use SSLv23_METHOD so we get "best TLS" in most tests. (#931)
diff --git a/tests/test_ssl.py b/tests/test_ssl.py
index 0b1f3ba..daaafae 100644
--- a/tests/test_ssl.py
+++ b/tests/test_ssl.py
@@ -464,9 +464,9 @@
@pytest.fixture
def context():
"""
- A simple TLS 1.0 context.
+ A simple "best TLS you can get" context. TLS 1.2+ in any reasonable OpenSSL
"""
- return Context(TLSv1_METHOD)
+ return Context(SSLv23_METHOD)
class TestContext(object):
@@ -598,7 +598,7 @@
"""
key = PKey()
key.generate_key(TYPE_RSA, 1024)
- ctx = Context(TLSv1_METHOD)
+ ctx = Context(SSLv23_METHOD)
ctx.use_privatekey(key)
with pytest.raises(TypeError):
ctx.use_privatekey("")
@@ -608,7 +608,7 @@
`Context.use_privatekey_file` raises `OpenSSL.SSL.Error` when passed
the name of a file which does not exist.
"""
- ctx = Context(TLSv1_METHOD)
+ ctx = Context(SSLv23_METHOD)
with pytest.raises(Error):
ctx.use_privatekey_file(tmpfile)
@@ -623,7 +623,7 @@
with open(pemfile, "wt") as pem:
pem.write(dump_privatekey(FILETYPE_PEM, key).decode("ascii"))
- ctx = Context(TLSv1_METHOD)
+ ctx = Context(SSLv23_METHOD)
ctx.use_privatekey_file(pemfile, filetype)
@pytest.mark.parametrize("filetype", [object(), "", None, 1.0])
@@ -632,7 +632,7 @@
`Context.use_privatekey_file` raises `TypeError` when called with
a `filetype` which is not a valid file encoding.
"""
- ctx = Context(TLSv1_METHOD)
+ ctx = Context(SSLv23_METHOD)
with pytest.raises(TypeError):
ctx.use_privatekey_file(tmpfile, filetype)
@@ -659,7 +659,7 @@
`Context.use_certificate_wrong_args` raises `TypeError` when not passed
exactly one `OpenSSL.crypto.X509` instance as an argument.
"""
- ctx = Context(TLSv1_METHOD)
+ ctx = Context(SSLv23_METHOD)
with pytest.raises(TypeError):
ctx.use_certificate("hello, world")
@@ -669,7 +669,7 @@
`OpenSSL.crypto.X509` instance which has not been initialized
(ie, which does not actually have any certificate data).
"""
- ctx = Context(TLSv1_METHOD)
+ ctx = Context(SSLv23_METHOD)
with pytest.raises(Error):
ctx.use_certificate(X509())
@@ -682,7 +682,7 @@
# Hard to assert anything. But we could set a privatekey then ask
# OpenSSL if the cert and key agree using check_privatekey. Then as
# long as check_privatekey works right we're good...
- ctx = Context(TLSv1_METHOD)
+ ctx = Context(SSLv23_METHOD)
ctx.use_certificate(load_certificate(FILETYPE_PEM, root_cert_pem))
def test_use_certificate_file_wrong_args(self):
@@ -690,7 +690,7 @@
`Context.use_certificate_file` raises `TypeError` if the first
argument is not a byte string or the second argument is not an integer.
"""
- ctx = Context(TLSv1_METHOD)
+ ctx = Context(SSLv23_METHOD)
with pytest.raises(TypeError):
ctx.use_certificate_file(object(), FILETYPE_PEM)
with pytest.raises(TypeError):
@@ -703,7 +703,7 @@
`Context.use_certificate_file` raises `OpenSSL.SSL.Error` if passed
the name of a file which does not exist.
"""
- ctx = Context(TLSv1_METHOD)
+ ctx = Context(SSLv23_METHOD)
with pytest.raises(Error):
ctx.use_certificate_file(tmpfile)
@@ -719,7 +719,7 @@
with open(certificate_file, "wb") as pem_file:
pem_file.write(root_cert_pem)
- ctx = Context(TLSv1_METHOD)
+ ctx = Context(SSLv23_METHOD)
ctx.use_certificate_file(certificate_file)
def test_use_certificate_file_bytes(self, tmpfile):
@@ -747,7 +747,7 @@
"""
key = load_privatekey(FILETYPE_PEM, client_key_pem)
cert = load_certificate(FILETYPE_PEM, client_cert_pem)
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
context.use_privatekey(key)
context.use_certificate(cert)
assert None is context.check_privatekey()
@@ -760,7 +760,7 @@
"""
key = load_privatekey(FILETYPE_PEM, client_key_pem)
cert = load_certificate(FILETYPE_PEM, server_cert_pem)
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
context.use_privatekey(key)
context.use_certificate(cert)
with pytest.raises(Error):
@@ -772,7 +772,7 @@
using `Context.get_app_data`.
