[Python-bugs-list] [ python-Bugs-451607 ] SSL support in socket module needs tests (original) (raw)

noreply@sourceforge.net noreply@sourceforge.net
Thu, 11 Oct 2001 11:32:24 -0700

• Previous message: [Python-bugs-list] [ python-Bugs-232460 ] SSL Support (Apparently) Broken on Solaris
• Next message: [Python-bugs-list] [ python-Bugs-467145 ] Python 2.2a4 build problem on HPUX 11.0
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Bugs item #451607, was opened at 2001-08-16 09:00 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=105470&aid=451607&group_id=5470

Category: Extension Modules Group: None Status: Open Resolution: None Priority: 5 Submitted By: Barry Warsaw (bwarsaw) Assigned to: Martin v. L�wis (loewis) Summary: SSL support in socket module needs tests

Initial Comment: SSL support in the socket module should have a regression test, either in test_socket.py or in a separate test_ssl.py file.

Comment By: Martin v. L�wis (loewis) Date: 2001-10-11 11:32

Message: Logged In: YES user_id=21627

On PRNG problems, it seems we have two options:

• wait for, then require OpenSSL 0.9.7. It will look for a prngd socket in default locations (/var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and /etc/entropy); then require administrators to set up OpenSSL that it indeed finds a prngd in these locations when needed.
• expose RAND_add. Exposing any other of the interfaces is pointless; on our installation, prngd runs on localhost:708 instead of a Unix domain socket, and none of the other interfaces could use such a configuration. On top of RAND_add, we could communicate with prngd ourselves, e.g. by using the RANDFILE environment variable.

Comment By: Martin v. L�wis (loewis) Date: 2001-09-03 08:12

Message: Logged In: YES user_id=21627

I'd suggest an approach similar to the one in test_socket, i.e. test only if can_fork. As for the certificates: I think they should be generated in advance and included into the test suite.

Comment By: Barry Warsaw (bwarsaw) Date: 2001-08-28 06:53

Message: Logged In: YES user_id=12800

There is currently an extremely minimal test in test_socket_ssl.py, but it is fairly bogus because it requires an outside network connection. The only test there just tries to hit https://sf.net.

Ideally, there would be a set of regression tests that only required local resources. I.e. it would set up a local SSL server, then do connects to it to test the various SSL features in socket module.

Take a look at test_socket_ssl.py in the 2.2 cvs and see if you can improve matters. From what I understand, the tricky part is generating all the necessary certificates, etc.

Also, if you intend to work on this, please log in to SF to continue this dialog so we know who we're talking to! :)

Comment By: Nobody/Anonymous (nobody) Date: 2001-08-27 22:58

Message: Logged In: NO

I may be able to help with this. I'm fairly familiar with SSL in general, though not about the socket module. What's needed?

You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=105470&aid=451607&group_id=5470

• Previous message: [Python-bugs-list] [ python-Bugs-232460 ] SSL Support (Apparently) Broken on Solaris
• Next message: [Python-bugs-list] [ python-Bugs-467145 ] Python 2.2a4 build problem on HPUX 11.0
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]