
ctx
=
ssl
.
SSLContext
(
ssl
.
PROTOCOL_TLSv1
)
with
self
.
assertRaisesRegex
(
ssl
.
SSLError
,
"key values mismatch"
):
ctx
.
load_cert_chain
(
SVN_PYTHON_ORG_ROOT_
CERT
,
ONLYKEY
)
ctx
.
load_cert_chain
(
CAFILE_CA
CERT
,
ONLYKEY
)
# Password protected key and cert
ctx
.
load_cert_chain
(
CERTFILE_PROTECTED
,
password
=
KEY_PASSWORD
)
ctx
.
load_cert_chain
(
CERTFILE_PROTECTED
,
password
=
KEY_PASSWORD
.
encode
())
...
...
@@ -759,11 +762,11 @@ class SSLErrorTests(unittest.TestCase):
class
NetworkedTests
(
unittest
.
TestCase
):
def
test_connect
(
self
):
with
support
.
transient_internet
(
"svn.python.org"
):
with
support
.
transient_internet
(
REMOTE_HOST
):
s
=
ssl
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
),
cert_reqs
=
ssl
.
CERT_NONE
)
try
:
s
.
connect
((
"svn.python.org"
,
443
))
s
.
connect
((
REMOTE_HOST
,
443
))
self
.
assertEqual
({},
s
.
getpeercert
())
finally
:
s
.
close
()
...
...
@@ -772,27 +775,27 @@ class NetworkedTests(unittest.TestCase):
s
=
ssl
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
),
cert_reqs
=
ssl
.
CERT_REQUIRED
)
self
.
assertRaisesRegex
(
ssl
.
SSLError
,
"certificate verify failed"
,
s
.
connect
,
(
"svn.python.org"
,
443
))
s
.
connect
,
(
REMOTE_HOST
,
443
))
s
.
close
()
# this should succeed because we specify the root cert
s
=
ssl
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
),
cert_reqs
=
ssl
.
CERT_REQUIRED
,
ca_certs
=
SVN_PYTHON_ORG
_ROOT_CERT
)
ca_certs
=
REMOTE
_ROOT_CERT
)
try
:
s
.
connect
((
"svn.python.org"
,
443
))
s
.
connect
((
REMOTE_HOST
,
443
))
self
.
assertTrue
(
s
.
getpeercert
())
finally
:
s
.
close
()
def
test_connect_ex
(
self
):
# Issue #11326: check connect_ex() implementation
with
support
.
transient_internet
(
"svn.python.org"
):
with
support
.
transient_internet
(
REMOTE_HOST
):
s
=
ssl
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
),
cert_reqs
=
ssl
.
CERT_REQUIRED
,
ca_certs
=
SVN_PYTHON_ORG
_ROOT_CERT
)
ca_certs
=
REMOTE
_ROOT_CERT
)
try
:
self
.
assertEqual
(
0
,
s
.
connect_ex
((
"svn.python.org"
,
443
)))
self
.
assertEqual
(
0
,
s
.
connect_ex
((
REMOTE_HOST
,
443
)))
self
.
assertTrue
(
s
.
getpeercert
())
finally
:
s
.
close
()
...
...
@@ -800,14 +803,14 @@ class NetworkedTests(unittest.TestCase):
def
test_non_blocking_connect_ex
(
self
):
# Issue #11326: non-blocking connect_ex() should allow handshake
# to proceed after the socket gets ready.
with
support
.
transient_internet
(
"svn.python.org"
):
with
support
.
transient_internet
(
REMOTE_HOST
):
s
=
ssl
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
),
cert_reqs
=
ssl
.
CERT_REQUIRED
,
ca_certs
=
SVN_PYTHON_ORG
_ROOT_CERT
,
ca_certs
=
REMOTE
_ROOT_CERT
,
do_handshake_on_connect
=
False
)
try
:
s
.
setblocking
(
False
)
rc
=
s
.
connect_ex
((
'svn.python.org'
,
443
))
rc
=
s
.
connect_ex
((
REMOTE_HOST
,
443
))
# EWOULDBLOCK under Windows, EINPROGRESS elsewhere
self
.
assertIn
(
rc
,
(
0
,
errno
.
EINPROGRESS
,
errno
.
EWOULDBLOCK
))
# Wait for connect to finish
...
...
@@ -829,61 +832,65 @@ class NetworkedTests(unittest.TestCase):
def
test_timeout_connect_ex
(
self
):
# Issue #12065: on a timeout, connect_ex() should return the original
# errno (mimicking the behaviour of non-SSL sockets).
with
support
.
transient_internet
(
"svn.python.org"
):
with
support
.
transient_internet
(
REMOTE_HOST
):
s
=
ssl
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
),
cert_reqs
=
ssl
.
