Issue #8484: Load all ciphers and digest algorithms when initializing
the _ssl extension, such that verification of some SSL certificates
doesn't fail because of an "unknown algorithm".
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 6199685..bab1452 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -232,6 +232,26 @@
if test_support.verbose:
sys.stdout.write("\nVerified certificate for svn.python.org:443 is\n%s\n" % pem)
+ def test_algorithms(self):
+ # Issue #8484: all algorithms should be available when verifying a
+ # certificate.
+ # NOTE: https://sha256.tbs-internet.com is another possible test host
+ remote = ("sha2.hboeck.de", 443)
+ sha256_cert = os.path.join(os.path.dirname(__file__), "sha256.pem")
+ s = ssl.wrap_socket(socket.socket(socket.AF_INET),
+ cert_reqs=ssl.CERT_REQUIRED,
+ ca_certs=sha256_cert,)
+ with test_support.transient_internet():
+ try:
+ s.connect(remote)
+ if test_support.verbose:
+ sys.stdout.write("\nCipher with %r is %r\n" %
+ (remote, s.cipher()))
+ sys.stdout.write("Certificate is:\n%s\n" %
+ pprint.pformat(s.getpeercert()))
+ finally:
+ s.close()
+
try:
import threading