Blame - OpenSSL/test/test_ssl.py - platform/external/python/pyopenssl

2008-03-21 17:04:05 -0400

[diff] [blame]

4

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

5

Unit tests for :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

6

"""

7

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

8

from gc import collect, get_referrers

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

9

from errno import ECONNREFUSED, EINPROGRESS, EWOULDBLOCK, EPIPE, ESHUTDOWN

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

10

from sys import platform, version_info

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

11

from socket import SHUT_RDWR, error, socket

Jean-Paul Calderone

a65cf6c

2009-07-19 10:26:52 -0400

[diff] [blame]

12

from os import makedirs

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

13

from os.path import join

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

14

from unittest import main

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

15

from weakref import ref

Jean-Paul Calderone

460cc1f

2009-03-07 11:31:12 -0500

[diff] [blame]

16

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

17

from six import PY3, u

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

18

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

19

from OpenSSL.crypto import TYPE_RSA, FILETYPE_PEM

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

20

from OpenSSL.crypto import PKey, X509, X509Extension, X509Store

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

21

from OpenSSL.crypto import dump_privatekey, load_privatekey

22

from OpenSSL.crypto import dump_certificate, load_certificate

23

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

24

from OpenSSL.SSL import OPENSSL_VERSION_NUMBER, SSLEAY_VERSION, SSLEAY_CFLAGS

25

from OpenSSL.SSL import SSLEAY_PLATFORM, SSLEAY_DIR, SSLEAY_BUILT_ON

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

26

from OpenSSL.SSL import SENT_SHUTDOWN, RECEIVED_SHUTDOWN

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

27

from OpenSSL.SSL import (

28

SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD,

29

TLSv1_1_METHOD, TLSv1_2_METHOD)

30

from OpenSSL.SSL import OP_SINGLE_DH_USE, OP_NO_SSLv2, OP_NO_SSLv3

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

31

from OpenSSL.SSL import (

32

VERIFY_PEER, VERIFY_FAIL_IF_NO_PEER_CERT, VERIFY_CLIENT_ONCE, VERIFY_NONE)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

33

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

34

from OpenSSL.SSL import (

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

35

SESS_CACHE_OFF, SESS_CACHE_CLIENT, SESS_CACHE_SERVER, SESS_CACHE_BOTH,

36

SESS_CACHE_NO_AUTO_CLEAR, SESS_CACHE_NO_INTERNAL_LOOKUP,

37

SESS_CACHE_NO_INTERNAL_STORE, SESS_CACHE_NO_INTERNAL)

38

39

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

40

Error, SysCallError, WantReadError, WantWriteError, ZeroReturnError)

Jean-Paul Calderone

e0fcf51

2012-02-13 09:10:15 -0500

[diff] [blame]

41

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

42

Context, ContextType, Session, Connection, ConnectionType, SSLeay_version)

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

43

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

44

from OpenSSL.test.util import TestCase, b

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

45

from OpenSSL.test.test_crypto import (

46

cleartextCertificatePEM, cleartextPrivateKeyPEM)

47

from OpenSSL.test.test_crypto import (

48

client_cert_pem, client_key_pem, server_cert_pem, server_key_pem,

49

root_cert_pem)

50

Jean-Paul Calderone

4bccf5e

2008-12-28 22:50:42 -0500

[diff] [blame]

51

try:

52

from OpenSSL.SSL import OP_NO_QUERY_MTU

53

except ImportError:

54

OP_NO_QUERY_MTU = None

55

try:

56

from OpenSSL.SSL import OP_COOKIE_EXCHANGE

57

except ImportError:

58

OP_COOKIE_EXCHANGE = None

59

try:

60

from OpenSSL.SSL import OP_NO_TICKET

61

except ImportError:

62

OP_NO_TICKET = None

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

63

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

64

try:

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

65

from OpenSSL.SSL import OP_NO_COMPRESSION

66

except ImportError:

67

OP_NO_COMPRESSION = None

68

69

try:

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

70

from OpenSSL.SSL import MODE_RELEASE_BUFFERS

71

except ImportError:

72

MODE_RELEASE_BUFFERS = None

73

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

74

try:

75

from OpenSSL.SSL import OP_NO_TLSv1, OP_NO_TLSv1_1, OP_NO_TLSv1_2

76

except ImportError:

77

OP_NO_TLSv1 = OP_NO_TLSv1_1 = OP_NO_TLSv1_2 = None

78

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

79

from OpenSSL.SSL import (

80

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT, SSL_ST_BEFORE,

81

SSL_ST_OK, SSL_ST_RENEGOTIATE,

82

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

83

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

84

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

85

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

86

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

87

# openssl dhparam 128 -out dh-128.pem (note that 128 is a small number of bits

88

# to use)

89

dhparam = """\

90

-----BEGIN DH PARAMETERS-----

91

MBYCEQCobsg29c9WZP/54oAPcwiDAgEC

92

-----END DH PARAMETERS-----

"""

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

96

def verify_cb(conn, cert, errnum, depth, ok):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

97

return ok

98

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

99

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

100

def socket_pair():

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

101

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

102

Establish and return a pair of network sockets connected to each other.

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

103

"""

104

# Connect a pair of sockets

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(1)

client = socket()

client.setblocking(False)

Jean-Paul Calderone

f23c5d9

2009-07-23 17:58:15 -0400

[diff] [blame]

110

client.connect_ex(("127.0.0.1", port.getsockname()[1]))

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

111

client.setblocking(True)

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

112

server = port.accept()[0]

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

113

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

114

# Let's pass some unencrypted data to make sure our socket connection is

115

# fine. Just one byte, so we don't have to worry about buffers getting

116

# filled up or fragmentation.

Jean-Paul Calderone

9e4eeae

2010-08-22 21:32:52 -0400

[diff] [blame]

117

server.send(b("x"))

118

assert client.recv(1024) == b("x")

119

client.send(b("y"))

120

assert server.recv(1024) == b("y")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

121

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

122

# Most of our callers want non-blocking sockets, make it easy for them.

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

123

server.setblocking(False)

124

client.setblocking(False)

125

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

126

return (server, client)

127

128

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

129

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

130

def handshake(client, server):

131

conns = [client, server]

while conns:

for conn in conns:

try:

conn.do_handshake()

except WantReadError:

pass

else:

conns.remove(conn)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

142

def _create_certificate_chain():

143

"""

144

Construct and return a chain of certificates.

145

146

1. A new self-signed certificate authority certificate (cacert)

147

2. A new intermediate certificate signed by cacert (icert)

148

3. A new server certificate signed by icert (scert)

149

"""

150

caext = X509Extension(b('basicConstraints'), False, b('CA:true'))

# Step 1

cakey = PKey()

cakey.generate_key(TYPE_RSA, 512)

155

cacert = X509()

156

cacert.get_subject().commonName = "Authority Certificate"

157

cacert.set_issuer(cacert.get_subject())

158

cacert.set_pubkey(cakey)

159

cacert.set_notBefore(b("20000101000000Z"))

160

cacert.set_notAfter(b("20200101000000Z"))

161

cacert.add_extensions([caext])

162

cacert.set_serial_number(0)

163

cacert.sign(cakey, "sha1")

# Step 2

ikey = PKey()

ikey.generate_key(TYPE_RSA, 512)

168

icert = X509()

169

icert.get_subject().commonName = "Intermediate Certificate"

170

icert.set_issuer(cacert.get_subject())

171

icert.set_pubkey(ikey)

172

icert.set_notBefore(b("20000101000000Z"))

173

icert.set_notAfter(b("20200101000000Z"))

174

icert.add_extensions([caext])

175

icert.set_serial_number(0)

176

icert.sign(cakey, "sha1")

# Step 3

skey = PKey()

skey.generate_key(TYPE_RSA, 512)

181

scert = X509()

182

scert.get_subject().commonName = "Server Certificate"

183

scert.set_issuer(icert.get_subject())

184

scert.set_pubkey(skey)

185

scert.set_notBefore(b("20000101000000Z"))

186

scert.set_notAfter(b("20200101000000Z"))

187

scert.add_extensions([

188

X509Extension(b('basicConstraints'), True, b('CA:false'))])

189

scert.set_serial_number(0)

190

scert.sign(ikey, "sha1")

191

192

return [(cakey, cacert), (ikey, icert), (skey, scert)]

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

196

class _LoopbackMixin:

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

197

"""

198

Helper mixin which defines methods for creating a connected socket pair and

199

for forcing two connected SSL sockets to talk to each other via memory BIOs.

200

"""

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

201

def _loopbackClientFactory(self, socket):

202

client = Connection(Context(TLSv1_METHOD), socket)

203

client.set_connect_state()

204

return client

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

205

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

206

207

def _loopbackServerFactory(self, socket):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

208

ctx = Context(TLSv1_METHOD)

209

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

210

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

211

server = Connection(ctx, socket)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

212

server.set_accept_state()

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

return server

def _loopback(self, serverFactory=None, clientFactory=None):

217

if serverFactory is None:

218

serverFactory = self._loopbackServerFactory

219

if clientFactory is None:

220

clientFactory = self._loopbackClientFactory

221

222

(server, client) = socket_pair()

223

server = serverFactory(server)

224

client = clientFactory(client)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

225

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

226

handshake(client, server)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

227

228

server.setblocking(True)

229

client.setblocking(True)

230

return server, client

231

232

233

def _interactInMemory(self, client_conn, server_conn):

234

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

235

Try to read application bytes from each of the two :py:obj:`Connection`

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

236

objects. Copy bytes back and forth between their send/receive buffers

237

for as long as there is anything to copy. When there is nothing more

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

238

to copy, return :py:obj:`None`. If one of them actually manages to deliver

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

239

some application bytes, return a two-tuple of the connection from which

240

the bytes were read and the bytes themselves.

"""

wrote = True

while wrote:

# Loop until neither side has anything to say

245

wrote = False

246

247

# Copy stuff from each side's send buffer to the other side's

248

# receive buffer.

249

for (read, write) in [(client_conn, server_conn),

250

(server_conn, client_conn)]:

251

252

# Give the side a chance to generate some more bytes, or

253

# succeed.

254

try:

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

255

data = read.recv(2 ** 16)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

256

except WantReadError:

257

# It didn't succeed, so we'll hope it generated some

# output.

pass

else:

# It did succeed, so we'll stop now and let the caller deal

262

# with it.

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

263

return (read, data)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

264

265

while True:

266

# Keep copying as long as there's more stuff there.

267

try:

268

dirty = read.bio_read(4096)

269

except WantReadError:

270

# Okay, nothing more waiting to be sent. Stop

271

# processing this send buffer.

272

break

273

else:

274

# Keep track of the fact that someone generated some

275

# output.

276

wrote = True

277

write.bio_write(dirty)

278

279

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

280

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

281

class VersionTests(TestCase):

282

"""

283

Tests for version information exposed by

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

284

:py:obj:`OpenSSL.SSL.SSLeay_version` and

285

:py:obj:`OpenSSL.SSL.OPENSSL_VERSION_NUMBER`.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

286

"""

287

def test_OPENSSL_VERSION_NUMBER(self):

288

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

289

:py:obj:`OPENSSL_VERSION_NUMBER` is an integer with status in the low

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

290

byte and the patch, fix, minor, and major versions in the

291

nibbles above that.

292

"""

293

self.assertTrue(isinstance(OPENSSL_VERSION_NUMBER, int))

294

295

296

def test_SSLeay_version(self):

297

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

298

:py:obj:`SSLeay_version` takes a version type indicator and returns

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

299

one of a number of version strings based on that indicator.

300

"""

301

versions = {}

302

for t in [SSLEAY_VERSION, SSLEAY_CFLAGS, SSLEAY_BUILT_ON,

303

SSLEAY_PLATFORM, SSLEAY_DIR]:

304

version = SSLeay_version(t)

305

versions[version] = t

306

self.assertTrue(isinstance(version, bytes))

307

self.assertEqual(len(versions), 5)

308

309

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

310

311

class ContextTests(TestCase, _LoopbackMixin):

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

312

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

313

Unit tests for :py:obj:`OpenSSL.SSL.Context`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

314

"""

315

def test_method(self):

316

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

317

:py:obj:`Context` can be instantiated with one of :py:obj:`SSLv2_METHOD`,

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

318

:py:obj:`SSLv3_METHOD`, :py:obj:`SSLv23_METHOD`, :py:obj:`TLSv1_METHOD`,

319

:py:obj:`TLSv1_1_METHOD`, or :py:obj:`TLSv1_2_METHOD`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

320

"""

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

321

methods = [

322

SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD]

323

for meth in methods:

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

324

Context(meth)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

325

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

326

327

maybe = [SSLv2_METHOD, TLSv1_1_METHOD, TLSv1_2_METHOD]

for meth in maybe:

try:

Context(meth)

except (Error, ValueError):

332

# Some versions of OpenSSL have SSLv2 / TLSv1.1 / TLSv1.2, some

333

# don't. Difficult to say in advance.

334

pass

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

335

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

336

self.assertRaises(TypeError, Context, "")

337

self.assertRaises(ValueError, Context, 10)

338

339

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

340

if not PY3:

341

def test_method_long(self):

342

"""

343

On Python 2 :py:class:`Context` accepts values of type

344

:py:obj:`long` as well as :py:obj:`int`.

345

"""

346

Context(long(TLSv1_METHOD))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

350

def test_type(self):

351

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

352

:py:obj:`Context` and :py:obj:`ContextType` refer to the same type object and can be

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

353

used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

354

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

355

self.assertIdentical(Context, ContextType)

356

self.assertConsistentType(Context, 'Context', TLSv1_METHOD)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

357

358

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

359

def test_use_privatekey(self):

360

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

361

:py:obj:`Context.use_privatekey` takes an :py:obj:`OpenSSL.crypto.PKey` instance.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

362

"""

363

key = PKey()

364

key.generate_key(TYPE_RSA, 128)

365

ctx = Context(TLSv1_METHOD)

366

ctx.use_privatekey(key)

367

self.assertRaises(TypeError, ctx.use_privatekey, "")

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

368

369

Jean-Paul Calderone

173cff9

2013-03-06 10:29:21 -0800

[diff] [blame]

370

def test_use_privatekey_file_missing(self):

371

"""

372

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error`

373

when passed the name of a file which does not exist.

374

"""

375

ctx = Context(TLSv1_METHOD)

376

self.assertRaises(Error, ctx.use_privatekey_file, self.mktemp())

377

378

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

379

if not PY3:

380

def test_use_privatekey_file_long(self):

381

"""

382

On Python 2 :py:obj:`Context.use_privatekey_file` accepts a

383

filetype of type :py:obj:`long` as well as :py:obj:`int`.

384

"""

385

pemfile = self.mktemp()

386

387

key = PKey()

388

key.generate_key(TYPE_RSA, 128)

389

390

with open(pemfile, "wt") as pem:

391

pem.write(

392

dump_privatekey(FILETYPE_PEM, key).decode("ascii"))

393

394

ctx = Context(TLSv1_METHOD)

395

ctx.use_privatekey_file(pemfile, long(FILETYPE_PEM))

396

397

Jean-Paul Calderone

173cff9

2013-03-06 10:29:21 -0800

[diff] [blame]

398

def test_use_certificate_wrong_args(self):

399

"""

400

:py:obj:`Context.use_certificate_wrong_args` raises :py:obj:`TypeError`

401

when not passed exactly one :py:obj:`OpenSSL.crypto.X509` instance as an

402

argument.

403

"""

404

ctx = Context(TLSv1_METHOD)

405

self.assertRaises(TypeError, ctx.use_certificate)

406

self.assertRaises(TypeError, ctx.use_certificate, "hello, world")

407

self.assertRaises(TypeError, ctx.use_certificate, X509(), "hello, world")

408

409

410

def test_use_certificate_uninitialized(self):

411

"""

412

:py:obj:`Context.use_certificate` raises :py:obj:`OpenSSL.SSL.Error`

413

when passed a :py:obj:`OpenSSL.crypto.X509` instance which has not been

414

initialized (ie, which does not actually have any certificate data).

415

"""

416

ctx = Context(TLSv1_METHOD)

417

self.assertRaises(Error, ctx.use_certificate, X509())

418

419

420

def test_use_certificate(self):

421

"""

422

:py:obj:`Context.use_certificate` sets the certificate which will be

423

used to identify connections created using the context.

424

"""

425

# TODO

426

# Hard to assert anything. But we could set a privatekey then ask

427

# OpenSSL if the cert and key agree using check_privatekey. Then as

428

# long as check_privatekey works right we're good...

429

ctx = Context(TLSv1_METHOD)

430

ctx.use_certificate(load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

431

432

433

def test_use_certificate_file_wrong_args(self):

434

"""

435

:py:obj:`Context.use_certificate_file` raises :py:obj:`TypeError` if

436

called with zero arguments or more than two arguments, or if the first

437

argument is not a byte string or the second argumnent is not an integer.

438

"""

439

ctx = Context(TLSv1_METHOD)

440

self.assertRaises(TypeError, ctx.use_certificate_file)

441

self.assertRaises(TypeError, ctx.use_certificate_file, b"somefile", object())

442

self.assertRaises(

443

TypeError, ctx.use_certificate_file, b"somefile", FILETYPE_PEM, object())

444

self.assertRaises(

445

TypeError, ctx.use_certificate_file, object(), FILETYPE_PEM)

446

self.assertRaises(

447

TypeError, ctx.use_certificate_file, b"somefile", object())

448

449

450

def test_use_certificate_file_missing(self):

451

"""

452

:py:obj:`Context.use_certificate_file` raises

453

`:py:obj:`OpenSSL.SSL.Error` if passed the name of a file which does not

454

exist.

455

"""

456

ctx = Context(TLSv1_METHOD)

457

self.assertRaises(Error, ctx.use_certificate_file, self.mktemp())

458

459

460

def test_use_certificate_file(self):

461

"""

462

:py:obj:`Context.use_certificate` sets the certificate which will be

463

used to identify connections created using the context.

464

"""

465

# TODO

466

# Hard to assert anything. But we could set a privatekey then ask

467

# OpenSSL if the cert and key agree using check_privatekey. Then as

468

# long as check_privatekey works right we're good...

469

pem_filename = self.mktemp()

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

470

with open(pem_filename, "wb") as pem_file:

Jean-Paul Calderone

173cff9

2013-03-06 10:29:21 -0800

[diff] [blame]

471

pem_file.write(cleartextCertificatePEM)

472

473

ctx = Context(TLSv1_METHOD)

474

ctx.use_certificate_file(pem_filename)

475

476

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

477

if not PY3:

478

def test_use_certificate_file_long(self):

479

"""

480

On Python 2 :py:obj:`Context.use_certificate_file` accepts a

481

filetype of type :py:obj:`long` as well as :py:obj:`int`.

