Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(169392)

Delta Between Two Patch Sets: Lib/test/test_httplib.py

Issue 22417: PEP 476: verify HTTPS certificates by default
Left Patch Set: Created 4 years, 9 months ago
Right Patch Set: Created 4 years, 8 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
Left: Side by side diff | Download
Right: Side by side diff | Download
« no previous file with change/comment | « Lib/ssl.py ('k') | Lib/test/test_ssl.py » ('j') | no next file with change/comment »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
LEFTRIGHT
1 import errno 1 import errno
2 from http import client 2 from http import client
3 import io 3 import io
4 import os 4 import os
5 import array 5 import array
6 import socket 6 import socket
7 7
8 import unittest 8 import unittest
9 TestCase = unittest.TestCase 9 TestCase = unittest.TestCase
10 10
(...skipping 997 matching lines...) Expand 10 before | Expand all | Expand 10 after
1008 1008
1009 def _check_svn_python_org(self, resp): 1009 def _check_svn_python_org(self, resp):
1010 # Just a simple check that everything went fine 1010 # Just a simple check that everything went fine
1011 server_string = resp.getheader('server') 1011 server_string = resp.getheader('server')
1012 self.assertIn('Apache', server_string) 1012 self.assertIn('Apache', server_string)
1013 1013
1014 def test_networked(self): 1014 def test_networked(self):
1015 # Default settings: requires a valid cert from a trusted CA 1015 # Default settings: requires a valid cert from a trusted CA
1016 import ssl 1016 import ssl
1017 support.requires('network') 1017 support.requires('network')
1018 with support.transient_internet('svn.python.org'): 1018 with support.transient_internet('self-signed.pythontest.net'):
1019 h = client.HTTPSConnection('svn.python.org', 443) 1019 h = client.HTTPSConnection('self-signed.pythontest.net', 443)
1020 with self.assertRaises(ssl.SSLError): 1020 with self.assertRaises(ssl.SSLError) as exc_info:
1021 h.request('GET', '/') 1021 h.request('GET', '/')
1022 self.assertEqual(exc_info.exception.reason, 'CERTIFICATE_VERIFY_FAIL ED')
1022 1023
1023 def test_networked_noverification(self): 1024 def test_networked_noverification(self):
1024 # Switch off cert verification 1025 # Switch off cert verification
1025 import ssl 1026 import ssl
1026 support.requires('network') 1027 support.requires('network')
1027 with support.transient_internet('svn.python.org'): 1028 with support.transient_internet('self-signed.pythontest.net'):
1028 context = ssl._create_unverified_context() 1029 context = ssl._create_unverified_context()
1029 h = client.HTTPSConnection('svn.python.org', 443, context=context) 1030 h = client.HTTPSConnection('self-signed.pythontest.net', 443,
1031 context=context)
1030 h.request('GET', '/') 1032 h.request('GET', '/')
1031 resp = h.getresponse() 1033 resp = h.getresponse()
1032 self._check_svn_python_org(resp) 1034 self.assertIn('nginx', resp.getheader('server'))
1033 1035
1034 def test_networked_trusted_by_default_cert(self): 1036 def test_networked_trusted_by_default_cert(self):
1035 # Default settings: requires a valid cert from a trusted CA 1037 # Default settings: requires a valid cert from a trusted CA
1036 support.requires('network') 1038 support.requires('network')
1037 with support.transient_internet('www.python.org'): 1039 with support.transient_internet('www.python.org'):
1038 h = client.HTTPSConnection('www.python.org', 443) 1040 h = client.HTTPSConnection('www.python.org', 443)
1039 h.request('GET', '/') 1041 h.request('GET', '/')
1040 resp = h.getresponse() 1042 resp = h.getresponse()
1041 content_type = resp.getheader('content-type') 1043 content_type = resp.getheader('content-type')
1042 self.assertIn('text/html', content_type) 1044 self.assertIn('text/html', content_type)
1043 1045
1044 def test_networked_good_cert(self): 1046 def test_networked_good_cert(self):
1045 # We feed a CA cert that validates the server's cert 1047 # We feed a CA cert that validates the server's cert
1046 import ssl 1048 import ssl
1047 support.requires('network') 1049 support.requires('network')
1048 with support.transient_internet('svn.python.org'): 1050 with support.transient_internet('svn.python.org'):
1049 context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) 1051 context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
1050 context.verify_mode = ssl.CERT_REQUIRED 1052 context.verify_mode = ssl.CERT_REQUIRED
1051 context.load_verify_locations(CACERT_svn_python_org) 1053 context.load_verify_locations(CACERT_svn_python_org)
1052 h = client.HTTPSConnection('svn.python.org', 443, context=context) 1054 h = client.HTTPSConnection('svn.python.org', 443, context=context)
1053 h.request('GET', '/') 1055 h.request('GET', '/')
1054 resp = h.getresponse() 1056 resp = h.getresponse()
1055 self._check_svn_python_org(resp) 1057 self._check_svn_python_org(resp)
1056 1058
1057 def test_networked_bad_cert(self): 1059 def test_networked_bad_cert(self):
1058 # We feed a "CA" cert that is unrelated to the server's cert 1060 # We feed a "CA" cert that is unrelated to the server's cert
1059 import ssl 1061 import ssl
1060 support.requires('network') 1062 support.requires('network')
1061 with support.transient_internet('svn.python.org'): 1063 with support.transient_internet('self-signed.pythontest.net'):
1062 context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) 1064 context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
1063 context.verify_mode = ssl.CERT_REQUIRED 1065 context.verify_mode = ssl.CERT_REQUIRED
1064 context.load_verify_locations(CERT_localhost) 1066 context.load_verify_locations(CERT_localhost)
1065 h = client.HTTPSConnection('svn.python.org', 443, context=context) 1067 h = client.HTTPSConnection('self-signed.pythontest.net', 443, contex t=context)
1066 with self.assertRaises(ssl.SSLError): 1068 with self.assertRaises(ssl.SSLError) as exc_info:
1067 h.request('GET', '/') 1069 h.request('GET', '/')
1070 self.assertEqual(exc_info.exception.reason, 'CERTIFICATE_VERIFY_FAIL ED')
1068 1071
1069 def test_local_unknown_cert(self): 1072 def test_local_unknown_cert(self):
1070 # The custom cert isn't known to the default trust bundle 1073 # The custom cert isn't known to the default trust bundle
1071 import ssl 1074 import ssl
1072 server = self.make_server(CERT_localhost) 1075 server = self.make_server(CERT_localhost)
1073 h = client.HTTPSConnection('localhost', server.port) 1076 h = client.HTTPSConnection('localhost', server.port)
1074 with self.assertRaises(ssl.SSLError): 1077 with self.assertRaises(ssl.SSLError) as exc_info:
1075 h.request('GET', '/') 1078 h.request('GET', '/')
1079 self.assertEqual(exc_info.exception.reason, 'CERTIFICATE_VERIFY_FAILED')
1076 1080
1077 def test_local_good_hostname(self): 1081 def test_local_good_hostname(self):
1078 # The (valid) cert validates the HTTP hostname 1082 # The (valid) cert validates the HTTP hostname
1079 import ssl 1083 import ssl
1080 server = self.make_server(CERT_localhost) 1084 server = self.make_server(CERT_localhost)
1081 context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) 1085 context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
1082 context.verify_mode = ssl.CERT_REQUIRED 1086 context.verify_mode = ssl.CERT_REQUIRED
1083 context.load_verify_locations(CERT_localhost) 1087 context.load_verify_locations(CERT_localhost)
1084 h = client.HTTPSConnection('localhost', server.port, context=context) 1088 h = client.HTTPSConnection('localhost', server.port, context=context)
1085 h.request('GET', '/nonexistent') 1089 h.request('GET', '/nonexistent')
(...skipping 192 matching lines...) Expand 10 before | Expand all | Expand 10 after
1278 self.assertTrue(b'Host: destination.com' in conn.sock.data) 1282 self.assertTrue(b'Host: destination.com' in conn.sock.data)
1279 1283
1280 def test_main(verbose=None): 1284 def test_main(verbose=None):
1281 support.run_unittest(HeaderTests, OfflineTest, BasicTest, TimeoutTest, 1285 support.run_unittest(HeaderTests, OfflineTest, BasicTest, TimeoutTest,
1282 HTTPSTest, RequestBodyTest, SourceAddressTest, 1286 HTTPSTest, RequestBodyTest, SourceAddressTest,
1283 HTTPResponseTest, ExtendedReadTest, 1287 HTTPResponseTest, ExtendedReadTest,
1284 ExtendedReadTestChunked, TunnelTests) 1288 ExtendedReadTestChunked, TunnelTests)
1285 1289
1286 if __name__ == '__main__': 1290 if __name__ == '__main__':
1287 test_main() 1291 test_main()
LEFTRIGHT

RSS Feeds Recent Issues | This issue
This is Rietveld 894c83f36cb7+