Blame - tests/test_ssl.py - platform/external/python/pyopenssl

2008-03-21 17:04:05 -0400

[diff] [blame]

4

"""

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

5

Unit tests for :mod:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

6

"""

7

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

8

import datetime

Maximilian Hils

2017-02-10 14:56:55 +0100

[diff] [blame]

9

import sys

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

10

import uuid

11

Jean-Paul Calderone

4c1aacd

2014-01-11 08:15:17 -0500

[diff] [blame]

12

from gc import collect, get_referrers

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

13

from errno import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

EAFNOSUPPORT,

ECONNREFUSED,

EINPROGRESS,

EWOULDBLOCK,

EPIPE,

ESHUTDOWN,

)

Jeremy Lainé

1ae7cb6

2018-03-21 14:49:42 +0100

[diff] [blame]

21

from sys import platform, getfilesystemencoding

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

22

from socket import AF_INET, AF_INET6, MSG_PEEK, SHUT_RDWR, error, socket

Jean-Paul Calderone

a65cf6c

2009-07-19 10:26:52 -0400

[diff] [blame]

23

from os import makedirs

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

24

from os.path import join

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

25

from weakref import ref

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

26

from warnings import simplefilter

Jean-Paul Calderone

460cc1f

2009-03-07 11:31:12 -0500

[diff] [blame]

27

Alex Gaynor

963ae03

2019-07-06 17:38:32 -0400

[diff] [blame]

28

import flaky

29

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

30

import pytest

31

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

32

from pretend import raiser

33

Hugo van Kemenade

60827f8

2019-08-30 00:39:35 +0300

[diff] [blame]

34

from six import PY2, text_type

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

35

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

36

from cryptography import x509

37

from cryptography.hazmat.backends import default_backend

38

from cryptography.hazmat.primitives import hashes

39

from cryptography.hazmat.primitives import serialization

40

from cryptography.hazmat.primitives.asymmetric import rsa

41

from cryptography.x509.oid import NameOID

42

43

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

44

from OpenSSL.crypto import TYPE_RSA, FILETYPE_PEM

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

45

from OpenSSL.crypto import PKey, X509, X509Extension, X509Store

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

46

from OpenSSL.crypto import dump_privatekey, load_privatekey

47

from OpenSSL.crypto import dump_certificate, load_certificate

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

48

from OpenSSL.crypto import get_elliptic_curves

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

49

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

50

from OpenSSL.SSL import OPENSSL_VERSION_NUMBER, SSLEAY_VERSION, SSLEAY_CFLAGS

51

from OpenSSL.SSL import SSLEAY_PLATFORM, SSLEAY_DIR, SSLEAY_BUILT_ON

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

52

from OpenSSL.SSL import SENT_SHUTDOWN, RECEIVED_SHUTDOWN

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

53

from OpenSSL.SSL import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

SSLv2_METHOD,

SSLv3_METHOD,

SSLv23_METHOD,

TLSv1_METHOD,

TLSv1_1_METHOD,

TLSv1_2_METHOD,

)

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

61

from OpenSSL.SSL import OP_SINGLE_DH_USE, OP_NO_SSLv2, OP_NO_SSLv3

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

62

from OpenSSL.SSL import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

63

VERIFY_PEER,

64

VERIFY_FAIL_IF_NO_PEER_CERT,

65

VERIFY_CLIENT_ONCE,

66

VERIFY_NONE,

67

)

Jean-Paul Calderone

0222a49

2011-09-08 18:26:03 -0400

[diff] [blame]

68

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

69

from OpenSSL import SSL

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

70

from OpenSSL.SSL import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

SESS_CACHE_OFF,

SESS_CACHE_CLIENT,

SESS_CACHE_SERVER,

SESS_CACHE_BOTH,

SESS_CACHE_NO_AUTO_CLEAR,

76

SESS_CACHE_NO_INTERNAL_LOOKUP,

77

SESS_CACHE_NO_INTERNAL_STORE,

78

SESS_CACHE_NO_INTERNAL,

79

)

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

80

81

from OpenSSL.SSL import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

Error,

SysCallError,

WantReadError,

WantWriteError,

ZeroReturnError,

)

from OpenSSL.SSL import Context, Session, Connection, SSLeay_version

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

89

from OpenSSL.SSL import _make_requires

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

90

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

91

from OpenSSL._util import ffi as _ffi, lib as _lib

Cory Benfield

ba1820d

2015-04-13 17:39:12 -0400

[diff] [blame]

92

Alex Gaynor

d3b5d9b

2016-07-31 10:54:24 -0400

[diff] [blame]

93

from OpenSSL.SSL import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

OP_NO_QUERY_MTU,

OP_COOKIE_EXCHANGE,

OP_NO_TICKET,

OP_NO_COMPRESSION,

MODE_RELEASE_BUFFERS,

99

NO_OVERLAPPING_PROTOCOLS,

100

)

Jean-Paul Calderone

0222a49

2011-09-08 18:26:03 -0400

[diff] [blame]

101

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

102

from OpenSSL.SSL import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

SSL_ST_CONNECT,

SSL_ST_ACCEPT,

SSL_ST_MASK,

SSL_CB_LOOP,

SSL_CB_EXIT,

SSL_CB_READ,

SSL_CB_WRITE,

SSL_CB_ALERT,

SSL_CB_READ_ALERT,

SSL_CB_WRITE_ALERT,

SSL_CB_ACCEPT_LOOP,

SSL_CB_ACCEPT_EXIT,

SSL_CB_CONNECT_LOOP,

SSL_CB_CONNECT_EXIT,

SSL_CB_HANDSHAKE_START,

118

SSL_CB_HANDSHAKE_DONE,

119

)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

120

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

121

try:

122

from OpenSSL.SSL import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

SSL_ST_INIT,

SSL_ST_BEFORE,

SSL_ST_OK,

SSL_ST_RENEGOTIATE,

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

127

)

128

except ImportError:

129

SSL_ST_INIT = SSL_ST_BEFORE = SSL_ST_OK = SSL_ST_RENEGOTIATE = None

130

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

131

from .util import WARNING_TYPE_EXPECTED, NON_ASCII, is_consistent_type

Hynek Schlawack

f0e6685

2015-10-16 20:18:38 +0200

[diff] [blame]

132

from .test_crypto import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

133

cleartextCertificatePEM,

134

cleartextPrivateKeyPEM,

client_cert_pem,

client_key_pem,

server_cert_pem,

server_key_pem,

root_cert_pem,

)

Hynek Schlawack

f0e6685

2015-10-16 20:18:38 +0200

[diff] [blame]

141

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

142

Alex Gaynor

d0bdd2d

2016-09-10 14:23:46 -0400

[diff] [blame]

143

# openssl dhparam 1024 -out dh-1024.pem (note that 1024 is a small number of

144

# bits to use)

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

145

dhparam = """\

146

-----BEGIN DH PARAMETERS-----

Alex Gaynor

d0bdd2d

2016-09-10 14:23:46 -0400

[diff] [blame]

147

MIGHAoGBALdUMvn+C9MM+y5BWZs11mSeH6HHoEq0UVbzVq7UojC1hbsZUuGukQ3a

148

Qh2/pwqb18BZFykrWB0zv/OkLa0kx4cuUgNrUVq1EFheBiX6YqryJ7t2sO09NQiO

149

V7H54LmltOT/hEh6QWsJqb6BQgH65bswvV/XkYGja8/T0GzvbaVzAgEC

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

150

-----END DH PARAMETERS-----

"""

Hugo van Kemenade

2019-08-30 00:39:35 +0300

[diff] [blame]

154

skip_if_py3 = pytest.mark.skipif(not PY2, reason="Python 2 only")

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

155

156

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

157

def socket_any_family():

158

try:

159

return socket(AF_INET)

160

except error as e:

161

if e.errno == EAFNOSUPPORT:

162

return socket(AF_INET6)

raise

def loopback_address(socket):

167

if socket.family == AF_INET:

168

return "127.0.0.1"

169

else:

170

assert socket.family == AF_INET6

return "::1"

Jean-Paul Calderone

2015-04-12 11:38:49 -0400

[diff] [blame]

174

def join_bytes_or_unicode(prefix, suffix):

175

"""

176

Join two path components of either ``bytes`` or ``unicode``.

177

178

The return type is the same as the type of ``prefix``.

179

"""

180

# If the types are the same, nothing special is necessary.

181

if type(prefix) == type(suffix):

182

return join(prefix, suffix)

183

184

# Otherwise, coerce suffix to the type of prefix.

185

if isinstance(prefix, text_type):

186

return join(prefix, suffix.decode(getfilesystemencoding()))

187

else:

188

return join(prefix, suffix.encode(getfilesystemencoding()))

189

190

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

191

def verify_cb(conn, cert, errnum, depth, ok):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

192

return ok

193

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

194

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

195

def socket_pair():

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

196

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

197

Establish and return a pair of network sockets connected to each other.

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

198

"""

199

# Connect a pair of sockets

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

200

port = socket_any_family()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

201

port.bind(("", 0))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

202

port.listen(1)

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

203

client = socket(port.family)

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

204

client.setblocking(False)

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

205

client.connect_ex((loopback_address(port), port.getsockname()[1]))

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

206

client.setblocking(True)

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

207

server = port.accept()[0]

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

208

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

209

# Let's pass some unencrypted data to make sure our socket connection is

210

# fine. Just one byte, so we don't have to worry about buffers getting

211

# filled up or fragmentation.

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

212

server.send(b"x")

213

assert client.recv(1024) == b"x"

214

client.send(b"y")

215

assert server.recv(1024) == b"y"

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

216

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

217

# Most of our callers want non-blocking sockets, make it easy for them.

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

218

server.setblocking(False)

219

client.setblocking(False)

Jim Shaver

46f2891

2015-05-29 19:32:16 -0400

[diff] [blame]

220

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

221

return (server, client)

222

223

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

224

def handshake(client, server):

225

conns = [client, server]

while conns:

for conn in conns:

try:

conn.do_handshake()

except WantReadError:

pass

else:

conns.remove(conn)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

236

def _create_certificate_chain():

237

"""

238

Construct and return a chain of certificates.

239

240

1. A new self-signed certificate authority certificate (cacert)

241

2. A new intermediate certificate signed by cacert (icert)

242

3. A new server certificate signed by icert (scert)

243

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

244

caext = X509Extension(b"basicConstraints", False, b"CA:true")

245

not_after_date = datetime.date.today() + datetime.timedelta(days=365)

Alex Gaynor

2020-01-12 11:59:49 -0600

[diff] [blame]

246

not_after = not_after_date.strftime("%Y%m%d%H%M%SZ").encode("ascii")

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

247

248

# Step 1

249

cakey = PKey()

Alex Gaynor

0737a5e

2016-09-10 14:35:09 -0400

[diff] [blame]

250

cakey.generate_key(TYPE_RSA, 1024)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

251

cacert = X509()

David Benjamin

6b79947

2020-06-24 17:14:16 -0400

[diff] [blame]

252

cacert.set_version(2)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

253

cacert.get_subject().commonName = "Authority Certificate"

254

cacert.set_issuer(cacert.get_subject())

255

cacert.set_pubkey(cakey)

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

256

cacert.set_notBefore(b"20000101000000Z")

Alex Gaynor

2020-01-12 11:59:49 -0600

[diff] [blame]

257

cacert.set_notAfter(not_after)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

258

cacert.add_extensions([caext])

259

cacert.set_serial_number(0)

260

cacert.sign(cakey, "sha1")

261

262

# Step 2

263

ikey = PKey()

Alex Gaynor

0737a5e

2016-09-10 14:35:09 -0400

[diff] [blame]

264

ikey.generate_key(TYPE_RSA, 1024)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

265

icert = X509()

David Benjamin

6b79947

2020-06-24 17:14:16 -0400

[diff] [blame]

266

icert.set_version(2)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

267

icert.get_subject().commonName = "Intermediate Certificate"

268

icert.set_issuer(cacert.get_subject())

269

icert.set_pubkey(ikey)

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

270

icert.set_notBefore(b"20000101000000Z")

Alex Gaynor

2020-01-12 11:59:49 -0600

[diff] [blame]

271

icert.set_notAfter(not_after)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

272

icert.add_extensions([caext])

273

icert.set_serial_number(0)

274

icert.sign(cakey, "sha1")

275

276

# Step 3

277

skey = PKey()

Alex Gaynor

0737a5e

2016-09-10 14:35:09 -0400

[diff] [blame]

278

skey.generate_key(TYPE_RSA, 1024)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

279

scert = X509()

David Benjamin

6b79947

2020-06-24 17:14:16 -0400

[diff] [blame]

280

scert.set_version(2)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

281

scert.get_subject().commonName = "Server Certificate"

282

scert.set_issuer(icert.get_subject())

283

scert.set_pubkey(skey)

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

284

scert.set_notBefore(b"20000101000000Z")

Alex Gaynor

2020-01-12 11:59:49 -0600

[diff] [blame]

285

scert.set_notAfter(not_after)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

286

scert.add_extensions(

287

[X509Extension(b"basicConstraints", True, b"CA:false")]

288

)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

289

scert.set_serial_number(0)

290

scert.sign(ikey, "sha1")

291

292

return [(cakey, cacert), (ikey, icert), (skey, scert)]

293

294

Paul Kehrer

2019-01-21 12:24:02 -0600

[diff] [blame]

295

def loopback_client_factory(socket, version=SSLv23_METHOD):

296

client = Connection(Context(version), socket)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

297

client.set_connect_state()

return client

Paul Kehrer

2019-01-21 12:24:02 -0600

[diff] [blame]

301

def loopback_server_factory(socket, version=SSLv23_METHOD):

302

ctx = Context(version)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

303

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

304

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

305

server = Connection(ctx, socket)

306

server.set_accept_state()

return server

def loopback(server_factory=None, client_factory=None):

311

"""

312

Create a connected socket pair and force two connected SSL sockets

313

to talk to each other via memory BIOs.

314

"""

315

if server_factory is None:

316

server_factory = loopback_server_factory

317

if client_factory is None:

318

client_factory = loopback_client_factory

319

320

(server, client) = socket_pair()

321

server = server_factory(server)

322

client = client_factory(client)

323

324

handshake(client, server)

325

326

server.setblocking(True)

327

client.setblocking(True)

328

return server, client

329

330

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

331

def interact_in_memory(client_conn, server_conn):

332

"""

333

Try to read application bytes from each of the two `Connection` objects.

334

Copy bytes back and forth between their send/receive buffers for as long

335

as there is anything to copy. When there is nothing more to copy,

336

return `None`. If one of them actually manages to deliver some application

337

bytes, return a two-tuple of the connection from which the bytes were read

338

and the bytes themselves.

"""

wrote = True

while wrote:

# Loop until neither side has anything to say

343

wrote = False

344

345

# Copy stuff from each side's send buffer to the other side's

346

# receive buffer.

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

347

for (read, write) in [

348

(client_conn, server_conn),

349

(server_conn, client_conn),

350

]:

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

351

352

# Give the side a chance to generate some more bytes, or succeed.

353

try:

354

data = read.recv(2 ** 16)

355

except WantReadError:

356

# It didn't succeed, so we'll hope it generated some output.

357

pass

358

else:

359

# It did succeed, so we'll stop now and let the caller deal

# with it.

return (read, data)

while True:

# Keep copying as long as there's more stuff there.

365

try:

366

dirty = read.bio_read(4096)

367

except WantReadError:

368

# Okay, nothing more waiting to be sent. Stop

369

# processing this send buffer.

370

break

371

else:

372

# Keep track of the fact that someone generated some

373

# output.

374

wrote = True

375

write.bio_write(dirty)

376

377

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

378

def handshake_in_memory(client_conn, server_conn):

379

"""

380

Perform the TLS handshake between two `Connection` instances connected to

381

each other via memory BIOs.

382

"""

383

client_conn.set_connect_state()

384

server_conn.set_accept_state()

385

386

for conn in [client_conn, server_conn]:

387

try:

388

conn.do_handshake()

389

except WantReadError:

390

pass

391

392

interact_in_memory(client_conn, server_conn)

393

394

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

395

class TestVersion(object):

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

396

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

397

Tests for version information exposed by `OpenSSL.SSL.SSLeay_version` and

398

`OpenSSL.SSL.OPENSSL_VERSION_NUMBER`.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

399

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

400

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

401

def test_OPENSSL_VERSION_NUMBER(self):

402

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

403

`OPENSSL_VERSION_NUMBER` is an integer with status in the low byte and

404

the patch, fix, minor, and major versions in the nibbles above that.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

405

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

406

assert isinstance(OPENSSL_VERSION_NUMBER, int)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

407

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

408

def test_SSLeay_version(self):

409

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

410

`SSLeay_version` takes a version type indicator and returns one of a

411

number of version strings based on that indicator.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

412

"""

413

versions = {}

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

for t in [

SSLEAY_VERSION,

SSLEAY_CFLAGS,

SSLEAY_BUILT_ON,

SSLEAY_PLATFORM,

SSLEAY_DIR,

]:

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

421

version = SSLeay_version(t)

422

versions[version] = t

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

423

assert isinstance(version, bytes)

424

assert len(versions) == 5

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

425

426

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

427

@pytest.fixture

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

428

def ca_file(tmpdir):

429

"""

430

Create a valid PEM file with CA certificates and return the path.

431

"""

432

key = rsa.generate_private_key(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

433

public_exponent=65537, key_size=2048, backend=default_backend()

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

434

)

435

public_key = key.public_key()

436

437

builder = x509.CertificateBuilder()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

438

builder = builder.subject_name(

439

x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u"pyopenssl.org")])

440

)

441

builder = builder.issuer_name(

442

x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u"pyopenssl.org")])

443

)

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

444

one_day = datetime.timedelta(1, 0, 0)

445

builder = builder.not_valid_before(datetime.datetime.today() - one_day)

446

builder = builder.not_valid_after(datetime.datetime.today() + one_day)

447

builder = builder.serial_number(int(uuid.uuid4()))

448

builder = builder.public_key(public_key)

449

builder = builder.add_extension(

450

x509.BasicConstraints(ca=True, path_length=None), critical=True,

451

)

452

453

certificate = builder.sign(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

454

private_key=key, algorithm=hashes.SHA256(), backend=default_backend()

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

455

)

456

457

ca_file = tmpdir.join("test.pem")

458

ca_file.write_binary(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

459

certificate.public_bytes(encoding=serialization.Encoding.PEM,)

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

460

)

461

462

return str(ca_file).encode("ascii")

463

464

465

@pytest.fixture

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

466

def context():

467

"""

468

A simple TLS 1.0 context.

469

"""

470

return Context(TLSv1_METHOD)

471

472

473

class TestContext(object):

Hynek Schlawack

aa86121

2016-03-13 13:53:48 +0100

[diff] [blame]

474

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

475

Unit tests for `OpenSSL.SSL.Context`.

Hynek Schlawack

aa86121

2016-03-13 13:53:48 +0100

[diff] [blame]

476

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

477

478

@pytest.mark.parametrize(

479

"cipher_string",

480

[b"hello world:AES128-SHA", u"hello world:AES128-SHA"],

481

)

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

482

def test_set_cipher_list(self, context, cipher_string):

483

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

484

`Context.set_cipher_list` accepts both byte and unicode strings

Hynek Schlawack

a7a63af

2016-03-11 12:05:26 +0100

[diff] [blame]

485

for naming the ciphers which connections created with the context

486

object will be able to choose from.

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

487

"""

488

context.set_cipher_list(cipher_string)

489

conn = Connection(context, None)

490

491

assert "AES128-SHA" in conn.get_cipher_list()

492

Mark Williams

2019-02-14 19:30:07 -0800

[diff] [blame]

493

def test_set_cipher_list_wrong_type(self, context):

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

494

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

495

`Context.set_cipher_list` raises `TypeError` when passed a non-string

Mark Williams

2019-02-14 19:30:07 -0800

[diff] [blame]

496

argument.

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

497

"""

Mark Williams

2019-02-14 19:30:07 -0800

[diff] [blame]

498

with pytest.raises(TypeError):

499

context.set_cipher_list(object())

500

Alex Gaynor

963ae03

2019-07-06 17:38:32 -0400

[diff] [blame]

501

@flaky.flaky

Mark Williams

2019-02-14 19:30:07 -0800

[diff] [blame]

502

def test_set_cipher_list_no_cipher_match(self, context):

503

"""

504

`Context.set_cipher_list` raises `OpenSSL.SSL.Error` with a

505

`"no cipher match"` reason string regardless of the TLS

506

version.

507

"""

508

with pytest.raises(Error) as excinfo:

509

context.set_cipher_list(b"imaginary-cipher")

510

assert excinfo.value.args == (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

511

[("SSL routines", "SSL_CTX_set_cipher_list", "no cipher match",)],

512

)

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

513

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

514

def test_load_client_ca(self, context, ca_file):

515

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

516

`Context.load_client_ca` works as far as we can tell.

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

517

"""

518

context.load_client_ca(ca_file)

519

520

def test_load_client_ca_invalid(self, context, tmpdir):

521

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

522

`Context.load_client_ca` raises an Error if the ca file is invalid.

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

523

"""

524

ca_file = tmpdir.join("test.pem")

525

ca_file.write("")

526

527

with pytest.raises(Error) as e:

528

context.load_client_ca(str(ca_file).encode("ascii"))

529

530

assert "PEM routines" == e.value.args[0][0][0]

531

532

def test_load_client_ca_unicode(self, context, ca_file):

533

"""

534

Passing the path as unicode raises a warning but works.

535

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

536

pytest.deprecated_call(context.load_client_ca, ca_file.decode("ascii"))

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

537

538

def test_set_session_id(self, context):

539

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

540

`Context.set_session_id` works as far as we can tell.

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

541

"""

542

context.set_session_id(b"abc")

543

544

def test_set_session_id_fail(self, context):

545

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

546

`Context.set_session_id` errors are propagated.

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

547

"""

548

with pytest.raises(Error) as e:

549

context.set_session_id(b"abc" * 1000)

550

551

assert [

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

552

(

553

"SSL routines",

554

"SSL_CTX_set_session_id_context",

555

"ssl session id context too long",

556

)

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

557

] == e.value.args[0]

558

559

def test_set_session_id_unicode(self, context):

560

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

561

`Context.set_session_id` raises a warning if a unicode string is

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

562

passed.

563

"""

564

pytest.deprecated_call(context.set_session_id, u"abc")

565

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

566

def test_method(self):

567

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

568

`Context` can be instantiated with one of `SSLv2_METHOD`,

569

`SSLv3_METHOD`, `SSLv23_METHOD`, `TLSv1_METHOD`, `TLSv1_1_METHOD`,

570

or `TLSv1_2_METHOD`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

571

"""

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

572

methods = [SSLv23_METHOD, TLSv1_METHOD]

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

573

for meth in methods:

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

574

Context(meth)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

575

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

576

maybe = [SSLv2_METHOD, SSLv3_METHOD, TLSv1_1_METHOD, TLSv1_2_METHOD]

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

for meth in maybe:

try:

Context(meth)

except (Error, ValueError):

581

# Some versions of OpenSSL have SSLv2 / TLSv1.1 / TLSv1.2, some

582

# don't. Difficult to say in advance.

583

pass

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

584

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

585

with pytest.raises(TypeError):

586

Context("")

587

with pytest.raises(ValueError):

588

Context(10)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

589

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

590

def test_type(self):

591

"""

Alex Gaynor

01f90a1

2019-02-07 09:14:48 -0500

[diff] [blame]

592

`Context` can be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

593

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

594

assert is_consistent_type(Context, "Context", TLSv1_METHOD)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

595

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

596

def test_use_privatekey(self):

597

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

598

`Context.use_privatekey` takes an `OpenSSL.crypto.PKey` instance.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

599

"""

600

key = PKey()

Alex Gaynor

6e9f976

2018-05-12 07:44:37 -0400

[diff] [blame]

601

key.generate_key(TYPE_RSA, 512)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

602

ctx = Context(TLSv1_METHOD)

603

ctx.use_privatekey(key)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

604

with pytest.raises(TypeError):

605

ctx.use_privatekey("")

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

606

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

607

def test_use_privatekey_file_missing(self, tmpfile):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

608

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

609

`Context.use_privatekey_file` raises `OpenSSL.SSL.Error` when passed

610

the name of a file which does not exist.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

611

"""

612

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

613

with pytest.raises(Error):

614

ctx.use_privatekey_file(tmpfile)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

615

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

616

def _use_privatekey_file_test(self, pemfile, filetype):

617

"""

618

Verify that calling ``Context.use_privatekey_file`` with the given

619

arguments does not raise an exception.

620

"""

621

key = PKey()

Alex Gaynor

6e9f976

2018-05-12 07:44:37 -0400

[diff] [blame]

622

key.generate_key(TYPE_RSA, 512)

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

623

624

with open(pemfile, "wt") as pem:

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

625

pem.write(dump_privatekey(FILETYPE_PEM, key).decode("ascii"))

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

626

627

ctx = Context(TLSv1_METHOD)

628

ctx.use_privatekey_file(pemfile, filetype)

629

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

630

@pytest.mark.parametrize("filetype", [object(), "", None, 1.0])

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

631

def test_wrong_privatekey_file_wrong_args(self, tmpfile, filetype):

632

"""

633

`Context.use_privatekey_file` raises `TypeError` when called with

634

a `filetype` which is not a valid file encoding.

635

"""

636

ctx = Context(TLSv1_METHOD)

637

with pytest.raises(TypeError):

638

ctx.use_privatekey_file(tmpfile, filetype)

639

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

640

def test_use_privatekey_file_bytes(self, tmpfile):

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

641

"""

642

A private key can be specified from a file by passing a ``bytes``

643

instance giving the file name to ``Context.use_privatekey_file``.

644

"""

645

self._use_privatekey_file_test(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

646

tmpfile + NON_ASCII.encode(getfilesystemencoding()), FILETYPE_PEM,

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

647

)

648

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

649

def test_use_privatekey_file_unicode(self, tmpfile):

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

650

"""

651

A private key can be specified from a file by passing a ``unicode``

652

instance giving the file name to ``Context.use_privatekey_file``.

653

"""

654

self._use_privatekey_file_test(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

655

tmpfile.decode(getfilesystemencoding()) + NON_ASCII, FILETYPE_PEM,

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

656

)

657

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

658

def test_use_certificate_wrong_args(self):

659

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

660

`Context.use_certificate_wrong_args` raises `TypeError` when not passed

661

exactly one `OpenSSL.crypto.X509` instance as an argument.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

662

"""

663

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

664

with pytest.raises(TypeError):

665

ctx.use_certificate("hello, world")

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

666

667

def test_use_certificate_uninitialized(self):

668

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

669

`Context.use_certificate` raises `OpenSSL.SSL.Error` when passed a

670

`OpenSSL.crypto.X509` instance which has not been initialized

671

(ie, which does not actually have any certificate data).

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

672

"""

673

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

674

with pytest.raises(Error):

675

ctx.use_certificate(X509())

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

676

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

677

def test_use_certificate(self):

678

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

679

`Context.use_certificate` sets the certificate which will be

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

680

used to identify connections created using the context.

681

"""

682

# TODO

683

# Hard to assert anything. But we could set a privatekey then ask

684

# OpenSSL if the cert and key agree using check_privatekey. Then as

685

# long as check_privatekey works right we're good...

686

ctx = Context(TLSv1_METHOD)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

687

ctx.use_certificate(

688

load_certificate(FILETYPE_PEM, cleartextCertificatePEM)

689

)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

690

691

def test_use_certificate_file_wrong_args(self):

692

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

693

`Context.use_certificate_file` raises `TypeError` if the first

694

argument is not a byte string or the second argument is not an integer.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

695

"""

696

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

697

with pytest.raises(TypeError):

698

ctx.use_certificate_file(object(), FILETYPE_PEM)

699

with pytest.raises(TypeError):

700

ctx.use_certificate_file(b"somefile", object())

701

with pytest.raises(TypeError):

702

ctx.use_certificate_file(object(), FILETYPE_PEM)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

703

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

704

def test_use_certificate_file_missing(self, tmpfile):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

705

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

706

`Context.use_certificate_file` raises `OpenSSL.SSL.Error` if passed

707

the name of a file which does not exist.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

708

"""

709

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

710

with pytest.raises(Error):

711

ctx.use_certificate_file(tmpfile)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

712

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

713

def _use_certificate_file_test(self, certificate_file):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

714

"""

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

715

Verify that calling ``Context.use_certificate_file`` with the given

716

filename doesn't raise an exception.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

717

"""

718

# TODO

719

# Hard to assert anything. But we could set a privatekey then ask

720

# OpenSSL if the cert and key agree using check_privatekey. Then as

721

# long as check_privatekey works right we're good...

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

722

with open(certificate_file, "wb") as pem_file:

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

723

pem_file.write(cleartextCertificatePEM)

724

725

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

726

ctx.use_certificate_file(certificate_file)

727

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

728

def test_use_certificate_file_bytes(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

729

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

730

`Context.use_certificate_file` sets the certificate (given as a

731

`bytes` filename) which will be used to identify connections created

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

732

using the context.

733

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

734

filename = tmpfile + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

735

self._use_certificate_file_test(filename)

736

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

737

def test_use_certificate_file_unicode(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

738

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

739

`Context.use_certificate_file` sets the certificate (given as a

740

`bytes` filename) which will be used to identify connections created

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

741

using the context.

742

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

743

filename = tmpfile.decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

744

self._use_certificate_file_test(filename)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

745

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

746

def test_check_privatekey_valid(self):

747

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

748

`Context.check_privatekey` returns `None` if the `Context` instance

749

has been configured to use a matched key and certificate pair.

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

750

"""

751

key = load_privatekey(FILETYPE_PEM, client_key_pem)

752

cert = load_certificate(FILETYPE_PEM, client_cert_pem)

753

context = Context(TLSv1_METHOD)

754

context.use_privatekey(key)

755

context.use_certificate(cert)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

756

assert None is context.check_privatekey()

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

757

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

758

def test_check_privatekey_invalid(self):

759

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

760

`Context.check_privatekey` raises `Error` if the `Context` instance

761

has been configured to use a key and certificate pair which don't

762

relate to each other.

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

763

"""

764

key = load_privatekey(FILETYPE_PEM, client_key_pem)

765

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

766

context = Context(TLSv1_METHOD)

767

context.use_privatekey(key)

768

context.use_certificate(cert)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

769

with pytest.raises(Error):

770

context.check_privatekey()

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

771

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

772

def test_app_data(self):

773

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

774

`Context.set_app_data` stores an object for later retrieval

775

using `Context.get_app_data`.

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

776

"""

777

app_data = object()

778

context = Context(TLSv1_METHOD)

779

context.set_app_data(app_data)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

780

assert context.get_app_data() is app_data

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

781

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

782

def test_set_options_wrong_args(self):

783

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

784

`Context.set_options` raises `TypeError` if called with

785

a non-`int` argument.

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

786

"""

787

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

788

with pytest.raises(TypeError):

789

context.set_options(None)

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

790

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

791

def test_set_options(self):

792

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

793

`Context.set_options` returns the new options value.

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

794

"""

795

context = Context(TLSv1_METHOD)

796

options = context.set_options(OP_NO_SSLv2)

Alex Gaynor

2310f8b

2016-09-10 14:39:32 -0400

[diff] [blame]

797

assert options & OP_NO_SSLv2 == OP_NO_SSLv2

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

798

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

799

def test_set_mode_wrong_args(self):

800

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

801

`Context.set_mode` raises `TypeError` if called with

802

a non-`int` argument.

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

803

"""

804

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

805

with pytest.raises(TypeError):

806

context.set_mode(None)

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

807

Alex Gaynor

d3b5d9b

2016-07-31 10:54:24 -0400

[diff] [blame]

808

def test_set_mode(self):

809

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

810

`Context.set_mode` accepts a mode bitvector and returns the

Alex Gaynor

d3b5d9b

2016-07-31 10:54:24 -0400

[diff] [blame]

811

newly set mode.

812

"""

813

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

814

assert MODE_RELEASE_BUFFERS & context.set_mode(MODE_RELEASE_BUFFERS)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

815

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

816

def test_set_timeout_wrong_args(self):

817

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

818

`Context.set_timeout` raises `TypeError` if called with

819

a non-`int` argument.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

820

"""

821

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

822

with pytest.raises(TypeError):

823

context.set_timeout(None)

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

824

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

825

def test_timeout(self):

826

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

827

`Context.set_timeout` sets the session timeout for all connections

828

created using the context object. `Context.get_timeout` retrieves

829

this value.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

830

"""

831

context = Context(TLSv1_METHOD)

832

context.set_timeout(1234)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

833

assert context.get_timeout() == 1234

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

834

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

835

def test_set_verify_depth_wrong_args(self):

836

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

837

`Context.set_verify_depth` raises `TypeError` if called with a

838

non-`int` argument.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

839

"""

840

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

841

with pytest.raises(TypeError):

842

context.set_verify_depth(None)

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

843

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

844

def test_verify_depth(self):

845

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

846

`Context.set_verify_depth` sets the number of certificates in

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

847

a chain to follow before giving up. The value can be retrieved with

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

848

`Context.get_verify_depth`.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

849

"""

850

context = Context(TLSv1_METHOD)

851

context.set_verify_depth(11)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

852

assert context.get_verify_depth() == 11

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

853

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

854

def _write_encrypted_pem(self, passphrase, tmpfile):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

855

"""

856

Write a new private key out to a new file, encrypted using the given

857

passphrase. Return the path to the new file.

858

"""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

859

key = PKey()

Alex Gaynor

6e9f976

2018-05-12 07:44:37 -0400

[diff] [blame]

860

key.generate_key(TYPE_RSA, 512)

Jean-Paul Calderone

a986883

2010-08-22 21:38:34 -0400

[diff] [blame]

861

pem = dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

862

with open(tmpfile, "w") as fObj:

863

fObj.write(pem.decode("ascii"))

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

864

return tmpfile

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

865

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

866

def test_set_passwd_cb_wrong_args(self):

867

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

868

`Context.set_passwd_cb` raises `TypeError` if called with a

869

non-callable first argument.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

870

"""

871

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

872

with pytest.raises(TypeError):

873

context.set_passwd_cb(None)

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

874

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

875

def test_set_passwd_cb(self, tmpfile):

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

876

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

877

`Context.set_passwd_cb` accepts a callable which will be invoked when

878

a private key is loaded from an encrypted PEM.

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

879

"""

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

880

passphrase = b"foobar"

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

881

pemFile = self._write_encrypted_pem(passphrase, tmpfile)

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

882

calledWith = []

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

883

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

884

def passphraseCallback(maxlen, verify, extra):

885

calledWith.append((maxlen, verify, extra))

886

return passphrase

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

887

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

888

context = Context(TLSv1_METHOD)

889

context.set_passwd_cb(passphraseCallback)

890

context.use_privatekey_file(pemFile)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

891

assert len(calledWith) == 1

892

assert isinstance(calledWith[0][0], int)

893

assert isinstance(calledWith[0][1], int)

894

assert calledWith[0][2] is None

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

895

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

896

def test_passwd_callback_exception(self, tmpfile):

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

897

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

898

`Context.use_privatekey_file` propagates any exception raised

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

899

by the passphrase callback.

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

900

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

901

pemFile = self._write_encrypted_pem(b"monkeys are nice", tmpfile)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

902

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

903

def passphraseCallback(maxlen, verify, extra):

904

raise RuntimeError("Sorry, I am a fail.")

905

906

context = Context(TLSv1_METHOD)

907

context.set_passwd_cb(passphraseCallback)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

908

with pytest.raises(RuntimeError):

909

context.use_privatekey_file(pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

910

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

911

def test_passwd_callback_false(self, tmpfile):

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

912

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

913

`Context.use_privatekey_file` raises `OpenSSL.SSL.Error` if the

914

passphrase callback returns a false value.

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

915

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

916

pemFile = self._write_encrypted_pem(b"monkeys are nice", tmpfile)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

917

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

918

def passphraseCallback(maxlen, verify, extra):

Jean-Paul Calderone

4f0467a

2014-01-11 11:58:41 -0500

[diff] [blame]

919

return b""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

920

921

context = Context(TLSv1_METHOD)

922

context.set_passwd_cb(passphraseCallback)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

923

with pytest.raises(Error):

924

context.use_privatekey_file(pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

925

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

926

def test_passwd_callback_non_string(self, tmpfile):

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

927

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

928

`Context.use_privatekey_file` raises `OpenSSL.SSL.Error` if the

929

passphrase callback returns a true non-string value.

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

930

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

931

pemFile = self._write_encrypted_pem(b"monkeys are nice", tmpfile)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

932

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

933

def passphraseCallback(maxlen, verify, extra):

934

return 10

935

936

context = Context(TLSv1_METHOD)

937

context.set_passwd_cb(passphraseCallback)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

938

# TODO: Surely this is the wrong error?

939

with pytest.raises(ValueError):

940

context.use_privatekey_file(pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

941

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

942

def test_passwd_callback_too_long(self, tmpfile):

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

943

"""

944

If the passphrase returned by the passphrase callback returns a string

945

longer than the indicated maximum length, it is truncated.

946

"""

947

# A priori knowledge!

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

948

passphrase = b"x" * 1024

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

949

pemFile = self._write_encrypted_pem(passphrase, tmpfile)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

950

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

951

def passphraseCallback(maxlen, verify, extra):

952

assert maxlen == 1024

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

953

return passphrase + b"y"

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

954

955

context = Context(TLSv1_METHOD)

956

context.set_passwd_cb(passphraseCallback)

957

# This shall succeed because the truncated result is the correct

958

# passphrase.

959

context.use_privatekey_file(pemFile)

960

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

961

def test_set_info_callback(self):

962

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

963

`Context.set_info_callback` accepts a callable which will be

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

964

invoked when certain information about an SSL connection is available.

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

965

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

966

(server, client) = socket_pair()

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

967

968

clientSSL = Connection(Context(TLSv1_METHOD), client)

969

clientSSL.set_connect_state()

970

971

called = []

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

972

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

973

def info(conn, where, ret):

974

called.append((conn, where, ret))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

975

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

976

context = Context(TLSv1_METHOD)

977

context.set_info_callback(info)

978

context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

979

load_certificate(FILETYPE_PEM, cleartextCertificatePEM)

980

)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

981

context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

982

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)

983

)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

984

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

985

serverSSL = Connection(context, server)

986

serverSSL.set_accept_state()

987

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

988

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

989

Jean-Paul Calderone

3835e52

2014-02-02 11:12:30 -0500

[diff] [blame]

990

# The callback must always be called with a Connection instance as the

991

# first argument. It would probably be better to split this into

992

# separate tests for client and server side info callbacks so we could

993

# assert it is called with the right Connection instance. It would

994

# also be good to assert *something* about `where` and `ret`.

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

995

notConnections = [

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

996

conn

997

for (conn, where, ret) in called

998

if not isinstance(conn, Connection)

]

assert (

[] == notConnections

), "Some info callback arguments were not Connection instances."

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1003

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1004

def _load_verify_locations_test(self, *args):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

1005

"""

1006

Create a client context which will verify the peer certificate and call

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1007

its `load_verify_locations` method with the given arguments.

Jean-Paul Calderone

64efa2c

2011-09-11 10:00:09 -0400

[diff] [blame]

1008

Then connect it to a server and ensure that the handshake succeeds.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

1009

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

1010

(server, client) = socket_pair()

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1011

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1012

clientContext = Context(TLSv1_METHOD)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1013

clientContext.load_verify_locations(*args)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1014

# Require that the server certificate verify properly or the

1015

# connection will fail.

1016

clientContext.set_verify(

1017

VERIFY_PEER,

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1018

lambda conn, cert, errno, depth, preverify_ok: preverify_ok,

1019

)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1020

1021

clientSSL = Connection(clientContext, client)

1022

clientSSL.set_connect_state()

1023

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1024

serverContext = Context(TLSv1_METHOD)

1025

serverContext.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1026

load_certificate(FILETYPE_PEM, cleartextCertificatePEM)

1027

)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1028

serverContext.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1029

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)

1030

)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1031

1032

serverSSL = Connection(serverContext, server)

1033

serverSSL.set_accept_state()

1034

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

1035

# Without load_verify_locations above, the handshake

1036

# will fail:

1037

# Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',

1038

# 'certificate verify failed')]

1039

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1040

1041

cert = clientSSL.get_peer_certificate()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1042

assert cert.get_subject().CN == "Testing Root CA"

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

1043

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1044

def _load_verify_cafile(self, cafile):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1045

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1046

Verify that if path to a file containing a certificate is passed to

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1047

`Context.load_verify_locations` for the ``cafile`` parameter, that

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1048

certificate is used as a trust root for the purposes of verifying

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1049

connections created using that `Context`.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1050

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1051

with open(cafile, "w") as fObj:

1052

fObj.write(cleartextCertificatePEM.decode("ascii"))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1053

1054

self._load_verify_locations_test(cafile)

1055

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1056

def test_load_verify_bytes_cafile(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1057

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1058

`Context.load_verify_locations` accepts a file name as a `bytes`

1059

instance and uses the certificates within for verification purposes.

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1060

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1061

cafile = tmpfile + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1062

self._load_verify_cafile(cafile)

1063

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1064

def test_load_verify_unicode_cafile(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1065

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1066

`Context.load_verify_locations` accepts a file name as a `unicode`

1067

instance and uses the certificates within for verification purposes.

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1068

"""

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1069

self._load_verify_cafile(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1070

tmpfile.decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1071

)

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1072

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1073

def test_load_verify_invalid_file(self, tmpfile):

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

1074

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1075

`Context.load_verify_locations` raises `Error` when passed a

1076

non-existent cafile.

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

1077

"""

1078

clientContext = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1079

with pytest.raises(Error):

1080

clientContext.load_verify_locations(tmpfile)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1081

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1082

def _load_verify_directory_locations_capath(self, capath):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1083

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1084

Verify that if path to a directory containing certificate files is

1085

passed to ``Context.load_verify_locations`` for the ``capath``

1086

parameter, those certificates are used as trust roots for the purposes

1087

of verifying connections created using that ``Context``.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1088

"""

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1089

makedirs(capath)

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

1090

# Hash values computed manually with c_rehash to avoid depending on

1091

# c_rehash in the test suite. One is from OpenSSL 0.9.8, the other

1092

# from OpenSSL 1.0.0.

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1093

for name in [b"c7adac82.0", b"c3705638.0"]:

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

1094

cafile = join_bytes_or_unicode(capath, name)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1095

with open(cafile, "w") as fObj:

1096

fObj.write(cleartextCertificatePEM.decode("ascii"))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1097

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1098

self._load_verify_locations_test(None, capath)

1099

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1100

def test_load_verify_directory_bytes_capath(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1101

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1102

`Context.load_verify_locations` accepts a directory name as a `bytes`

1103

instance and uses the certificates within for verification purposes.

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1104

"""

1105

self._load_verify_directory_locations_capath(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1106

tmpfile + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1107

)

1108

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1109

def test_load_verify_directory_unicode_capath(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1110

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1111

`Context.load_verify_locations` accepts a directory name as a `unicode`

1112

instance and uses the certificates within for verification purposes.

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1113

"""

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1114

self._load_verify_directory_locations_capath(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1115

tmpfile.decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1116

)

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1117

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1118

def test_load_verify_locations_wrong_args(self):

1119

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1120

`Context.load_verify_locations` raises `TypeError` if with non-`str`

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

1121

arguments.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1122

"""

1123

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1124

with pytest.raises(TypeError):

1125

context.load_verify_locations(object())

1126

with pytest.raises(TypeError):

1127

context.load_verify_locations(object(), object())

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1128

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1129

@pytest.mark.skipif(

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1130

not platform.startswith("linux"),

1131

reason="Loading fallback paths is a linux-specific behavior to "

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1132

"accommodate pyca/cryptography manylinux1 wheels",

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1133

)

1134

def test_fallback_default_verify_paths(self, monkeypatch):

1135

"""

1136

Test that we load certificates successfully on linux from the fallback

1137

path. To do this we set the _CRYPTOGRAPHY_MANYLINUX1_CA_FILE and

1138

_CRYPTOGRAPHY_MANYLINUX1_CA_DIR vars to be equal to whatever the

1139

current OpenSSL default is and we disable

1140

SSL_CTX_SET_default_verify_paths so that it can't find certs unless

1141

it loads via fallback.

1142

"""

1143

context = Context(TLSv1_METHOD)

1144

monkeypatch.setattr(

1145

_lib, "SSL_CTX_set_default_verify_paths", lambda x: 1

)

monkeypatch.setattr(

SSL,

"_CRYPTOGRAPHY_MANYLINUX1_CA_FILE",

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1150

_ffi.string(_lib.X509_get_default_cert_file()),

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

)

monkeypatch.setattr(

SSL,

"_CRYPTOGRAPHY_MANYLINUX1_CA_DIR",

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1155

_ffi.string(_lib.X509_get_default_cert_dir()),

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1156

)

1157

context.set_default_verify_paths()

1158

store = context.get_cert_store()

1159

sk_obj = _lib.X509_STORE_get0_objects(store._store)

1160

assert sk_obj != _ffi.NULL

1161

num = _lib.sk_X509_OBJECT_num(sk_obj)

1162

assert num != 0

1163

1164

def test_check_env_vars(self, monkeypatch):

1165

"""

1166

Test that we return True/False appropriately if the env vars are set.

1167

"""

1168

context = Context(TLSv1_METHOD)

1169

dir_var = "CUSTOM_DIR_VAR"

1170

file_var = "CUSTOM_FILE_VAR"

1171

assert context._check_env_vars_set(dir_var, file_var) is False

1172

monkeypatch.setenv(dir_var, "value")

1173

monkeypatch.setenv(file_var, "value")

1174

assert context._check_env_vars_set(dir_var, file_var) is True

1175

assert context._check_env_vars_set(dir_var, file_var) is True

1176

1177

def test_verify_no_fallback_if_env_vars_set(self, monkeypatch):

1178

"""

1179

Test that we don't use the fallback path if env vars are set.

1180

"""

1181

context = Context(TLSv1_METHOD)

1182

monkeypatch.setattr(

1183

_lib, "SSL_CTX_set_default_verify_paths", lambda x: 1

1184

)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1185

dir_env_var = _ffi.string(_lib.X509_get_default_cert_dir_env()).decode(

1186

"ascii"

1187

)

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1188

file_env_var = _ffi.string(

1189

_lib.X509_get_default_cert_file_env()

1190

).decode("ascii")

1191

monkeypatch.setenv(dir_env_var, "value")

1192

monkeypatch.setenv(file_env_var, "value")

1193

context.set_default_verify_paths()

1194

1195

monkeypatch.setattr(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1196

context, "_fallback_default_verify_paths", raiser(SystemError)

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1197

)

1198

context.set_default_verify_paths()

1199

1200

@pytest.mark.skipif(

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1201

platform == "win32",

1202

reason="set_default_verify_paths appears not to work on Windows. "

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1203

"See LP#404343 and LP#404344.",

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1204

)

1205

def test_set_default_verify_paths(self):

1206

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1207

`Context.set_default_verify_paths` causes the platform-specific CA

1208

certificate locations to be used for verification purposes.

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1209

"""

1210

# Testing this requires a server with a certificate signed by one

1211

# of the CAs in the platform CA location. Getting one of those

1212

# costs money. Fortunately (or unfortunately, depending on your

1213

# perspective), it's easy to think of a public server on the

1214

# internet which has such a certificate. Connecting to the network

1215

# in a unit test is bad, but it's the only way I can think of to

1216

# really test this. -exarkun

Hynek Schlawack

bf88793

2015-10-21 17:13:47 +0200

[diff] [blame]

1217

context = Context(SSLv23_METHOD)

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1218

context.set_default_verify_paths()

1219

context.set_verify(

1220

VERIFY_PEER,

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1221

lambda conn, cert, errno, depth, preverify_ok: preverify_ok,

1222

)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1223

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

1224

client = socket_any_family()

Hynek Schlawack

bf88793

2015-10-21 17:13:47 +0200

[diff] [blame]

1225

client.connect(("encrypted.google.com", 443))

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1226

clientSSL = Connection(context, client)

1227

clientSSL.set_connect_state()

Alex Gaynor

373926c

2018-05-12 07:43:07 -0400

[diff] [blame]

1228

clientSSL.set_tlsext_host_name(b"encrypted.google.com")

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1229

clientSSL.do_handshake()

1230

clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1231

assert clientSSL.recv(1024)

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

1232

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1233

def test_fallback_path_is_not_file_or_dir(self):

1234

"""

1235

Test that when passed empty arrays or paths that do not exist no

1236

errors are raised.

1237

"""

1238

context = Context(TLSv1_METHOD)

1239

context._fallback_default_verify_paths([], [])

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1240

context._fallback_default_verify_paths(["/not/a/file"], ["/not/a/dir"])

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1241

Jean-Paul Calderone

12608a8

2009-11-07 10:35:15 -0500

[diff] [blame]

1242

def test_add_extra_chain_cert_invalid_cert(self):

1243

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1244

`Context.add_extra_chain_cert` raises `TypeError` if called with an

1245

object which is not an instance of `X509`.

Jean-Paul Calderone

12608a8

2009-11-07 10:35:15 -0500

[diff] [blame]

1246

"""

1247

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1248

with pytest.raises(TypeError):

1249

context.add_extra_chain_cert(object())

Jean-Paul Calderone

12608a8

2009-11-07 10:35:15 -0500

[diff] [blame]

1250

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1251

def _handshake_test(self, serverContext, clientContext):

1252

"""

1253

Verify that a client and server created with the given contexts can

1254

successfully handshake and communicate.

1255

"""

1256

serverSocket, clientSocket = socket_pair()

1257

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1258

server = Connection(serverContext, serverSocket)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1259

server.set_accept_state()

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1260

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1261

client = Connection(clientContext, clientSocket)

1262

client.set_connect_state()

1263

1264

# Make them talk to each other.

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1265

# interact_in_memory(client, server)

1266

for _ in range(3):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1267

for s in [client, server]:

1268

try:

1269

s.do_handshake()

1270

except WantReadError:

1271

pass

1272

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1273

def test_set_verify_callback_connection_argument(self):

1274

"""

1275

The first argument passed to the verify callback is the

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1276

`Connection` instance for which verification is taking place.

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1277

"""

1278

serverContext = Context(TLSv1_METHOD)

1279

serverContext.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1280

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)

1281

)

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1282

serverContext.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1283

load_certificate(FILETYPE_PEM, cleartextCertificatePEM)

1284

)

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1285

serverConnection = Connection(serverContext, None)

1286

1287

class VerifyCallback(object):

1288

def callback(self, connection, *args):

1289

self.connection = connection

1290

return 1

1291

1292

verify = VerifyCallback()

1293

clientContext = Context(TLSv1_METHOD)

1294

clientContext.set_verify(VERIFY_PEER, verify.callback)

1295

clientConnection = Connection(clientContext, None)

1296

clientConnection.set_connect_state()

1297

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1298

handshake_in_memory(clientConnection, serverConnection)

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1299

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1300

assert verify.connection is clientConnection

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1301

Paul Kehrer

e738186

2017-11-30 20:55:25 +0800

[diff] [blame]

1302

def test_x509_in_verify_works(self):

1303

"""

1304

We had a bug where the X509 cert instantiated in the callback wrapper

1305

didn't __init__ so it was missing objects needed when calling

1306

get_subject. This test sets up a handshake where we call get_subject

1307

on the cert provided to the verify callback.

1308

"""

1309

serverContext = Context(TLSv1_METHOD)

1310

serverContext.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1311

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)

1312

)

Paul Kehrer

e738186

2017-11-30 20:55:25 +0800

[diff] [blame]

1313

serverContext.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1314

load_certificate(FILETYPE_PEM, cleartextCertificatePEM)

1315

)

Paul Kehrer

e738186

2017-11-30 20:55:25 +0800

[diff] [blame]

1316

serverConnection = Connection(serverContext, None)

1317

1318

def verify_cb_get_subject(conn, cert, errnum, depth, ok):

1319

assert cert.get_subject()

1320

return 1

1321

1322

clientContext = Context(TLSv1_METHOD)

1323

clientContext.set_verify(VERIFY_PEER, verify_cb_get_subject)

1324

clientConnection = Connection(clientContext, None)

1325

clientConnection.set_connect_state()

1326

1327

handshake_in_memory(clientConnection, serverConnection)

1328

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1329

def test_set_verify_callback_exception(self):

1330

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1331

If the verify callback passed to `Context.set_verify` raises an

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1332

exception, verification fails and the exception is propagated to the

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1333

caller of `Connection.do_handshake`.

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1334

"""

Paul Kehrer

2019-01-21 12:24:02 -0600

[diff] [blame]

1335

serverContext = Context(TLSv1_2_METHOD)

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1336

serverContext.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1337

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)

1338

)

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1339

serverContext.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1340

load_certificate(FILETYPE_PEM, cleartextCertificatePEM)

1341

)

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1342

Paul Kehrer

2019-01-21 12:24:02 -0600

[diff] [blame]

1343

clientContext = Context(TLSv1_2_METHOD)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

1344

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1345

def verify_callback(*args):

1346

raise Exception("silly verify failure")

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1347

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1348

clientContext.set_verify(VERIFY_PEER, verify_callback)

1349

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

1350

with pytest.raises(Exception) as exc:

1351

self._handshake_test(serverContext, clientContext)

1352

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1353

assert "silly verify failure" == str(exc.value)

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1354

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1355

def test_add_extra_chain_cert(self, tmpdir):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1356

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1357

`Context.add_extra_chain_cert` accepts an `X509`

Hynek Schlawack

4813c0e

2015-04-16 13:38:01 -0400

[diff] [blame]

1358

instance to add to the certificate chain.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1359

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1360

See `_create_certificate_chain` for the details of the

Hynek Schlawack

4813c0e

2015-04-16 13:38:01 -0400

[diff] [blame]

1361

certificate chain tested.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1362

1363

The chain is tested by starting a server with scert and connecting

1364

to it with a client which trusts cacert and requires verification to

1365

succeed.

1366

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1367

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1368

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1369

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1370

# Dump the CA certificate to a file because that's the only way to load

1371

# it as a trusted CA in the client context.

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

for cert, name in [

(cacert, "ca.pem"),

(icert, "i.pem"),

(scert, "s.pem"),

]:

with tmpdir.join(name).open("w") as f:

1378

f.write(dump_certificate(FILETYPE_PEM, cert).decode("ascii"))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1379

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1380

for key, name in [(cakey, "ca.key"), (ikey, "i.key"), (skey, "s.key")]:

1381

with tmpdir.join(name).open("w") as f:

1382

f.write(dump_privatekey(FILETYPE_PEM, key).decode("ascii"))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1383

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1384

# Create the server context

1385

serverContext = Context(TLSv1_METHOD)

1386

serverContext.use_privatekey(skey)

1387

serverContext.use_certificate(scert)

Jean-Paul Calderone

16cf03d

2010-09-08 18:53:39 -0400

[diff] [blame]

1388

# The client already has cacert, we only need to give them icert.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1389

serverContext.add_extra_chain_cert(icert)

1390

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1391

# Create the client

1392

clientContext = Context(TLSv1_METHOD)

1393

clientContext.set_verify(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1394

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb

1395

)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1396

clientContext.load_verify_locations(str(tmpdir.join("ca.pem")))

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1397

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1398

# Try it out.

1399

self._handshake_test(serverContext, clientContext)

1400

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1401

def _use_certificate_chain_file_test(self, certdir):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1402

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1403

Verify that `Context.use_certificate_chain_file` reads a

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1404

certificate chain from a specified file.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1405

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1406

The chain is tested by starting a server with scert and connecting to

1407

it with a client which trusts cacert and requires verification to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1408

succeed.

1409

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1410

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1411

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1412

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1413

makedirs(certdir)

1414

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

1415

chainFile = join_bytes_or_unicode(certdir, "chain.pem")

1416

caFile = join_bytes_or_unicode(certdir, "ca.pem")

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1417

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1418

# Write out the chain file.

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1419

with open(chainFile, "wb") as fObj:

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1420

# Most specific to least general.

1421

fObj.write(dump_certificate(FILETYPE_PEM, scert))

1422

fObj.write(dump_certificate(FILETYPE_PEM, icert))

1423

fObj.write(dump_certificate(FILETYPE_PEM, cacert))

1424

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1425

with open(caFile, "w") as fObj:

1426

fObj.write(dump_certificate(FILETYPE_PEM, cacert).decode("ascii"))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1427

1428

serverContext = Context(TLSv1_METHOD)

1429

serverContext.use_certificate_chain_file(chainFile)

1430

serverContext.use_privatekey(skey)

1431

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1432

clientContext = Context(TLSv1_METHOD)

1433

clientContext.set_verify(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1434

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb

1435

)

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1436

clientContext.load_verify_locations(caFile)

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1437

1438

self._handshake_test(serverContext, clientContext)

1439

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1440

def test_use_certificate_chain_file_bytes(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1441

"""

1442

``Context.use_certificate_chain_file`` accepts the name of a file (as

1443

an instance of ``bytes``) to specify additional certificates to use to

1444

construct and verify a trust chain.

1445

"""

1446

self._use_certificate_chain_file_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1447

tmpfile + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1448

)

1449

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1450

def test_use_certificate_chain_file_unicode(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1451

"""

1452

``Context.use_certificate_chain_file`` accepts the name of a file (as

1453

an instance of ``unicode``) to specify additional certificates to use

1454

to construct and verify a trust chain.

1455

"""

1456

self._use_certificate_chain_file_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1457

tmpfile.decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1458

)

1459

Jean-Paul Calderone

131052e

2013-03-05 11:56:19 -0800

[diff] [blame]

1460

def test_use_certificate_chain_file_wrong_args(self):

1461

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1462

`Context.use_certificate_chain_file` raises `TypeError` if passed a

1463

non-byte string single argument.

Jean-Paul Calderone

131052e

2013-03-05 11:56:19 -0800

[diff] [blame]

1464

"""

1465

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1466

with pytest.raises(TypeError):

1467

context.use_certificate_chain_file(object())

Jean-Paul Calderone

131052e

2013-03-05 11:56:19 -0800

[diff] [blame]

1468

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1469

def test_use_certificate_chain_file_missing_file(self, tmpfile):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1470

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1471

`Context.use_certificate_chain_file` raises `OpenSSL.SSL.Error` when

1472

passed a bad chain file name (for example, the name of a file which

1473

does not exist).

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1474

"""

1475

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1476

with pytest.raises(Error):

1477

context.use_certificate_chain_file(tmpfile)

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1478

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1479

def test_set_verify_mode(self):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1480

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1481

`Context.get_verify_mode` returns the verify mode flags previously

1482

passed to `Context.set_verify`.

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1483

"""

1484

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1485

assert context.get_verify_mode() == 0

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1486

context.set_verify(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1487

VERIFY_PEER | VERIFY_CLIENT_ONCE, lambda *args: None

1488

)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1489

assert context.get_verify_mode() == (VERIFY_PEER | VERIFY_CLIENT_ONCE)

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1490

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1491

@pytest.mark.parametrize("mode", [None, 1.0, object(), "mode"])

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1492

def test_set_verify_wrong_mode_arg(self, mode):

1493

"""

1494

`Context.set_verify` raises `TypeError` if the first argument is

1495

not an integer.

1496

"""

1497

context = Context(TLSv1_METHOD)

1498

with pytest.raises(TypeError):

1499

context.set_verify(mode=mode, callback=lambda *args: None)

1500

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1501

@pytest.mark.parametrize("callback", [None, 1.0, "mode", ("foo", "bar")])

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1502

def test_set_verify_wrong_callable_arg(self, callback):

1503

"""

Alex Gaynor

40bc0f1

2018-05-14 14:06:16 -0400

[diff] [blame]

1504

`Context.set_verify` raises `TypeError` if the second argument

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1505

is not callable.

1506

"""

1507

context = Context(TLSv1_METHOD)

1508

with pytest.raises(TypeError):

1509

context.set_verify(mode=VERIFY_PEER, callback=callback)

1510

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1511

def test_load_tmp_dh_wrong_args(self):

1512

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1513

`Context.load_tmp_dh` raises `TypeError` if called with a

1514

non-`str` argument.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1515

"""

1516

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1517

with pytest.raises(TypeError):

1518

context.load_tmp_dh(object())

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1519

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1520

def test_load_tmp_dh_missing_file(self):

1521

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1522

`Context.load_tmp_dh` raises `OpenSSL.SSL.Error` if the

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

1523

specified file does not exist.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1524

"""

1525

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1526

with pytest.raises(Error):

1527

context.load_tmp_dh(b"hello")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1528

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1529

def _load_tmp_dh_test(self, dhfilename):

Jean-Paul Calderone

4e0c43f

2015-04-13 10:15:17 -0400

[diff] [blame]

1530

"""

1531

Verify that calling ``Context.load_tmp_dh`` with the given filename

1532

does not raise an exception.

1533

"""

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1534

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1535

with open(dhfilename, "w") as dhfile:

1536

dhfile.write(dhparam)

1537

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1538

context.load_tmp_dh(dhfilename)

1539

# XXX What should I assert here? -exarkun

1540

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1541

def test_load_tmp_dh_bytes(self, tmpfile):

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1542

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1543

`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1544

specified file (given as ``bytes``).

1545

"""

1546

self._load_tmp_dh_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1547

tmpfile + NON_ASCII.encode(getfilesystemencoding()),

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1548

)

1549

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1550

def test_load_tmp_dh_unicode(self, tmpfile):

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1551

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1552

`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1553

specified file (given as ``unicode``).

1554

"""

1555

self._load_tmp_dh_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1556

tmpfile.decode(getfilesystemencoding()) + NON_ASCII,

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1557

)

1558

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1559

def test_set_tmp_ecdh(self):

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1560

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1561

`Context.set_tmp_ecdh` sets the elliptic curve for Diffie-Hellman to

1562

the specified curve.

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1563

"""

1564

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1565

for curve in get_elliptic_curves():

Hynek Schlawack

a07fa8c

2015-10-17 10:15:28 +0200

[diff] [blame]

1566

if curve.name.startswith(u"Oakley-"):

Hynek Schlawack

7408aff

2015-10-17 09:51:16 +0200

[diff] [blame]

1567

# Setting Oakley-EC2N-4 and Oakley-EC2N-3 adds

1568

# ('bignum routines', 'BN_mod_inverse', 'no inverse') to the

1569

# error queue on OpenSSL 1.0.2.

1570

continue

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1571

# The only easily "assertable" thing is that it does not raise an

1572

# exception.

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1573

context.set_tmp_ecdh(curve)

Alex Gaynor

12dc084

2014-01-17 12:51:31 -0600

[diff] [blame]

1574

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1575

def test_set_session_cache_mode_wrong_args(self):

1576

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1577

`Context.set_session_cache_mode` raises `TypeError` if called with

1578

a non-integer argument.

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1579

called with other than one integer argument.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1580

"""

1581

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1582

with pytest.raises(TypeError):

1583

context.set_session_cache_mode(object())

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1584

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1585

def test_session_cache_mode(self):

1586

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1587

`Context.set_session_cache_mode` specifies how sessions are cached.

1588

The setting can be retrieved via `Context.get_session_cache_mode`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1589

"""

1590

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1591

context.set_session_cache_mode(SESS_CACHE_OFF)

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1592

off = context.set_session_cache_mode(SESS_CACHE_BOTH)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1593

assert SESS_CACHE_OFF == off

1594

assert SESS_CACHE_BOTH == context.get_session_cache_mode()

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1595

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1596

def test_get_cert_store(self):

1597

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1598

`Context.get_cert_store` returns a `X509Store` instance.

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1599

"""

1600

context = Context(TLSv1_METHOD)

1601

store = context.get_cert_store()

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1602

assert isinstance(store, X509Store)

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1603

Jeremy Lainé

2018-05-16 18:33:25 +0200

[diff] [blame]

1604

def test_set_tlsext_use_srtp_not_bytes(self):

1605

"""

1606

`Context.set_tlsext_use_srtp' enables negotiating SRTP keying material.

1607

1608

It raises a TypeError if the list of profiles is not a byte string.

1609

"""

1610

context = Context(TLSv1_METHOD)

1611

with pytest.raises(TypeError):

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1612

context.set_tlsext_use_srtp(text_type("SRTP_AES128_CM_SHA1_80"))

Jeremy Lainé

2018-05-16 18:33:25 +0200

[diff] [blame]

1613

1614

def test_set_tlsext_use_srtp_invalid_profile(self):

1615

"""

1616

`Context.set_tlsext_use_srtp' enables negotiating SRTP keying material.

1617

1618

It raises an Error if the call to OpenSSL fails.

1619

"""

1620

context = Context(TLSv1_METHOD)

1621

with pytest.raises(Error):

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1622

context.set_tlsext_use_srtp(b"SRTP_BOGUS")

Jeremy Lainé

2018-05-16 18:33:25 +0200

[diff] [blame]

1623

1624

def test_set_tlsext_use_srtp_valid(self):

1625

"""

1626

`Context.set_tlsext_use_srtp' enables negotiating SRTP keying material.

1627

1628

It does not return anything.

1629

"""

1630

context = Context(TLSv1_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1631

assert context.set_tlsext_use_srtp(b"SRTP_AES128_CM_SHA1_80") is None

Jeremy Lainé

2018-05-16 18:33:25 +0200

[diff] [blame]

1632

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1633

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1634

class TestServerNameCallback(object):

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1635

"""

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1636

Tests for `Context.set_tlsext_servername_callback` and its

1637

interaction with `Connection`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1638

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1639

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1640

def test_old_callback_forgotten(self):

1641

"""

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1642

If `Context.set_tlsext_servername_callback` is used to specify

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1643

a new callback, the one it replaces is dereferenced.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1644

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1645

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1646

def callback(connection): # pragma: no cover

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1647

pass

1648

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1649

def replacement(connection): # pragma: no cover

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1650

pass

1651

1652

context = Context(TLSv1_METHOD)

1653

context.set_tlsext_servername_callback(callback)

1654

1655

tracker = ref(callback)

1656

del callback

1657

1658

context.set_tlsext_servername_callback(replacement)

Jean-Paul Calderone

d4033eb

2014-01-11 08:21:46 -0500

[diff] [blame]

1659

1660

# One run of the garbage collector happens to work on CPython. PyPy

1661

# doesn't collect the underlying object until a second run for whatever

1662

# reason. That's fine, it still demonstrates our code has properly

1663

# dropped the reference.

1664

collect()

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1665

collect()

Jean-Paul Calderone

4c1aacd

2014-01-11 08:15:17 -0500

[diff] [blame]

1666

1667

callback = tracker()

1668

if callback is not None:

1669

referrers = get_referrers(callback)

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1670

if len(referrers) > 1: # pragma: nocover

1671

pytest.fail("Some references remain: %r" % (referrers,))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1672

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1673

def test_no_servername(self):

1674

"""

1675

When a client specifies no server name, the callback passed to

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1676

`Context.set_tlsext_servername_callback` is invoked and the

1677

result of `Connection.get_servername` is `None`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1678

"""

1679

args = []

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1680

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1681

def servername(conn):

1682

args.append((conn, conn.get_servername()))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1683

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1684

context = Context(TLSv1_METHOD)

1685

context.set_tlsext_servername_callback(servername)

1686

1687

# Lose our reference to it. The Context is responsible for keeping it

# alive now.

del servername

collect()

# Necessary to actually accept the connection

1693

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1694

context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1695

load_certificate(FILETYPE_PEM, server_cert_pem)

1696

)

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1697

1698

# Do a little connection to trigger the logic

1699

server = Connection(context, None)

1700

server.set_accept_state()

1701

1702

client = Connection(Context(TLSv1_METHOD), None)

1703

client.set_connect_state()

1704

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1705

interact_in_memory(server, client)

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1706

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1707

assert args == [(server, None)]

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1708

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1709

def test_servername(self):

1710

"""

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1711

When a client specifies a server name in its hello message, the

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1712

callback passed to `Contexts.set_tlsext_servername_callback` is

1713

invoked and the result of `Connection.get_servername` is that

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1714

server name.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1715

"""

1716

args = []

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1717

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1718

def servername(conn):

1719

args.append((conn, conn.get_servername()))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1720

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1721

context = Context(TLSv1_METHOD)

1722

context.set_tlsext_servername_callback(servername)

1723

1724

# Necessary to actually accept the connection

1725

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1726

context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1727

load_certificate(FILETYPE_PEM, server_cert_pem)

1728

)

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1729

1730

# Do a little connection to trigger the logic

1731

server = Connection(context, None)

1732

server.set_accept_state()

1733

1734

client = Connection(Context(TLSv1_METHOD), None)

1735

client.set_connect_state()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

1736

client.set_tlsext_host_name(b"foo1.example.com")

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1737

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1738

interact_in_memory(server, client)

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1739

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1740

assert args == [(server, b"foo1.example.com")]

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1741

1742

Paul Kehrer

4d57590

2019-02-26 21:42:12 +0800

[diff] [blame]

1743

@pytest.mark.skipif(

1744

not _lib.Cryptography_HAS_NEXTPROTONEG, reason="NPN is not available"

1745

)

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1746

class TestNextProtoNegotiation(object):

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1747

"""

1748

Test for Next Protocol Negotiation in PyOpenSSL.

1749

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1750

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1751

def test_npn_success(self):

1752

"""

1753

Tests that clients and servers that agree on the negotiated next

1754

protocol can correct establish a connection, and that the agreed

1755

protocol is reported by the connections.

"""

advertise_args = []

select_args = []

def advertise(conn):

advertise_args.append((conn,))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1762

return [b"http/1.1", b"spdy/2"]

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1763

1764

def select(conn, options):

1765

select_args.append((conn, options))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1766

return b"spdy/2"

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1767

1768

server_context = Context(TLSv1_METHOD)

1769

server_context.set_npn_advertise_callback(advertise)

1770

1771

client_context = Context(TLSv1_METHOD)

1772

client_context.set_npn_select_callback(select)

1773

1774

# Necessary to actually accept the connection

1775

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1776

load_privatekey(FILETYPE_PEM, server_key_pem)

1777

)

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1778

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1779

load_certificate(FILETYPE_PEM, server_cert_pem)

1780

)

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1781

1782

# Do a little connection to trigger the logic

1783

server = Connection(server_context, None)

1784

server.set_accept_state()

1785

1786

client = Connection(client_context, None)

1787

client.set_connect_state()

1788

1789

interact_in_memory(server, client)

1790

1791

assert advertise_args == [(server,)]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1792

assert select_args == [(client, [b"http/1.1", b"spdy/2"])]

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1793

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1794

assert server.get_next_proto_negotiated() == b"spdy/2"

1795

assert client.get_next_proto_negotiated() == b"spdy/2"

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1796

1797

def test_npn_client_fail(self):

1798

"""

1799

Tests that when clients and servers cannot agree on what protocol

1800

to use next that the TLS connection does not get established.

"""

advertise_args = []

select_args = []

def advertise(conn):

advertise_args.append((conn,))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1807

return [b"http/1.1", b"spdy/2"]

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1808

1809

def select(conn, options):

1810

select_args.append((conn, options))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1811

return b""

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1812

1813

server_context = Context(TLSv1_METHOD)

1814

server_context.set_npn_advertise_callback(advertise)

1815

1816

client_context = Context(TLSv1_METHOD)

1817

client_context.set_npn_select_callback(select)

1818

1819

# Necessary to actually accept the connection

1820

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1821

load_privatekey(FILETYPE_PEM, server_key_pem)

1822

)

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1823

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1824

load_certificate(FILETYPE_PEM, server_cert_pem)

1825

)

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1826

1827

# Do a little connection to trigger the logic

1828

server = Connection(server_context, None)

1829

server.set_accept_state()

1830

1831

client = Connection(client_context, None)

1832

client.set_connect_state()

1833

1834

# If the client doesn't return anything, the connection will fail.

1835

with pytest.raises(Error):

1836

interact_in_memory(server, client)

1837

1838

assert advertise_args == [(server,)]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1839

assert select_args == [(client, [b"http/1.1", b"spdy/2"])]

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1840

1841

def test_npn_select_error(self):

1842

"""

1843

Test that we can handle exceptions in the select callback. If

1844

select fails it should be fatal to the connection.

"""

advertise_args = []

def advertise(conn):

advertise_args.append((conn,))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1850

return [b"http/1.1", b"spdy/2"]

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1851

1852

def select(conn, options):

1853

raise TypeError

1854

1855

server_context = Context(TLSv1_METHOD)

1856

server_context.set_npn_advertise_callback(advertise)

1857

1858

client_context = Context(TLSv1_METHOD)

1859

client_context.set_npn_select_callback(select)

1860

1861

# Necessary to actually accept the connection

1862

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1863

load_privatekey(FILETYPE_PEM, server_key_pem)

1864

)

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1865

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1866

load_certificate(FILETYPE_PEM, server_cert_pem)

1867

)

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1868

1869

# Do a little connection to trigger the logic

1870

server = Connection(server_context, None)

1871

server.set_accept_state()

1872

1873

client = Connection(client_context, None)

1874

client.set_connect_state()

1875

1876

# If the callback throws an exception it should be raised here.

1877

with pytest.raises(TypeError):

1878

interact_in_memory(server, client)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1879

assert advertise_args == [

1880

(server,),

1881

]

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1882

1883

def test_npn_advertise_error(self):

1884

"""

1885

Test that we can handle exceptions in the advertise callback. If

1886

advertise fails no NPN is advertised to the client.

"""

select_args = []

def advertise(conn):

raise TypeError

def select(conn, options): # pragma: nocover

Cory Benfield

ba1820d

2015-04-13 17:39:12 -0400

[diff] [blame]

1894

"""

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1895

Assert later that no args are actually appended.

Cory Benfield

ba1820d

2015-04-13 17:39:12 -0400

[diff] [blame]

1896

"""

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1897

select_args.append((conn, options))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1898

return b""

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1899

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1900

server_context = Context(TLSv1_METHOD)

1901

server_context.set_npn_advertise_callback(advertise)

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1902

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1903

client_context = Context(TLSv1_METHOD)

1904

client_context.set_npn_select_callback(select)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1905

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1906

# Necessary to actually accept the connection

1907

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1908

load_privatekey(FILETYPE_PEM, server_key_pem)

1909

)

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1910

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1911

load_certificate(FILETYPE_PEM, server_cert_pem)

1912

)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1913

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1914

# Do a little connection to trigger the logic

1915

server = Connection(server_context, None)

1916

server.set_accept_state()

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1917

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1918

client = Connection(client_context, None)

1919

client.set_connect_state()

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1920

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1921

# If the client doesn't return anything, the connection will fail.

1922

with pytest.raises(TypeError):

1923

interact_in_memory(server, client)

1924

assert select_args == []

Cory Benfield

0ea76e7

2015-03-22 09:05:28 +0000

[diff] [blame]

1925

1926

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1927

class TestApplicationLayerProtoNegotiation(object):

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1928

"""

1929

Tests for ALPN in PyOpenSSL.

1930

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1931

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1932

def test_alpn_success(self):

1933

"""

1934

Clients and servers that agree on the negotiated ALPN protocol can

1935

correct establish a connection, and the agreed protocol is reported

1936

by the connections.

1937

"""

1938

select_args = []

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1939

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1940

def select(conn, options):

1941

select_args.append((conn, options))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1942

return b"spdy/2"

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1943

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1944

client_context = Context(TLSv1_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1945

client_context.set_alpn_protos([b"http/1.1", b"spdy/2"])

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1946

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1947

server_context = Context(TLSv1_METHOD)

1948

server_context.set_alpn_select_callback(select)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1949

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1950

# Necessary to actually accept the connection

1951

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1952

load_privatekey(FILETYPE_PEM, server_key_pem)

1953

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1954

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1955

load_certificate(FILETYPE_PEM, server_cert_pem)

1956

)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1957

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1958

# Do a little connection to trigger the logic

1959

server = Connection(server_context, None)

1960

server.set_accept_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1961

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1962

client = Connection(client_context, None)

1963

client.set_connect_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1964

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1965

interact_in_memory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1966

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1967

assert select_args == [(server, [b"http/1.1", b"spdy/2"])]

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1968

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1969

assert server.get_alpn_proto_negotiated() == b"spdy/2"

1970

assert client.get_alpn_proto_negotiated() == b"spdy/2"

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1971

1972

def test_alpn_set_on_connection(self):

1973

"""

1974

The same as test_alpn_success, but setting the ALPN protocols on

1975

the connection rather than the context.

"""

select_args = []

def select(conn, options):

1980

select_args.append((conn, options))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1981

return b"spdy/2"

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1982

1983

# Setup the client context but don't set any ALPN protocols.

1984

client_context = Context(TLSv1_METHOD)

1985

1986

server_context = Context(TLSv1_METHOD)

1987

server_context.set_alpn_select_callback(select)

1988

1989

# Necessary to actually accept the connection

1990

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1991

load_privatekey(FILETYPE_PEM, server_key_pem)

1992

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1993

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

1994

load_certificate(FILETYPE_PEM, server_cert_pem)

1995

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1996

1997

# Do a little connection to trigger the logic

1998

server = Connection(server_context, None)

1999

server.set_accept_state()

2000

2001

# Set the ALPN protocols on the client connection.

2002

client = Connection(client_context, None)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2003

client.set_alpn_protos([b"http/1.1", b"spdy/2"])

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2004

client.set_connect_state()

2005

2006

interact_in_memory(server, client)

2007

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2008

assert select_args == [(server, [b"http/1.1", b"spdy/2"])]

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2009

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2010

assert server.get_alpn_proto_negotiated() == b"spdy/2"

2011

assert client.get_alpn_proto_negotiated() == b"spdy/2"

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2012

2013

def test_alpn_server_fail(self):

2014

"""

2015

When clients and servers cannot agree on what protocol to use next

2016

the TLS connection does not get established.

"""

select_args = []

def select(conn, options):

2021

select_args.append((conn, options))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2022

return b""

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2023

2024

client_context = Context(TLSv1_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2025

client_context.set_alpn_protos([b"http/1.1", b"spdy/2"])

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2026

2027

server_context = Context(TLSv1_METHOD)

2028

server_context.set_alpn_select_callback(select)

2029

2030

# Necessary to actually accept the connection

2031

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2032

load_privatekey(FILETYPE_PEM, server_key_pem)

2033

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2034

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2035

load_certificate(FILETYPE_PEM, server_cert_pem)

2036

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2037

2038

# Do a little connection to trigger the logic

2039

server = Connection(server_context, None)

2040

server.set_accept_state()

2041

2042

client = Connection(client_context, None)

2043

client.set_connect_state()

2044

2045

# If the client doesn't return anything, the connection will fail.

2046

with pytest.raises(Error):

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

2047

interact_in_memory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2048

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2049

assert select_args == [(server, [b"http/1.1", b"spdy/2"])]

Cory Benfield

e46fa84

2015-04-13 16:50:49 -0400

[diff] [blame]

2050

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2051

def test_alpn_no_server_overlap(self):

2052

"""

2053

A server can allow a TLS handshake to complete without

2054

agreeing to an application protocol by returning

2055

``NO_OVERLAPPING_PROTOCOLS``.

2056

"""

2057

refusal_args = []

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2058

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2059

def refusal(conn, options):

2060

refusal_args.append((conn, options))

2061

return NO_OVERLAPPING_PROTOCOLS

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2062

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2063

client_context = Context(SSLv23_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2064

client_context.set_alpn_protos([b"http/1.1", b"spdy/2"])

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2065

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2066

server_context = Context(SSLv23_METHOD)

2067

server_context.set_alpn_select_callback(refusal)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2068

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2069

# Necessary to actually accept the connection

2070

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2071

load_privatekey(FILETYPE_PEM, server_key_pem)

2072

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2073

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2074

load_certificate(FILETYPE_PEM, server_cert_pem)

2075

)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2076

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2077

# Do a little connection to trigger the logic

2078

server = Connection(server_context, None)

2079

server.set_accept_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2080

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2081

client = Connection(client_context, None)

2082

client.set_connect_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2083

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2084

# Do the dance.

2085

interact_in_memory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2086

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2087

assert refusal_args == [(server, [b"http/1.1", b"spdy/2"])]

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2088

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2089

assert client.get_alpn_proto_negotiated() == b""

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2090

2091

def test_alpn_select_cb_returns_invalid_value(self):

2092

"""

2093

If the ALPN selection callback returns anything other than

2094

a bytestring or ``NO_OVERLAPPING_PROTOCOLS``, a

2095

:py:exc:`TypeError` is raised.

"""

invalid_cb_args = []

def invalid_cb(conn, options):

2100

invalid_cb_args.append((conn, options))

2101

return u"can't return unicode"

2102

2103

client_context = Context(SSLv23_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2104

client_context.set_alpn_protos([b"http/1.1", b"spdy/2"])

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2105

2106

server_context = Context(SSLv23_METHOD)

2107

server_context.set_alpn_select_callback(invalid_cb)

2108

2109

# Necessary to actually accept the connection

2110

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2111

load_privatekey(FILETYPE_PEM, server_key_pem)

2112

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2113

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2114

load_certificate(FILETYPE_PEM, server_cert_pem)

2115

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2116

2117

# Do a little connection to trigger the logic

2118

server = Connection(server_context, None)

2119

server.set_accept_state()

2120

2121

client = Connection(client_context, None)

2122

client.set_connect_state()

2123

2124

# Do the dance.

2125

with pytest.raises(TypeError):

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

2126

interact_in_memory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2127

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2128

assert invalid_cb_args == [(server, [b"http/1.1", b"spdy/2"])]

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2129

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2130

assert client.get_alpn_proto_negotiated() == b""

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2131

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2132

def test_alpn_no_server(self):

2133

"""

2134

When clients and servers cannot agree on what protocol to use next

2135

because the server doesn't offer ALPN, no protocol is negotiated.

2136

"""

2137

client_context = Context(TLSv1_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2138

client_context.set_alpn_protos([b"http/1.1", b"spdy/2"])

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2139

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2140

server_context = Context(TLSv1_METHOD)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2141

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2142

# Necessary to actually accept the connection

2143

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2144

load_privatekey(FILETYPE_PEM, server_key_pem)

2145

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2146

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2147

load_certificate(FILETYPE_PEM, server_cert_pem)

2148

)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2149

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2150

# Do a little connection to trigger the logic

2151

server = Connection(server_context, None)

2152

server.set_accept_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2153

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2154

client = Connection(client_context, None)

2155

client.set_connect_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2156

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2157

# Do the dance.

2158

interact_in_memory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2159

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2160

assert client.get_alpn_proto_negotiated() == b""

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2161

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2162

def test_alpn_callback_exception(self):

2163

"""

2164

We can handle exceptions in the ALPN select callback.

2165

"""

2166

select_args = []

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2167

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2168

def select(conn, options):

2169

select_args.append((conn, options))

2170

raise TypeError()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2171

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2172

client_context = Context(TLSv1_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2173

client_context.set_alpn_protos([b"http/1.1", b"spdy/2"])

Mark Williams

2019-11-17 19:56:26 -0800

[diff] [blame]

2174

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2175

server_context = Context(TLSv1_METHOD)

2176

server_context.set_alpn_select_callback(select)

Mark Williams

2019-11-17 19:56:26 -0800

[diff] [blame]

2177

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2178

# Necessary to actually accept the connection

2179

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2180

load_privatekey(FILETYPE_PEM, server_key_pem)

2181

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2182

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2183

load_certificate(FILETYPE_PEM, server_cert_pem)

2184

)

Mark Williams

2019-11-17 19:56:26 -0800

[diff] [blame]

2185

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2186

# Do a little connection to trigger the logic

2187

server = Connection(server_context, None)

2188

server.set_accept_state()

Mark Williams

2019-11-17 19:56:26 -0800

[diff] [blame]

2189

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2190

client = Connection(client_context, None)

2191

client.set_connect_state()

Mark Williams

2019-11-17 19:56:26 -0800

[diff] [blame]

2192

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2193

with pytest.raises(TypeError):

Mark Williams

2019-11-17 19:56:26 -0800

[diff] [blame]

2194

interact_in_memory(server, client)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2195

assert select_args == [(server, [b"http/1.1", b"spdy/2"])]

Cory Benfield

0f7b04c

2015-04-13 17:51:12 -0400

[diff] [blame]

2196

Cory Benfield

f1177e7

2015-04-12 09:11:49 -0400

[diff] [blame]

2197

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

2198

class TestSession(object):

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

2199

"""

2200

Unit tests for :py:obj:`OpenSSL.SSL.Session`.

2201

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2202

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

2203

def test_construction(self):

2204

"""

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2205

:py:class:`Session` can be constructed with no arguments, creating

2206

a new instance of that type.

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

2207

"""

2208

new_session = Session()

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

2209

assert isinstance(new_session, Session)

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

2210

2211

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2212

class TestConnection(object):

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2213

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2214

Unit tests for `OpenSSL.SSL.Connection`.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2215

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2216

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

2217

# XXX get_peer_certificate -> None

2218

# XXX sock_shutdown

2219

# XXX master_key -> TypeError

2220

# XXX server_random -> TypeError

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

2221

# XXX connect -> TypeError

2222

# XXX connect_ex -> TypeError

2223

# XXX set_connect_state -> TypeError

2224

# XXX set_accept_state -> TypeError

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

2225

# XXX do_handshake -> TypeError

2226

# XXX bio_read -> TypeError

2227

# XXX recv -> TypeError

2228

# XXX send -> TypeError

2229

# XXX bio_write -> TypeError

2230

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2231

def test_type(self):

2232

"""

Alex Gaynor

01f90a1

2019-02-07 09:14:48 -0500

[diff] [blame]

2233

`Connection` can be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2234

"""

2235

ctx = Context(TLSv1_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2236

assert is_consistent_type(Connection, "Connection", ctx, None)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2237

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2238

@pytest.mark.parametrize("bad_context", [object(), "context", None, 1])

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

2239

def test_wrong_args(self, bad_context):

2240

"""

2241

`Connection.__init__` raises `TypeError` if called with a non-`Context`

2242

instance argument.

2243

"""

2244

with pytest.raises(TypeError):

2245

Connection(bad_context)

2246

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2247

@pytest.mark.parametrize("bad_bio", [object(), None, 1, [1, 2, 3]])

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

2248

def test_bio_write_wrong_args(self, bad_bio):

2249

"""

2250

`Connection.bio_write` raises `TypeError` if called with a non-bytes

2251

(or text) argument.

2252

"""

2253

context = Context(TLSv1_METHOD)

2254

connection = Connection(context, None)

2255

with pytest.raises(TypeError):

2256

connection.bio_write(bad_bio)

2257

2258

def test_bio_write(self):

2259

"""

2260

`Connection.bio_write` does not raise if called with bytes or

2261

bytearray, warns if called with text.

2262

"""

2263

context = Context(TLSv1_METHOD)

2264

connection = Connection(context, None)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2265

connection.bio_write(b"xy")

2266

connection.bio_write(bytearray(b"za"))

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

2267

with pytest.warns(DeprecationWarning):

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2268

connection.bio_write(u"deprecated")

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

2269

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

2270

def test_get_context(self):

2271

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2272

`Connection.get_context` returns the `Context` instance used to

2273

construct the `Connection` instance.

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

2274

"""

2275

context = Context(TLSv1_METHOD)

2276

connection = Connection(context, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2277

assert connection.get_context() is context

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

2278

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2279

def test_set_context_wrong_args(self):

2280

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2281

`Connection.set_context` raises `TypeError` if called with a

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

2282

non-`Context` instance argument.

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2283

"""

2284

ctx = Context(TLSv1_METHOD)

2285

connection = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2286

with pytest.raises(TypeError):

2287

connection.set_context(object())

2288

with pytest.raises(TypeError):

2289

connection.set_context("hello")

2290

with pytest.raises(TypeError):

2291

connection.set_context(1)

2292

assert ctx is connection.get_context()

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2293

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2294

def test_set_context(self):

2295

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2296

`Connection.set_context` specifies a new `Context` instance to be

2297

used for the connection.

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2298

"""

2299

original = Context(SSLv23_METHOD)

2300

replacement = Context(TLSv1_METHOD)

2301

connection = Connection(original, None)

2302

connection.set_context(replacement)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2303

assert replacement is connection.get_context()

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2304

# Lose our references to the contexts, just in case the Connection

2305

# isn't properly managing its own contributions to their reference

2306

# counts.

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2307

del original, replacement

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2308

collect()

2309

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2310

def test_set_tlsext_host_name_wrong_args(self):

2311

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2312

If `Connection.set_tlsext_host_name` is called with a non-byte string

2313

argument or a byte string with an embedded NUL, `TypeError` is raised.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2314

"""

2315

conn = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2316

with pytest.raises(TypeError):

2317

conn.set_tlsext_host_name(object())

2318

with pytest.raises(TypeError):

2319

conn.set_tlsext_host_name(b"with\0null")

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2320

Hugo van Kemenade

60827f8

2019-08-30 00:39:35 +0300

[diff] [blame]

2321

if not PY2:

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2322

# On Python 3.x, don't accidentally implicitly convert from text.

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2323

with pytest.raises(TypeError):

2324

conn.set_tlsext_host_name(b"example.com".decode("ascii"))

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

2325

Jean-Paul Calderone

1d69a72

2010-07-29 09:05:53 -0400

[diff] [blame]

2326

def test_pending(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2327

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2328

`Connection.pending` returns the number of bytes available for

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2329

immediate read.

2330

"""

Jean-Paul Calderone

1d69a72

2010-07-29 09:05:53 -0400

[diff] [blame]

2331

connection = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2332

assert connection.pending() == 0

Jean-Paul Calderone

1d69a72

2010-07-29 09:05:53 -0400

[diff] [blame]

2333

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

2334

def test_peek(self):

2335

"""

Hynek Schlawack

3bcf315

2017-02-18 08:25:34 +0100

[diff] [blame]

2336

`Connection.recv` peeks into the connection if `socket.MSG_PEEK` is

2337

passed.

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

2338

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2339

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2340

server.send(b"xy")

2341

assert client.recv(2, MSG_PEEK) == b"xy"

2342

assert client.recv(2, MSG_PEEK) == b"xy"

2343

assert client.recv(2) == b"xy"

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

2344

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2345

def test_connect_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2346

"""

Hynek Schlawack

3bcf315

2017-02-18 08:25:34 +0100

[diff] [blame]

2347

`Connection.connect` raises `TypeError` if called with a non-address

2348

argument.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2349

"""

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2350

connection = Connection(Context(TLSv1_METHOD), socket_any_family())

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2351

with pytest.raises(TypeError):

2352

connection.connect(None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2353

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2354

def test_connect_refused(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2355

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2356

`Connection.connect` raises `socket.error` if the underlying socket

2357

connect method raises it.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2358

"""

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2359

client = socket_any_family()

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2360

context = Context(TLSv1_METHOD)

2361

clientSSL = Connection(context, client)

Alex Gaynor

122717b

2015-09-05 14:14:18 -0400

[diff] [blame]

2362

# pytest.raises here doesn't work because of a bug in py.test on Python

2363

# 2.6: https://github.com/pytest-dev/pytest/issues/988

Alex Gaynor

e69c278

2015-09-05 14:07:48 -0400

[diff] [blame]

2364

try:

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2365

clientSSL.connect((loopback_address(client), 1))

Alex Gaynor

e69c278

2015-09-05 14:07:48 -0400

[diff] [blame]

2366

except error as e:

Alex Gaynor

20a4c08

2015-09-05 14:24:15 -0400

[diff] [blame]

2367

exc = e

2368

assert exc.args[0] == ECONNREFUSED

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2369

2370

def test_connect(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2371

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2372

`Connection.connect` establishes a connection to the specified address.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2373

"""

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2374

port = socket_any_family()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2375

port.bind(("", 0))

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2376

port.listen(3)

2377

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2378

clientSSL = Connection(Context(TLSv1_METHOD), socket(port.family))

2379

clientSSL.connect((loopback_address(port), port.getsockname()[1]))

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

2380

# XXX An assertion? Or something?

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2381

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2382

@pytest.mark.skipif(

2383

platform == "darwin",

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2384

reason="connect_ex sometimes causes a kernel panic on OS X 10.6.4",

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2385

)

2386

def test_connect_ex(self):

2387

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2388

If there is a connection error, `Connection.connect_ex` returns the

2389

errno instead of raising an exception.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2390

"""

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2391

port = socket_any_family()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2392

port.bind(("", 0))

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2393

port.listen(3)

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2394

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2395

clientSSL = Connection(Context(TLSv1_METHOD), socket(port.family))

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2396

clientSSL.setblocking(False)

2397

result = clientSSL.connect_ex(port.getsockname())

2398

expected = (EINPROGRESS, EWOULDBLOCK)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2399

assert result in expected

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2400

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2401

def test_accept(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2402

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2403

`Connection.accept` accepts a pending connection attempt and returns a

2404

tuple of a new `Connection` (the accepted client) and the address the

2405

connection originated from.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2406

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2407

ctx = Context(TLSv1_METHOD)

2408

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2409

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2410

port = socket_any_family()

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2411

portSSL = Connection(ctx, port)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2412

portSSL.bind(("", 0))

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2413

portSSL.listen(3)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2414

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2415

clientSSL = Connection(Context(TLSv1_METHOD), socket(port.family))

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

2416

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2417

# Calling portSSL.getsockname() here to get the server IP address

2418

# sounds great, but frequently fails on Windows.

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2419

clientSSL.connect((loopback_address(port), portSSL.getsockname()[1]))

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2420

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2421

serverSSL, address = portSSL.accept()

2422

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2423

assert isinstance(serverSSL, Connection)

2424

assert serverSSL.get_context() is ctx

2425

assert address == clientSSL.getsockname()

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2426

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2427

def test_shutdown_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2428

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2429

`Connection.set_shutdown` raises `TypeError` if called with arguments

2430

other than integers.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2431

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2432

connection = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2433

with pytest.raises(TypeError):

2434

connection.set_shutdown(None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2435

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2436

def test_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2437

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2438

`Connection.shutdown` performs an SSL-level connection shutdown.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2439

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2440

server, client = loopback()

2441

assert not server.shutdown()

2442

assert server.get_shutdown() == SENT_SHUTDOWN

2443

with pytest.raises(ZeroReturnError):

2444

client.recv(1024)

2445

assert client.get_shutdown() == RECEIVED_SHUTDOWN

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

2446

client.shutdown()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2447

assert client.get_shutdown() == (SENT_SHUTDOWN | RECEIVED_SHUTDOWN)

2448

with pytest.raises(ZeroReturnError):

2449

server.recv(1024)

2450

assert server.get_shutdown() == (SENT_SHUTDOWN | RECEIVED_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2451

Paul Aurich

2015-01-08 08:34:33 -0800

[diff] [blame]

2452

def test_shutdown_closed(self):

2453

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2454

If the underlying socket is closed, `Connection.shutdown` propagates

2455

the write error from the low level write call.

Paul Aurich

2015-01-08 08:34:33 -0800

[diff] [blame]

2456

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2457

server, client = loopback()

Paul Aurich

2015-01-08 08:34:33 -0800

[diff] [blame]

2458

server.sock_shutdown(2)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2459

with pytest.raises(SysCallError) as exc:

2460

server.shutdown()

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

2461

if platform == "win32":

2462

assert exc.value.args[0] == ESHUTDOWN

2463

else:

2464

assert exc.value.args[0] == EPIPE

Paul Aurich

2015-01-08 08:34:33 -0800

[diff] [blame]

2465

Glyph

2015-04-14 17:29:26 -0400

[diff] [blame]

2466

def test_shutdown_truncated(self):

Glyph

6064ec3

2015-04-14 16:38:22 -0400

[diff] [blame]

2467

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2468

If the underlying connection is truncated, `Connection.shutdown`

2469

raises an `Error`.

Glyph

6064ec3

2015-04-14 16:38:22 -0400

[diff] [blame]

2470

"""

Glyph

2015-04-14 17:29:26 -0400

[diff] [blame]

2471

server_ctx = Context(TLSv1_METHOD)

2472

client_ctx = Context(TLSv1_METHOD)

2473

server_ctx.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2474

load_privatekey(FILETYPE_PEM, server_key_pem)

2475

)

Glyph

2015-04-14 17:29:26 -0400

[diff] [blame]

2476

server_ctx.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2477

load_certificate(FILETYPE_PEM, server_cert_pem)

2478

)

Glyph

2015-04-14 17:29:26 -0400

[diff] [blame]

2479

server = Connection(server_ctx, None)

2480

client = Connection(client_ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2481

handshake_in_memory(client, server)

2482

assert not server.shutdown()

2483

with pytest.raises(WantReadError):

2484

server.shutdown()

Glyph

2015-04-14 17:29:26 -0400

[diff] [blame]

2485

server.bio_shutdown()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2486

with pytest.raises(Error):

2487

server.shutdown()

Glyph

6064ec3

2015-04-14 16:38:22 -0400

[diff] [blame]

2488

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2489

def test_set_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2490

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2491

`Connection.set_shutdown` sets the state of the SSL connection

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2492

shutdown process.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2493

"""

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2494

connection = Connection(Context(TLSv1_METHOD), socket_any_family())

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2495

connection.set_shutdown(RECEIVED_SHUTDOWN)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2496

assert connection.get_shutdown() == RECEIVED_SHUTDOWN

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2497

kjav

2015-09-07 12:14:01 +0100

[diff] [blame]

2498

def test_state_string(self):

2499

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2500

`Connection.state_string` verbosely describes the current state of

2501

the `Connection`.

kjav

2015-09-07 12:14:01 +0100

[diff] [blame]

2502

"""

Hynek Schlawack

b0274ce

2015-10-16 19:56:26 +0200

[diff] [blame]

2503

server, client = socket_pair()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2504

server = loopback_server_factory(server)

2505

client = loopback_client_factory(client)

kjav

2015-09-07 12:14:01 +0100

[diff] [blame]

2506

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2507

assert server.get_state_string() in [

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2508

b"before/accept initialization",

2509

b"before SSL initialization",

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2510

]

2511

assert client.get_state_string() in [

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2512

b"before/connect initialization",

2513

b"before SSL initialization",

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2514

]

kjav

2015-09-07 12:14:01 +0100

[diff] [blame]

2515

Jean-Paul Calderone

2010-07-29 09:51:06 -0400

[diff] [blame]

2516

def test_app_data(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2517

"""

2518

Any object can be set as app data by passing it to

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2519

`Connection.set_app_data` and later retrieved with

2520

`Connection.get_app_data`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2521

"""

Jean-Paul Calderone

2010-07-29 09:51:06 -0400

[diff] [blame]

2522

conn = Connection(Context(TLSv1_METHOD), None)

Todd Chapman

4f73e4f

2015-08-27 11:26:43 -0400

[diff] [blame]

2523

assert None is conn.get_app_data()

Jean-Paul Calderone

2010-07-29 09:51:06 -0400

[diff] [blame]

2524

app_data = object()

2525

conn.set_app_data(app_data)

Todd Chapman

4f73e4f

2015-08-27 11:26:43 -0400

[diff] [blame]

2526

assert conn.get_app_data() is app_data

Jean-Paul Calderone

2010-07-29 09:51:06 -0400

[diff] [blame]

2527

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2528

def test_makefile(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2529

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2530

`Connection.makefile` is not implemented and calling that

2531

method raises `NotImplementedError`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2532

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2533

conn = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2534

with pytest.raises(NotImplementedError):

2535

conn.makefile()

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2536

Jeremy Lainé

460a19d

2018-05-16 19:44:19 +0200

[diff] [blame]

2537

def test_get_certificate(self):

2538

"""

2539

`Connection.get_certificate` returns the local certificate.

2540

"""

2541

chain = _create_certificate_chain()

2542

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

2543

2544

context = Context(TLSv1_METHOD)

2545

context.use_certificate(scert)

2546

client = Connection(context, None)

2547

cert = client.get_certificate()

2548

assert cert is not None

2549

assert "Server Certificate" == cert.get_subject().CN

2550

2551

def test_get_certificate_none(self):

2552

"""

2553

`Connection.get_certificate` returns the local certificate.

2554

2555

If there is no certificate, it returns None.

2556

"""

2557

context = Context(TLSv1_METHOD)

2558

client = Connection(context, None)

2559

cert = client.get_certificate()

2560

assert cert is None

2561

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2562

def test_get_peer_cert_chain(self):

2563

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2564

`Connection.get_peer_cert_chain` returns a list of certificates

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2565

which the connected server returned for the certification verification.

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2566

"""

2567

chain = _create_certificate_chain()

2568

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

2569

2570

serverContext = Context(TLSv1_METHOD)

2571

serverContext.use_privatekey(skey)

2572

serverContext.use_certificate(scert)

2573

serverContext.add_extra_chain_cert(icert)

2574

serverContext.add_extra_chain_cert(cacert)

2575

server = Connection(serverContext, None)

2576

server.set_accept_state()

2577

2578

# Create the client

2579

clientContext = Context(TLSv1_METHOD)

2580

clientContext.set_verify(VERIFY_NONE, verify_cb)

2581

client = Connection(clientContext, None)

2582

client.set_connect_state()

2583

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2584

interact_in_memory(client, server)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2585

2586

chain = client.get_peer_cert_chain()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2587

assert len(chain) == 3

2588

assert "Server Certificate" == chain[0].get_subject().CN

2589

assert "Intermediate Certificate" == chain[1].get_subject().CN

2590

assert "Authority Certificate" == chain[2].get_subject().CN

Jean-Paul Calderone

24a4243

2011-05-19 22:21:18 -0400

[diff] [blame]

2591

Jean-Paul Calderone

24a4243

2011-05-19 22:21:18 -0400

[diff] [blame]

2592

def test_get_peer_cert_chain_none(self):

2593

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2594

`Connection.get_peer_cert_chain` returns `None` if the peer sends

2595

no certificate chain.

Jean-Paul Calderone

24a4243

2011-05-19 22:21:18 -0400

[diff] [blame]

2596

"""

2597

ctx = Context(TLSv1_METHOD)

2598

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2599

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

2600

server = Connection(ctx, None)

2601

server.set_accept_state()

2602

client = Connection(Context(TLSv1_METHOD), None)

2603

client.set_connect_state()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2604

interact_in_memory(client, server)

2605

assert None is server.get_peer_cert_chain()

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2606

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2607

def test_get_session_unconnected(self):

2608

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2609

`Connection.get_session` returns `None` when used with an object

2610

which has not been connected.

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2611

"""

2612

ctx = Context(TLSv1_METHOD)

2613

server = Connection(ctx, None)

2614

session = server.get_session()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2615

assert None is session

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2616

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2617

def test_server_get_session(self):

2618

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2619

On the server side of a connection, `Connection.get_session` returns a

2620

`Session` instance representing the SSL session for that connection.

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2621

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2622

server, client = loopback()

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2623

session = server.get_session()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2624

assert isinstance(session, Session)

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2625

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2626

def test_client_get_session(self):

2627

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2628

On the client side of a connection, `Connection.get_session`

2629

returns a `Session` instance representing the SSL session for

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2630

that connection.

2631

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2632

server, client = loopback()

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2633

session = client.get_session()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2634

assert isinstance(session, Session)

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2635

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2636

def test_set_session_wrong_args(self):

2637

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2638

`Connection.set_session` raises `TypeError` if called with an object

2639

that is not an instance of `Session`.

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2640

"""

2641

ctx = Context(TLSv1_METHOD)

2642

connection = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2643

with pytest.raises(TypeError):

2644

connection.set_session(123)

2645

with pytest.raises(TypeError):

2646

connection.set_session("hello")

2647

with pytest.raises(TypeError):

2648

connection.set_session(object())

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2649

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2650

def test_client_set_session(self):

2651

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2652

`Connection.set_session`, when used prior to a connection being

2653

established, accepts a `Session` instance and causes an attempt to

2654

re-use the session it represents when the SSL handshake is performed.

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2655

"""

2656

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2657

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

Paul Kehrer

2019-01-21 12:24:02 -0600

[diff] [blame]

2658

ctx = Context(TLSv1_2_METHOD)

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2659

ctx.use_privatekey(key)

2660

ctx.use_certificate(cert)

2661

ctx.set_session_id("unity-test")

2662

2663

def makeServer(socket):

2664

server = Connection(ctx, socket)

2665

server.set_accept_state()

2666

return server

2667

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2668

originalServer, originalClient = loopback(server_factory=makeServer)

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2669

originalSession = originalClient.get_session()

2670

2671

def makeClient(socket):

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2672

client = loopback_client_factory(socket)

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2673

client.set_session(originalSession)

2674

return client

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2675

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2676

resumedServer, resumedClient = loopback(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2677

server_factory=makeServer, client_factory=makeClient

2678

)

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2679

2680

# This is a proxy: in general, we have no access to any unique

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2681

# identifier for the session (new enough versions of OpenSSL expose

2682

# a hash which could be usable, but "new enough" is very, very new).

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2683

# Instead, exploit the fact that the master key is re-used if the

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2684

# session is re-used. As long as the master key for the two

2685

# connections is the same, the session was re-used!

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2686

assert originalServer.master_key() == resumedServer.master_key()

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2687

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2688

def test_set_session_wrong_method(self):

2689

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2690

If `Connection.set_session` is passed a `Session` instance associated

2691

with a context using a different SSL method than the `Connection`

2692

is using, a `OpenSSL.SSL.Error` is raised.

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2693

"""

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2694

# Make this work on both OpenSSL 1.0.0, which doesn't support TLSv1.2

2695

# and also on OpenSSL 1.1.0 which doesn't support SSLv3. (SSL_ST_INIT

2696

# is a way to check for 1.1.0)

Alex Gaynor

aa32e71

2017-06-29 20:56:12 -0700

[diff] [blame]

2697

if SSL_ST_INIT is None:

2698

v1 = TLSv1_2_METHOD

2699

v2 = TLSv1_METHOD

2700

elif hasattr(_lib, "SSLv3_method"):

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2701

v1 = TLSv1_METHOD

2702

v2 = SSLv3_METHOD

2703

else:

Alex Gaynor

aa32e71

2017-06-29 20:56:12 -0700

[diff] [blame]

2704

pytest.skip("Test requires either OpenSSL 1.1.0 or SSLv3")

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2705

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2706

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2707

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2708

ctx = Context(v1)

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2709

ctx.use_privatekey(key)

2710

ctx.use_certificate(cert)

2711

ctx.set_session_id("unity-test")

2712

2713

def makeServer(socket):

2714

server = Connection(ctx, socket)

2715

server.set_accept_state()

2716

return server

2717

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2718

def makeOriginalClient(socket):

2719

client = Connection(Context(v1), socket)

2720

client.set_connect_state()

2721

return client

2722

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2723

originalServer, originalClient = loopback(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2724

server_factory=makeServer, client_factory=makeOriginalClient

2725

)

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2726

originalSession = originalClient.get_session()

2727

2728

def makeClient(socket):

2729

# Intentionally use a different, incompatible method here.

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2730

client = Connection(Context(v2), socket)

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2731

client.set_connect_state()

2732

client.set_session(originalSession)

2733

return client

2734

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2735

with pytest.raises(Error):

2736

loopback(client_factory=makeClient, server_factory=makeServer)

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2737

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2738

def test_wantWriteError(self):

2739

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2740

`Connection` methods which generate output raise

2741

`OpenSSL.SSL.WantWriteError` if writing to the connection's BIO

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2742

fail indicating a should-write state.

2743

"""

2744

client_socket, server_socket = socket_pair()

2745

# Fill up the client's send buffer so Connection won't be able to write

Jean-Paul Calderone

bbff8b9

2014-03-22 14:20:30 -0400

[diff] [blame]

2746

# anything. Only write a single byte at a time so we can be sure we

2747

# completely fill the buffer. Even though the socket API is allowed to

2748

# signal a short write via its return value it seems this doesn't

2749

# always happen on all platforms (FreeBSD and OS X particular) for the

2750

# very last bit of available buffer space.

2751

msg = b"x"

catern

b2777a4

2018-08-09 15:38:13 -0400

[diff] [blame]

2752

for i in range(1024 * 1024 * 64):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2753

try:

2754

client_socket.send(msg)

2755

except error as e:

2756

if e.errno == EWOULDBLOCK:

2757

break

2758

raise

2759

else:

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2760

pytest.fail(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2761

"Failed to fill socket buffer, cannot test BIO want write"

2762

)

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2763

2764

ctx = Context(TLSv1_METHOD)

2765

conn = Connection(ctx, client_socket)

2766

# Client's speak first, so make it an SSL client

2767

conn.set_connect_state()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2768

with pytest.raises(WantWriteError):

2769

conn.do_handshake()

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

# XXX want_read

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2773

def test_get_finished_before_connect(self):

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2774

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2775

`Connection.get_finished` returns `None` before TLS handshake

2776

is completed.

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2777

"""

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2778

ctx = Context(TLSv1_METHOD)

2779

connection = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2780

assert connection.get_finished() is None

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2781

2782

def test_get_peer_finished_before_connect(self):

2783

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2784

`Connection.get_peer_finished` returns `None` before TLS handshake

2785

is completed.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2786

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2787

ctx = Context(TLSv1_METHOD)

2788

connection = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2789

assert connection.get_peer_finished() is None

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2790

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2791

def test_get_finished(self):

2792

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2793

`Connection.get_finished` method returns the TLS Finished message send

2794

from client, or server. Finished messages are send during

Jean-Paul Calderone

5b05b48

2014-03-30 11:28:54 -0400

[diff] [blame]

2795

TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2796

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2797

server, client = loopback()

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2798

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2799

assert server.get_finished() is not None

2800

assert len(server.get_finished()) > 0

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2801

2802

def test_get_peer_finished(self):

2803

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2804

`Connection.get_peer_finished` method returns the TLS Finished

Jean-Paul Calderone

5b05b48

2014-03-30 11:28:54 -0400

[diff] [blame]

2805

message received from client, or server. Finished messages are send

2806

during TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2807

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2808

server, client = loopback()

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2809

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2810

assert server.get_peer_finished() is not None

2811

assert len(server.get_peer_finished()) > 0

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2812

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2813

def test_tls_finished_message_symmetry(self):

2814

"""

Hynek Schlawack

dddd111

2015-09-05 21:12:30 +0200

[diff] [blame]

2815

The TLS Finished message send by server must be the TLS Finished

2816

message received by client.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2817

Hynek Schlawack

dddd111

2015-09-05 21:12:30 +0200

[diff] [blame]

2818

The TLS Finished message send by client must be the TLS Finished

2819

message received by server.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2820

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2821

server, client = loopback()

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2822

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2823

assert server.get_finished() == client.get_peer_finished()

2824

assert client.get_finished() == server.get_peer_finished()

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2825

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2826

def test_get_cipher_name_before_connect(self):

2827

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2828

`Connection.get_cipher_name` returns `None` if no connection

2829

has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2830

"""

2831

ctx = Context(TLSv1_METHOD)

2832

conn = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2833

assert conn.get_cipher_name() is None

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2834

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2835

def test_get_cipher_name(self):

2836

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2837

`Connection.get_cipher_name` returns a `unicode` string giving the

2838

name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2839

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2840

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2841

server_cipher_name, client_cipher_name = (

2842

server.get_cipher_name(),

2843

client.get_cipher_name(),

2844

)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2845

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2846

assert isinstance(server_cipher_name, text_type)

2847

assert isinstance(client_cipher_name, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2848

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2849

assert server_cipher_name == client_cipher_name

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2850

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2851

def test_get_cipher_version_before_connect(self):

2852

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2853

`Connection.get_cipher_version` returns `None` if no connection

2854

has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2855

"""

2856

ctx = Context(TLSv1_METHOD)

2857

conn = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2858

assert conn.get_cipher_version() is None

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2859

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2860

def test_get_cipher_version(self):

2861

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2862

`Connection.get_cipher_version` returns a `unicode` string giving

2863

the protocol name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2864

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2865

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2866

server_cipher_version, client_cipher_version = (

2867

server.get_cipher_version(),

2868

client.get_cipher_version(),

2869

)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2870

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2871

assert isinstance(server_cipher_version, text_type)

2872

assert isinstance(client_cipher_version, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2873

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2874

assert server_cipher_version == client_cipher_version

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2875

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2876

def test_get_cipher_bits_before_connect(self):

2877

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2878

`Connection.get_cipher_bits` returns `None` if no connection has

2879

been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2880

"""

2881

ctx = Context(TLSv1_METHOD)

2882

conn = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2883

assert conn.get_cipher_bits() is None

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2884

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2885

def test_get_cipher_bits(self):

2886

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2887

`Connection.get_cipher_bits` returns the number of secret bits

Jean-Paul Calderone

5b05b48

2014-03-30 11:28:54 -0400

[diff] [blame]

2888

of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2889

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2890

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2891

server_cipher_bits, client_cipher_bits = (

2892

server.get_cipher_bits(),

2893

client.get_cipher_bits(),

2894

)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2895

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2896

assert isinstance(server_cipher_bits, int)

2897

assert isinstance(client_cipher_bits, int)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2898

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2899

assert server_cipher_bits == client_cipher_bits

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2900

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2901

def test_get_protocol_version_name(self):

2902

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2903

`Connection.get_protocol_version_name()` returns a string giving the

2904

protocol version of the current connection.

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2905

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2906

server, client = loopback()

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2907

client_protocol_version_name = client.get_protocol_version_name()

2908

server_protocol_version_name = server.get_protocol_version_name()

2909

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2910

assert isinstance(server_protocol_version_name, text_type)

2911

assert isinstance(client_protocol_version_name, text_type)

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2912

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2913

assert server_protocol_version_name == client_protocol_version_name

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2914

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2915

def test_get_protocol_version(self):

2916

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2917

`Connection.get_protocol_version()` returns an integer

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2918

giving the protocol version of the current connection.

2919

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2920

server, client = loopback()

Jim Shaver

85a4dff

2015-04-27 17:42:46 -0400

[diff] [blame]

2921

client_protocol_version = client.get_protocol_version()

2922

server_protocol_version = server.get_protocol_version()

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2923

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2924

assert isinstance(server_protocol_version, int)

2925

assert isinstance(client_protocol_version, int)

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2926

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2927

assert server_protocol_version == client_protocol_version

2928

2929

def test_wantReadError(self):

2930

"""

2931

`Connection.bio_read` raises `OpenSSL.SSL.WantReadError` if there are

2932

no bytes available to be read from the BIO.

2933

"""

2934

ctx = Context(TLSv1_METHOD)

2935

conn = Connection(ctx, None)

2936

with pytest.raises(WantReadError):

2937

conn.bio_read(1024)

2938

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2939

@pytest.mark.parametrize("bufsize", [1.0, None, object(), "bufsize"])

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

2940

def test_bio_read_wrong_args(self, bufsize):

2941

"""

2942

`Connection.bio_read` raises `TypeError` if passed a non-integer

2943

argument.

2944

"""

2945

ctx = Context(TLSv1_METHOD)

2946

conn = Connection(ctx, None)

2947

with pytest.raises(TypeError):

2948

conn.bio_read(bufsize)

2949

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2950

def test_buffer_size(self):

2951

"""

2952

`Connection.bio_read` accepts an integer giving the maximum number

2953

of bytes to read and return.

2954

"""

2955

ctx = Context(TLSv1_METHOD)

2956

conn = Connection(ctx, None)

2957

conn.set_connect_state()

2958

try:

2959

conn.do_handshake()

2960

except WantReadError:

2961

pass

2962

data = conn.bio_read(2)

2963

assert 2 == len(data)

2964

Jean-Paul Calderone

dbd7627

2014-03-29 18:09:40 -0400

[diff] [blame]

2965

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2966

class TestConnectionGetCipherList(object):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2967

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2968

Tests for `Connection.get_cipher_list`.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2969

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2970

Jean-Paul Calderone

2010-07-28 19:14:16 -0400

[diff] [blame]

2971

def test_result(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2972

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2973

`Connection.get_cipher_list` returns a list of `bytes` giving the

2974

names of the ciphers which might be used.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2975

"""

Jean-Paul Calderone

2010-07-28 19:14:16 -0400

[diff] [blame]

2976

connection = Connection(Context(TLSv1_METHOD), None)

2977

ciphers = connection.get_cipher_list()

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2978

assert isinstance(ciphers, list)

Jean-Paul Calderone

2010-07-28 19:14:16 -0400

[diff] [blame]

2979

for cipher in ciphers:

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2980

assert isinstance(cipher, str)

Jean-Paul Calderone

2010-07-28 19:14:16 -0400

[diff] [blame]

2981

2982

Maximilian Hils

2017-02-10 14:56:55 +0100

[diff] [blame]

2983

class VeryLarge(bytes):

2984

"""

2985

Mock object so that we don't have to allocate 2**31 bytes

2986

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2987

Maximilian Hils

2017-02-10 14:56:55 +0100

[diff] [blame]

2988

def __len__(self):

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2989

return 2 ** 31

Maximilian Hils

2017-02-10 14:56:55 +0100

[diff] [blame]

2990

2991

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2992

class TestConnectionSend(object):

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2993

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2994

Tests for `Connection.send`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2995

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

2996

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2997

def test_wrong_args(self):

2998

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2999

When called with arguments other than string argument for its first

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3000

parameter, `Connection.send` raises `TypeError`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

3001

"""

3002

connection = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3003

with pytest.raises(TypeError):

3004

connection.send(object())

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

3005

with pytest.raises(TypeError):

3006

connection.send([1, 2, 3])

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

3007

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

3008

def test_short_bytes(self):

3009

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3010

When passed a short byte string, `Connection.send` transmits all of it

3011

and returns the number of bytes sent.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

3012

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3013

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3014

count = server.send(b"xy")

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3015

assert count == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3016

assert client.recv(2) == b"xy"

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

3017

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3018

def test_text(self):

3019

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3020

When passed a text, `Connection.send` transmits all of it and

Jean-Paul Calderone

6462b07

2015-03-29 07:03:11 -0400

[diff] [blame]

3021

returns the number of bytes sent. It also raises a DeprecationWarning.

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3022

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3023

server, client = loopback()

3024

with pytest.warns(DeprecationWarning) as w:

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3025

simplefilter("always")

Jean-Paul Calderone

13a0e65

2015-03-29 07:58:51 -0400

[diff] [blame]

3026

count = server.send(b"xy".decode("ascii"))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3027

assert "{0} for buf is no longer accepted, use bytes".format(

3028

WARNING_TYPE_EXPECTED

3029

) == str(w[-1].message)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3030

assert count == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3031

assert client.recv(2) == b"xy"

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3032

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3033

def test_short_memoryview(self):

3034

"""

3035

When passed a memoryview onto a small number of bytes,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3036

`Connection.send` transmits all of them and returns the number

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3037

of bytes sent.

3038

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3039

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3040

count = server.send(memoryview(b"xy"))

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3041

assert count == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3042

assert client.recv(2) == b"xy"

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

3043

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

3044

def test_short_bytearray(self):

3045

"""

3046

When passed a short bytearray, `Connection.send` transmits all of

3047

it and returns the number of bytes sent.

3048

"""

3049

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3050

count = server.send(bytearray(b"xy"))

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

3051

assert count == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3052

assert client.recv(2) == b"xy"

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

3053

Hynek Schlawack

8e94f1b

2015-09-05 21:31:00 +0200

[diff] [blame]

3054

@skip_if_py3

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3055

def test_short_buffer(self):

3056

"""

3057

When passed a buffer containing a small number of bytes,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3058

`Connection.send` transmits all of them and returns the number

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3059

of bytes sent.

3060

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3061

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3062

count = server.send(buffer(b"xy")) # noqa: F821

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3063

assert count == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3064

assert client.recv(2) == b"xy"

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

3065

Maximilian Hils

2017-02-10 14:56:55 +0100

[diff] [blame]

3066

@pytest.mark.skipif(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3067

sys.maxsize < 2 ** 31,

3068

reason="sys.maxsize < 2**31 - test requires 64 bit",

Maximilian Hils

2017-02-10 14:56:55 +0100

[diff] [blame]

3069

)

3070

def test_buf_too_large(self):

3071

"""

3072

When passed a buffer containing >= 2**31 bytes,

3073

`Connection.send` bails out as SSL_write only

3074

accepts an int for the buffer length.

3075

"""

3076

connection = Connection(Context(TLSv1_METHOD), None)

3077

with pytest.raises(ValueError) as exc_info:

3078

connection.send(VeryLarge())

3079

exc_info.match(r"Cannot send more than .+ bytes at once")

3080

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

3081

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3082

def _make_memoryview(size):

3083

"""

3084

Create a new ``memoryview`` wrapped around a ``bytearray`` of the given

3085

size.

3086

"""

3087

return memoryview(bytearray(size))

3088

3089

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3090

class TestConnectionRecvInto(object):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3091

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3092

Tests for `Connection.recv_into`.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3093

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3094

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3095

def _no_length_test(self, factory):

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

3096

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3097

Assert that when the given buffer is passed to `Connection.recv_into`,

3098

whatever bytes are available to be received that fit into that buffer

3099

are written into that buffer.

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

3100

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3101

output_buffer = factory(5)

3102

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3103

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3104

server.send(b"xy")

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

3105

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3106

assert client.recv_into(output_buffer) == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3107

assert output_buffer == bytearray(b"xy\x00\x00\x00")

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

3108

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

3109

def test_bytearray_no_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3110

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3111

`Connection.recv_into` can be passed a `bytearray` instance and data

3112

in the receive buffer is written to it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3113

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3114

self._no_length_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3115

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3116

def _respects_length_test(self, factory):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3117

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3118

Assert that when the given buffer is passed to `Connection.recv_into`

3119

along with a value for `nbytes` that is less than the size of that

3120

buffer, only `nbytes` bytes are written into the buffer.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3121

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3122

output_buffer = factory(10)

3123

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3124

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3125

server.send(b"abcdefghij")

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3126

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3127

assert client.recv_into(output_buffer, 5) == 5

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3128

assert output_buffer == bytearray(b"abcde\x00\x00\x00\x00\x00")

Jean-Paul Calderone

c295a2f

2015-03-15 17:11:18 -0400

[diff] [blame]

3129

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

3130

def test_bytearray_respects_length(self):

Jean-Paul Calderone

c295a2f

2015-03-15 17:11:18 -0400

[diff] [blame]

3131

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3132

When called with a `bytearray` instance, `Connection.recv_into`

3133

respects the `nbytes` parameter and doesn't copy in more than that

3134

number of bytes.

Jean-Paul Calderone

c295a2f

2015-03-15 17:11:18 -0400

[diff] [blame]

3135

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3136

self._respects_length_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3137

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3138

def _doesnt_overfill_test(self, factory):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3139

"""

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

3140

Assert that if there are more bytes available to be read from the

3141

receive buffer than would fit into the buffer passed to

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3142

`Connection.recv_into`, only as many as fit are written into it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3143

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3144

output_buffer = factory(5)

3145

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3146

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3147

server.send(b"abcdefghij")

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3148

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3149

assert client.recv_into(output_buffer) == 5

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3150

assert output_buffer == bytearray(b"abcde")

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

3151

rest = client.recv(5)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3152

assert b"fghij" == rest

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

3153

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

3154

def test_bytearray_doesnt_overfill(self):

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

3155

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3156

When called with a `bytearray` instance, `Connection.recv_into`

3157

respects the size of the array and doesn't write more bytes into it

3158

than will fit.

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

3159

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3160

self._doesnt_overfill_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3161

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

3162

def test_bytearray_really_doesnt_overfill(self):

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

3163

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3164

When called with a `bytearray` instance and an `nbytes` value that is

3165

too large, `Connection.recv_into` respects the size of the array and

3166

not the `nbytes` value and doesn't write more bytes into the buffer

3167

than will fit.

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

3168

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3169

self._doesnt_overfill_test(bytearray)

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

3170

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

3171

def test_peek(self):

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3172

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3173

server.send(b"xy")

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

3174

3175

for _ in range(2):

3176

output_buffer = bytearray(5)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3177

assert client.recv_into(output_buffer, flags=MSG_PEEK) == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3178

assert output_buffer == bytearray(b"xy\x00\x00\x00")

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

3179

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3180

def test_memoryview_no_length(self):

3181

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3182

`Connection.recv_into` can be passed a `memoryview` instance and data

3183

in the receive buffer is written to it.

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3184

"""

3185

self._no_length_test(_make_memoryview)

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

3186

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3187

def test_memoryview_respects_length(self):

3188

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3189

When called with a `memoryview` instance, `Connection.recv_into`

3190

respects the ``nbytes`` parameter and doesn't copy more than that

3191

number of bytes in.

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3192

"""

3193

self._respects_length_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3194

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3195

def test_memoryview_doesnt_overfill(self):

3196

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3197

When called with a `memoryview` instance, `Connection.recv_into`

3198

respects the size of the array and doesn't write more bytes into it

3199

than will fit.

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3200

"""

3201

self._doesnt_overfill_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3202

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3203

def test_memoryview_really_doesnt_overfill(self):

3204

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3205

When called with a `memoryview` instance and an `nbytes` value that is

3206

too large, `Connection.recv_into` respects the size of the array and

3207

not the `nbytes` value and doesn't write more bytes into the buffer

3208

than will fit.

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3209

"""

3210

self._doesnt_overfill_test(_make_memoryview)

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

3211

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3212

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3213

class TestConnectionSendall(object):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3214

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3215

Tests for `Connection.sendall`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3216

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3217

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3218

def test_wrong_args(self):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3219

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3220

When called with arguments other than a string argument for its first

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3221

parameter, `Connection.sendall` raises `TypeError`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3222

"""

3223

connection = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3224

with pytest.raises(TypeError):

3225

connection.sendall(object())

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

3226

with pytest.raises(TypeError):

3227

connection.sendall([1, 2, 3])

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3228

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3229

def test_short(self):

3230

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3231

`Connection.sendall` transmits all of the bytes in the string

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

3232

passed to it.

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3233

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3234

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3235

server.sendall(b"x")

3236

assert client.recv(1) == b"x"

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3237

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3238

def test_text(self):

3239

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3240

`Connection.sendall` transmits all the content in the string passed

3241

to it, raising a DeprecationWarning in case of this being a text.

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3242

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3243

server, client = loopback()

3244

with pytest.warns(DeprecationWarning) as w:

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3245

simplefilter("always")

Jean-Paul Calderone

8dc37a1

2015-03-29 08:16:52 -0400

[diff] [blame]

3246

server.sendall(b"x".decode("ascii"))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3247

assert "{0} for buf is no longer accepted, use bytes".format(

3248

WARNING_TYPE_EXPECTED

3249

) == str(w[-1].message)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3250

assert client.recv(1) == b"x"

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3251

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

3252

def test_short_memoryview(self):

3253

"""

3254

When passed a memoryview onto a small number of bytes,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3255

`Connection.sendall` transmits all of them.

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

3256

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3257

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3258

server.sendall(memoryview(b"x"))

3259

assert client.recv(1) == b"x"

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3260

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

3261

@skip_if_py3

3262

def test_short_buffers(self):

3263

"""

3264

When passed a buffer containing a small number of bytes,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3265

`Connection.sendall` transmits all of them.

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

3266

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3267

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3268

count = server.sendall(buffer(b"xy")) # noqa: F821

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

3269

assert count == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3270

assert client.recv(2) == b"xy"

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

3271

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3272

def test_long(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3273

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3274

`Connection.sendall` transmits all the bytes in the string passed to it

3275

even if this requires multiple calls of an underlying write function.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3276

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3277

server, client = loopback()

Jean-Paul Calderone

6241c70

2010-09-16 19:59:24 -0400

[diff] [blame]

3278

# Should be enough, underlying SSL_write should only do 16k at a time.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3279

# On Windows, after 32k of bytes the write will block (forever

3280

# - because no one is yet reading).

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3281

message = b"x" * (1024 * 32 - 1) + b"y"

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3282

server.sendall(message)

3283

accum = []

3284

received = 0

3285

while received < len(message):

Jean-Paul Calderone

b1f7f5f

2010-08-22 21:40:52 -0400

[diff] [blame]

3286

data = client.recv(1024)

3287

accum.append(data)

3288

received += len(data)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3289

assert message == b"".join(accum)

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3290

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

3291

def test_closed(self):

3292

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3293

If the underlying socket is closed, `Connection.sendall` propagates the

3294

write error from the low level write call.

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

3295

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3296

server, client = loopback()

Jean-Paul Calderone

05d43e8

2010-09-24 18:01:36 -0400

[diff] [blame]

3297

server.sock_shutdown(2)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3298

with pytest.raises(SysCallError) as err:

3299

server.sendall(b"hello, world")

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

3300

if platform == "win32":

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3301

assert err.value.args[0] == ESHUTDOWN

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

3302

else:

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3303

assert err.value.args[0] == EPIPE

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

3304

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3305

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3306

class TestConnectionRenegotiate(object):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3307

"""

3308

Tests for SSL renegotiation APIs.

3309

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3310

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

3311

def test_total_renegotiations(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3312

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3313

`Connection.total_renegotiations` returns `0` before any renegotiations

3314

have happened.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3315

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

3316

connection = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3317

assert connection.total_renegotiations() == 0

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

3318

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

3319

def test_renegotiate(self):

3320

"""

3321

Go through a complete renegotiation cycle.

3322

"""

Paul Kehrer

2019-01-21 12:24:02 -0600

[diff] [blame]

3323

server, client = loopback(

3324

lambda s: loopback_server_factory(s, TLSv1_2_METHOD),

3325

lambda s: loopback_client_factory(s, TLSv1_2_METHOD),

3326

)

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3327

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

3328

server.send(b"hello world")

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3329

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

3330

assert b"hello world" == client.recv(len(b"hello world"))

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3331

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

3332

assert 0 == server.total_renegotiations()

3333

assert False is server.renegotiate_pending()

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3334

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

3335

assert True is server.renegotiate()

3336

3337

assert True is server.renegotiate_pending()

3338

3339

server.setblocking(False)

3340

client.setblocking(False)

3341

3342

client.do_handshake()

3343

server.do_handshake()

3344

3345

assert 1 == server.total_renegotiations()

3346

while False is server.renegotiate_pending():

3347

pass

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3348

3349

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3350

class TestError(object):

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3351

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3352

Unit tests for `OpenSSL.SSL.Error`.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3353

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3354

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3355

def test_type(self):

3356

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3357

`Error` is an exception type.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3358

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3359

assert issubclass(Error, Exception)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3360

assert Error.__name__ == "Error"

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

3361

3362

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3363

class TestConstants(object):

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3364

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3365

Tests for the values of constants exposed in `OpenSSL.SSL`.

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3366

3367

These are values defined by OpenSSL intended only to be used as flags to

3368

OpenSSL APIs. The only assertions it seems can be made about them is

3369

their values.

3370

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3371

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3372

@pytest.mark.skipif(

3373

OP_NO_QUERY_MTU is None,

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3374

reason="OP_NO_QUERY_MTU unavailable - OpenSSL version may be too old",

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3375

)

3376

def test_op_no_query_mtu(self):

3377

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3378

The value of `OpenSSL.SSL.OP_NO_QUERY_MTU` is 0x1000, the value

3379

of `SSL_OP_NO_QUERY_MTU` defined by `openssl/ssl.h`.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3380

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3381

assert OP_NO_QUERY_MTU == 0x1000

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3382

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3383

@pytest.mark.skipif(

3384

OP_COOKIE_EXCHANGE is None,

3385

reason="OP_COOKIE_EXCHANGE unavailable - "

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3386

"OpenSSL version may be too old",

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3387

)

3388

def test_op_cookie_exchange(self):

3389

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3390

The value of `OpenSSL.SSL.OP_COOKIE_EXCHANGE` is 0x2000, the

3391

value of `SSL_OP_COOKIE_EXCHANGE` defined by `openssl/ssl.h`.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3392

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3393

assert OP_COOKIE_EXCHANGE == 0x2000

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3394

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3395

@pytest.mark.skipif(

3396

OP_NO_TICKET is None,

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3397

reason="OP_NO_TICKET unavailable - OpenSSL version may be too old",

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3398

)

3399

def test_op_no_ticket(self):

3400

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3401

The value of `OpenSSL.SSL.OP_NO_TICKET` is 0x4000, the value of

3402

`SSL_OP_NO_TICKET` defined by `openssl/ssl.h`.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3403

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3404

assert OP_NO_TICKET == 0x4000

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3405

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3406

@pytest.mark.skipif(

3407

OP_NO_COMPRESSION is None,

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3408

reason=(

3409

"OP_NO_COMPRESSION unavailable - OpenSSL version may be too old"

3410

),

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3411

)

3412

def test_op_no_compression(self):

3413

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3414

The value of `OpenSSL.SSL.OP_NO_COMPRESSION` is 0x20000, the

3415

value of `SSL_OP_NO_COMPRESSION` defined by `openssl/ssl.h`.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3416

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3417

assert OP_NO_COMPRESSION == 0x20000

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

3418

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3419

def test_sess_cache_off(self):

3420

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3421

The value of `OpenSSL.SSL.SESS_CACHE_OFF` 0x0, the value of

3422

`SSL_SESS_CACHE_OFF` defined by `openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3423

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3424

assert 0x0 == SESS_CACHE_OFF

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3425

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3426

def test_sess_cache_client(self):

3427

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3428

The value of `OpenSSL.SSL.SESS_CACHE_CLIENT` 0x1, the value of

3429

`SSL_SESS_CACHE_CLIENT` defined by `openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3430

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3431

assert 0x1 == SESS_CACHE_CLIENT

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3432

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3433

def test_sess_cache_server(self):

3434

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3435

The value of `OpenSSL.SSL.SESS_CACHE_SERVER` 0x2, the value of

3436

`SSL_SESS_CACHE_SERVER` defined by `openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3437

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3438

assert 0x2 == SESS_CACHE_SERVER

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3439

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3440

def test_sess_cache_both(self):

3441

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3442

The value of `OpenSSL.SSL.SESS_CACHE_BOTH` 0x3, the value of

3443

`SSL_SESS_CACHE_BOTH` defined by `openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3444

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3445

assert 0x3 == SESS_CACHE_BOTH

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3446

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3447

def test_sess_cache_no_auto_clear(self):

3448

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3449

The value of `OpenSSL.SSL.SESS_CACHE_NO_AUTO_CLEAR` 0x80, the

3450

value of `SSL_SESS_CACHE_NO_AUTO_CLEAR` defined by

3451

`openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3452

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3453

assert 0x80 == SESS_CACHE_NO_AUTO_CLEAR

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3454

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3455

def test_sess_cache_no_internal_lookup(self):

3456

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3457

The value of `OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_LOOKUP` 0x100,

3458

the value of `SSL_SESS_CACHE_NO_INTERNAL_LOOKUP` defined by

3459

`openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3460

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3461

assert 0x100 == SESS_CACHE_NO_INTERNAL_LOOKUP

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3462

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3463

def test_sess_cache_no_internal_store(self):

3464

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3465

The value of `OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_STORE` 0x200,

3466

the value of `SSL_SESS_CACHE_NO_INTERNAL_STORE` defined by

3467

`openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3468

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3469

assert 0x200 == SESS_CACHE_NO_INTERNAL_STORE

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3470

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3471

def test_sess_cache_no_internal(self):

3472

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3473

The value of `OpenSSL.SSL.SESS_CACHE_NO_INTERNAL` 0x300, the

3474

value of `SSL_SESS_CACHE_NO_INTERNAL` defined by

3475

`openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3476

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3477

assert 0x300 == SESS_CACHE_NO_INTERNAL

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3478

3479

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3480

class TestMemoryBIO(object):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3481

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3482

Tests for `OpenSSL.SSL.Connection` using a memory BIO.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3483

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3484

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3485

def _server(self, sock):

3486

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3487

Create a new server-side SSL `Connection` object wrapped around `sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3488

"""

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3489

# Create the server side Connection. This is mostly setup boilerplate

3490

# - use TLSv1, use a particular certificate, etc.

3491

server_ctx = Context(TLSv1_METHOD)

Alex Gaynor

4330778

2015-09-04 09:05:45 -0400

[diff] [blame]

3492

server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE)

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3493

server_ctx.set_verify(

3494

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT | VERIFY_CLIENT_ONCE,

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3495

verify_cb,

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3496

)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3497

server_store = server_ctx.get_cert_store()

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3498

server_ctx.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3499

load_privatekey(FILETYPE_PEM, server_key_pem)

3500

)

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3501

server_ctx.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3502

load_certificate(FILETYPE_PEM, server_cert_pem)

3503

)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3504

server_ctx.check_privatekey()

3505

server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3506

# Here the Connection is actually created. If None is passed as the

3507

# 2nd parameter, it indicates a memory BIO should be created.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3508

server_conn = Connection(server_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3509

server_conn.set_accept_state()

3510

return server_conn

3511

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3512

def _client(self, sock):

3513

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3514

Create a new client-side SSL `Connection` object wrapped around `sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3515

"""

3516

# Now create the client side Connection. Similar boilerplate to the

3517

# above.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3518

client_ctx = Context(TLSv1_METHOD)

Alex Gaynor

4330778

2015-09-04 09:05:45 -0400

[diff] [blame]

3519

client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE)

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3520

client_ctx.set_verify(

3521

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT | VERIFY_CLIENT_ONCE,

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3522

verify_cb,

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3523

)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3524

client_store = client_ctx.get_cert_store()

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3525

client_ctx.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3526

load_privatekey(FILETYPE_PEM, client_key_pem)

3527

)

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3528

client_ctx.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3529

load_certificate(FILETYPE_PEM, client_cert_pem)

3530

)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3531

client_ctx.check_privatekey()

3532

client_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3533

client_conn = Connection(client_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3534

client_conn.set_connect_state()

3535

return client_conn

3536

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3537

def test_memory_connect(self):

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3538

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3539

Two `Connection`s which use memory BIOs can be manually connected by

3540

reading from the output of each and writing those bytes to the input of

3541

the other and in this way establish a connection and exchange

3542

application-level bytes with each other.

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3543

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3544

server_conn = self._server(None)

3545

client_conn = self._client(None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3546

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3547

# There should be no key or nonces yet.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3548

assert server_conn.master_key() is None

3549

assert server_conn.client_random() is None

3550

assert server_conn.server_random() is None

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3551

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3552

# First, the handshake needs to happen. We'll deliver bytes back and

3553

# forth between the client and server until neither of them feels like

3554

# speaking any more.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3555

assert interact_in_memory(client_conn, server_conn) is None

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3556

3557

# Now that the handshake is done, there should be a key and nonces.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3558

assert server_conn.master_key() is not None

3559

assert server_conn.client_random() is not None

3560

assert server_conn.server_random() is not None

3561

assert server_conn.client_random() == client_conn.client_random()

3562

assert server_conn.server_random() == client_conn.server_random()

3563

assert server_conn.client_random() != server_conn.server_random()

3564

assert client_conn.client_random() != client_conn.server_random()

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3565

Paul Kehrer

2017-12-01 04:54:32 +0800

[diff] [blame]

3566

# Export key material for other uses.

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3567

cekm = client_conn.export_keying_material(b"LABEL", 32)

3568

sekm = server_conn.export_keying_material(b"LABEL", 32)

Paul Kehrer

2017-12-01 04:54:32 +0800

[diff] [blame]

3569

assert cekm is not None

3570

assert sekm is not None

3571

assert cekm == sekm

3572

assert len(sekm) == 32

3573

3574

# Export key material for other uses with additional context.

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3575

cekmc = client_conn.export_keying_material(b"LABEL", 32, b"CONTEXT")

3576

sekmc = server_conn.export_keying_material(b"LABEL", 32, b"CONTEXT")

Paul Kehrer

2017-12-01 04:54:32 +0800

[diff] [blame]

3577

assert cekmc is not None

3578

assert sekmc is not None

3579

assert cekmc == sekmc

3580

assert cekmc != cekm

3581

assert sekmc != sekm

3582

# Export with alternate label

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3583

cekmt = client_conn.export_keying_material(b"test", 32, b"CONTEXT")

3584

sekmt = server_conn.export_keying_material(b"test", 32, b"CONTEXT")

Paul Kehrer

2017-12-01 04:54:32 +0800

[diff] [blame]

3585

assert cekmc != cekmt

3586

assert sekmc != sekmt

3587

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3588

# Here are the bytes we'll try to send.

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3589

important_message = b"One if by land, two if by sea."

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3590

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3591

server_conn.write(important_message)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3592

assert interact_in_memory(client_conn, server_conn) == (

3593

client_conn,

3594

important_message,

3595

)

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3596

3597

client_conn.write(important_message[::-1])

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3598

assert interact_in_memory(client_conn, server_conn) == (

3599

server_conn,

3600

important_message[::-1],

3601

)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3602

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3603

def test_socket_connect(self):

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3604

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3605

Just like `test_memory_connect` but with an actual socket.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3606

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3607

This is primarily to rule out the memory BIO code as the source of any

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3608

problems encountered while passing data over a `Connection` (if

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3609

this test fails, there must be a problem outside the memory BIO code,

3610

as no memory BIO is involved here). Even though this isn't a memory

3611

BIO test, it's convenient to have it here.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3612

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3613

server_conn, client_conn = loopback()

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3614

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

3615

important_message = b"Help me Obi Wan Kenobi, you're my only hope."

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3616

client_conn.send(important_message)

3617

msg = server_conn.recv(1024)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3618

assert msg == important_message

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3619

3620

# Again in the other direction, just for fun.

3621

important_message = important_message[::-1]

3622

server_conn.send(important_message)

3623

msg = client_conn.recv(1024)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3624

assert msg == important_message

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3625

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3626

def test_socket_overrides_memory(self):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3627

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3628

Test that `OpenSSL.SSL.bio_read` and `OpenSSL.SSL.bio_write` don't

3629

work on `OpenSSL.SSL.Connection`() that use sockets.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3630

"""

Alex Gaynor

51d424c

2016-09-10 14:50:11 -0400

[diff] [blame]

3631

context = Context(TLSv1_METHOD)

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

3632

client = socket_any_family()

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3633

clientSSL = Connection(context, client)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3634

with pytest.raises(TypeError):

3635

clientSSL.bio_read(100)

3636

with pytest.raises(TypeError):

3637

clientSSL.bio_write("foo")

3638

with pytest.raises(TypeError):

3639

clientSSL.bio_shutdown()

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3640

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3641

def test_outgoing_overflow(self):

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3642

"""

3643

If more bytes than can be written to the memory BIO are passed to

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3644

`Connection.send` at once, the number of bytes which were written is

3645

returned and that many bytes from the beginning of the input can be

3646

read from the other end of the connection.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3647

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3648

server = self._server(None)

3649

client = self._client(None)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3650

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3651

interact_in_memory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3652

3653

size = 2 ** 15

Jean-Paul Calderone

4f0467a

2014-01-11 11:58:41 -0500

[diff] [blame]

3654

sent = client.send(b"x" * size)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3655

# Sanity check. We're trying to test what happens when the entire

3656

# input can't be sent. If the entire input was sent, this test is

3657

# meaningless.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3658

assert sent < size

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3659

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3660

receiver, received = interact_in_memory(client, server)

3661

assert receiver is server

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3662

3663

# We can rely on all of these bytes being received at once because

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3664

# loopback passes 2 ** 16 to recv - more than 2 ** 15.

3665

assert len(received) == sent

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3666

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3667

def test_shutdown(self):

3668

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3669

`Connection.bio_shutdown` signals the end of the data stream

3670

from which the `Connection` reads.

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3671

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3672

server = self._server(None)

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3673

server.bio_shutdown()

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3674

with pytest.raises(Error) as err:

3675

server.recv(1024)

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3676

# We don't want WantReadError or ZeroReturnError or anything - it's a

3677

# handshake failure.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3678

assert type(err.value) in [Error, SysCallError]

Jean-Paul Calderone

0b88b6a

2009-07-05 12:44:41 -0400

[diff] [blame]

3679

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3680

def test_unexpected_EOF(self):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3681

"""

3682

If the connection is lost before an orderly SSL shutdown occurs,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3683

`OpenSSL.SSL.SysCallError` is raised with a message of

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3684

"Unexpected EOF".

3685

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3686

server_conn, client_conn = loopback()

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3687

client_conn.sock_shutdown(SHUT_RDWR)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3688

with pytest.raises(SysCallError) as err:

3689

server_conn.recv(1024)

3690

assert err.value.args == (-1, "Unexpected EOF")

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3691

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3692

def _check_client_ca_list(self, func):

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3693

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3694

Verify the return value of the `get_client_ca_list` method for

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3695

server and client connections.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3696

Jonathan Ballet

78b92a2

2011-07-16 08:07:26 +0900

[diff] [blame]

3697

:param func: A function which will be called with the server context

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3698

before the client and server are connected to each other. This

3699

function should specify a list of CAs for the server to send to the

3700

client and return that same list. The list will be used to verify

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3701

that `get_client_ca_list` returns the proper value at

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3702

various times.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3703

"""

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3704

server = self._server(None)

3705

client = self._client(None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3706

assert client.get_client_ca_list() == []

3707

assert server.get_client_ca_list() == []

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3708

ctx = server.get_context()

3709

expected = func(ctx)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3710

assert client.get_client_ca_list() == []

3711

assert server.get_client_ca_list() == expected

3712

interact_in_memory(client, server)

3713

assert client.get_client_ca_list() == expected

3714

assert server.get_client_ca_list() == expected

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3715

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3716

def test_set_client_ca_list_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3717

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3718

`Context.set_client_ca_list` raises a `TypeError` if called with a

3719

non-list or a list that contains objects other than X509Names.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3720

"""

3721

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3722

with pytest.raises(TypeError):

3723

ctx.set_client_ca_list("spam")

3724

with pytest.raises(TypeError):

3725

ctx.set_client_ca_list(["spam"])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3726

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3727

def test_set_empty_ca_list(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3728

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3729

If passed an empty list, `Context.set_client_ca_list` configures the

3730

context to send no CA names to the client and, on both the server and

3731

client sides, `Connection.get_client_ca_list` returns an empty list

3732

after the connection is set up.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3733

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3734

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3735

def no_ca(ctx):

3736

ctx.set_client_ca_list([])

3737

return []

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3738

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3739

self._check_client_ca_list(no_ca)

3740

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3741

def test_set_one_ca_list(self):

3742

"""

3743

If passed a list containing a single X509Name,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3744

`Context.set_client_ca_list` configures the context to send

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3745

that CA name to the client and, on both the server and client sides,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3746

`Connection.get_client_ca_list` returns a list containing that

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3747

X509Name after the connection is set up.

3748

"""

3749

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3750

cadesc = cacert.get_subject()

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3751

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3752

def single_ca(ctx):

3753

ctx.set_client_ca_list([cadesc])

3754

return [cadesc]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3755

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3756

self._check_client_ca_list(single_ca)

3757

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3758

def test_set_multiple_ca_list(self):

3759

"""

3760

If passed a list containing multiple X509Name objects,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3761

`Context.set_client_ca_list` configures the context to send

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3762

those CA names to the client and, on both the server and client sides,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3763

`Connection.get_client_ca_list` returns a list containing those

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3764

X509Names after the connection is set up.

3765

"""

3766

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3767

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3768

3769

sedesc = secert.get_subject()

3770

cldesc = clcert.get_subject()

3771

3772

def multiple_ca(ctx):

3773

L = [sedesc, cldesc]

3774

ctx.set_client_ca_list(L)

3775

return L

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3776

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3777

self._check_client_ca_list(multiple_ca)

3778

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3779

def test_reset_ca_list(self):

3780

"""

3781

If called multiple times, only the X509Names passed to the final call

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3782

of `Context.set_client_ca_list` are used to configure the CA

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3783

names sent to the client.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3784

"""

3785

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3786

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3787

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3788

3789

cadesc = cacert.get_subject()

3790

sedesc = secert.get_subject()

3791

cldesc = clcert.get_subject()

3792

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3793

def changed_ca(ctx):

3794

ctx.set_client_ca_list([sedesc, cldesc])

3795

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3796

return [cadesc]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3797

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3798

self._check_client_ca_list(changed_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3799

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3800

def test_mutated_ca_list(self):

3801

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3802

If the list passed to `Context.set_client_ca_list` is mutated

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3803

afterwards, this does not affect the list of CA names sent to the

3804

client.

3805

"""

3806

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3807

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3808

3809

cadesc = cacert.get_subject()

3810

sedesc = secert.get_subject()

3811

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3812

def mutated_ca(ctx):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3813

L = [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3814

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3815

L.append(sedesc)

3816

return [cadesc]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3817

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3818

self._check_client_ca_list(mutated_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3819

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3820

def test_add_client_ca_wrong_args(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3821

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3822

`Context.add_client_ca` raises `TypeError` if called with

3823

a non-X509 object.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3824

"""

3825

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3826

with pytest.raises(TypeError):

3827

ctx.add_client_ca("spam")

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3828

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3829

def test_one_add_client_ca(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3830

"""

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3831

A certificate's subject can be added as a CA to be sent to the client

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3832

with `Context.add_client_ca`.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3833

"""

3834

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3835

cadesc = cacert.get_subject()

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3836

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3837

def single_ca(ctx):

3838

ctx.add_client_ca(cacert)

3839

return [cadesc]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3840

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3841

self._check_client_ca_list(single_ca)

3842

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3843

def test_multiple_add_client_ca(self):

3844

"""

3845

Multiple CA names can be sent to the client by calling

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3846

`Context.add_client_ca` with multiple X509 objects.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3847

"""

3848

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3849

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3850

3851

cadesc = cacert.get_subject()

3852

sedesc = secert.get_subject()

3853

3854

def multiple_ca(ctx):

3855

ctx.add_client_ca(cacert)

3856

ctx.add_client_ca(secert)

3857

return [cadesc, sedesc]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3858

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3859

self._check_client_ca_list(multiple_ca)

3860

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3861

def test_set_and_add_client_ca(self):

3862

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3863

A call to `Context.set_client_ca_list` followed by a call to

3864

`Context.add_client_ca` results in using the CA names from the

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3865

first call and the CA name from the second call.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3866

"""

3867

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3868

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3869

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3870

3871

cadesc = cacert.get_subject()

3872

sedesc = secert.get_subject()

3873

cldesc = clcert.get_subject()

3874

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3875

def mixed_set_add_ca(ctx):

3876

ctx.set_client_ca_list([cadesc, sedesc])

3877

ctx.add_client_ca(clcert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3878

return [cadesc, sedesc, cldesc]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3879

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3880

self._check_client_ca_list(mixed_set_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3881

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3882

def test_set_after_add_client_ca(self):

3883

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3884

A call to `Context.set_client_ca_list` after a call to

3885

`Context.add_client_ca` replaces the CA name specified by the

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3886

former call with the names specified by the latter call.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3887

"""

3888

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3889

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3890

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3891

3892

cadesc = cacert.get_subject()

3893

sedesc = secert.get_subject()

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3894

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3895

def set_replaces_add_ca(ctx):

3896

ctx.add_client_ca(clcert)

3897

ctx.set_client_ca_list([cadesc])

3898

ctx.add_client_ca(secert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3899

return [cadesc, sedesc]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3900

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3901

self._check_client_ca_list(set_replaces_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3902

Jean-Paul Calderone

0b88b6a

2009-07-05 12:44:41 -0400

[diff] [blame]

3903

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3904

class TestInfoConstants(object):

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

3905

"""

3906

Tests for assorted constants exposed for use in info callbacks.

3907

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3908

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

3909

def test_integers(self):

3910

"""

3911

All of the info constants are integers.

3912

3913

This is a very weak test. It would be nice to have one that actually

3914

verifies that as certain info events happen, the value passed to the

3915

info callback matches up with the constant exposed by OpenSSL.SSL.

3916

"""

3917

for const in [

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

SSL_ST_CONNECT,

SSL_ST_ACCEPT,

SSL_ST_MASK,

SSL_CB_LOOP,

SSL_CB_EXIT,

SSL_CB_READ,

SSL_CB_WRITE,

SSL_CB_ALERT,

SSL_CB_READ_ALERT,

SSL_CB_WRITE_ALERT,

SSL_CB_ACCEPT_LOOP,

SSL_CB_ACCEPT_EXIT,

SSL_CB_CONNECT_LOOP,

SSL_CB_CONNECT_EXIT,

SSL_CB_HANDSHAKE_START,

3933

SSL_CB_HANDSHAKE_DONE,

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3934

]:

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

3935

assert isinstance(const, int)

3936

3937

# These constants don't exist on OpenSSL 1.1.0

3938

for const in [

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

SSL_ST_INIT,

SSL_ST_BEFORE,

SSL_ST_OK,

SSL_ST_RENEGOTIATE,

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

3943

]:

3944

assert const is None or isinstance(const, int)

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

3945

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

3946

Cory Benfield

1d14214

2016-03-30 11:51:45 +0100

[diff] [blame]

3947

class TestRequires(object):

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3948

"""

3949

Tests for the decorator factory used to conditionally raise

Cory Benfield

1d14214

2016-03-30 11:51:45 +0100

[diff] [blame]

3950

NotImplementedError when older OpenSSLs are used.

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3951

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3952

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3953

def test_available(self):

3954

"""

3955

When the OpenSSL functionality is available the decorated functions

3956

work appropriately.

3957

"""

3958

feature_guard = _make_requires(True, "Error text")

results = []

@feature_guard

def inner():

results.append(True)

return True

Cory Benfield

2016-03-30 14:24:16 +0100

[diff] [blame]

3966

assert inner() is True

3967

assert [True] == results

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3968

3969

def test_unavailable(self):

3970

"""

3971

When the OpenSSL functionality is not available the decorated function

3972

does not execute and NotImplementedError is raised.

3973

"""

3974

feature_guard = _make_requires(False, "Error text")

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3975

3976

@feature_guard

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

3977

def inner(): # pragma: nocover

3978

pytest.fail("Should not be called")

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3979

Cory Benfield

1d14214

2016-03-30 11:51:45 +0100

[diff] [blame]

3980

with pytest.raises(NotImplementedError) as e:

3981

inner()

3982

3983

assert "Error text" in str(e.value)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3984

3985

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3986

class TestOCSP(object):

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3987

"""

3988

Tests for PyOpenSSL's OCSP stapling support.

3989

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

3990

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3991

sample_ocsp_data = b"this is totally ocsp data"

3992

3993

def _client_connection(self, callback, data, request_ocsp=True):

3994

"""

3995

Builds a client connection suitable for using OCSP.

3996

3997

:param callback: The callback to register for OCSP.

3998

:param data: The opaque data object that will be handed to the

3999

OCSP callback.

4000

:param request_ocsp: Whether the client will actually ask for OCSP

4001

stapling. Useful for testing only.

4002

"""

4003

ctx = Context(SSLv23_METHOD)

4004

ctx.set_ocsp_client_callback(callback, data)

4005

client = Connection(ctx)

4006

4007

if request_ocsp:

4008

client.request_ocsp()

4009

4010

client.set_connect_state()

4011

return client

4012

4013

def _server_connection(self, callback, data):

4014

"""

4015

Builds a server connection suitable for using OCSP.

4016

4017

:param callback: The callback to register for OCSP.

4018

:param data: The opaque data object that will be handed to the

4019

OCSP callback.

4020

"""

4021

ctx = Context(SSLv23_METHOD)

4022

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

4023

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

4024

ctx.set_ocsp_server_callback(callback, data)

4025

server = Connection(ctx)

4026

server.set_accept_state()

4027

return server

4028

4029

def test_callbacks_arent_called_by_default(self):

4030

"""

4031

If both the client and the server have registered OCSP callbacks, but

4032

the client does not send the OCSP request, neither callback gets

4033

called.

4034

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

4035

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

4036

def ocsp_callback(*args, **kwargs): # pragma: nocover

4037

pytest.fail("Should not be called")

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4038

4039

client = self._client_connection(

4040

callback=ocsp_callback, data=None, request_ocsp=False

4041

)

4042

server = self._server_connection(callback=ocsp_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4043

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4044

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4045

def test_client_negotiates_without_server(self):

4046

"""

4047

If the client wants to do OCSP but the server does not, the handshake

4048

succeeds, and the client callback fires with an empty byte string.

"""

called = []

def ocsp_callback(conn, ocsp_data, ignored):

4053

called.append(ocsp_data)

4054

return True

4055

4056

client = self._client_connection(callback=ocsp_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4057

server = loopback_server_factory(socket=None)

4058

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4059

4060

assert len(called) == 1

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

4061

assert called[0] == b""

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4062

4063

def test_client_receives_servers_data(self):

4064

"""

4065

The data the server sends in its callback is received by the client.

"""

calls = []

def server_callback(*args, **kwargs):

4070

return self.sample_ocsp_data

4071

4072

def client_callback(conn, ocsp_data, ignored):

4073

calls.append(ocsp_data)

4074

return True

4075

4076

client = self._client_connection(callback=client_callback, data=None)

4077

server = self._server_connection(callback=server_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4078

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4079

4080

assert len(calls) == 1

4081

assert calls[0] == self.sample_ocsp_data

4082

4083

def test_callbacks_are_invoked_with_connections(self):

4084

"""

4085

The first arguments to both callbacks are their respective connections.

"""

client_calls = []

server_calls = []

def client_callback(conn, *args, **kwargs):

4091

client_calls.append(conn)

4092

return True

4093

4094

def server_callback(conn, *args, **kwargs):

4095

server_calls.append(conn)

4096

return self.sample_ocsp_data

4097

4098

client = self._client_connection(callback=client_callback, data=None)

4099

server = self._server_connection(callback=server_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4100

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4101

4102

assert len(client_calls) == 1

4103

assert len(server_calls) == 1

4104

assert client_calls[0] is client

4105

assert server_calls[0] is server

4106

4107

def test_opaque_data_is_passed_through(self):

4108

"""

4109

Both callbacks receive an opaque, user-provided piece of data in their

4110

callbacks as the final argument.

"""

calls = []

def server_callback(*args):

4115

calls.append(args)

4116

return self.sample_ocsp_data

4117

4118

def client_callback(*args):

calls.append(args)

return True

sentinel = object()

client = self._client_connection(

4125

callback=client_callback, data=sentinel

4126

)

4127

server = self._server_connection(

4128

callback=server_callback, data=sentinel

4129

)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4130

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4131

4132

assert len(calls) == 2

4133

assert calls[0][-1] is sentinel

4134

assert calls[1][-1] is sentinel

4135

4136

def test_server_returns_empty_string(self):

4137

"""

4138

If the server returns an empty bytestring from its callback, the

4139

client callback is called with the empty bytestring.

"""

client_calls = []

def server_callback(*args):

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

4144

return b""

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4145

4146

def client_callback(conn, ocsp_data, ignored):

4147

client_calls.append(ocsp_data)

4148

return True

4149

4150

client = self._client_connection(callback=client_callback, data=None)

4151

server = self._server_connection(callback=server_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4152

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4153

4154

assert len(client_calls) == 1

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

4155

assert client_calls[0] == b""

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4156

4157

def test_client_returns_false_terminates_handshake(self):

4158

"""

4159

If the client returns False from its callback, the handshake fails.

4160

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

4161

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4162

def server_callback(*args):

4163

return self.sample_ocsp_data

4164

4165

def client_callback(*args):

4166

return False

4167

4168

client = self._client_connection(callback=client_callback, data=None)

4169

server = self._server_connection(callback=server_callback, data=None)

4170

4171

with pytest.raises(Error):

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4172

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4173

4174

def test_exceptions_in_client_bubble_up(self):

4175

"""

4176

The callbacks thrown in the client callback bubble up to the caller.

4177

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

4178

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4179

class SentinelException(Exception):

4180

pass

4181

4182

def server_callback(*args):

4183

return self.sample_ocsp_data

4184

4185

def client_callback(*args):

4186

raise SentinelException()

4187

4188

client = self._client_connection(callback=client_callback, data=None)

4189

server = self._server_connection(callback=server_callback, data=None)

4190

4191

with pytest.raises(SentinelException):

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4192

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4193

4194

def test_exceptions_in_server_bubble_up(self):

4195

"""

4196

The callbacks thrown in the server callback bubble up to the caller.

4197

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

4198

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4199

class SentinelException(Exception):

4200

pass

4201

4202

def server_callback(*args):

4203

raise SentinelException()

4204

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

4205

def client_callback(*args): # pragma: nocover

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4206

pytest.fail("Should not be called")

4207

4208

client = self._client_connection(callback=client_callback, data=None)

4209

server = self._server_connection(callback=server_callback, data=None)

4210

4211

with pytest.raises(SentinelException):

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4212

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4213

4214

def test_server_must_return_bytes(self):

4215

"""

4216

The server callback must return a bytestring, or a TypeError is thrown.

4217

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

4218

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4219

def server_callback(*args):

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame^]

4220

return self.sample_ocsp_data.decode("ascii")

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4221

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

4222

def client_callback(*args): # pragma: nocover

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4223

pytest.fail("Should not be called")

4224

4225

client = self._client_connection(callback=client_callback, data=None)

4226

server = self._server_connection(callback=server_callback, data=None)

4227

4228

with pytest.raises(TypeError):

Alex Chan