CERT_REQUIRED
,
ca_certs
=
SVN_PYTHON_ORG
_ROOT_CERT
,
ca_certs
=
REMOTE
_ROOT_CERT
,
do_handshake_on_connect
=
False
)
try
:
s
.
settimeout
(
0.0000001
)
rc
=
s
.
connect_ex
((
'svn.python.org'
,
443
))
rc
=
s
.
connect_ex
((
REMOTE_HOST
,
443
))
if
rc
==
0
:
self
.
skipTest
(
"
svn.python.org
responded too quickly"
)
self
.
skipTest
(
"
REMOTE_HOST
responded too quickly"
)
self
.
assertIn
(
rc
,
(
errno
.
EAGAIN
,
errno
.
EWOULDBLOCK
))
finally
:
s
.
close
()
def
test_connect_ex_error
(
self
):
with
support
.
transient_internet
(
"svn.python.org"
):
with
support
.
transient_internet
(
REMOTE_HOST
):
s
=
ssl
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
),
cert_reqs
=
ssl
.
CERT_REQUIRED
,
ca_certs
=
SVN_PYTHON_ORG
_ROOT_CERT
)
ca_certs
=
REMOTE
_ROOT_CERT
)
try
:
rc
=
s
.
connect_ex
((
"svn.python.org"
,
444
))
rc
=
s
.
connect_ex
((
REMOTE_HOST
,
444
))
# Issue #19919: Windows machines or VMs hosted on Windows
# machines sometimes return EWOULDBLOCK.
self
.
assertIn
(
rc
,
(
errno
.
ECONNREFUSED
,
errno
.
EWOULDBLOCK
))
errors
=
(
errno
.
ECONNREFUSED
,
errno
.
EHOSTUNREACH
,
errno
.
EWOULDBLOCK
,
)
self
.
assertIn
(
rc
,
errors
)
finally
:
s
.
close
()
def
test_connect_with_context
(
self
):
with
support
.
transient_internet
(
"svn.python.org"
):
with
support
.
transient_internet
(
REMOTE_HOST
):
# Same as test_connect, but with a separately created context
ctx
=
ssl
.
SSLContext
(
ssl
.
PROTOCOL_SSLv23
)
s
=
ctx
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
))
s
.
connect
((
"svn.python.org"
,
443
))
s
.
connect
((
REMOTE_HOST
,
443
))
try
:
self
.
assertEqual
({},
s
.
getpeercert
())
finally
:
s
.
close
()
# Same with a server hostname
s
=
ctx
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
),
server_hostname
=
"svn.python.org"
)
server_hostname
=
REMOTE_HOST
)
if
ssl
.
HAS_SNI
:
s
.
connect
((
"svn.python.org"
,
443
))
s
.
connect
((
REMOTE_HOST
,
443
))
s
.
close
()
else
:
self
.
assertRaises
(
ValueError
,
s
.
connect
,
(
"svn.python.org"
,
443
))
self
.
assertRaises
(
ValueError
,
s
.
connect
,
(
REMOTE_HOST
,
443
))
# This should fail because we have no verification certs
ctx
.
verify_mode
=
ssl
.
CERT_REQUIRED
s
=
ctx
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
))
self
.
assertRaisesRegex
(
ssl
.
SSLError
,
"certificate verify failed"
,
s
.
connect
,
(
"svn.python.org"
,
443
))
s
.
connect
,
(
REMOTE_HOST
,
443
))
s
.
close
()
# This should succeed because we specify the root cert
ctx
.
load_verify_locations
(
SVN_PYTHON_ORG
_ROOT_CERT
)
ctx
.
load_verify_locations
(
REMOTE
_ROOT_CERT
)
s
=
ctx
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
))
s
.
connect
((
"svn.python.org"
,
443
))
s
.
connect
((
REMOTE_HOST
,
443
))
try
:
cert
=
s
.
getpeercert
()
self
.
assertTrue
(
cert
)
...
...
@@ -896,12 +903,12 @@ class NetworkedTests(unittest.TestCase):
# OpenSSL 0.9.8n and 1.0.0, as a result the capath directory must
# contain both versions of each certificate (same content, different
# filename) for this test to be portable across OpenSSL releases.
with
support
.
transient_internet
(
"svn.python.org"
):
with
support
.
transient_internet
(
REMOTE_HOST
):
ctx
=
ssl
.
