Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(72226)

Delta Between Two Patch Sets: Lib/test/test_httplib.py

Issue 22417: PEP 476: verify HTTPS certificates by default
Left Patch Set: Created 4 years, 7 months ago
Right Patch Set: Created 4 years, 7 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
Left: Side by side diff | Download
Right: Side by side diff | Download
« no previous file with change/comment | « Lib/ssl.py ('k') | Lib/test/test_ssl.py » ('j') | no next file with change/comment »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
LEFTRIGHT
1 import errno 1 import errno
2 from http import client 2 from http import client
3 import io 3 import io
4 import os 4 import os
5 import array 5 import array
6 import socket 6 import socket
7 7
8 import unittest 8 import unittest
9 TestCase = unittest.TestCase 9 TestCase = unittest.TestCase
10 10
(...skipping 997 matching lines...) Expand 10 before | Expand all | Expand 10 after
1008 1008
1009 def _check_svn_python_org(self, resp): 1009 def _check_svn_python_org(self, resp):
1010 # Just a simple check that everything went fine 1010 # Just a simple check that everything went fine
1011 server_string = resp.getheader('server') 1011 server_string = resp.getheader('server')
1012 self.assertIn('Apache', server_string) 1012 self.assertIn('Apache', server_string)
1013 1013
1014 def test_networked(self): 1014 def test_networked(self):
1015 # Default settings: requires a valid cert from a trusted CA 1015 # Default settings: requires a valid cert from a trusted CA
1016 import ssl 1016 import ssl
1017 support.requires('network') 1017 support.requires('network')
1018 with support.transient_internet('svn.python.org'): 1018 with support.transient_internet('self-signed.pythontest.net'):
1019 h = client.HTTPSConnection('svn.python.org', 443) 1019 h = client.HTTPSConnection('self-signed.pythontest.net', 443)
1020 with self.assertRaises(ssl.SSLError) as exc_info: 1020 with self.assertRaises(ssl.SSLError) as exc_info:
1021 h.request('GET', '/') 1021 h.request('GET', '/')
1022 self.assertEqual(exc_info.exception.reason, 'CERTIFICATE_VERIFY_FAIL ED') 1022 self.assertEqual(exc_info.exception.reason, 'CERTIFICATE_VERIFY_FAIL ED')
1023 1023
1024 def test_networked_noverification(self): 1024 def test_networked_noverification(self):
1025 # Switch off cert verification 1025 # Switch off cert verification
1026 import ssl 1026 import ssl
1027 support.requires('network') 1027 support.requires('network')
1028 with support.transient_internet('svn.python.org'): 1028 with support.transient_internet('self-signed.pythontest.net'):
1029 context = ssl._create_unverified_context() 1029 context = ssl._create_unverified_context()
1030 h = client.HTTPSConnection('svn.python.org', 443, context=context) 1030 h = client.HTTPSConnection('self-signed.pythontest.net', 443,
1031 context=context)
1031 h.request('GET', '/') 1032 h.request('GET', '/')
1032 resp = h.getresponse() 1033 resp = h.getresponse()
1033 self._check_svn_python_org(resp) 1034 self.assertIn('nginx', resp.getheader('server'))
1034 1035
1035 def test_networked_trusted_by_default_cert(self): 1036 def test_networked_trusted_by_default_cert(self):
1036 # Default settings: requires a valid cert from a trusted CA 1037 # Default settings: requires a valid cert from a trusted CA
1037 support.requires('network') 1038 support.requires('network')
1038 with support.transient_internet('www.python.org'): 1039 with support.transient_internet('www.python.org'):
1039 h = client.HTTPSConnection('www.python.org', 443) 1040 h = client.HTTPSConnection('www.python.org', 443)
1040 h.request('GET', '/') 1041 h.request('GET', '/')
1041 resp = h.getresponse() 1042 resp = h.getresponse()
1042 content_type = resp.getheader('content-type') 1043 content_type = resp.getheader('content-type')
1043 self.assertIn('text/html', content_type) 1044 self.assertIn('text/html', content_type)
1044 1045
1045 def test_networked_good_cert(self): 1046 def test_networked_good_cert(self):
1046 # We feed a CA cert that validates the server's cert 1047 # We feed a CA cert that validates the server's cert
1047 import ssl 1048 import ssl
1048 support.requires('network') 1049 support.requires('network')
1049 with support.transient_internet('svn.python.org'): 1050 with support.transient_internet('svn.python.org'):
1050 context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) 1051 context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
1051 context.verify_mode = ssl.CERT_REQUIRED 1052 context.verify_mode = ssl.CERT_REQUIRED
1052 context.load_verify_locations(CACERT_svn_python_org) 1053 context.load_verify_locations(CACERT_svn_python_org)
1053 h = client.HTTPSConnection('svn.python.org', 443, context=context) 1054 h = client.HTTPSConnection('svn.python.org', 443, context=context)
1054 h.request('GET', '/') 1055 h.request('GET', '/')
1055 resp = h.getresponse() 1056 resp = h.getresponse()
1056 self._check_svn_python_org(resp) 1057 self._check_svn_python_org(resp)
1057 1058
1058 def test_networked_bad_cert(self): 1059 def test_networked_bad_cert(self):
1059 # We feed a "CA" cert that is unrelated to the server's cert 1060 # We feed a "CA" cert that is unrelated to the server's cert
1060 import ssl 1061 import ssl
1061 support.requires('network') 1062 support.requires('network')
1062 with support.transient_internet('svn.python.org'): 1063 with support.transient_internet('self-signed.pythontest.net'):
1063 context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) 1064 context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
1064 context.verify_mode = ssl.CERT_REQUIRED 1065 context.verify_mode = ssl.CERT_REQUIRED
1065 context.load_verify_locations(CERT_localhost) 1066 context.load_verify_locations(CERT_localhost)
1066 h = client.HTTPSConnection('svn.python.org', 443, context=context) 1067 h = client.HTTPSConnection('self-signed.pythontest.net', 443, contex t=context)
1067 with self.assertRaises(ssl.SSLError) as exc_info: 1068 with self.assertRaises(ssl.SSLError) as exc_info:
1068 h.request('GET', '/') 1069 h.request('GET', '/')
1069 self.assertEqual(exc_info.exception.reason, 'CERTIFICATE_VERIFY_FAIL ED') 1070 self.assertEqual(exc_info.exception.reason, 'CERTIFICATE_VERIFY_FAIL ED')
1070 1071
1071 def test_local_unknown_cert(self): 1072 def test_local_unknown_cert(self):
1072 # The custom cert isn't known to the default trust bundle 1073 # The custom cert isn't known to the default trust bundle
1073 import ssl 1074 import ssl
1074 server = self.make_server(CERT_localhost) 1075 server = self.make_server(CERT_localhost)
1075 h = client.HTTPSConnection('localhost', server.port) 1076 h = client.HTTPSConnection('localhost', server.port)
1076 with self.assertRaises(ssl.SSLError) as exc_info: 1077 with self.assertRaises(ssl.SSLError) as exc_info:
(...skipping 204 matching lines...) Expand 10 before | Expand all | Expand 10 after
1281 self.assertTrue(b'Host: destination.com' in conn.sock.data) 1282 self.assertTrue(b'Host: destination.com' in conn.sock.data)
1282 1283
1283 def test_main(verbose=None): 1284 def test_main(verbose=None):
1284 support.run_unittest(HeaderTests, OfflineTest, BasicTest, TimeoutTest, 1285 support.run_unittest(HeaderTests, OfflineTest, BasicTest, TimeoutTest,
1285 HTTPSTest, RequestBodyTest, SourceAddressTest, 1286 HTTPSTest, RequestBodyTest, SourceAddressTest,
1286 HTTPResponseTest, ExtendedReadTest, 1287 HTTPResponseTest, ExtendedReadTest,
1287 ExtendedReadTestChunked, TunnelTests) 1288 ExtendedReadTestChunked, TunnelTests)
1288 1289
1289 if __name__ == '__main__': 1290 if __name__ == '__main__':
1290 test_main() 1291 test_main()
LEFTRIGHT

RSS Feeds Recent Issues | This issue
This is Rietveld 894c83f36cb7+