Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(161383)

Delta Between Two Patch Sets: Lib/test/test_ssl.py

Issue 15740: test_ssl failure when cacert.org CA cert in system keychain on OSX
Left Patch Set: Created 6 years, 11 months ago
Right Patch Set: Created 6 years, 11 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
Left: Side by side diff | Download
Right: Side by side diff | Download
« no previous file with change/comment | « no previous file | no next file » | no next file with change/comment »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
LEFTRIGHT
1 # Test the support for SSL and sockets 1 # Test the support for SSL and sockets
2 2
3 import sys 3 import sys
4 import unittest 4 import unittest
5 from test import support 5 from test import support
6 import socket 6 import socket
7 import select 7 import select
8 import time 8 import time
9 import gc 9 import gc
10 import os 10 import os
11 import errno 11 import errno
12 import pprint 12 import pprint
13 import tempfile 13 import tempfile
14 import urllib.request 14 import urllib.request
15 import traceback 15 import traceback
16 import asyncore 16 import asyncore
17 import weakref 17 import weakref
18 import platform 18 import platform
19 import functools 19 import functools
20
21 if sys.platform == 'darwin':
22 # Apple's installation of OpenSSL in /usr/lib is patched to
23 # integrate with Apple's KeyChain. OpenSSL will verify certificates
24 # using the CA roots that are part of the system and user keychains,
25 # unless that code is disabled using an environment variable.
26 #
27 # The environment variable below disables the keychain integration,
28 # and avoids test failures when the CAcert root certificate (the signer
29 # of the certificate for svn.python.org) happens to be in the keychain of
30 # a system where the tests are run.
31 #
32 # Note: this cannot be done in a setUp method for NetworkedTests because
33 # the presence of the environment variable is cached by OpenSSL, and some
34 # other test might trigger the check for the environment variable before
35 # NetworkedTests is run.
36 os.putenv("OPENSSL_X509_TEA_DISABLE", "1")
37
20 38
21 ssl = support.import_module("ssl") 39 ssl = support.import_module("ssl")
22 40
23 PROTOCOLS = [ 41 PROTOCOLS = [
24 ssl.PROTOCOL_SSLv3, 42 ssl.PROTOCOL_SSLv3,
25 ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1 43 ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1
26 ] 44 ]
27 if hasattr(ssl, 'PROTOCOL_SSLv2'): 45 if hasattr(ssl, 'PROTOCOL_SSLv2'):
28 PROTOCOLS.append(ssl.PROTOCOL_SSLv2) 46 PROTOCOLS.append(ssl.PROTOCOL_SSLv2)
29 47
(...skipping 595 matching lines...) Expand 10 before | Expand all | Expand 10 after
625 c = ctx.wrap_socket(c, False, do_handshake_on_connect=False) 643 c = ctx.wrap_socket(c, False, do_handshake_on_connect=False)
626 with self.assertRaises(ssl.SSLWantReadError) as cm: 644 with self.assertRaises(ssl.SSLWantReadError) as cm:
627 c.do_handshake() 645 c.do_handshake()
628 s = str(cm.exception) 646 s = str(cm.exception)
629 self.assertTrue(s.startswith("The operation did not complete (re ad)"), s) 647 self.assertTrue(s.startswith("The operation did not complete (re ad)"), s)
630 # For compatibility 648 # For compatibility
631 self.assertEqual(cm.exception.errno, ssl.SSL_ERROR_WANT_READ) 649 self.assertEqual(cm.exception.errno, ssl.SSL_ERROR_WANT_READ)
632 650
633 651
634 class NetworkedTests(unittest.TestCase): 652 class NetworkedTests(unittest.TestCase):
635 if sys.platform == 'darwin':
636 # Apple's installation of OpenSSL in /usr/lib is patched to
637 # integrate with Apple's KeyChain. OpenSSL will verify certificates
638 # using the CA roots that are part of the system and user keychains,
639 # unless that code is disabled using an environment variable.
640 #
641 # The setUp method below sets that environment variable to avoid
642 # spurious test failures on OSX machines that happen to have
643 # the CAcert.org root certificate in the Keychain.
644 #
645
646 def setUp(self):
647 self._orig_env = os.environ
648 os.environ = os.environ.copy()
649 self.addCleanup(lambda: setattr(os, 'environ', self._orig_env))
650
651 os.putenv('OPENSSL_X509_TEA_DISABLE', '1')
652 self.addCleanup(lambda: os.putenv('OPENSSL_X509_TEA_DISABLE', ''))
653
654 653
655 def test_connect(self): 654 def test_connect(self):
656 with support.transient_internet("svn.python.org"): 655 with support.transient_internet("svn.python.org"):
657 s = ssl.wrap_socket(socket.socket(socket.AF_INET), 656 s = ssl.wrap_socket(socket.socket(socket.AF_INET),
658 cert_reqs=ssl.CERT_NONE) 657 cert_reqs=ssl.CERT_NONE)
659 try: 658 try:
660 s.connect(("svn.python.org", 443)) 659 s.connect(("svn.python.org", 443))
661 self.assertEqual({}, s.getpeercert()) 660 self.assertEqual({}, s.getpeercert())
662 finally: 661 finally:
663 s.close() 662 s.close()
(...skipping 1338 matching lines...) Expand 10 before | Expand all | Expand 10 after
2002 tests.append(ThreadedTests) 2001 tests.append(ThreadedTests)
2003 2002
2004 try: 2003 try:
2005 support.run_unittest(*tests) 2004 support.run_unittest(*tests)
2006 finally: 2005 finally:
2007 if _have_threads: 2006 if _have_threads:
2008 support.threading_cleanup(*thread_info) 2007 support.threading_cleanup(*thread_info)
2009 2008
2010 if __name__ == "__main__": 2009 if __name__ == "__main__":
2011 test_main() 2010 test_main()
LEFTRIGHT
« no previous file | no next file » | Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Toggle Comments ('s')

RSS Feeds Recent Issues | This issue
This is Rietveld 894c83f36cb7+