Back to index

python3.2  3.2.2
Classes | Functions | Variables
test.test_ssl Namespace Reference

Classes

class  BasicSocketTests
class  ContextTests
class  NetworkedTests
class  ThreadedEchoServer
class  AsyncoreEchoServer
class  ThreadedTests

Functions

def handle_error
def can_clear_options
def no_sslv2_implies_sslv3_hello
def skip_if_broken_ubuntu_ssl
def bad_cert_test
def server_params_test
def try_protocol_combo
def test_main

Variables

tuple ssl = support.import_module("ssl")
list PROTOCOLS
 HOST = support.HOST
tuple data_file = lambdaname:os.path.join(os.path.dirname(__file__), name)
tuple CERTFILE = data_file("keycert.pem")
tuple BYTES_CERTFILE = os.fsencode(CERTFILE)
tuple ONLYCERT = data_file("ssl_cert.pem")
tuple ONLYKEY = data_file("ssl_key.pem")
tuple BYTES_ONLYCERT = os.fsencode(ONLYCERT)
tuple BYTES_ONLYKEY = os.fsencode(ONLYKEY)
tuple CAPATH = data_file("capath")
tuple BYTES_CAPATH = os.fsencode(CAPATH)
tuple SVN_PYTHON_ORG_ROOT_CERT = data_file("https_svn_python_org_root.pem")
tuple EMPTYCERT = data_file("nullcert.pem")
tuple BADCERT = data_file("badcert.pem")
tuple WRONGCERT = data_file("XXXnonexisting.pem")
tuple BADKEY = data_file("badkey.pem")
 _have_threads = False

Function Documentation

def test.test_ssl.bad_cert_test (   certfile)
Launch a server with CERT_REQUIRED, and check that trying to
connect to it with the given client certificate fails.

Definition at line 988 of file test_ssl.py.

00988 
00989     def bad_cert_test(certfile):
00990         """
00991         Launch a server with CERT_REQUIRED, and check that trying to
00992         connect to it with the given client certificate fails.
00993         """
00994         server = ThreadedEchoServer(CERTFILE,
00995                                     certreqs=ssl.CERT_REQUIRED,
00996                                     cacerts=CERTFILE, chatty=False,
00997                                     connectionchatty=False)
00998         flag = threading.Event()
00999         server.start(flag)
01000         # wait for it to start
01001         flag.wait()
01002         # try to connect
01003         try:
01004             try:
01005                 with socket.socket() as sock:
01006                     s = ssl.wrap_socket(sock,
01007                                         certfile=certfile,
01008                                         ssl_version=ssl.PROTOCOL_TLSv1)
01009                     s.connect((HOST, server.port))
01010             except ssl.SSLError as x:
01011                 if support.verbose:
01012                     sys.stdout.write("\nSSLError is %s\n" % x.args[1])
01013             except socket.error as x:
01014                 if support.verbose:
01015                     sys.stdout.write("\nsocket.error is %s\n" % x.args[1])
01016             except IOError as x:
01017                 if x.errno != errno.ENOENT:
01018                     raise
01019                 if support.verbose:
01020                     sys.stdout.write("\IOError is %s\n" % str(x))
01021             else:
01022                 raise AssertionError("Use of invalid cert should have failed!")
01023         finally:
01024             server.stop()
01025             server.join()

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 61 of file test_ssl.py.

00061 
00062 def can_clear_options():
00063     # 0.9.8m or higher
00064     return ssl._OPENSSL_API_VERSION >= (0, 9, 8, 13, 15)

Here is the caller graph for this function:

def test.test_ssl.handle_error (   prefix)

Definition at line 56 of file test_ssl.py.

00056 
00057 def handle_error(prefix):
00058     exc_format = ' '.join(traceback.format_exception(*sys.exc_info()))
00059     if support.verbose:
00060         sys.stdout.write(prefix + exc_format)

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 65 of file test_ssl.py.

00065 
00066 def no_sslv2_implies_sslv3_hello():
00067     # 0.9.7h or higher
00068     return ssl.OPENSSL_VERSION_INFO >= (0, 9, 7, 8, 15)
00069 
00070 
# Issue #9415: Ubuntu hijacks their OpenSSL and forcefully disables SSLv2

Here is the caller graph for this function:

def test.test_ssl.server_params_test (   client_context,
  server_context,
  indata = b"FOO\n",
  chatty = True,
  connectionchatty = False 
)
Launch a server, connect a client to it and try various reads
and writes.

