Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
C
cpython
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
cpython
Commits
b644e8c2
Commit
b644e8c2
authored
Jan 14, 2016
by
Martin Panter
Browse files
Options
Browse Files
Download
Plain Diff
Issue #25940: Merge self-signed.pythontest.net testing from 3.3 into 3.4
parents
cd28a4e8
e6f3d78d
Changes
6
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
88 additions
and
86 deletions
+88
-86
Lib/test/capath/0e4015b9.0
Lib/test/capath/0e4015b9.0
+16
-0
Lib/test/capath/ce7b8643.0
Lib/test/capath/ce7b8643.0
+16
-0
Lib/test/https_svn_python_org_root.pem
Lib/test/https_svn_python_org_root.pem
+0
-41
Lib/test/selfsigned_pythontestdotnet.pem
Lib/test/selfsigned_pythontestdotnet.pem
+6
-6
Lib/test/test_ssl.py
Lib/test/test_ssl.py
+44
-39
Misc/NEWS
Misc/NEWS
+6
-0
No files found.
Lib/test/capath/0e4015b9.0
0 → 100644
View file @
b644e8c2
-----BEGIN CERTIFICATE-----
MIIClTCCAf6gAwIBAgIJAKGU95wKR8pTMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
BAYTAlhZMRcwFQYDVQQHDA5DYXN0bGUgQW50aHJheDEjMCEGA1UECgwaUHl0aG9u
IFNvZnR3YXJlIEZvdW5kYXRpb24xIzAhBgNVBAMMGnNlbGYtc2lnbmVkLnB5dGhv
bnRlc3QubmV0MB4XDTE0MTEwMjE4MDkyOVoXDTI0MTAzMDE4MDkyOVowcDELMAkG
A1UEBhMCWFkxFzAVBgNVBAcMDkNhc3RsZSBBbnRocmF4MSMwIQYDVQQKDBpQeXRo
b24gU29mdHdhcmUgRm91bmRhdGlvbjEjMCEGA1UEAwwac2VsZi1zaWduZWQucHl0
aG9udGVzdC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANDXQXW9tjyZ
Xt0Iv2tLL1+jinr4wGg36ioLDLFkMf+2Y1GL0v0BnKYG4N1OKlAU15LXGeGer8vm
Sv/yIvmdrELvhAbbo3w4a9TMYQA4XkIVLdvu3mvNOAet+8PMJxn26dbDhG809ALv
EHY57lQsBS3G59RZyBPVqAqmImWNJnVzAgMBAAGjNzA1MCUGA1UdEQQeMByCGnNl
bGYtc2lnbmVkLnB5dGhvbnRlc3QubmV0MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN
AQEFBQADgYEAIuzAhgMouJpNdf3URCHIineyoSt6WK/9+eyUcjlKOrDoXNZaD72h
TXMeKYoWvJyVcSLKL8ckPtDobgP2OTt0UkyAaj0n+ZHaqq1lH2yVfGUA1ILJv515
C8BqbvVZuqm3i7ygmw3bqE/lYMgOrYtXXnqOrz6nvsE6Yc9V9rFflOM=
-----END CERTIFICATE-----
Lib/test/capath/ce7b8643.0
0 → 100644
View file @
b644e8c2
-----BEGIN CERTIFICATE-----
MIIClTCCAf6gAwIBAgIJAKGU95wKR8pTMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
BAYTAlhZMRcwFQYDVQQHDA5DYXN0bGUgQW50aHJheDEjMCEGA1UECgwaUHl0aG9u
IFNvZnR3YXJlIEZvdW5kYXRpb24xIzAhBgNVBAMMGnNlbGYtc2lnbmVkLnB5dGhv
bnRlc3QubmV0MB4XDTE0MTEwMjE4MDkyOVoXDTI0MTAzMDE4MDkyOVowcDELMAkG
A1UEBhMCWFkxFzAVBgNVBAcMDkNhc3RsZSBBbnRocmF4MSMwIQYDVQQKDBpQeXRo
b24gU29mdHdhcmUgRm91bmRhdGlvbjEjMCEGA1UEAwwac2VsZi1zaWduZWQucHl0
aG9udGVzdC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANDXQXW9tjyZ
Xt0Iv2tLL1+jinr4wGg36ioLDLFkMf+2Y1GL0v0BnKYG4N1OKlAU15LXGeGer8vm
Sv/yIvmdrELvhAbbo3w4a9TMYQA4XkIVLdvu3mvNOAet+8PMJxn26dbDhG809ALv
EHY57lQsBS3G59RZyBPVqAqmImWNJnVzAgMBAAGjNzA1MCUGA1UdEQQeMByCGnNl
bGYtc2lnbmVkLnB5dGhvbnRlc3QubmV0MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN
AQEFBQADgYEAIuzAhgMouJpNdf3URCHIineyoSt6WK/9+eyUcjlKOrDoXNZaD72h
TXMeKYoWvJyVcSLKL8ckPtDobgP2OTt0UkyAaj0n+ZHaqq1lH2yVfGUA1ILJv515
C8BqbvVZuqm3i7ygmw3bqE/lYMgOrYtXXnqOrz6nvsE6Yc9V9rFflOM=
-----END CERTIFICATE-----
Lib/test/https_svn_python_org_root.pem
deleted
100644 → 0
View file @
cd28a4e8
-----BEGIN CERTIFICATE-----
MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w
ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY
gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe
MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0
IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy
dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw
czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0
dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl
aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC
AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg
b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB
ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc
nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg
18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c
gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl
Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY
sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T
SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF
CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum
GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk
zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW
omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD
-----END CERTIFICATE-----
Lib/test/selfsigned_pythontestdotnet.pem
View file @
b644e8c2
-----BEGIN CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIC
hzCCAfCgAwIBAgIJAKGU95wKR8pS
MA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
MIIC
lTCCAf6gAwIBAgIJAKGU95wKR8pT
MA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
BAYTAlhZMRcwFQYDVQQHDA5DYXN0bGUgQW50aHJheDEjMCEGA1UECgwaUHl0aG9u
BAYTAlhZMRcwFQYDVQQHDA5DYXN0bGUgQW50aHJheDEjMCEGA1UECgwaUHl0aG9u
IFNvZnR3YXJlIEZvdW5kYXRpb24xIzAhBgNVBAMMGnNlbGYtc2lnbmVkLnB5dGhv
IFNvZnR3YXJlIEZvdW5kYXRpb24xIzAhBgNVBAMMGnNlbGYtc2lnbmVkLnB5dGhv
bnRlc3QubmV0MB4XDTE0MTEwMjE4MDkyOVoXDTI0MTAzMDE4MDkyOVowcDELMAkG
bnRlc3QubmV0MB4XDTE0MTEwMjE4MDkyOVoXDTI0MTAzMDE4MDkyOVowcDELMAkG
...
@@ -8,9 +8,9 @@ b24gU29mdHdhcmUgRm91bmRhdGlvbjEjMCEGA1UEAwwac2VsZi1zaWduZWQucHl0
...
