Message 128473 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	pitrou
Recipients	djc, giampaolo.rodola, pitrou
Date	2011-02-12.23:54:02
SpamBayes Score	2.7551932e-09
Marked as misclassified	No
Message-id	<1297554839.3723.55.camel@localhost.localdomain>
In-reply-to	<1297539378.32.0.0271916571431.issue10084@psf.upfronthosting.co.za>

Content
First comments: - secure_connection() should be named ssl_something() like other methods. ssl_start() perhaps? - in ssl_shutdown(): + elif err.args[0] == ssl.SSL_ERROR_SSL: + pass SSL_ERROR_SSL doesn't exist. Perhaps you mean ssl.SSL_ERROR_EOF? - in send(), you should handle SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE as in recv(). Also: + if err.args[0] in (ssl.SSL_ERROR_EOF, ssl.SSL_ERROR_ZERO_RETURN): + return 0 lacks a self.handle_close()? - in recv(), you have "return ''" where it should be "return b''" - in test_ssl_established(), I think it would be nice if you used e.g. getpeercert() to check that we really are in SSL mode. Also, you could make certificate checking mandatory using e.g.: ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) ssl_context.verify_mode = ssl.CERT_REQUIRED cert_path = os.path.join(os.path.dirname(__file__), "keycert.pem") ssl_context.load_cert_chain(cert_path) ssl_context.load_verify_locations(cert_path) - in addition to test_handle_read() and test_handle_write(), there should be a test where a server and a client really send data to each other, and receive at all (also, I'm not sure why these tests can't be shared with non-SSL test classes) - test_create_socket() and test_bind() don't seem to test anything SSL-related

First comments:

- secure_connection() should be named ssl_something() like other
methods. ssl_start() perhaps?

- in ssl_shutdown():
+                elif err.args[0] == ssl.SSL_ERROR_SSL:
+                    pass

SSL_ERROR_SSL doesn't exist.  Perhaps you mean ssl.SSL_ERROR_EOF?

- in send(), you should handle SSL_ERROR_WANT_READ and
SSL_ERROR_WANT_WRITE as in recv(). Also:
+                if err.args[0] in (ssl.SSL_ERROR_EOF, ssl.SSL_ERROR_ZERO_RETURN):
+                    return 0

lacks a self.handle_close()?

- in recv(), you have "return ''" where it should be "return b''"

- in test_ssl_established(), I think it would be nice if you used e.g.
getpeercert() to check that we really are in SSL mode. Also, you could
make certificate checking mandatory using e.g.:

    ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
    ssl_context.verify_mode = ssl.CERT_REQUIRED
    cert_path = os.path.join(os.path.dirname(__file__), "keycert.pem")
    ssl_context.load_cert_chain(cert_path)
    ssl_context.load_verify_locations(cert_path)

- in addition to test_handle_read() and test_handle_write(), there
should be a test where a server and a client really send data to each
other, and receive at all

(also, I'm not sure why these tests can't be shared with non-SSL test
classes)

- test_create_socket() and test_bind() don't seem to test anything
SSL-related

History
Date	User	Action	Args
2011-02-12 23:54:03	pitrou	set	recipients: + pitrou, giampaolo.rodola, djc
2011-02-12 23:54:02	pitrou	link	issue10084 messages
2011-02-12 23:54:02	pitrou	create