cpython: c3aa4b48b905 (original) (raw)
new file mode 100644 --- /dev/null +++ b/Lib/test/capath/0e4015b9.0 @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIIClTCCAf6gAwIBAgIJAKGU95wKR8pTMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV +BAYTAlhZMRcwFQYDVQQHDA5DYXN0bGUgQW50aHJheDEjMCEGA1UECgwaUHl0aG9u +IFNvZnR3YXJlIEZvdW5kYXRpb24xIzAhBgNVBAMMGnNlbGYtc2lnbmVkLnB5dGhv +bnRlc3QubmV0MB4XDTE0MTEwMjE4MDkyOVoXDTI0MTAzMDE4MDkyOVowcDELMAkG +A1UEBhMCWFkxFzAVBgNVBAcMDkNhc3RsZSBBbnRocmF4MSMwIQYDVQQKDBpQeXRo +b24gU29mdHdhcmUgRm91bmRhdGlvbjEjMCEGA1UEAwwac2VsZi1zaWduZWQucHl0 +aG9udGVzdC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANDXQXW9tjyZ +Xt0Iv2tLL1+jinr4wGg36ioLDLFkMf+2Y1GL0v0BnKYG4N1OKlAU15LXGeGer8vm +Sv/yIvmdrELvhAbbo3w4a9TMYQA4XkIVLdvu3mvNOAet+8PMJxn26dbDhG809ALv +EHY57lQsBS3G59RZyBPVqAqmImWNJnVzAgMBAAGjNzA1MCUGA1UdEQQeMByCGnNl +bGYtc2lnbmVkLnB5dGhvbnRlc3QubmV0MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN +AQEFBQADgYEAIuzAhgMouJpNdf3URCHIineyoSt6WK/9+eyUcjlKOrDoXNZaD72h +TXMeKYoWvJyVcSLKL8ckPtDobgP2OTt0UkyAaj0n+ZHaqq1lH2yVfGUA1ILJv515 +C8BqbvVZuqm3i7ygmw3bqE/lYMgOrYtXXnqOrz6nvsE6Yc9V9rFflOM= +-----END CERTIFICATE-----
new file mode 100644 --- /dev/null +++ b/Lib/test/capath/ce7b8643.0 @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIIClTCCAf6gAwIBAgIJAKGU95wKR8pTMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV +BAYTAlhZMRcwFQYDVQQHDA5DYXN0bGUgQW50aHJheDEjMCEGA1UECgwaUHl0aG9u +IFNvZnR3YXJlIEZvdW5kYXRpb24xIzAhBgNVBAMMGnNlbGYtc2lnbmVkLnB5dGhv +bnRlc3QubmV0MB4XDTE0MTEwMjE4MDkyOVoXDTI0MTAzMDE4MDkyOVowcDELMAkG +A1UEBhMCWFkxFzAVBgNVBAcMDkNhc3RsZSBBbnRocmF4MSMwIQYDVQQKDBpQeXRo +b24gU29mdHdhcmUgRm91bmRhdGlvbjEjMCEGA1UEAwwac2VsZi1zaWduZWQucHl0 +aG9udGVzdC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANDXQXW9tjyZ +Xt0Iv2tLL1+jinr4wGg36ioLDLFkMf+2Y1GL0v0BnKYG4N1OKlAU15LXGeGer8vm +Sv/yIvmdrELvhAbbo3w4a9TMYQA4XkIVLdvu3mvNOAet+8PMJxn26dbDhG809ALv +EHY57lQsBS3G59RZyBPVqAqmImWNJnVzAgMBAAGjNzA1MCUGA1UdEQQeMByCGnNl +bGYtc2lnbmVkLnB5dGhvbnRlc3QubmV0MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN +AQEFBQADgYEAIuzAhgMouJpNdf3URCHIineyoSt6WK/9+eyUcjlKOrDoXNZaD72h +TXMeKYoWvJyVcSLKL8ckPtDobgP2OTt0UkyAaj0n+ZHaqq1lH2yVfGUA1ILJv515 +C8BqbvVZuqm3i7ygmw3bqE/lYMgOrYtXXnqOrz6nvsE6Yc9V9rFflOM= +-----END CERTIFICATE-----
deleted file mode 100644 --- a/Lib/test/https_svn_python_org_root.pem +++ /dev/null @@ -1,41 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290 -IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB -IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA -Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO -BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi -MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ -ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC -CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ -8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6 -zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y -fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7 -w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc -G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k -epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q -laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ -QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU -fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826 -YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w -ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY -gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe -MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0 -IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy -dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw -czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0 -dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl -aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC -AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg -b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB -ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc -nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg -18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c -gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl -Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY -sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T -SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF -CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum -GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk -zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW -omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD ------END CERTIFICATE-----
--- a/Lib/test/selfsigned_pythontestdotnet.pem +++ b/Lib/test/selfsigned_pythontestdotnet.pem @@ -1,5 +1,5 @@ -----BEGIN CERTIFICATE----- -MIIChzCCAfCgAwIBAgIJAKGU95wKR8pSMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV +MIIClTCCAf6gAwIBAgIJAKGU95wKR8pTMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV BAYTAlhZMRcwFQYDVQQHDA5DYXN0bGUgQW50aHJheDEjMCEGA1UECgwaUHl0aG9u IFNvZnR3YXJlIEZvdW5kYXRpb24xIzAhBgNVBAMMGnNlbGYtc2lnbmVkLnB5dGhv bnRlc3QubmV0MB4XDTE0MTEwMjE4MDkyOVoXDTI0MTAzMDE4MDkyOVowcDELMAkG @@ -8,9 +8,9 @@ b24gU29mdHdhcmUgRm91bmRhdGlvbjEjMCEGA1UE aG9udGVzdC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANDXQXW9tjyZ Xt0Iv2tLL1+jinr4wGg36ioLDLFkMf+2Y1GL0v0BnKYG4N1OKlAU15LXGeGer8vm Sv/yIvmdrELvhAbbo3w4a9TMYQA4XkIVLdvu3mvNOAet+8PMJxn26dbDhG809ALv -EHY57lQsBS3G59RZyBPVqAqmImWNJnVzAgMBAAGjKTAnMCUGA1UdEQQeMByCGnNl -bGYtc2lnbmVkLnB5dGhvbnRlc3QubmV0MA0GCSqGSIb3DQEBBQUAA4GBAIOXmdtM -eG9qzP9TiXW/Gc/zI4cBfdCpC+Y4gOfC9bQUC7hefix4iO3+iZjgy3X/FaRxUUoV -HKiXcXIaWqTSUWp45cSh0MbwZXudp6JIAptzdAhvvCrPKeC9i9GvxsPD4LtDAL97 -vSaxQBezA7hdxZd90/EeyMgVZgAnTCnvAWX9 +EHY57lQsBS3G59RZyBPVqAqmImWNJnVzAgMBAAGjNzA1MCUGA1UdEQQeMByCGnNl +bGYtc2lnbmVkLnB5dGhvbnRlc3QubmV0MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN +AQEFBQADgYEAIuzAhgMouJpNdf3URCHIineyoSt6WK/9+eyUcjlKOrDoXNZaD72h +TXMeKYoWvJyVcSLKL8ckPtDobgP2OTt0UkyAaj0n+ZHaqq1lH2yVfGUA1ILJv515 +C8BqbvVZuqm3i7ygmw3bqE/lYMgOrYtXXnqOrz6nvsE6Yc9V9rFflOM= -----END CERTIFICATE-----
--- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -55,7 +55,8 @@ SIGNED_CERTFILE = data_file("keycert3.pe SIGNED_CERTFILE2 = data_file("keycert4.pem") SIGNING_CA = data_file("pycacert.pem") -SVN_PYTHON_ORG_ROOT_CERT = data_file("https_svn_python_org_root.pem") +REMOTE_HOST = "self-signed.pythontest.net" +REMOTE_ROOT_CERT = data_file("selfsigned_pythontestdotnet.pem") EMPTYCERT = data_file("nullcert.pem") BADCERT = data_file("badcert.pem") @@ -276,7 +277,7 @@ class BasicSocketTests(unittest.TestCase self.assertEqual(p['subjectAltName'], san) def test_DER_to_PEM(self):
with open(SVN_PYTHON_ORG_ROOT_CERT, 'r') as f:[](#l6.17)
with open(CAFILE_CACERT, 'r') as f:[](#l6.18) pem = f.read()[](#l6.19) d1 = ssl.PEM_cert_to_DER_cert(pem)[](#l6.20) p2 = ssl.DER_cert_to_PEM_cert(d1)[](#l6.21)
@@ -862,7 +863,7 @@ class ContextTests(unittest.TestCase): # Mismatching key and cert ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1) with self.assertRaisesRegex(ssl.SSLError, "key values mismatch"):
ctx.load_cert_chain(SVN_PYTHON_ORG_ROOT_CERT, ONLYKEY)[](#l6.26)
ctx.load_cert_chain(CAFILE_CACERT, ONLYKEY)[](#l6.27) # Password protected key and cert[](#l6.28) ctx.load_cert_chain(CERTFILE_PROTECTED, password=KEY_PASSWORD)[](#l6.29) ctx.load_cert_chain(CERTFILE_PROTECTED, password=KEY_PASSWORD.encode())[](#l6.30)
@@ -1080,7 +1081,7 @@ class ContextTests(unittest.TestCase): ctx.load_verify_locations(CERTFILE) self.assertEqual(ctx.cert_store_stats(), {'x509_ca': 0, 'crl': 0, 'x509': 1})
ctx.load_verify_locations(SVN_PYTHON_ORG_ROOT_CERT)[](#l6.35)
ctx.load_verify_locations(CAFILE_CACERT)[](#l6.36) self.assertEqual(ctx.cert_store_stats(),[](#l6.37) {'x509_ca': 1, 'crl': 0, 'x509': 2})[](#l6.38)
@@ -1090,8 +1091,8 @@ class ContextTests(unittest.TestCase): # CERTFILE is not flagged as X509v3 Basic Constraints: CA:TRUE ctx.load_verify_locations(CERTFILE) self.assertEqual(ctx.get_ca_certs(), [])
# but SVN_PYTHON_ORG_ROOT_CERT is a CA cert[](#l6.44)ctx.load_verify_locations(SVN_PYTHON_ORG_ROOT_CERT)[](#l6.45)
# but CAFILE_CACERT is a CA cert[](#l6.46)ctx.load_verify_locations(CAFILE_CACERT)[](#l6.47) self.assertEqual(ctx.get_ca_certs(),[](#l6.48) [{'issuer': ((('organizationName', 'Root CA'),),[](#l6.49) (('organizationalUnitName', 'http://www.cacert.org'),),[](#l6.50)
@@ -1107,7 +1108,7 @@ class ContextTests(unittest.TestCase): (('emailAddress', 'support@cacert.org'),)), 'version': 3}])
with open(SVN_PYTHON_ORG_ROOT_CERT) as f:[](#l6.55)
with open(CAFILE_CACERT) as f:[](#l6.56) pem = f.read()[](#l6.57) der = ssl.PEM_cert_to_DER_cert(pem)[](#l6.58) self.assertEqual(ctx.get_ca_certs(True), [der])[](#l6.59)
@@ -1345,11 +1346,11 @@ class MemoryBIOTests(unittest.TestCase): class NetworkedTests(unittest.TestCase): def test_connect(self):
with support.transient_internet("svn.python.org"):[](#l6.64)
with support.transient_internet(REMOTE_HOST):[](#l6.65) s = ssl.wrap_socket(socket.socket(socket.AF_INET),[](#l6.66) cert_reqs=ssl.CERT_NONE)[](#l6.67) try:[](#l6.68)
s.connect(("svn.python.org", 443))[](#l6.69)
s.connect((REMOTE_HOST, 443))[](#l6.70) self.assertEqual({}, s.getpeercert())[](#l6.71) finally:[](#l6.72) s.close()[](#l6.73)
@@ -1358,27 +1359,27 @@ class NetworkedTests(unittest.TestCase): s = ssl.wrap_socket(socket.socket(socket.AF_INET), cert_reqs=ssl.CERT_REQUIRED) self.assertRaisesRegex(ssl.SSLError, "certificate verify failed",
s.connect, ("svn.python.org", 443))[](#l6.78)
s.connect, (REMOTE_HOST, 443))[](#l6.79) s.close()[](#l6.80)
# this should succeed because we specify the root cert s = ssl.wrap_socket(socket.socket(socket.AF_INET), cert_reqs=ssl.CERT_REQUIRED,
ca_certs=SVN_PYTHON_ORG_ROOT_CERT)[](#l6.85)
ca_certs=REMOTE_ROOT_CERT)[](#l6.86) try:[](#l6.87)
s.connect(("svn.python.org", 443))[](#l6.88)
s.connect((REMOTE_HOST, 443))[](#l6.89) self.assertTrue(s.getpeercert())[](#l6.90) finally:[](#l6.91) s.close()[](#l6.92)
def test_connect_ex(self): # Issue #11326: check connect_ex() implementation
with support.transient_internet("svn.python.org"):[](#l6.96)
with support.transient_internet(REMOTE_HOST):[](#l6.97) s = ssl.wrap_socket(socket.socket(socket.AF_INET),[](#l6.98) cert_reqs=ssl.CERT_REQUIRED,[](#l6.99)
ca_certs=SVN_PYTHON_ORG_ROOT_CERT)[](#l6.100)
ca_certs=REMOTE_ROOT_CERT)[](#l6.101) try:[](#l6.102)
self.assertEqual(0, s.connect_ex(("svn.python.org", 443)))[](#l6.103)
self.assertEqual(0, s.connect_ex((REMOTE_HOST, 443)))[](#l6.104) self.assertTrue(s.getpeercert())[](#l6.105) finally:[](#l6.106) s.close()[](#l6.107)
@@ -1386,14 +1387,14 @@ class NetworkedTests(unittest.TestCase): def test_non_blocking_connect_ex(self): # Issue #11326: non-blocking connect_ex() should allow handshake # to proceed after the socket gets ready.
with support.transient_internet("svn.python.org"):[](#l6.112)
with support.transient_internet(REMOTE_HOST):[](#l6.113) s = ssl.wrap_socket(socket.socket(socket.AF_INET),[](#l6.114) cert_reqs=ssl.CERT_REQUIRED,[](#l6.115)
ca_certs=SVN_PYTHON_ORG_ROOT_CERT,[](#l6.116)
ca_certs=REMOTE_ROOT_CERT,[](#l6.117) do_handshake_on_connect=False)[](#l6.118) try:[](#l6.119) s.setblocking(False)[](#l6.120)
rc = s.connect_ex(('svn.python.org', 443))[](#l6.121)
rc = s.connect_ex((REMOTE_HOST, 443))[](#l6.122) # EWOULDBLOCK under Windows, EINPROGRESS elsewhere[](#l6.123) self.assertIn(rc, (0, errno.EINPROGRESS, errno.EWOULDBLOCK))[](#l6.124) # Wait for connect to finish[](#l6.125)
@@ -1415,58 +1416,62 @@ class NetworkedTests(unittest.TestCase): def test_timeout_connect_ex(self): # Issue #12065: on a timeout, connect_ex() should return the original # errno (mimicking the behaviour of non-SSL sockets).
with support.transient_internet("svn.python.org"):[](#l6.130)
with support.transient_internet(REMOTE_HOST):[](#l6.131) s = ssl.wrap_socket(socket.socket(socket.AF_INET),[](#l6.132) cert_reqs=ssl.CERT_REQUIRED,[](#l6.133)
ca_certs=SVN_PYTHON_ORG_ROOT_CERT,[](#l6.134)
ca_certs=REMOTE_ROOT_CERT,[](#l6.135) do_handshake_on_connect=False)[](#l6.136) try:[](#l6.137) s.settimeout(0.0000001)[](#l6.138)
rc = s.connect_ex(('svn.python.org', 443))[](#l6.139)
rc = s.connect_ex((REMOTE_HOST, 443))[](#l6.140) if rc == 0:[](#l6.141)
self.skipTest("svn.python.org responded too quickly")[](#l6.142)
self.skipTest("REMOTE_HOST responded too quickly")[](#l6.143) self.assertIn(rc, (errno.EAGAIN, errno.EWOULDBLOCK))[](#l6.144) finally:[](#l6.145) s.close()[](#l6.146)
def test_connect_ex_error(self):
with support.transient_internet("svn.python.org"):[](#l6.149)
with support.transient_internet(REMOTE_HOST):[](#l6.150) s = ssl.wrap_socket(socket.socket(socket.AF_INET),[](#l6.151) cert_reqs=ssl.CERT_REQUIRED,[](#l6.152)
ca_certs=SVN_PYTHON_ORG_ROOT_CERT)[](#l6.153)
ca_certs=REMOTE_ROOT_CERT)[](#l6.154) try:[](#l6.155)
rc = s.connect_ex(("svn.python.org", 444))[](#l6.156)
rc = s.connect_ex((REMOTE_HOST, 444))[](#l6.157) # Issue #19919: Windows machines or VMs hosted on Windows[](#l6.158) # machines sometimes return EWOULDBLOCK.[](#l6.159)
self.assertIn(rc, (errno.ECONNREFUSED, errno.EWOULDBLOCK))[](#l6.160)
errors = ([](#l6.161)errno.ECONNREFUSED, errno.EHOSTUNREACH,[](#l6.162)errno.EWOULDBLOCK,[](#l6.163))[](#l6.164)self.assertIn(rc, errors)[](#l6.165) finally:[](#l6.166) s.close()[](#l6.167)
def test_connect_with_context(self):
with support.transient_internet("svn.python.org"):[](#l6.170)
with support.transient_internet(REMOTE_HOST):[](#l6.171) # Same as test_connect, but with a separately created context[](#l6.172) ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)[](#l6.173) s = ctx.wrap_socket(socket.socket(socket.AF_INET))[](#l6.174)
s.connect(("svn.python.org", 443))[](#l6.175)
s.connect((REMOTE_HOST, 443))[](#l6.176) try:[](#l6.177) self.assertEqual({}, s.getpeercert())[](#l6.178) finally:[](#l6.179) s.close()[](#l6.180) # Same with a server hostname[](#l6.181) s = ctx.wrap_socket(socket.socket(socket.AF_INET),[](#l6.182)
server_hostname="svn.python.org")[](#l6.183)s.connect(("svn.python.org", 443))[](#l6.184)
server_hostname=REMOTE_HOST)[](#l6.185)s.connect((REMOTE_HOST, 443))[](#l6.186) s.close()[](#l6.187) # This should fail because we have no verification certs[](#l6.188) ctx.verify_mode = ssl.CERT_REQUIRED[](#l6.189) s = ctx.wrap_socket(socket.socket(socket.AF_INET))[](#l6.190) self.assertRaisesRegex(ssl.SSLError, "certificate verify failed",[](#l6.191)
s.connect, ("svn.python.org", 443))[](#l6.192)
s.connect, (REMOTE_HOST, 443))[](#l6.193) s.close()[](#l6.194) # This should succeed because we specify the root cert[](#l6.195)
ctx.load_verify_locations(SVN_PYTHON_ORG_ROOT_CERT)[](#l6.196)
ctx.load_verify_locations(REMOTE_ROOT_CERT)[](#l6.197) s = ctx.wrap_socket(socket.socket(socket.AF_INET))[](#l6.198)
s.connect(("svn.python.org", 443))[](#l6.199)
s.connect((REMOTE_HOST, 443))[](#l6.200) try:[](#l6.201) cert = s.getpeercert()[](#l6.202) self.assertTrue(cert)[](#l6.203)
@@ -1479,12 +1484,12 @@ class NetworkedTests(unittest.TestCase): # OpenSSL 0.9.8n and 1.0.0, as a result the capath directory must # contain both versions of each certificate (same content, different # filename) for this test to be portable across OpenSSL releases.