@@ -8,9 +8,9 @@ b24gU29mdHdhcmUgRm91bmRhdGlvbjEjMCEGA1UEAwwac2VsZi1zaWduZWQucHl0
aG9udGVzdC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANDXQXW9tjyZ
aG9udGVzdC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANDXQXW9tjyZ
Xt0Iv2tLL1+jinr4wGg36ioLDLFkMf+2Y1GL0v0BnKYG4N1OKlAU15LXGeGer8vm
Xt0Iv2tLL1+jinr4wGg36ioLDLFkMf+2Y1GL0v0BnKYG4N1OKlAU15LXGeGer8vm
Sv/yIvmdrELvhAbbo3w4a9TMYQA4XkIVLdvu3mvNOAet+8PMJxn26dbDhG809ALv
Sv/yIvmdrELvhAbbo3w4a9TMYQA4XkIVLdvu3mvNOAet+8PMJxn26dbDhG809ALv
EHY57lQsBS3G59RZyBPVqAqmImWNJnVzAgMBAAGj
KTAn
MCUGA1UdEQQeMByCGnNl
EHY57lQsBS3G59RZyBPVqAqmImWNJnVzAgMBAAGj
NzA1
MCUGA1UdEQQeMByCGnNl
bGYtc2lnbmVkLnB5dGhvbnRlc3QubmV0MA
0GCSqGSIb3DQEBBQUAA4GBAIOXmdtM
bGYtc2lnbmVkLnB5dGhvbnRlc3QubmV0MA
wGA1UdEwQFMAMBAf8wDQYJKoZIhvcN
eG9qzP9TiXW/Gc/zI4cBfdCpC+Y4gOfC9bQUC7hefix4iO3+iZjgy3X/FaRxUUoV
AQEFBQADgYEAIuzAhgMouJpNdf3URCHIineyoSt6WK/9+eyUcjlKOrDoXNZaD72h
HKiXcXIaWqTSUWp45cSh0MbwZXudp6JIAptzdAhvvCrPKeC9i9GvxsPD4LtDAL97
TXMeKYoWvJyVcSLKL8ckPtDobgP2OTt0UkyAaj0n+ZHaqq1lH2yVfGUA1ILJv515
vSaxQBezA7hdxZd90/EeyMgVZgAnTCnvAWX9
C8BqbvVZuqm3i7ygmw3bqE/lYMgOrYtXXnqOrz6nvsE6Yc9V9rFflOM=
-----END CERTIFICATE-----
-----END CERTIFICATE-----
Lib/test/test_ssl.py
View file @
b644e8c2
...
@@ -55,7 +55,8 @@ SIGNED_CERTFILE = data_file("keycert3.pem")
...
@@ -55,7 +55,8 @@ SIGNED_CERTFILE = data_file("keycert3.pem")
SIGNED_CERTFILE2
=
data_file
(
"keycert4.pem"
)
SIGNED_CERTFILE2
=
data_file
(
"keycert4.pem"
)
SIGNING_CA
=
data_file
(
"pycacert.pem"
)
SIGNING_CA
=
data_file
(
"pycacert.pem"
)
SVN_PYTHON_ORG_ROOT_CERT
=
data_file
(
"https_svn_python_org_root.pem"
)
REMOTE_HOST
=
"self-signed.pythontest.net"
REMOTE_ROOT_CERT
=
data_file
(
"selfsigned_pythontestdotnet.pem"
)
EMPTYCERT
=
data_file
(
"nullcert.pem"
)
EMPTYCERT
=
data_file
(
"nullcert.pem"
)
BADCERT
=
data_file
(
"badcert.pem"
)
BADCERT
=
data_file
(
"badcert.pem"
)
...
@@ -260,7 +261,7 @@ class BasicSocketTests(unittest.TestCase):
...
@@ -260,7 +261,7 @@ class BasicSocketTests(unittest.TestCase):
self
.
assertEqual
(
p
[
'subjectAltName'
],
san
)
self
.
assertEqual
(
p
[
'subjectAltName'
],
san
)
def
test_DER_to_PEM
(
self
):
def
test_DER_to_PEM
(
self
):
with
open
(
SVN_PYTHON_ORG_ROOT_
CERT
,
'r'
)
as
f
:
with
open
(
CAFILE_CA
CERT
,
'r'
)
as
f
:
pem
=
f
.
read
()
pem
=
f
.
read
()
d1
=
ssl
.
PEM_cert_to_DER_cert
(
pem
)
d1
=
ssl
.
PEM_cert_to_DER_cert
(
pem
)
p2
=
ssl
.
DER_cert_to_PEM_cert
(
d1
)
p2
=
ssl
.
DER_cert_to_PEM_cert
(
d1
)
...
@@ -752,7 +753,7 @@ class ContextTests(unittest.TestCase):
...
@@ -752,7 +753,7 @@ class ContextTests(unittest.TestCase):
# Mismatching key and cert
# Mismatching key and cert
ctx
=
ssl
.
SSLContext
(
ssl
.
PROTOCOL_TLSv1
)
ctx
=
ssl
.
SSLContext
(
ssl
.
PROTOCOL_TLSv1
)
with
self
.
assertRaisesRegex
(
ssl
.
SSLError
,
"key values mismatch"
):
with
self
.
assertRaisesRegex
(
ssl
.
SSLError
,
"key values mismatch"
):
ctx
.
load_cert_chain
(
SVN_PYTHON_ORG_ROOT_
CERT
,
ONLYKEY
)
ctx
.
load_cert_chain
(
CAFILE_CA
CERT
,
ONLYKEY
)
# Password protected key and cert
# Password protected key and cert
ctx
.
load_cert_chain
(
CERTFILE_PROTECTED
,
password
=
KEY_PASSWORD
)
ctx
.
load_cert_chain
(
CERTFILE_PROTECTED
,
password
=
KEY_PASSWORD
)
ctx
.
load_cert_chain
(
CERTFILE_PROTECTED
,
password
=
KEY_PASSWORD
.
encode
())
ctx
.
load_cert_chain
(
CERTFILE_PROTECTED
,
password
=
KEY_PASSWORD
.
encode
())
...
@@ -1172,11 +1173,11 @@ class SSLErrorTests(unittest.TestCase):
...
@@ -1172,11 +1173,11 @@ class SSLErrorTests(unittest.TestCase):
class
NetworkedTests
(
unittest
.
TestCase
):
class
NetworkedTests
(
unittest
.
TestCase
):
def
test_connect
(
self
):
def
test_connect
(
self
):
with
support
.
transient_internet
(
"svn.python.org"
):
with
support
.
transient_internet
(
REMOTE_HOST
):
s
=
ssl
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
),
s
=
ssl
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
),
cert_reqs
=
ssl
.
CERT_NONE
)
cert_reqs
=
ssl
.
CERT_NONE
)
try
:
try
:
s
.
connect
((
"svn.python.org"
,
443
))
s
.
connect
((
REMOTE_HOST
,
443
))
self
.
assertEqual
({},
s
.
getpeercert
())
self
.
assertEqual
({},
s
.
getpeercert
())
finally
:
finally
:
s
.
close
()
s
.
close
()
...
@@ -1185,27 +1186,27 @@ class NetworkedTests(unittest.TestCase):
...
@@ -1185,27 +1186,27 @@ class NetworkedTests(unittest.TestCase):
s
=
ssl
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
),
s
=
ssl
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
),
cert_reqs
=
ssl
.
CERT_REQUIRED
)
cert_reqs
=
ssl
.
CERT_REQUIRED
)
self
.
assertRaisesRegex
(
ssl
.
SSLError
,
"certificate verify failed"
,
self
.
assertRaisesRegex
(
ssl
.
SSLError
,
"certificate verify failed"
,
s
.
connect
,
(
"svn.python.org"
,
443
))
s
.
connect
,
(
REMOTE_HOST
,
443
))
s
.
close
()
s
.
close
()
# this should succeed because we specify the root cert
# this should succeed because we specify the root cert
s
=
ssl
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
),
s
=
ssl
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
),
cert_reqs
=
ssl
.
CERT_REQUIRED
,
cert_reqs
=
ssl
.
CERT_REQUIRED
,
ca_certs
=
SVN_PYTHON_ORG
_ROOT_CERT
)
ca_certs
=
REMOTE
_ROOT_CERT
)
try
:
try
:
s
.
connect
((
"svn.python.org"
,
443
))
s
.
connect
((
REMOTE_HOST
,
443
))
self
.
assertTrue
(
s
.
getpeercert
())
self
.
assertTrue
(
s
.
getpeercert
())
finally
:
finally
:
s
.
close
()
s
.
close
()
def
test_connect_ex
(
self
):
def
test_connect_ex
(
self
):
# Issue #11326: check connect_ex() implementation
# Issue #11326: check connect_ex() implementation
with
support
.
transient_internet
(
"svn.python.org"
):
with
support
.
transient_internet
(
REMOTE_HOST
):
s
=
ssl
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
),
s
=
ssl
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
),
cert_reqs
=
ssl
.
CERT_REQUIRED
,
cert_reqs
=
ssl
.
