cpython: f74a12e23aaa (original) (raw)
Mercurial > cpython
changeset 82026:f74a12e23aaa
Issue #17107: Test client-side SNI support in urllib.request thanks to the new server-side SNI support in the ssl module. Initial patch by Daniel Black. [#17107]
| Antoine Pitrou solipsis@pitrou.net | |
|---|---|
| date | Tue, 05 Feb 2013 21:20:51 +0100 |
| parents | 2a369c32f1f1 |
| children | 5f8c68281d18 |
| files | Lib/test/ssl_servers.py Lib/test/test_httplib.py Lib/test/test_ssl.py Lib/test/test_urllib2_localnet.py Lib/test/test_urllib2net.py Misc/NEWS |
| diffstat | 6 files changed, 36 insertions(+), 30 deletions(-)[+] [-] Lib/test/ssl_servers.py 8 Lib/test/test_httplib.py 2 Lib/test/test_ssl.py 2 Lib/test/test_urllib2_localnet.py 28 Lib/test/test_urllib2net.py 22 Misc/NEWS 4 |
line wrap: on
line diff
--- a/Lib/test/ssl_servers.py +++ b/Lib/test/ssl_servers.py @@ -147,9 +147,11 @@ class HTTPSServerThread(threading.Thread self.server.shutdown() -def make_https_server(case, certfile=CERTFILE, host=HOST, handler_class=None):
we assume the certfile contains both private key and certificate
- context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+def make_https_server(case, *, context=None, certfile=CERTFILE,
host=HOST, handler_class=None):[](#l1.11)- if context is None:
context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)[](#l1.13)We assume the certfile contains both private key and certificate
context.load_cert_chain(certfile) server = HTTPSServerThread(context, host, handler_class) flag = threading.Event()
--- a/Lib/test/test_httplib.py +++ b/Lib/test/test_httplib.py @@ -703,7 +703,7 @@ class HTTPSTest(TestCase): def make_server(self, certfile): from test.ssl_servers import make_https_server
return make_https_server(self, certfile)[](#l2.7)
return make_https_server(self, certfile=certfile)[](#l2.8)
def test_attributes(self): # simple test to check it's storing the timeout
--- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -1637,7 +1637,7 @@ else: def test_socketserver(self): """Using a SocketServer to create and manage SSL connections."""
server = make_https_server(self, CERTFILE)[](#l3.7)
server = make_https_server(self, certfile=CERTFILE)[](#l3.8) # try to connect[](#l3.9) if support.verbose:[](#l3.10) sys.stdout.write('\n')[](#l3.11)
--- a/Lib/test/test_urllib2_localnet.py +++ b/Lib/test/test_urllib2_localnet.py @@ -9,7 +9,10 @@ import unittest import hashlib from test import support threading = support.import_module('threading') - +try:
Self-signed cert file for 'localhost'
@@ -17,6 +20,7 @@ CERT_localhost = os.path.join(here, 'key
Self-signed cert file for 'fakehostname'
CERT_fakehostname = os.path.join(here, 'keycert2.pem') +
Loopback http server infrastructure
class LoopbackHttpServer(http.server.HTTPServer): @@ -353,12 +357,15 @@ class TestUrlopen(unittest.TestCase): def setUp(self): super(TestUrlopen, self).setUp() # Ignore proxies for localhost tests.
self.old_environ = os.environ.copy()[](#l4.27) os.environ['NO_PROXY'] = '*'[](#l4.28) self.server = None[](#l4.29)
def tearDown(self): if self.server is not None: self.server.stop()
os.environ.clear()[](#l4.34)os.environ.update(self.old_environ)[](#l4.35) super(TestUrlopen, self).tearDown()[](#l4.36)
def urlopen(self, url, data=None, **kwargs): @@ -386,14 +393,14 @@ class TestUrlopen(unittest.TestCase): handler.port = port return handler
- def start_https_server(self, responses=None, **kwargs): if not hasattr(urllib.request, 'HTTPSHandler'): self.skipTest('ssl support required') from test.ssl_servers import make_https_server if responses is None: responses = [(200, [], b"we care a bit")] handler = GetRequestHandler(responses)
server = make_https_server(self, certfile=certfile, handler_class=handler)[](#l4.51)
server = make_https_server(self, handler_class=handler, **kwargs)[](#l4.52) handler.port = server.port[](#l4.53) return handler[](#l4.54)
@@ -483,6 +490,21 @@ class TestUrlopen(unittest.TestCase): self.urlopen("https://localhost:%s/bizarre" % handler.port, cadefault=True)
- def test_https_sni(self):
if ssl is None:[](#l4.61)self.skipTest("ssl module required")[](#l4.62)if not ssl.HAS_SNI:[](#l4.63)self.skipTest("SNI support required in OpenSSL")[](#l4.64)sni_name = None[](#l4.65)def cb_sni(ssl_sock, server_name, initial_context):[](#l4.66)nonlocal sni_name[](#l4.67)sni_name = server_name[](#l4.68)context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)[](#l4.69)context.set_servername_callback(cb_sni)[](#l4.70)handler = self.start_https_server(context=context, certfile=CERT_localhost)[](#l4.71)self.urlopen("https://localhost:%s" % handler.port)[](#l4.72)self.assertEqual(sni_name, "localhost")[](#l4.73)
+ def test_sending_headers(self): handler = self.start_server() req = urllib.request.Request("http://localhost:%s/" % handler.port,
--- a/Lib/test/test_urllib2net.py +++ b/Lib/test/test_urllib2net.py @@ -330,31 +330,9 @@ class TimeoutTest(unittest.TestCase): self.assertEqual(u.fp.fp.raw._sock.gettimeout(), 60) -@unittest.skipUnless(ssl, "requires SSL support") -class HTTPSTests(unittest.TestCase): -
- def test_sni(self):
self.skipTest("test disabled - test server needed")[](#l5.11)# Checks that Server Name Indication works, if supported by the[](#l5.12)# OpenSSL linked to.[](#l5.13)# The ssl module itself doesn't have server-side support for SNI,[](#l5.14)# so we rely on a third-party test site.[](#l5.15)expect_sni = ssl.HAS_SNI[](#l5.16)with support.transient_internet("XXX"):[](#l5.17)u = urllib.request.urlopen("XXX")[](#l5.18)contents = u.readall()[](#l5.19)if expect_sni:[](#l5.20)self.assertIn(b"Great", contents)[](#l5.21)self.assertNotIn(b"Unfortunately", contents)[](#l5.22)else:[](#l5.23)self.assertNotIn(b"Great", contents)[](#l5.24)self.assertIn(b"Unfortunately", contents)[](#l5.25)
- - def test_main(): support.requires("network") support.run_unittest(AuthTests,
HTTPSTests,[](#l5.31) OtherNetworkTests,[](#l5.32) CloseSocketTest,[](#l5.33) TimeoutTest,[](#l5.34)
--- a/Misc/NEWS +++ b/Misc/NEWS @@ -754,6 +754,10 @@ Extension Modules Tests ----- +- Issue #17107: Test client-side SNI support in urllib.request thanks to