with support.transient_internet("svn.python.org"):[](#l6.208)
with support.transient_internet(REMOTE_HOST):[](#l6.209) ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)[](#l6.210) ctx.verify_mode = ssl.CERT_REQUIRED[](#l6.211) ctx.load_verify_locations(capath=CAPATH)[](#l6.212) s = ctx.wrap_socket(socket.socket(socket.AF_INET))[](#l6.213)
s.connect(("svn.python.org", 443))[](#l6.214)
s.connect((REMOTE_HOST, 443))[](#l6.215) try:[](#l6.216) cert = s.getpeercert()[](#l6.217) self.assertTrue(cert)[](#l6.218)
@@ -1495,7 +1500,7 @@ class NetworkedTests(unittest.TestCase): ctx.verify_mode = ssl.CERT_REQUIRED ctx.load_verify_locations(capath=BYTES_CAPATH) s = ctx.wrap_socket(socket.socket(socket.AF_INET))
s.connect(("svn.python.org", 443))[](#l6.223)
s.connect((REMOTE_HOST, 443))[](#l6.224) try:[](#l6.225) cert = s.getpeercert()[](#l6.226) self.assertTrue(cert)[](#l6.227)
@@ -1503,15 +1508,15 @@ class NetworkedTests(unittest.TestCase): s.close() def test_connect_cadata(self):
with open(CAFILE_CACERT) as f:[](#l6.232)
with open(REMOTE_ROOT_CERT) as f:[](#l6.233) pem = f.read()[](#l6.234) der = ssl.PEM_cert_to_DER_cert(pem)[](#l6.235)
with support.transient_internet("svn.python.org"):[](#l6.236)
with support.transient_internet(REMOTE_HOST):[](#l6.237) ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)[](#l6.238) ctx.verify_mode = ssl.CERT_REQUIRED[](#l6.239) ctx.load_verify_locations(cadata=pem)[](#l6.240) with ctx.wrap_socket(socket.socket(socket.AF_INET)) as s:[](#l6.241)
s.connect(("svn.python.org", 443))[](#l6.242)
s.connect((REMOTE_HOST, 443))[](#l6.243) cert = s.getpeercert()[](#l6.244) self.assertTrue(cert)[](#l6.245)
@@ -1520,7 +1525,7 @@ class NetworkedTests(unittest.TestCase): ctx.verify_mode = ssl.CERT_REQUIRED ctx.load_verify_locations(cadata=der) with ctx.wrap_socket(socket.socket(socket.AF_INET)) as s:
s.connect(("svn.python.org", 443))[](#l6.251)
s.connect((REMOTE_HOST, 443))[](#l6.252) cert = s.getpeercert()[](#l6.253) self.assertTrue(cert)[](#l6.254)
@@ -1529,9 +1534,9 @@ class NetworkedTests(unittest.TestCase): # Issue #5238: creating a file-like object with makefile() shouldn't # delay closing the underlying "real socket" (here tested with its # file descriptor, hence skipping the test under Windows).