CERT_REQUIRED
,
ca_certs
=
SVN_PYTHON_ORG
_ROOT_CERT
)
ca_certs
=
REMOTE
_ROOT_CERT
)
try
:
try
:
self
.
assertEqual
(
0
,
s
.
connect_ex
((
"svn.python.org"
,
443
)))
self
.
assertEqual
(
0
,
s
.
connect_ex
((
REMOTE_HOST
,
443
)))
self
.
assertTrue
(
s
.
getpeercert
())
self
.
assertTrue
(
s
.
getpeercert
())
finally
:
finally
:
s
.
close
()
s
.
close
()
...
@@ -1213,14 +1214,14 @@ class NetworkedTests(unittest.TestCase):
...
@@ -1213,14 +1214,14 @@ class NetworkedTests(unittest.TestCase):
def
test_non_blocking_connect_ex
(
self
):
def
test_non_blocking_connect_ex
(
self
):
# Issue #11326: non-blocking connect_ex() should allow handshake
# Issue #11326: non-blocking connect_ex() should allow handshake
# to proceed after the socket gets ready.
# to proceed after the socket gets ready.
with
support
.
transient_internet
(
"svn.python.org"
):
with
support
.
transient_internet
(
REMOTE_HOST
):
s
=
ssl
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
),
s
=
ssl
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
),
cert_reqs
=
ssl
.
CERT_REQUIRED
,
cert_reqs
=
ssl
.
CERT_REQUIRED
,
ca_certs
=
SVN_PYTHON_ORG
_ROOT_CERT
,
ca_certs
=
REMOTE
_ROOT_CERT
,
do_handshake_on_connect
=
False
)
do_handshake_on_connect
=
False
)
try
:
try
:
s
.
setblocking
(
False
)
s
.
setblocking
(
False
)
rc
=
s
.
connect_ex
((
'svn.python.org'
,
443
))
rc
=
s
.
connect_ex
((
REMOTE_HOST
,
443
))
# EWOULDBLOCK under Windows, EINPROGRESS elsewhere
# EWOULDBLOCK under Windows, EINPROGRESS elsewhere
self
.
assertIn
(
rc
,
(
0
,
errno
.
EINPROGRESS
,
errno
.
EWOULDBLOCK
))
self
.
assertIn
(
rc
,
(
0
,
errno
.
EINPROGRESS
,
errno
.
EWOULDBLOCK
))
# Wait for connect to finish
# Wait for connect to finish
...
@@ -1242,58 +1243,62 @@ class NetworkedTests(unittest.TestCase):
...
@@ -1242,58 +1243,62 @@ class NetworkedTests(unittest.TestCase):
def
test_timeout_connect_ex
(
self
):
def
test_timeout_connect_ex
(
self
):
# Issue #12065: on a timeout, connect_ex() should return the original
# Issue #12065: on a timeout, connect_ex() should return the original
# errno (mimicking the behaviour of non-SSL sockets).
# errno (mimicking the behaviour of non-SSL sockets).
with
support
.
transient_internet
(
"svn.python.org"
):
with
support
.
transient_internet
(
REMOTE_HOST
):
s
=
ssl
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
),
s
=
ssl
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
),
cert_reqs
=
ssl
.
CERT_REQUIRED
,
cert_reqs
=
ssl
.
CERT_REQUIRED
,
ca_certs
=
SVN_PYTHON_ORG
_ROOT_CERT
,
ca_certs
=
REMOTE
_ROOT_CERT
,
do_handshake_on_connect
=
False
)
do_handshake_on_connect
=
False
)
try
:
try
:
s
.
settimeout
(
0.0000001
)
s
.
settimeout
(
0.0000001
)
rc
=
s
.
connect_ex
((
'svn.python.org'
,
443
))
rc
=
s
.
connect_ex
((
REMOTE_HOST
,
443
))
if
rc
==
0
:
if
rc
==
0
:
self
.
skipTest
(
"
svn.python.org
responded too quickly"
)
self
.
skipTest
(
"
REMOTE_HOST
responded too quickly"
)
self
.
assertIn
(
rc
,
(
errno
.
EAGAIN
,
errno
.
EWOULDBLOCK
))
self
.
assertIn
(
rc
,
(
errno
.
EAGAIN
,
errno
.
EWOULDBLOCK
))
finally
:
finally
:
s
.
close
()
s
.
close
()
def
test_connect_ex_error
(
self
):
def
test_connect_ex_error
(
self
):
with
support
.
transient_internet
(
"svn.python.org"
):
with
support
.
transient_internet
(
REMOTE_HOST
):
s
=
ssl
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
),
s
=
ssl
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
),
cert_reqs
=
ssl
.
CERT_REQUIRED
,
cert_reqs
=
ssl
.
CERT_REQUIRED
,
ca_certs
=
SVN_PYTHON_ORG
_ROOT_CERT
)
ca_certs
=
REMOTE
_ROOT_CERT
)
try
:
try
:
rc
=
s
.
connect_ex
((
"svn.python.org"
,
444
))
rc
=
s
.
connect_ex
((
REMOTE_HOST
,
444
))
# Issue #19919: Windows machines or VMs hosted on Windows
# Issue #19919: Windows machines or VMs hosted on Windows
# machines sometimes return EWOULDBLOCK.
# machines sometimes return EWOULDBLOCK.
self
.
assertIn
(
rc
,
(
errno
.
ECONNREFUSED
,
errno
.
EWOULDBLOCK
))
errors
=
(
errno
.
ECONNREFUSED
,
errno
.
EHOSTUNREACH
,
errno
.
EWOULDBLOCK
,
)
self
.
assertIn
(
rc
,
errors
)
finally
:
finally
:
s
.
close
()
s
.
close
()
def
test_connect_with_context
(
self
):
def
test_connect_with_context
(
self
):
with
support
.
transient_internet
(
"svn.python.org"
):
with
support
.
transient_internet
(
REMOTE_HOST
):
# Same as test_connect, but with a separately created context
# Same as test_connect, but with a separately created context
ctx
=
ssl
.
SSLContext
(
ssl
.
PROTOCOL_SSLv23
)
ctx
=
ssl
.
SSLContext
(
ssl
.
PROTOCOL_SSLv23
)
s
=
ctx
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
))
s
=
ctx
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
))
s
.
connect
((
"svn.python.org"
,
443
))
s
.
connect
((
REMOTE_HOST
,
443
))
try
:
try
:
self
.
assertEqual
({},
s
.
getpeercert
())
self
.
assertEqual
({},
s
.
getpeercert
())
finally
:
finally
:
s
.
close
()
s
.
close
()
# Same with a server hostname
# Same with a server hostname
s
=
ctx
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
),
s
=
ctx
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
),
server_hostname
=
"svn.python.org"
)
server_hostname
=
REMOTE_HOST
)
s
.
connect
((
"svn.python.org"
,
443
))
s
.
connect
((
REMOTE_HOST
,
443
))
s
.
close
()
s
.
close
()
# This should fail because we have no verification certs
# This should fail because we have no verification certs
ctx
.
verify_mode
=
ssl
.
CERT_REQUIRED
ctx
.
verify_mode
=
ssl
.
CERT_REQUIRED
s
=
ctx
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
))
s
=
ctx
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
))
self
.
assertRaisesRegex
(
ssl
.
SSLError
,
"certificate verify failed"
,
self
.
assertRaisesRegex
(
ssl
.
SSLError
,
"certificate verify failed"
,
s
.
connect
,
(
"svn.python.org"
,
443
))
s
.
connect
,
(
REMOTE_HOST
,
443
))
s
.
close
()
s
.
close
()
# This should succeed because we specify the root cert
# This should succeed because we specify the root cert
ctx
.
load_verify_locations
(
SVN_PYTHON_ORG
_ROOT_CERT
)
ctx
.
load_verify_locations
(
REMOTE
_ROOT_CERT
)
s
=
ctx
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
))
s
=
ctx
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
))
s
.
connect
((
"svn.python.org"
,
443
))
s
.
connect
((
REMOTE_HOST
,
443
))
try
:
try
:
cert
=
s
.
getpeercert
()
cert
=
s
.
getpeercert
()
self
.
assertTrue
(
cert
)
self
.
assertTrue
(
cert
)
...
@@ -1306,12 +1311,12 @@ class NetworkedTests(unittest.TestCase):
...