SSLContext
(
ssl
.
PROTOCOL_SSLv23
)
ctx
.
verify_mode
=
ssl
.
CERT_REQUIRED
ctx
.
load_verify_locations
(
capath
=
CAPATH
)
s
=
ctx
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
))
s
.
connect
((
"svn.python.org"
,
443
))
s
.
connect
((
REMOTE_HOST
,
443
))
try
:
cert
=
s
.
getpeercert
()
self
.
assertTrue
(
cert
)
...
...
@@ -912,7 +919,7 @@ class NetworkedTests(unittest.TestCase):
ctx
.
verify_mode
=
ssl
.
CERT_REQUIRED
ctx
.
load_verify_locations
(
capath
=
BYTES_CAPATH
)
s
=
ctx
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
))
s
.
connect
((
"svn.python.org"
,
443
))
s
.
connect
((
REMOTE_HOST
,
443
))
try
:
cert
=
s
.
getpeercert
()
self
.
assertTrue
(
cert
)
...
...
@@ -924,9 +931,9 @@ class NetworkedTests(unittest.TestCase):
# Issue #5238: creating a file-like object with makefile() shouldn't
# delay closing the underlying "real socket" (here tested with its
# file descriptor, hence skipping the test under Windows).
with
support
.
transient_internet
(
"svn.python.org"
):
with
support
.
transient_internet
(
REMOTE_HOST
):
ss
=
ssl
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
))
ss
.
connect
((
"svn.python.org"
,
443
))
ss
.
connect
((
REMOTE_HOST
,
443
))
fd
=
ss
.
fileno
()
f
=
ss
.
makefile
()
f
.
close
()
...
...
@@ -940,9 +947,9 @@ class NetworkedTests(unittest.TestCase):
self
.
assertEqual
(
e
.
exception
.
errno
,
errno
.
EBADF
)
def
test_non_blocking_handshake
(
self
):
with
support
.
transient_internet
(
"svn.python.org"
):
with
support
.
transient_internet
(
REMOTE_HOST
):
s
=
socket
.
socket
(
socket
.
AF_INET
)
s
.
connect
((
"svn.python.org"
,
443
))
s
.
connect
((
REMOTE_HOST
,
443
))
s
.
setblocking
(
False
)
s
=
ssl
.
wrap_socket
(
s
,
cert_reqs
=
ssl
.
CERT_NONE
,
...
...
@@ -988,12 +995,12 @@ class NetworkedTests(unittest.TestCase):
if
support
.
verbose
:
sys
.
stdout
.
write
(
"
\
n
Verified certificate for %s:%s is
\
n
%s
\
n
"
%
(
host
,
port
,
pem
))
_test_get_server_certificate
(
'svn.python.org'
,
443
,
SVN_PYTHON_ORG
_ROOT_CERT
)
_test_get_server_certificate
(
REMOTE_HOST
,
443
,
REMOTE
_ROOT_CERT
)
if
support
.
IPV6_ENABLED
:
_test_get_server_certificate
(
'ipv6.google.com'
,
443
)
def
test_ciphers
(
self
):
remote
=
(
"svn.python.org"
,
443
)
remote
=
(
REMOTE_HOST
,
443
)
with
support
.
transient_internet
(
remote
[
0
]):
with
ssl
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
),
cert_reqs
=
ssl
.
CERT_NONE
,
ciphers
=
"ALL"
)
as
s
:
...
...
@@ -2150,7 +2157,7 @@ def test_main(verbose=False):
print
(
" HAS_SNI = %r"
%
ssl
.
HAS_SNI
)
for
filename
in
[
CERTFILE
,
SVN_PYTHON_ORG
_ROOT_CERT
,
BYTES_CERTFILE
,
CERTFILE
,
REMOTE
_ROOT_CERT
,
BYTES_CERTFILE
,
ONLYCERT
,
ONLYKEY
,
BYTES_ONLYCERT
,
BYTES_ONLYKEY
,
BADCERT
,
BADKEY
,
EMPTYCERT
]:
if
not
os
.
path
.
exists
(
filename
):
...
...
Misc/NEWS
View file @
73f55076
...
...
@@ -52,6 +52,13 @@ C API
- Issue #23998: PyImport_ReInitLock() now checks for lock allocation error
Tests
-----
- Issue #25940: Changed test_ssl and test_httplib to use
self-signed.pythontest.net. This avoids relying on svn.python.org, which
recently changed root certificate.
What'
s
New
in
Python
3.3.6
?
===========================
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment