Blame - tests/test_ssl.py - platform/external/python/pyopenssl

2008-03-21 17:04:05 -0400

[diff] [blame]

4

"""

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

5

Unit tests for :mod:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

6

"""

7

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

8

import datetime

Maximilian Hils

868dc3c

2017-02-10 14:56:55 +0100

[diff] [blame]

9

import sys

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

10

import uuid

11

Jean-Paul Calderone

4c1aacd

2014-01-11 08:15:17 -0500

[diff] [blame]

12

from gc import collect, get_referrers

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

13

from errno import ECONNREFUSED, EINPROGRESS, EWOULDBLOCK, EPIPE, ESHUTDOWN

Jeremy Lainé

1ae7cb6

2018-03-21 14:49:42 +0100

[diff] [blame^]

14

from sys import platform, getfilesystemencoding

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

15

from socket import MSG_PEEK, SHUT_RDWR, error, socket

Jean-Paul Calderone

a65cf6c

2009-07-19 10:26:52 -0400

[diff] [blame]

16

from os import makedirs

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

17

from os.path import join

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

18

from weakref import ref

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

19

from warnings import simplefilter

Jean-Paul Calderone

460cc1f

2009-03-07 11:31:12 -0500

[diff] [blame]

20

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

21

import pytest

22

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

23

from pretend import raiser

24

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

25

from six import PY3, text_type

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

26

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

27

from cryptography import x509

28

from cryptography.hazmat.backends import default_backend

29

from cryptography.hazmat.primitives import hashes

30

from cryptography.hazmat.primitives import serialization

31

from cryptography.hazmat.primitives.asymmetric import rsa

32

from cryptography.x509.oid import NameOID

33

34

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

35

from OpenSSL.crypto import TYPE_RSA, FILETYPE_PEM

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

36

from OpenSSL.crypto import PKey, X509, X509Extension, X509Store

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

37

from OpenSSL.crypto import dump_privatekey, load_privatekey

38

from OpenSSL.crypto import dump_certificate, load_certificate

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

39

from OpenSSL.crypto import get_elliptic_curves

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

40

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

41

from OpenSSL.SSL import OPENSSL_VERSION_NUMBER, SSLEAY_VERSION, SSLEAY_CFLAGS

42

from OpenSSL.SSL import SSLEAY_PLATFORM, SSLEAY_DIR, SSLEAY_BUILT_ON

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

43

from OpenSSL.SSL import SENT_SHUTDOWN, RECEIVED_SHUTDOWN

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

44

from OpenSSL.SSL import (

45

SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD,

46

TLSv1_1_METHOD, TLSv1_2_METHOD)

47

from OpenSSL.SSL import OP_SINGLE_DH_USE, OP_NO_SSLv2, OP_NO_SSLv3

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

48

from OpenSSL.SSL import (

49

VERIFY_PEER, VERIFY_FAIL_IF_NO_PEER_CERT, VERIFY_CLIENT_ONCE, VERIFY_NONE)

Jean-Paul Calderone

0222a49

2011-09-08 18:26:03 -0400

[diff] [blame]

50

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

51

from OpenSSL import SSL

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

52

from OpenSSL.SSL import (

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

53

SESS_CACHE_OFF, SESS_CACHE_CLIENT, SESS_CACHE_SERVER, SESS_CACHE_BOTH,

54

SESS_CACHE_NO_AUTO_CLEAR, SESS_CACHE_NO_INTERNAL_LOOKUP,

55

SESS_CACHE_NO_INTERNAL_STORE, SESS_CACHE_NO_INTERNAL)

56

57

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

58

Error, SysCallError, WantReadError, WantWriteError, ZeroReturnError)

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

59

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

60

Context, ContextType, Session, Connection, ConnectionType, SSLeay_version)

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

61

from OpenSSL.SSL import _make_requires

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

62

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

63

from OpenSSL._util import ffi as _ffi, lib as _lib

Cory Benfield

ba1820d

2015-04-13 17:39:12 -0400

[diff] [blame]

64

Alex Gaynor

2016-07-31 10:54:24 -0400

[diff] [blame]

65

from OpenSSL.SSL import (

66

OP_NO_QUERY_MTU, OP_COOKIE_EXCHANGE, OP_NO_TICKET, OP_NO_COMPRESSION,

67

MODE_RELEASE_BUFFERS)

Jean-Paul Calderone

0222a49

2011-09-08 18:26:03 -0400

[diff] [blame]

68

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

69

from OpenSSL.SSL import (

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

70

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK,

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

71

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

72

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

73

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

74

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

75

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

76

try:

77

from OpenSSL.SSL import (

78

SSL_ST_INIT, SSL_ST_BEFORE, SSL_ST_OK, SSL_ST_RENEGOTIATE

79

)

80

except ImportError:

81

SSL_ST_INIT = SSL_ST_BEFORE = SSL_ST_OK = SSL_ST_RENEGOTIATE = None

82

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

83

from .util import WARNING_TYPE_EXPECTED, NON_ASCII, is_consistent_type

Hynek Schlawack

f0e6685

2015-10-16 20:18:38 +0200

[diff] [blame]

84

from .test_crypto import (

85

cleartextCertificatePEM, cleartextPrivateKeyPEM,

86

client_cert_pem, client_key_pem, server_cert_pem, server_key_pem,

87

root_cert_pem)

88

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

89

Alex Gaynor

d0bdd2d

2016-09-10 14:23:46 -0400

[diff] [blame]

90

# openssl dhparam 1024 -out dh-1024.pem (note that 1024 is a small number of

91

# bits to use)

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

92

dhparam = """\

93

-----BEGIN DH PARAMETERS-----

Alex Gaynor

d0bdd2d

2016-09-10 14:23:46 -0400

[diff] [blame]

94

MIGHAoGBALdUMvn+C9MM+y5BWZs11mSeH6HHoEq0UVbzVq7UojC1hbsZUuGukQ3a

95

Qh2/pwqb18BZFykrWB0zv/OkLa0kx4cuUgNrUVq1EFheBiX6YqryJ7t2sO09NQiO

96

V7H54LmltOT/hEh6QWsJqb6BQgH65bswvV/XkYGja8/T0GzvbaVzAgEC

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

97

-----END DH PARAMETERS-----

"""

Hynek Schlawack

2015-09-05 20:48:34 +0200

[diff] [blame]

101

skip_if_py3 = pytest.mark.skipif(PY3, reason="Python 2 only")

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

102

103

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

104

def join_bytes_or_unicode(prefix, suffix):

105

"""

106

Join two path components of either ``bytes`` or ``unicode``.

107

108

The return type is the same as the type of ``prefix``.

109

"""

110

# If the types are the same, nothing special is necessary.

111

if type(prefix) == type(suffix):

112

return join(prefix, suffix)

113

114

# Otherwise, coerce suffix to the type of prefix.

115

if isinstance(prefix, text_type):

116

return join(prefix, suffix.decode(getfilesystemencoding()))

117

else:

118

return join(prefix, suffix.encode(getfilesystemencoding()))

119

120

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

121

def verify_cb(conn, cert, errnum, depth, ok):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

122

return ok

123

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

124

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

125

def socket_pair():

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

126

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

127

Establish and return a pair of network sockets connected to each other.

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

128

"""

129

# Connect a pair of sockets

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(1)

client = socket()

client.setblocking(False)

Jean-Paul Calderone

f23c5d9

2009-07-23 17:58:15 -0400

[diff] [blame]

135

client.connect_ex(("127.0.0.1", port.getsockname()[1]))

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

136

client.setblocking(True)

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

137

server = port.accept()[0]

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

138

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

139

# Let's pass some unencrypted data to make sure our socket connection is

140

# fine. Just one byte, so we don't have to worry about buffers getting

141

# filled up or fragmentation.

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

142

server.send(b"x")

143

assert client.recv(1024) == b"x"

144

client.send(b"y")

145

assert server.recv(1024) == b"y"

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

146

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

147

# Most of our callers want non-blocking sockets, make it easy for them.

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

148

server.setblocking(False)

149

client.setblocking(False)

Jim Shaver

46f2891

2015-05-29 19:32:16 -0400

[diff] [blame]

150

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

151

return (server, client)

152

153

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

154

def handshake(client, server):

155

conns = [client, server]

while conns:

for conn in conns:

try:

conn.do_handshake()

except WantReadError:

pass

else:

conns.remove(conn)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

166

def _create_certificate_chain():

167

"""

168

Construct and return a chain of certificates.

169

170

1. A new self-signed certificate authority certificate (cacert)

171

2. A new intermediate certificate signed by cacert (icert)

172

3. A new server certificate signed by icert (scert)

173

"""

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

174

caext = X509Extension(b'basicConstraints', False, b'CA:true')

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

175

176

# Step 1

177

cakey = PKey()

Alex Gaynor

0737a5e

2016-09-10 14:35:09 -0400

[diff] [blame]

178

cakey.generate_key(TYPE_RSA, 1024)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

179

cacert = X509()

180

cacert.get_subject().commonName = "Authority Certificate"

181

cacert.set_issuer(cacert.get_subject())

182

cacert.set_pubkey(cakey)

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

183

cacert.set_notBefore(b"20000101000000Z")

184

cacert.set_notAfter(b"20200101000000Z")

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

185

cacert.add_extensions([caext])

186

cacert.set_serial_number(0)

187

cacert.sign(cakey, "sha1")

188

189

# Step 2

190

ikey = PKey()

Alex Gaynor

0737a5e

2016-09-10 14:35:09 -0400

[diff] [blame]

191

ikey.generate_key(TYPE_RSA, 1024)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

192

icert = X509()

193

icert.get_subject().commonName = "Intermediate Certificate"

194

icert.set_issuer(cacert.get_subject())

195

icert.set_pubkey(ikey)

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

196

icert.set_notBefore(b"20000101000000Z")

197

icert.set_notAfter(b"20200101000000Z")

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

198

icert.add_extensions([caext])

199

icert.set_serial_number(0)

200

icert.sign(cakey, "sha1")

201

202

# Step 3

203

skey = PKey()

Alex Gaynor

0737a5e

2016-09-10 14:35:09 -0400

[diff] [blame]

204

skey.generate_key(TYPE_RSA, 1024)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

205

scert = X509()

206

scert.get_subject().commonName = "Server Certificate"

207

scert.set_issuer(icert.get_subject())

208

scert.set_pubkey(skey)

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

209

scert.set_notBefore(b"20000101000000Z")

210

scert.set_notAfter(b"20200101000000Z")

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

211

scert.add_extensions([

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

212

X509Extension(b'basicConstraints', True, b'CA:false')])

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

213

scert.set_serial_number(0)

214

scert.sign(ikey, "sha1")

215

216

return [(cakey, cacert), (ikey, icert), (skey, scert)]

217

218

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

219

def loopback_client_factory(socket):

Alex Gaynor

85b1758

2017-08-07 11:52:08 -0400

[diff] [blame]

220

client = Connection(Context(SSLv23_METHOD), socket)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

221

client.set_connect_state()

return client

def loopback_server_factory(socket):

Alex Gaynor

85b1758

2017-08-07 11:52:08 -0400

[diff] [blame]

226

ctx = Context(SSLv23_METHOD)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

227

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

228

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

229

server = Connection(ctx, socket)

230

server.set_accept_state()

return server

def loopback(server_factory=None, client_factory=None):

235

"""

236

Create a connected socket pair and force two connected SSL sockets

237

to talk to each other via memory BIOs.

238

"""

239

if server_factory is None:

240

server_factory = loopback_server_factory

241

if client_factory is None:

242

client_factory = loopback_client_factory

243

244

(server, client) = socket_pair()

245

server = server_factory(server)

246

client = client_factory(client)

247

248

handshake(client, server)

249

250

server.setblocking(True)

251

client.setblocking(True)

252

return server, client

253

254

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

255

def interact_in_memory(client_conn, server_conn):

256

"""

257

Try to read application bytes from each of the two `Connection` objects.

258

Copy bytes back and forth between their send/receive buffers for as long

259

as there is anything to copy. When there is nothing more to copy,

260

return `None`. If one of them actually manages to deliver some application

261

bytes, return a two-tuple of the connection from which the bytes were read

262

and the bytes themselves.

"""

wrote = True

while wrote:

# Loop until neither side has anything to say

267

wrote = False

268

269

# Copy stuff from each side's send buffer to the other side's

270

# receive buffer.

271

for (read, write) in [(client_conn, server_conn),

272

(server_conn, client_conn)]:

273

274

# Give the side a chance to generate some more bytes, or succeed.

275

try:

276

data = read.recv(2 ** 16)

277

except WantReadError:

278

# It didn't succeed, so we'll hope it generated some output.

279

pass

280

else:

281

# It did succeed, so we'll stop now and let the caller deal

# with it.

return (read, data)

while True:

# Keep copying as long as there's more stuff there.

287

try:

288

dirty = read.bio_read(4096)

289

except WantReadError:

290

# Okay, nothing more waiting to be sent. Stop

291

# processing this send buffer.

292

break

293

else:

294

# Keep track of the fact that someone generated some

295

# output.

296

wrote = True

297

write.bio_write(dirty)

298

299

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

300

def handshake_in_memory(client_conn, server_conn):

301

"""

302

Perform the TLS handshake between two `Connection` instances connected to

303

each other via memory BIOs.

304

"""

305

client_conn.set_connect_state()

306

server_conn.set_accept_state()

307

308

for conn in [client_conn, server_conn]:

309

try:

310

conn.do_handshake()

311

except WantReadError:

312

pass

313

314

interact_in_memory(client_conn, server_conn)

315

316

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

317

class TestVersion(object):

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

318

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

319

Tests for version information exposed by `OpenSSL.SSL.SSLeay_version` and

320

`OpenSSL.SSL.OPENSSL_VERSION_NUMBER`.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

321

"""

322

def test_OPENSSL_VERSION_NUMBER(self):

323

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

324

`OPENSSL_VERSION_NUMBER` is an integer with status in the low byte and

325

the patch, fix, minor, and major versions in the nibbles above that.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

326

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

327

assert isinstance(OPENSSL_VERSION_NUMBER, int)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

328

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

329

def test_SSLeay_version(self):

330

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

331

`SSLeay_version` takes a version type indicator and returns one of a

332

number of version strings based on that indicator.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

333

"""

334

versions = {}

335

for t in [SSLEAY_VERSION, SSLEAY_CFLAGS, SSLEAY_BUILT_ON,

336

SSLEAY_PLATFORM, SSLEAY_DIR]:

337

version = SSLeay_version(t)

338

versions[version] = t

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

339

assert isinstance(version, bytes)

340

assert len(versions) == 5

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

341

342

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

343

@pytest.fixture

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

344

def ca_file(tmpdir):

345

"""

346

Create a valid PEM file with CA certificates and return the path.

347

"""

348

key = rsa.generate_private_key(

349

public_exponent=65537,

350

key_size=2048,

351

backend=default_backend()

352

)

353

public_key = key.public_key()

354

355

builder = x509.CertificateBuilder()

356

builder = builder.subject_name(x509.Name([

357

x509.NameAttribute(NameOID.COMMON_NAME, u"pyopenssl.org"),

358

]))

359

builder = builder.issuer_name(x509.Name([

360

x509.NameAttribute(NameOID.COMMON_NAME, u"pyopenssl.org"),

361

]))

362

one_day = datetime.timedelta(1, 0, 0)

363

builder = builder.not_valid_before(datetime.datetime.today() - one_day)

364

builder = builder.not_valid_after(datetime.datetime.today() + one_day)

365

builder = builder.serial_number(int(uuid.uuid4()))

366

builder = builder.public_key(public_key)

367

builder = builder.add_extension(

368

x509.BasicConstraints(ca=True, path_length=None), critical=True,

369

)

370

371

certificate = builder.sign(

372

private_key=key, algorithm=hashes.SHA256(),

373

backend=default_backend()

374

)

375

376

ca_file = tmpdir.join("test.pem")

377

ca_file.write_binary(

378

certificate.public_bytes(

379

encoding=serialization.Encoding.PEM,

)

)

return str(ca_file).encode("ascii")

384

385

386

@pytest.fixture

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

387

def context():

388

"""

389

A simple TLS 1.0 context.

390

"""

391

return Context(TLSv1_METHOD)

392

393

394

class TestContext(object):

Hynek Schlawack

aa86121

2016-03-13 13:53:48 +0100

[diff] [blame]

395

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

396

Unit tests for `OpenSSL.SSL.Context`.

Hynek Schlawack

aa86121

2016-03-13 13:53:48 +0100

[diff] [blame]

397

"""

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

398

@pytest.mark.parametrize("cipher_string", [

399

b"hello world:AES128-SHA",

400

u"hello world:AES128-SHA",

401

])

402

def test_set_cipher_list(self, context, cipher_string):

403

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

404

`Context.set_cipher_list` accepts both byte and unicode strings

Hynek Schlawack

a7a63af

2016-03-11 12:05:26 +0100

[diff] [blame]

405

for naming the ciphers which connections created with the context

406

object will be able to choose from.

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

407

"""

408

context.set_cipher_list(cipher_string)

409

conn = Connection(context, None)

410

411

assert "AES128-SHA" in conn.get_cipher_list()

412

413

@pytest.mark.parametrize("cipher_list,error", [

414

(object(), TypeError),

415

("imaginary-cipher", Error),

416

])

417

def test_set_cipher_list_wrong_args(self, context, cipher_list, error):

418

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

419

`Context.set_cipher_list` raises `TypeError` when passed a non-string

420

argument and raises `OpenSSL.SSL.Error` when passed an incorrect cipher

421

list string.

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

422

"""

423

with pytest.raises(error):

424

context.set_cipher_list(cipher_list)

425

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

426

def test_load_client_ca(self, context, ca_file):

427

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

428

`Context.load_client_ca` works as far as we can tell.

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

429

"""

430

context.load_client_ca(ca_file)

431

432

def test_load_client_ca_invalid(self, context, tmpdir):

433

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

434

`Context.load_client_ca` raises an Error if the ca file is invalid.

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

435

"""

436

ca_file = tmpdir.join("test.pem")

437

ca_file.write("")

438

439

with pytest.raises(Error) as e:

440

context.load_client_ca(str(ca_file).encode("ascii"))

441

442

assert "PEM routines" == e.value.args[0][0][0]

443

444

def test_load_client_ca_unicode(self, context, ca_file):

445

"""

446

Passing the path as unicode raises a warning but works.

447

"""

448

pytest.deprecated_call(

449

context.load_client_ca, ca_file.decode("ascii")

450

)

451

452

def test_set_session_id(self, context):

453

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

454

`Context.set_session_id` works as far as we can tell.

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

455

"""

456

context.set_session_id(b"abc")

457

458

def test_set_session_id_fail(self, context):

459

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

460

`Context.set_session_id` errors are propagated.

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

461

"""

462

with pytest.raises(Error) as e:

463

context.set_session_id(b"abc" * 1000)

assert [

("SSL routines",

"SSL_CTX_set_session_id_context",

468

"ssl session id context too long")

469

] == e.value.args[0]

470

471

def test_set_session_id_unicode(self, context):

472

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

473

`Context.set_session_id` raises a warning if a unicode string is

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

474

passed.

475

"""

476

pytest.deprecated_call(context.set_session_id, u"abc")

477

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

478

def test_method(self):

479

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

480

`Context` can be instantiated with one of `SSLv2_METHOD`,

481

`SSLv3_METHOD`, `SSLv23_METHOD`, `TLSv1_METHOD`, `TLSv1_1_METHOD`,

482

or `TLSv1_2_METHOD`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

483

"""

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

484

methods = [SSLv23_METHOD, TLSv1_METHOD]

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

485

for meth in methods:

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

486

Context(meth)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

487

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

488

maybe = [SSLv2_METHOD, SSLv3_METHOD, TLSv1_1_METHOD, TLSv1_2_METHOD]

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

for meth in maybe:

try:

Context(meth)

except (Error, ValueError):

493

# Some versions of OpenSSL have SSLv2 / TLSv1.1 / TLSv1.2, some

494

# don't. Difficult to say in advance.

495

pass

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

496

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

497

with pytest.raises(TypeError):

498

Context("")

499

with pytest.raises(ValueError):

500

Context(10)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

501

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

502

@skip_if_py3

503

def test_method_long(self):

504

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

505

On Python 2 `Context` accepts values of type `long` as well as `int`.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

506

"""

507

Context(long(TLSv1_METHOD))

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

508

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

509

def test_type(self):

510

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

511

`Context` and `ContextType` refer to the same type object and can

512

be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

513

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

514

assert Context is ContextType

515

assert is_consistent_type(Context, 'Context', TLSv1_METHOD)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

516

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

517

def test_use_privatekey(self):

518

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

519

`Context.use_privatekey` takes an `OpenSSL.crypto.PKey` instance.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

520

"""

521

key = PKey()

522

key.generate_key(TYPE_RSA, 128)

523

ctx = Context(TLSv1_METHOD)

524

ctx.use_privatekey(key)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

525

with pytest.raises(TypeError):

526

ctx.use_privatekey("")

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

527

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

528

def test_use_privatekey_file_missing(self, tmpfile):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

529

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

530

`Context.use_privatekey_file` raises `OpenSSL.SSL.Error` when passed

531

the name of a file which does not exist.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

532

"""

533

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

534

with pytest.raises(Error):

535

ctx.use_privatekey_file(tmpfile)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

536

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

537

def _use_privatekey_file_test(self, pemfile, filetype):

538

"""

539

Verify that calling ``Context.use_privatekey_file`` with the given

540

arguments does not raise an exception.

541

"""

542

key = PKey()

543

key.generate_key(TYPE_RSA, 128)

544

545

with open(pemfile, "wt") as pem:

546

pem.write(

547

dump_privatekey(FILETYPE_PEM, key).decode("ascii")

548

)

549

550

ctx = Context(TLSv1_METHOD)

551

ctx.use_privatekey_file(pemfile, filetype)

552

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

553

@pytest.mark.parametrize('filetype', [object(), "", None, 1.0])

554

def test_wrong_privatekey_file_wrong_args(self, tmpfile, filetype):

555

"""

556

`Context.use_privatekey_file` raises `TypeError` when called with

557

a `filetype` which is not a valid file encoding.

558

"""

559

ctx = Context(TLSv1_METHOD)

560

with pytest.raises(TypeError):

561

ctx.use_privatekey_file(tmpfile, filetype)

562

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

563

def test_use_privatekey_file_bytes(self, tmpfile):

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

564

"""

565

A private key can be specified from a file by passing a ``bytes``

566

instance giving the file name to ``Context.use_privatekey_file``.

567

"""

568

self._use_privatekey_file_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

569

tmpfile + NON_ASCII.encode(getfilesystemencoding()),

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

FILETYPE_PEM,

)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

573

def test_use_privatekey_file_unicode(self, tmpfile):

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

574

"""

575

A private key can be specified from a file by passing a ``unicode``

576

instance giving the file name to ``Context.use_privatekey_file``.

577

"""

578

self._use_privatekey_file_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

579

tmpfile.decode(getfilesystemencoding()) + NON_ASCII,

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

FILETYPE_PEM,

)

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

583

@skip_if_py3

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

584

def test_use_privatekey_file_long(self, tmpfile):

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

585

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

586

On Python 2 `Context.use_privatekey_file` accepts a filetype of

587

type `long` as well as `int`.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

588

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

589

self._use_privatekey_file_test(tmpfile, long(FILETYPE_PEM))

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

590

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

591

def test_use_certificate_wrong_args(self):

592

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

593

`Context.use_certificate_wrong_args` raises `TypeError` when not passed

594

exactly one `OpenSSL.crypto.X509` instance as an argument.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

595

"""

596

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

597

with pytest.raises(TypeError):

598

ctx.use_certificate("hello, world")

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

599

600

def test_use_certificate_uninitialized(self):

601

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

602

`Context.use_certificate` raises `OpenSSL.SSL.Error` when passed a

603

`OpenSSL.crypto.X509` instance which has not been initialized

604

(ie, which does not actually have any certificate data).

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

605

"""

606

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

607

with pytest.raises(Error):

608

ctx.use_certificate(X509())

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

609

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

610

def test_use_certificate(self):

611

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

612

`Context.use_certificate` sets the certificate which will be

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

613

used to identify connections created using the context.

614

"""

615

# TODO

616

# Hard to assert anything. But we could set a privatekey then ask

617

# OpenSSL if the cert and key agree using check_privatekey. Then as

618

# long as check_privatekey works right we're good...

619

ctx = Context(TLSv1_METHOD)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

620

ctx.use_certificate(

621

load_certificate(FILETYPE_PEM, cleartextCertificatePEM)

622

)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

623

624

def test_use_certificate_file_wrong_args(self):

625

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

626

`Context.use_certificate_file` raises `TypeError` if the first

627

argument is not a byte string or the second argument is not an integer.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

628

"""

629

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

630

with pytest.raises(TypeError):

631

ctx.use_certificate_file(object(), FILETYPE_PEM)

632

with pytest.raises(TypeError):

633

ctx.use_certificate_file(b"somefile", object())

634

with pytest.raises(TypeError):

635

ctx.use_certificate_file(object(), FILETYPE_PEM)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

636

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

637

def test_use_certificate_file_missing(self, tmpfile):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

638

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

639

`Context.use_certificate_file` raises `OpenSSL.SSL.Error` if passed

640

the name of a file which does not exist.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

641

"""

642

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

643

with pytest.raises(Error):

644

ctx.use_certificate_file(tmpfile)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

645

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

646

def _use_certificate_file_test(self, certificate_file):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

647

"""

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

648

Verify that calling ``Context.use_certificate_file`` with the given

649

filename doesn't raise an exception.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

650

"""

651

# TODO

652

# Hard to assert anything. But we could set a privatekey then ask

653

# OpenSSL if the cert and key agree using check_privatekey. Then as

654

# long as check_privatekey works right we're good...

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

655

with open(certificate_file, "wb") as pem_file:

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

656

pem_file.write(cleartextCertificatePEM)

657

658

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

659

ctx.use_certificate_file(certificate_file)

660

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

661

def test_use_certificate_file_bytes(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

662

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

663

`Context.use_certificate_file` sets the certificate (given as a

664

`bytes` filename) which will be used to identify connections created

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

665

using the context.

666

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

667

filename = tmpfile + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

668

self._use_certificate_file_test(filename)

669

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

670

def test_use_certificate_file_unicode(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

671

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

672

`Context.use_certificate_file` sets the certificate (given as a

673

`bytes` filename) which will be used to identify connections created

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

674

using the context.

675

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

676

filename = tmpfile.decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

677

self._use_certificate_file_test(filename)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

678

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

679

@skip_if_py3

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

680

def test_use_certificate_file_long(self, tmpfile):

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

681

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

682

On Python 2 `Context.use_certificate_file` accepts a

683

filetype of type `long` as well as `int`.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

684

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

685

pem_filename = tmpfile

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

686

with open(pem_filename, "wb") as pem_file:

687

pem_file.write(cleartextCertificatePEM)

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

688

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

689

ctx = Context(TLSv1_METHOD)

690

ctx.use_certificate_file(pem_filename, long(FILETYPE_PEM))

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

691

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

692

def test_check_privatekey_valid(self):

693

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

694

`Context.check_privatekey` returns `None` if the `Context` instance

695

has been configured to use a matched key and certificate pair.

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

696

"""

697

key = load_privatekey(FILETYPE_PEM, client_key_pem)

698

cert = load_certificate(FILETYPE_PEM, client_cert_pem)

699

context = Context(TLSv1_METHOD)

700

context.use_privatekey(key)

701

context.use_certificate(cert)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

702

assert None is context.check_privatekey()

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

703

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

704

def test_check_privatekey_invalid(self):

705

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

706

`Context.check_privatekey` raises `Error` if the `Context` instance

707

has been configured to use a key and certificate pair which don't

708

relate to each other.

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

709

"""

710

key = load_privatekey(FILETYPE_PEM, client_key_pem)

711

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

712

context = Context(TLSv1_METHOD)

713

context.use_privatekey(key)

714

context.use_certificate(cert)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

715

with pytest.raises(Error):

716

context.check_privatekey()

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

717

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

718

def test_app_data(self):

719

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

720

`Context.set_app_data` stores an object for later retrieval

721

using `Context.get_app_data`.

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

722

"""

723

app_data = object()

724

context = Context(TLSv1_METHOD)

725

context.set_app_data(app_data)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

726

assert context.get_app_data() is app_data

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

727

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

728

def test_set_options_wrong_args(self):

729

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

730

`Context.set_options` raises `TypeError` if called with

731

a non-`int` argument.

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

732

"""

733

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

734

with pytest.raises(TypeError):

735

context.set_options(None)

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

736

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

737

def test_set_options(self):

738

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

739

`Context.set_options` returns the new options value.

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

740

"""

741

context = Context(TLSv1_METHOD)

742

options = context.set_options(OP_NO_SSLv2)

Alex Gaynor

2310f8b

2016-09-10 14:39:32 -0400

[diff] [blame]

743

assert options & OP_NO_SSLv2 == OP_NO_SSLv2

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

744

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

745

@skip_if_py3

746

def test_set_options_long(self):

747

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

748

On Python 2 `Context.set_options` accepts values of type

749

`long` as well as `int`.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

750

"""

751

context = Context(TLSv1_METHOD)

752

options = context.set_options(long(OP_NO_SSLv2))

Alex Gaynor

2310f8b

2016-09-10 14:39:32 -0400

[diff] [blame]

753

assert options & OP_NO_SSLv2 == OP_NO_SSLv2

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

754

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

755

def test_set_mode_wrong_args(self):

756

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

757

`Context.set_mode` raises `TypeError` if called with

758

a non-`int` argument.

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

759

"""

760

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

761

with pytest.raises(TypeError):

762

context.set_mode(None)

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

763

Alex Gaynor

2016-07-31 10:54:24 -0400

[diff] [blame]

764

def test_set_mode(self):

765

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

766

`Context.set_mode` accepts a mode bitvector and returns the

Alex Gaynor

2016-07-31 10:54:24 -0400

[diff] [blame]

767

newly set mode.

768

"""

769

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

770

assert MODE_RELEASE_BUFFERS & context.set_mode(MODE_RELEASE_BUFFERS)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

771

Alex Gaynor

2016-07-31 10:54:24 -0400

[diff] [blame]

772

@skip_if_py3

773

def test_set_mode_long(self):

774

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

775

On Python 2 `Context.set_mode` accepts values of type `long` as well

776

as `int`.

Alex Gaynor

2016-07-31 10:54:24 -0400

[diff] [blame]

777

"""

778

context = Context(TLSv1_METHOD)

779

mode = context.set_mode(long(MODE_RELEASE_BUFFERS))

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

780

assert MODE_RELEASE_BUFFERS & mode

Jean-Paul Calderone

0222a49

2011-09-08 18:26:03 -0400

[diff] [blame]

781

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

782

def test_set_timeout_wrong_args(self):

783

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

784

`Context.set_timeout` raises `TypeError` if called with

785

a non-`int` argument.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

786

"""

787

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

788

with pytest.raises(TypeError):

789

context.set_timeout(None)

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

790

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

791

def test_timeout(self):

792

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

793

`Context.set_timeout` sets the session timeout for all connections

794

created using the context object. `Context.get_timeout` retrieves

795

this value.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

796

"""

797

context = Context(TLSv1_METHOD)

798

context.set_timeout(1234)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

799

assert context.get_timeout() == 1234

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

800

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

801

@skip_if_py3

802

def test_timeout_long(self):

803

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

804

On Python 2 `Context.set_timeout` accepts values of type `long` as

805

well as int.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

806

"""

807

context = Context(TLSv1_METHOD)

808

context.set_timeout(long(1234))

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

809

assert context.get_timeout() == 1234

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

810

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

811

def test_set_verify_depth_wrong_args(self):

812

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

813

`Context.set_verify_depth` raises `TypeError` if called with a

814

non-`int` argument.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

815

"""

816

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

817

with pytest.raises(TypeError):

818

context.set_verify_depth(None)

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

819

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

820

def test_verify_depth(self):

821

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

822

`Context.set_verify_depth` sets the number of certificates in

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

823

a chain to follow before giving up. The value can be retrieved with

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

824

`Context.get_verify_depth`.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

825

"""

826

context = Context(TLSv1_METHOD)

827

context.set_verify_depth(11)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

828

assert context.get_verify_depth() == 11

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

829

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

830

@skip_if_py3

831

def test_verify_depth_long(self):

832

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

833

On Python 2 `Context.set_verify_depth` accepts values of type `long`

834

as well as int.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

835

"""

836

context = Context(TLSv1_METHOD)

837

context.set_verify_depth(long(11))

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

838

assert context.get_verify_depth() == 11

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

839

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

840

def _write_encrypted_pem(self, passphrase, tmpfile):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

841

"""

842

Write a new private key out to a new file, encrypted using the given

843

passphrase. Return the path to the new file.

844

"""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

845

key = PKey()

846

key.generate_key(TYPE_RSA, 128)

Jean-Paul Calderone

a986883

2010-08-22 21:38:34 -0400

[diff] [blame]

847

pem = dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

848

with open(tmpfile, 'w') as fObj:

849

fObj.write(pem.decode('ascii'))

850

return tmpfile

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

851

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

852

def test_set_passwd_cb_wrong_args(self):

853

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

854

`Context.set_passwd_cb` raises `TypeError` if called with a

855

non-callable first argument.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

856

"""

857

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

858

with pytest.raises(TypeError):

859

context.set_passwd_cb(None)

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

860

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

861

def test_set_passwd_cb(self, tmpfile):

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

862

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

863

`Context.set_passwd_cb` accepts a callable which will be invoked when

864

a private key is loaded from an encrypted PEM.

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

865

"""

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

866

passphrase = b"foobar"

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

867

pemFile = self._write_encrypted_pem(passphrase, tmpfile)

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

868

calledWith = []

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

869

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

870

def passphraseCallback(maxlen, verify, extra):

871

calledWith.append((maxlen, verify, extra))

872

return passphrase

873

context = Context(TLSv1_METHOD)

874

context.set_passwd_cb(passphraseCallback)

875

context.use_privatekey_file(pemFile)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

876

assert len(calledWith) == 1

877

assert isinstance(calledWith[0][0], int)

878

assert isinstance(calledWith[0][1], int)

879

assert calledWith[0][2] is None

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

880

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

881

def test_passwd_callback_exception(self, tmpfile):

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

882

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

883

`Context.use_privatekey_file` propagates any exception raised

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

884

by the passphrase callback.

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

885

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

886

pemFile = self._write_encrypted_pem(b"monkeys are nice", tmpfile)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

887

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

888

def passphraseCallback(maxlen, verify, extra):

889

raise RuntimeError("Sorry, I am a fail.")

890

891

context = Context(TLSv1_METHOD)

892

context.set_passwd_cb(passphraseCallback)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

893

with pytest.raises(RuntimeError):

894

context.use_privatekey_file(pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

895

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

896

def test_passwd_callback_false(self, tmpfile):

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

897

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

898

`Context.use_privatekey_file` raises `OpenSSL.SSL.Error` if the

899

passphrase callback returns a false value.

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

900

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

901

pemFile = self._write_encrypted_pem(b"monkeys are nice", tmpfile)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

902

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

903

def passphraseCallback(maxlen, verify, extra):

Jean-Paul Calderone

4f0467a

2014-01-11 11:58:41 -0500

[diff] [blame]

904

return b""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

905

906

context = Context(TLSv1_METHOD)

907

context.set_passwd_cb(passphraseCallback)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

908

with pytest.raises(Error):

909

context.use_privatekey_file(pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

910

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

911

def test_passwd_callback_non_string(self, tmpfile):

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

912

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

913

`Context.use_privatekey_file` raises `OpenSSL.SSL.Error` if the

914

passphrase callback returns a true non-string value.

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

915

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

916

pemFile = self._write_encrypted_pem(b"monkeys are nice", tmpfile)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

917

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

918

def passphraseCallback(maxlen, verify, extra):

919

return 10

920

921

context = Context(TLSv1_METHOD)

922

context.set_passwd_cb(passphraseCallback)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

923

# TODO: Surely this is the wrong error?

924

with pytest.raises(ValueError):

925

context.use_privatekey_file(pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

926

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

927

def test_passwd_callback_too_long(self, tmpfile):

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

928

"""

929

If the passphrase returned by the passphrase callback returns a string

930

longer than the indicated maximum length, it is truncated.

931

"""

932

# A priori knowledge!

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

933

passphrase = b"x" * 1024

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

934

pemFile = self._write_encrypted_pem(passphrase, tmpfile)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

935

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

936

def passphraseCallback(maxlen, verify, extra):

937

assert maxlen == 1024

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

938

return passphrase + b"y"

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

939

940

context = Context(TLSv1_METHOD)

941

context.set_passwd_cb(passphraseCallback)

942

# This shall succeed because the truncated result is the correct

943

# passphrase.

944

context.use_privatekey_file(pemFile)

945

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

946

def test_set_info_callback(self):

947

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

948

`Context.set_info_callback` accepts a callable which will be

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

949

invoked when certain information about an SSL connection is available.

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

950

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

951

(server, client) = socket_pair()

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

952

953

clientSSL = Connection(Context(TLSv1_METHOD), client)

954

clientSSL.set_connect_state()

955

956

called = []

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

957

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

958

def info(conn, where, ret):

959

called.append((conn, where, ret))

960

context = Context(TLSv1_METHOD)

961

context.set_info_callback(info)

962

context.use_certificate(

963

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

964

context.use_privatekey(

965

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

966

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

967

serverSSL = Connection(context, server)

968

serverSSL.set_accept_state()

969

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

970

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

971

Jean-Paul Calderone

3835e52

2014-02-02 11:12:30 -0500

[diff] [blame]

972

# The callback must always be called with a Connection instance as the

973

# first argument. It would probably be better to split this into

974

# separate tests for client and server side info callbacks so we could

975

# assert it is called with the right Connection instance. It would

976

# also be good to assert *something* about `where` and `ret`.

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

977

notConnections = [

978

conn for (conn, where, ret) in called

979

if not isinstance(conn, Connection)]

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

980

assert [] == notConnections, (

981

"Some info callback arguments were not Connection instances.")

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

982

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

983

def _load_verify_locations_test(self, *args):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

984

"""

985

Create a client context which will verify the peer certificate and call

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

986

its `load_verify_locations` method with the given arguments.

Jean-Paul Calderone

64efa2c

2011-09-11 10:00:09 -0400

[diff] [blame]

987

Then connect it to a server and ensure that the handshake succeeds.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

988

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

989

(server, client) = socket_pair()

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

990

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

991

clientContext = Context(TLSv1_METHOD)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

992

clientContext.load_verify_locations(*args)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

993

# Require that the server certificate verify properly or the

994

# connection will fail.

995

clientContext.set_verify(

996

VERIFY_PEER,

997

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

998

999

clientSSL = Connection(clientContext, client)

1000

clientSSL.set_connect_state()

1001

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1002

serverContext = Context(TLSv1_METHOD)

1003

serverContext.use_certificate(

1004

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1005

serverContext.use_privatekey(

1006

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1007

1008

serverSSL = Connection(serverContext, server)

1009

serverSSL.set_accept_state()

1010

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

1011

# Without load_verify_locations above, the handshake

1012

# will fail:

1013

# Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',

1014

# 'certificate verify failed')]

1015

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1016

1017

cert = clientSSL.get_peer_certificate()

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1018

assert cert.get_subject().CN == 'Testing Root CA'

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

1019

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1020

def _load_verify_cafile(self, cafile):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1021

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1022

Verify that if path to a file containing a certificate is passed to

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1023

`Context.load_verify_locations` for the ``cafile`` parameter, that

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1024

certificate is used as a trust root for the purposes of verifying

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1025

connections created using that `Context`.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1026

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1027

with open(cafile, 'w') as fObj:

1028

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1029

1030

self._load_verify_locations_test(cafile)

1031

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1032

def test_load_verify_bytes_cafile(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1033

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1034

`Context.load_verify_locations` accepts a file name as a `bytes`

1035

instance and uses the certificates within for verification purposes.

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1036

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1037

cafile = tmpfile + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1038

self._load_verify_cafile(cafile)

1039

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1040

def test_load_verify_unicode_cafile(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1041

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1042

`Context.load_verify_locations` accepts a file name as a `unicode`

1043

instance and uses the certificates within for verification purposes.

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1044

"""

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1045

self._load_verify_cafile(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1046

tmpfile.decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1047

)

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1048

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1049

def test_load_verify_invalid_file(self, tmpfile):

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

1050

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1051

`Context.load_verify_locations` raises `Error` when passed a

1052

non-existent cafile.

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

1053

"""

1054

clientContext = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1055

with pytest.raises(Error):

1056

clientContext.load_verify_locations(tmpfile)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1057

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1058

def _load_verify_directory_locations_capath(self, capath):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1059

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1060

Verify that if path to a directory containing certificate files is

1061

passed to ``Context.load_verify_locations`` for the ``capath``

1062

parameter, those certificates are used as trust roots for the purposes

1063

of verifying connections created using that ``Context``.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1064

"""

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1065

makedirs(capath)

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

1066

# Hash values computed manually with c_rehash to avoid depending on

1067

# c_rehash in the test suite. One is from OpenSSL 0.9.8, the other

1068

# from OpenSSL 1.0.0.

Jean-Paul Calderone

4f0467a

2014-01-11 11:58:41 -0500

[diff] [blame]

1069

for name in [b'c7adac82.0', b'c3705638.0']:

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

1070

cafile = join_bytes_or_unicode(capath, name)

1071

with open(cafile, 'w') as fObj:

1072

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1073

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1074

self._load_verify_locations_test(None, capath)

1075

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1076

def test_load_verify_directory_bytes_capath(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1077

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1078

`Context.load_verify_locations` accepts a directory name as a `bytes`

1079

instance and uses the certificates within for verification purposes.

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1080

"""

1081

self._load_verify_directory_locations_capath(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1082

tmpfile + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1083

)

1084

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1085

def test_load_verify_directory_unicode_capath(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1086

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1087

`Context.load_verify_locations` accepts a directory name as a `unicode`

1088

instance and uses the certificates within for verification purposes.

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1089

"""

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1090

self._load_verify_directory_locations_capath(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1091

tmpfile.decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1092

)

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1093

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1094

def test_load_verify_locations_wrong_args(self):

1095

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1096

`Context.load_verify_locations` raises `TypeError` if with non-`str`

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

1097

arguments.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1098

"""

1099

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1100

with pytest.raises(TypeError):

1101

context.load_verify_locations(object())

1102

with pytest.raises(TypeError):

1103

context.load_verify_locations(object(), object())

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1104

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1105

@pytest.mark.skipif(

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1106

not platform.startswith("linux"),

1107

reason="Loading fallback paths is a linux-specific behavior to "

1108

"accommodate pyca/cryptography manylinux1 wheels"

1109

)

1110

def test_fallback_default_verify_paths(self, monkeypatch):

1111

"""

1112

Test that we load certificates successfully on linux from the fallback

1113

path. To do this we set the _CRYPTOGRAPHY_MANYLINUX1_CA_FILE and

1114

_CRYPTOGRAPHY_MANYLINUX1_CA_DIR vars to be equal to whatever the

1115

current OpenSSL default is and we disable

1116

SSL_CTX_SET_default_verify_paths so that it can't find certs unless

1117

it loads via fallback.

1118

"""

1119

context = Context(TLSv1_METHOD)

1120

monkeypatch.setattr(

1121

_lib, "SSL_CTX_set_default_verify_paths", lambda x: 1

)

monkeypatch.setattr(

SSL,

"_CRYPTOGRAPHY_MANYLINUX1_CA_FILE",

1126

_ffi.string(_lib.X509_get_default_cert_file())

)

monkeypatch.setattr(

SSL,

"_CRYPTOGRAPHY_MANYLINUX1_CA_DIR",

1131

_ffi.string(_lib.X509_get_default_cert_dir())

1132

)

1133

context.set_default_verify_paths()

1134

store = context.get_cert_store()

1135

sk_obj = _lib.X509_STORE_get0_objects(store._store)

1136

assert sk_obj != _ffi.NULL

1137

num = _lib.sk_X509_OBJECT_num(sk_obj)

1138

assert num != 0

1139

1140

def test_check_env_vars(self, monkeypatch):

1141

"""

1142

Test that we return True/False appropriately if the env vars are set.

1143

"""

1144

context = Context(TLSv1_METHOD)

1145

dir_var = "CUSTOM_DIR_VAR"

1146

file_var = "CUSTOM_FILE_VAR"

1147

assert context._check_env_vars_set(dir_var, file_var) is False

1148

monkeypatch.setenv(dir_var, "value")

1149

monkeypatch.setenv(file_var, "value")

1150

assert context._check_env_vars_set(dir_var, file_var) is True

1151

assert context._check_env_vars_set(dir_var, file_var) is True

1152

1153

def test_verify_no_fallback_if_env_vars_set(self, monkeypatch):

1154

"""

1155

Test that we don't use the fallback path if env vars are set.

1156

"""

1157

context = Context(TLSv1_METHOD)

1158

monkeypatch.setattr(

1159

_lib, "SSL_CTX_set_default_verify_paths", lambda x: 1

1160

)

1161

dir_env_var = _ffi.string(

1162

_lib.X509_get_default_cert_dir_env()

1163

).decode("ascii")

1164

file_env_var = _ffi.string(

1165

_lib.X509_get_default_cert_file_env()

1166

).decode("ascii")

1167

monkeypatch.setenv(dir_env_var, "value")

1168

monkeypatch.setenv(file_env_var, "value")

1169

context.set_default_verify_paths()

monkeypatch.setattr(

context,

"_fallback_default_verify_paths",

1174

raiser(SystemError)

1175

)

1176

context.set_default_verify_paths()

1177

1178

@pytest.mark.skipif(

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1179

platform == "win32",

1180

reason="set_default_verify_paths appears not to work on Windows. "

Jean-Paul Calderone

28fb8f0

2009-07-24 18:01:31 -0400

[diff] [blame]

1181

"See LP#404343 and LP#404344."

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1182

)

1183

def test_set_default_verify_paths(self):

1184

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1185

`Context.set_default_verify_paths` causes the platform-specific CA

1186

certificate locations to be used for verification purposes.

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1187

"""

1188

# Testing this requires a server with a certificate signed by one

1189

# of the CAs in the platform CA location. Getting one of those

1190

# costs money. Fortunately (or unfortunately, depending on your

1191

# perspective), it's easy to think of a public server on the

1192

# internet which has such a certificate. Connecting to the network

1193

# in a unit test is bad, but it's the only way I can think of to

1194

# really test this. -exarkun

Hynek Schlawack

bf88793

2015-10-21 17:13:47 +0200

[diff] [blame]

1195

context = Context(SSLv23_METHOD)

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1196

context.set_default_verify_paths()

1197

context.set_verify(

1198

VERIFY_PEER,

1199

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1200

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1201

client = socket()

Hynek Schlawack

bf88793

2015-10-21 17:13:47 +0200

[diff] [blame]

1202

client.connect(("encrypted.google.com", 443))

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1203

clientSSL = Connection(context, client)

1204

clientSSL.set_connect_state()

1205

clientSSL.do_handshake()

1206

clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1207

assert clientSSL.recv(1024)

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

1208

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1209

def test_fallback_path_is_not_file_or_dir(self):

1210

"""

1211

Test that when passed empty arrays or paths that do not exist no

1212

errors are raised.

1213

"""

1214

context = Context(TLSv1_METHOD)

1215

context._fallback_default_verify_paths([], [])

1216

context._fallback_default_verify_paths(

1217

["/not/a/file"], ["/not/a/dir"]

1218

)

1219

Jean-Paul Calderone

12608a8

2009-11-07 10:35:15 -0500

[diff] [blame]

1220

def test_add_extra_chain_cert_invalid_cert(self):

1221

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1222

`Context.add_extra_chain_cert` raises `TypeError` if called with an

1223

object which is not an instance of `X509`.

Jean-Paul Calderone

12608a8

2009-11-07 10:35:15 -0500

[diff] [blame]

1224

"""

1225

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1226

with pytest.raises(TypeError):

1227

context.add_extra_chain_cert(object())

Jean-Paul Calderone

12608a8

2009-11-07 10:35:15 -0500

[diff] [blame]

1228

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1229

def _handshake_test(self, serverContext, clientContext):

1230

"""

1231

Verify that a client and server created with the given contexts can

1232

successfully handshake and communicate.

1233

"""

1234

serverSocket, clientSocket = socket_pair()

1235

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1236

server = Connection(serverContext, serverSocket)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1237

server.set_accept_state()

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1238

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1239

client = Connection(clientContext, clientSocket)

1240

client.set_connect_state()

1241

1242

# Make them talk to each other.

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1243

# interact_in_memory(client, server)

1244

for _ in range(3):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1245

for s in [client, server]:

1246

try:

1247

s.do_handshake()

1248

except WantReadError:

1249

pass

1250

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1251

def test_set_verify_callback_connection_argument(self):

1252

"""

1253

The first argument passed to the verify callback is the

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1254

`Connection` instance for which verification is taking place.

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1255

"""

1256

serverContext = Context(TLSv1_METHOD)

1257

serverContext.use_privatekey(

1258

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1259

serverContext.use_certificate(

1260

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1261

serverConnection = Connection(serverContext, None)

1262

1263

class VerifyCallback(object):

1264

def callback(self, connection, *args):

1265

self.connection = connection

1266

return 1

1267

1268

verify = VerifyCallback()

1269

clientContext = Context(TLSv1_METHOD)

1270

clientContext.set_verify(VERIFY_PEER, verify.callback)

1271

clientConnection = Connection(clientContext, None)

1272

clientConnection.set_connect_state()

1273

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1274

handshake_in_memory(clientConnection, serverConnection)

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1275

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1276

assert verify.connection is clientConnection

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1277

Paul Kehrer

e738186

2017-11-30 20:55:25 +0800

[diff] [blame]

1278

def test_x509_in_verify_works(self):

1279

"""

1280

We had a bug where the X509 cert instantiated in the callback wrapper

1281

didn't __init__ so it was missing objects needed when calling

1282

get_subject. This test sets up a handshake where we call get_subject

1283

on the cert provided to the verify callback.

1284

"""

1285

serverContext = Context(TLSv1_METHOD)

1286

serverContext.use_privatekey(

1287

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1288

serverContext.use_certificate(

1289

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1290

serverConnection = Connection(serverContext, None)

1291

1292

def verify_cb_get_subject(conn, cert, errnum, depth, ok):

1293

assert cert.get_subject()

1294

return 1

1295

1296

clientContext = Context(TLSv1_METHOD)

1297

clientContext.set_verify(VERIFY_PEER, verify_cb_get_subject)

1298

clientConnection = Connection(clientContext, None)

1299

clientConnection.set_connect_state()

1300

1301

handshake_in_memory(clientConnection, serverConnection)

1302

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1303

def test_set_verify_callback_exception(self):

1304

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1305

If the verify callback passed to `Context.set_verify` raises an

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1306

exception, verification fails and the exception is propagated to the

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1307

caller of `Connection.do_handshake`.

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1308

"""

1309

serverContext = Context(TLSv1_METHOD)

1310

serverContext.use_privatekey(

1311

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1312

serverContext.use_certificate(

1313

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1314

1315

clientContext = Context(TLSv1_METHOD)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

1316

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1317

def verify_callback(*args):

1318

raise Exception("silly verify failure")

1319

clientContext.set_verify(VERIFY_PEER, verify_callback)

1320

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

1321

with pytest.raises(Exception) as exc:

1322

self._handshake_test(serverContext, clientContext)

1323

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1324

assert "silly verify failure" == str(exc.value)

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1325

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1326

def test_add_extra_chain_cert(self, tmpdir):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1327

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1328

`Context.add_extra_chain_cert` accepts an `X509`

Hynek Schlawack

4813c0e

2015-04-16 13:38:01 -0400

[diff] [blame]

1329

instance to add to the certificate chain.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1330

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1331

See `_create_certificate_chain` for the details of the

Hynek Schlawack

4813c0e

2015-04-16 13:38:01 -0400

[diff] [blame]

1332

certificate chain tested.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1333

1334

The chain is tested by starting a server with scert and connecting

1335

to it with a client which trusts cacert and requires verification to

1336

succeed.

1337

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1338

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1339

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1340

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1341

# Dump the CA certificate to a file because that's the only way to load

1342

# it as a trusted CA in the client context.

Hynek Schlawack

4813c0e

2015-04-16 13:38:01 -0400

[diff] [blame]

1343

for cert, name in [(cacert, 'ca.pem'),

1344

(icert, 'i.pem'),

1345

(scert, 's.pem')]:

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1346

with tmpdir.join(name).open('w') as f:

Hynek Schlawack

e90680f

2015-04-16 15:09:27 -0400

[diff] [blame]

1347

f.write(dump_certificate(FILETYPE_PEM, cert).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1348

Hynek Schlawack

1902c01

2015-04-16 15:06:41 -0400

[diff] [blame]

1349

for key, name in [(cakey, 'ca.key'),

1350

(ikey, 'i.key'),

1351

(skey, 's.key')]:

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1352

with tmpdir.join(name).open('w') as f:

Hynek Schlawack

e90680f

2015-04-16 15:09:27 -0400

[diff] [blame]

1353

f.write(dump_privatekey(FILETYPE_PEM, key).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1354

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1355

# Create the server context

1356

serverContext = Context(TLSv1_METHOD)

1357

serverContext.use_privatekey(skey)

1358

serverContext.use_certificate(scert)

Jean-Paul Calderone

16cf03d

2010-09-08 18:53:39 -0400

[diff] [blame]

1359

# The client already has cacert, we only need to give them icert.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1360

serverContext.add_extra_chain_cert(icert)

1361

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1362

# Create the client

1363

clientContext = Context(TLSv1_METHOD)

1364

clientContext.set_verify(

1365

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1366

clientContext.load_verify_locations(str(tmpdir.join("ca.pem")))

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1367

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1368

# Try it out.

1369

self._handshake_test(serverContext, clientContext)

1370

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1371

def _use_certificate_chain_file_test(self, certdir):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1372

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1373

Verify that `Context.use_certificate_chain_file` reads a

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1374

certificate chain from a specified file.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1375

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1376

The chain is tested by starting a server with scert and connecting to

1377

it with a client which trusts cacert and requires verification to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1378

succeed.

1379

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1380

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1381

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1382

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1383

makedirs(certdir)

1384

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

1385

chainFile = join_bytes_or_unicode(certdir, "chain.pem")

1386

caFile = join_bytes_or_unicode(certdir, "ca.pem")

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1387

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1388

# Write out the chain file.

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1389

with open(chainFile, 'wb') as fObj:

1390

# Most specific to least general.

1391

fObj.write(dump_certificate(FILETYPE_PEM, scert))

1392

fObj.write(dump_certificate(FILETYPE_PEM, icert))

1393

fObj.write(dump_certificate(FILETYPE_PEM, cacert))

1394

1395

with open(caFile, 'w') as fObj:

1396

fObj.write(dump_certificate(FILETYPE_PEM, cacert).decode('ascii'))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1397

1398

serverContext = Context(TLSv1_METHOD)

1399

serverContext.use_certificate_chain_file(chainFile)

1400

serverContext.use_privatekey(skey)

1401

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1402

clientContext = Context(TLSv1_METHOD)

1403

clientContext.set_verify(

1404

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1405

clientContext.load_verify_locations(caFile)

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1406

1407

self._handshake_test(serverContext, clientContext)

1408

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1409

def test_use_certificate_chain_file_bytes(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1410

"""

1411

``Context.use_certificate_chain_file`` accepts the name of a file (as

1412

an instance of ``bytes``) to specify additional certificates to use to

1413

construct and verify a trust chain.

1414

"""

1415

self._use_certificate_chain_file_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1416

tmpfile + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1417

)

1418

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1419

def test_use_certificate_chain_file_unicode(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1420

"""

1421

``Context.use_certificate_chain_file`` accepts the name of a file (as

1422

an instance of ``unicode``) to specify additional certificates to use

1423

to construct and verify a trust chain.

1424

"""

1425

self._use_certificate_chain_file_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1426

tmpfile.decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1427

)

1428

Jean-Paul Calderone

131052e

2013-03-05 11:56:19 -0800

[diff] [blame]

1429

def test_use_certificate_chain_file_wrong_args(self):

1430

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1431

`Context.use_certificate_chain_file` raises `TypeError` if passed a

1432

non-byte string single argument.

Jean-Paul Calderone

131052e

2013-03-05 11:56:19 -0800

[diff] [blame]

1433

"""

1434

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1435

with pytest.raises(TypeError):

1436

context.use_certificate_chain_file(object())

Jean-Paul Calderone

131052e

2013-03-05 11:56:19 -0800

[diff] [blame]

1437

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1438

def test_use_certificate_chain_file_missing_file(self, tmpfile):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1439

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1440

`Context.use_certificate_chain_file` raises `OpenSSL.SSL.Error` when

1441

passed a bad chain file name (for example, the name of a file which

1442

does not exist).

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1443

"""

1444

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1445

with pytest.raises(Error):

1446

context.use_certificate_chain_file(tmpfile)

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1447

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1448

def test_set_verify_mode(self):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1449

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1450

`Context.get_verify_mode` returns the verify mode flags previously

1451

passed to `Context.set_verify`.

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1452

"""

1453

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1454

assert context.get_verify_mode() == 0

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1455

context.set_verify(

1456

VERIFY_PEER | VERIFY_CLIENT_ONCE, lambda *args: None)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1457

assert context.get_verify_mode() == (VERIFY_PEER | VERIFY_CLIENT_ONCE)

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1458

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1459

@skip_if_py3

1460

def test_set_verify_mode_long(self):

1461

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1462

On Python 2 `Context.set_verify_mode` accepts values of type `long`

1463

as well as `int`.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1464

"""

1465

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1466

assert context.get_verify_mode() == 0

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1467

context.set_verify(

Hynek Schlawack

b4ceed3

2015-09-05 20:55:19 +0200

[diff] [blame]

1468

long(VERIFY_PEER | VERIFY_CLIENT_ONCE), lambda *args: None

1469

) # pragma: nocover

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1470

assert context.get_verify_mode() == (VERIFY_PEER | VERIFY_CLIENT_ONCE)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1471

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1472

@pytest.mark.parametrize('mode', [None, 1.0, object(), 'mode'])

1473

def test_set_verify_wrong_mode_arg(self, mode):

1474

"""

1475

`Context.set_verify` raises `TypeError` if the first argument is

1476

not an integer.

1477

"""

1478

context = Context(TLSv1_METHOD)

1479

with pytest.raises(TypeError):

1480

context.set_verify(mode=mode, callback=lambda *args: None)

1481

1482

@pytest.mark.parametrize('callback', [None, 1.0, 'mode', ('foo', 'bar')])

1483

def test_set_verify_wrong_callable_arg(self, callback):

1484

"""

1485

`Context.set_verify` raises `TypeError` if the the second argument

1486

is not callable.

1487

"""

1488

context = Context(TLSv1_METHOD)

1489

with pytest.raises(TypeError):

1490

context.set_verify(mode=VERIFY_PEER, callback=callback)

1491

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1492

def test_load_tmp_dh_wrong_args(self):

1493

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1494

`Context.load_tmp_dh` raises `TypeError` if called with a

1495

non-`str` argument.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1496

"""

1497

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1498

with pytest.raises(TypeError):

1499

context.load_tmp_dh(object())

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1500

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1501

def test_load_tmp_dh_missing_file(self):

1502

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1503

`Context.load_tmp_dh` raises `OpenSSL.SSL.Error` if the

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

1504

specified file does not exist.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1505

"""

1506

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1507

with pytest.raises(Error):

1508

context.load_tmp_dh(b"hello")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1509

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1510

def _load_tmp_dh_test(self, dhfilename):

Jean-Paul Calderone

4e0c43f

2015-04-13 10:15:17 -0400

[diff] [blame]

1511

"""

1512

Verify that calling ``Context.load_tmp_dh`` with the given filename

1513

does not raise an exception.

1514

"""

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1515

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1516

with open(dhfilename, "w") as dhfile:

1517

dhfile.write(dhparam)

1518

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1519

context.load_tmp_dh(dhfilename)

1520

# XXX What should I assert here? -exarkun

1521

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1522

def test_load_tmp_dh_bytes(self, tmpfile):

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1523

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1524

`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1525

specified file (given as ``bytes``).

1526

"""

1527

self._load_tmp_dh_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1528

tmpfile + NON_ASCII.encode(getfilesystemencoding()),

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1529

)

1530

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1531

def test_load_tmp_dh_unicode(self, tmpfile):

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1532

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1533

`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1534

specified file (given as ``unicode``).

1535

"""

1536

self._load_tmp_dh_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1537

tmpfile.decode(getfilesystemencoding()) + NON_ASCII,

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1538

)

1539

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1540

def test_set_tmp_ecdh(self):

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1541

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1542

`Context.set_tmp_ecdh` sets the elliptic curve for Diffie-Hellman to

1543

the specified curve.

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1544

"""

1545

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1546

for curve in get_elliptic_curves():

Hynek Schlawack

a07fa8c

2015-10-17 10:15:28 +0200

[diff] [blame]

1547

if curve.name.startswith(u"Oakley-"):

Hynek Schlawack

7408aff

2015-10-17 09:51:16 +0200

[diff] [blame]

1548

# Setting Oakley-EC2N-4 and Oakley-EC2N-3 adds

1549

# ('bignum routines', 'BN_mod_inverse', 'no inverse') to the

1550

# error queue on OpenSSL 1.0.2.

1551

continue

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1552

# The only easily "assertable" thing is that it does not raise an

1553

# exception.

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1554

context.set_tmp_ecdh(curve)

Alex Gaynor

12dc084

2014-01-17 12:51:31 -0600

[diff] [blame]

1555

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1556

def test_set_session_cache_mode_wrong_args(self):

1557

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1558

`Context.set_session_cache_mode` raises `TypeError` if called with

1559

a non-integer argument.

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1560

called with other than one integer argument.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1561

"""

1562

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1563

with pytest.raises(TypeError):

1564

context.set_session_cache_mode(object())

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1565

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1566

def test_session_cache_mode(self):

1567

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1568

`Context.set_session_cache_mode` specifies how sessions are cached.

1569

The setting can be retrieved via `Context.get_session_cache_mode`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1570

"""

1571

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1572

context.set_session_cache_mode(SESS_CACHE_OFF)

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1573

off = context.set_session_cache_mode(SESS_CACHE_BOTH)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1574

assert SESS_CACHE_OFF == off

1575

assert SESS_CACHE_BOTH == context.get_session_cache_mode()

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1576

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1577

@skip_if_py3

1578

def test_session_cache_mode_long(self):

1579

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1580

On Python 2 `Context.set_session_cache_mode` accepts values

1581

of type `long` as well as `int`.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1582

"""

1583

context = Context(TLSv1_METHOD)

1584

context.set_session_cache_mode(long(SESS_CACHE_BOTH))

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1585

assert SESS_CACHE_BOTH == context.get_session_cache_mode()

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1586

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1587

def test_get_cert_store(self):

1588

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1589

`Context.get_cert_store` returns a `X509Store` instance.

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1590

"""

1591

context = Context(TLSv1_METHOD)

1592

store = context.get_cert_store()

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1593

assert isinstance(store, X509Store)

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1594

1595

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1596

class TestServerNameCallback(object):

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1597

"""

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1598

Tests for `Context.set_tlsext_servername_callback` and its

1599

interaction with `Connection`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1600

"""

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1601

def test_old_callback_forgotten(self):

1602

"""

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1603

If `Context.set_tlsext_servername_callback` is used to specify

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1604

a new callback, the one it replaces is dereferenced.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1605

"""

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1606

def callback(connection): # pragma: no cover

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1607

pass

1608

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1609

def replacement(connection): # pragma: no cover

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1610

pass

1611

1612

context = Context(TLSv1_METHOD)

1613

context.set_tlsext_servername_callback(callback)

1614

1615

tracker = ref(callback)

1616

del callback

1617

1618

context.set_tlsext_servername_callback(replacement)

Jean-Paul Calderone

d4033eb

2014-01-11 08:21:46 -0500

[diff] [blame]

1619

1620

# One run of the garbage collector happens to work on CPython. PyPy

1621

# doesn't collect the underlying object until a second run for whatever

1622

# reason. That's fine, it still demonstrates our code has properly

1623

# dropped the reference.

1624

collect()

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1625

collect()

Jean-Paul Calderone

4c1aacd

2014-01-11 08:15:17 -0500

[diff] [blame]

1626

1627

callback = tracker()

1628

if callback is not None:

1629

referrers = get_referrers(callback)

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1630

if len(referrers) > 1: # pragma: nocover

1631

pytest.fail("Some references remain: %r" % (referrers,))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1632

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1633

def test_no_servername(self):

1634

"""

1635

When a client specifies no server name, the callback passed to

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1636

`Context.set_tlsext_servername_callback` is invoked and the

1637

result of `Connection.get_servername` is `None`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1638

"""

1639

args = []

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1640

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1641

def servername(conn):

1642

args.append((conn, conn.get_servername()))

1643

context = Context(TLSv1_METHOD)

1644

context.set_tlsext_servername_callback(servername)

1645

1646

# Lose our reference to it. The Context is responsible for keeping it

# alive now.

del servername

collect()

# Necessary to actually accept the connection

1652

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1653

context.use_certificate(

1654

load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1655

1656

# Do a little connection to trigger the logic

1657

server = Connection(context, None)

1658

server.set_accept_state()

1659

1660

client = Connection(Context(TLSv1_METHOD), None)

1661

client.set_connect_state()

1662

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1663

interact_in_memory(server, client)

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1664

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1665

assert args == [(server, None)]

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1666

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1667

def test_servername(self):

1668

"""

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1669

When a client specifies a server name in its hello message, the

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1670

callback passed to `Contexts.set_tlsext_servername_callback` is

1671

invoked and the result of `Connection.get_servername` is that

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1672

server name.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1673

"""

1674

args = []

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1675

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1676

def servername(conn):

1677

args.append((conn, conn.get_servername()))

1678

context = Context(TLSv1_METHOD)

1679

context.set_tlsext_servername_callback(servername)

1680

1681

# Necessary to actually accept the connection

1682

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1683

context.use_certificate(

1684

load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1685

1686

# Do a little connection to trigger the logic

1687

server = Connection(context, None)

1688

server.set_accept_state()

1689

1690

client = Connection(Context(TLSv1_METHOD), None)

1691

client.set_connect_state()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

1692

client.set_tlsext_host_name(b"foo1.example.com")

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1693

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1694

interact_in_memory(server, client)

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1695

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1696

assert args == [(server, b"foo1.example.com")]

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1697

1698

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1699

class TestNextProtoNegotiation(object):

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1700

"""

1701

Test for Next Protocol Negotiation in PyOpenSSL.

1702

"""

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1703

def test_npn_success(self):

1704

"""

1705

Tests that clients and servers that agree on the negotiated next

1706

protocol can correct establish a connection, and that the agreed

1707

protocol is reported by the connections.

"""

advertise_args = []

select_args = []

def advertise(conn):

advertise_args.append((conn,))

1714

return [b'http/1.1', b'spdy/2']

1715

1716

def select(conn, options):

1717

select_args.append((conn, options))

1718

return b'spdy/2'

1719

1720

server_context = Context(TLSv1_METHOD)

1721

server_context.set_npn_advertise_callback(advertise)

1722

1723

client_context = Context(TLSv1_METHOD)

1724

client_context.set_npn_select_callback(select)

1725

1726

# Necessary to actually accept the connection

1727

server_context.use_privatekey(

1728

load_privatekey(FILETYPE_PEM, server_key_pem))

1729

server_context.use_certificate(

1730

load_certificate(FILETYPE_PEM, server_cert_pem))

1731

1732

# Do a little connection to trigger the logic

1733

server = Connection(server_context, None)

1734

server.set_accept_state()

1735

1736

client = Connection(client_context, None)

1737

client.set_connect_state()

1738

1739

interact_in_memory(server, client)

1740

1741

assert advertise_args == [(server,)]

1742

assert select_args == [(client, [b'http/1.1', b'spdy/2'])]

1743

1744

assert server.get_next_proto_negotiated() == b'spdy/2'

1745

assert client.get_next_proto_negotiated() == b'spdy/2'

1746

1747

def test_npn_client_fail(self):

1748

"""

1749

Tests that when clients and servers cannot agree on what protocol

1750

to use next that the TLS connection does not get established.

"""

advertise_args = []

select_args = []

def advertise(conn):

advertise_args.append((conn,))

1757

return [b'http/1.1', b'spdy/2']

1758

1759

def select(conn, options):

1760

select_args.append((conn, options))

1761

return b''

1762

1763

server_context = Context(TLSv1_METHOD)

1764

server_context.set_npn_advertise_callback(advertise)

1765

1766

client_context = Context(TLSv1_METHOD)

1767

client_context.set_npn_select_callback(select)

1768

1769

# Necessary to actually accept the connection

1770

server_context.use_privatekey(

1771

load_privatekey(FILETYPE_PEM, server_key_pem))

1772

server_context.use_certificate(

1773

load_certificate(FILETYPE_PEM, server_cert_pem))

1774

1775

# Do a little connection to trigger the logic

1776

server = Connection(server_context, None)

1777

server.set_accept_state()

1778

1779

client = Connection(client_context, None)

1780

client.set_connect_state()

1781

1782

# If the client doesn't return anything, the connection will fail.

1783

with pytest.raises(Error):

1784

interact_in_memory(server, client)

1785

1786

assert advertise_args == [(server,)]

1787

assert select_args == [(client, [b'http/1.1', b'spdy/2'])]

1788

1789

def test_npn_select_error(self):

1790

"""

1791

Test that we can handle exceptions in the select callback. If

1792

select fails it should be fatal to the connection.

"""

advertise_args = []

def advertise(conn):

advertise_args.append((conn,))

1798

return [b'http/1.1', b'spdy/2']

1799

1800

def select(conn, options):

1801

raise TypeError

1802

1803

server_context = Context(TLSv1_METHOD)

1804

server_context.set_npn_advertise_callback(advertise)

1805

1806

client_context = Context(TLSv1_METHOD)

1807

client_context.set_npn_select_callback(select)

1808

1809

# Necessary to actually accept the connection

1810

server_context.use_privatekey(

1811

load_privatekey(FILETYPE_PEM, server_key_pem))

1812

server_context.use_certificate(

1813

load_certificate(FILETYPE_PEM, server_cert_pem))

1814

1815

# Do a little connection to trigger the logic

1816

server = Connection(server_context, None)

1817

server.set_accept_state()

1818

1819

client = Connection(client_context, None)

1820

client.set_connect_state()

1821

1822

# If the callback throws an exception it should be raised here.

1823

with pytest.raises(TypeError):

1824

interact_in_memory(server, client)

1825

assert advertise_args == [(server,), ]

1826

1827

def test_npn_advertise_error(self):

1828

"""

1829

Test that we can handle exceptions in the advertise callback. If

1830

advertise fails no NPN is advertised to the client.

"""

select_args = []

def advertise(conn):

raise TypeError

def select(conn, options): # pragma: nocover

Cory Benfield

ba1820d

2015-04-13 17:39:12 -0400

[diff] [blame]

1838

"""

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1839

Assert later that no args are actually appended.

Cory Benfield

ba1820d

2015-04-13 17:39:12 -0400

[diff] [blame]

1840

"""

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1841

select_args.append((conn, options))

1842

return b''

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1843

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1844

server_context = Context(TLSv1_METHOD)

1845

server_context.set_npn_advertise_callback(advertise)

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1846

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1847

client_context = Context(TLSv1_METHOD)

1848

client_context.set_npn_select_callback(select)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1849

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1850

# Necessary to actually accept the connection

1851

server_context.use_privatekey(

1852

load_privatekey(FILETYPE_PEM, server_key_pem))

1853

server_context.use_certificate(

1854

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1855

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1856

# Do a little connection to trigger the logic

1857

server = Connection(server_context, None)

1858

server.set_accept_state()

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1859

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1860

client = Connection(client_context, None)

1861

client.set_connect_state()

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1862

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1863

# If the client doesn't return anything, the connection will fail.

1864

with pytest.raises(TypeError):

1865

interact_in_memory(server, client)

1866

assert select_args == []

Cory Benfield

0ea76e7

2015-03-22 09:05:28 +0000

[diff] [blame]

1867

1868

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1869

class TestApplicationLayerProtoNegotiation(object):

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1870

"""

1871

Tests for ALPN in PyOpenSSL.

1872

"""

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1873

# Skip tests on versions that don't support ALPN.

1874

if _lib.Cryptography_HAS_ALPN:

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1875

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1876

def test_alpn_success(self):

1877

"""

Cory Benfield

2015-04-13 18:12:53 -0400

[diff] [blame]

1878

Clients and servers that agree on the negotiated ALPN protocol can

1879

correct establish a connection, and the agreed protocol is reported

1880

by the connections.

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1881

"""

1882

select_args = []

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1883

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1884

def select(conn, options):

1885

select_args.append((conn, options))

1886

return b'spdy/2'

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1887

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1888

client_context = Context(TLSv1_METHOD)

1889

client_context.set_alpn_protos([b'http/1.1', b'spdy/2'])

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1890

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1891

server_context = Context(TLSv1_METHOD)

1892

server_context.set_alpn_select_callback(select)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1893

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1894

# Necessary to actually accept the connection

1895

server_context.use_privatekey(

1896

load_privatekey(FILETYPE_PEM, server_key_pem))

1897

server_context.use_certificate(

1898

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1899

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1900

# Do a little connection to trigger the logic

1901

server = Connection(server_context, None)

1902

server.set_accept_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1903

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1904

client = Connection(client_context, None)

1905

client.set_connect_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1906

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1907

interact_in_memory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1908

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1909

assert select_args == [(server, [b'http/1.1', b'spdy/2'])]

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1910

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1911

assert server.get_alpn_proto_negotiated() == b'spdy/2'

1912

assert client.get_alpn_proto_negotiated() == b'spdy/2'

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1913

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1914

def test_alpn_set_on_connection(self):

1915

"""

1916

The same as test_alpn_success, but setting the ALPN protocols on

1917

the connection rather than the context.

1918

"""

1919

select_args = []

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1920

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1921

def select(conn, options):

1922

select_args.append((conn, options))

1923

return b'spdy/2'

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1924

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1925

# Setup the client context but don't set any ALPN protocols.

1926

client_context = Context(TLSv1_METHOD)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1927

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1928

server_context = Context(TLSv1_METHOD)

1929

server_context.set_alpn_select_callback(select)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1930

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1931

# Necessary to actually accept the connection

1932

server_context.use_privatekey(

1933

load_privatekey(FILETYPE_PEM, server_key_pem))

1934

server_context.use_certificate(

1935

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1936

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1937

# Do a little connection to trigger the logic

1938

server = Connection(server_context, None)

1939

server.set_accept_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1940

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1941

# Set the ALPN protocols on the client connection.

1942

client = Connection(client_context, None)

1943

client.set_alpn_protos([b'http/1.1', b'spdy/2'])

1944

client.set_connect_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1945

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1946

interact_in_memory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1947

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1948

assert select_args == [(server, [b'http/1.1', b'spdy/2'])]

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1949

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1950

assert server.get_alpn_proto_negotiated() == b'spdy/2'

1951

assert client.get_alpn_proto_negotiated() == b'spdy/2'

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1952

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1953

def test_alpn_server_fail(self):

1954

"""

Cory Benfield

2015-04-13 18:12:53 -0400

[diff] [blame]

1955

When clients and servers cannot agree on what protocol to use next

1956

the TLS connection does not get established.

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1957

"""

1958

select_args = []

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1959

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1960

def select(conn, options):

1961

select_args.append((conn, options))

1962

return b''

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1963

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1964

client_context = Context(TLSv1_METHOD)

1965

client_context.set_alpn_protos([b'http/1.1', b'spdy/2'])

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1966

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1967

server_context = Context(TLSv1_METHOD)

1968

server_context.set_alpn_select_callback(select)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1969

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1970

# Necessary to actually accept the connection

1971

server_context.use_privatekey(

1972

load_privatekey(FILETYPE_PEM, server_key_pem))

1973

server_context.use_certificate(

1974

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1975

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1976

# Do a little connection to trigger the logic

1977

server = Connection(server_context, None)

1978

server.set_accept_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1979

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1980

client = Connection(client_context, None)

1981

client.set_connect_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1982

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1983

# If the client doesn't return anything, the connection will fail.

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1984

with pytest.raises(Error):

1985

interact_in_memory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1986

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1987

assert select_args == [(server, [b'http/1.1', b'spdy/2'])]

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1988

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1989

def test_alpn_no_server(self):

1990

"""

Cory Benfield

2015-04-13 18:12:53 -0400

[diff] [blame]

1991

When clients and servers cannot agree on what protocol to use next

1992

because the server doesn't offer ALPN, no protocol is negotiated.

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1993

"""

1994

client_context = Context(TLSv1_METHOD)

1995

client_context.set_alpn_protos([b'http/1.1', b'spdy/2'])

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

1996

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1997

server_context = Context(TLSv1_METHOD)

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

1998

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1999

# Necessary to actually accept the connection

2000

server_context.use_privatekey(

2001

load_privatekey(FILETYPE_PEM, server_key_pem))

2002

server_context.use_certificate(

2003

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

2004

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

2005

# Do a little connection to trigger the logic

2006

server = Connection(server_context, None)

2007

server.set_accept_state()

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

2008

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

2009

client = Connection(client_context, None)

2010

client.set_connect_state()

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

2011

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

2012

# Do the dance.

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

2013

interact_in_memory(server, client)

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

2014

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

2015

assert client.get_alpn_proto_negotiated() == b''

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

2016

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

2017

def test_alpn_callback_exception(self):

2018

"""

Cory Benfield

2015-04-13 18:12:53 -0400

[diff] [blame]

2019

We can handle exceptions in the ALPN select callback.

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

2020

"""

2021

select_args = []

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2022

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

2023

def select(conn, options):

2024

select_args.append((conn, options))

Cory Benfield

ef40145

2015-04-13 18:17:36 -0400

[diff] [blame]

2025

raise TypeError()

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

2026

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

2027

client_context = Context(TLSv1_METHOD)

2028

client_context.set_alpn_protos([b'http/1.1', b'spdy/2'])

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

2029

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

2030

server_context = Context(TLSv1_METHOD)

2031

server_context.set_alpn_select_callback(select)

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

2032

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

2033

# Necessary to actually accept the connection

2034

server_context.use_privatekey(

2035

load_privatekey(FILETYPE_PEM, server_key_pem))

2036

server_context.use_certificate(

2037

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

2038

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

2039

# Do a little connection to trigger the logic

2040

server = Connection(server_context, None)

2041

server.set_accept_state()

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

2042

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

2043

client = Connection(client_context, None)

2044

client.set_connect_state()

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

2045

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

2046

with pytest.raises(TypeError):

2047

interact_in_memory(server, client)

2048

assert select_args == [(server, [b'http/1.1', b'spdy/2'])]

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

2049

Cory Benfield

2015-04-13 17:51:12 -0400

[diff] [blame]

2050

else:

2051

# No ALPN.

2052

def test_alpn_not_implemented(self):

Cory Benfield

ef40145

2015-04-13 18:17:36 -0400

[diff] [blame]

2053

"""

2054

If ALPN is not in OpenSSL, we should raise NotImplementedError.

2055

"""

Cory Benfield

2015-04-13 17:51:12 -0400

[diff] [blame]

2056

# Test the context methods first.

2057

context = Context(TLSv1_METHOD)

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

2058

with pytest.raises(NotImplementedError):

2059

context.set_alpn_protos(None)

2060

with pytest.raises(NotImplementedError):

2061

context.set_alpn_select_callback(None)

Cory Benfield

2015-04-13 17:51:12 -0400

[diff] [blame]

2062

2063

# Now test a connection.

2064

conn = Connection(context)

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

2065

with pytest.raises(NotImplementedError):

2066

conn.set_alpn_protos(None)

Cory Benfield

2015-04-13 17:51:12 -0400

[diff] [blame]

2067

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

2068

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

2069

class TestSession(object):

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

2070

"""

2071

Unit tests for :py:obj:`OpenSSL.SSL.Session`.

2072

"""

2073

def test_construction(self):

2074

"""

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2075

:py:class:`Session` can be constructed with no arguments, creating

2076

a new instance of that type.

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

2077

"""

2078

new_session = Session()

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

2079

assert isinstance(new_session, Session)

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

2080

2081

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2082

class TestConnection(object):

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2083

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2084

Unit tests for `OpenSSL.SSL.Connection`.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2085

"""

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

2086

# XXX get_peer_certificate -> None

2087

# XXX sock_shutdown

2088

# XXX master_key -> TypeError

2089

# XXX server_random -> TypeError

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

2090

# XXX connect -> TypeError

2091

# XXX connect_ex -> TypeError

2092

# XXX set_connect_state -> TypeError

2093

# XXX set_accept_state -> TypeError

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

2094

# XXX do_handshake -> TypeError

2095

# XXX bio_read -> TypeError

2096

# XXX recv -> TypeError

2097

# XXX send -> TypeError

2098

# XXX bio_write -> TypeError

2099

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2100

def test_type(self):

2101

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2102

`Connection` and `ConnectionType` refer to the same type object and

2103

can be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2104

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2105

assert Connection is ConnectionType

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2106

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2107

assert is_consistent_type(Connection, 'Connection', ctx, None)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2108

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

2109

@pytest.mark.parametrize('bad_context', [object(), 'context', None, 1])

2110

def test_wrong_args(self, bad_context):

2111

"""

2112

`Connection.__init__` raises `TypeError` if called with a non-`Context`

2113

instance argument.

2114

"""

2115

with pytest.raises(TypeError):

2116

Connection(bad_context)

2117

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

2118

def test_get_context(self):

2119

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2120

`Connection.get_context` returns the `Context` instance used to

2121

construct the `Connection` instance.

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

2122

"""

2123

context = Context(TLSv1_METHOD)

2124

connection = Connection(context, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2125

assert connection.get_context() is context

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

2126

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2127

def test_set_context_wrong_args(self):

2128

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2129

`Connection.set_context` raises `TypeError` if called with a

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

2130

non-`Context` instance argument.

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2131

"""

2132

ctx = Context(TLSv1_METHOD)

2133

connection = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2134

with pytest.raises(TypeError):

2135

connection.set_context(object())

2136

with pytest.raises(TypeError):

2137

connection.set_context("hello")

2138

with pytest.raises(TypeError):

2139

connection.set_context(1)

2140

assert ctx is connection.get_context()

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2141

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2142

def test_set_context(self):

2143

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2144

`Connection.set_context` specifies a new `Context` instance to be

2145

used for the connection.

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2146

"""

2147

original = Context(SSLv23_METHOD)

2148

replacement = Context(TLSv1_METHOD)

2149

connection = Connection(original, None)

2150

connection.set_context(replacement)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2151

assert replacement is connection.get_context()

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2152

# Lose our references to the contexts, just in case the Connection

2153

# isn't properly managing its own contributions to their reference

2154

# counts.

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2155

del original, replacement

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2156

collect()

2157

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2158

def test_set_tlsext_host_name_wrong_args(self):

2159

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2160

If `Connection.set_tlsext_host_name` is called with a non-byte string

2161

argument or a byte string with an embedded NUL, `TypeError` is raised.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2162

"""

2163

conn = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2164

with pytest.raises(TypeError):

2165

conn.set_tlsext_host_name(object())

2166

with pytest.raises(TypeError):

2167

conn.set_tlsext_host_name(b"with\0null")

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2168

Abraham Martin

c5484ba

2015-03-25 15:33:05 +0000

[diff] [blame]

2169

if PY3:

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2170

# On Python 3.x, don't accidentally implicitly convert from text.

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2171

with pytest.raises(TypeError):

2172

conn.set_tlsext_host_name(b"example.com".decode("ascii"))

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

2173

Jean-Paul Calderone

1d69a72

2010-07-29 09:05:53 -0400

[diff] [blame]

2174

def test_pending(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2175

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2176

`Connection.pending` returns the number of bytes available for

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2177

immediate read.

2178

"""

Jean-Paul Calderone

1d69a72

2010-07-29 09:05:53 -0400

[diff] [blame]

2179

connection = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2180

assert connection.pending() == 0

Jean-Paul Calderone

1d69a72

2010-07-29 09:05:53 -0400

[diff] [blame]

2181

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

2182

def test_peek(self):

2183

"""

Hynek Schlawack

3bcf315

2017-02-18 08:25:34 +0100

[diff] [blame]

2184

`Connection.recv` peeks into the connection if `socket.MSG_PEEK` is

2185

passed.

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

2186

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2187

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

2188

server.send(b'xy')

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2189

assert client.recv(2, MSG_PEEK) == b'xy'

2190

assert client.recv(2, MSG_PEEK) == b'xy'

2191

assert client.recv(2) == b'xy'

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

2192

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2193

def test_connect_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2194

"""

Hynek Schlawack

3bcf315

2017-02-18 08:25:34 +0100

[diff] [blame]

2195

`Connection.connect` raises `TypeError` if called with a non-address

2196

argument.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2197

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2198

connection = Connection(Context(TLSv1_METHOD), socket())

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2199

with pytest.raises(TypeError):

2200

connection.connect(None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2201

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2202

def test_connect_refused(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2203

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2204

`Connection.connect` raises `socket.error` if the underlying socket

2205

connect method raises it.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2206

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2207

client = socket()

2208

context = Context(TLSv1_METHOD)

2209

clientSSL = Connection(context, client)

Alex Gaynor

122717b

2015-09-05 14:14:18 -0400

[diff] [blame]

2210

# pytest.raises here doesn't work because of a bug in py.test on Python

2211

# 2.6: https://github.com/pytest-dev/pytest/issues/988

Alex Gaynor

e69c278

2015-09-05 14:07:48 -0400

[diff] [blame]

2212

try:

Alex Gaynor

1aabb2e

2015-09-05 13:35:18 -0400

[diff] [blame]

2213

clientSSL.connect(("127.0.0.1", 1))

Alex Gaynor

e69c278

2015-09-05 14:07:48 -0400

[diff] [blame]

2214

except error as e:

Alex Gaynor

20a4c08

2015-09-05 14:24:15 -0400

[diff] [blame]

2215

exc = e

2216

assert exc.args[0] == ECONNREFUSED

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2217

2218

def test_connect(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2219

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2220

`Connection.connect` establishes a connection to the specified address.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2221

"""

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(3)

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

2227

clientSSL.connect(('127.0.0.1', port.getsockname()[1]))

2228

# XXX An assertion? Or something?

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2229

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2230

@pytest.mark.skipif(

2231

platform == "darwin",

2232

reason="connect_ex sometimes causes a kernel panic on OS X 10.6.4"

2233

)

2234

def test_connect_ex(self):

2235

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2236

If there is a connection error, `Connection.connect_ex` returns the

2237

errno instead of raising an exception.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

"""

port = socket()

port.bind(('', 0))

port.listen(3)

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2242

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2243

clientSSL = Connection(Context(TLSv1_METHOD), socket())

2244

clientSSL.setblocking(False)

2245

result = clientSSL.connect_ex(port.getsockname())

2246

expected = (EINPROGRESS, EWOULDBLOCK)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2247

assert result in expected

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2248

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2249

def test_accept(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2250

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2251

`Connection.accept` accepts a pending connection attempt and returns a

2252

tuple of a new `Connection` (the accepted client) and the address the

2253

connection originated from.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2254

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2255

ctx = Context(TLSv1_METHOD)

2256

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2257

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2258

port = socket()

2259

portSSL = Connection(ctx, port)

2260

portSSL.bind(('', 0))

2261

portSSL.listen(3)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2262

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2263

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

2264

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2265

# Calling portSSL.getsockname() here to get the server IP address

2266

# sounds great, but frequently fails on Windows.

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

2267

clientSSL.connect(('127.0.0.1', portSSL.getsockname()[1]))

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2268

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2269

serverSSL, address = portSSL.accept()

2270

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2271

assert isinstance(serverSSL, Connection)

2272

assert serverSSL.get_context() is ctx

2273

assert address == clientSSL.getsockname()

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2274

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2275

def test_shutdown_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2276

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2277

`Connection.set_shutdown` raises `TypeError` if called with arguments

2278

other than integers.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2279

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2280

connection = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2281

with pytest.raises(TypeError):

2282

connection.set_shutdown(None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2283

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2284

def test_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2285

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2286

`Connection.shutdown` performs an SSL-level connection shutdown.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2287

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2288

server, client = loopback()

2289

assert not server.shutdown()

2290

assert server.get_shutdown() == SENT_SHUTDOWN

2291

with pytest.raises(ZeroReturnError):

2292

client.recv(1024)

2293

assert client.get_shutdown() == RECEIVED_SHUTDOWN

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

2294

client.shutdown()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2295

assert client.get_shutdown() == (SENT_SHUTDOWN | RECEIVED_SHUTDOWN)

2296

with pytest.raises(ZeroReturnError):

2297

server.recv(1024)

2298

assert server.get_shutdown() == (SENT_SHUTDOWN | RECEIVED_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2299

Paul Aurich

2015-01-08 08:34:33 -0800

[diff] [blame]

2300

def test_shutdown_closed(self):

2301

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2302

If the underlying socket is closed, `Connection.shutdown` propagates

2303

the write error from the low level write call.

Paul Aurich

2015-01-08 08:34:33 -0800

[diff] [blame]

2304

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2305

server, client = loopback()

Paul Aurich

2015-01-08 08:34:33 -0800

[diff] [blame]

2306

server.sock_shutdown(2)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2307

with pytest.raises(SysCallError) as exc:

2308

server.shutdown()

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

2309

if platform == "win32":

2310

assert exc.value.args[0] == ESHUTDOWN

2311

else:

2312

assert exc.value.args[0] == EPIPE

Paul Aurich

2015-01-08 08:34:33 -0800

[diff] [blame]

2313

Glyph

8938947

2015-04-14 17:29:26 -0400

[diff] [blame]

2314

def test_shutdown_truncated(self):

Glyph

6064ec3

2015-04-14 16:38:22 -0400

[diff] [blame]

2315

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2316

If the underlying connection is truncated, `Connection.shutdown`

2317

raises an `Error`.

Glyph

6064ec3

2015-04-14 16:38:22 -0400

[diff] [blame]

2318

"""

Glyph

8938947

2015-04-14 17:29:26 -0400

[diff] [blame]

2319

server_ctx = Context(TLSv1_METHOD)

2320

client_ctx = Context(TLSv1_METHOD)

2321

server_ctx.use_privatekey(

2322

load_privatekey(FILETYPE_PEM, server_key_pem))

2323

server_ctx.use_certificate(

2324

load_certificate(FILETYPE_PEM, server_cert_pem))

2325

server = Connection(server_ctx, None)

2326

client = Connection(client_ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2327

handshake_in_memory(client, server)

2328

assert not server.shutdown()

2329

with pytest.raises(WantReadError):

2330

server.shutdown()

Glyph

8938947

2015-04-14 17:29:26 -0400

[diff] [blame]

2331

server.bio_shutdown()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2332

with pytest.raises(Error):

2333

server.shutdown()

Glyph

6064ec3

2015-04-14 16:38:22 -0400

[diff] [blame]

2334

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2335

def test_set_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2336

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2337

`Connection.set_shutdown` sets the state of the SSL connection

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2338

shutdown process.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2339

"""

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2340

connection = Connection(Context(TLSv1_METHOD), socket())

2341

connection.set_shutdown(RECEIVED_SHUTDOWN)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2342

assert connection.get_shutdown() == RECEIVED_SHUTDOWN

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2343

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2344

@skip_if_py3

2345

def test_set_shutdown_long(self):

2346

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2347

On Python 2 `Connection.set_shutdown` accepts an argument

2348

of type `long` as well as `int`.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2349

"""

2350

connection = Connection(Context(TLSv1_METHOD), socket())

2351

connection.set_shutdown(long(RECEIVED_SHUTDOWN))

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2352

assert connection.get_shutdown() == RECEIVED_SHUTDOWN

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

2353

kjav

2015-09-07 12:14:01 +0100

[diff] [blame]

2354

def test_state_string(self):

2355

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2356

`Connection.state_string` verbosely describes the current state of

2357

the `Connection`.

kjav

2015-09-07 12:14:01 +0100

[diff] [blame]

2358

"""

Hynek Schlawack

b0274ce

2015-10-16 19:56:26 +0200

[diff] [blame]

2359

server, client = socket_pair()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2360

server = loopback_server_factory(server)

2361

client = loopback_client_factory(client)

kjav

2015-09-07 12:14:01 +0100

[diff] [blame]

2362

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2363

assert server.get_state_string() in [

2364

b"before/accept initialization", b"before SSL initialization"

2365

]

2366

assert client.get_state_string() in [

2367

b"before/connect initialization", b"before SSL initialization"

2368

]

kjav

2015-09-07 12:14:01 +0100

[diff] [blame]

2369

Jean-Paul Calderone

2010-07-29 09:51:06 -0400

[diff] [blame]

2370

def test_app_data(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2371

"""

2372

Any object can be set as app data by passing it to

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2373

`Connection.set_app_data` and later retrieved with

2374

`Connection.get_app_data`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2375

"""

Jean-Paul Calderone

2010-07-29 09:51:06 -0400

[diff] [blame]

2376

conn = Connection(Context(TLSv1_METHOD), None)

Todd Chapman

4f73e4f

2015-08-27 11:26:43 -0400

[diff] [blame]

2377

assert None is conn.get_app_data()

Jean-Paul Calderone

2010-07-29 09:51:06 -0400

[diff] [blame]

2378

app_data = object()

2379

conn.set_app_data(app_data)

Todd Chapman

4f73e4f

2015-08-27 11:26:43 -0400

[diff] [blame]

2380

assert conn.get_app_data() is app_data

Jean-Paul Calderone

2010-07-29 09:51:06 -0400

[diff] [blame]

2381

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2382

def test_makefile(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2383

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2384

`Connection.makefile` is not implemented and calling that

2385

method raises `NotImplementedError`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2386

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2387

conn = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2388

with pytest.raises(NotImplementedError):

2389

conn.makefile()

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2390

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2391

def test_get_peer_cert_chain(self):

2392

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2393

`Connection.get_peer_cert_chain` returns a list of certificates

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2394

which the connected server returned for the certification verification.

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2395

"""

2396

chain = _create_certificate_chain()

2397

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

2398

2399

serverContext = Context(TLSv1_METHOD)

2400

serverContext.use_privatekey(skey)

2401

serverContext.use_certificate(scert)

2402

serverContext.add_extra_chain_cert(icert)

2403

serverContext.add_extra_chain_cert(cacert)

2404

server = Connection(serverContext, None)

2405

server.set_accept_state()

2406

2407

# Create the client

2408

clientContext = Context(TLSv1_METHOD)

2409

clientContext.set_verify(VERIFY_NONE, verify_cb)

2410

client = Connection(clientContext, None)

2411

client.set_connect_state()

2412

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2413

interact_in_memory(client, server)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2414

2415

chain = client.get_peer_cert_chain()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2416

assert len(chain) == 3

2417

assert "Server Certificate" == chain[0].get_subject().CN

2418

assert "Intermediate Certificate" == chain[1].get_subject().CN

2419

assert "Authority Certificate" == chain[2].get_subject().CN

Jean-Paul Calderone

24a4243

2011-05-19 22:21:18 -0400

[diff] [blame]

2420

Jean-Paul Calderone

24a4243

2011-05-19 22:21:18 -0400

[diff] [blame]

2421

def test_get_peer_cert_chain_none(self):

2422

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2423

`Connection.get_peer_cert_chain` returns `None` if the peer sends

2424

no certificate chain.

Jean-Paul Calderone

24a4243

2011-05-19 22:21:18 -0400

[diff] [blame]

2425

"""

2426

ctx = Context(TLSv1_METHOD)

2427

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2428

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

2429

server = Connection(ctx, None)

2430

server.set_accept_state()

2431

client = Connection(Context(TLSv1_METHOD), None)

2432

client.set_connect_state()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2433

interact_in_memory(client, server)

2434

assert None is server.get_peer_cert_chain()

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2435

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2436

def test_get_session_unconnected(self):

2437

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2438

`Connection.get_session` returns `None` when used with an object

2439

which has not been connected.

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2440

"""

2441

ctx = Context(TLSv1_METHOD)

2442

server = Connection(ctx, None)

2443

session = server.get_session()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2444

assert None is session

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2445

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2446

def test_server_get_session(self):

2447

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2448

On the server side of a connection, `Connection.get_session` returns a

2449

`Session` instance representing the SSL session for that connection.

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2450

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2451

server, client = loopback()

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2452

session = server.get_session()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2453

assert isinstance(session, Session)

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2454

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2455

def test_client_get_session(self):

2456

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2457

On the client side of a connection, `Connection.get_session`

2458

returns a `Session` instance representing the SSL session for

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2459

that connection.

2460

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2461

server, client = loopback()

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2462

session = client.get_session()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2463

assert isinstance(session, Session)

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2464

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2465

def test_set_session_wrong_args(self):

2466

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2467

`Connection.set_session` raises `TypeError` if called with an object

2468

that is not an instance of `Session`.

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2469

"""

2470

ctx = Context(TLSv1_METHOD)

2471

connection = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2472

with pytest.raises(TypeError):

2473

connection.set_session(123)

2474

with pytest.raises(TypeError):

2475

connection.set_session("hello")

2476

with pytest.raises(TypeError):

2477

connection.set_session(object())

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2478

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2479

def test_client_set_session(self):

2480

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2481

`Connection.set_session`, when used prior to a connection being

2482

established, accepts a `Session` instance and causes an attempt to

2483

re-use the session it represents when the SSL handshake is performed.

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2484

"""

2485

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2486

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

Alex Gaynor

332848f

2017-08-07 12:40:09 -0400

[diff] [blame]

2487

ctx = Context(SSLv23_METHOD)

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2488

ctx.use_privatekey(key)

2489

ctx.use_certificate(cert)

2490

ctx.set_session_id("unity-test")

2491

2492

def makeServer(socket):

2493

server = Connection(ctx, socket)

2494

server.set_accept_state()

2495

return server

2496

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2497

originalServer, originalClient = loopback(

2498

server_factory=makeServer)

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2499

originalSession = originalClient.get_session()

2500

2501

def makeClient(socket):

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2502

client = loopback_client_factory(socket)

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2503

client.set_session(originalSession)

2504

return client

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2505

resumedServer, resumedClient = loopback(

2506

server_factory=makeServer,

2507

client_factory=makeClient)

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2508

2509

# This is a proxy: in general, we have no access to any unique

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2510

# identifier for the session (new enough versions of OpenSSL expose

2511

# a hash which could be usable, but "new enough" is very, very new).

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2512

# Instead, exploit the fact that the master key is re-used if the

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2513

# session is re-used. As long as the master key for the two

2514

# connections is the same, the session was re-used!

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2515

assert originalServer.master_key() == resumedServer.master_key()

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2516

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2517

def test_set_session_wrong_method(self):

2518

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2519

If `Connection.set_session` is passed a `Session` instance associated

2520

with a context using a different SSL method than the `Connection`

2521

is using, a `OpenSSL.SSL.Error` is raised.

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2522

"""

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2523

# Make this work on both OpenSSL 1.0.0, which doesn't support TLSv1.2

2524

# and also on OpenSSL 1.1.0 which doesn't support SSLv3. (SSL_ST_INIT

2525

# is a way to check for 1.1.0)

Alex Gaynor

aa32e71

2017-06-29 20:56:12 -0700

[diff] [blame]

2526

if SSL_ST_INIT is None:

2527

v1 = TLSv1_2_METHOD

2528

v2 = TLSv1_METHOD

2529

elif hasattr(_lib, "SSLv3_method"):

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2530

v1 = TLSv1_METHOD

2531

v2 = SSLv3_METHOD

2532

else:

Alex Gaynor

aa32e71

2017-06-29 20:56:12 -0700

[diff] [blame]

2533

pytest.skip("Test requires either OpenSSL 1.1.0 or SSLv3")

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2534

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2535

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2536

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2537

ctx = Context(v1)

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2538

ctx.use_privatekey(key)

2539

ctx.use_certificate(cert)

2540

ctx.set_session_id("unity-test")

2541

2542

def makeServer(socket):

2543

server = Connection(ctx, socket)

2544

server.set_accept_state()

2545

return server

2546

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2547

def makeOriginalClient(socket):

2548

client = Connection(Context(v1), socket)

2549

client.set_connect_state()

2550

return client

2551

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2552

originalServer, originalClient = loopback(

2553

server_factory=makeServer, client_factory=makeOriginalClient)

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2554

originalSession = originalClient.get_session()

2555

2556

def makeClient(socket):

2557

# Intentionally use a different, incompatible method here.

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2558

client = Connection(Context(v2), socket)

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2559

client.set_connect_state()

2560

client.set_session(originalSession)

2561

return client

2562

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2563

with pytest.raises(Error):

2564

loopback(client_factory=makeClient, server_factory=makeServer)

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2565

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2566

def test_wantWriteError(self):

2567

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2568

`Connection` methods which generate output raise

2569

`OpenSSL.SSL.WantWriteError` if writing to the connection's BIO

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2570

fail indicating a should-write state.

2571

"""

2572

client_socket, server_socket = socket_pair()

2573

# Fill up the client's send buffer so Connection won't be able to write

Jean-Paul Calderone

bbff8b9

2014-03-22 14:20:30 -0400

[diff] [blame]

2574

# anything. Only write a single byte at a time so we can be sure we

2575

# completely fill the buffer. Even though the socket API is allowed to

2576

# signal a short write via its return value it seems this doesn't

2577

# always happen on all platforms (FreeBSD and OS X particular) for the

2578

# very last bit of available buffer space.

2579

msg = b"x"

2580

for i in range(1024 * 1024 * 4):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2581

try:

2582

client_socket.send(msg)

2583

except error as e:

2584

if e.errno == EWOULDBLOCK:

2585

break

2586

raise

2587

else:

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2588

pytest.fail(

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2589

"Failed to fill socket buffer, cannot test BIO want write")

2590

2591

ctx = Context(TLSv1_METHOD)

2592

conn = Connection(ctx, client_socket)

2593

# Client's speak first, so make it an SSL client

2594

conn.set_connect_state()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2595

with pytest.raises(WantWriteError):

2596

conn.do_handshake()

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

# XXX want_read

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2600

def test_get_finished_before_connect(self):

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2601

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2602

`Connection.get_finished` returns `None` before TLS handshake

2603

is completed.

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2604

"""

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2605

ctx = Context(TLSv1_METHOD)

2606

connection = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2607

assert connection.get_finished() is None

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2608

2609

def test_get_peer_finished_before_connect(self):

2610

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2611

`Connection.get_peer_finished` returns `None` before TLS handshake

2612

is completed.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2613

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2614

ctx = Context(TLSv1_METHOD)

2615

connection = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2616

assert connection.get_peer_finished() is None

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2617

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2618

def test_get_finished(self):

2619

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2620

`Connection.get_finished` method returns the TLS Finished message send

2621

from client, or server. Finished messages are send during

Jean-Paul Calderone

5b05b48

2014-03-30 11:28:54 -0400

[diff] [blame]

2622

TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2623

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2624

server, client = loopback()

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2625

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2626

assert server.get_finished() is not None

2627

assert len(server.get_finished()) > 0

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2628

2629

def test_get_peer_finished(self):

2630

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2631

`Connection.get_peer_finished` method returns the TLS Finished

Jean-Paul Calderone

5b05b48

2014-03-30 11:28:54 -0400

[diff] [blame]

2632

message received from client, or server. Finished messages are send

2633

during TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2634

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2635

server, client = loopback()

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2636

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2637

assert server.get_peer_finished() is not None

2638

assert len(server.get_peer_finished()) > 0

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2639

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2640

def test_tls_finished_message_symmetry(self):

2641

"""

Hynek Schlawack

dddd111

2015-09-05 21:12:30 +0200

[diff] [blame]

2642

The TLS Finished message send by server must be the TLS Finished

2643

message received by client.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2644

Hynek Schlawack

dddd111

2015-09-05 21:12:30 +0200

[diff] [blame]

2645

The TLS Finished message send by client must be the TLS Finished

2646

message received by server.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2647

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2648

server, client = loopback()

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2649

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2650

assert server.get_finished() == client.get_peer_finished()

2651

assert client.get_finished() == server.get_peer_finished()

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2652

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2653

def test_get_cipher_name_before_connect(self):

2654

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2655

`Connection.get_cipher_name` returns `None` if no connection

2656

has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2657

"""

2658

ctx = Context(TLSv1_METHOD)

2659

conn = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2660

assert conn.get_cipher_name() is None

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2661

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2662

def test_get_cipher_name(self):

2663

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2664

`Connection.get_cipher_name` returns a `unicode` string giving the

2665

name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2666

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2667

server, client = loopback()

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2668

server_cipher_name, client_cipher_name = \

2669

server.get_cipher_name(), client.get_cipher_name()

2670

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2671

assert isinstance(server_cipher_name, text_type)

2672

assert isinstance(client_cipher_name, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2673

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2674

assert server_cipher_name == client_cipher_name

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2675

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2676

def test_get_cipher_version_before_connect(self):

2677

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2678

`Connection.get_cipher_version` returns `None` if no connection

2679

has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2680

"""

2681

ctx = Context(TLSv1_METHOD)

2682

conn = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2683

assert conn.get_cipher_version() is None

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2684

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2685

def test_get_cipher_version(self):

2686

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2687

`Connection.get_cipher_version` returns a `unicode` string giving

2688

the protocol name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2689

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2690

server, client = loopback()

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2691

server_cipher_version, client_cipher_version = \

2692

server.get_cipher_version(), client.get_cipher_version()

2693

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2694

assert isinstance(server_cipher_version, text_type)

2695

assert isinstance(client_cipher_version, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2696

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2697

assert server_cipher_version == client_cipher_version

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2698

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2699

def test_get_cipher_bits_before_connect(self):

2700

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2701

`Connection.get_cipher_bits` returns `None` if no connection has

2702

been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2703

"""

2704

ctx = Context(TLSv1_METHOD)

2705

conn = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2706

assert conn.get_cipher_bits() is None

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2707

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2708

def test_get_cipher_bits(self):

2709

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2710

`Connection.get_cipher_bits` returns the number of secret bits

Jean-Paul Calderone

5b05b48

2014-03-30 11:28:54 -0400

[diff] [blame]

2711

of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2712

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2713

server, client = loopback()

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2714

server_cipher_bits, client_cipher_bits = \

2715

server.get_cipher_bits(), client.get_cipher_bits()

2716

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2717

assert isinstance(server_cipher_bits, int)

2718

assert isinstance(client_cipher_bits, int)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2719

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2720

assert server_cipher_bits == client_cipher_bits

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2721

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2722

def test_get_protocol_version_name(self):

2723

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2724

`Connection.get_protocol_version_name()` returns a string giving the

2725

protocol version of the current connection.

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2726

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2727

server, client = loopback()

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2728

client_protocol_version_name = client.get_protocol_version_name()

2729

server_protocol_version_name = server.get_protocol_version_name()

2730

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2731

assert isinstance(server_protocol_version_name, text_type)

2732

assert isinstance(client_protocol_version_name, text_type)

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2733

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2734

assert server_protocol_version_name == client_protocol_version_name

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2735

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2736

def test_get_protocol_version(self):

2737

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2738

`Connection.get_protocol_version()` returns an integer

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2739

giving the protocol version of the current connection.

2740

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2741

server, client = loopback()

Jim Shaver

85a4dff

2015-04-27 17:42:46 -0400

[diff] [blame]

2742

client_protocol_version = client.get_protocol_version()

2743

server_protocol_version = server.get_protocol_version()

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2744

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2745

assert isinstance(server_protocol_version, int)

2746

assert isinstance(client_protocol_version, int)

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2747

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2748

assert server_protocol_version == client_protocol_version

2749

2750

def test_wantReadError(self):

2751

"""

2752

`Connection.bio_read` raises `OpenSSL.SSL.WantReadError` if there are

2753

no bytes available to be read from the BIO.

2754

"""

2755

ctx = Context(TLSv1_METHOD)

2756

conn = Connection(ctx, None)

2757

with pytest.raises(WantReadError):

2758

conn.bio_read(1024)

2759

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

2760

@pytest.mark.parametrize('bufsize', [1.0, None, object(), 'bufsize'])

2761

def test_bio_read_wrong_args(self, bufsize):

2762

"""

2763

`Connection.bio_read` raises `TypeError` if passed a non-integer

2764

argument.

2765

"""

2766

ctx = Context(TLSv1_METHOD)

2767

conn = Connection(ctx, None)

2768

with pytest.raises(TypeError):

2769

conn.bio_read(bufsize)

2770

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2771

def test_buffer_size(self):

2772

"""

2773

`Connection.bio_read` accepts an integer giving the maximum number

2774

of bytes to read and return.

2775

"""

2776

ctx = Context(TLSv1_METHOD)

2777

conn = Connection(ctx, None)

2778

conn.set_connect_state()

2779

try:

2780

conn.do_handshake()

2781

except WantReadError:

2782

pass

2783

data = conn.bio_read(2)

2784

assert 2 == len(data)

2785

2786

@skip_if_py3

2787

def test_buffer_size_long(self):

2788

"""

2789

On Python 2 `Connection.bio_read` accepts values of type `long` as

2790

well as `int`.

2791

"""

2792

ctx = Context(TLSv1_METHOD)

2793

conn = Connection(ctx, None)

2794

conn.set_connect_state()

2795

try:

2796

conn.do_handshake()

2797

except WantReadError:

2798

pass

2799

data = conn.bio_read(long(2))

2800

assert 2 == len(data)

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2801

Jean-Paul Calderone

dbd7627

2014-03-29 18:09:40 -0400

[diff] [blame]

2802

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2803

class TestConnectionGetCipherList(object):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2804

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2805

Tests for `Connection.get_cipher_list`.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2806

"""

Jean-Paul Calderone

2010-07-28 19:14:16 -0400

[diff] [blame]

2807

def test_result(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2808

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2809

`Connection.get_cipher_list` returns a list of `bytes` giving the

2810

names of the ciphers which might be used.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2811

"""

Jean-Paul Calderone

2010-07-28 19:14:16 -0400

[diff] [blame]

2812

connection = Connection(Context(TLSv1_METHOD), None)

2813

ciphers = connection.get_cipher_list()

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2814

assert isinstance(ciphers, list)

Jean-Paul Calderone

2010-07-28 19:14:16 -0400

[diff] [blame]

2815

for cipher in ciphers:

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2816

assert isinstance(cipher, str)

Jean-Paul Calderone

2010-07-28 19:14:16 -0400

[diff] [blame]

2817

2818

Maximilian Hils

868dc3c

2017-02-10 14:56:55 +0100

[diff] [blame]

2819

class VeryLarge(bytes):

2820

"""

2821

Mock object so that we don't have to allocate 2**31 bytes

"""

def __len__(self):

return 2**31

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2827

class TestConnectionSend(object):

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2828

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2829

Tests for `Connection.send`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2830

"""

2831

def test_wrong_args(self):

2832

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2833

When called with arguments other than string argument for its first

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2834

parameter, `Connection.send` raises `TypeError`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2835

"""

2836

connection = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2837

with pytest.raises(TypeError):

2838

connection.send(object())

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2839

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2840

def test_short_bytes(self):

2841

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2842

When passed a short byte string, `Connection.send` transmits all of it

2843

and returns the number of bytes sent.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2844

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2845

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

2846

count = server.send(b'xy')

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2847

assert count == 2

2848

assert client.recv(2) == b'xy'

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2849

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2850

def test_text(self):

2851

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2852

When passed a text, `Connection.send` transmits all of it and

Jean-Paul Calderone

6462b07

2015-03-29 07:03:11 -0400

[diff] [blame]

2853

returns the number of bytes sent. It also raises a DeprecationWarning.

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2854

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2855

server, client = loopback()

2856

with pytest.warns(DeprecationWarning) as w:

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2857

simplefilter("always")

Jean-Paul Calderone

13a0e65

2015-03-29 07:58:51 -0400

[diff] [blame]

2858

count = server.send(b"xy".decode("ascii"))

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2859

assert (

Jean-Paul Calderone

13a0e65

2015-03-29 07:58:51 -0400

[diff] [blame]

2860

"{0} for buf is no longer accepted, use bytes".format(

Jean-Paul Calderone

6462b07

2015-03-29 07:03:11 -0400

[diff] [blame]

2861

WARNING_TYPE_EXPECTED

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2862

) == str(w[-1].message))

2863

assert count == 2

2864

assert client.recv(2) == b'xy'

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2865

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

2866

def test_short_memoryview(self):

2867

"""

2868

When passed a memoryview onto a small number of bytes,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2869

`Connection.send` transmits all of them and returns the number

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

2870

of bytes sent.

2871

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2872

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

2873

count = server.send(memoryview(b'xy'))

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2874

assert count == 2

2875

assert client.recv(2) == b'xy'

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2876

Hynek Schlawack

8e94f1b

2015-09-05 21:31:00 +0200

[diff] [blame]

2877

@skip_if_py3

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

2878

def test_short_buffer(self):

2879

"""

2880

When passed a buffer containing a small number of bytes,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2881

`Connection.send` transmits all of them and returns the number

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

2882

of bytes sent.

2883

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2884

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

2885

count = server.send(buffer(b'xy'))

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2886

assert count == 2

2887

assert client.recv(2) == b'xy'

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

2888

Maximilian Hils

868dc3c

2017-02-10 14:56:55 +0100

[diff] [blame]

2889

@pytest.mark.skipif(

2890

sys.maxsize < 2**31,

2891

reason="sys.maxsize < 2**31 - test requires 64 bit"

2892

)

2893

def test_buf_too_large(self):

2894

"""

2895

When passed a buffer containing >= 2**31 bytes,

2896

`Connection.send` bails out as SSL_write only

2897

accepts an int for the buffer length.

2898

"""

2899

connection = Connection(Context(TLSv1_METHOD), None)

2900

with pytest.raises(ValueError) as exc_info:

2901

connection.send(VeryLarge())

2902

exc_info.match(r"Cannot send more than .+ bytes at once")

2903

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2904

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2905

def _make_memoryview(size):

2906

"""

2907

Create a new ``memoryview`` wrapped around a ``bytearray`` of the given

2908

size.

2909

"""

2910

return memoryview(bytearray(size))

2911

2912

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2913

class TestConnectionRecvInto(object):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2914

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2915

Tests for `Connection.recv_into`.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2916

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2917

def _no_length_test(self, factory):

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2918

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2919

Assert that when the given buffer is passed to `Connection.recv_into`,

2920

whatever bytes are available to be received that fit into that buffer

2921

are written into that buffer.

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2922

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2923

output_buffer = factory(5)

2924

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2925

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

2926

server.send(b'xy')

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

2927

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2928

assert client.recv_into(output_buffer) == 2

2929

assert output_buffer == bytearray(b'xy\x00\x00\x00')

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

2930

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

2931

def test_bytearray_no_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2932

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2933

`Connection.recv_into` can be passed a `bytearray` instance and data

2934

in the receive buffer is written to it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2935

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2936

self._no_length_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2937

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2938

def _respects_length_test(self, factory):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2939

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2940

Assert that when the given buffer is passed to `Connection.recv_into`

2941

along with a value for `nbytes` that is less than the size of that

2942

buffer, only `nbytes` bytes are written into the buffer.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2943

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2944

output_buffer = factory(10)

2945

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2946

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

2947

server.send(b'abcdefghij')

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2948

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2949

assert client.recv_into(output_buffer, 5) == 5

2950

assert output_buffer == bytearray(b'abcde\x00\x00\x00\x00\x00')

Jean-Paul Calderone

c295a2f

2015-03-15 17:11:18 -0400

[diff] [blame]

2951

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

2952

def test_bytearray_respects_length(self):

Jean-Paul Calderone

c295a2f

2015-03-15 17:11:18 -0400

[diff] [blame]

2953

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2954

When called with a `bytearray` instance, `Connection.recv_into`

2955

respects the `nbytes` parameter and doesn't copy in more than that

2956

number of bytes.

Jean-Paul Calderone

c295a2f

2015-03-15 17:11:18 -0400

[diff] [blame]

2957

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2958

self._respects_length_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2959

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2960

def _doesnt_overfill_test(self, factory):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2961

"""

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2962

Assert that if there are more bytes available to be read from the

2963

receive buffer than would fit into the buffer passed to

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2964

`Connection.recv_into`, only as many as fit are written into it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2965

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2966

output_buffer = factory(5)

2967

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2968

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

2969

server.send(b'abcdefghij')

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2970

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2971

assert client.recv_into(output_buffer) == 5

2972

assert output_buffer == bytearray(b'abcde')

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2973

rest = client.recv(5)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2974

assert b'fghij' == rest

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2975

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

2976

def test_bytearray_doesnt_overfill(self):

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2977

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2978

When called with a `bytearray` instance, `Connection.recv_into`

2979

respects the size of the array and doesn't write more bytes into it

2980

than will fit.

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2981

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2982

self._doesnt_overfill_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2983

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

2984

def test_bytearray_really_doesnt_overfill(self):

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2985

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2986

When called with a `bytearray` instance and an `nbytes` value that is

2987

too large, `Connection.recv_into` respects the size of the array and

2988

not the `nbytes` value and doesn't write more bytes into the buffer

2989

than will fit.

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2990

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2991

self._doesnt_overfill_test(bytearray)

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2992

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

2993

def test_peek(self):

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2994

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

2995

server.send(b'xy')

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

2996

2997

for _ in range(2):

2998

output_buffer = bytearray(5)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2999

assert client.recv_into(output_buffer, flags=MSG_PEEK) == 2

3000

assert output_buffer == bytearray(b'xy\x00\x00\x00')

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

3001

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3002

def test_memoryview_no_length(self):

3003

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3004

`Connection.recv_into` can be passed a `memoryview` instance and data

3005

in the receive buffer is written to it.

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3006

"""

3007

self._no_length_test(_make_memoryview)

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

3008

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3009

def test_memoryview_respects_length(self):

3010

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3011

When called with a `memoryview` instance, `Connection.recv_into`

3012

respects the ``nbytes`` parameter and doesn't copy more than that

3013

number of bytes in.

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3014

"""

3015

self._respects_length_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3016

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3017

def test_memoryview_doesnt_overfill(self):

3018

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3019

When called with a `memoryview` instance, `Connection.recv_into`

3020

respects the size of the array and doesn't write more bytes into it

3021

than will fit.

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3022

"""

3023

self._doesnt_overfill_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3024

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3025

def test_memoryview_really_doesnt_overfill(self):

3026

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3027

When called with a `memoryview` instance and an `nbytes` value that is

3028

too large, `Connection.recv_into` respects the size of the array and

3029

not the `nbytes` value and doesn't write more bytes into the buffer

3030

than will fit.

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3031

"""

3032

self._doesnt_overfill_test(_make_memoryview)

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

3033

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3034

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3035

class TestConnectionSendall(object):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3036

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3037

Tests for `Connection.sendall`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3038

"""

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3039

def test_wrong_args(self):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3040

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3041

When called with arguments other than a string argument for its first

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3042

parameter, `Connection.sendall` raises `TypeError`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3043

"""

3044

connection = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3045

with pytest.raises(TypeError):

3046

connection.sendall(object())

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3047

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3048

def test_short(self):

3049

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3050

`Connection.sendall` transmits all of the bytes in the string

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

3051

passed to it.

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3052

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3053

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

3054

server.sendall(b'x')

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3055

assert client.recv(1) == b'x'

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3056

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3057

def test_text(self):

3058

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3059

`Connection.sendall` transmits all the content in the string passed

3060

to it, raising a DeprecationWarning in case of this being a text.

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3061

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3062

server, client = loopback()

3063

with pytest.warns(DeprecationWarning) as w:

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3064

simplefilter("always")

Jean-Paul Calderone

8dc37a1

2015-03-29 08:16:52 -0400

[diff] [blame]

3065

server.sendall(b"x".decode("ascii"))

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3066

assert (

Jean-Paul Calderone

13a0e65

2015-03-29 07:58:51 -0400

[diff] [blame]

3067

"{0} for buf is no longer accepted, use bytes".format(

Jean-Paul Calderone

6462b07

2015-03-29 07:03:11 -0400

[diff] [blame]

3068

WARNING_TYPE_EXPECTED

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3069

) == str(w[-1].message))

3070

assert client.recv(1) == b"x"

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3071

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

3072

def test_short_memoryview(self):

3073

"""

3074

When passed a memoryview onto a small number of bytes,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3075

`Connection.sendall` transmits all of them.

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

3076

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3077

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

3078

server.sendall(memoryview(b'x'))

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3079

assert client.recv(1) == b'x'

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3080

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

3081

@skip_if_py3

3082

def test_short_buffers(self):

3083

"""

3084

When passed a buffer containing a small number of bytes,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3085

`Connection.sendall` transmits all of them.

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

3086

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3087

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

3088

server.sendall(buffer(b'x'))

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3089

assert client.recv(1) == b'x'

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

3090

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3091

def test_long(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3092

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3093

`Connection.sendall` transmits all the bytes in the string passed to it

3094

even if this requires multiple calls of an underlying write function.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3095

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3096

server, client = loopback()

Jean-Paul Calderone

6241c70

2010-09-16 19:59:24 -0400

[diff] [blame]

3097

# Should be enough, underlying SSL_write should only do 16k at a time.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3098

# On Windows, after 32k of bytes the write will block (forever

3099

# - because no one is yet reading).

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

3100

message = b'x' * (1024 * 32 - 1) + b'y'

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3101

server.sendall(message)

3102

accum = []

3103

received = 0

3104

while received < len(message):

Jean-Paul Calderone

b1f7f5f

2010-08-22 21:40:52 -0400

[diff] [blame]

3105

data = client.recv(1024)

3106

accum.append(data)

3107

received += len(data)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3108

assert message == b''.join(accum)

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3109

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

3110

def test_closed(self):

3111

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3112

If the underlying socket is closed, `Connection.sendall` propagates the

3113

write error from the low level write call.

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

3114

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3115

server, client = loopback()

Jean-Paul Calderone

05d43e8

2010-09-24 18:01:36 -0400

[diff] [blame]

3116

server.sock_shutdown(2)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3117

with pytest.raises(SysCallError) as err:

3118

server.sendall(b"hello, world")

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

3119

if platform == "win32":

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3120

assert err.value.args[0] == ESHUTDOWN

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

3121

else:

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3122

assert err.value.args[0] == EPIPE

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

3123

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3124

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3125

class TestConnectionRenegotiate(object):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3126

"""

3127

Tests for SSL renegotiation APIs.

3128

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

3129

def test_total_renegotiations(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3130

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3131

`Connection.total_renegotiations` returns `0` before any renegotiations

3132

have happened.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3133

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

3134

connection = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3135

assert connection.total_renegotiations() == 0

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

3136

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

3137

def test_renegotiate(self):

3138

"""

3139

Go through a complete renegotiation cycle.

3140

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3141

server, client = loopback()

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3142

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

3143

server.send(b"hello world")

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3144

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

3145

assert b"hello world" == client.recv(len(b"hello world"))

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3146

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

3147

assert 0 == server.total_renegotiations()

3148

assert False is server.renegotiate_pending()

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3149

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

3150

assert True is server.renegotiate()

3151

3152

assert True is server.renegotiate_pending()

3153

3154

server.setblocking(False)

3155

client.setblocking(False)

3156

3157

client.do_handshake()

3158

server.do_handshake()

3159

3160

assert 1 == server.total_renegotiations()

3161

while False is server.renegotiate_pending():

3162

pass

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3163

3164

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3165

class TestError(object):

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3166

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3167

Unit tests for `OpenSSL.SSL.Error`.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3168

"""

3169

def test_type(self):

3170

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3171

`Error` is an exception type.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3172

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3173

assert issubclass(Error, Exception)

3174

assert Error.__name__ == 'Error'

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

3175

3176

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3177

class TestConstants(object):

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3178

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3179

Tests for the values of constants exposed in `OpenSSL.SSL`.

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3180

3181

These are values defined by OpenSSL intended only to be used as flags to

3182

OpenSSL APIs. The only assertions it seems can be made about them is

3183

their values.

3184

"""

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3185

@pytest.mark.skipif(

3186

OP_NO_QUERY_MTU is None,

3187

reason="OP_NO_QUERY_MTU unavailable - OpenSSL version may be too old"

3188

)

3189

def test_op_no_query_mtu(self):

3190

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3191

The value of `OpenSSL.SSL.OP_NO_QUERY_MTU` is 0x1000, the value

3192

of `SSL_OP_NO_QUERY_MTU` defined by `openssl/ssl.h`.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3193

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3194

assert OP_NO_QUERY_MTU == 0x1000

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3195

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3196

@pytest.mark.skipif(

3197

OP_COOKIE_EXCHANGE is None,

3198

reason="OP_COOKIE_EXCHANGE unavailable - "

3199

"OpenSSL version may be too old"

3200

)

3201

def test_op_cookie_exchange(self):

3202

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3203

The value of `OpenSSL.SSL.OP_COOKIE_EXCHANGE` is 0x2000, the

3204

value of `SSL_OP_COOKIE_EXCHANGE` defined by `openssl/ssl.h`.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3205

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3206

assert OP_COOKIE_EXCHANGE == 0x2000

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3207

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3208

@pytest.mark.skipif(

3209

OP_NO_TICKET is None,

3210

reason="OP_NO_TICKET unavailable - OpenSSL version may be too old"

3211

)

3212

def test_op_no_ticket(self):

3213

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3214

The value of `OpenSSL.SSL.OP_NO_TICKET` is 0x4000, the value of

3215

`SSL_OP_NO_TICKET` defined by `openssl/ssl.h`.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3216

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3217

assert OP_NO_TICKET == 0x4000

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3218

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3219

@pytest.mark.skipif(

3220

OP_NO_COMPRESSION is None,

3221

reason="OP_NO_COMPRESSION unavailable - OpenSSL version may be too old"

3222

)

3223

def test_op_no_compression(self):

3224

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3225

The value of `OpenSSL.SSL.OP_NO_COMPRESSION` is 0x20000, the

3226

value of `SSL_OP_NO_COMPRESSION` defined by `openssl/ssl.h`.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3227

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3228

assert OP_NO_COMPRESSION == 0x20000

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

3229

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3230

def test_sess_cache_off(self):

3231

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3232

The value of `OpenSSL.SSL.SESS_CACHE_OFF` 0x0, the value of

3233

`SSL_SESS_CACHE_OFF` defined by `openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3234

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3235

assert 0x0 == SESS_CACHE_OFF

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3236

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3237

def test_sess_cache_client(self):

3238

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3239

The value of `OpenSSL.SSL.SESS_CACHE_CLIENT` 0x1, the value of

3240

`SSL_SESS_CACHE_CLIENT` defined by `openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3241

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3242

assert 0x1 == SESS_CACHE_CLIENT

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3243

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3244

def test_sess_cache_server(self):

3245

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3246

The value of `OpenSSL.SSL.SESS_CACHE_SERVER` 0x2, the value of

3247

`SSL_SESS_CACHE_SERVER` defined by `openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3248

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3249

assert 0x2 == SESS_CACHE_SERVER

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3250

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3251

def test_sess_cache_both(self):

3252

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3253

The value of `OpenSSL.SSL.SESS_CACHE_BOTH` 0x3, the value of

3254

`SSL_SESS_CACHE_BOTH` defined by `openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3255

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3256

assert 0x3 == SESS_CACHE_BOTH

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3257

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3258

def test_sess_cache_no_auto_clear(self):

3259

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3260

The value of `OpenSSL.SSL.SESS_CACHE_NO_AUTO_CLEAR` 0x80, the

3261

value of `SSL_SESS_CACHE_NO_AUTO_CLEAR` defined by

3262

`openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3263

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3264

assert 0x80 == SESS_CACHE_NO_AUTO_CLEAR

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3265

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3266

def test_sess_cache_no_internal_lookup(self):

3267

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3268

The value of `OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_LOOKUP` 0x100,

3269

the value of `SSL_SESS_CACHE_NO_INTERNAL_LOOKUP` defined by

3270

`openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3271

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3272

assert 0x100 == SESS_CACHE_NO_INTERNAL_LOOKUP

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3273

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3274

def test_sess_cache_no_internal_store(self):

3275

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3276

The value of `OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_STORE` 0x200,

3277

the value of `SSL_SESS_CACHE_NO_INTERNAL_STORE` defined by

3278

`openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3279

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3280

assert 0x200 == SESS_CACHE_NO_INTERNAL_STORE

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3281

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3282

def test_sess_cache_no_internal(self):

3283

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3284

The value of `OpenSSL.SSL.SESS_CACHE_NO_INTERNAL` 0x300, the

3285

value of `SSL_SESS_CACHE_NO_INTERNAL` defined by

3286

`openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3287

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3288

assert 0x300 == SESS_CACHE_NO_INTERNAL

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3289

3290

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3291

class TestMemoryBIO(object):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3292

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3293

Tests for `OpenSSL.SSL.Connection` using a memory BIO.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3294

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3295

def _server(self, sock):

3296

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3297

Create a new server-side SSL `Connection` object wrapped around `sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3298

"""

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3299

# Create the server side Connection. This is mostly setup boilerplate

3300

# - use TLSv1, use a particular certificate, etc.

3301

server_ctx = Context(TLSv1_METHOD)

Alex Gaynor

4330778

2015-09-04 09:05:45 -0400

[diff] [blame]

3302

server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE)

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3303

server_ctx.set_verify(

3304

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT | VERIFY_CLIENT_ONCE,

3305

verify_cb

3306

)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3307

server_store = server_ctx.get_cert_store()

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3308

server_ctx.use_privatekey(

3309

load_privatekey(FILETYPE_PEM, server_key_pem))

3310

server_ctx.use_certificate(

3311

load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3312

server_ctx.check_privatekey()

3313

server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3314

# Here the Connection is actually created. If None is passed as the

3315

# 2nd parameter, it indicates a memory BIO should be created.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3316

server_conn = Connection(server_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3317

server_conn.set_accept_state()

3318

return server_conn

3319

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3320

def _client(self, sock):

3321

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3322

Create a new client-side SSL `Connection` object wrapped around `sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3323

"""

3324

# Now create the client side Connection. Similar boilerplate to the

3325

# above.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3326

client_ctx = Context(TLSv1_METHOD)

Alex Gaynor

4330778

2015-09-04 09:05:45 -0400

[diff] [blame]

3327

client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE)

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3328

client_ctx.set_verify(

3329

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT | VERIFY_CLIENT_ONCE,

3330

verify_cb

3331

)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3332

client_store = client_ctx.get_cert_store()

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3333

client_ctx.use_privatekey(

3334

load_privatekey(FILETYPE_PEM, client_key_pem))

3335

client_ctx.use_certificate(

3336

load_certificate(FILETYPE_PEM, client_cert_pem))

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3337

client_ctx.check_privatekey()

3338

client_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3339

client_conn = Connection(client_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3340

client_conn.set_connect_state()

3341

return client_conn

3342

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3343

def test_memory_connect(self):

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3344

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3345

Two `Connection`s which use memory BIOs can be manually connected by

3346

reading from the output of each and writing those bytes to the input of

3347

the other and in this way establish a connection and exchange

3348

application-level bytes with each other.

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3349

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3350

server_conn = self._server(None)

3351

client_conn = self._client(None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3352

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3353

# There should be no key or nonces yet.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3354

assert server_conn.master_key() is None

3355

assert server_conn.client_random() is None

3356

assert server_conn.server_random() is None

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3357

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3358

# First, the handshake needs to happen. We'll deliver bytes back and

3359

# forth between the client and server until neither of them feels like

3360

# speaking any more.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3361

assert interact_in_memory(client_conn, server_conn) is None

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3362

3363

# Now that the handshake is done, there should be a key and nonces.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3364

assert server_conn.master_key() is not None

3365

assert server_conn.client_random() is not None

3366

assert server_conn.server_random() is not None

3367

assert server_conn.client_random() == client_conn.client_random()

3368

assert server_conn.server_random() == client_conn.server_random()

3369

assert server_conn.client_random() != server_conn.server_random()

3370

assert client_conn.client_random() != client_conn.server_random()

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3371

Paul Kehrer

bdb7639

2017-12-01 04:54:32 +0800

[diff] [blame]

3372

# Export key material for other uses.

3373

cekm = client_conn.export_keying_material(b'LABEL', 32)

3374

sekm = server_conn.export_keying_material(b'LABEL', 32)

3375

assert cekm is not None

3376

assert sekm is not None

3377

assert cekm == sekm

3378

assert len(sekm) == 32

3379

3380

# Export key material for other uses with additional context.

3381

cekmc = client_conn.export_keying_material(b'LABEL', 32, b'CONTEXT')

3382

sekmc = server_conn.export_keying_material(b'LABEL', 32, b'CONTEXT')

3383

assert cekmc is not None

3384

assert sekmc is not None

3385

assert cekmc == sekmc

3386

assert cekmc != cekm

3387

assert sekmc != sekm

3388

# Export with alternate label

3389

cekmt = client_conn.export_keying_material(b'test', 32, b'CONTEXT')

3390

sekmt = server_conn.export_keying_material(b'test', 32, b'CONTEXT')

3391

assert cekmc != cekmt

3392

assert sekmc != sekmt

3393

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3394

# Here are the bytes we'll try to send.

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

3395

important_message = b'One if by land, two if by sea.'

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3396

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3397

server_conn.write(important_message)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3398

assert (

3399

interact_in_memory(client_conn, server_conn) ==

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3400

(client_conn, important_message))

3401

3402

client_conn.write(important_message[::-1])

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3403

assert (

3404

interact_in_memory(client_conn, server_conn) ==

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3405

(server_conn, important_message[::-1]))

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3406

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3407

def test_socket_connect(self):

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3408

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3409

Just like `test_memory_connect` but with an actual socket.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3410

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3411

This is primarily to rule out the memory BIO code as the source of any

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3412

problems encountered while passing data over a `Connection` (if

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3413

this test fails, there must be a problem outside the memory BIO code,

3414

as no memory BIO is involved here). Even though this isn't a memory

3415

BIO test, it's convenient to have it here.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3416

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3417

server_conn, client_conn = loopback()

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3418

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

3419

important_message = b"Help me Obi Wan Kenobi, you're my only hope."

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3420

client_conn.send(important_message)

3421

msg = server_conn.recv(1024)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3422

assert msg == important_message

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3423

3424

# Again in the other direction, just for fun.

3425

important_message = important_message[::-1]

3426

server_conn.send(important_message)

3427

msg = client_conn.recv(1024)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3428

assert msg == important_message

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3429

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3430

def test_socket_overrides_memory(self):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3431

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3432

Test that `OpenSSL.SSL.bio_read` and `OpenSSL.SSL.bio_write` don't

3433

work on `OpenSSL.SSL.Connection`() that use sockets.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3434

"""

Alex Gaynor

51d424c

2016-09-10 14:50:11 -0400

[diff] [blame]

3435

context = Context(TLSv1_METHOD)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3436

client = socket()

3437

clientSSL = Connection(context, client)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3438

with pytest.raises(TypeError):

3439

clientSSL.bio_read(100)

3440

with pytest.raises(TypeError):

3441

clientSSL.bio_write("foo")

3442

with pytest.raises(TypeError):

3443

clientSSL.bio_shutdown()

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3444

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3445

def test_outgoing_overflow(self):

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3446

"""

3447

If more bytes than can be written to the memory BIO are passed to

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3448

`Connection.send` at once, the number of bytes which were written is

3449

returned and that many bytes from the beginning of the input can be

3450

read from the other end of the connection.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3451

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3452

server = self._server(None)

3453

client = self._client(None)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3454

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3455

interact_in_memory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3456

3457

size = 2 ** 15

Jean-Paul Calderone

4f0467a

2014-01-11 11:58:41 -0500

[diff] [blame]

3458

sent = client.send(b"x" * size)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3459

# Sanity check. We're trying to test what happens when the entire

3460

# input can't be sent. If the entire input was sent, this test is

3461

# meaningless.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3462

assert sent < size

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3463

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3464

receiver, received = interact_in_memory(client, server)

3465

assert receiver is server

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3466

3467

# We can rely on all of these bytes being received at once because

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3468

# loopback passes 2 ** 16 to recv - more than 2 ** 15.

3469

assert len(received) == sent

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3470

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3471

def test_shutdown(self):

3472

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3473

`Connection.bio_shutdown` signals the end of the data stream

3474

from which the `Connection` reads.

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3475

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3476

server = self._server(None)

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3477

server.bio_shutdown()

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3478

with pytest.raises(Error) as err:

3479

server.recv(1024)

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3480

# We don't want WantReadError or ZeroReturnError or anything - it's a

3481

# handshake failure.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3482

assert type(err.value) in [Error, SysCallError]

Jean-Paul Calderone

0b88b6a

2009-07-05 12:44:41 -0400

[diff] [blame]

3483

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3484

def test_unexpected_EOF(self):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3485

"""

3486

If the connection is lost before an orderly SSL shutdown occurs,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3487

`OpenSSL.SSL.SysCallError` is raised with a message of

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3488

"Unexpected EOF".

3489

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3490

server_conn, client_conn = loopback()

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3491

client_conn.sock_shutdown(SHUT_RDWR)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3492

with pytest.raises(SysCallError) as err:

3493

server_conn.recv(1024)

3494

assert err.value.args == (-1, "Unexpected EOF")

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3495

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3496

def _check_client_ca_list(self, func):

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3497

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3498

Verify the return value of the `get_client_ca_list` method for

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3499

server and client connections.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3500

Jonathan Ballet

78b92a2

2011-07-16 08:07:26 +0900

[diff] [blame]

3501

:param func: A function which will be called with the server context

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3502

before the client and server are connected to each other. This

3503

function should specify a list of CAs for the server to send to the

3504

client and return that same list. The list will be used to verify

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3505

that `get_client_ca_list` returns the proper value at

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3506

various times.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3507

"""

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3508

server = self._server(None)

3509

client = self._client(None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3510

assert client.get_client_ca_list() == []

3511

assert server.get_client_ca_list() == []

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3512

ctx = server.get_context()

3513

expected = func(ctx)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3514

assert client.get_client_ca_list() == []

3515

assert server.get_client_ca_list() == expected

3516

interact_in_memory(client, server)

3517

assert client.get_client_ca_list() == expected

3518

assert server.get_client_ca_list() == expected

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3519

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3520

def test_set_client_ca_list_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3521

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3522

`Context.set_client_ca_list` raises a `TypeError` if called with a

3523

non-list or a list that contains objects other than X509Names.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3524

"""

3525

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3526

with pytest.raises(TypeError):

3527

ctx.set_client_ca_list("spam")

3528

with pytest.raises(TypeError):

3529

ctx.set_client_ca_list(["spam"])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3530

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3531

def test_set_empty_ca_list(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3532

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3533

If passed an empty list, `Context.set_client_ca_list` configures the

3534

context to send no CA names to the client and, on both the server and

3535

client sides, `Connection.get_client_ca_list` returns an empty list

3536

after the connection is set up.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3537

"""

3538

def no_ca(ctx):

3539

ctx.set_client_ca_list([])

3540

return []

3541

self._check_client_ca_list(no_ca)

3542

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3543

def test_set_one_ca_list(self):

3544

"""

3545

If passed a list containing a single X509Name,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3546

`Context.set_client_ca_list` configures the context to send

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3547

that CA name to the client and, on both the server and client sides,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3548

`Connection.get_client_ca_list` returns a list containing that

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3549

X509Name after the connection is set up.

3550

"""

3551

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3552

cadesc = cacert.get_subject()

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3553

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3554

def single_ca(ctx):

3555

ctx.set_client_ca_list([cadesc])

3556

return [cadesc]

3557

self._check_client_ca_list(single_ca)

3558

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3559

def test_set_multiple_ca_list(self):

3560

"""

3561

If passed a list containing multiple X509Name objects,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3562

`Context.set_client_ca_list` configures the context to send

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3563

those CA names to the client and, on both the server and client sides,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3564

`Connection.get_client_ca_list` returns a list containing those

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3565

X509Names after the connection is set up.

3566

"""

3567

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3568

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3569

3570

sedesc = secert.get_subject()

3571

cldesc = clcert.get_subject()

3572

3573

def multiple_ca(ctx):

3574

L = [sedesc, cldesc]

3575

ctx.set_client_ca_list(L)

3576

return L

3577

self._check_client_ca_list(multiple_ca)

3578

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3579

def test_reset_ca_list(self):

3580

"""

3581

If called multiple times, only the X509Names passed to the final call

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3582

of `Context.set_client_ca_list` are used to configure the CA

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3583

names sent to the client.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3584

"""

3585

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3586

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3587

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3588

3589

cadesc = cacert.get_subject()

3590

sedesc = secert.get_subject()

3591

cldesc = clcert.get_subject()

3592

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3593

def changed_ca(ctx):

3594

ctx.set_client_ca_list([sedesc, cldesc])

3595

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3596

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3597

self._check_client_ca_list(changed_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3598

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3599

def test_mutated_ca_list(self):

3600

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3601

If the list passed to `Context.set_client_ca_list` is mutated

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3602

afterwards, this does not affect the list of CA names sent to the

3603

client.

3604

"""

3605

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3606

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3607

3608

cadesc = cacert.get_subject()

3609

sedesc = secert.get_subject()

3610

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3611

def mutated_ca(ctx):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3612

L = [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3613

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3614

L.append(sedesc)

3615

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3616

self._check_client_ca_list(mutated_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3617

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3618

def test_add_client_ca_wrong_args(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3619

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3620

`Context.add_client_ca` raises `TypeError` if called with

3621

a non-X509 object.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3622

"""

3623

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3624

with pytest.raises(TypeError):

3625

ctx.add_client_ca("spam")

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3626

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3627

def test_one_add_client_ca(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3628

"""

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3629

A certificate's subject can be added as a CA to be sent to the client

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3630

with `Context.add_client_ca`.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3631

"""

3632

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3633

cadesc = cacert.get_subject()

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3634

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3635

def single_ca(ctx):

3636

ctx.add_client_ca(cacert)

3637

return [cadesc]

3638

self._check_client_ca_list(single_ca)

3639

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3640

def test_multiple_add_client_ca(self):

3641

"""

3642

Multiple CA names can be sent to the client by calling

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3643

`Context.add_client_ca` with multiple X509 objects.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3644

"""

3645

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3646

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3647

3648

cadesc = cacert.get_subject()

3649

sedesc = secert.get_subject()

3650

3651

def multiple_ca(ctx):

3652

ctx.add_client_ca(cacert)

3653

ctx.add_client_ca(secert)

3654

return [cadesc, sedesc]

3655

self._check_client_ca_list(multiple_ca)

3656

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3657

def test_set_and_add_client_ca(self):

3658

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3659

A call to `Context.set_client_ca_list` followed by a call to

3660

`Context.add_client_ca` results in using the CA names from the

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3661

first call and the CA name from the second call.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3662

"""

3663

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3664

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3665

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3666

3667

cadesc = cacert.get_subject()

3668

sedesc = secert.get_subject()

3669

cldesc = clcert.get_subject()

3670

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3671

def mixed_set_add_ca(ctx):

3672

ctx.set_client_ca_list([cadesc, sedesc])

3673

ctx.add_client_ca(clcert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3674

return [cadesc, sedesc, cldesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3675

self._check_client_ca_list(mixed_set_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3676

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3677

def test_set_after_add_client_ca(self):

3678

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3679

A call to `Context.set_client_ca_list` after a call to

3680

`Context.add_client_ca` replaces the CA name specified by the

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3681

former call with the names specified by the latter call.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3682

"""

3683

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3684

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3685

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3686

3687

cadesc = cacert.get_subject()

3688

sedesc = secert.get_subject()

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3689

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3690

def set_replaces_add_ca(ctx):

3691

ctx.add_client_ca(clcert)

3692

ctx.set_client_ca_list([cadesc])

3693

ctx.add_client_ca(secert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3694

return [cadesc, sedesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3695

self._check_client_ca_list(set_replaces_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3696

Jean-Paul Calderone

0b88b6a

2009-07-05 12:44:41 -0400

[diff] [blame]

3697

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3698

class TestInfoConstants(object):

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

3699

"""

3700

Tests for assorted constants exposed for use in info callbacks.

3701

"""

3702

def test_integers(self):

3703

"""

3704

All of the info constants are integers.

3705

3706

This is a very weak test. It would be nice to have one that actually

3707

verifies that as certain info events happen, the value passed to the

3708

info callback matches up with the constant exposed by OpenSSL.SSL.

3709

"""

3710

for const in [

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

3711

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK,

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

3712

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

3713

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

3714

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3715

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE

3716

]:

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

3717

assert isinstance(const, int)

3718

3719

# These constants don't exist on OpenSSL 1.1.0

3720

for const in [

3721

SSL_ST_INIT, SSL_ST_BEFORE, SSL_ST_OK, SSL_ST_RENEGOTIATE

3722

]:

3723

assert const is None or isinstance(const, int)

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

3724

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

3725

Cory Benfield

1d14214

2016-03-30 11:51:45 +0100

[diff] [blame]

3726

class TestRequires(object):

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3727

"""

3728

Tests for the decorator factory used to conditionally raise

Cory Benfield

1d14214

2016-03-30 11:51:45 +0100

[diff] [blame]

3729

NotImplementedError when older OpenSSLs are used.

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3730

"""

3731

def test_available(self):

3732

"""

3733

When the OpenSSL functionality is available the decorated functions

3734

work appropriately.

3735

"""

3736

feature_guard = _make_requires(True, "Error text")

results = []

@feature_guard

def inner():

results.append(True)

return True

Cory Benfield

2016-03-30 14:24:16 +0100

[diff] [blame]

3744

assert inner() is True

3745

assert [True] == results

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3746

3747

def test_unavailable(self):

3748

"""

3749

When the OpenSSL functionality is not available the decorated function

3750

does not execute and NotImplementedError is raised.

3751

"""

3752

feature_guard = _make_requires(False, "Error text")

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3753

3754

@feature_guard

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

3755

def inner(): # pragma: nocover

3756

pytest.fail("Should not be called")

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3757

Cory Benfield

1d14214

2016-03-30 11:51:45 +0100

[diff] [blame]

3758

with pytest.raises(NotImplementedError) as e:

3759

inner()

3760

3761

assert "Error text" in str(e.value)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3762

3763

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3764

class TestOCSP(object):

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3765

"""

3766

Tests for PyOpenSSL's OCSP stapling support.

3767

"""

3768

sample_ocsp_data = b"this is totally ocsp data"

3769

3770

def _client_connection(self, callback, data, request_ocsp=True):

3771

"""

3772

Builds a client connection suitable for using OCSP.

3773

3774

:param callback: The callback to register for OCSP.

3775

:param data: The opaque data object that will be handed to the

3776

OCSP callback.

3777

:param request_ocsp: Whether the client will actually ask for OCSP

3778

stapling. Useful for testing only.

3779

"""

3780

ctx = Context(SSLv23_METHOD)

3781

ctx.set_ocsp_client_callback(callback, data)

3782

client = Connection(ctx)

3783

3784

if request_ocsp:

3785

client.request_ocsp()

3786

3787

client.set_connect_state()

3788

return client

3789

3790

def _server_connection(self, callback, data):

3791

"""

3792

Builds a server connection suitable for using OCSP.

3793

3794

:param callback: The callback to register for OCSP.

3795

:param data: The opaque data object that will be handed to the

3796

OCSP callback.

3797

"""

3798

ctx = Context(SSLv23_METHOD)

3799

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

3800

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

3801

ctx.set_ocsp_server_callback(callback, data)

3802

server = Connection(ctx)

3803

server.set_accept_state()

3804

return server

3805

3806

def test_callbacks_arent_called_by_default(self):

3807

"""

3808

If both the client and the server have registered OCSP callbacks, but

3809

the client does not send the OCSP request, neither callback gets

3810

called.

3811

"""

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

3812

def ocsp_callback(*args, **kwargs): # pragma: nocover

3813

pytest.fail("Should not be called")

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3814

3815

client = self._client_connection(

3816

callback=ocsp_callback, data=None, request_ocsp=False

3817

)

3818

server = self._server_connection(callback=ocsp_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3819

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3820

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3821

def test_client_negotiates_without_server(self):

3822

"""

3823

If the client wants to do OCSP but the server does not, the handshake

3824

succeeds, and the client callback fires with an empty byte string.

"""

called = []

def ocsp_callback(conn, ocsp_data, ignored):

3829

called.append(ocsp_data)

3830

return True

3831

3832

client = self._client_connection(callback=ocsp_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3833

server = loopback_server_factory(socket=None)

3834

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3835

3836

assert len(called) == 1

3837

assert called[0] == b''

3838

3839

def test_client_receives_servers_data(self):

3840

"""

3841

The data the server sends in its callback is received by the client.

"""

calls = []

def server_callback(*args, **kwargs):

3846

return self.sample_ocsp_data

3847

3848

def client_callback(conn, ocsp_data, ignored):

3849

calls.append(ocsp_data)

3850

return True

3851

3852

client = self._client_connection(callback=client_callback, data=None)

3853

server = self._server_connection(callback=server_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3854

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3855

3856

assert len(calls) == 1

3857

assert calls[0] == self.sample_ocsp_data

3858

3859

def test_callbacks_are_invoked_with_connections(self):

3860

"""

3861

The first arguments to both callbacks are their respective connections.

"""

client_calls = []

server_calls = []

def client_callback(conn, *args, **kwargs):

3867

client_calls.append(conn)

3868

return True

3869

3870

def server_callback(conn, *args, **kwargs):

3871

server_calls.append(conn)

3872

return self.sample_ocsp_data

3873

3874

client = self._client_connection(callback=client_callback, data=None)

3875

server = self._server_connection(callback=server_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3876

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3877

3878

assert len(client_calls) == 1

3879

assert len(server_calls) == 1

3880

assert client_calls[0] is client

3881

assert server_calls[0] is server

3882

3883

def test_opaque_data_is_passed_through(self):

3884

"""

3885

Both callbacks receive an opaque, user-provided piece of data in their

3886

callbacks as the final argument.

"""

calls = []

def server_callback(*args):

3891

calls.append(args)

3892

return self.sample_ocsp_data

3893

3894

def client_callback(*args):

calls.append(args)

return True

sentinel = object()

client = self._client_connection(

3901

callback=client_callback, data=sentinel

3902

)

3903

server = self._server_connection(

3904

callback=server_callback, data=sentinel

3905

)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3906

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3907

3908

assert len(calls) == 2

3909

assert calls[0][-1] is sentinel

3910

assert calls[1][-1] is sentinel

3911

3912

def test_server_returns_empty_string(self):

3913

"""

3914

If the server returns an empty bytestring from its callback, the

3915

client callback is called with the empty bytestring.

"""

client_calls = []

def server_callback(*args):

3920

return b''

3921

3922

def client_callback(conn, ocsp_data, ignored):

3923

client_calls.append(ocsp_data)

3924

return True

3925

3926

client = self._client_connection(callback=client_callback, data=None)

3927

server = self._server_connection(callback=server_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3928

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3929

3930

assert len(client_calls) == 1

3931

assert client_calls[0] == b''

3932

3933

def test_client_returns_false_terminates_handshake(self):

3934

"""

3935

If the client returns False from its callback, the handshake fails.

3936

"""

3937

def server_callback(*args):

3938

return self.sample_ocsp_data

3939

3940

def client_callback(*args):

3941

return False

3942

3943

client = self._client_connection(callback=client_callback, data=None)

3944

server = self._server_connection(callback=server_callback, data=None)

3945

3946

with pytest.raises(Error):

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3947

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3948

3949

def test_exceptions_in_client_bubble_up(self):

3950

"""

3951

The callbacks thrown in the client callback bubble up to the caller.

3952

"""

3953

class SentinelException(Exception):

3954

pass

3955

3956

def server_callback(*args):

3957

return self.sample_ocsp_data

3958

3959

def client_callback(*args):

3960

raise SentinelException()

3961

3962

client = self._client_connection(callback=client_callback, data=None)

3963

server = self._server_connection(callback=server_callback, data=None)

3964

3965

with pytest.raises(SentinelException):

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3966

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3967

3968

def test_exceptions_in_server_bubble_up(self):

3969

"""

3970

The callbacks thrown in the server callback bubble up to the caller.

3971

"""

3972

class SentinelException(Exception):

3973

pass

3974

3975

def server_callback(*args):

3976

raise SentinelException()

3977

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

3978

def client_callback(*args): # pragma: nocover

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3979

pytest.fail("Should not be called")

3980

3981

client = self._client_connection(callback=client_callback, data=None)

3982

server = self._server_connection(callback=server_callback, data=None)

3983

3984

with pytest.raises(SentinelException):

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3985

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3986

3987

def test_server_must_return_bytes(self):

3988

"""

3989

The server callback must return a bytestring, or a TypeError is thrown.

3990

"""

3991

def server_callback(*args):

3992

return self.sample_ocsp_data.decode('ascii')

3993

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

3994

def client_callback(*args): # pragma: nocover

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3995

pytest.fail("Should not be called")

3996

3997

client = self._client_connection(callback=client_callback, data=None)

3998

server = self._server_connection(callback=server_callback, data=None)

3999

4000

with pytest.raises(TypeError):

Alex Chan