@@ -1306,12 +1311,12 @@ class NetworkedTests(unittest.TestCase):
# OpenSSL 0.9.8n and 1.0.0, as a result the capath directory must
# OpenSSL 0.9.8n and 1.0.0, as a result the capath directory must
# contain both versions of each certificate (same content, different
# contain both versions of each certificate (same content, different
# filename) for this test to be portable across OpenSSL releases.
# filename) for this test to be portable across OpenSSL releases.
with
support
.
transient_internet
(
"svn.python.org"
):
with
support
.
transient_internet
(
REMOTE_HOST
):
ctx
=
ssl
.
SSLContext
(
ssl
.
PROTOCOL_SSLv23
)
ctx
=
ssl
.
SSLContext
(
ssl
.
PROTOCOL_SSLv23
)
ctx
.
verify_mode
=
ssl
.
CERT_REQUIRED
ctx
.
verify_mode
=
ssl
.
CERT_REQUIRED
ctx
.
load_verify_locations
(
capath
=
CAPATH
)
ctx
.
load_verify_locations
(
capath
=
CAPATH
)
s
=
ctx
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
))
s
=
ctx
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
))
s
.
connect
((
"svn.python.org"
,
443
))
s
.
connect
((
REMOTE_HOST
,
443
))
try
:
try
:
cert
=
s
.
getpeercert
()
cert
=
s
.
getpeercert
()
self
.
assertTrue
(
cert
)
self
.
assertTrue
(
cert
)
...
@@ -1322,7 +1327,7 @@ class NetworkedTests(unittest.TestCase):
...
@@ -1322,7 +1327,7 @@ class NetworkedTests(unittest.TestCase):
ctx
.
verify_mode
=
ssl
.
CERT_REQUIRED
ctx
.
verify_mode
=
ssl
.
CERT_REQUIRED
ctx
.
load_verify_locations
(
capath
=
BYTES_CAPATH
)
ctx
.
load_verify_locations
(
capath
=
BYTES_CAPATH
)
s
=
ctx
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
))
s
=
ctx
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
))
s
.
connect
((
"svn.python.org"
,
443
))
s
.
connect
((
REMOTE_HOST
,
443
))
try
:
try
:
cert
=
s
.
getpeercert
()
cert
=
s
.
getpeercert
()
self
.
assertTrue
(
cert
)
self
.
assertTrue
(
cert
)
...
@@ -1356,9 +1361,9 @@ class NetworkedTests(unittest.TestCase):
...
@@ -1356,9 +1361,9 @@ class NetworkedTests(unittest.TestCase):
# Issue #5238: creating a file-like object with makefile() shouldn't
# Issue #5238: creating a file-like object with makefile() shouldn't
# delay closing the underlying "real socket" (here tested with its
# delay closing the underlying "real socket" (here tested with its
# file descriptor, hence skipping the test under Windows).
# file descriptor, hence skipping the test under Windows).
with
support
.
transient_internet
(
"svn.python.org"
):
with
support
.
transient_internet
(
REMOTE_HOST
):
ss
=
ssl
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
))
ss
=
ssl
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
))
ss
.
connect
((
"svn.python.org"
,
443
))
ss
.
connect
((
REMOTE_HOST
,
443
))
fd
=
ss
.
fileno
()
fd
=
ss
.
fileno
()
f
=
ss
.
makefile
()
f
=
ss
.
makefile
()
f
.
close
()
f
.
close
()
...
@@ -1372,9 +1377,9 @@ class NetworkedTests(unittest.TestCase):
...
@@ -1372,9 +1377,9 @@ class NetworkedTests(unittest.TestCase):
self
.
assertEqual
(
e
.
exception
.
errno
,
errno
.
EBADF
)
self
.
assertEqual
(
e
.
exception
.
errno
,
errno
.
EBADF
)
def
test_non_blocking_handshake
(
self
):
def
test_non_blocking_handshake
(
self
):
with
support
.
transient_internet
(
"svn.python.org"
):
with
support
.
transient_internet
(
REMOTE_HOST
):
s
=
socket
.
socket
(
socket
.