with support.transient_internet("svn.python.org"):[](#l6.260)
with support.transient_internet(REMOTE_HOST):[](#l6.261) ss = ssl.wrap_socket(socket.socket(socket.AF_INET))[](#l6.262)
ss.connect(("svn.python.org", 443))[](#l6.263)
ss.connect((REMOTE_HOST, 443))[](#l6.264) fd = ss.fileno()[](#l6.265) f = ss.makefile()[](#l6.266) f.close()[](#l6.267)
@@ -1545,9 +1550,9 @@ class NetworkedTests(unittest.TestCase): self.assertEqual(e.exception.errno, errno.EBADF) def test_non_blocking_handshake(self):
with support.transient_internet("svn.python.org"):[](#l6.272)
with support.transient_internet(REMOTE_HOST):[](#l6.273) s = socket.socket(socket.AF_INET)[](#l6.274)
s.connect(("svn.python.org", 443))[](#l6.275)
s.connect((REMOTE_HOST, 443))[](#l6.276) s.setblocking(False)[](#l6.277) s = ssl.wrap_socket(s,[](#l6.278) cert_reqs=ssl.CERT_NONE,[](#l6.279)
@@ -1590,12 +1595,12 @@ class NetworkedTests(unittest.TestCase): if support.verbose: sys.stdout.write("\nVerified certificate for %s:%s is\n%s\n" % (host, port ,pem))
_test_get_server_certificate('svn.python.org', 443, SVN_PYTHON_ORG_ROOT_CERT)[](#l6.284)
_test_get_server_certificate(REMOTE_HOST, 443, REMOTE_ROOT_CERT)[](#l6.285) if support.IPV6_ENABLED:[](#l6.286) _test_get_server_certificate('ipv6.google.com', 443)[](#l6.287)
remote = ("svn.python.org", 443)[](#l6.290)
remote = (REMOTE_HOST, 443)[](#l6.291) with support.transient_internet(remote[0]):[](#l6.292) with ssl.wrap_socket(socket.socket(socket.AF_INET),[](#l6.293) cert_reqs=ssl.CERT_NONE, ciphers="ALL") as s:[](#l6.294)
@@ -1640,13 +1645,13 @@ class NetworkedTests(unittest.TestCase): def test_get_ca_certs_capath(self): # capath certs are loaded on request
with support.transient_internet("svn.python.org"):[](#l6.299)
with support.transient_internet(REMOTE_HOST):[](#l6.300) ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)[](#l6.301) ctx.verify_mode = ssl.CERT_REQUIRED[](#l6.302) ctx.load_verify_locations(capath=CAPATH)[](#l6.303) self.assertEqual(ctx.get_ca_certs(), [])[](#l6.304) s = ctx.wrap_socket(socket.socket(socket.AF_INET))[](#l6.305)
s.connect(("svn.python.org", 443))[](#l6.306)
s.connect((REMOTE_HOST, 443))[](#l6.307) try:[](#l6.308) cert = s.getpeercert()[](#l6.309) self.assertTrue(cert)[](#l6.310)
@@ -1657,12 +1662,12 @@ class NetworkedTests(unittest.TestCase): @needs_sni def test_context_setget(self): # Check that the context of a connected socket can be replaced.
with support.transient_internet("svn.python.org"):[](#l6.315)
with support.transient_internet(REMOTE_HOST):[](#l6.316) ctx1 = ssl.SSLContext(ssl.PROTOCOL_TLSv1)[](#l6.317) ctx2 = ssl.SSLContext(ssl.PROTOCOL_SSLv23)[](#l6.318) s = socket.socket(socket.AF_INET)[](#l6.319) with ctx1.wrap_socket(s) as ss:[](#l6.320)
ss.connect(("svn.python.org", 443))[](#l6.321)
ss.connect((REMOTE_HOST, 443))[](#l6.322) self.assertIs(ss.context, ctx1)[](#l6.323) self.assertIs(ss._sslobj.context, ctx1)[](#l6.324) ss.context = ctx2[](#l6.325)
@@ -3325,7 +3330,7 @@ def test_main(verbose=False): pass for filename in [
CERTFILE, SVN_PYTHON_ORG_ROOT_CERT, BYTES_CERTFILE,[](#l6.330)
CERTFILE, REMOTE_ROOT_CERT, BYTES_CERTFILE,[](#l6.331) ONLYCERT, ONLYKEY, BYTES_ONLYCERT, BYTES_ONLYKEY,[](#l6.332) SIGNED_CERTFILE, SIGNED_CERTFILE2, SIGNING_CA,[](#l6.333) BADCERT, BADKEY, EMPTYCERT]:[](#l6.334)
--- a/Misc/NEWS +++ b/Misc/NEWS @@ -145,6 +145,9 @@ Documentation Tests ----- +- Issue #25940: Changed test_ssl to use self-signed.pythontest.net. This