cpython: f5f14d65297e (original) (raw)

Mercurial > cpython

changeset 99893:f5f14d65297e 3.5

Issue #25940: Update new SSL tests for self-signed.pythontest.net Removed SSL_ERROR_SYSCALL checking from ssl_io_loop() so that the loop can terminate when unwrap() raises that error. [#25940]

Martin Panter
date	Thu, 14 Jan 2016 13:05:46 +0000
parents	c3aa4b48b905
children	2f2b42a8b34d bd9d5bc8bc95
files	Lib/test/test_ssl.py
diffstat	1 files changed, 14 insertions(+), 13 deletions(-)[+] [-] Lib/test/test_ssl.py 27

line wrap: on

line diff

--- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -1688,13 +1688,8 @@ class NetworkedBIOTests(unittest.TestCas try: ret = func(*args) except ssl.SSLError as e:

           # Note that we get a spurious -1/SSL_ERROR_SYSCALL for[](#l1.7)

           # non-blocking IO. The SSL_shutdown manpage hints at this.[](#l1.8)

           # It *should* be safe to just ignore SYS_ERROR_SYSCALL because[](#l1.9)

           # with a Memory BIO there's no syscalls (for IO at least).[](#l1.10)
           if e.errno not in (ssl.SSL_ERROR_WANT_READ,[](#l1.11)

                              ssl.SSL_ERROR_WANT_WRITE,[](#l1.12)

                              ssl.SSL_ERROR_SYSCALL):[](#l1.13)

                              ssl.SSL_ERROR_WANT_WRITE):[](#l1.14)
               raise[](#l1.15)
           errno = e.errno[](#l1.16)
       # Get any data from the outgoing BIO irrespective of any error, and[](#l1.17)

@@ -1717,16 +1712,16 @@ class NetworkedBIOTests(unittest.TestCas return ret def test_handshake(self):

   with support.transient_internet("svn.python.org"):[](#l1.22)

   with support.transient_internet(REMOTE_HOST):[](#l1.23)
       sock = socket.socket(socket.AF_INET)[](#l1.24)

       sock.connect(("svn.python.org", 443))[](#l1.25)

       sock.connect((REMOTE_HOST, 443))[](#l1.26)
       incoming = ssl.MemoryBIO()[](#l1.27)
       outgoing = ssl.MemoryBIO()[](#l1.28)
       ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)[](#l1.29)
       ctx.verify_mode = ssl.CERT_REQUIRED[](#l1.30)

       ctx.load_verify_locations(SVN_PYTHON_ORG_ROOT_CERT)[](#l1.31)

       ctx.load_verify_locations(REMOTE_ROOT_CERT)[](#l1.32)
       ctx.check_hostname = True[](#l1.33)

       sslobj = ctx.wrap_bio(incoming, outgoing, False, 'svn.python.org')[](#l1.34)

       sslobj = ctx.wrap_bio(incoming, outgoing, False, REMOTE_HOST)[](#l1.35)
       self.assertIs(sslobj._sslobj.owner, sslobj)[](#l1.36)
       self.assertIsNone(sslobj.cipher())[](#l1.37)
       self.assertIsNone(sslobj.shared_ciphers())[](#l1.38)

@@ -1739,14 +1734,20 @@ class NetworkedBIOTests(unittest.TestCas self.assertTrue(sslobj.getpeercert()) if 'tls-unique' in ssl.CHANNEL_BINDING_TYPES: self.assertTrue(sslobj.get_channel_binding('tls-unique'))

       self.ssl_io_loop(sock, incoming, outgoing, sslobj.unwrap)[](#l1.43)

```
       try:[](#l1.44)
```

           self.ssl_io_loop(sock, incoming, outgoing, sslobj.unwrap)[](#l1.45)

       except ssl.SSLSyscallError:[](#l1.46)

           # self-signed.pythontest.net probably shuts down the TCP[](#l1.47)

           # connection without sending a secure shutdown message, and[](#l1.48)

           # this is reported as SSL_ERROR_SYSCALL[](#l1.49)

           pass[](#l1.50)
       self.assertRaises(ssl.SSLError, sslobj.write, b'foo')[](#l1.51)
       sock.close()[](#l1.52)

def test_read_write_data(self):

   with support.transient_internet("svn.python.org"):[](#l1.55)

   with support.transient_internet(REMOTE_HOST):[](#l1.56)
       sock = socket.socket(socket.AF_INET)[](#l1.57)

       sock.connect(("svn.python.org", 443))[](#l1.58)

       sock.connect((REMOTE_HOST, 443))[](#l1.59)
       incoming = ssl.MemoryBIO()[](#l1.60)
       outgoing = ssl.MemoryBIO()[](#l1.61)
       ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)[](#l1.62)