Back to index

python3.2  3.2.2
Public Member Functions
test.test_ssl.NetworkedTests Class Reference

List of all members.

Public Member Functions

def test_connect
def test_connect_ex
def test_non_blocking_connect_ex
def test_timeout_connect_ex
def test_connect_with_context
def test_connect_capath
def test_makefile_close
def test_non_blocking_handshake
def test_get_server_certificate
def test_ciphers
def test_algorithms

Detailed Description

Definition at line 449 of file test_ssl.py.


Member Function Documentation

Definition at line 684 of file test_ssl.py.

00684 
00685     def test_algorithms(self):
00686         # Issue #8484: all algorithms should be available when verifying a
00687         # certificate.
00688         # SHA256 was added in OpenSSL 0.9.8
00689         if ssl.OPENSSL_VERSION_INFO < (0, 9, 8, 0, 15):
00690             self.skipTest("SHA256 not available on %r" % ssl.OPENSSL_VERSION)
00691         # https://sha2.hboeck.de/ was used until 2011-01-08 (no route to host)
00692         remote = ("sha256.tbs-internet.com", 443)
00693         sha256_cert = os.path.join(os.path.dirname(__file__), "sha256.pem")
00694         with support.transient_internet("sha256.tbs-internet.com"):
00695             s = ssl.wrap_socket(socket.socket(socket.AF_INET),
00696                                 cert_reqs=ssl.CERT_REQUIRED,
00697                                 ca_certs=sha256_cert,)
00698             try:
00699                 s.connect(remote)
00700                 if support.verbose:
00701                     sys.stdout.write("\nCipher with %r is %r\n" %
00702                                      (remote, s.cipher()))
00703                     sys.stdout.write("Certificate is:\n%s\n" %
00704                                      pprint.pformat(s.getpeercert()))
00705             finally:
00706                 s.close()
00707 
00708 
try:

Here is the call graph for this function:

Definition at line 668 of file test_ssl.py.

00668 
00669     def test_ciphers(self):
00670         remote = ("svn.python.org", 443)
00671         with support.transient_internet(remote[0]):
00672             s = ssl.wrap_socket(socket.socket(socket.AF_INET),
00673                                 cert_reqs=ssl.CERT_NONE, ciphers="ALL")
00674             s.connect(remote)
00675             s = ssl.wrap_socket(socket.socket(socket.AF_INET),
00676                                 cert_reqs=ssl.CERT_NONE, ciphers="DEFAULT")
00677             s.connect(remote)
00678             # Error checking can happen at instantiation or when connecting
00679             with self.assertRaisesRegex(ssl.SSLError, "No cipher can be selected"):
00680                 with socket.socket(socket.AF_INET) as sock:
00681                     s = ssl.wrap_socket(sock,
00682                                         cert_reqs=ssl.CERT_NONE, ciphers="^$:,;?*'dorothyx")
00683                     s.connect(remote)

Here is the call graph for this function:

Definition at line 451 of file test_ssl.py.

00451 
00452     def test_connect(self):
00453         with support.transient_internet("svn.python.org"):
00454             s = ssl.wrap_socket(socket.socket(socket.AF_INET),
00455                                 cert_reqs=ssl.CERT_NONE)
00456             try:
00457                 s.connect(("svn.python.org", 443))
00458                 self.assertEqual({}, s.getpeercert())
00459             finally:
00460                 s.close()
00461 
00462             # this should fail because we have no verification certs
00463             s = ssl.wrap_socket(socket.socket(socket.AF_INET),
00464                                 cert_reqs=ssl.CERT_REQUIRED)
00465             self.assertRaisesRegex(ssl.SSLError, "certificate verify failed",
00466                                    s.connect, ("svn.python.org", 443))
00467             s.close()
00468 
00469             # this should succeed because we specify the root cert
00470             s = ssl.wrap_socket(socket.socket(socket.AF_INET),
00471                                 cert_reqs=ssl.CERT_REQUIRED,
00472                                 ca_certs=SVN_PYTHON_ORG_ROOT_CERT)
00473             try:
00474                 s.connect(("svn.python.org", 443))
00475                 self.assertTrue(s.getpeercert())
00476             finally:
00477                 s.close()

Here is the call graph for this function:

Definition at line 573 of file test_ssl.py.

00573 
00574     def test_connect_capath(self):
00575         # Verify server certificates using the `capath` argument
00576         # NOTE: the subject hashing algorithm has been changed between
00577         # OpenSSL 0.9.8n and 1.0.0, as a result the capath directory must
00578         # contain both versions of each certificate (same content, different
00579         # filename) for this test to be portable across OpenSSL releases.
00580         with support.transient_internet("svn.python.org"):
00581             ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
00582             ctx.verify_mode = ssl.CERT_REQUIRED
00583             ctx.load_verify_locations(capath=CAPATH)
00584             s = ctx.wrap_socket(socket.socket(socket.AF_INET))
00585             s.connect(("svn.python.org", 443))
00586             try:
00587                 cert = s.getpeercert()
00588                 self.assertTrue(cert)
00589             finally:
00590                 s.close()
00591             # Same with a bytes `capath` argument
00592             ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
00593             ctx.verify_mode = ssl.CERT_REQUIRED
00594             ctx.load_verify_locations(capath=BYTES_CAPATH)
00595             s = ctx.wrap_socket(socket.socket(socket.AF_INET))
00596             s.connect(("svn.python.org", 443))
00597             try:
00598                 cert = s.getpeercert()
00599                 self.assertTrue(cert)
00600             finally:
00601                 s.close()

Here is the call graph for this function:

Definition at line 478 of file test_ssl.py.

00478 
00479     def test_connect_ex(self):
00480         # Issue #11326: check connect_ex() implementation
00481         with support.transient_internet("svn.python.org"):
00482             s = ssl.wrap_socket(socket.socket(socket.AF_INET),
00483                                 cert_reqs=ssl.CERT_REQUIRED,
00484                                 ca_certs=SVN_PYTHON_ORG_ROOT_CERT)
00485             try:
00486                 self.assertEqual(0, s.connect_ex(("svn.python.org", 443)))
00487                 self.assertTrue(s.getpeercert())
00488             finally:
00489                 s.close()

Here is the call graph for this function:

Definition at line 539 of file test_ssl.py.

00539 
00540     def test_connect_with_context(self):
00541         with support.transient_internet("svn.python.org"):
00542             # Same as test_connect, but with a separately created context
00543             ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
00544             s = ctx.wrap_socket(socket.socket(socket.AF_INET))
00545             s.connect(("svn.python.org", 443))
00546             try:
00547                 self.assertEqual({}, s.getpeercert())
00548             finally:
00549                 s.close()
00550             # Same with a server hostname
00551             s = ctx.wrap_socket(socket.socket(socket.AF_INET),
00552                                 server_hostname="svn.python.org")
00553             if ssl.HAS_SNI:
00554                 s.connect(("svn.python.org", 443))
00555                 s.close()
00556             else:
00557                 self.assertRaises(ValueError, s.connect, ("svn.python.org", 443))
00558             # This should fail because we have no verification certs
00559             ctx.verify_mode = ssl.CERT_REQUIRED
00560             s = ctx.wrap_socket(socket.socket(socket.AF_INET))
00561             self.assertRaisesRegex(ssl.SSLError, "certificate verify failed",
00562                                     s.connect, ("svn.python.org", 443))
00563             s.close()
00564             # This should succeed because we specify the root cert
00565             ctx.load_verify_locations(SVN_PYTHON_ORG_ROOT_CERT)
00566             s = ctx.wrap_socket(socket.socket(socket.AF_INET))
00567             s.connect(("svn.python.org", 443))
00568             try:
00569                 cert = s.getpeercert()
00570                 self.assertTrue(cert)
00571             finally:
00572                 s.close()

Here is the call graph for this function:

Definition at line 647 of file test_ssl.py.

00647 
00648     def test_get_server_certificate(self):
00649         with support.transient_internet("svn.python.org"):
00650             pem = ssl.get_server_certificate(("svn.python.org", 443))
00651             if not pem:
00652                 self.fail("No server certificate on svn.python.org:443!")
00653 
00654             try:
00655                 pem = ssl.get_server_certificate(("svn.python.org", 443), ca_certs=CERTFILE)
00656             except ssl.SSLError as x:
00657                 #should fail
00658                 if support.verbose:
00659                     sys.stdout.write("%s\n" % x)
00660             else:
00661                 self.fail("Got server certificate %s for svn.python.org!" % pem)
00662 
00663             pem = ssl.get_server_certificate(("svn.python.org", 443), ca_certs=SVN_PYTHON_ORG_ROOT_CERT)
00664             if not pem:
00665                 self.fail("No server certificate on svn.python.org:443!")
00666             if support.verbose:
00667                 sys.stdout.write("\nVerified certificate for svn.python.org:443 is\n%s\n" % pem)

Here is the call graph for this function:

Definition at line 603 of file test_ssl.py.

00603 
00604     def test_makefile_close(self):
00605         # Issue #5238: creating a file-like object with makefile() shouldn't
00606         # delay closing the underlying "real socket" (here tested with its
00607         # file descriptor, hence skipping the test under Windows).
00608         with support.transient_internet("svn.python.org"):
00609             ss = ssl.wrap_socket(socket.socket(socket.AF_INET))
00610             ss.connect(("svn.python.org", 443))
00611             fd = ss.fileno()
00612             f = ss.makefile()
00613             f.close()
00614             # The fd is still open
00615             os.read(fd, 0)
00616             # Closing the SSL socket should close the fd too
00617             ss.close()
00618             gc.collect()
00619             with self.assertRaises(OSError) as e:
00620                 os.read(fd, 0)
00621             self.assertEqual(e.exception.errno, errno.EBADF)

Here is the call graph for this function:

Definition at line 490 of file test_ssl.py.

00490 
00491     def test_non_blocking_connect_ex(self):
00492         # Issue #11326: non-blocking connect_ex() should allow handshake
00493         # to proceed after the socket gets ready.
00494         with support.transient_internet("svn.python.org"):
00495             s = ssl.wrap_socket(socket.socket(socket.AF_INET),
00496                                 cert_reqs=ssl.CERT_REQUIRED,
00497                                 ca_certs=SVN_PYTHON_ORG_ROOT_CERT,
00498                                 do_handshake_on_connect=False)
00499             try:
00500                 s.setblocking(False)
00501                 rc = s.connect_ex(('svn.python.org', 443))
00502                 # EWOULDBLOCK under Windows, EINPROGRESS elsewhere
00503                 self.assertIn(rc, (0, errno.EINPROGRESS, errno.EWOULDBLOCK))
00504                 # Wait for connect to finish
00505                 select.select([], [s], [], 5.0)
00506                 # Non-blocking handshake
00507                 while True:
00508                     try:
00509                         s.do_handshake()
00510                         break
00511                     except ssl.SSLError as err:
00512                         if err.args[0] == ssl.SSL_ERROR_WANT_READ:
00513                             select.select([s], [], [], 5.0)
00514                         elif err.args[0] == ssl.SSL_ERROR_WANT_WRITE:
00515                             select.select([], [s], [], 5.0)
00516                         else:
00517                             raise
00518                 # SSL established
00519                 self.assertTrue(s.getpeercert())
00520             finally:
00521                 s.close()

Here is the call graph for this function:

Definition at line 622 of file test_ssl.py.

00622 
00623     def test_non_blocking_handshake(self):
00624         with support.transient_internet("svn.python.org"):
00625             s = socket.socket(socket.AF_INET)
00626             s.connect(("svn.python.org", 443))
00627             s.setblocking(False)
00628             s = ssl.wrap_socket(s,
00629                                 cert_reqs=ssl.CERT_NONE,
00630                                 do_handshake_on_connect=False)
00631             count = 0
00632             while True:
00633                 try:
00634                     count += 1
00635                     s.do_handshake()
00636                     break
00637                 except ssl.SSLError as err:
00638                     if err.args[0] == ssl.SSL_ERROR_WANT_READ:
00639                         select.select([s], [], [])
00640                     elif err.args[0] == ssl.SSL_ERROR_WANT_WRITE:
00641                         select.select([], [s], [])
00642                     else:
00643                         raise
00644             s.close()
00645             if support.verbose:
00646                 sys.stdout.write("\nNeeded %d calls to do_handshake() to establish session.\n" % count)

Here is the call graph for this function:

Definition at line 522 of file test_ssl.py.

00522 
00523     def test_timeout_connect_ex(self):
00524         # Issue #12065: on a timeout, connect_ex() should return the original
00525         # errno (mimicking the behaviour of non-SSL sockets).
00526         with support.transient_internet("svn.python.org"):
00527             s = ssl.wrap_socket(socket.socket(socket.AF_INET),
00528                                 cert_reqs=ssl.CERT_REQUIRED,
00529                                 ca_certs=SVN_PYTHON_ORG_ROOT_CERT,
00530                                 do_handshake_on_connect=False)
00531             try:
00532                 s.settimeout(0.0000001)
00533                 rc = s.connect_ex(('svn.python.org', 443))
00534                 if rc == 0:
00535                     self.skipTest("svn.python.org responded too quickly")
00536                 self.assertIn(rc, (errno.EAGAIN, errno.EWOULDBLOCK))
00537             finally:
00538                 s.close()

Here is the call graph for this function:


The documentation for this class was generated from the following file: