Back to index

python3.2  3.2.2
Public Member Functions
test.test_ssl.BasicSocketTests Class Reference

List of all members.

Public Member Functions

def test_constants
def test_random
def test_parse_cert
def test_DER_to_PEM
def test_openssl_version
def test_refcycle
def test_wrapped_unconnected
def test_timeout
def test_errors
def test_match_hostname
def test_server_side

Detailed Description

Definition at line 87 of file test_ssl.py.


Member Function Documentation

Definition at line 89 of file test_ssl.py.

00089 
00090     def test_constants(self):
00091         #ssl.PROTOCOL_SSLv2
00092         ssl.PROTOCOL_SSLv23
00093         ssl.PROTOCOL_SSLv3
00094         ssl.PROTOCOL_TLSv1
00095         ssl.CERT_NONE
00096         ssl.CERT_OPTIONAL
00097         ssl.CERT_REQUIRED
00098         self.assertIn(ssl.HAS_SNI, {True, False})

Here is the call graph for this function:

Definition at line 121 of file test_ssl.py.

00121 
00122     def test_DER_to_PEM(self):
00123         with open(SVN_PYTHON_ORG_ROOT_CERT, 'r') as f:
00124             pem = f.read()
00125         d1 = ssl.PEM_cert_to_DER_cert(pem)
00126         p2 = ssl.DER_cert_to_PEM_cert(d1)
00127         d2 = ssl.PEM_cert_to_DER_cert(p2)
00128         self.assertEqual(d1, d2)
00129         if not p2.startswith(ssl.PEM_HEADER + '\n'):
00130             self.fail("DER-to-PEM didn't include correct header:\n%r\n" % p2)
00131         if not p2.endswith('\n' + ssl.PEM_FOOTER + '\n'):
00132             self.fail("DER-to-PEM didn't include correct footer:\n%r\n" % p2)

Here is the call graph for this function:

Definition at line 191 of file test_ssl.py.

00191 
00192     def test_errors(self):
00193         sock = socket.socket()
00194         self.assertRaisesRegex(ValueError,
00195                         "certfile must be specified",
00196                         ssl.wrap_socket, sock, keyfile=CERTFILE)
00197         self.assertRaisesRegex(ValueError,
00198                         "certfile must be specified for server-side operations",
00199                         ssl.wrap_socket, sock, server_side=True)
00200         self.assertRaisesRegex(ValueError,
00201                         "certfile must be specified for server-side operations",
00202                         ssl.wrap_socket, sock, server_side=True, certfile="")
00203         s = ssl.wrap_socket(sock, server_side=True, certfile=CERTFILE)
00204         self.assertRaisesRegex(ValueError, "can't connect in server-side mode",
00205                                 s.connect, (HOST, 8080))
00206         with self.assertRaises(IOError) as cm:
00207             with socket.socket() as sock:
00208                 ssl.wrap_socket(sock, certfile=WRONGCERT)
00209         self.assertEqual(cm.exception.errno, errno.ENOENT)
00210         with self.assertRaises(IOError) as cm:
00211             with socket.socket() as sock:
00212                 ssl.wrap_socket(sock, certfile=CERTFILE, keyfile=WRONGCERT)
00213         self.assertEqual(cm.exception.errno, errno.ENOENT)
00214         with self.assertRaises(IOError) as cm:
00215             with socket.socket() as sock:
00216                 ssl.wrap_socket(sock, certfile=WRONGCERT, keyfile=WRONGCERT)
00217         self.assertEqual(cm.exception.errno, errno.ENOENT)

Here is the call graph for this function:

Definition at line 218 of file test_ssl.py.

00218 
00219     def test_match_hostname(self):
00220         def ok(cert, hostname):
00221             ssl.match_hostname(cert, hostname)
00222         def fail(cert, hostname):
00223             self.assertRaises(ssl.CertificateError,
00224                               ssl.match_hostname, cert, hostname)
00225 
00226         cert = {'subject': ((('commonName', 'example.com'),),)}
00227         ok(cert, 'example.com')
00228         ok(cert, 'ExAmple.cOm')
00229         fail(cert, 'www.example.com')
00230         fail(cert, '.example.com')
00231         fail(cert, 'example.org')
00232         fail(cert, 'exampleXcom')
00233 
00234         cert = {'subject': ((('commonName', '*.a.com'),),)}
00235         ok(cert, 'foo.a.com')
00236         fail(cert, 'bar.foo.a.com')
00237         fail(cert, 'a.com')
00238         fail(cert, 'Xa.com')
00239         fail(cert, '.a.com')
00240 
00241         cert = {'subject': ((('commonName', 'a.*.com'),),)}
00242         ok(cert, 'a.foo.com')
00243         fail(cert, 'a..com')
00244         fail(cert, 'a.com')
00245 
00246         cert = {'subject': ((('commonName', 'f*.com'),),)}
00247         ok(cert, 'foo.com')
00248         ok(cert, 'f.com')
00249         fail(cert, 'bar.com')
00250         fail(cert, 'foo.a.com')
00251         fail(cert, 'bar.foo.com')
00252 
00253         # Slightly fake real-world example
00254         cert = {'notAfter': 'Jun 26 21:41:46 2011 GMT',
00255                 'subject': ((('commonName', 'linuxfrz.org'),),),
00256                 'subjectAltName': (('DNS', 'linuxfr.org'),
00257                                    ('DNS', 'linuxfr.com'),
00258                                    ('othername', '<unsupported>'))}
00259         ok(cert, 'linuxfr.org')
00260         ok(cert, 'linuxfr.com')
00261         # Not a "DNS" entry
00262         fail(cert, '<unsupported>')
00263         # When there is a subjectAltName, commonName isn't used
00264         fail(cert, 'linuxfrz.org')
00265 
00266         # A pristine real-world example
00267         cert = {'notAfter': 'Dec 18 23:59:59 2011 GMT',
00268                 'subject': ((('countryName', 'US'),),
00269                             (('stateOrProvinceName', 'California'),),
00270                             (('localityName', 'Mountain View'),),
00271                             (('organizationName', 'Google Inc'),),
00272                             (('commonName', 'mail.google.com'),))}
00273         ok(cert, 'mail.google.com')
00274         fail(cert, 'gmail.com')
00275         # Only commonName is considered
00276         fail(cert, 'California')
00277 
00278         # Neither commonName nor subjectAltName
00279         cert = {'notAfter': 'Dec 18 23:59:59 2011 GMT',
00280                 'subject': ((('countryName', 'US'),),
00281                             (('stateOrProvinceName', 'California'),),
00282                             (('localityName', 'Mountain View'),),
00283                             (('organizationName', 'Google Inc'),))}
00284         fail(cert, 'mail.google.com')
00285 
00286         # No DNS entry in subjectAltName but a commonName
00287         cert = {'notAfter': 'Dec 18 23:59:59 2099 GMT',
00288                 'subject': ((('countryName', 'US'),),
00289                             (('stateOrProvinceName', 'California'),),
00290                             (('localityName', 'Mountain View'),),
00291                             (('commonName', 'mail.google.com'),)),
00292                 'subjectAltName': (('othername', 'blabla'), )}
00293         ok(cert, 'mail.google.com')
00294 
00295         # No DNS entry subjectAltName and no commonName
00296         cert = {'notAfter': 'Dec 18 23:59:59 2099 GMT',
00297                 'subject': ((('countryName', 'US'),),
00298                             (('stateOrProvinceName', 'California'),),
00299                             (('localityName', 'Mountain View'),),
00300                             (('organizationName', 'Google Inc'),)),
00301                 'subjectAltName': (('othername', 'blabla'),)}
00302         fail(cert, 'google.com')
00303 
00304         # Empty cert / no cert
00305         self.assertRaises(ValueError, ssl.match_hostname, None, 'example.com')
00306         self.assertRaises(ValueError, ssl.match_hostname, {}, 'example.com')

Here is the call graph for this function:

Definition at line 133 of file test_ssl.py.

00133 
00134     def test_openssl_version(self):
00135         n = ssl.OPENSSL_VERSION_NUMBER
00136         t = ssl.OPENSSL_VERSION_INFO
00137         s = ssl.OPENSSL_VERSION
00138         self.assertIsInstance(n, int)
00139         self.assertIsInstance(t, tuple)
00140         self.assertIsInstance(s, str)
00141         # Some sanity checks follow
00142         # >= 0.9
00143         self.assertGreaterEqual(n, 0x900000)
00144         # < 2.0
00145         self.assertLess(n, 0x20000000)
00146         major, minor, fix, patch, status = t
00147         self.assertGreaterEqual(major, 0)
00148         self.assertLess(major, 2)
00149         self.assertGreaterEqual(minor, 0)
00150         self.assertLess(minor, 256)
00151         self.assertGreaterEqual(fix, 0)
00152         self.assertLess(fix, 256)
00153         self.assertGreaterEqual(patch, 0)
00154         self.assertLessEqual(patch, 26)
00155         self.assertGreaterEqual(status, 0)
00156         self.assertLessEqual(status, 15)
00157         # Version string as returned by OpenSSL, the format might change
00158         self.assertTrue(s.startswith("OpenSSL {:d}.{:d}.{:d}".format(major, minor, fix)),
00159                         (s, t))

Here is the call graph for this function:

Definition at line 113 of file test_ssl.py.

00113 
00114     def test_parse_cert(self):
00115         # note that this uses an 'unofficial' function in _ssl.c,
00116         # provided solely for this test, to exercise the certificate
00117         # parsing code
00118         p = ssl._ssl._test_decode_cert(CERTFILE)
00119         if support.verbose:
00120             sys.stdout.write("\n" + pprint.pformat(p) + "\n")

Here is the call graph for this function:

Definition at line 99 of file test_ssl.py.

00099 
00100     def test_random(self):
00101         v = ssl.RAND_status()
00102         if support.verbose:
00103             sys.stdout.write("\n RAND_status is %d (%s)\n"
00104                              % (v, (v and "sufficient randomness") or
00105                                 "insufficient randomness"))
00106         try:
00107             ssl.RAND_egd(1)
00108         except TypeError:
00109             pass
00110         else:
00111             print("didn't raise TypeError")
00112         ssl.RAND_add("this is a random string", 75.0)

Definition at line 161 of file test_ssl.py.

00161 
00162     def test_refcycle(self):
00163         # Issue #7943: an SSL object doesn't create reference cycles with
00164         # itself.
00165         s = socket.socket(socket.AF_INET)
00166         ss = ssl.wrap_socket(s)
00167         wr = weakref.ref(ss)
00168         del ss
00169         self.assertEqual(wr(), None)

Here is the call graph for this function:

Definition at line 307 of file test_ssl.py.

00307 
00308     def test_server_side(self):
00309         # server_hostname doesn't work for server sockets
00310         ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
00311         with socket.socket() as sock:
00312             self.assertRaises(ValueError, ctx.wrap_socket, sock, True,
00313                               server_hostname="some.hostname")

Here is the call graph for this function:

Definition at line 182 of file test_ssl.py.

00182 
00183     def test_timeout(self):
00184         # Issue #8524: when creating an SSL socket, the timeout of the
00185         # original socket should be retained.
00186         for timeout in (None, 0.0, 5.0):
00187             s = socket.socket(socket.AF_INET)
00188             s.settimeout(timeout)
00189             ss = ssl.wrap_socket(s)
00190             self.assertEqual(timeout, ss.gettimeout())

Here is the call graph for this function:

Definition at line 170 of file test_ssl.py.

00170 
00171     def test_wrapped_unconnected(self):
00172         # Methods on an unconnected SSLSocket propagate the original
00173         # socket.error raise by the underlying socket object.
00174         s = socket.socket(socket.AF_INET)
00175         ss = ssl.wrap_socket(s)
00176         self.assertRaises(socket.error, ss.recv, 1)
00177         self.assertRaises(socket.error, ss.recv_into, bytearray(b'x'))
00178         self.assertRaises(socket.error, ss.recvfrom, 1)
00179         self.assertRaises(socket.error, ss.recvfrom_into, bytearray(b'x'), 1)
00180         self.assertRaises(socket.error, ss.send, b'x')
00181         self.assertRaises(socket.error, ss.sendto, b'x', ('0.0.0.0', 0))

Here is the call graph for this function:


The documentation for this class was generated from the following file: