commit 416f4a1d5cfd3c76736ebd68f33c4f76af27568b
author Fedor Brunner <fedor.brunner@azet.sk> Fri Mar 28 13:18:38 2014 +0100
committer Fedor Brunner <fedor.brunner@azet.sk> Fri Mar 28 13:18:38 2014 +0100
tree 40322a66f62148cc6d1f5cea8ed46db73390d202
parent 5747b93d4c6eee7551fcff5e879c3e281f052036

Added dependency for cryptography>=0.3.
Test split into multiple methods.
Added changelog entry.

If you use these methods to
implement TLS channel binding (RFC 5929) disable session
resumption because triple handshake attacks against TLS.
https://www.ietf.org/mail-archive/web/tls/current/msg11337.html
https://secure-resumption.com/tlsauth.pdf

OpenSSL/test/test_ssl.py

diff --git a/OpenSSL/test/test_ssl.py b/OpenSSL/test/test_ssl.py
index 8861972..5af8d86 100644
--- a/OpenSSL/test/test_ssl.py
+++ b/OpenSSL/test/test_ssl.py
@@ -1932,25 +1932,61 @@
 
     # XXX want_read
 
-    def test_finished(self):
+    def test_get_finished_before_connect(self):
         """
-        :py:obj:`Connection.get_finished` and :py:obj:`Connection.get_peer_finished`
-        methods return the TLS Finished messages. Finished messages are send
-        during TLS handshake. Before handshake :py:obj:`Connection.get_finished` and
-        :py:obj:`Connection.get_peer_finished` return None.
+        :py:obj:`Connection.get_finished` returns  :py:obj:`None`
+            before TLS handshake is completed.
         """
 
         ctx = Context(TLSv1_METHOD)
         connection = Connection(ctx, None)
         self.assertEqual(connection.get_finished(), None)
+
+    def test_get_peer_finished_before_connect(self):
+        """
+        :py:obj:`Connection.get_peer_finished` returns  :py:obj:`None`
+            before TLS handshake is completed.
+        """
+
+        ctx = Context(TLSv1_METHOD)
+        connection = Connection(ctx, None)
         self.assertEqual(connection.get_peer_finished(), None)
 
+    def test_get_finished(self):
+        """
+        :py:obj:`Connection.get_finished` method returns the TLS Finished
+            message send from client, or server. Finished messages are send
+            during TLS handshake.
+        """
+
         server, client = self._loopback()
 
         self.assertNotEqual(server.get_finished(), None)
         self.assertTrue(len(server.get_finished()) > 0)
+
+    def test_get_peer_finished(self):
+        """
+        :py:obj:`Connection.get_peer_finished` method returns the TLS Finished
+            message received from client, or server. Finished messages are send
+            during TLS handshake.
+        """
+
+        server, client = self._loopback()
+
+        self.assertNotEqual(server.get_peer_finished(), None)
         self.assertTrue(len(server.get_peer_finished()) > 0)
 
+    def test_tls_finished_message_symmetry(self):
+        """
+        The TLS Finished message send by server muss be the TLS Finished message
+        received by client.
+
+        The TLS Finished message send by client muss be the TLS Finished message
+        received by server.
+        """
+
+        server, client = self._loopback()
+
         self.assertEqual(server.get_finished(), client.get_peer_finished())
         self.assertEqual(client.get_finished(), server.get_peer_finished())