"""
app_data = object()
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
context.set_app_data(app_data)
assert context.get_app_data() is app_data
@@ -781,7 +781,7 @@
`Context.set_options` raises `TypeError` if called with
a non-`int` argument.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
with pytest.raises(TypeError):
context.set_options(None)
@@ -789,7 +789,7 @@
"""
`Context.set_options` returns the new options value.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
options = context.set_options(OP_NO_SSLv2)
assert options & OP_NO_SSLv2 == OP_NO_SSLv2
@@ -798,7 +798,7 @@
`Context.set_mode` raises `TypeError` if called with
a non-`int` argument.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
with pytest.raises(TypeError):
context.set_mode(None)
@@ -807,7 +807,7 @@
`Context.set_mode` accepts a mode bitvector and returns the
newly set mode.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
assert MODE_RELEASE_BUFFERS & context.set_mode(MODE_RELEASE_BUFFERS)
def test_set_timeout_wrong_args(self):
@@ -815,7 +815,7 @@
`Context.set_timeout` raises `TypeError` if called with
a non-`int` argument.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
with pytest.raises(TypeError):
context.set_timeout(None)
@@ -825,7 +825,7 @@
created using the context object. `Context.get_timeout` retrieves
this value.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
context.set_timeout(1234)
assert context.get_timeout() == 1234
@@ -834,7 +834,7 @@
`Context.set_verify_depth` raises `TypeError` if called with a
non-`int` argument.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
with pytest.raises(TypeError):
context.set_verify_depth(None)
@@ -844,7 +844,7 @@
a chain to follow before giving up. The value can be retrieved with
`Context.get_verify_depth`.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
context.set_verify_depth(11)
assert context.get_verify_depth() == 11
@@ -865,7 +865,7 @@
`Context.set_passwd_cb` raises `TypeError` if called with a
non-callable first argument.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
with pytest.raises(TypeError):
context.set_passwd_cb(None)
@@ -882,7 +882,7 @@
calledWith.append((maxlen, verify, extra))
return passphrase
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
context.set_passwd_cb(passphraseCallback)
context.use_privatekey_file(pemFile)
assert len(calledWith) == 1
@@ -900,7 +900,7 @@
def passphraseCallback(maxlen, verify, extra):
raise RuntimeError("Sorry, I am a fail.")
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
context.set_passwd_cb(passphraseCallback)
with pytest.raises(RuntimeError):
context.use_privatekey_file(pemFile)
@@ -915,7 +915,7 @@
def passphraseCallback(maxlen, verify, extra):
return b""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
context.set_passwd_cb(passphraseCallback)
with pytest.raises(Error):
context.use_privatekey_file(pemFile)
@@ -930,7 +930,7 @@
def passphraseCallback(maxlen, verify, extra):
return 10
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
context.set_passwd_cb(passphraseCallback)
# TODO: Surely this is the wrong error?
with pytest.raises(ValueError):
@@ -949,7 +949,7 @@
assert maxlen == 1024
return passphrase + b"y"
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
context.set_passwd_cb(passphraseCallback)
# This shall succeed because the truncated result is the correct
# passphrase.
@@ -962,7 +962,7 @@
"""
(server, client) = socket_pair()
- clientSSL = Connection(Context(TLSv1_METHOD), client)
+ clientSSL = Connection(Context(SSLv23_METHOD), client)
clientSSL.set_connect_state()
called = []
@@ -970,7 +970,7 @@
def info(conn, where, ret):
called.append((conn, where, ret))
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
context.set_info_callback(info)
context.use_certificate(load_certificate(FILETYPE_PEM, root_cert_pem))
context.use_privatekey(load_privatekey(FILETYPE_PEM, root_key_pem))
@@ -1008,7 +1008,7 @@
def keylog(conn, line):
called.append((conn, line))
- server_context = Context(TLSv1_METHOD)
+ server_context = Context(TLSv1_2_METHOD)
server_context.set_keylog_callback(keylog)
server_context.use_certificate(
load_certificate(FILETYPE_PEM, root_cert_pem)
@@ -1017,7 +1017,7 @@
load_privatekey(FILETYPE_PEM, root_key_pem)
)
- client_context = Context(TLSv1_METHOD)
+ client_context = Context(SSLv23_METHOD)
self._handshake_test(server_context, client_context)
@@ -1033,7 +1033,7 @@
"""
(server, client) = socket_pair()
- clientContext = Context(TLSv1_METHOD)
+ clientContext = Context(SSLv23_METHOD)
clientContext.load_verify_locations(*args)
# Require that the server certificate verify properly or the
# connection will fail.
@@ -1045,7 +1045,7 @@
clientSSL = Connection(clientContext, client)
clientSSL.set_connect_state()
- serverContext = Context(TLSv1_METHOD)
+ serverContext = Context(SSLv23_METHOD)
serverContext.use_certificate(
load_certificate(FILETYPE_PEM, root_cert_pem)
)
@@ -1099,7 +1099,7 @@
`Context.load_verify_locations` raises `Error` when passed a
non-existent cafile.
"""
- clientContext = Context(TLSv1_METHOD)
+ clientContext = Context(SSLv23_METHOD)
with pytest.raises(Error):
clientContext.load_verify_locations(tmpfile)
@@ -1144,7 +1144,7 @@
`Context.load_verify_locations` raises `TypeError` if with non-`str`
arguments.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
with pytest.raises(TypeError):
context.load_verify_locations(object())
with pytest.raises(TypeError):
@@ -1164,7 +1164,7 @@
SSL_CTX_SET_default_verify_paths so that it can't find certs unless
it loads via fallback.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
monkeypatch.setattr(
_lib, "SSL_CTX_set_default_verify_paths", lambda x: 1
)
@@ -1189,7 +1189,7 @@
"""
Test that we return True/False appropriately if the env vars are set.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
dir_var = "CUSTOM_DIR_VAR"
file_var = "CUSTOM_FILE_VAR"
assert context._check_env_vars_set(dir_var, file_var) is False
@@ -1202,7 +1202,7 @@
"""
Test that we don't use the fallback path if env vars are set.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
monkeypatch.setattr(
_lib, "SSL_CTX_set_default_verify_paths", lambda x: 1
)
@@ -1259,7 +1259,7 @@
Test that when passed empty arrays or paths that do not exist no
errors are raised.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
context._fallback_default_verify_paths([], [])
context._fallback_default_verify_paths(["/not/a/file"], ["/not/a/dir"])
@@ -1268,7 +1268,7 @@
`Context.add_extra_chain_cert` raises `TypeError` if called with an
object which is not an instance of `X509`.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
with pytest.raises(TypeError):
context.add_extra_chain_cert(object())
@@ -1299,7 +1299,7 @@
The first argument passed to the verify callback is the
`Connection` instance for which verification is taking place.
"""
- serverContext = Context(TLSv1_METHOD)
+ serverContext = Context(SSLv23_METHOD)
serverContext.use_privatekey(
load_privatekey(FILETYPE_PEM, root_key_pem)
)
@@ -1314,7 +1314,7 @@
return 1
verify = VerifyCallback()
- clientContext = Context(TLSv1_METHOD)
+ clientContext = Context(SSLv23_METHOD)
clientContext.set_verify(VERIFY_PEER, verify.callback)
clientConnection = Connection(clientContext, None)
clientConnection.set_connect_state()
@@ -1330,7 +1330,7 @@
get_subject. This test sets up a handshake where we call get_subject
on the cert provided to the verify callback.
"""
- serverContext = Context(TLSv1_METHOD)
+ serverContext = Context(SSLv23_METHOD)
serverContext.use_privatekey(
load_privatekey(FILETYPE_PEM, root_key_pem)
)
@@ -1343,7 +1343,7 @@
assert cert.get_subject()
return 1
- clientContext = Context(TLSv1_METHOD)
+ clientContext = Context(SSLv23_METHOD)
clientContext.set_verify(VERIFY_PEER, verify_cb_get_subject)
clientConnection = Connection(clientContext, None)
clientConnection.set_connect_state()
@@ -1406,14 +1406,14 @@
f.write(dump_privatekey(FILETYPE_PEM, key).decode("ascii"))
# Create the server context
- serverContext = Context(TLSv1_METHOD)
+ serverContext = Context(SSLv23_METHOD)
serverContext.use_privatekey(skey)
serverContext.use_certificate(scert)
# The client already has cacert, we only need to give them icert.
serverContext.add_extra_chain_cert(icert)
# Create the client
- clientContext = Context(TLSv1_METHOD)
+ clientContext = Context(SSLv23_METHOD)
clientContext.set_verify(
VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb
)
@@ -1449,11 +1449,11 @@
with open(caFile, "w") as fObj:
fObj.write(dump_certificate(FILETYPE_PEM, cacert).decode("ascii"))
- serverContext = Context(TLSv1_METHOD)
+ serverContext = Context(SSLv23_METHOD)
serverContext.use_certificate_chain_file(chainFile)
serverContext.use_privatekey(skey)
- clientContext = Context(TLSv1_METHOD)
+ clientContext = Context(SSLv23_METHOD)
clientContext.set_verify(
VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb
)
@@ -1486,7 +1486,7 @@
`Context.use_certificate_chain_file` raises `TypeError` if passed a
non-byte string single argument.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
with pytest.raises(TypeError):
context.use_certificate_chain_file(object())
@@ -1496,7 +1496,7 @@
passed a bad chain file name (for example, the name of a file which
does not exist).
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
with pytest.raises(Error):
context.use_certificate_chain_file(tmpfile)
@@ -1505,7 +1505,7 @@
`Context.get_verify_mode` returns the verify mode flags previously
passed to `Context.set_verify`.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
assert context.get_verify_mode() == 0
context.set_verify(
VERIFY_PEER | VERIFY_CLIENT_ONCE, lambda *args: None
@@ -1518,7 +1518,7 @@
`Context.set_verify` raises `TypeError` if the first argument is
not an integer.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
with pytest.raises(TypeError):
context.set_verify(mode=mode, callback=lambda *args: None)
@@ -1528,7 +1528,7 @@
`Context.set_verify` raises `TypeError` if the second argument
is not callable.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
with pytest.raises(TypeError):
context.set_verify(mode=VERIFY_PEER, callback=callback)
@@ -1537,7 +1537,7 @@
`Context.load_tmp_dh` raises `TypeError` if called with a
non-`str` argument.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
with pytest.raises(TypeError):
context.load_tmp_dh(object())
@@ -1546,7 +1546,7 @@
`Context.load_tmp_dh` raises `OpenSSL.SSL.Error` if the
specified file does not exist.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
with pytest.raises(Error):
context.load_tmp_dh(b"hello")
@@ -1555,7 +1555,7 @@
Verify that calling ``Context.load_tmp_dh`` with the given filename
does not raise an exception.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
with open(dhfilename, "w") as dhfile:
dhfile.write(dhparam)
@@ -1585,7 +1585,7 @@
`Context.set_tmp_ecdh` sets the elliptic curve for Diffie-Hellman to
the specified curve.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
for curve in get_elliptic_curves():
if curve.name.startswith(u"Oakley-"):
# Setting Oakley-EC2N-4 and Oakley-EC2N-3 adds
@@ -1602,7 +1602,7 @@
a non-integer argument.
called with other than one integer argument.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
with pytest.raises(TypeError):
context.set_session_cache_mode(object())
@@ -1611,7 +1611,7 @@
`Context.set_session_cache_mode` specifies how sessions are cached.
The setting can be retrieved via `Context.get_session_cache_mode`.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
context.set_session_cache_mode(SESS_CACHE_OFF)
off = context.set_session_cache_mode(SESS_CACHE_BOTH)
assert SESS_CACHE_OFF == off
@@ -1621,7 +1621,7 @@
"""
`Context.get_cert_store` returns a `X509Store` instance.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
store = context.get_cert_store()
assert isinstance(store, X509Store)
@@ -1631,7 +1631,7 @@
It raises a TypeError if the list of profiles is not a byte string.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
with pytest.raises(TypeError):
context.set_tlsext_use_srtp(text_type("SRTP_AES128_CM_SHA1_80"))
@@ -1641,7 +1641,7 @@
It raises an Error if the call to OpenSSL fails.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
with pytest.raises(Error):
context.set_tlsext_use_srtp(b"SRTP_BOGUS")
@@ -1651,7 +1651,7 @@
It does not return anything.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
assert context.set_tlsext_use_srtp(b"SRTP_AES128_CM_SHA1_80") is None
@@ -1673,7 +1673,7 @@
def replacement(connection): # pragma: no cover
pass
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
context.set_tlsext_servername_callback(callback)
tracker = ref(callback)
@@ -1705,7 +1705,7 @@
def servername(conn):
args.append((conn, conn.get_servername()))
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
context.set_tlsext_servername_callback(servername)
# Lose our reference to it. The Context is responsible for keeping it
@@ -1723,7 +1723,7 @@
server = Connection(context, None)
server.set_accept_state()
- client = Connection(Context(TLSv1_METHOD), None)
+ client = Connection(Context(SSLv23_METHOD), None)
client.set_connect_state()
interact_in_memory(server, client)
@@ -1742,7 +1742,7 @@
def servername(conn):
args.append((conn, conn.get_servername()))
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
context.set_tlsext_servername_callback(servername)
# Necessary to actually accept the connection
@@ -1755,7 +1755,7 @@
server = Connection(context, None)
server.set_accept_state()
- client = Connection(Context(TLSv1_METHOD), None)
+ client = Connection(Context(SSLv23_METHOD), None)
client.set_connect_state()
client.set_tlsext_host_name(b"foo1.example.com")
@@ -1789,10 +1789,10 @@
select_args.append((conn, options))
return b"spdy/2"
- server_context = Context(TLSv1_METHOD)
+ server_context = Context(SSLv23_METHOD)
server_context.set_npn_advertise_callback(advertise)
- client_context = Context(TLSv1_METHOD)
+ client_context = Context(SSLv23_METHOD)
client_context.set_npn_select_callback(select)
# Necessary to actually accept the connection
@@ -1834,10 +1834,10 @@
select_args.append((conn, options))
return b""
- server_context = Context(TLSv1_METHOD)
+ server_context = Context(SSLv23_METHOD)
server_context.set_npn_advertise_callback(advertise)
- client_context = Context(TLSv1_METHOD)
+ client_context = Context(SSLv23_METHOD)
client_context.set_npn_select_callback(select)
# Necessary to actually accept the connection
@@ -1876,10 +1876,10 @@
def select(conn, options):
raise TypeError
- server_context = Context(TLSv1_METHOD)
+ server_context = Context(SSLv23_METHOD)
server_context.set_npn_advertise_callback(advertise)
- client_context = Context(TLSv1_METHOD)
+ client_context = Context(SSLv23_METHOD)
client_context.set_npn_select_callback(select)
# Necessary to actually accept the connection
@@ -1921,10 +1921,10 @@
select_args.append((conn, options))
return b""
- server_context = Context(TLSv1_METHOD)
+ server_context = Context(SSLv23_METHOD)
server_context.set_npn_advertise_callback(advertise)
- client_context = Context(TLSv1_METHOD)
+ client_context = Context(SSLv23_METHOD)
client_context.set_npn_select_callback(select)
# Necessary to actually accept the connection
@@ -1965,10 +1965,10 @@
select_args.append((conn, options))
return b"spdy/2"
- client_context = Context(TLSv1_METHOD)
+ client_context = Context(SSLv23_METHOD)
client_context.set_alpn_protos([b"http/1.1", b"spdy/2"])
- server_context = Context(TLSv1_METHOD)
+ server_context = Context(SSLv23_METHOD)
server_context.set_alpn_select_callback(select)
# Necessary to actually accept the connection
@@ -2005,9 +2005,9 @@
return b"spdy/2"
# Setup the client context but don't set any ALPN protocols.
- client_context = Context(TLSv1_METHOD)
+ client_context = Context(SSLv23_METHOD)
- server_context = Context(TLSv1_METHOD)
+ server_context = Context(SSLv23_METHOD)
server_context.set_alpn_select_callback(select)
# Necessary to actually accept the connection
@@ -2045,10 +2045,10 @@
select_args.append((conn, options))
return b""
- client_context = Context(TLSv1_METHOD)
+ client_context = Context(SSLv23_METHOD)
client_context.set_alpn_protos([b"http/1.1", b"spdy/2"])
- server_context = Context(TLSv1_METHOD)
+ server_context = Context(SSLv23_METHOD)
server_context.set_alpn_select_callback(select)
# Necessary to actually accept the connection
@@ -2158,10 +2158,10 @@
When clients and servers cannot agree on what protocol to use next
because the server doesn't offer ALPN, no protocol is negotiated.
"""
- client_context = Context(TLSv1_METHOD)
+ client_context = Context(SSLv23_METHOD)
client_context.set_alpn_protos([b"http/1.1", b"spdy/2"])
- server_context = Context(TLSv1_METHOD)
+ server_context = Context(SSLv23_METHOD)
# Necessary to actually accept the connection
server_context.use_privatekey(
@@ -2193,10 +2193,10 @@
select_args.append((conn, options))
raise TypeError()
- client_context = Context(TLSv1_METHOD)
+ client_context = Context(SSLv23_METHOD)
client_context.set_alpn_protos([b"http/1.1", b"spdy/2"])
- server_context = Context(TLSv1_METHOD)
+ server_context = Context(SSLv23_METHOD)
server_context.set_alpn_select_callback(select)
# Necessary to actually accept the connection
@@ -2256,7 +2256,7 @@
"""
`Connection` can be used to create instances of that type.
"""
- ctx = Context(TLSv1_METHOD)
+ ctx = Context(SSLv23_METHOD)
assert is_consistent_type(Connection, "Connection", ctx, None)
@pytest.mark.parametrize("bad_context", [object(), "context", None, 1])
@@ -2274,7 +2274,7 @@
`Connection.bio_write` raises `TypeError` if called with a non-bytes
(or text) argument.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
connection = Connection(context, None)
with pytest.raises(TypeError):
connection.bio_write(bad_bio)
@@ -2284,7 +2284,7 @@
`Connection.bio_write` does not raise if called with bytes or
bytearray, warns if called with text.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
connection = Connection(context, None)
connection.bio_write(b"xy")
connection.bio_write(bytearray(b"za"))
@@ -2296,7 +2296,7 @@
`Connection.get_context` returns the `Context` instance used to
construct the `Connection` instance.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
connection = Connection(context, None)
assert connection.get_context() is context
@@ -2305,7 +2305,7 @@
`Connection.set_context` raises `TypeError` if called with a
non-`Context` instance argument.
"""
- ctx = Context(TLSv1_METHOD)
+ ctx = Context(SSLv23_METHOD)
connection = Connection(ctx, None)
with pytest.raises(TypeError):
connection.set_context(object())
@@ -2321,7 +2321,7 @@
used for the connection.
"""
original = Context(SSLv23_METHOD)
- replacement = Context(TLSv1_METHOD)
+ replacement = Context(SSLv23_METHOD)
connection = Connection(original, None)
connection.set_context(replacement)
assert replacement is connection.get_context()
@@ -2336,7 +2336,7 @@
If `Connection.set_tlsext_host_name` is called with a non-byte string
argument or a byte string with an embedded NUL, `TypeError` is raised.
"""
- conn = Connection(Context(TLSv1_METHOD), None)
+ conn = Connection(Context(SSLv23_METHOD), None)
with pytest.raises(TypeError):
conn.set_tlsext_host_name(object())
with pytest.raises(TypeError):
@@ -2352,7 +2352,7 @@
`Connection.pending` returns the number of bytes available for
immediate read.
"""
- connection = Connection(Context(TLSv1_METHOD), None)
+ connection = Connection(Context(SSLv23_METHOD), None)
assert connection.pending() == 0
def test_peek(self):
@@ -2371,7 +2371,7 @@
`Connection.connect` raises `TypeError` if called with a non-address
argument.
"""
- connection = Connection(Context(TLSv1_METHOD), socket_any_family())
+ connection = Connection(Context(SSLv23_METHOD), socket_any_family())
with pytest.raises(TypeError):
connection.connect(None)
@@ -2381,7 +2381,7 @@
connect method raises it.
"""
client = socket_any_family()
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
clientSSL = Connection(context, client)
# pytest.raises here doesn't work because of a bug in py.test on Python
# 2.6: https://github.com/pytest-dev/pytest/issues/988
@@ -2399,7 +2399,7 @@
port.bind(("", 0))
port.listen(3)
- clientSSL = Connection(Context(TLSv1_METHOD), socket(port.family))
+ clientSSL = Connection(Context(SSLv23_METHOD), socket(port.family))
clientSSL.connect((loopback_address(port), port.getsockname()[1]))
# XXX An assertion? Or something?
@@ -2416,7 +2416,7 @@
port.bind(("", 0))
port.listen(3)
- clientSSL = Connection(Context(TLSv1_METHOD), socket(port.family))
+ clientSSL = Connection(Context(SSLv23_METHOD), socket(port.family))
clientSSL.setblocking(False)
result = clientSSL.connect_ex(port.getsockname())
expected = (EINPROGRESS, EWOULDBLOCK)
@@ -2428,7 +2428,7 @@
tuple of a new `Connection` (the accepted client) and the address the
connection originated from.
"""
- ctx = Context(TLSv1_METHOD)
+ ctx = Context(SSLv23_METHOD)
ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))
ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))
port = socket_any_family()
@@ -2436,7 +2436,7 @@
portSSL.bind(("", 0))
portSSL.listen(3)
- clientSSL = Connection(Context(TLSv1_METHOD), socket(port.family))
+ clientSSL = Connection(Context(SSLv23_METHOD), socket(port.family))
# Calling portSSL.getsockname() here to get the server IP address
# sounds great, but frequently fails on Windows.
@@ -2453,7 +2453,7 @@
`Connection.set_shutdown` raises `TypeError` if called with arguments
other than integers.
"""
- connection = Connection(Context(TLSv1_METHOD), None)
+ connection = Connection(Context(SSLv23_METHOD), None)
with pytest.raises(TypeError):
connection.set_shutdown(None)
@@ -2492,8 +2492,8 @@
If the underlying connection is truncated, `Connection.shutdown`
raises an `Error`.
"""
- server_ctx = Context(TLSv1_METHOD)
- client_ctx = Context(TLSv1_METHOD)
+ server_ctx = Context(SSLv23_METHOD)
+ client_ctx = Context(SSLv23_METHOD)
server_ctx.use_privatekey(
load_privatekey(FILETYPE_PEM, server_key_pem)
)
@@ -2515,7 +2515,7 @@
`Connection.set_shutdown` sets the state of the SSL connection
shutdown process.
"""
- connection = Connection(Context(TLSv1_METHOD), socket_any_family())
+ connection = Connection(Context(SSLv23_METHOD), socket_any_family())
connection.set_shutdown(RECEIVED_SHUTDOWN)
assert connection.get_shutdown() == RECEIVED_SHUTDOWN
@@ -2543,7 +2543,7 @@
`Connection.set_app_data` and later retrieved with
`Connection.get_app_data`.
"""
- conn = Connection(Context(TLSv1_METHOD), None)
+ conn = Connection(Context(SSLv23_METHOD), None)
assert None is conn.get_app_data()
app_data = object()
conn.set_app_data(app_data)
@@ -2554,7 +2554,7 @@
`Connection.makefile` is not implemented and calling that
method raises `NotImplementedError`.
"""
- conn = Connection(Context(TLSv1_METHOD), None)
+ conn = Connection(Context(SSLv23_METHOD), None)
with pytest.raises(NotImplementedError):
conn.makefile()
@@ -2565,7 +2565,7 @@
chain = _create_certificate_chain()
[(cakey, cacert), (ikey, icert), (skey, scert)] = chain
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
context.use_certificate(scert)
client = Connection(context, None)
cert = client.get_certificate()
@@ -2578,7 +2578,7 @@
If there is no certificate, it returns None.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
client = Connection(context, None)
cert = client.get_certificate()
assert cert is None
@@ -2591,7 +2591,7 @@
chain = _create_certificate_chain()
[(cakey, cacert), (ikey, icert), (skey, scert)] = chain
- serverContext = Context(TLSv1_METHOD)
+ serverContext = Context(SSLv23_METHOD)
serverContext.use_privatekey(skey)
serverContext.use_certificate(scert)
serverContext.add_extra_chain_cert(icert)
@@ -2600,7 +2600,7 @@
server.set_accept_state()
# Create the client
- clientContext = Context(TLSv1_METHOD)
+ clientContext = Context(SSLv23_METHOD)
clientContext.set_verify(VERIFY_NONE, verify_cb)
client = Connection(clientContext, None)
client.set_connect_state()
@@ -2618,12 +2618,12 @@
`Connection.get_peer_cert_chain` returns `None` if the peer sends
no certificate chain.
"""
- ctx = Context(TLSv1_METHOD)
+ ctx = Context(SSLv23_METHOD)
ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))
ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))
server = Connection(ctx, None)
server.set_accept_state()
- client = Connection(Context(TLSv1_METHOD), None)
+ client = Connection(Context(SSLv23_METHOD), None)
client.set_connect_state()
interact_in_memory(client, server)
assert None is server.get_peer_cert_chain()
@@ -2633,7 +2633,7 @@
`Connection.get_session` returns `None` when used with an object
which has not been connected.
"""
- ctx = Context(TLSv1_METHOD)
+ ctx = Context(SSLv23_METHOD)
server = Connection(ctx, None)
session = server.get_session()
assert None is session
@@ -2662,7 +2662,7 @@
`Connection.set_session` raises `TypeError` if called with an object
that is not an instance of `Session`.
"""
- ctx = Context(TLSv1_METHOD)
+ ctx = Context(SSLv23_METHOD)
connection = Connection(ctx, None)
with pytest.raises(TypeError):
connection.set_session(123)
@@ -2785,7 +2785,7 @@
"Failed to fill socket buffer, cannot test BIO want write"
)
- ctx = Context(TLSv1_METHOD)
+ ctx = Context(SSLv23_METHOD)
conn = Connection(ctx, client_socket)
# Client's speak first, so make it an SSL client
conn.set_connect_state()
@@ -2799,7 +2799,7 @@
`Connection.get_finished` returns `None` before TLS handshake
is completed.
"""
- ctx = Context(TLSv1_METHOD)
+ ctx = Context(SSLv23_METHOD)
connection = Connection(ctx, None)
assert connection.get_finished() is None
@@ -2808,7 +2808,7 @@
`Connection.get_peer_finished` returns `None` before TLS handshake
is completed.
"""
- ctx = Context(TLSv1_METHOD)
+ ctx = Context(SSLv23_METHOD)
connection = Connection(ctx, None)
assert connection.get_peer_finished() is None
@@ -2852,7 +2852,7 @@
`Connection.get_cipher_name` returns `None` if no connection
has been established.
"""
- ctx = Context(TLSv1_METHOD)
+ ctx = Context(SSLv23_METHOD)
conn = Connection(ctx, None)
assert conn.get_cipher_name() is None
@@ -2877,7 +2877,7 @@
`Connection.get_cipher_version` returns `None` if no connection
has been established.
"""
- ctx = Context(TLSv1_METHOD)
+ ctx = Context(SSLv23_METHOD)
conn = Connection(ctx, None)
assert conn.get_cipher_version() is None
@@ -2902,7 +2902,7 @@
`Connection.get_cipher_bits` returns `None` if no connection has
been established.
"""
- ctx = Context(TLSv1_METHOD)
+ ctx = Context(SSLv23_METHOD)
conn = Connection(ctx, None)
assert conn.get_cipher_bits() is None
@@ -2955,7 +2955,7 @@
`Connection.bio_read` raises `OpenSSL.SSL.WantReadError` if there are
no bytes available to be read from the BIO.
"""
- ctx = Context(TLSv1_METHOD)
+ ctx = Context(SSLv23_METHOD)
conn = Connection(ctx, None)
with pytest.raises(WantReadError):
conn.bio_read(1024)
@@ -2966,7 +2966,7 @@
`Connection.bio_read` raises `TypeError` if passed a non-integer
argument.
"""
- ctx = Context(TLSv1_METHOD)
+ ctx = Context(SSLv23_METHOD)
conn = Connection(ctx, None)
with pytest.raises(TypeError):
conn.bio_read(bufsize)
@@ -2976,7 +2976,7 @@
`Connection.bio_read` accepts an integer giving the maximum number
of bytes to read and return.
"""
- ctx = Context(TLSv1_METHOD)
+ ctx = Context(SSLv23_METHOD)
conn = Connection(ctx, None)
conn.set_connect_state()
try:
@@ -2997,7 +2997,7 @@
`Connection.get_cipher_list` returns a list of `bytes` giving the
names of the ciphers which might be used.
"""
- connection = Connection(Context(TLSv1_METHOD), None)
+ connection = Connection(Context(SSLv23_METHOD), None)
ciphers = connection.get_cipher_list()
assert isinstance(ciphers, list)
for cipher in ciphers:
@@ -3023,7 +3023,7 @@
When called with arguments other than string argument for its first
parameter, `Connection.send` raises `TypeError`.
"""
- connection = Connection(Context(TLSv1_METHOD), None)
+ connection = Connection(Context(SSLv23_METHOD), None)
with pytest.raises(TypeError):
connection.send(object())
with pytest.raises(TypeError):
@@ -3097,7 +3097,7 @@
`Connection.send` bails out as SSL_write only
accepts an int for the buffer length.
"""
- connection = Connection(Context(TLSv1_METHOD), None)
+ connection = Connection(Context(SSLv23_METHOD), None)
with pytest.raises(ValueError) as exc_info:
connection.send(VeryLarge())
exc_info.match(r"Cannot send more than .+ bytes at once")
@@ -3244,7 +3244,7 @@
When called with arguments other than a string argument for its first
parameter, `Connection.sendall` raises `TypeError`.
"""
- connection = Connection(Context(TLSv1_METHOD), None)
+ connection = Connection(Context(SSLv23_METHOD), None)
with pytest.raises(TypeError):
connection.sendall(object())
with pytest.raises(TypeError):
@@ -3337,7 +3337,7 @@
`Connection.total_renegotiations` returns `0` before any renegotiations
have happened.
"""
- connection = Connection(Context(TLSv1_METHOD), None)
+ connection = Connection(Context(SSLv23_METHOD), None)
assert connection.total_renegotiations() == 0
def test_renegotiate(self):
@@ -3512,7 +3512,7 @@
"""
# Create the server side Connection. This is mostly setup boilerplate
# - use TLSv1, use a particular certificate, etc.
- server_ctx = Context(TLSv1_METHOD)
+ server_ctx = Context(SSLv23_METHOD)
server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE)
server_ctx.set_verify(
VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT | VERIFY_CLIENT_ONCE,
@@ -3539,7 +3539,7 @@
"""
# Now create the client side Connection. Similar boilerplate to the
# above.
- client_ctx = Context(TLSv1_METHOD)
+ client_ctx = Context(SSLv23_METHOD)
client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE)
client_ctx.set_verify(
VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT | VERIFY_CLIENT_ONCE,
@@ -3652,7 +3652,7 @@
Test that `OpenSSL.SSL.bio_read` and `OpenSSL.SSL.bio_write` don't
work on `OpenSSL.SSL.Connection`() that use sockets.
"""
- context = Context(TLSv1_METHOD)
+ context = Context(SSLv23_METHOD)
client = socket_any_family()
clientSSL = Connection(context, client)
with pytest.raises(TypeError):
@@ -3742,7 +3742,7 @@
`Context.set_client_ca_list` raises a `TypeError` if called with a
non-list or a list that contains objects other than X509Names.
"""
- ctx = Context(TLSv1_METHOD)
+ ctx = Context(SSLv23_METHOD)
with pytest.raises(TypeError):
ctx.set_client_ca_list("spam")
with pytest.raises(TypeError):
@@ -3846,7 +3846,7 @@
`Context.add_client_ca` raises `TypeError` if called with
a non-X509 object.
"""
- ctx = Context(TLSv1_METHOD)
+ ctx = Context(SSLv23_METHOD)
with pytest.raises(TypeError):
ctx.add_client_ca("spam")