482

"""

483

pem_filename = self.mktemp()

484

with open(pem_filename, "wb") as pem_file:

485

pem_file.write(cleartextCertificatePEM)

486

487

ctx = Context(TLSv1_METHOD)

488

ctx.use_certificate_file(pem_filename, long(FILETYPE_PEM))

489

490

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

491

def test_set_app_data_wrong_args(self):

492

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

493

:py:obj:`Context.set_app_data` raises :py:obj:`TypeError` if called with other than

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

494

one argument.

495

"""

496

context = Context(TLSv1_METHOD)

497

self.assertRaises(TypeError, context.set_app_data)

498

self.assertRaises(TypeError, context.set_app_data, None, None)

499

500

501

def test_get_app_data_wrong_args(self):

502

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

503

:py:obj:`Context.get_app_data` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

504

arguments.

505

"""

506

context = Context(TLSv1_METHOD)

507

self.assertRaises(TypeError, context.get_app_data, None)

508

509

510

def test_app_data(self):

511

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

512

:py:obj:`Context.set_app_data` stores an object for later retrieval using

513

:py:obj:`Context.get_app_data`.

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

514

"""

515

app_data = object()

516

context = Context(TLSv1_METHOD)

517

context.set_app_data(app_data)

518

self.assertIdentical(context.get_app_data(), app_data)

519

520

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

521

def test_set_options_wrong_args(self):

522

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

523

:py:obj:`Context.set_options` raises :py:obj:`TypeError` if called with the wrong

524

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

525

"""

526

context = Context(TLSv1_METHOD)

527

self.assertRaises(TypeError, context.set_options)

528

self.assertRaises(TypeError, context.set_options, None)

529

self.assertRaises(TypeError, context.set_options, 1, None)

530

531

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

532

def test_set_options(self):

533

"""

534

:py:obj:`Context.set_options` returns the new options value.

535

"""

536

context = Context(TLSv1_METHOD)

537

options = context.set_options(OP_NO_SSLv2)

538

self.assertTrue(OP_NO_SSLv2 & options)

if not PY3:

def test_set_options_long(self):

543

"""

544

On Python 2 :py:obj:`Context.set_options` accepts values of type

545

:py:obj:`long` as well as :py:obj:`int`.

546

"""

547

context = Context(TLSv1_METHOD)

548

options = context.set_options(long(OP_NO_SSLv2))

549

self.assertTrue(OP_NO_SSLv2 & options)

550

551

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

552

def test_set_mode_wrong_args(self):

553

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

554

:py:obj:`Context.set`mode} raises :py:obj:`TypeError` if called with the wrong

555

number of arguments or a non-:py:obj:`int` argument.

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

556

"""

557

context = Context(TLSv1_METHOD)

558

self.assertRaises(TypeError, context.set_mode)

559

self.assertRaises(TypeError, context.set_mode, None)

560

self.assertRaises(TypeError, context.set_mode, 1, None)

561

562

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

563

if MODE_RELEASE_BUFFERS is not None:

564

def test_set_mode(self):

565

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

566

:py:obj:`Context.set_mode` accepts a mode bitvector and returns the newly

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

567

set mode.

568

"""

569

context = Context(TLSv1_METHOD)

570

self.assertTrue(

571

MODE_RELEASE_BUFFERS & context.set_mode(MODE_RELEASE_BUFFERS))

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

572

573

if not PY3:

574

def test_set_mode_long(self):

575

"""

576

On Python 2 :py:obj:`Context.set_mode` accepts values of type

577

:py:obj:`long` as well as :py:obj:`int`.

578

"""

579

context = Context(TLSv1_METHOD)

580

mode = context.set_mode(long(MODE_RELEASE_BUFFERS))

581

self.assertTrue(MODE_RELEASE_BUFFERS & mode)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

582

else:

583

"MODE_RELEASE_BUFFERS unavailable - OpenSSL version may be too old"

584

585

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

586

def test_set_timeout_wrong_args(self):

587

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

588

:py:obj:`Context.set_timeout` raises :py:obj:`TypeError` if called with the wrong

589

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

590

"""

591

context = Context(TLSv1_METHOD)

592

self.assertRaises(TypeError, context.set_timeout)

593

self.assertRaises(TypeError, context.set_timeout, None)

594

self.assertRaises(TypeError, context.set_timeout, 1, None)

595

596

597

def test_get_timeout_wrong_args(self):

598

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

599

:py:obj:`Context.get_timeout` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

600

"""

601

context = Context(TLSv1_METHOD)

602

self.assertRaises(TypeError, context.get_timeout, None)

603

604

605

def test_timeout(self):

606

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

607

:py:obj:`Context.set_timeout` sets the session timeout for all connections

608

created using the context object. :py:obj:`Context.get_timeout` retrieves this

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

609

value.

610

"""

611

context = Context(TLSv1_METHOD)

612

context.set_timeout(1234)

613

self.assertEquals(context.get_timeout(), 1234)

614

615

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

616

if not PY3:

617

def test_timeout_long(self):

618

"""

619

On Python 2 :py:obj:`Context.set_timeout` accepts values of type

620

`long` as well as int.

621

"""

622

context = Context(TLSv1_METHOD)

623

context.set_timeout(long(1234))

624

self.assertEquals(context.get_timeout(), 1234)

625

626

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

627

def test_set_verify_depth_wrong_args(self):

628

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

629

:py:obj:`Context.set_verify_depth` raises :py:obj:`TypeError` if called with the wrong

630

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

631

"""

632

context = Context(TLSv1_METHOD)

633

self.assertRaises(TypeError, context.set_verify_depth)

634

self.assertRaises(TypeError, context.set_verify_depth, None)

635

self.assertRaises(TypeError, context.set_verify_depth, 1, None)

636

637

638

def test_get_verify_depth_wrong_args(self):

639

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

640

:py:obj:`Context.get_verify_depth` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

641

"""

642

context = Context(TLSv1_METHOD)

643

self.assertRaises(TypeError, context.get_verify_depth, None)

644

645

646

def test_verify_depth(self):

647

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

648

:py:obj:`Context.set_verify_depth` sets the number of certificates in a chain

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

649

to follow before giving up. The value can be retrieved with

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

650

:py:obj:`Context.get_verify_depth`.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

651

"""

652

context = Context(TLSv1_METHOD)

653

context.set_verify_depth(11)

654

self.assertEquals(context.get_verify_depth(), 11)

655

656

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

657

if not PY3:

658

def test_verify_depth_long(self):

659

"""

660

On Python 2 :py:obj:`Context.set_verify_depth` accepts values of

661

type `long` as well as int.

662

"""

663

context = Context(TLSv1_METHOD)

664

context.set_verify_depth(long(11))

665

self.assertEquals(context.get_verify_depth(), 11)

666

667

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

668

def _write_encrypted_pem(self, passphrase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

669

"""

670

Write a new private key out to a new file, encrypted using the given

671

passphrase. Return the path to the new file.

672

"""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

673

key = PKey()

674

key.generate_key(TYPE_RSA, 128)

675

pemFile = self.mktemp()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

676

fObj = open(pemFile, 'w')

677

pem = dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase)

678

fObj.write(pem.decode('ascii'))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

fObj.close()

return pemFile

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

683

def test_set_passwd_cb_wrong_args(self):

684

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

685

:py:obj:`Context.set_passwd_cb` raises :py:obj:`TypeError` if called with the

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

686

wrong arguments or with a non-callable first argument.

687

"""

688

context = Context(TLSv1_METHOD)

689

self.assertRaises(TypeError, context.set_passwd_cb)

690

self.assertRaises(TypeError, context.set_passwd_cb, None)

691

self.assertRaises(TypeError, context.set_passwd_cb, lambda: None, None, None)

692

693

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

694

def test_set_passwd_cb(self):

695

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

696

:py:obj:`Context.set_passwd_cb` accepts a callable which will be invoked when

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

697

a private key is loaded from an encrypted PEM.

698

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

699

passphrase = b("foobar")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

700

pemFile = self._write_encrypted_pem(passphrase)

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

701

calledWith = []

702

def passphraseCallback(maxlen, verify, extra):

703

calledWith.append((maxlen, verify, extra))

704

return passphrase

705

context = Context(TLSv1_METHOD)

706

context.set_passwd_cb(passphraseCallback)

707

context.use_privatekey_file(pemFile)

708

self.assertTrue(len(calledWith), 1)

709

self.assertTrue(isinstance(calledWith[0][0], int))

710

self.assertTrue(isinstance(calledWith[0][1], int))

711

self.assertEqual(calledWith[0][2], None)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

712

713

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

714

def test_passwd_callback_exception(self):

715

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

716

:py:obj:`Context.use_privatekey_file` propagates any exception raised by the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

717

passphrase callback.

718

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

719

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

720

def passphraseCallback(maxlen, verify, extra):

721

raise RuntimeError("Sorry, I am a fail.")

722

723

context = Context(TLSv1_METHOD)

724

context.set_passwd_cb(passphraseCallback)

725

self.assertRaises(RuntimeError, context.use_privatekey_file, pemFile)

726

727

728

def test_passwd_callback_false(self):

729

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

730

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

731

passphrase callback returns a false value.

732

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

733

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

734

def passphraseCallback(maxlen, verify, extra):

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

735

return b""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

736

737

context = Context(TLSv1_METHOD)

738

context.set_passwd_cb(passphraseCallback)

739

self.assertRaises(Error, context.use_privatekey_file, pemFile)

740

741

742

def test_passwd_callback_non_string(self):

743

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

744

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

745

passphrase callback returns a true non-string value.

746

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

747

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

748

def passphraseCallback(maxlen, verify, extra):

749

return 10

750

751

context = Context(TLSv1_METHOD)

752

context.set_passwd_cb(passphraseCallback)

Jean-Paul Calderone

8a1bea5

2013-03-05 07:57:57 -0800

[diff] [blame]

753

self.assertRaises(ValueError, context.use_privatekey_file, pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

754

755

756

def test_passwd_callback_too_long(self):

757

"""

758

If the passphrase returned by the passphrase callback returns a string

759

longer than the indicated maximum length, it is truncated.

760

"""

761

# A priori knowledge!

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

762

passphrase = b("x") * 1024

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

763

pemFile = self._write_encrypted_pem(passphrase)

764

def passphraseCallback(maxlen, verify, extra):

765

assert maxlen == 1024

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

766

return passphrase + b("y")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

767

768

context = Context(TLSv1_METHOD)

769

context.set_passwd_cb(passphraseCallback)

770

# This shall succeed because the truncated result is the correct

771

# passphrase.

772

context.use_privatekey_file(pemFile)

773

774

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

775

def test_set_info_callback(self):

776

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

777

:py:obj:`Context.set_info_callback` accepts a callable which will be invoked

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

778

when certain information about an SSL connection is available.

779

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

780

(server, client) = socket_pair()

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

781

782

clientSSL = Connection(Context(TLSv1_METHOD), client)

783

clientSSL.set_connect_state()

784

785

called = []

786

def info(conn, where, ret):

787

called.append((conn, where, ret))

788

context = Context(TLSv1_METHOD)

789

context.set_info_callback(info)

790

context.use_certificate(

791

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

792

context.use_privatekey(

793

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

794

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

795

serverSSL = Connection(context, server)

796

serverSSL.set_accept_state()

797

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

798

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

799

Jean-Paul Calderone

3835e52

2014-02-02 11:12:30 -0500

[diff] [blame]

800

# The callback must always be called with a Connection instance as the

801

# first argument. It would probably be better to split this into

802

# separate tests for client and server side info callbacks so we could

803

# assert it is called with the right Connection instance. It would

804

# also be good to assert *something* about `where` and `ret`.

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

805

notConnections = [

806

conn for (conn, where, ret) in called

807

if not isinstance(conn, Connection)]

808

self.assertEqual(

809

[], notConnections,

810

"Some info callback arguments were not Connection instaces.")

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

811

812

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

813

def _load_verify_locations_test(self, *args):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

814

"""

815

Create a client context which will verify the peer certificate and call

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

816

its :py:obj:`load_verify_locations` method with the given arguments.

817

Then connect it to a server and ensure that the handshake succeeds.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

818

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

819

(server, client) = socket_pair()

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

820

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

821

clientContext = Context(TLSv1_METHOD)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

822

clientContext.load_verify_locations(*args)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

823

# Require that the server certificate verify properly or the

824

# connection will fail.

825

clientContext.set_verify(

826

VERIFY_PEER,

827

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

828

829

clientSSL = Connection(clientContext, client)

830

clientSSL.set_connect_state()

831

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

832

serverContext = Context(TLSv1_METHOD)

833

serverContext.use_certificate(

834

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

835

serverContext.use_privatekey(

836

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

837

838

serverSSL = Connection(serverContext, server)

839

serverSSL.set_accept_state()

840

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

841

# Without load_verify_locations above, the handshake

842

# will fail:

843

# Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',

844

# 'certificate verify failed')]

845

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

846

847

cert = clientSSL.get_peer_certificate()

Jean-Paul Calderone

20131f5

2009-04-01 12:05:45 -0400

[diff] [blame]

848

self.assertEqual(cert.get_subject().CN, 'Testing Root CA')

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

849

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

850

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

851

def test_load_verify_file(self):

852

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

853

:py:obj:`Context.load_verify_locations` accepts a file name and uses the

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

854

certificates within for verification purposes.

855

"""

856

cafile = self.mktemp()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

857

fObj = open(cafile, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

858

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

859

fObj.close()

860

861

self._load_verify_locations_test(cafile)

862

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

863

864

def test_load_verify_invalid_file(self):

865

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

866

:py:obj:`Context.load_verify_locations` raises :py:obj:`Error` when passed a

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

867

non-existent cafile.

868

"""

869

clientContext = Context(TLSv1_METHOD)

870

self.assertRaises(

871

Error, clientContext.load_verify_locations, self.mktemp())

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

872

873

874

def test_load_verify_directory(self):

875

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

876

:py:obj:`Context.load_verify_locations` accepts a directory name and uses

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

877

the certificates within for verification purposes.

878

"""

879

capath = self.mktemp()

880

makedirs(capath)

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

881

# Hash values computed manually with c_rehash to avoid depending on

882

# c_rehash in the test suite. One is from OpenSSL 0.9.8, the other

883

# from OpenSSL 1.0.0.

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

884

for name in [b'c7adac82.0', b'c3705638.0']:

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

885

cafile = join(capath, name)

886

fObj = open(cafile, 'w')

887

fObj.write(cleartextCertificatePEM.decode('ascii'))

888

fObj.close()

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

889

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

890

self._load_verify_locations_test(None, capath)

891

892

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

893

def test_load_verify_locations_wrong_args(self):

894

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

895

:py:obj:`Context.load_verify_locations` raises :py:obj:`TypeError` if called with

896

the wrong number of arguments or with non-:py:obj:`str` arguments.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

897

"""

898

context = Context(TLSv1_METHOD)

899

self.assertRaises(TypeError, context.load_verify_locations)

900

self.assertRaises(TypeError, context.load_verify_locations, object())

901

self.assertRaises(TypeError, context.load_verify_locations, object(), object())

902

self.assertRaises(TypeError, context.load_verify_locations, None, None, None)

903

904

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

905

if platform == "win32":

906

"set_default_verify_paths appears not to work on Windows. "

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

907

"See LP#404343 and LP#404344."

908

else:

909

def test_set_default_verify_paths(self):

910

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

911

:py:obj:`Context.set_default_verify_paths` causes the platform-specific CA

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

912

certificate locations to be used for verification purposes.

913

"""

914

# Testing this requires a server with a certificate signed by one of

915

# the CAs in the platform CA location. Getting one of those costs

916

# money. Fortunately (or unfortunately, depending on your

917

# perspective), it's easy to think of a public server on the

918

# internet which has such a certificate. Connecting to the network

919

# in a unit test is bad, but it's the only way I can think of to

920

# really test this. -exarkun

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

921

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

922

# Arg, verisign.com doesn't speak TLSv1

923

context = Context(SSLv3_METHOD)

924

context.set_default_verify_paths()

925

context.set_verify(

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

926

VERIFY_PEER,

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

927

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

928

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

929

client = socket()

930

client.connect(('verisign.com', 443))

931

clientSSL = Connection(context, client)

932

clientSSL.set_connect_state()

933

clientSSL.do_handshake()

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

934

clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

935

self.assertTrue(clientSSL.recv(1024))

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

936

937

938

def test_set_default_verify_paths_signature(self):

939

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

940

:py:obj:`Context.set_default_verify_paths` takes no arguments and raises

941

:py:obj:`TypeError` if given any.

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

942

"""

943

context = Context(TLSv1_METHOD)

944

self.assertRaises(TypeError, context.set_default_verify_paths, None)

945

self.assertRaises(TypeError, context.set_default_verify_paths, 1)

946

self.assertRaises(TypeError, context.set_default_verify_paths, "")

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

947

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

948

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

949

def test_add_extra_chain_cert_invalid_cert(self):

950

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

951

:py:obj:`Context.add_extra_chain_cert` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

952

other than one argument or if called with an object which is not an

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

953

instance of :py:obj:`X509`.

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

954

"""

955

context = Context(TLSv1_METHOD)

956

self.assertRaises(TypeError, context.add_extra_chain_cert)

957

self.assertRaises(TypeError, context.add_extra_chain_cert, object())

958

self.assertRaises(TypeError, context.add_extra_chain_cert, object(), object())

959

960

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

961

def _handshake_test(self, serverContext, clientContext):

962

"""

963

Verify that a client and server created with the given contexts can

964

successfully handshake and communicate.

965

"""

966

serverSocket, clientSocket = socket_pair()

967

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

968

server = Connection(serverContext, serverSocket)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

969

server.set_accept_state()

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

970

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

971

client = Connection(clientContext, clientSocket)

972

client.set_connect_state()

973

974

# Make them talk to each other.

975

# self._interactInMemory(client, server)

976

for i in range(3):

977

for s in [client, server]:

978

try:

979

s.do_handshake()

980

except WantReadError:

pass

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

984

def test_set_verify_callback_exception(self):

985

"""

986

If the verify callback passed to :py:obj:`Context.set_verify` raises an

987

exception, verification fails and the exception is propagated to the

988

caller of :py:obj:`Connection.do_handshake`.

989

"""

990

serverContext = Context(TLSv1_METHOD)

991

serverContext.use_privatekey(

992

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

993

serverContext.use_certificate(

994

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

995

996

clientContext = Context(TLSv1_METHOD)

997

def verify_callback(*args):

998

raise Exception("silly verify failure")

999

clientContext.set_verify(VERIFY_PEER, verify_callback)

1000

1001

exc = self.assertRaises(

1002

Exception, self._handshake_test, serverContext, clientContext)

1003

self.assertEqual("silly verify failure", str(exc))

1004

1005

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1006

def test_add_extra_chain_cert(self):

1007

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1008

:py:obj:`Context.add_extra_chain_cert` accepts an :py:obj:`X509` instance to add to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1009

the certificate chain.

1010

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1011

See :py:obj:`_create_certificate_chain` for the details of the certificate

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1012

chain tested.

1013

1014

The chain is tested by starting a server with scert and connecting

1015

to it with a client which trusts cacert and requires verification to

1016

succeed.

1017

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1018

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1019

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1020

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1021

# Dump the CA certificate to a file because that's the only way to load

1022

# it as a trusted CA in the client context.

1023

for cert, name in [(cacert, 'ca.pem'), (icert, 'i.pem'), (scert, 's.pem')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1024

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1025

fObj.write(dump_certificate(FILETYPE_PEM, cert).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1026

fObj.close()

1027

1028

for key, name in [(cakey, 'ca.key'), (ikey, 'i.key'), (skey, 's.key')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1029

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1030

fObj.write(dump_privatekey(FILETYPE_PEM, key).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1031

fObj.close()

1032

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1033

# Create the server context

1034

serverContext = Context(TLSv1_METHOD)

1035

serverContext.use_privatekey(skey)

1036

serverContext.use_certificate(scert)

Jean-Paul Calderone

16cf03d

2010-09-08 18:53:39 -0400

[diff] [blame]

1037

# The client already has cacert, we only need to give them icert.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1038

serverContext.add_extra_chain_cert(icert)

1039

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1040

# Create the client

1041

clientContext = Context(TLSv1_METHOD)

1042

clientContext.set_verify(

1043

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1044

clientContext.load_verify_locations(b"ca.pem")

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1045

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1046

# Try it out.

1047

self._handshake_test(serverContext, clientContext)

1048

1049

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1050

def test_use_certificate_chain_file(self):

1051

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1052

:py:obj:`Context.use_certificate_chain_file` reads a certificate chain from

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1053

the specified file.

1054

1055

The chain is tested by starting a server with scert and connecting

1056

to it with a client which trusts cacert and requires verification to

1057

succeed.

1058

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1059

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1060

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1061

1062

# Write out the chain file.

1063

chainFile = self.mktemp()

Jean-Paul Calderone

d860798

2014-01-18 10:30:55 -0500

[diff] [blame]

1064

fObj = open(chainFile, 'wb')

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1065

# Most specific to least general.

Jean-Paul Calderone

d860798

2014-01-18 10:30:55 -0500

[diff] [blame]

1066

fObj.write(dump_certificate(FILETYPE_PEM, scert))

1067

fObj.write(dump_certificate(FILETYPE_PEM, icert))

1068

fObj.write(dump_certificate(FILETYPE_PEM, cacert))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1069

fObj.close()

1070

1071

serverContext = Context(TLSv1_METHOD)

1072

serverContext.use_certificate_chain_file(chainFile)

1073

serverContext.use_privatekey(skey)

1074

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1075

fObj = open('ca.pem', 'w')

1076

fObj.write(dump_certificate(FILETYPE_PEM, cacert).decode('ascii'))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1077

fObj.close()

1078

1079

clientContext = Context(TLSv1_METHOD)

1080

clientContext.set_verify(

1081

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1082

clientContext.load_verify_locations(b"ca.pem")

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1083

1084

self._handshake_test(serverContext, clientContext)

1085

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1086

1087

def test_use_certificate_chain_file_wrong_args(self):

1088

"""

1089

:py:obj:`Context.use_certificate_chain_file` raises :py:obj:`TypeError`

1090

if passed zero or more than one argument or when passed a non-byte

1091

string single argument. It also raises :py:obj:`OpenSSL.SSL.Error` when

1092

passed a bad chain file name (for example, the name of a file which does

1093

not exist).

1094

"""

1095

context = Context(TLSv1_METHOD)

1096

self.assertRaises(TypeError, context.use_certificate_chain_file)

1097

self.assertRaises(TypeError, context.use_certificate_chain_file, object())

1098

self.assertRaises(TypeError, context.use_certificate_chain_file, b"foo", object())

1099

1100

self.assertRaises(Error, context.use_certificate_chain_file, self.mktemp())

1101

Jean-Paul Calderone

e0d7936

2010-08-03 18:46:46 -0400

[diff] [blame]

1102

# XXX load_client_ca

1103

# XXX set_session_id

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1104

1105

def test_get_verify_mode_wrong_args(self):

1106

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1107

:py:obj:`Context.get_verify_mode` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1108

arguments.

1109

"""

1110

context = Context(TLSv1_METHOD)

1111

self.assertRaises(TypeError, context.get_verify_mode, None)

1112

1113

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1114

def test_set_verify_mode(self):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1115

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1116

:py:obj:`Context.get_verify_mode` returns the verify mode flags previously

1117

passed to :py:obj:`Context.set_verify`.

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1118

"""

1119

context = Context(TLSv1_METHOD)

1120

self.assertEquals(context.get_verify_mode(), 0)

1121

context.set_verify(

1122

VERIFY_PEER | VERIFY_CLIENT_ONCE, lambda *args: None)

1123

self.assertEquals(

1124

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1125

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1126

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1127

if not PY3:

1128

def test_set_verify_mode_long(self):

1129

"""

1130

On Python 2 :py:obj:`Context.set_verify_mode` accepts values of

1131

type :py:obj:`long` as well as :py:obj:`int`.

1132

"""

1133

context = Context(TLSv1_METHOD)

1134

self.assertEquals(context.get_verify_mode(), 0)

1135

context.set_verify(

1136

long(VERIFY_PEER | VERIFY_CLIENT_ONCE), lambda *args: None)

1137

self.assertEquals(

1138

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1139

1140

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1141

def test_load_tmp_dh_wrong_args(self):

1142

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1143

:py:obj:`Context.load_tmp_dh` raises :py:obj:`TypeError` if called with the wrong

1144

number of arguments or with a non-:py:obj:`str` argument.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1145

"""

1146

context = Context(TLSv1_METHOD)

1147

self.assertRaises(TypeError, context.load_tmp_dh)

1148

self.assertRaises(TypeError, context.load_tmp_dh, "foo", None)

1149

self.assertRaises(TypeError, context.load_tmp_dh, object())

1150

1151

1152

def test_load_tmp_dh_missing_file(self):

1153

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1154

:py:obj:`Context.load_tmp_dh` raises :py:obj:`OpenSSL.SSL.Error` if the specified file

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1155

does not exist.

1156

"""

1157

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1158

self.assertRaises(Error, context.load_tmp_dh, b"hello")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1159

1160

1161

def test_load_tmp_dh(self):

1162

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1163

:py:obj:`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1164

specified file.

