Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython2 / d2867642c038a932590958494c96ce0171898283 / . / Lib / test / test_ssl.py
blob: 0e86457f04b800baea3ba745f7c34764bf36cf9a [file] [log] [blame]
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]1# Test the support for SSL and sockets
2
3import sys
4import unittest
5from test import test_support
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]6import asyncore
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]7import socket
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]8import select
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]9import errno
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]10import subprocess
11import time
Antoine Pitroud4030da2010-04-23 23:35:01 +0000[diff] [blame]12import gc
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]13import os
Antoine Pitroud4030da2010-04-23 23:35:01 +0000[diff] [blame]14import errno
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]15import pprint
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]16import urllib, urlparse
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]17import shutil
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]18import traceback
Antoine Pitrou3df58d12010-04-23 23:07:37 +0000[diff] [blame]19import weakref
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]20
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]21from BaseHTTPServer import HTTPServer
22from SimpleHTTPServer import SimpleHTTPRequestHandler
23
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]24# Optionally test SSL support, if we have it in the tested platform
25skip_expected = False
26try:
27 import ssl
28except ImportError:
29 skip_expected = True
30
Trent Nelsone41b0062008-04-08 23:47:30 +0000[diff] [blame]31HOST = test_support.HOST
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]32CERTFILE = None
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]33SVN_PYTHON_ORG_ROOT_CERT = None
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]34
Neal Norwitz3e533c22007-08-27 01:03:18 +0000[diff] [blame]35def handle_error(prefix):
36 exc_format = ' '.join(traceback.format_exception(*sys.exc_info()))
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]37 if test_support.verbose:
38 sys.stdout.write(prefix + exc_format)
Neal Norwitz3e533c22007-08-27 01:03:18 +0000[diff] [blame]39
Antoine Pitrou77a1c362010-04-27 09:54:14 +0000[diff] [blame]40
41class BasicTests(unittest.TestCase):
42
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]43 def test_sslwrap_simple(self):
Antoine Pitrou77a1c362010-04-27 09:54:14 +0000[diff] [blame]44 # A crude test for the legacy API
Bill Jansseneb257ac2008-09-29 18:56:38 +0000[diff] [blame]45 try:
46 ssl.sslwrap_simple(socket.socket(socket.AF_INET))
47 except IOError, e:
48 if e.errno == 32: # broken pipe when ssl_sock.do_handshake(), this test doesn't care about that
49 pass
50 else:
51 raise
52 try:
53 ssl.sslwrap_simple(socket.socket(socket.AF_INET)._sock)
54 except IOError, e:
55 if e.errno == 32: # broken pipe when ssl_sock.do_handshake(), this test doesn't care about that
56 pass
57 else:
58 raise
Neal Norwitz3e533c22007-08-27 01:03:18 +0000[diff] [blame]59
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]60 def test_connect(self):
Christian Heimes6c29be52008-01-19 16:39:27 +0000[diff] [blame]61 if not test_support.is_resource_enabled('network'):
62 return
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]63 s = ssl.wrap_socket(socket.socket(socket.AF_INET),
64 cert_reqs=ssl.CERT_NONE)
65 s.connect(("svn.python.org", 443))
66 c = s.getpeercert()
67 if c:
Antoine Pitrou6ab7f002010-04-27 10:41:42 +0000[diff] [blame]68 self.fail("Peer cert %s shouldn't be here!")
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]69 s.close()
70
71 # this should fail because we have no verification certs
72 s = ssl.wrap_socket(socket.socket(socket.AF_INET),
73 cert_reqs=ssl.CERT_REQUIRED)
74 try:
75 s.connect(("svn.python.org", 443))
76 except ssl.SSLError:
77 pass
78 finally:
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]79 s.close()
80
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]81 def test_constants(self):
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]82 ssl.PROTOCOL_SSLv2
83 ssl.PROTOCOL_SSLv23
84 ssl.PROTOCOL_SSLv3
85 ssl.PROTOCOL_TLSv1
86 ssl.CERT_NONE
87 ssl.CERT_OPTIONAL
88 ssl.CERT_REQUIRED
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]89
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]90 def test_random(self):
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]91 v = ssl.RAND_status()
92 if test_support.verbose:
93 sys.stdout.write("\n RAND_status is %d (%s)\n"
94 % (v, (v and "sufficient randomness") or
95 "insufficient randomness"))
Guido van Rossume4729332007-08-26 19:35:09 +0000[diff] [blame]96 try:
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]97 ssl.RAND_egd(1)
98 except TypeError:
99 pass
Guido van Rossume4729332007-08-26 19:35:09 +0000[diff] [blame]100 else:
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]101 print "didn't raise TypeError"
102 ssl.RAND_add("this is a random string", 75.0)
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]103
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]104 def test_parse_cert(self):
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]105 # note that this uses an 'unofficial' function in _ssl.c,
106 # provided solely for this test, to exercise the certificate
107 # parsing code
108 p = ssl._ssl._test_decode_cert(CERTFILE, False)
109 if test_support.verbose:
110 sys.stdout.write("\n" + pprint.pformat(p) + "\n")
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]111
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]112 def test_DER_to_PEM(self):
113 with open(SVN_PYTHON_ORG_ROOT_CERT, 'r') as f:
114 pem = f.read()
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]115 d1 = ssl.PEM_cert_to_DER_cert(pem)
116 p2 = ssl.DER_cert_to_PEM_cert(d1)
117 d2 = ssl.PEM_cert_to_DER_cert(p2)
Antoine Pitrou6ab7f002010-04-27 10:41:42 +0000[diff] [blame]118 self.assertEqual(d1, d2)
Antoine Pitrou12cb1292010-04-27 22:05:18 +0000[diff] [blame]119 if not p2.startswith(ssl.PEM_HEADER + '\n'):
120 self.fail("DER-to-PEM didn't include correct header:\n%r\n" % p2)
121 if not p2.endswith('\n' + ssl.PEM_FOOTER + '\n'):
122 self.fail("DER-to-PEM didn't include correct footer:\n%r\n" % p2)
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]123
Antoine Pitrou3df58d12010-04-23 23:07:37 +0000[diff] [blame]124 def test_refcycle(self):
125 # Issue #7943: an SSL object doesn't create reference cycles with
126 # itself.
127 s = socket.socket(socket.AF_INET)
128 ss = ssl.wrap_socket(s)
129 wr = weakref.ref(ss)
130 del ss
131 self.assertEqual(wr(), None)
132
Antoine Pitroud4030da2010-04-23 23:35:01 +0000[diff] [blame]133
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]134class NetworkedTests(unittest.TestCase):
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]135
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]136 def test_connect(self):
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]137 s = ssl.wrap_socket(socket.socket(socket.AF_INET),
138 cert_reqs=ssl.CERT_NONE)
139 s.connect(("svn.python.org", 443))
140 c = s.getpeercert()
141 if c:
Antoine Pitrou6ab7f002010-04-27 10:41:42 +0000[diff] [blame]142 self.fail("Peer cert %s shouldn't be here!")
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]143 s.close()
144
145 # this should fail because we have no verification certs
146 s = ssl.wrap_socket(socket.socket(socket.AF_INET),
147 cert_reqs=ssl.CERT_REQUIRED)
148 try:
149 s.connect(("svn.python.org", 443))
150 except ssl.SSLError:
151 pass
152 finally:
153 s.close()
154
155 # this should succeed because we specify the root cert
156 s = ssl.wrap_socket(socket.socket(socket.AF_INET),
157 cert_reqs=ssl.CERT_REQUIRED,
158 ca_certs=SVN_PYTHON_ORG_ROOT_CERT)
159 try:
160 s.connect(("svn.python.org", 443))
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]161 finally:
162 s.close()
163
Antoine Pitrou0753d942010-04-24 11:09:52 +0000[diff] [blame]164 def test_makefile_close(self):
165 # Issue #5238: creating a file-like object with makefile() shouldn't
166 # delay closing the underlying "real socket" (here tested with its
167 # file descriptor, hence skipping the test under Windows).
168 if os.name == "nt":
169 if test_support.verbose:
170 print "Skipped: can't use a socket as a file under Windows"
171 return
172 ss = ssl.wrap_socket(socket.socket(socket.AF_INET))
173 ss.connect(("svn.python.org", 443))
174 fd = ss.fileno()
175 f = ss.makefile()
176 f.close()
177 # The fd is still open
178 os.read(fd, 0)
179 # Closing the SSL socket should close the fd too
180 ss.close()
181 gc.collect()
182 try:
183 os.read(fd, 0)
184 except OSError, e:
185 self.assertEqual(e.errno, errno.EBADF)
186 else:
187 self.fail("OSError wasn't raised")
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]188
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]189 def test_non_blocking_handshake(self):
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]190 s = socket.socket(socket.AF_INET)
191 s.connect(("svn.python.org", 443))
192 s.setblocking(False)
193 s = ssl.wrap_socket(s,
194 cert_reqs=ssl.CERT_NONE,
195 do_handshake_on_connect=False)
196 count = 0
197 while True:
198 try:
199 count += 1
200 s.do_handshake()
201 break
202 except ssl.SSLError, err:
203 if err.args[0] == ssl.SSL_ERROR_WANT_READ:
204 select.select([s], [], [])
205 elif err.args[0] == ssl.SSL_ERROR_WANT_WRITE:
206 select.select([], [s], [])
207 else:
208 raise
209 s.close()
210 if test_support.verbose:
211 sys.stdout.write("\nNeeded %d calls to do_handshake() to establish session.\n" % count)
212
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]213 def test_get_server_certificate(self):
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]214 pem = ssl.get_server_certificate(("svn.python.org", 443))
215 if not pem:
Antoine Pitrou6ab7f002010-04-27 10:41:42 +0000[diff] [blame]216 self.fail("No server certificate on svn.python.org:443!")
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]217
218 try:
219 pem = ssl.get_server_certificate(("svn.python.org", 443), ca_certs=CERTFILE)
220 except ssl.SSLError:
221 #should fail
222 pass
223 else:
Antoine Pitrou6ab7f002010-04-27 10:41:42 +0000[diff] [blame]224 self.fail("Got server certificate %s for svn.python.org!" % pem)
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]225
226 pem = ssl.get_server_certificate(("svn.python.org", 443), ca_certs=SVN_PYTHON_ORG_ROOT_CERT)
227 if not pem:
Antoine Pitrou6ab7f002010-04-27 10:41:42 +0000[diff] [blame]228 self.fail("No server certificate on svn.python.org:443!")
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]229 if test_support.verbose:
230 sys.stdout.write("\nVerified certificate for svn.python.org:443 is\n%s\n" % pem)
231
Antoine Pitroub7c656f2010-04-22 18:42:58 +0000[diff] [blame]232 # Test disabled: OPENSSL_VERSION* not available in Python 2.6
Antoine Pitrou878602a2010-04-21 19:41:28 +0000[diff] [blame]233 def test_algorithms(self):
Antoine Pitroub7c656f2010-04-22 18:42:58 +0000[diff] [blame]234 if test_support.verbose:
235 sys.stdout.write("test_algorithms disabled, "
236 "as it fails on some old OpenSSL versions")
237 return
Antoine Pitrou878602a2010-04-21 19:41:28 +0000[diff] [blame]238 # Issue #8484: all algorithms should be available when verifying a
239 # certificate.
240 # NOTE: https://sha256.tbs-internet.com is another possible test host
241 remote = ("sha2.hboeck.de", 443)
242 sha256_cert = os.path.join(os.path.dirname(__file__), "sha256.pem")
243 s = ssl.wrap_socket(socket.socket(socket.AF_INET),
244 cert_reqs=ssl.CERT_REQUIRED,
245 ca_certs=sha256_cert,)
246 with test_support.transient_internet():
247 try:
248 s.connect(remote)
249 if test_support.verbose:
250 sys.stdout.write("\nCipher with %r is %r\n" %
251 (remote, s.cipher()))
252 sys.stdout.write("Certificate is:\n%s\n" %
253 pprint.pformat(s.getpeercert()))
254 finally:
255 s.close()
256
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]257
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]258try:
259 import threading
260except ImportError:
261 _have_threads = False
262else:
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]263 _have_threads = True
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]264
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]265 class ThreadedEchoServer(threading.Thread):
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]266
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]267 class ConnectionHandler(threading.Thread):
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]268
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]269 """A mildly complicated class, because we want it to work both
270 with and without the SSL wrapper around the socket connection, so
271 that we can test the STARTTLS functionality."""
272
273 def __init__(self, server, connsock):
274 self.server = server
275 self.running = False
276 self.sock = connsock
277 self.sock.setblocking(1)
278 self.sslconn = None
279 threading.Thread.__init__(self)
Benjamin Peterson26f52162008-08-18 18:39:57 +0000[diff] [blame]280 self.daemon = True
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]281
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]282 def show_conn_details(self):
283 if self.server.certreqs == ssl.CERT_REQUIRED:
284 cert = self.sslconn.getpeercert()
285 if test_support.verbose and self.server.chatty:
286 sys.stdout.write(" client cert is " + pprint.pformat(cert) + "\n")
287 cert_binary = self.sslconn.getpeercert(True)
288 if test_support.verbose and self.server.chatty:
289 sys.stdout.write(" cert binary is " + str(len(cert_binary)) + " bytes\n")
290 cipher = self.sslconn.cipher()
291 if test_support.verbose and self.server.chatty:
292 sys.stdout.write(" server: connection cipher is now " + str(cipher) + "\n")
293
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]294 def wrap_conn(self):
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]295 try:
296 self.sslconn = ssl.wrap_socket(self.sock, server_side=True,
297 certfile=self.server.certificate,
298 ssl_version=self.server.protocol,
299 ca_certs=self.server.cacerts,
300 cert_reqs=self.server.certreqs)
Antoine Pitrou6ab7f002010-04-27 10:41:42 +0000[diff] [blame]301 except ssl.SSLError:
302 # XXX Various errors can have happened here, for example
303 # a mismatching protocol version, an invalid certificate,
304 # or a low-level bug. This should be made more discriminating.
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]305 if self.server.chatty:
306 handle_error("\n server: bad connection attempt from " +
307 str(self.sock.getpeername()) + ":\n")
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]308 self.close()
Antoine Pitrou6ab7f002010-04-27 10:41:42 +0000[diff] [blame]309 self.running = False
310 self.server.stop()
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]311 return False
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]312 else:
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]313 return True
314
315 def read(self):
316 if self.sslconn:
317 return self.sslconn.read()
318 else:
319 return self.sock.recv(1024)
320
321 def write(self, bytes):
322 if self.sslconn:
323 return self.sslconn.write(bytes)
324 else:
325 return self.sock.send(bytes)
326
327 def close(self):
328 if self.sslconn:
329 self.sslconn.close()
330 else:
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]331 self.sock._sock.close()
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]332
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]333 def run(self):
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]334 self.running = True
335 if not self.server.starttls_server:
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]336 if isinstance(self.sock, ssl.SSLSocket):
337 self.sslconn = self.sock
338 elif not self.wrap_conn():
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]339 return
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]340 self.show_conn_details()
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]341 while self.running:
342 try:
343 msg = self.read()
344 if not msg:
345 # eof, so quit this handler
346 self.running = False
347 self.close()
348 elif msg.strip() == 'over':
349 if test_support.verbose and self.server.connectionchatty:
350 sys.stdout.write(" server: client closed connection\n")
351 self.close()
352 return
353 elif self.server.starttls_server and msg.strip() == 'STARTTLS':
354 if test_support.verbose and self.server.connectionchatty:
355 sys.stdout.write(" server: read STARTTLS from client, sending OK...\n")
356 self.write("OK\n")
357 if not self.wrap_conn():
358 return
Bill Janssen39295c22008-08-12 16:31:21 +0000[diff] [blame]359 elif self.server.starttls_server and self.sslconn and msg.strip() == 'ENDTLS':
360 if test_support.verbose and self.server.connectionchatty:
361 sys.stdout.write(" server: read ENDTLS from client, sending OK...\n")
362 self.write("OK\n")
363 self.sslconn.unwrap()
364 self.sslconn = None
365 if test_support.verbose and self.server.connectionchatty:
366 sys.stdout.write(" server: connection is now unencrypted...\n")
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]367 else:
368 if (test_support.verbose and
369 self.server.connectionchatty):
370 ctype = (self.sslconn and "encrypted") or "unencrypted"
371 sys.stdout.write(" server: read %s (%s), sending back %s (%s)...\n"
372 % (repr(msg), ctype, repr(msg.lower()), ctype))
373 self.write(msg.lower())
374 except ssl.SSLError:
375 if self.server.chatty:
376 handle_error("Test server failure:\n")
377 self.close()
378 self.running = False
379 # normally, we'd just stop here, but for the test
380 # harness, we want to stop the server
381 self.server.stop()
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]382
Trent Nelsone41b0062008-04-08 23:47:30 +0000[diff] [blame]383 def __init__(self, certificate, ssl_version=None,
Antoine Pitrou6ab7f002010-04-27 10:41:42 +0000[diff] [blame]384 certreqs=None, cacerts=None,
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]385 chatty=True, connectionchatty=False, starttls_server=False,
386 wrap_accepting_socket=False):
387
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]388 if ssl_version is None:
389 ssl_version = ssl.PROTOCOL_TLSv1
390 if certreqs is None:
391 certreqs = ssl.CERT_NONE
392 self.certificate = certificate
393 self.protocol = ssl_version
394 self.certreqs = certreqs
395 self.cacerts = cacerts
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]396 self.chatty = chatty
397 self.connectionchatty = connectionchatty
398 self.starttls_server = starttls_server
399 self.sock = socket.socket()
400 self.flag = None
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]401 if wrap_accepting_socket:
402 self.sock = ssl.wrap_socket(self.sock, server_side=True,
403 certfile=self.certificate,
404 cert_reqs = self.certreqs,
405 ca_certs = self.cacerts,
406 ssl_version = self.protocol)
407 if test_support.verbose and self.chatty:
408 sys.stdout.write(' server: wrapped server socket as %s\n' % str(self.sock))
409 self.port = test_support.bind_port(self.sock)
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]410 self.active = False
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]411 threading.Thread.__init__(self)
Benjamin Peterson26f52162008-08-18 18:39:57 +0000[diff] [blame]412 self.daemon = True
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]413
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]414 def start(self, flag=None):
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]415 self.flag = flag
416 threading.Thread.start(self)
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]417
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]418 def run(self):
Antoine Pitrou77a1c362010-04-27 09:54:14 +0000[diff] [blame]419 self.sock.settimeout(0.05)
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]420 self.sock.listen(5)
421 self.active = True
422 if self.flag:
423 # signal an event
424 self.flag.set()
425 while self.active:
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]426 try:
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]427 newconn, connaddr = self.sock.accept()
428 if test_support.verbose and self.chatty:
429 sys.stdout.write(' server: new connection from '
430 + str(connaddr) + '\n')
431 handler = self.ConnectionHandler(self, newconn)
432 handler.start()
433 except socket.timeout:
434 pass
435 except KeyboardInterrupt:
436 self.stop()
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]437 self.sock.close()
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]438
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]439 def stop(self):
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]440 self.active = False
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]441
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]442 class AsyncoreEchoServer(threading.Thread):
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]443
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]444 class EchoServer(asyncore.dispatcher):
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]445
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]446 class ConnectionHandler(asyncore.dispatcher_with_send):
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]447
448 def __init__(self, conn, certfile):
449 asyncore.dispatcher_with_send.__init__(self, conn)
450 self.socket = ssl.wrap_socket(conn, server_side=True,
451 certfile=certfile,
Antoine Pitrouc689d962010-04-24 20:13:37 +0000[diff] [blame]452 do_handshake_on_connect=False)
453 self._ssl_accepting = True
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]454
455 def readable(self):
456 if isinstance(self.socket, ssl.SSLSocket):
457 while self.socket.pending() > 0:
458 self.handle_read_event()
459 return True
460
Antoine Pitrouc689d962010-04-24 20:13:37 +0000[diff] [blame]461 def _do_ssl_handshake(self):
462 try:
463 self.socket.do_handshake()
464 except ssl.SSLError, err:
465 if err.args[0] in (ssl.SSL_ERROR_WANT_READ,
466 ssl.SSL_ERROR_WANT_WRITE):
467 return
468 elif err.args[0] == ssl.SSL_ERROR_EOF:
469 return self.handle_close()
470 raise
471 except socket.error, err:
472 if err.args[0] == errno.ECONNABORTED:
473 return self.handle_close()
474 else:
475 self._ssl_accepting = False
476
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]477 def handle_read(self):
Antoine Pitrouc689d962010-04-24 20:13:37 +0000[diff] [blame]478 if self._ssl_accepting:
479 self._do_ssl_handshake()
480 else:
481 data = self.recv(1024)
Antoine Pitrou6ab7f002010-04-27 10:41:42 +0000[diff] [blame]482 if data and data.strip() != 'over':
483 self.send(data.lower())
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]484
485 def handle_close(self):
Bill Janssende34d912008-06-28 23:00:39 +0000[diff] [blame]486 self.close()
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]487 if test_support.verbose:
488 sys.stdout.write(" server: closed connection %s\n" % self.socket)
489
490 def handle_error(self):
491 raise
492
493 def __init__(self, certfile):
494 self.certfile = certfile
495 asyncore.dispatcher.__init__(self)
496 self.create_socket(socket.AF_INET, socket.SOCK_STREAM)
497 self.port = test_support.bind_port(self.socket)
498 self.listen(5)
499
500 def handle_accept(self):
501 sock_obj, addr = self.accept()
502 if test_support.verbose:
503 sys.stdout.write(" server: new connection from %s:%s\n" %addr)
504 self.ConnectionHandler(sock_obj, self.certfile)
505
506 def handle_error(self):
507 raise
508
509 def __init__(self, certfile):
510 self.flag = None
511 self.active = False
512 self.server = self.EchoServer(certfile)
513 self.port = self.server.port
514 threading.Thread.__init__(self)
Benjamin Peterson26f52162008-08-18 18:39:57 +0000[diff] [blame]515 self.daemon = True
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]516
517 def __str__(self):
518 return "<%s %s>" % (self.__class__.__name__, self.server)
519
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]520 def start(self, flag=None):
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]521 self.flag = flag
522 threading.Thread.start(self)
523
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]524 def run(self):
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]525 self.active = True
526 if self.flag:
527 self.flag.set()
528 while self.active:
Antoine Pitrou6ab7f002010-04-27 10:41:42 +0000[diff] [blame]529 asyncore.loop(0.05)
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]530
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]531 def stop(self):
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]532 self.active = False
533 self.server.close()
534
535 class SocketServerHTTPSServer(threading.Thread):
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]536
537 class HTTPSServer(HTTPServer):
538
539 def __init__(self, server_address, RequestHandlerClass, certfile):
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]540 HTTPServer.__init__(self, server_address, RequestHandlerClass)
541 # we assume the certfile contains both private key and certificate
542 self.certfile = certfile
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]543 self.allow_reuse_address = True
544
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]545 def __str__(self):
546 return ('<%s %s:%s>' %
547 (self.__class__.__name__,
548 self.server_name,
549 self.server_port))
550
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]551 def get_request(self):
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]552 # override this to wrap socket with SSL
553 sock, addr = self.socket.accept()
554 sslconn = ssl.wrap_socket(sock, server_side=True,
555 certfile=self.certfile)
556 return sslconn, addr
557
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]558 class RootedHTTPRequestHandler(SimpleHTTPRequestHandler):
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]559 # need to override translate_path to get a known root,
560 # instead of using os.curdir, since the test could be
561 # run from anywhere
562
563 server_version = "TestHTTPS/1.0"
564
565 root = None
566
567 def translate_path(self, path):
568 """Translate a /-separated PATH to the local filename syntax.
569
570 Components that mean special things to the local file system
571 (e.g. drive or directory names) are ignored. (XXX They should
572 probably be diagnosed.)
573
574 """
575 # abandon query parameters
576 path = urlparse.urlparse(path)[2]
577 path = os.path.normpath(urllib.unquote(path))
578 words = path.split('/')
579 words = filter(None, words)
580 path = self.root
581 for word in words:
582 drive, word = os.path.splitdrive(word)
583 head, word = os.path.split(word)
584 if word in self.root: continue
585 path = os.path.join(path, word)
586 return path
587
588 def log_message(self, format, *args):
589
590 # we override this to suppress logging unless "verbose"
591
592 if test_support.verbose:
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]593 sys.stdout.write(" server (%s:%d %s):\n [%s] %s\n" %
594 (self.server.server_address,
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]595 self.server.server_port,
596 self.request.cipher(),
597 self.log_date_time_string(),
598 format%args))
599
600
Trent Nelsone41b0062008-04-08 23:47:30 +0000[diff] [blame]601 def __init__(self, certfile):
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]602 self.flag = None
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]603 self.RootedHTTPRequestHandler.root = os.path.split(CERTFILE)[0]
604 self.server = self.HTTPSServer(
Antoine Pitrou6535b312010-04-27 08:43:11 +0000[diff] [blame]605 (HOST, 0), self.RootedHTTPRequestHandler, certfile)
606 self.port = self.server.server_port
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]607 threading.Thread.__init__(self)
Benjamin Peterson26f52162008-08-18 18:39:57 +0000[diff] [blame]608 self.daemon = True
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]609
610 def __str__(self):
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]611 return "<%s %s>" % (self.__class__.__name__, self.server)
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]612
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]613 def start(self, flag=None):
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]614 self.flag = flag
615 threading.Thread.start(self)
616
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]617 def run(self):
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]618 if self.flag:
619 self.flag.set()
Antoine Pitrou77a1c362010-04-27 09:54:14 +0000[diff] [blame]620 self.server.serve_forever(0.05)
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]621
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]622 def stop(self):
Antoine Pitrou77a1c362010-04-27 09:54:14 +0000[diff] [blame]623 self.server.shutdown()
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]624
625
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]626 def bad_cert_test(certfile):
627 """
628 Launch a server with CERT_REQUIRED, and check that trying to
629 connect to it with the given client certificate fails.
630 """
Trent Nelsone41b0062008-04-08 23:47:30 +0000[diff] [blame]631 server = ThreadedEchoServer(CERTFILE,
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]632 certreqs=ssl.CERT_REQUIRED,
633 cacerts=CERTFILE, chatty=False)
634 flag = threading.Event()
635 server.start(flag)
636 # wait for it to start
637 flag.wait()
638 # try to connect
639 try:
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]640 try:
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]641 s = ssl.wrap_socket(socket.socket(),
642 certfile=certfile,
643 ssl_version=ssl.PROTOCOL_TLSv1)
Trent Nelsone41b0062008-04-08 23:47:30 +0000[diff] [blame]644 s.connect((HOST, server.port))
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]645 except ssl.SSLError, x:
Neal Norwitz9eb9b102007-08-27 01:15:33 +0000[diff] [blame]646 if test_support.verbose:
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]647 sys.stdout.write("\nSSLError is %s\n" % x[1])
Antoine Pitrou94d6fba2010-04-27 13:14:50 +0000[diff] [blame]648 except socket.error, x:
649 if test_support.verbose:
650 sys.stdout.write("\nsocket.error is %s\n" % x[1])
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]651 else:
Antoine Pitrou6ab7f002010-04-27 10:41:42 +0000[diff] [blame]652 self.fail("Use of invalid cert should have failed!")
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]653 finally:
654 server.stop()
655 server.join()
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]656
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]657 def server_params_test(certfile, protocol, certreqs, cacertsfile,
658 client_certfile, client_protocol=None, indata="FOO\n",
659 chatty=True, connectionchatty=False,
660 wrap_accepting_socket=False):
661 """
662 Launch a server, connect a client to it and try various reads
663 and writes.
664 """
Trent Nelsone41b0062008-04-08 23:47:30 +0000[diff] [blame]665 server = ThreadedEchoServer(certfile,
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]666 certreqs=certreqs,
667 ssl_version=protocol,
668 cacerts=cacertsfile,
669 chatty=chatty,
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]670 connectionchatty=connectionchatty,
671 wrap_accepting_socket=wrap_accepting_socket)
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]672 flag = threading.Event()
673 server.start(flag)
674 # wait for it to start
675 flag.wait()
676 # try to connect
677 if client_protocol is None:
678 client_protocol = protocol
679 try:
Antoine Pitrou6ab7f002010-04-27 10:41:42 +0000[diff] [blame]680 s = ssl.wrap_socket(socket.socket(),
681 certfile=client_certfile,
682 ca_certs=cacertsfile,
683 cert_reqs=certreqs,
684 ssl_version=client_protocol)
685 s.connect((HOST, server.port))
686 if connectionchatty:
687 if test_support.verbose:
688 sys.stdout.write(
689 " client: sending %s...\n" % (repr(indata)))
690 s.write(indata)
691 outdata = s.read()
692 if connectionchatty:
693 if test_support.verbose:
694 sys.stdout.write(" client: read %s\n" % repr(outdata))
695 if outdata != indata.lower():
696 self.fail(
697 "bad data <<%s>> (%d) received; expected <<%s>> (%d)\n"
698 % (outdata[:min(len(outdata),20)], len(outdata),
699 indata[:min(len(indata),20)].lower(), len(indata)))
700 s.write("over\n")
701 if connectionchatty:
702 if test_support.verbose:
703 sys.stdout.write(" client: closing connection.\n")
704 s.close()
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]705 finally:
706 server.stop()
707 server.join()
708
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]709 def try_protocol_combo(server_protocol,
710 client_protocol,
711 expect_success,
712 certsreqs=None):
Benjamin Peterson5b63acd2008-03-29 15:24:25 +0000[diff] [blame]713 if certsreqs is None:
Bill Janssene3f1d7d2007-09-11 01:09:19 +0000[diff] [blame]714 certsreqs = ssl.CERT_NONE
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]715 certtype = {
716 ssl.CERT_NONE: "CERT_NONE",
717 ssl.CERT_OPTIONAL: "CERT_OPTIONAL",
718 ssl.CERT_REQUIRED: "CERT_REQUIRED",
719 }[certsreqs]
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]720 if test_support.verbose:
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]721 formatstr = (expect_success and " %s->%s %s\n") or " {%s->%s} %s\n"
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]722 sys.stdout.write(formatstr %
723 (ssl.get_protocol_name(client_protocol),
724 ssl.get_protocol_name(server_protocol),
725 certtype))
726 try:
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]727 server_params_test(CERTFILE, server_protocol, certsreqs,
728 CERTFILE, CERTFILE, client_protocol,
729 chatty=False)
Antoine Pitrou6ab7f002010-04-27 10:41:42 +0000[diff] [blame]730 # Protocol mismatch can result in either an SSLError, or a
731 # "Connection reset by peer" error.
732 except ssl.SSLError:
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]733 if expect_success:
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]734 raise
Antoine Pitrou6ab7f002010-04-27 10:41:42 +0000[diff] [blame]735 except socket.error as e:
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]736 if expect_success or e.errno != errno.ECONNRESET:
Antoine Pitrou6ab7f002010-04-27 10:41:42 +0000[diff] [blame]737 raise
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]738 else:
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]739 if not expect_success:
Antoine Pitrou6ab7f002010-04-27 10:41:42 +0000[diff] [blame]740 self.fail(
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]741 "Client protocol %s succeeded with server protocol %s!"
742 % (ssl.get_protocol_name(client_protocol),
743 ssl.get_protocol_name(server_protocol)))
744
745
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]746 class ThreadedTests(unittest.TestCase):
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]747
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]748 def test_rude_shutdown(self):
749 """A brutal shutdown of an SSL server should raise an IOError
750 in the client when attempting handshake.
751 """
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]752 listener_ready = threading.Event()
753 listener_gone = threading.Event()
754
Antoine Pitrou6535b312010-04-27 08:43:11 +0000[diff] [blame]755 s = socket.socket()
756 port = test_support.bind_port(s, HOST)
757
758 # `listener` runs in a thread. It sits in an accept() until
759 # the main thread connects. Then it rudely closes the socket,
760 # and sets Event `listener_gone` to let the main thread know
761 # the socket is gone.
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]762 def listener():
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]763 s.listen(5)
764 listener_ready.set()
765 s.accept()
Antoine Pitrou6535b312010-04-27 08:43:11 +0000[diff] [blame]766 s.close()
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]767 listener_gone.set()
768
769 def connector():
770 listener_ready.wait()
Antoine Pitrou6535b312010-04-27 08:43:11 +0000[diff] [blame]771 c = socket.socket()
772 c.connect((HOST, port))
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]773 listener_gone.wait()
774 try:
Antoine Pitrou6535b312010-04-27 08:43:11 +0000[diff] [blame]775 ssl_sock = ssl.wrap_socket(c)
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]776 except IOError:
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]777 pass
778 else:
Antoine Pitrou6ab7f002010-04-27 10:41:42 +0000[diff] [blame]779 self.fail('connecting to closed SSL socket should have failed')
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]780
781 t = threading.Thread(target=listener)
782 t.start()
Antoine Pitrou6535b312010-04-27 08:43:11 +0000[diff] [blame]783 try:
784 connector()
785 finally:
786 t.join()
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]787
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]788 def test_echo(self):
789 """Basic test of an SSL client connecting to a server"""
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]790 if test_support.verbose:
791 sys.stdout.write("\n")
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]792 server_params_test(CERTFILE, ssl.PROTOCOL_TLSv1, ssl.CERT_NONE,
793 CERTFILE, CERTFILE, ssl.PROTOCOL_TLSv1,
794 chatty=True, connectionchatty=True)
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]795
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]796 def test_getpeercert(self):
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]797 if test_support.verbose:
798 sys.stdout.write("\n")
799 s2 = socket.socket()
Trent Nelsone41b0062008-04-08 23:47:30 +0000[diff] [blame]800 server = ThreadedEchoServer(CERTFILE,
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]801 certreqs=ssl.CERT_NONE,
802 ssl_version=ssl.PROTOCOL_SSLv23,
803 cacerts=CERTFILE,
804 chatty=False)
805 flag = threading.Event()
806 server.start(flag)
807 # wait for it to start
808 flag.wait()
809 # try to connect
810 try:
Antoine Pitrou6ab7f002010-04-27 10:41:42 +0000[diff] [blame]811 s = ssl.wrap_socket(socket.socket(),
812 certfile=CERTFILE,
813 ca_certs=CERTFILE,
814 cert_reqs=ssl.CERT_REQUIRED,
815 ssl_version=ssl.PROTOCOL_SSLv23)
816 s.connect((HOST, server.port))
817 cert = s.getpeercert()
818 self.assertTrue(cert, "Can't get peer certificate.")
819 cipher = s.cipher()
820 if test_support.verbose:
821 sys.stdout.write(pprint.pformat(cert) + '\n')
822 sys.stdout.write("Connection cipher is " + str(cipher) + '.\n')
823 if 'subject' not in cert:
824 self.fail("No subject field in certificate: %s." %
825 pprint.pformat(cert))
826 if ((('organizationName', 'Python Software Foundation'),)
827 not in cert['subject']):
828 self.fail(
829 "Missing or invalid 'organizationName' field in certificate subject; "
830 "should be 'Python Software Foundation'.")
831 s.close()
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]832 finally:
833 server.stop()
834 server.join()
835
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]836 def test_empty_cert(self):
837 """Connecting with an empty cert file"""
838 bad_cert_test(os.path.join(os.path.dirname(__file__) or os.curdir,
839 "nullcert.pem"))
840 def test_malformed_cert(self):
841 """Connecting with a badly formatted certificate (syntax error)"""
842 bad_cert_test(os.path.join(os.path.dirname(__file__) or os.curdir,
843 "badcert.pem"))
844 def test_nonexisting_cert(self):
845 """Connecting with a non-existing cert file"""
846 bad_cert_test(os.path.join(os.path.dirname(__file__) or os.curdir,
847 "wrongcert.pem"))
848 def test_malformed_key(self):
849 """Connecting with a badly formatted key (syntax error)"""
850 bad_cert_test(os.path.join(os.path.dirname(__file__) or os.curdir,
851 "badkey.pem"))
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]852
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]853 def test_protocol_sslv2(self):
854 """Connecting to an SSLv2 server with various client options"""
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]855 if test_support.verbose:
856 sys.stdout.write("\n")
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]857 try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True)
858 try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_OPTIONAL)
859 try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_REQUIRED)
860 try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv23, True)
861 try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv3, False)
862 try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLSv1, False)
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]863
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]864 def test_protocol_sslv23(self):
865 """Connecting to an SSLv23 server with various client options"""
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]866 if test_support.verbose:
867 sys.stdout.write("\n")
868 try:
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]869 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv2, True)
Antoine Pitrou94d6fba2010-04-27 13:14:50 +0000[diff] [blame]870 except (ssl.SSLError, socket.error), x:
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]871 # this fails on some older versions of OpenSSL (0.9.7l, for instance)
872 if test_support.verbose:
873 sys.stdout.write(
874 " SSL2 client to SSL23 server test unexpectedly failed:\n %s\n"
875 % str(x))
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]876 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True)
877 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True)
878 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True)
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]879
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]880 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True, ssl.CERT_OPTIONAL)
881 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True, ssl.CERT_OPTIONAL)
882 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True, ssl.CERT_OPTIONAL)
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]883
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]884 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True, ssl.CERT_REQUIRED)
885 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True, ssl.CERT_REQUIRED)
886 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True, ssl.CERT_REQUIRED)
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]887
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]888 def test_protocol_sslv3(self):
889 """Connecting to an SSLv3 server with various client options"""
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]890 if test_support.verbose:
891 sys.stdout.write("\n")
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]892 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, True)
893 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, True, ssl.CERT_OPTIONAL)
894 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, True, ssl.CERT_REQUIRED)
895 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv2, False)
896 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv23, False)
897 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_TLSv1, False)
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]898
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]899 def test_protocol_tlsv1(self):
900 """Connecting to a TLSv1 server with various client options"""
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]901 if test_support.verbose:
902 sys.stdout.write("\n")
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]903 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, True)
904 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, True, ssl.CERT_OPTIONAL)
905 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, True, ssl.CERT_REQUIRED)
906 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv2, False)
907 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv3, False)
908 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv23, False)
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]909
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]910 def test_starttls(self):
911 """Switching from clear text to encrypted and back again."""
Bill Janssen39295c22008-08-12 16:31:21 +0000[diff] [blame]912 msgs = ("msg 1", "MSG 2", "STARTTLS", "MSG 3", "msg 4", "ENDTLS", "msg 5", "msg 6")
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]913
Trent Nelsone41b0062008-04-08 23:47:30 +0000[diff] [blame]914 server = ThreadedEchoServer(CERTFILE,
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]915 ssl_version=ssl.PROTOCOL_TLSv1,
916 starttls_server=True,
917 chatty=True,
918 connectionchatty=True)
919 flag = threading.Event()
920 server.start(flag)
921 # wait for it to start
922 flag.wait()
923 # try to connect
924 wrapped = False
925 try:
Antoine Pitrou6ab7f002010-04-27 10:41:42 +0000[diff] [blame]926 s = socket.socket()
927 s.setblocking(1)
928 s.connect((HOST, server.port))
929 if test_support.verbose:
930 sys.stdout.write("\n")
931 for indata in msgs:
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]932 if test_support.verbose:
Antoine Pitrou6ab7f002010-04-27 10:41:42 +0000[diff] [blame]933 sys.stdout.write(
934 " client: sending %s...\n" % repr(indata))
935 if wrapped:
936 conn.write(indata)
937 outdata = conn.read()
938 else:
939 s.send(indata)
940 outdata = s.recv(1024)
941 if (indata == "STARTTLS" and
942 outdata.strip().lower().startswith("ok")):
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]943 # STARTTLS ok, switch to secure mode
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]944 if test_support.verbose:
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]945 sys.stdout.write(
Antoine Pitrou6ab7f002010-04-27 10:41:42 +0000[diff] [blame]946 " client: read %s from server, starting TLS...\n"
947 % repr(outdata))
948 conn = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_TLSv1)
949 wrapped = True
950 elif (indata == "ENDTLS" and
951 outdata.strip().lower().startswith("ok")):
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]952 # ENDTLS ok, switch back to clear text
Antoine Pitrou6ab7f002010-04-27 10:41:42 +0000[diff] [blame]953 if test_support.verbose:
954 sys.stdout.write(
955 " client: read %s from server, ending TLS...\n"
956 % repr(outdata))
957 s = conn.unwrap()
958 wrapped = False
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]959 else:
Antoine Pitrou6ab7f002010-04-27 10:41:42 +0000[diff] [blame]960 if test_support.verbose:
961 sys.stdout.write(
962 " client: read %s from server\n" % repr(outdata))
963 if test_support.verbose:
964 sys.stdout.write(" client: closing connection.\n")
965 if wrapped:
966 conn.write("over\n")
967 else:
968 s.send("over\n")
969 s.close()
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]970 finally:
971 server.stop()
972 server.join()
973
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]974 def test_socketserver(self):
975 """Using a SocketServer to create and manage SSL connections."""
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]976 server = SocketServerHTTPSServer(CERTFILE)
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]977 flag = threading.Event()
978 server.start(flag)
979 # wait for it to start
980 flag.wait()
981 # try to connect
982 try:
983 if test_support.verbose:
984 sys.stdout.write('\n')
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]985 with open(CERTFILE, 'rb') as f:
986 d1 = f.read()
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]987 d2 = ''
988 # now fetch the same data from the HTTPS server
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]989 url = 'https://127.0.0.1:%d/%s' % (
990 server.port, os.path.split(CERTFILE)[1])
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]991 f = urllib.urlopen(url)
992 dlen = f.info().getheader("content-length")
993 if dlen and (int(dlen) > 0):
994 d2 = f.read(int(dlen))
995 if test_support.verbose:
996 sys.stdout.write(
997 " client: read %d bytes from remote server '%s'\n"
998 % (len(d2), server))
999 f.close()
Antoine Pitrou6ab7f002010-04-27 10:41:42 +0000[diff] [blame]1000 self.assertEqual(d1, d2)
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]1001 finally:
1002 server.stop()
1003 server.join()
Neal Norwitz7fc8e292007-08-26 18:50:39 +0000[diff] [blame]1004
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]1005 def test_wrapped_accept(self):
1006 """Check the accept() method on SSL sockets."""
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]1007 if test_support.verbose:
1008 sys.stdout.write("\n")
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]1009 server_params_test(CERTFILE, ssl.PROTOCOL_SSLv23, ssl.CERT_REQUIRED,
1010 CERTFILE, CERTFILE, ssl.PROTOCOL_SSLv23,
1011 chatty=True, connectionchatty=True,
1012 wrap_accepting_socket=True)
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]1013
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]1014 def test_asyncore_server(self):
1015 """Check the example asyncore integration."""
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]1016 indata = "TEST MESSAGE of mixed case\n"
1017
1018 if test_support.verbose:
1019 sys.stdout.write("\n")
1020 server = AsyncoreEchoServer(CERTFILE)
1021 flag = threading.Event()
1022 server.start(flag)
1023 # wait for it to start
1024 flag.wait()
1025 # try to connect
1026 try:
Antoine Pitrou6ab7f002010-04-27 10:41:42 +0000[diff] [blame]1027 s = ssl.wrap_socket(socket.socket())
1028 s.connect(('127.0.0.1', server.port))
1029 if test_support.verbose:
1030 sys.stdout.write(
1031 " client: sending %s...\n" % (repr(indata)))
1032 s.write(indata)
1033 outdata = s.read()
1034 if test_support.verbose:
1035 sys.stdout.write(" client: read %s\n" % repr(outdata))
1036 if outdata != indata.lower():
1037 self.fail(
1038 "bad data <<%s>> (%d) received; expected <<%s>> (%d)\n"
1039 % (outdata[:min(len(outdata),20)], len(outdata),
1040 indata[:min(len(indata),20)].lower(), len(indata)))
1041 s.write("over\n")
1042 if test_support.verbose:
1043 sys.stdout.write(" client: closing connection.\n")
1044 s.close()
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]1045 finally:
1046 server.stop()
1047 # wait for server thread to end
1048 server.join()
1049
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]1050 def test_recv_send(self):
1051 """Test recv(), send() and friends."""
Bill Janssen61c001a2008-09-08 16:37:24 +0000[diff] [blame]1052 if test_support.verbose:
1053 sys.stdout.write("\n")
1054
1055 server = ThreadedEchoServer(CERTFILE,
1056 certreqs=ssl.CERT_NONE,
1057 ssl_version=ssl.PROTOCOL_TLSv1,
1058 cacerts=CERTFILE,
1059 chatty=True,
1060 connectionchatty=False)
1061 flag = threading.Event()
1062 server.start(flag)
1063 # wait for it to start
1064 flag.wait()
1065 # try to connect
Antoine Pitrou6ab7f002010-04-27 10:41:42 +0000[diff] [blame]1066 s = ssl.wrap_socket(socket.socket(),
1067 server_side=False,
1068 certfile=CERTFILE,
1069 ca_certs=CERTFILE,
1070 cert_reqs=ssl.CERT_NONE,
1071 ssl_version=ssl.PROTOCOL_TLSv1)
1072 s.connect((HOST, server.port))
Bill Janssen61c001a2008-09-08 16:37:24 +0000[diff] [blame]1073 try:
Bill Janssen61c001a2008-09-08 16:37:24 +0000[diff] [blame]1074 # helper methods for standardising recv* method signatures
1075 def _recv_into():
1076 b = bytearray("\0"*100)
1077 count = s.recv_into(b)
1078 return b[:count]
1079
1080 def _recvfrom_into():
1081 b = bytearray("\0"*100)
1082 count, addr = s.recvfrom_into(b)
1083 return b[:count]
1084
1085 # (name, method, whether to expect success, *args)
1086 send_methods = [
1087 ('send', s.send, True, []),
1088 ('sendto', s.sendto, False, ["some.address"]),
1089 ('sendall', s.sendall, True, []),
1090 ]
1091 recv_methods = [
1092 ('recv', s.recv, True, []),
1093 ('recvfrom', s.recvfrom, False, ["some.address"]),
1094 ('recv_into', _recv_into, True, []),
1095 ('recvfrom_into', _recvfrom_into, False, []),
1096 ]
1097 data_prefix = u"PREFIX_"
1098
1099 for meth_name, send_meth, expect_success, args in send_methods:
1100 indata = data_prefix + meth_name
1101 try:
1102 send_meth(indata.encode('ASCII', 'strict'), *args)
1103 outdata = s.read()
1104 outdata = outdata.decode('ASCII', 'strict')
1105 if outdata != indata.lower():
1106 raise support.TestFailed(
1107 "While sending with <<%s>> bad data "
1108 "<<%r>> (%d) received; "
1109 "expected <<%r>> (%d)\n" % (
1110 meth_name, outdata[:20], len(outdata),
1111 indata[:20], len(indata)
1112 )
1113 )
1114 except ValueError as e:
1115 if expect_success:
1116 raise support.TestFailed(
1117 "Failed to send with method <<%s>>; "
1118 "expected to succeed.\n" % (meth_name,)
1119 )
1120 if not str(e).startswith(meth_name):
1121 raise support.TestFailed(
1122 "Method <<%s>> failed with unexpected "
1123 "exception message: %s\n" % (
1124 meth_name, e
1125 )
1126 )
1127
1128 for meth_name, recv_meth, expect_success, args in recv_methods:
1129 indata = data_prefix + meth_name
1130 try:
1131 s.send(indata.encode('ASCII', 'strict'))
1132 outdata = recv_meth(*args)
1133 outdata = outdata.decode('ASCII', 'strict')
1134 if outdata != indata.lower():
1135 raise support.TestFailed(
1136 "While receiving with <<%s>> bad data "
1137 "<<%r>> (%d) received; "
1138 "expected <<%r>> (%d)\n" % (
1139 meth_name, outdata[:20], len(outdata),
1140 indata[:20], len(indata)
1141 )
1142 )
1143 except ValueError as e:
1144 if expect_success:
1145 raise support.TestFailed(
1146 "Failed to receive with method <<%s>>; "
1147 "expected to succeed.\n" % (meth_name,)
1148 )
1149 if not str(e).startswith(meth_name):
1150 raise support.TestFailed(
1151 "Method <<%s>> failed with unexpected "
1152 "exception message: %s\n" % (
1153 meth_name, e
1154 )
1155 )
1156 # consume data
1157 s.read()
1158
1159 s.write("over\n".encode("ASCII", "strict"))
1160 s.close()
1161 finally:
1162 server.stop()
1163 server.join()
1164
Antoine Pitrouc689d962010-04-24 20:13:37 +0000[diff] [blame]1165 def test_handshake_timeout(self):
1166 # Issue #5103: SSL handshake must respect the socket timeout
1167 server = socket.socket(socket.AF_INET)
1168 host = "127.0.0.1"
1169 port = test_support.bind_port(server)
1170 started = threading.Event()
1171 finish = False
1172
1173 def serve():
1174 server.listen(5)
1175 started.set()
1176 conns = []
1177 while not finish:
1178 r, w, e = select.select([server], [], [], 0.1)
1179 if server in r:
1180 # Let the socket hang around rather than having
1181 # it closed by garbage collection.
1182 conns.append(server.accept()[0])
1183
1184 t = threading.Thread(target=serve)
1185 t.start()
1186 started.wait()
1187
1188 try:
1189 try:
1190 c = socket.socket(socket.AF_INET)
1191 c.settimeout(0.2)
1192 c.connect((host, port))
1193 # Will attempt handshake and time out
1194 try:
1195 ssl.wrap_socket(c)
1196 except ssl.SSLError, e:
1197 self.assertTrue("timed out" in str(e), str(e))
1198 else:
1199 self.fail("SSLError wasn't raised")
1200 finally:
1201 c.close()
1202 try:
1203 c = socket.socket(socket.AF_INET)
1204 c.settimeout(0.2)
1205 c = ssl.wrap_socket(c)
1206 # Will attempt handshake and time out
1207 try:
1208 c.connect((host, port))
1209 except ssl.SSLError, e:
1210 self.assertTrue("timed out" in str(e), str(e))
1211 else:
1212 self.fail("SSLError wasn't raised")
1213 finally:
1214 c.close()
1215 finally:
1216 finish = True
1217 t.join()
1218 server.close()
1219
Bill Janssen61c001a2008-09-08 16:37:24 +0000[diff] [blame]1220
Neal Norwitz9eb9b102007-08-27 01:15:33 +0000[diff] [blame]1221def test_main(verbose=False):
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]1222 if skip_expected:
Bill Janssenffe576d2007-09-05 00:46:27 +0000[diff] [blame]1223 raise test_support.TestSkipped("No SSL support")
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]1224
Trent Nelsone41b0062008-04-08 23:47:30 +0000[diff] [blame]1225 global CERTFILE, SVN_PYTHON_ORG_ROOT_CERT
Guido van Rossumba8c5652007-08-27 17:19:42 +0000[diff] [blame]1226 CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir,
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]1227 "keycert.pem")
1228 SVN_PYTHON_ORG_ROOT_CERT = os.path.join(
1229 os.path.dirname(__file__) or os.curdir,
1230 "https_svn_python_org_root.pem")
1231
1232 if (not os.path.exists(CERTFILE) or
1233 not os.path.exists(SVN_PYTHON_ORG_ROOT_CERT)):
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]1234 raise test_support.TestFailed("Can't read certificate files!")
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]1235
1236 tests = [BasicTests]
1237
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]1238 if test_support.is_resource_enabled('network'):
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]1239 tests.append(NetworkedTests)
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]1240
Bill Janssen98d19da2007-09-10 21:51:02 +0000[diff] [blame]1241 if _have_threads:
1242 thread_info = test_support.threading_setup()
Bill Janssen296a59d2007-09-16 22:06:00 +0000[diff] [blame]1243 if thread_info and test_support.is_resource_enabled('network'):
Bill Janssen934b16d2008-06-28 22:19:33 +0000[diff] [blame]1244 tests.append(ThreadedTests)
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]1245
Antoine Pitroud2867642010-04-28 21:12:43 +0000[diff] [blame^]1246 try:
1247 test_support.run_unittest(*tests)
1248 finally:
1249 if _have_threads:
1250 test_support.threading_cleanup(*thread_info)
Guido van Rossum4f2c3dd2007-08-25 15:08:43 +0000[diff] [blame]1251
1252if __name__ == "__main__":
1253 test_main()