Definition at line 1027 of file test_ssl.py.

01027 
01028                            chatty=True, connectionchatty=False):
01029         """
01030         Launch a server, connect a client to it and try various reads
01031         and writes.
01032         """
01033         server = ThreadedEchoServer(context=server_context,
01034                                     chatty=chatty,
01035                                     connectionchatty=False)
01036         flag = threading.Event()
01037         server.start(flag)
01038         # wait for it to start
01039         flag.wait()
01040         # try to connect
01041         try:
01042             s = client_context.wrap_socket(socket.socket())
01043             s.connect((HOST, server.port))
01044             for arg in [indata, bytearray(indata), memoryview(indata)]:
01045                 if connectionchatty:
01046                     if support.verbose:
01047                         sys.stdout.write(
01048                             " client:  sending %r...\n" % indata)
01049                 s.write(arg)
01050                 outdata = s.read()
01051                 if connectionchatty:
01052                     if support.verbose:
01053                         sys.stdout.write(" client:  read %r\n" % outdata)
01054                 if outdata != indata.lower():
01055                     raise AssertionError(
01056                         "bad data <<%r>> (%d) received; expected <<%r>> (%d)\n"
01057                         % (outdata[:20], len(outdata),
01058                            indata[:20].lower(), len(indata)))
01059             s.write(b"over\n")
01060             if connectionchatty:
01061                 if support.verbose:
01062                     sys.stdout.write(" client:  closing connection.\n")
01063             s.close()
01064         finally:
01065             server.stop()
01066             server.join()

Here is the call graph for this function:

Here is the caller graph for this function:

Definition at line 71 of file test_ssl.py.

00071 
00072 def skip_if_broken_ubuntu_ssl(func):
00073     if hasattr(ssl, 'PROTOCOL_SSLv2'):
00074         @functools.wraps(func)
00075         def f(*args, **kwargs):
00076             try:
00077                 ssl.SSLContext(ssl.PROTOCOL_SSLv2)
00078             except ssl.SSLError:
00079                 if (ssl.OPENSSL_VERSION_INFO == (0, 9, 8, 15, 15) and
00080                     platform.linux_distribution() == ('debian', 'squeeze/sid', '')):
00081                     raise unittest.SkipTest("Patched Ubuntu OpenSSL breaks behaviour")
00082             return func(*args, **kwargs)
00083         return f
00084     else:
00085         return func
00086 

Here is the call graph for this function:

def test.test_ssl.test_main (   verbose = False)

Definition at line 1613 of file test_ssl.py.

01613 
01614 def test_main(verbose=False):
01615     if support.verbose:
01616         plats = {
01617             'Linux': platform.linux_distribution,
01618             'Mac': platform.mac_ver,
01619             'Windows': platform.win32_ver,
01620         }
01621         for name, func in plats.items():
01622             plat = func()
01623             if plat and plat[0]:
01624                 plat = '%s %r' % (name, plat)
01625                 break
01626         else:
01627             plat = repr(platform.platform())
01628         print("test_ssl: testing with %r %r" %
01629             (ssl.OPENSSL_VERSION, ssl.OPENSSL_VERSION_INFO))
01630         print("          under %s" % plat)
01631         print("          HAS_SNI = %r" % ssl.HAS_SNI)
01632 
01633     for filename in [
01634         CERTFILE, SVN_PYTHON_ORG_ROOT_CERT, BYTES_CERTFILE,
01635         ONLYCERT, ONLYKEY, BYTES_ONLYCERT, BYTES_ONLYKEY,
01636         BADCERT, BADKEY, EMPTYCERT]:
01637         if not os.path.exists(filename):
01638             raise support.TestFailed("Can't read certificate file %r" % filename)
01639 
01640     tests = [ContextTests, BasicSocketTests]
01641 
01642     if support.is_resource_enabled('network'):
01643         tests.append(NetworkedTests)
01644 
01645     if _have_threads:
01646         thread_info = support.threading_setup()
01647         if thread_info and support.is_resource_enabled('network'):
01648             tests.append(ThreadedTests)
01649 
01650     try:
01651         support.run_unittest(*tests)
01652     finally:
01653         if _have_threads:
01654             support.threading_cleanup(*thread_info)

def test.test_ssl.try_protocol_combo (   server_protocol,
  client_protocol,
  expect_success,
  certsreqs = None,
  server_options = 0,
  client_options = 0 
)

Definition at line 1068 of file test_ssl.py.