AF_INET
)
s
=
socket
.
socket
(
socket
.
AF_INET
)
s
.
connect
((
"svn.python.org"
,
443
))
s
.
connect
((
REMOTE_HOST
,
443
))
s
.
setblocking
(
False
)
s
.
setblocking
(
False
)
s
=
ssl
.
wrap_socket
(
s
,
s
=
ssl
.
wrap_socket
(
s
,
cert_reqs
=
ssl
.
CERT_NONE
,
cert_reqs
=
ssl
.
CERT_NONE
,
...
@@ -1420,12 +1425,12 @@ class NetworkedTests(unittest.TestCase):
...
@@ -1420,12 +1425,12 @@ class NetworkedTests(unittest.TestCase):
if
support
.
verbose
:
if
support
.
verbose
:
sys
.
stdout
.
write
(
"
\
n
Verified certificate for %s:%s is
\
n
%s
\
n
"
%
(
host
,
port
,
pem
))
sys
.
stdout
.
write
(
"
\
n
Verified certificate for %s:%s is
\
n
%s
\
n
"
%
(
host
,
port
,
pem
))
_test_get_server_certificate
(
'svn.python.org'
,
443
,
SVN_PYTHON_ORG
_ROOT_CERT
)
_test_get_server_certificate
(
REMOTE_HOST
,
443
,
REMOTE
_ROOT_CERT
)
if
support
.
IPV6_ENABLED
:
if
support
.
IPV6_ENABLED
:
_test_get_server_certificate
(
'ipv6.google.com'
,
443
)
_test_get_server_certificate
(
'ipv6.google.com'
,
443
)
def
test_ciphers
(
self
):
def
test_ciphers
(
self
):
remote
=
(
"svn.python.org"
,
443
)
remote
=
(
REMOTE_HOST
,
443
)
with
support
.
transient_internet
(
remote
[
0
]):
with
support
.
transient_internet
(
remote
[
0
]):
with
ssl
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
),
with
ssl
.
wrap_socket
(
socket
.
socket
(
socket
.
AF_INET
),
cert_reqs
=
ssl
.
CERT_NONE
,
ciphers
=
"ALL"
)
as
s
:
cert_reqs
=
ssl
.
CERT_NONE
,
ciphers
=
"ALL"
)
as
s
:
...
@@ -2913,7 +2918,7 @@ def test_main(verbose=False):
...
@@ -2913,7 +2918,7 @@ def test_main(verbose=False):
pass
pass
for
filename
in
[
for
filename
in
[
CERTFILE
,
SVN_PYTHON_ORG
_ROOT_CERT
,
BYTES_CERTFILE
,
CERTFILE
,
REMOTE
_ROOT_CERT
,
BYTES_CERTFILE
,
ONLYCERT
,
ONLYKEY
,
BYTES_ONLYCERT
,
BYTES_ONLYKEY
,
ONLYCERT
,
ONLYKEY
,
BYTES_ONLYCERT
,
BYTES_ONLYKEY
,
SIGNED_CERTFILE
,
SIGNED_CERTFILE2
,
SIGNING_CA
,
SIGNED_CERTFILE
,
SIGNED_CERTFILE2
,
SIGNING_CA
,
BADCERT
,
BADKEY
,
EMPTYCERT
]:
BADCERT
,
BADKEY
,
EMPTYCERT
]:
...
...
Misc/NEWS
View file @
b644e8c2
...
@@ -33,6 +33,12 @@ Library
...
@@ -33,6 +33,12 @@ Library
-
Issue
#
26050
:
Add
asyncio
.
StreamReader
.
readuntil
()
method
.
-
Issue
#
26050
:
Add
asyncio
.
StreamReader
.
readuntil
()
method
.
Patch
by
Марк
Коренберг
.
Patch
by
Марк
Коренберг
.
Tests
-----
-
Issue
#
25940
:
Changed
test_ssl
to
use
self
-
signed
.
pythontest
.
net
.
This
avoids
relying
on
svn
.
python
.
org
,
which
recently
changed
root
certificate
.
What
's New in Python 3.4.4?
What
's New in Python 3.4.4?
===========================
===========================
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment