Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython2 / 82aa2010229a9305cd95a1f66acd8a0f5986cb85 / . / Lib / test / test_ssl.py
blob: fca8a572bf99123ff051fd399dcdf6e69cf3c3e4 [file] [log] [blame]
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]1# Test the support for SSL and sockets
2
3import sys
4import unittest
5from test import test_support
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]6import asyncore
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]7import socket
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]8import select
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]9import errno
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]10import subprocess
11import time
12import os
13import pprint
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]14import urllib, urlparse
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]15import shutil
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]16import traceback
17
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]18from BaseHTTPServer import HTTPServer
19from SimpleHTTPServer import SimpleHTTPRequestHandler
20
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]21# Optionally test SSL support, if we have it in the tested platform
22skip_expected = False
23try:
24 import ssl
25except ImportError:
26 skip_expected = True
27
Trent Nelsone41b0062008-04-08 23:47:30 +0000[diff] [blame]28HOST = test_support.HOST
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]29CERTFILE = None
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]30SVN_PYTHON_ORG_ROOT_CERT = None
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]31
Neal Norwitz3e533c22007-08-27 01:03:18 +0000[diff] [blame]32def handle_error(prefix):
33 exc_format = ' '.join(traceback.format_exception(*sys.exc_info()))
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]34 if test_support.verbose:
35 sys.stdout.write(prefix + exc_format)
Neal Norwitz3e533c22007-08-27 01:03:18 +0000[diff] [blame]36
37
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]38class BasicTests(unittest.TestCase):
39
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]40 def testSSLconnect(self):
Christian Heimes6c29be52008-01-19 16:39:27 +0000[diff] [blame]41 if not test_support.is_resource_enabled('network'):
42 return
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]43 s = ssl.wrap_socket(socket.socket(socket.AF_INET),
44 cert_reqs=ssl.CERT_NONE)
45 s.connect(("svn.python.org", 443))
46 c = s.getpeercert()
47 if c:
48 raise test_support.TestFailed("Peer cert %s shouldn't be here!")
49 s.close()
50
51 # this should fail because we have no verification certs
52 s = ssl.wrap_socket(socket.socket(socket.AF_INET),
53 cert_reqs=ssl.CERT_REQUIRED)
54 try:
55 s.connect(("svn.python.org", 443))
56 except ssl.SSLError:
57 pass
58 finally:
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]59 s.close()
60
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]61
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]62 def testCrucialConstants(self):
63 ssl.PROTOCOL_SSLv2
64 ssl.PROTOCOL_SSLv23
65 ssl.PROTOCOL_SSLv3
66 ssl.PROTOCOL_TLSv1
67 ssl.CERT_NONE
68 ssl.CERT_OPTIONAL
69 ssl.CERT_REQUIRED
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]70
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]71 def testRAND(self):
72 v = ssl.RAND_status()
73 if test_support.verbose:
74 sys.stdout.write("\n RAND_status is %d (%s)\n"
75 % (v, (v and "sufficient randomness") or
76 "insufficient randomness"))
Guido van Rossume4729332007-08-26 19:35:09 +0000[diff] [blame]77 try:
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]78 ssl.RAND_egd(1)
79 except TypeError:
80 pass
Guido van Rossume4729332007-08-26 19:35:09 +0000[diff] [blame]81 else:
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]82 print "didn't raise TypeError"
83 ssl.RAND_add("this is a random string", 75.0)
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]84
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]85 def testParseCert(self):
86 # note that this uses an 'unofficial' function in _ssl.c,
87 # provided solely for this test, to exercise the certificate
88 # parsing code
89 p = ssl._ssl._test_decode_cert(CERTFILE, False)
90 if test_support.verbose:
91 sys.stdout.write("\n" + pprint.pformat(p) + "\n")
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]92
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]93 def testDERtoPEM(self):
94
95 pem = open(SVN_PYTHON_ORG_ROOT_CERT, 'r').read()
96 d1 = ssl.PEM_cert_to_DER_cert(pem)
97 p2 = ssl.DER_cert_to_PEM_cert(d1)
98 d2 = ssl.PEM_cert_to_DER_cert(p2)
99 if (d1 != d2):
100 raise test_support.TestFailed("PEM-to-DER or DER-to-PEM translation failed")
101
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]102class NetworkedTests(unittest.TestCase):
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]103
104 def testConnect(self):
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]105 s = ssl.wrap_socket(socket.socket(socket.AF_INET),
106 cert_reqs=ssl.CERT_NONE)
107 s.connect(("svn.python.org", 443))
108 c = s.getpeercert()
109 if c:
110 raise test_support.TestFailed("Peer cert %s shouldn't be here!")
111 s.close()
112
113 # this should fail because we have no verification certs
114 s = ssl.wrap_socket(socket.socket(socket.AF_INET),
115 cert_reqs=ssl.CERT_REQUIRED)
116 try:
117 s.connect(("svn.python.org", 443))
118 except ssl.SSLError:
119 pass
120 finally:
121 s.close()
122
123 # this should succeed because we specify the root cert
124 s = ssl.wrap_socket(socket.socket(socket.AF_INET),
125 cert_reqs=ssl.CERT_REQUIRED,
126 ca_certs=SVN_PYTHON_ORG_ROOT_CERT)
127 try:
128 s.connect(("svn.python.org", 443))
129 except ssl.SSLError, x:
130 raise test_support.TestFailed("Unexpected exception %s" % x)
131 finally:
132 s.close()
133
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]134
135 def testNonBlockingHandshake(self):
136 s = socket.socket(socket.AF_INET)
137 s.connect(("svn.python.org", 443))
138 s.setblocking(False)
139 s = ssl.wrap_socket(s,
140 cert_reqs=ssl.CERT_NONE,
141 do_handshake_on_connect=False)
142 count = 0
143 while True:
144 try:
145 count += 1
146 s.do_handshake()
147 break
148 except ssl.SSLError, err:
149 if err.args[0] == ssl.SSL_ERROR_WANT_READ:
150 select.select([s], [], [])
151 elif err.args[0] == ssl.SSL_ERROR_WANT_WRITE:
152 select.select([], [s], [])
153 else:
154 raise
155 s.close()
156 if test_support.verbose:
157 sys.stdout.write("\nNeeded %d calls to do_handshake() to establish session.\n" % count)
158
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]159 def testFetchServerCert(self):
160
161 pem = ssl.get_server_certificate(("svn.python.org", 443))
162 if not pem:
163 raise test_support.TestFailed("No server certificate on svn.python.org:443!")
164
165 try:
166 pem = ssl.get_server_certificate(("svn.python.org", 443), ca_certs=CERTFILE)
167 except ssl.SSLError:
168 #should fail
169 pass
170 else:
171 raise test_support.TestFailed("Got server certificate %s for svn.python.org!" % pem)
172
173 pem = ssl.get_server_certificate(("svn.python.org", 443), ca_certs=SVN_PYTHON_ORG_ROOT_CERT)
174 if not pem:
175 raise test_support.TestFailed("No server certificate on svn.python.org:443!")
176 if test_support.verbose:
177 sys.stdout.write("\nVerified certificate for svn.python.org:443 is\n%s\n" % pem)
178
179
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]180try:
181 import threading
182except ImportError:
183 _have_threads = False
184else:
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]185
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]186 _have_threads = True
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]187
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]188 class ThreadedEchoServer(threading.Thread):
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]189
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]190 class ConnectionHandler(threading.Thread):
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]191
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]192 """A mildly complicated class, because we want it to work both
193 with and without the SSL wrapper around the socket connection, so
194 that we can test the STARTTLS functionality."""
195
196 def __init__(self, server, connsock):
197 self.server = server
198 self.running = False
199 self.sock = connsock
200 self.sock.setblocking(1)
201 self.sslconn = None
202 threading.Thread.__init__(self)
203 self.setDaemon(True)
204
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]205 def show_conn_details(self):
206 if self.server.certreqs == ssl.CERT_REQUIRED:
207 cert = self.sslconn.getpeercert()
208 if test_support.verbose and self.server.chatty:
209 sys.stdout.write(" client cert is " + pprint.pformat(cert) + "\n")
210 cert_binary = self.sslconn.getpeercert(True)
211 if test_support.verbose and self.server.chatty:
212 sys.stdout.write(" cert binary is " + str(len(cert_binary)) + " bytes\n")
213 cipher = self.sslconn.cipher()
214 if test_support.verbose and self.server.chatty:
215 sys.stdout.write(" server: connection cipher is now " + str(cipher) + "\n")
216
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]217 def wrap_conn (self):
218 try:
219 self.sslconn = ssl.wrap_socket(self.sock, server_side=True,
220 certfile=self.server.certificate,
221 ssl_version=self.server.protocol,
222 ca_certs=self.server.cacerts,
223 cert_reqs=self.server.certreqs)
224 except:
225 if self.server.chatty:
226 handle_error("\n server: bad connection attempt from " +
227 str(self.sock.getpeername()) + ":\n")
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]228 self.close()
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]229 if not self.server.expect_bad_connects:
230 # here, we want to stop the server, because this shouldn't
231 # happen in the context of our test case
232 self.running = False
233 # normally, we'd just stop here, but for the test
234 # harness, we want to stop the server
235 self.server.stop()
236 return False
237
238 else:
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]239 return True
240
241 def read(self):
242 if self.sslconn:
243 return self.sslconn.read()
244 else:
245 return self.sock.recv(1024)
246
247 def write(self, bytes):
248 if self.sslconn:
249 return self.sslconn.write(bytes)
250 else:
251 return self.sock.send(bytes)
252
253 def close(self):
254 if self.sslconn:
255 self.sslconn.close()
256 else:
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]257 self.sock._sock.close()
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]258
259 def run (self):
260 self.running = True
261 if not self.server.starttls_server:
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]262 if isinstance(self.sock, ssl.SSLSocket):
263 self.sslconn = self.sock
264 elif not self.wrap_conn():
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]265 return
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]266 self.show_conn_details()
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]267 while self.running:
268 try:
269 msg = self.read()
270 if not msg:
271 # eof, so quit this handler
272 self.running = False
273 self.close()
274 elif msg.strip() == 'over':
275 if test_support.verbose and self.server.connectionchatty:
276 sys.stdout.write(" server: client closed connection\n")
277 self.close()
278 return
279 elif self.server.starttls_server and msg.strip() == 'STARTTLS':
280 if test_support.verbose and self.server.connectionchatty:
281 sys.stdout.write(" server: read STARTTLS from client, sending OK...\n")
282 self.write("OK\n")
283 if not self.wrap_conn():
284 return
Bill Janssen39295c22008-08-12 16:31:21 +0000[diff] [blame]285 elif self.server.starttls_server and self.sslconn and msg.strip() == 'ENDTLS':
286 if test_support.verbose and self.server.connectionchatty:
287 sys.stdout.write(" server: read ENDTLS from client, sending OK...\n")
288 self.write("OK\n")
289 self.sslconn.unwrap()
290 self.sslconn = None
291 if test_support.verbose and self.server.connectionchatty:
292 sys.stdout.write(" server: connection is now unencrypted...\n")
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]293 else:
294 if (test_support.verbose and
295 self.server.connectionchatty):
296 ctype = (self.sslconn and "encrypted") or "unencrypted"
297 sys.stdout.write(" server: read %s (%s), sending back %s (%s)...\n"
298 % (repr(msg), ctype, repr(msg.lower()), ctype))
299 self.write(msg.lower())
300 except ssl.SSLError:
301 if self.server.chatty:
302 handle_error("Test server failure:\n")
303 self.close()
304 self.running = False
305 # normally, we'd just stop here, but for the test
306 # harness, we want to stop the server
307 self.server.stop()
308 except:
309 handle_error('')
310
Trent Nelsone41b0062008-04-08 23:47:30 +0000[diff] [blame]311 def __init__(self, certificate, ssl_version=None,
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]312 certreqs=None, cacerts=None, expect_bad_connects=False,
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]313 chatty=True, connectionchatty=False, starttls_server=False,
314 wrap_accepting_socket=False):
315
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]316 if ssl_version is None:
317 ssl_version = ssl.PROTOCOL_TLSv1
318 if certreqs is None:
319 certreqs = ssl.CERT_NONE
320 self.certificate = certificate
321 self.protocol = ssl_version
322 self.certreqs = certreqs
323 self.cacerts = cacerts
324 self.expect_bad_connects = expect_bad_connects
325 self.chatty = chatty
326 self.connectionchatty = connectionchatty
327 self.starttls_server = starttls_server
328 self.sock = socket.socket()
329 self.flag = None
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]330 if wrap_accepting_socket:
331 self.sock = ssl.wrap_socket(self.sock, server_side=True,
332 certfile=self.certificate,
333 cert_reqs = self.certreqs,
334 ca_certs = self.cacerts,
335 ssl_version = self.protocol)
336 if test_support.verbose and self.chatty:
337 sys.stdout.write(' server: wrapped server socket as %s\n' % str(self.sock))
338 self.port = test_support.bind_port(self.sock)
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]339 self.active = False
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]340 threading.Thread.__init__(self)
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]341 self.setDaemon(False)
342
343 def start (self, flag=None):
344 self.flag = flag
345 threading.Thread.start(self)
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]346
347 def run (self):
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]348 self.sock.settimeout(0.5)
349 self.sock.listen(5)
350 self.active = True
351 if self.flag:
352 # signal an event
353 self.flag.set()
354 while self.active:
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]355 try:
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]356 newconn, connaddr = self.sock.accept()
357 if test_support.verbose and self.chatty:
358 sys.stdout.write(' server: new connection from '
359 + str(connaddr) + '\n')
360 handler = self.ConnectionHandler(self, newconn)
361 handler.start()
362 except socket.timeout:
363 pass
364 except KeyboardInterrupt:
365 self.stop()
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]366 except:
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]367 if self.chatty:
368 handle_error("Test server failure:\n")
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]369 self.sock.close()
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]370
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]371 def stop (self):
372 self.active = False
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]373
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]374 class AsyncoreEchoServer(threading.Thread):
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]375
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]376 class EchoServer (asyncore.dispatcher):
377
378 class ConnectionHandler (asyncore.dispatcher_with_send):
379
380 def __init__(self, conn, certfile):
381 asyncore.dispatcher_with_send.__init__(self, conn)
382 self.socket = ssl.wrap_socket(conn, server_side=True,
383 certfile=certfile,
384 do_handshake_on_connect=True)
385
386 def readable(self):
387 if isinstance(self.socket, ssl.SSLSocket):
388 while self.socket.pending() > 0:
389 self.handle_read_event()
390 return True
391
392 def handle_read(self):
393 data = self.recv(1024)
394 self.send(data.lower())
395
396 def handle_close(self):
Bill Janssende34d912008-06-28 23:00:39 +0000[diff] [blame]397 self.close()
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]398 if test_support.verbose:
399 sys.stdout.write(" server: closed connection %s\n" % self.socket)
400
401 def handle_error(self):
402 raise
403
404 def __init__(self, certfile):
405 self.certfile = certfile
406 asyncore.dispatcher.__init__(self)
407 self.create_socket(socket.AF_INET, socket.SOCK_STREAM)
408 self.port = test_support.bind_port(self.socket)
409 self.listen(5)
410
411 def handle_accept(self):
412 sock_obj, addr = self.accept()
413 if test_support.verbose:
414 sys.stdout.write(" server: new connection from %s:%s\n" %addr)
415 self.ConnectionHandler(sock_obj, self.certfile)
416
417 def handle_error(self):
418 raise
419
420 def __init__(self, certfile):
421 self.flag = None
422 self.active = False
423 self.server = self.EchoServer(certfile)
424 self.port = self.server.port
425 threading.Thread.__init__(self)
426 self.setDaemon(True)
427
428 def __str__(self):
429 return "<%s %s>" % (self.__class__.__name__, self.server)
430
431 def start (self, flag=None):
432 self.flag = flag
433 threading.Thread.start(self)
434
435 def run (self):
436 self.active = True
437 if self.flag:
438 self.flag.set()
439 while self.active:
440 try:
441 asyncore.loop(1)
442 except:
443 pass
444
445 def stop (self):
446 self.active = False
447 self.server.close()
448
449 class SocketServerHTTPSServer(threading.Thread):
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]450
451 class HTTPSServer(HTTPServer):
452
453 def __init__(self, server_address, RequestHandlerClass, certfile):
454
455 HTTPServer.__init__(self, server_address, RequestHandlerClass)
456 # we assume the certfile contains both private key and certificate
457 self.certfile = certfile
458 self.active = False
Neal Norwitz0098c9d2008-03-09 19:03:42 +0000[diff] [blame]459 self.active_lock = threading.Lock()
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]460 self.allow_reuse_address = True
461
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]462 def __str__(self):
463 return ('<%s %s:%s>' %
464 (self.__class__.__name__,
465 self.server_name,
466 self.server_port))
467
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]468 def get_request (self):
469 # override this to wrap socket with SSL
470 sock, addr = self.socket.accept()
471 sslconn = ssl.wrap_socket(sock, server_side=True,
472 certfile=self.certfile)
473 return sslconn, addr
474
475 # The methods overridden below this are mainly so that we
476 # can run it in a thread and be able to stop it from another
477 # You probably wouldn't need them in other uses.
478
479 def server_activate(self):
480 # We want to run this in a thread for testing purposes,
481 # so we override this to set timeout, so that we get
482 # a chance to stop the server
483 self.socket.settimeout(0.5)
484 HTTPServer.server_activate(self)
485
486 def serve_forever(self):
487 # We want this to run in a thread, so we use a slightly
488 # modified version of "forever".
489 self.active = True
Neal Norwitz0098c9d2008-03-09 19:03:42 +0000[diff] [blame]490 while 1:
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]491 try:
Neal Norwitz0098c9d2008-03-09 19:03:42 +0000[diff] [blame]492 # We need to lock while handling the request.
493 # Another thread can close the socket after self.active
494 # has been checked and before the request is handled.
495 # This causes an exception when using the closed socket.
496 with self.active_lock:
497 if not self.active:
498 break
499 self.handle_request()
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]500 except socket.timeout:
501 pass
502 except KeyboardInterrupt:
503 self.server_close()
504 return
505 except:
Neal Norwitz0098c9d2008-03-09 19:03:42 +0000[diff] [blame]506 sys.stdout.write(''.join(traceback.format_exception(*sys.exc_info())))
507 break
Neal Norwitzd0a91af2008-04-02 05:54:27 +0000[diff] [blame]508 time.sleep(0.1)
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]509
510 def server_close(self):
511 # Again, we want this to run in a thread, so we need to override
512 # close to clear the "active" flag, so that serve_forever() will
513 # terminate.
Neal Norwitz0098c9d2008-03-09 19:03:42 +0000[diff] [blame]514 with self.active_lock:
515 HTTPServer.server_close(self)
516 self.active = False
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]517
518 class RootedHTTPRequestHandler(SimpleHTTPRequestHandler):
519
520 # need to override translate_path to get a known root,
521 # instead of using os.curdir, since the test could be
522 # run from anywhere
523
524 server_version = "TestHTTPS/1.0"
525
526 root = None
527
528 def translate_path(self, path):
529 """Translate a /-separated PATH to the local filename syntax.
530
531 Components that mean special things to the local file system
532 (e.g. drive or directory names) are ignored. (XXX They should
533 probably be diagnosed.)
534
535 """
536 # abandon query parameters
537 path = urlparse.urlparse(path)[2]
538 path = os.path.normpath(urllib.unquote(path))
539 words = path.split('/')
540 words = filter(None, words)
541 path = self.root
542 for word in words:
543 drive, word = os.path.splitdrive(word)
544 head, word = os.path.split(word)
545 if word in self.root: continue
546 path = os.path.join(path, word)
547 return path
548
549 def log_message(self, format, *args):
550
551 # we override this to suppress logging unless "verbose"
552
553 if test_support.verbose:
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]554 sys.stdout.write(" server (%s:%d %s):\n [%s] %s\n" %
555 (self.server.server_address,
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]556 self.server.server_port,
557 self.request.cipher(),
558 self.log_date_time_string(),
559 format%args))
560
561
Trent Nelsone41b0062008-04-08 23:47:30 +0000[diff] [blame]562 def __init__(self, certfile):
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]563 self.flag = None
564 self.active = False
565 self.RootedHTTPRequestHandler.root = os.path.split(CERTFILE)[0]
Trent Nelsone41b0062008-04-08 23:47:30 +0000[diff] [blame]566 self.port = test_support.find_unused_port()
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]567 self.server = self.HTTPSServer(
Trent Nelsone41b0062008-04-08 23:47:30 +0000[diff] [blame]568 (HOST, self.port), self.RootedHTTPRequestHandler, certfile)
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]569 threading.Thread.__init__(self)
570 self.setDaemon(True)
571
572 def __str__(self):
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]573 return "<%s %s>" % (self.__class__.__name__, self.server)
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]574
575 def start (self, flag=None):
576 self.flag = flag
577 threading.Thread.start(self)
578
579 def run (self):
580 self.active = True
581 if self.flag:
582 self.flag.set()
583 self.server.serve_forever()
584 self.active = False
585
586 def stop (self):
587 self.active = False
588 self.server.server_close()
589
590
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]591 def badCertTest (certfile):
Trent Nelsone41b0062008-04-08 23:47:30 +0000[diff] [blame]592 server = ThreadedEchoServer(CERTFILE,
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]593 certreqs=ssl.CERT_REQUIRED,
594 cacerts=CERTFILE, chatty=False)
595 flag = threading.Event()
596 server.start(flag)
597 # wait for it to start
598 flag.wait()
599 # try to connect
600 try:
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]601 try:
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]602 s = ssl.wrap_socket(socket.socket(),
603 certfile=certfile,
604 ssl_version=ssl.PROTOCOL_TLSv1)
Trent Nelsone41b0062008-04-08 23:47:30 +0000[diff] [blame]605 s.connect((HOST, server.port))
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]606 except ssl.SSLError, x:
Neal Norwitz9eb9b102007-08-27 01:15:33 +0000[diff] [blame]607 if test_support.verbose:
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]608 sys.stdout.write("\nSSLError is %s\n" % x[1])
Bill Janssen0c1dbf82008-07-17 18:01:57 +0000[diff] [blame]609 except socket.error, x:
610 if test_support.verbose:
611 sys.stdout.write("\nsocket.error is %s\n" % x[1])
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]612 else:
613 raise test_support.TestFailed(
614 "Use of invalid cert should have failed!")
615 finally:
616 server.stop()
617 server.join()
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]618
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]619 def serverParamsTest (certfile, protocol, certreqs, cacertsfile,
620 client_certfile, client_protocol=None, indata="FOO\n",
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]621 chatty=True, connectionchatty=False,
622 wrap_accepting_socket=False):
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]623
Trent Nelsone41b0062008-04-08 23:47:30 +0000[diff] [blame]624 server = ThreadedEchoServer(certfile,
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]625 certreqs=certreqs,
626 ssl_version=protocol,
627 cacerts=cacertsfile,
628 chatty=chatty,
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]629 connectionchatty=connectionchatty,
630 wrap_accepting_socket=wrap_accepting_socket)
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]631 flag = threading.Event()
632 server.start(flag)
633 # wait for it to start
634 flag.wait()
635 # try to connect
636 if client_protocol is None:
637 client_protocol = protocol
638 try:
639 try:
640 s = ssl.wrap_socket(socket.socket(),
641 certfile=client_certfile,
642 ca_certs=cacertsfile,
643 cert_reqs=certreqs,
644 ssl_version=client_protocol)
Trent Nelsone41b0062008-04-08 23:47:30 +0000[diff] [blame]645 s.connect((HOST, server.port))
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]646 except ssl.SSLError, x:
647 raise test_support.TestFailed("Unexpected SSL error: " + str(x))
648 except Exception, x:
649 raise test_support.TestFailed("Unexpected exception: " + str(x))
650 else:
651 if connectionchatty:
652 if test_support.verbose:
653 sys.stdout.write(
654 " client: sending %s...\n" % (repr(indata)))
655 s.write(indata)
656 outdata = s.read()
657 if connectionchatty:
658 if test_support.verbose:
659 sys.stdout.write(" client: read %s\n" % repr(outdata))
660 if outdata != indata.lower():
661 raise test_support.TestFailed(
662 "bad data <<%s>> (%d) received; expected <<%s>> (%d)\n"
663 % (outdata[:min(len(outdata),20)], len(outdata),
664 indata[:min(len(indata),20)].lower(), len(indata)))
665 s.write("over\n")
666 if connectionchatty:
667 if test_support.verbose:
668 sys.stdout.write(" client: closing connection.\n")
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]669 s.close()
670 finally:
671 server.stop()
672 server.join()
673
674 def tryProtocolCombo (server_protocol,
675 client_protocol,
676 expectedToWork,
Bill Janssene3f1d7d2007-09-11 01:09:19 +0000[diff] [blame]677 certsreqs=None):
678
Benjamin Peterson5b63acd2008-03-29 15:24:25 +0000[diff] [blame]679 if certsreqs is None:
Bill Janssene3f1d7d2007-09-11 01:09:19 +0000[diff] [blame]680 certsreqs = ssl.CERT_NONE
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]681
682 if certsreqs == ssl.CERT_NONE:
683 certtype = "CERT_NONE"
684 elif certsreqs == ssl.CERT_OPTIONAL:
685 certtype = "CERT_OPTIONAL"
686 elif certsreqs == ssl.CERT_REQUIRED:
687 certtype = "CERT_REQUIRED"
688 if test_support.verbose:
689 formatstr = (expectedToWork and " %s->%s %s\n") or " {%s->%s} %s\n"
690 sys.stdout.write(formatstr %
691 (ssl.get_protocol_name(client_protocol),
692 ssl.get_protocol_name(server_protocol),
693 certtype))
694 try:
695 serverParamsTest(CERTFILE, server_protocol, certsreqs,
696 CERTFILE, CERTFILE, client_protocol, chatty=False)
697 except test_support.TestFailed:
698 if expectedToWork:
699 raise
700 else:
701 if not expectedToWork:
702 raise test_support.TestFailed(
703 "Client protocol %s succeeded with server protocol %s!"
704 % (ssl.get_protocol_name(client_protocol),
705 ssl.get_protocol_name(server_protocol)))
706
707
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]708 class ThreadedTests(unittest.TestCase):
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]709
710 def testRudeShutdown(self):
711
712 listener_ready = threading.Event()
713 listener_gone = threading.Event()
Trent Nelsone41b0062008-04-08 23:47:30 +0000[diff] [blame]714 port = test_support.find_unused_port()
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]715
716 # `listener` runs in a thread. It opens a socket listening on
717 # PORT, and sits in an accept() until the main thread connects.
718 # Then it rudely closes the socket, and sets Event `listener_gone`
719 # to let the main thread know the socket is gone.
720 def listener():
721 s = socket.socket()
Trent Nelsone41b0062008-04-08 23:47:30 +0000[diff] [blame]722 s.bind((HOST, port))
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]723 s.listen(5)
724 listener_ready.set()
725 s.accept()
726 s = None # reclaim the socket object, which also closes it
727 listener_gone.set()
728
729 def connector():
730 listener_ready.wait()
731 s = socket.socket()
Trent Nelsone41b0062008-04-08 23:47:30 +0000[diff] [blame]732 s.connect((HOST, port))
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]733 listener_gone.wait()
734 try:
735 ssl_sock = ssl.wrap_socket(s)
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]736 except IOError:
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]737 pass
738 else:
739 raise test_support.TestFailed(
740 'connecting to closed SSL socket should have failed')
741
742 t = threading.Thread(target=listener)
743 t.start()
744 connector()
745 t.join()
746
747 def testEcho (self):
748
749 if test_support.verbose:
750 sys.stdout.write("\n")
751 serverParamsTest(CERTFILE, ssl.PROTOCOL_TLSv1, ssl.CERT_NONE,
752 CERTFILE, CERTFILE, ssl.PROTOCOL_TLSv1,
753 chatty=True, connectionchatty=True)
754
755 def testReadCert(self):
756
757 if test_support.verbose:
758 sys.stdout.write("\n")
759 s2 = socket.socket()
Trent Nelsone41b0062008-04-08 23:47:30 +0000[diff] [blame]760 server = ThreadedEchoServer(CERTFILE,
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]761 certreqs=ssl.CERT_NONE,
762 ssl_version=ssl.PROTOCOL_SSLv23,
763 cacerts=CERTFILE,
764 chatty=False)
765 flag = threading.Event()
766 server.start(flag)
767 # wait for it to start
768 flag.wait()
769 # try to connect
770 try:
771 try:
772 s = ssl.wrap_socket(socket.socket(),
773 certfile=CERTFILE,
774 ca_certs=CERTFILE,
775 cert_reqs=ssl.CERT_REQUIRED,
776 ssl_version=ssl.PROTOCOL_SSLv23)
Trent Nelsone41b0062008-04-08 23:47:30 +0000[diff] [blame]777 s.connect((HOST, server.port))
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]778 except ssl.SSLError, x:
779 raise test_support.TestFailed(
780 "Unexpected SSL error: " + str(x))
781 except Exception, x:
782 raise test_support.TestFailed(
783 "Unexpected exception: " + str(x))
784 else:
785 if not s:
786 raise test_support.TestFailed(
787 "Can't SSL-handshake with test server")
788 cert = s.getpeercert()
789 if not cert:
790 raise test_support.TestFailed(
791 "Can't get peer certificate.")
792 cipher = s.cipher()
793 if test_support.verbose:
794 sys.stdout.write(pprint.pformat(cert) + '\n')
795 sys.stdout.write("Connection cipher is " + str(cipher) + '.\n')
796 if not cert.has_key('subject'):
797 raise test_support.TestFailed(
798 "No subject field in certificate: %s." %
799 pprint.pformat(cert))
800 if ((('organizationName', 'Python Software Foundation'),)
801 not in cert['subject']):
802 raise test_support.TestFailed(
803 "Missing or invalid 'organizationName' field in certificate subject; "
Neal Norwitz0098c9d2008-03-09 19:03:42 +0000[diff] [blame]804 "should be 'Python Software Foundation'.")
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]805 s.close()
806 finally:
807 server.stop()
808 server.join()
809
810 def testNULLcert(self):
811 badCertTest(os.path.join(os.path.dirname(__file__) or os.curdir,
812 "nullcert.pem"))
813 def testMalformedCert(self):
814 badCertTest(os.path.join(os.path.dirname(__file__) or os.curdir,
815 "badcert.pem"))
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]816 def testWrongCert(self):
817 badCertTest(os.path.join(os.path.dirname(__file__) or os.curdir,
818 "wrongcert.pem"))
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]819 def testMalformedKey(self):
820 badCertTest(os.path.join(os.path.dirname(__file__) or os.curdir,
821 "badkey.pem"))
822
823 def testProtocolSSL2(self):
824 if test_support.verbose:
825 sys.stdout.write("\n")
826 tryProtocolCombo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True)
827 tryProtocolCombo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_OPTIONAL)
828 tryProtocolCombo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_REQUIRED)
829 tryProtocolCombo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv23, True)
830 tryProtocolCombo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv3, False)
831 tryProtocolCombo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLSv1, False)
832
833 def testProtocolSSL23(self):
834 if test_support.verbose:
835 sys.stdout.write("\n")
836 try:
837 tryProtocolCombo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv2, True)
838 except test_support.TestFailed, x:
839 # this fails on some older versions of OpenSSL (0.9.7l, for instance)
840 if test_support.verbose:
841 sys.stdout.write(
842 " SSL2 client to SSL23 server test unexpectedly failed:\n %s\n"
843 % str(x))
844 tryProtocolCombo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True)
845 tryProtocolCombo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True)
846 tryProtocolCombo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True)
847
848 tryProtocolCombo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True, ssl.CERT_OPTIONAL)
849 tryProtocolCombo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True, ssl.CERT_OPTIONAL)
850 tryProtocolCombo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True, ssl.CERT_OPTIONAL)
851
852 tryProtocolCombo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True, ssl.CERT_REQUIRED)
853 tryProtocolCombo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True, ssl.CERT_REQUIRED)
854 tryProtocolCombo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True, ssl.CERT_REQUIRED)
855
856 def testProtocolSSL3(self):
857 if test_support.verbose:
858 sys.stdout.write("\n")
859 tryProtocolCombo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, True)
860 tryProtocolCombo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, True, ssl.CERT_OPTIONAL)
861 tryProtocolCombo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, True, ssl.CERT_REQUIRED)
862 tryProtocolCombo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv2, False)
863 tryProtocolCombo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv23, False)
864 tryProtocolCombo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_TLSv1, False)
865
866 def testProtocolTLS1(self):
867 if test_support.verbose:
868 sys.stdout.write("\n")
869 tryProtocolCombo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, True)
870 tryProtocolCombo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, True, ssl.CERT_OPTIONAL)
871 tryProtocolCombo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, True, ssl.CERT_REQUIRED)
872 tryProtocolCombo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv2, False)
873 tryProtocolCombo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv3, False)
874 tryProtocolCombo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv23, False)
875
876 def testSTARTTLS (self):
877
Bill Janssen39295c22008-08-12 16:31:21 +0000[diff] [blame]878 msgs = ("msg 1", "MSG 2", "STARTTLS", "MSG 3", "msg 4", "ENDTLS", "msg 5", "msg 6")
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]879
Trent Nelsone41b0062008-04-08 23:47:30 +0000[diff] [blame]880 server = ThreadedEchoServer(CERTFILE,
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]881 ssl_version=ssl.PROTOCOL_TLSv1,
882 starttls_server=True,
883 chatty=True,
884 connectionchatty=True)
885 flag = threading.Event()
886 server.start(flag)
887 # wait for it to start
888 flag.wait()
889 # try to connect
890 wrapped = False
891 try:
892 try:
893 s = socket.socket()
894 s.setblocking(1)
Trent Nelsone41b0062008-04-08 23:47:30 +0000[diff] [blame]895 s.connect((HOST, server.port))
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]896 except Exception, x:
897 raise test_support.TestFailed("Unexpected exception: " + str(x))
898 else:
899 if test_support.verbose:
900 sys.stdout.write("\n")
901 for indata in msgs:
902 if test_support.verbose:
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]903 sys.stdout.write(
904 " client: sending %s...\n" % repr(indata))
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]905 if wrapped:
906 conn.write(indata)
907 outdata = conn.read()
908 else:
909 s.send(indata)
910 outdata = s.recv(1024)
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]911 if (indata == "STARTTLS" and
912 outdata.strip().lower().startswith("ok")):
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]913 if test_support.verbose:
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]914 sys.stdout.write(
915 " client: read %s from server, starting TLS...\n"
916 % repr(outdata))
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]917 conn = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_TLSv1)
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]918 wrapped = True
Bill Janssen39295c22008-08-12 16:31:21 +0000[diff] [blame]919 elif (indata == "ENDTLS" and
920 outdata.strip().lower().startswith("ok")):
921 if test_support.verbose:
922 sys.stdout.write(
923 " client: read %s from server, ending TLS...\n"
924 % repr(outdata))
925 s = conn.unwrap()
926 wrapped = False
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]927 else:
928 if test_support.verbose:
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]929 sys.stdout.write(
930 " client: read %s from server\n" % repr(outdata))
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]931 if test_support.verbose:
932 sys.stdout.write(" client: closing connection.\n")
933 if wrapped:
934 conn.write("over\n")
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]935 else:
936 s.send("over\n")
937 s.close()
938 finally:
939 server.stop()
940 server.join()
941
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]942 def testSocketServer(self):
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]943
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]944 server = SocketServerHTTPSServer(CERTFILE)
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]945 flag = threading.Event()
946 server.start(flag)
947 # wait for it to start
948 flag.wait()
949 # try to connect
950 try:
951 if test_support.verbose:
952 sys.stdout.write('\n')
Bill Janssenbf10c472007-09-16 23:16:46 +0000[diff] [blame]953 d1 = open(CERTFILE, 'rb').read()
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]954 d2 = ''
955 # now fetch the same data from the HTTPS server
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]956 url = 'https://127.0.0.1:%d/%s' % (
957 server.port, os.path.split(CERTFILE)[1])
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]958 f = urllib.urlopen(url)
959 dlen = f.info().getheader("content-length")
960 if dlen and (int(dlen) > 0):
961 d2 = f.read(int(dlen))
962 if test_support.verbose:
963 sys.stdout.write(
964 " client: read %d bytes from remote server '%s'\n"
965 % (len(d2), server))
966 f.close()
967 except:
968 msg = ''.join(traceback.format_exception(*sys.exc_info()))
969 if test_support.verbose:
970 sys.stdout.write('\n' + msg)
971 raise test_support.TestFailed(msg)
972 else:
973 if not (d1 == d2):
974 raise test_support.TestFailed(
975 "Couldn't fetch data from HTTPS server")
976 finally:
977 server.stop()
978 server.join()
Neal Norwitz7fc8e292007-08-26 18:50:39 +0000[diff] [blame]979
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]980 def testWrappedAccept (self):
981
982 if test_support.verbose:
983 sys.stdout.write("\n")
984 serverParamsTest(CERTFILE, ssl.PROTOCOL_SSLv23, ssl.CERT_REQUIRED,
985 CERTFILE, CERTFILE, ssl.PROTOCOL_SSLv23,
986 chatty=True, connectionchatty=True,
987 wrap_accepting_socket=True)
988
989
990 def testAsyncoreServer (self):
991
992 indata = "TEST MESSAGE of mixed case\n"
993
994 if test_support.verbose:
995 sys.stdout.write("\n")
996 server = AsyncoreEchoServer(CERTFILE)
997 flag = threading.Event()
998 server.start(flag)
999 # wait for it to start
1000 flag.wait()
1001 # try to connect
1002 try:
1003 try:
1004 s = ssl.wrap_socket(socket.socket())
1005 s.connect(('127.0.0.1', server.port))
1006 except ssl.SSLError, x:
1007 raise test_support.TestFailed("Unexpected SSL error: " + str(x))
1008 except Exception, x:
1009 raise test_support.TestFailed("Unexpected exception: " + str(x))
1010 else:
1011 if test_support.verbose:
1012 sys.stdout.write(
1013 " client: sending %s...\n" % (repr(indata)))
1014 s.write(indata)
1015 outdata = s.read()
1016 if test_support.verbose:
1017 sys.stdout.write(" client: read %s\n" % repr(outdata))
1018 if outdata != indata.lower():
1019 raise test_support.TestFailed(
1020 "bad data <<%s>> (%d) received; expected <<%s>> (%d)\n"
1021 % (outdata[:min(len(outdata),20)], len(outdata),
1022 indata[:min(len(indata),20)].lower(), len(indata)))
1023 s.write("over\n")
1024 if test_support.verbose:
1025 sys.stdout.write(" client: closing connection.\n")
1026 s.close()
1027 finally:
1028 server.stop()
1029 # wait for server thread to end
1030 server.join()
1031
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]1032
Neal Norwitz9eb9b102007-08-27 01:15:33 +0000[diff] [blame]1033def test_main(verbose=False):
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]1034 if skip_expected:
Bill Janssenffe576d2007-09-05 00:46:27 +0000[diff] [blame]1035 raise test_support.TestSkipped("No SSL support")
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]1036
Trent Nelsone41b0062008-04-08 23:47:30 +0000[diff] [blame]1037 global CERTFILE, SVN_PYTHON_ORG_ROOT_CERT
Guido van Rossumba8c5652007-08-27 17:19:42 +0000[diff] [blame]1038 CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir,
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]1039 "keycert.pem")
1040 SVN_PYTHON_ORG_ROOT_CERT = os.path.join(
1041 os.path.dirname(__file__) or os.curdir,
1042 "https_svn_python_org_root.pem")
1043
1044 if (not os.path.exists(CERTFILE) or
1045 not os.path.exists(SVN_PYTHON_ORG_ROOT_CERT)):
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]1046 raise test_support.TestFailed("Can't read certificate files!")
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]1047
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]1048 TESTPORT = test_support.find_unused_port()
1049 if not TESTPORT:
1050 raise test_support.TestFailed("Can't find open port to test servers on!")
1051
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]1052 tests = [BasicTests]
1053
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]1054 if test_support.is_resource_enabled('network'):
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]1055 tests.append(NetworkedTests)
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]1056
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]1057 if _have_threads:
1058 thread_info = test_support.threading_setup()
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]1059 if thread_info and test_support.is_resource_enabled('network'):
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]1060 tests.append(ThreadedTests)
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]1061
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]1062 test_support.run_unittest(*tests)
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]1063
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]1064 if _have_threads:
1065 test_support.threading_cleanup(*thread_info)
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]1066
1067if __name__ == "__main__":
1068 test_main()