Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(55768)

Side by Side Diff: Lib/test/test_httplib.py

Issue 22417: PEP 476: verify HTTPS certificates by default
Patch Set: Created 4 years, 9 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View unified diff | Download patch
« Lib/ssl.py ('K') | « Lib/ssl.py ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 import errno 1 import errno
2 from http import client 2 from http import client
3 import io 3 import io
4 import os 4 import os
5 import array 5 import array
6 import socket 6 import socket
7 7
8 import unittest 8 import unittest
9 TestCase = unittest.TestCase 9 TestCase = unittest.TestCase
10 10
(...skipping 760 matching lines...) Expand 10 before | Expand all | Expand 10 after
771 # simple test to check it's storing the timeout 771 # simple test to check it's storing the timeout
772 h = client.HTTPSConnection(HOST, TimeoutTest.PORT, timeout=30) 772 h = client.HTTPSConnection(HOST, TimeoutTest.PORT, timeout=30)
773 self.assertEqual(h.timeout, 30) 773 self.assertEqual(h.timeout, 30)
774 774
775 def _check_svn_python_org(self, resp): 775 def _check_svn_python_org(self, resp):
776 # Just a simple check that everything went fine 776 # Just a simple check that everything went fine
777 server_string = resp.getheader('server') 777 server_string = resp.getheader('server')
778 self.assertIn('Apache', server_string) 778 self.assertIn('Apache', server_string)
779 779
780 def test_networked(self): 780 def test_networked(self):
781 # Default settings: no cert verification is done 781 # Default settings: requires a valid cert from a trusted CA
782 import ssl
782 support.requires('network') 783 support.requires('network')
783 with support.transient_internet('svn.python.org'): 784 with support.transient_internet('svn.python.org'):
784 h = client.HTTPSConnection('svn.python.org', 443) 785 h = client.HTTPSConnection('svn.python.org', 443)
786 with self.assertRaises(ssl.SSLError):
AntoinePitrou 2014/09/18 15:41:59 SSLError is vague, perhaps you can do further chec
787 h.request('GET', '/')
788
789 def test_networked_noverification(self):
790 # Switch off cert verification
791 import ssl
792 support.requires('network')
793 with support.transient_internet('svn.python.org'):
794 context = ssl._create_unverified_context()
795 h = client.HTTPSConnection('svn.python.org', 443, context=context)
785 h.request('GET', '/') 796 h.request('GET', '/')
786 resp = h.getresponse() 797 resp = h.getresponse()
787 self._check_svn_python_org(resp) 798 self._check_svn_python_org(resp)
788 799
800 def test_networked_trusted_by_default_cert(self):
801 # Default settings: requires a valid cert from a trusted CA
AntoinePitrou 2014/09/18 15:41:59 The test will fail on any machine where we don't m
802 support.requires('network')
803 with support.transient_internet('www.python.org'):
804 h = client.HTTPSConnection('www.python.org', 443)
805 h.request('GET', '/')
806 resp = h.getresponse()
807 content_type = resp.getheader('content-type')
808 self.assertIn('text/html', content_type)
809
789 def test_networked_good_cert(self): 810 def test_networked_good_cert(self):
790 # We feed a CA cert that validates the server's cert 811 # We feed a CA cert that validates the server's cert
791 import ssl 812 import ssl
792 support.requires('network') 813 support.requires('network')
793 with support.transient_internet('svn.python.org'): 814 with support.transient_internet('svn.python.org'):
794 context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) 815 context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
795 context.verify_mode = ssl.CERT_REQUIRED 816 context.verify_mode = ssl.CERT_REQUIRED
796 context.load_verify_locations(CACERT_svn_python_org) 817 context.load_verify_locations(CACERT_svn_python_org)
797 h = client.HTTPSConnection('svn.python.org', 443, context=context) 818 h = client.HTTPSConnection('svn.python.org', 443, context=context)
798 h.request('GET', '/') 819 h.request('GET', '/')
799 resp = h.getresponse() 820 resp = h.getresponse()
800 self._check_svn_python_org(resp) 821 self._check_svn_python_org(resp)
801 822
802 def test_networked_bad_cert(self): 823 def test_networked_bad_cert(self):
803 # We feed a "CA" cert that is unrelated to the server's cert 824 # We feed a "CA" cert that is unrelated to the server's cert
804 import ssl 825 import ssl
805 support.requires('network') 826 support.requires('network')
806 with support.transient_internet('svn.python.org'): 827 with support.transient_internet('svn.python.org'):
807 context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) 828 context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
808 context.verify_mode = ssl.CERT_REQUIRED 829 context.verify_mode = ssl.CERT_REQUIRED
809 context.load_verify_locations(CERT_localhost) 830 context.load_verify_locations(CERT_localhost)
810 h = client.HTTPSConnection('svn.python.org', 443, context=context) 831 h = client.HTTPSConnection('svn.python.org', 443, context=context)
811 with self.assertRaises(ssl.SSLError): 832 with self.assertRaises(ssl.SSLError):
812 h.request('GET', '/') 833 h.request('GET', '/')
834
835 def test_local_unknown_cert(self):
836 # The custom cert isn't known to the default trust bundle
837 import ssl
838 server = self.make_server(CERT_localhost)
839 h = client.HTTPSConnection('localhost', server.port)
840 with self.assertRaises(ssl.SSLError):
AntoinePitrou 2014/09/18 15:41:59 Same as above here.
841 h.request('GET', '/')
842 del server
813 843
814 def test_local_good_hostname(self): 844 def test_local_good_hostname(self):
815 # The (valid) cert validates the HTTP hostname 845 # The (valid) cert validates the HTTP hostname
816 import ssl 846 import ssl
817 server = self.make_server(CERT_localhost) 847 server = self.make_server(CERT_localhost)
818 context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) 848 context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
819 context.verify_mode = ssl.CERT_REQUIRED 849 context.verify_mode = ssl.CERT_REQUIRED
820 context.load_verify_locations(CERT_localhost) 850 context.load_verify_locations(CERT_localhost)
821 h = client.HTTPSConnection('localhost', server.port, context=context) 851 h = client.HTTPSConnection('localhost', server.port, context=context)
822 h.request('GET', '/nonexistent') 852 h.request('GET', '/nonexistent')
(...skipping 193 matching lines...) Expand 10 before | Expand all | Expand 10 after
1016 self.assertTrue(b'CONNECT destination.com' in conn.sock.data) 1046 self.assertTrue(b'CONNECT destination.com' in conn.sock.data)
1017 self.assertTrue(b'Host: destination.com' in conn.sock.data) 1047 self.assertTrue(b'Host: destination.com' in conn.sock.data)
1018 1048
1019 def test_main(verbose=None): 1049 def test_main(verbose=None):
1020 support.run_unittest(HeaderTests, OfflineTest, BasicTest, TimeoutTest, 1050 support.run_unittest(HeaderTests, OfflineTest, BasicTest, TimeoutTest,
1021 HTTPSTest, RequestBodyTest, SourceAddressTest, 1051 HTTPSTest, RequestBodyTest, SourceAddressTest,
1022 HTTPResponseTest, TunnelTests) 1052 HTTPResponseTest, TunnelTests)
1023 1053
1024 if __name__ == '__main__': 1054 if __name__ == '__main__':
1025 test_main() 1055 test_main()
OLDNEW
« Lib/ssl.py ('K') | « Lib/ssl.py ('k') | no next file » | no next file with comments »

RSS Feeds Recent Issues | This issue
This is Rietveld 894c83f36cb7+