01068 
01069                            certsreqs=None, server_options=0, client_options=0):
01070         if certsreqs is None:
01071             certsreqs = ssl.CERT_NONE
01072         certtype = {
01073             ssl.CERT_NONE: "CERT_NONE",
01074             ssl.CERT_OPTIONAL: "CERT_OPTIONAL",
01075             ssl.CERT_REQUIRED: "CERT_REQUIRED",
01076         }[certsreqs]
01077         if support.verbose:
01078             formatstr = (expect_success and " %s->%s %s\n") or " {%s->%s} %s\n"
01079             sys.stdout.write(formatstr %
01080                              (ssl.get_protocol_name(client_protocol),
01081                               ssl.get_protocol_name(server_protocol),
01082                               certtype))
01083         client_context = ssl.SSLContext(client_protocol)
01084         client_context.options = ssl.OP_ALL | client_options
01085         server_context = ssl.SSLContext(server_protocol)
01086         server_context.options = ssl.OP_ALL | server_options
01087         for ctx in (client_context, server_context):
01088             ctx.verify_mode = certsreqs
01089             # NOTE: we must enable "ALL" ciphers, otherwise an SSLv23 client
01090             # will send an SSLv3 hello (rather than SSLv2) starting from
01091             # OpenSSL 1.0.0 (see issue #8322).
01092             ctx.set_ciphers("ALL")
01093             ctx.load_cert_chain(CERTFILE)
01094             ctx.load_verify_locations(CERTFILE)
01095         try:
01096             server_params_test(client_context, server_context,
01097                                chatty=False, connectionchatty=False)
01098         # Protocol mismatch can result in either an SSLError, or a
01099         # "Connection reset by peer" error.
01100         except ssl.SSLError:
01101             if expect_success:
01102                 raise
01103         except socket.error as e:
01104             if expect_success or e.errno != errno.ECONNRESET:
01105                 raise
01106         else:
01107             if not expect_success:
01108                 raise AssertionError(
01109                     "Client protocol %s succeeded with server protocol %s!"
01110                     % (ssl.get_protocol_name(client_protocol),
01111                        ssl.get_protocol_name(server_protocol)))
01112 

Here is the call graph for this function:

Here is the caller graph for this function:


Variable Documentation

Definition at line 711 of file test_ssl.py.

tuple test.test_ssl.BADCERT = data_file("badcert.pem")

Definition at line 51 of file test_ssl.py.

tuple test.test_ssl.BADKEY = data_file("badkey.pem")

Definition at line 53 of file test_ssl.py.

tuple test.test_ssl.BYTES_CAPATH = os.fsencode(CAPATH)

Definition at line 46 of file test_ssl.py.

tuple test.test_ssl.BYTES_CERTFILE = os.fsencode(CERTFILE)

Definition at line 40 of file test_ssl.py.

tuple test.test_ssl.BYTES_ONLYCERT = os.fsencode(ONLYCERT)

Definition at line 43 of file test_ssl.py.

tuple test.test_ssl.BYTES_ONLYKEY = os.fsencode(ONLYKEY)

Definition at line 44 of file test_ssl.py.

tuple test.test_ssl.CAPATH = data_file("capath")

Definition at line 45 of file test_ssl.py.

tuple test.test_ssl.CERTFILE = data_file("keycert.pem")

Definition at line 39 of file test_ssl.py.

tuple test.test_ssl.data_file = lambdaname:os.path.join(os.path.dirname(__file__), name)

Definition at line 32 of file test_ssl.py.

tuple test.test_ssl.EMPTYCERT = data_file("nullcert.pem")

Definition at line 50 of file test_ssl.py.

Definition at line 30 of file test_ssl.py.

tuple test.test_ssl.ONLYCERT = data_file("ssl_cert.pem")

Definition at line 41 of file test_ssl.py.

tuple test.test_ssl.ONLYKEY = data_file("ssl_key.pem")

Definition at line 42 of file test_ssl.py.

Initial value:
00001 [
00002     ssl.PROTOCOL_SSLv3,
00003     ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1
00004 ]

Definition at line 23 of file test_ssl.py.

Definition at line 21 of file test_ssl.py.

tuple test.test_ssl.SVN_PYTHON_ORG_ROOT_CERT = data_file("https_svn_python_org_root.pem")

Definition at line 48 of file test_ssl.py.

tuple test.test_ssl.WRONGCERT = data_file("XXXnonexisting.pem")

Definition at line 52 of file test_ssl.py.