Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(3)

Side by Side Diff: Lib/test/test_ssl.py

Issue 20421: expose SSL socket protocol version
Patch Set: Created 5 years, 5 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Lib/ssl.py ('k') | Modules/_ssl.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 # Test the support for SSL and sockets 1 # Test the support for SSL and sockets
2 2
3 import sys 3 import sys
4 import unittest 4 import unittest
5 from test import support 5 from test import support
6 import socket 6 import socket
7 import select 7 import select
8 import time 8 import time
9 import datetime 9 import datetime
10 import gc 10 import gc
(...skipping 1924 matching lines...) Expand 10 before | Expand all | Expand 10 after
1935 % (outdata[:20], len(outdata), 1935 % (outdata[:20], len(outdata),
1936 indata[:20].lower(), len(indata))) 1936 indata[:20].lower(), len(indata)))
1937 s.write(b"over\n") 1937 s.write(b"over\n")
1938 if connectionchatty: 1938 if connectionchatty:
1939 if support.verbose: 1939 if support.verbose:
1940 sys.stdout.write(" client: closing connection.\n") 1940 sys.stdout.write(" client: closing connection.\n")
1941 stats.update({ 1941 stats.update({
1942 'compression': s.compression(), 1942 'compression': s.compression(),
1943 'cipher': s.cipher(), 1943 'cipher': s.cipher(),
1944 'peercert': s.getpeercert(), 1944 'peercert': s.getpeercert(),
1945 'client_npn_protocol': s.selected_npn_protocol() 1945 'client_npn_protocol': s.selected_npn_protocol(),
1946 'version': s.version(),
1946 }) 1947 })
1947 s.close() 1948 s.close()
1948 stats['server_npn_protocols'] = server.selected_protocols 1949 stats['server_npn_protocols'] = server.selected_protocols
1949 return stats 1950 return stats
1950 1951
1951 def try_protocol_combo(server_protocol, client_protocol, expect_success, 1952 def try_protocol_combo(server_protocol, client_protocol, expect_success,
1952 certsreqs=None, server_options=0, client_options=0): 1953 certsreqs=None, server_options=0, client_options=0):
1954 """
1955 Try to SSL-connect using *client_protocol* to *server_protocol*.
1956 If *expect_success* is true, assert that the connection succeeds,
1957 if it's false, assert that the connection fails.
1958 Also, if *expect_success* is a string, assert that it is the protocol
1959 version actually used by the connection.
1960 """
1953 if certsreqs is None: 1961 if certsreqs is None:
1954 certsreqs = ssl.CERT_NONE 1962 certsreqs = ssl.CERT_NONE
1955 certtype = { 1963 certtype = {
1956 ssl.CERT_NONE: "CERT_NONE", 1964 ssl.CERT_NONE: "CERT_NONE",
1957 ssl.CERT_OPTIONAL: "CERT_OPTIONAL", 1965 ssl.CERT_OPTIONAL: "CERT_OPTIONAL",
1958 ssl.CERT_REQUIRED: "CERT_REQUIRED", 1966 ssl.CERT_REQUIRED: "CERT_REQUIRED",
1959 }[certsreqs] 1967 }[certsreqs]
1960 if support.verbose: 1968 if support.verbose:
1961 formatstr = (expect_success and " %s->%s %s\n") or " {%s->%s} %s\n" 1969 formatstr = (expect_success and " %s->%s %s\n") or " {%s->%s} %s\n"
1962 sys.stdout.write(formatstr % 1970 sys.stdout.write(formatstr %
1963 (ssl.get_protocol_name(client_protocol), 1971 (ssl.get_protocol_name(client_protocol),
1964 ssl.get_protocol_name(server_protocol), 1972 ssl.get_protocol_name(server_protocol),
1965 certtype)) 1973 certtype))
1966 client_context = ssl.SSLContext(client_protocol) 1974 client_context = ssl.SSLContext(client_protocol)
1967 client_context.options |= client_options 1975 client_context.options |= client_options
1968 server_context = ssl.SSLContext(server_protocol) 1976 server_context = ssl.SSLContext(server_protocol)
1969 server_context.options |= server_options 1977 server_context.options |= server_options
1970 1978
1971 # NOTE: we must enable "ALL" ciphers on the client, otherwise an 1979 # NOTE: we must enable "ALL" ciphers on the client, otherwise an
1972 # SSLv23 client will send an SSLv3 hello (rather than SSLv2) 1980 # SSLv23 client will send an SSLv3 hello (rather than SSLv2)
1973 # starting from OpenSSL 1.0.0 (see issue #8322). 1981 # starting from OpenSSL 1.0.0 (see issue #8322).
1974 if client_context.protocol == ssl.PROTOCOL_SSLv23: 1982 if client_context.protocol == ssl.PROTOCOL_SSLv23:
1975 client_context.set_ciphers("ALL") 1983 client_context.set_ciphers("ALL")
1976 1984
1977 for ctx in (client_context, server_context): 1985 for ctx in (client_context, server_context):
1978 ctx.verify_mode = certsreqs 1986 ctx.verify_mode = certsreqs
1979 ctx.load_cert_chain(CERTFILE) 1987 ctx.load_cert_chain(CERTFILE)
1980 ctx.load_verify_locations(CERTFILE) 1988 ctx.load_verify_locations(CERTFILE)
1981 try: 1989 try:
1982 server_params_test(client_context, server_context, 1990 stats = server_params_test(client_context, server_context,
1983 chatty=False, connectionchatty=False) 1991 chatty=False, connectionchatty=False)
1984 # Protocol mismatch can result in either an SSLError, or a 1992 # Protocol mismatch can result in either an SSLError, or a
1985 # "Connection reset by peer" error. 1993 # "Connection reset by peer" error.
1986 except ssl.SSLError: 1994 except ssl.SSLError:
1987 if expect_success: 1995 if expect_success:
1988 raise 1996 raise
1989 except OSError as e: 1997 except OSError as e:
1990 if expect_success or e.errno != errno.ECONNRESET: 1998 if expect_success or e.errno != errno.ECONNRESET:
1991 raise 1999 raise
1992 else: 2000 else:
1993 if not expect_success: 2001 if not expect_success:
1994 raise AssertionError( 2002 raise AssertionError(
1995 "Client protocol %s succeeded with server protocol %s!" 2003 "Client protocol %s succeeded with server protocol %s!"
1996 % (ssl.get_protocol_name(client_protocol), 2004 % (ssl.get_protocol_name(client_protocol),
1997 ssl.get_protocol_name(server_protocol))) 2005 ssl.get_protocol_name(server_protocol)))
2006 elif (expect_success is not True
2007 and expect_success != stats['version']):
2008 raise AssertionError("version mismatch: expected %r, got %r"
2009 % (expect_success, stats['version']))
1998 2010
1999 2011
2000 class ThreadedTests(unittest.TestCase): 2012 class ThreadedTests(unittest.TestCase):
2001 2013
2002 @skip_if_broken_ubuntu_ssl 2014 @skip_if_broken_ubuntu_ssl
2003 def test_echo(self): 2015 def test_echo(self):
2004 """Basic test of an SSL client connecting to a server""" 2016 """Basic test of an SSL client connecting to a server"""
2005 if support.verbose: 2017 if support.verbose:
2006 sys.stdout.write("\n") 2018 sys.stdout.write("\n")
2007 for protocol in PROTOCOLS: 2019 for protocol in PROTOCOLS:
(...skipping 210 matching lines...) Expand 10 before | Expand all | Expand 10 after
2218 sys.stdout.write("\n") 2230 sys.stdout.write("\n")
2219 if hasattr(ssl, 'PROTOCOL_SSLv2'): 2231 if hasattr(ssl, 'PROTOCOL_SSLv2'):
2220 try: 2232 try:
2221 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv2, True) 2233 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv2, True)
2222 except OSError as x: 2234 except OSError as x:
2223 # this fails on some older versions of OpenSSL (0.9.7l, for instance) 2235 # this fails on some older versions of OpenSSL (0.9.7l, for instance)
2224 if support.verbose: 2236 if support.verbose:
2225 sys.stdout.write( 2237 sys.stdout.write(
2226 " SSL2 client to SSL23 server test unexpectedly fail ed:\n %s\n" 2238 " SSL2 client to SSL23 server test unexpectedly fail ed:\n %s\n"
2227 % str(x)) 2239 % str(x))
2228 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True) 2240 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, 'SSLv3')
2229 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True) 2241 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True)
2230 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True) 2242 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, 'TLSv1')
2231 2243
2232 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True, ss l.CERT_OPTIONAL) 2244 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, 'SSLv3', ssl.CERT_OPTIONAL)
2233 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True, s sl.CERT_OPTIONAL) 2245 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True, s sl.CERT_OPTIONAL)
2234 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True, ss l.CERT_OPTIONAL) 2246 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, 'TLSv1', ssl.CERT_OPTIONAL)
2235 2247
2236 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True, ss l.CERT_REQUIRED) 2248 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, 'SSLv3', ssl.CERT_REQUIRED)
2237 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True, s sl.CERT_REQUIRED) 2249 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True, s sl.CERT_REQUIRED)
2238 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True, ss l.CERT_REQUIRED) 2250 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, 'TLSv1', ssl.CERT_REQUIRED)
2239 2251
2240 # Server with specific SSL options 2252 # Server with specific SSL options
2241 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, False, 2253 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, False,
2242 server_options=ssl.OP_NO_SSLv3) 2254 server_options=ssl.OP_NO_SSLv3)
2243 # Will choose TLSv1 2255 # Will choose TLSv1
2244 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True, 2256 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True,
2245 server_options=ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3) 2257 server_options=ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3)
2246 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, False, 2258 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, False,
2247 server_options=ssl.OP_NO_TLSv1) 2259 server_options=ssl.OP_NO_TLSv1)
2248 2260
2249 2261
2250 @skip_if_broken_ubuntu_ssl 2262 @skip_if_broken_ubuntu_ssl
2251 def test_protocol_sslv3(self): 2263 def test_protocol_sslv3(self):
2252 """Connecting to an SSLv3 server with various client options""" 2264 """Connecting to an SSLv3 server with various client options"""
2253 if support.verbose: 2265 if support.verbose:
2254 sys.stdout.write("\n") 2266 sys.stdout.write("\n")
2255 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, True) 2267 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, 'SSLv3')
2256 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, True, ssl .CERT_OPTIONAL) 2268 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, 'SSLv3', ssl.CERT_OPTIONAL)
2257 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, True, ssl .CERT_REQUIRED) 2269 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, 'SSLv3', ssl.CERT_REQUIRED)
2258 if hasattr(ssl, 'PROTOCOL_SSLv2'): 2270 if hasattr(ssl, 'PROTOCOL_SSLv2'):
2259 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv2, False ) 2271 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv2, False )
2260 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv23, False, 2272 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv23, False,
2261 client_options=ssl.OP_NO_SSLv3) 2273 client_options=ssl.OP_NO_SSLv3)
2262 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_TLSv1, False) 2274 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_TLSv1, False)
2263 if no_sslv2_implies_sslv3_hello(): 2275 if no_sslv2_implies_sslv3_hello():
2264 # No SSLv2 => client will use an SSLv3 hello on recent OpenSSLs 2276 # No SSLv2 => client will use an SSLv3 hello on recent OpenSSLs
2265 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv23, True , 2277 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv23, 'SSL v3',
2266 client_options=ssl.OP_NO_SSLv2) 2278 client_options=ssl.OP_NO_SSLv2)
2267 2279
2268 @skip_if_broken_ubuntu_ssl 2280 @skip_if_broken_ubuntu_ssl
2269 def test_protocol_tlsv1(self): 2281 def test_protocol_tlsv1(self):
2270 """Connecting to a TLSv1 server with various client options""" 2282 """Connecting to a TLSv1 server with various client options"""
2271 if support.verbose: 2283 if support.verbose:
2272 sys.stdout.write("\n") 2284 sys.stdout.write("\n")
2273 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, True) 2285 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, 'TLSv1')
2274 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, True, ssl .CERT_OPTIONAL) 2286 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, 'TLSv1', ssl.CERT_OPTIONAL)
2275 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, True, ssl .CERT_REQUIRED) 2287 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, 'TLSv1', ssl.CERT_REQUIRED)
2276 if hasattr(ssl, 'PROTOCOL_SSLv2'): 2288 if hasattr(ssl, 'PROTOCOL_SSLv2'):
2277 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv2, False ) 2289 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv2, False )
2278 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv3, False) 2290 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv3, False)
2279 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv23, False, 2291 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv23, False,
2280 client_options=ssl.OP_NO_TLSv1) 2292 client_options=ssl.OP_NO_TLSv1)
2281 2293
2282 @skip_if_broken_ubuntu_ssl 2294 @skip_if_broken_ubuntu_ssl
2283 @unittest.skipUnless(hasattr(ssl, "PROTOCOL_TLSv1_1"), 2295 @unittest.skipUnless(hasattr(ssl, "PROTOCOL_TLSv1_1"),
2284 "TLS version 1.1 not supported.") 2296 "TLS version 1.1 not supported.")
2285 def test_protocol_tlsv1_1(self): 2297 def test_protocol_tlsv1_1(self):
2286 """Connecting to a TLSv1.1 server with various client options. 2298 """Connecting to a TLSv1.1 server with various client options.
2287 Testing against older TLS versions.""" 2299 Testing against older TLS versions."""
2288 if support.verbose: 2300 if support.verbose:
2289 sys.stdout.write("\n") 2301 sys.stdout.write("\n")
2290 try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLSv1_1, True) 2302 try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLSv1_1, 'TLSv 1.1')
2291 if hasattr(ssl, 'PROTOCOL_SSLv2'): 2303 if hasattr(ssl, 'PROTOCOL_SSLv2'):
2292 try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_SSLv2, Fal se) 2304 try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_SSLv2, Fal se)
2293 try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_SSLv3, False) 2305 try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_SSLv3, False)
2294 try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_SSLv23, False, 2306 try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_SSLv23, False,
2295 client_options=ssl.OP_NO_TLSv1_1) 2307 client_options=ssl.OP_NO_TLSv1_1)
2296 2308
2297 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1_1, True) 2309 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1_1, 'TLSv1 .1')
2298 try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLSv1, False) 2310 try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLSv1, False)
2299 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1_1, False) 2311 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1_1, False)
2300 2312
2301 2313
2302 @skip_if_broken_ubuntu_ssl 2314 @skip_if_broken_ubuntu_ssl
2303 @unittest.skipUnless(hasattr(ssl, "PROTOCOL_TLSv1_2"), 2315 @unittest.skipUnless(hasattr(ssl, "PROTOCOL_TLSv1_2"),
2304 "TLS version 1.2 not supported.") 2316 "TLS version 1.2 not supported.")
2305 def test_protocol_tlsv1_2(self): 2317 def test_protocol_tlsv1_2(self):
2306 """Connecting to a TLSv1.2 server with various client options. 2318 """Connecting to a TLSv1.2 server with various client options.
2307 Testing against older TLS versions.""" 2319 Testing against older TLS versions."""
2308 if support.verbose: 2320 if support.verbose:
2309 sys.stdout.write("\n") 2321 sys.stdout.write("\n")
2310 try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1_2, True, 2322 try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1_2, 'TLSv 1.2',
2311 server_options=ssl.OP_NO_SSLv3|ssl.OP_NO_SSLv2, 2323 server_options=ssl.OP_NO_SSLv3|ssl.OP_NO_SSLv2,
2312 client_options=ssl.OP_NO_SSLv3|ssl.OP_NO_SSLv2,) 2324 client_options=ssl.OP_NO_SSLv3|ssl.OP_NO_SSLv2,)
2313 if hasattr(ssl, 'PROTOCOL_SSLv2'): 2325 if hasattr(ssl, 'PROTOCOL_SSLv2'):
2314 try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_SSLv2, Fal se) 2326 try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_SSLv2, Fal se)
2315 try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_SSLv3, False) 2327 try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_SSLv3, False)
2316 try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_SSLv23, False, 2328 try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_SSLv23, False,
2317 client_options=ssl.OP_NO_TLSv1_2) 2329 client_options=ssl.OP_NO_TLSv1_2)
2318 2330
2319 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1_2, True) 2331 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1_2, 'TLSv1 .2')
2320 try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1, False) 2332 try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1, False)
2321 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1_2, False) 2333 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1_2, False)
2322 try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1_1, False ) 2334 try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1_1, False )
2323 try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLSv1_2, False ) 2335 try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLSv1_2, False )
2324 2336
2325 def test_starttls(self): 2337 def test_starttls(self):
2326 """Switching from clear text to encrypted and back again.""" 2338 """Switching from clear text to encrypted and back again."""
2327 msgs = (b"msg 1", b"MSG 2", b"STARTTLS", b"MSG 3", b"msg 4", b"ENDTL S", b"msg 5", b"msg 6") 2339 msgs = (b"msg 1", b"MSG 2", b"STARTTLS", b"MSG 3", b"msg 4", b"ENDTL S", b"msg 5", b"msg 6")
2328 2340
2329 server = ThreadedEchoServer(CERTFILE, 2341 server = ThreadedEchoServer(CERTFILE,
(...skipping 359 matching lines...) Expand 10 before | Expand all | Expand 10 after
2689 context.set_ciphers("DES") 2701 context.set_ciphers("DES")
2690 except ssl.SSLError: 2702 except ssl.SSLError:
2691 self.skipTest("no DES cipher available") 2703 self.skipTest("no DES cipher available")
2692 with ThreadedEchoServer(CERTFILE, 2704 with ThreadedEchoServer(CERTFILE,
2693 ssl_version=ssl.PROTOCOL_SSLv23, 2705 ssl_version=ssl.PROTOCOL_SSLv23,
2694 chatty=False) as server: 2706 chatty=False) as server:
2695 with context.wrap_socket(socket.socket()) as s: 2707 with context.wrap_socket(socket.socket()) as s:
2696 with self.assertRaises(OSError): 2708 with self.assertRaises(OSError):
2697 s.connect((HOST, server.port)) 2709 s.connect((HOST, server.port))
2698 self.assertIn("no shared cipher", str(server.conn_errors[0])) 2710 self.assertIn("no shared cipher", str(server.conn_errors[0]))
2711
2712 def test_version_basic(self):
2713 """
2714 Basic tests for SSLSocket.version().
2715 More tests are done in the test_protocol_*() methods.
2716 """
2717 context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
2718 with ThreadedEchoServer(CERTFILE,
2719 ssl_version=ssl.PROTOCOL_TLSv1,
2720 chatty=False) as server:
2721 with context.wrap_socket(socket.socket()) as s:
2722 self.assertIs(s.version(), None)
2723 s.connect((HOST, server.port))
2724 self.assertEqual(s.version(), "TLSv1")
2725 self.assertIs(s.version(), None)
2699 2726
2700 @unittest.skipUnless(ssl.HAS_ECDH, "test requires ECDH-enabled OpenSSL") 2727 @unittest.skipUnless(ssl.HAS_ECDH, "test requires ECDH-enabled OpenSSL")
2701 def test_default_ecdh_curve(self): 2728 def test_default_ecdh_curve(self):
2702 # Issue #21015: elliptic curve-based Diffie Hellman key exchange 2729 # Issue #21015: elliptic curve-based Diffie Hellman key exchange
2703 # should be enabled by default on SSL contexts. 2730 # should be enabled by default on SSL contexts.
2704 context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) 2731 context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
2705 context.load_cert_chain(CERTFILE) 2732 context.load_cert_chain(CERTFILE)
2706 # Prior to OpenSSL 1.0.0, ECDH ciphers have to be enabled 2733 # Prior to OpenSSL 1.0.0, ECDH ciphers have to be enabled
2707 # explicitly using the 'ECCdraft' cipher alias. Otherwise, 2734 # explicitly using the 'ECCdraft' cipher alias. Otherwise,
2708 # our default cipher list should prefer ECDH-based ciphers 2735 # our default cipher list should prefer ECDH-based ciphers
(...skipping 313 matching lines...) Expand 10 before | Expand all | Expand 10 after
3022 tests.append(ThreadedTests) 3049 tests.append(ThreadedTests)
3023 3050
3024 try: 3051 try:
3025 support.run_unittest(*tests) 3052 support.run_unittest(*tests)
3026 finally: 3053 finally:
3027 if _have_threads: 3054 if _have_threads:
3028 support.threading_cleanup(*thread_info) 3055 support.threading_cleanup(*thread_info)
3029 3056
3030 if __name__ == "__main__": 3057 if __name__ == "__main__":
3031 test_main() 3058 test_main()
OLDNEW
« no previous file with comments | « Lib/ssl.py ('k') | Modules/_ssl.c » ('j') | no next file with comments »

RSS Feeds Recent Issues | This issue
This is Rietveld 894c83f36cb7+