1165

"""

1166

context = Context(TLSv1_METHOD)

1167

dhfilename = self.mktemp()

1168

dhfile = open(dhfilename, "w")

1169

dhfile.write(dhparam)

1170

dhfile.close()

1171

context.load_tmp_dh(dhfilename)

1172

# XXX What should I assert here? -exarkun

1173

1174

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1175

def test_set_cipher_list_bytes(self):

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1176

"""

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1177

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`bytes` naming the

1178

ciphers which connections created with the context object will be able

1179

to choose from.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1180

"""

1181

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1182

context.set_cipher_list(b"hello world:EXP-RC4-MD5")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1183

conn = Connection(context, None)

1184

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1185

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1186

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1187

def test_set_cipher_list_text(self):

1188

"""

1189

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`unicode` naming

1190

the ciphers which connections created with the context object will be

1191

able to choose from.

1192

"""

1193

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

1194

context.set_cipher_list(u("hello world:EXP-RC4-MD5"))

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1195

conn = Connection(context, None)

1196

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

1197

1198

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1199

def test_set_cipher_list_wrong_args(self):

1200

"""

Jean-Paul Calderone

1704483

2014-01-18 10:20:11 -0500

[diff] [blame]

1201

:py:obj:`Context.set_cipher_list` raises :py:obj:`TypeError` when

1202

passed zero arguments or more than one argument or when passed a

1203

non-string single argument and raises :py:obj:`OpenSSL.SSL.Error` when

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1204

passed an incorrect cipher list string.

1205

"""

1206

context = Context(TLSv1_METHOD)

1207

self.assertRaises(TypeError, context.set_cipher_list)

1208

self.assertRaises(TypeError, context.set_cipher_list, object())

1209

self.assertRaises(TypeError, context.set_cipher_list, b"EXP-RC4-MD5", object())

1210

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1211

self.assertRaises(Error, context.set_cipher_list, "imaginary-cipher")

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1212

1213

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1214

def test_set_session_cache_mode_wrong_args(self):

1215

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1216

:py:obj:`Context.set_session_cache_mode` raises :py:obj:`TypeError` if

1217

called with other than one integer argument.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1218

"""

1219

context = Context(TLSv1_METHOD)

1220

self.assertRaises(TypeError, context.set_session_cache_mode)

1221

self.assertRaises(TypeError, context.set_session_cache_mode, object())

1222

1223

1224

def test_get_session_cache_mode_wrong_args(self):

1225

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1226

:py:obj:`Context.get_session_cache_mode` raises :py:obj:`TypeError` if

1227

called with any arguments.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1228

"""

1229

context = Context(TLSv1_METHOD)

1230

self.assertRaises(TypeError, context.get_session_cache_mode, 1)

1231

1232

1233

def test_session_cache_mode(self):

1234

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1235

:py:obj:`Context.set_session_cache_mode` specifies how sessions are

1236

cached. The setting can be retrieved via

1237

:py:obj:`Context.get_session_cache_mode`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1238

"""

1239

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1240

context.set_session_cache_mode(SESS_CACHE_OFF)

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1241

off = context.set_session_cache_mode(SESS_CACHE_BOTH)

1242

self.assertEqual(SESS_CACHE_OFF, off)

1243

self.assertEqual(SESS_CACHE_BOTH, context.get_session_cache_mode())

1244

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1245

if not PY3:

1246

def test_session_cache_mode_long(self):

1247

"""

1248

On Python 2 :py:obj:`Context.set_session_cache_mode` accepts values

1249

of type :py:obj:`long` as well as :py:obj:`int`.

1250

"""

1251

context = Context(TLSv1_METHOD)

1252

context.set_session_cache_mode(long(SESS_CACHE_BOTH))

1253

self.assertEqual(

1254

SESS_CACHE_BOTH, context.get_session_cache_mode())

1255

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1256

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1257

def test_get_cert_store(self):

1258

"""

1259

:py:obj:`Context.get_cert_store` returns a :py:obj:`X509Store` instance.

1260

"""

1261

context = Context(TLSv1_METHOD)

1262

store = context.get_cert_store()

1263

self.assertIsInstance(store, X509Store)

1264

1265

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1266

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1267

class ServerNameCallbackTests(TestCase, _LoopbackMixin):

1268

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1269

Tests for :py:obj:`Context.set_tlsext_servername_callback` and its interaction with

1270

:py:obj:`Connection`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1271

"""

1272

def test_wrong_args(self):

1273

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1274

:py:obj:`Context.set_tlsext_servername_callback` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1275

with other than one argument.

1276

"""

1277

context = Context(TLSv1_METHOD)

1278

self.assertRaises(TypeError, context.set_tlsext_servername_callback)

1279

self.assertRaises(

1280

TypeError, context.set_tlsext_servername_callback, 1, 2)

1281

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1282

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1283

def test_old_callback_forgotten(self):

1284

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1285

If :py:obj:`Context.set_tlsext_servername_callback` is used to specify a new

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1286

callback, the one it replaces is dereferenced.

1287

"""

1288

def callback(connection):

1289

pass

1290

1291

def replacement(connection):

1292

pass

1293

1294

context = Context(TLSv1_METHOD)

1295

context.set_tlsext_servername_callback(callback)

1296

1297

tracker = ref(callback)

1298

del callback

1299

1300

context.set_tlsext_servername_callback(replacement)

Jean-Paul Calderone

d4033eb

2014-01-11 08:21:46 -0500

[diff] [blame]

1301

1302

# One run of the garbage collector happens to work on CPython. PyPy

1303

# doesn't collect the underlying object until a second run for whatever

1304

# reason. That's fine, it still demonstrates our code has properly

1305

# dropped the reference.

1306

collect()

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1307

collect()

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1308

1309

callback = tracker()

1310

if callback is not None:

1311

referrers = get_referrers(callback)

Jean-Paul Calderone

7de3956

2014-01-11 08:17:59 -0500

[diff] [blame]

1312

if len(referrers) > 1:

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1313

self.fail("Some references remain: %r" % (referrers,))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1314

1315

1316

def test_no_servername(self):

1317

"""

1318

When a client specifies no server name, the callback passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1319

:py:obj:`Context.set_tlsext_servername_callback` is invoked and the result of

1320

:py:obj:`Connection.get_servername` is :py:obj:`None`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1321

"""

1322

args = []

1323

def servername(conn):

1324

args.append((conn, conn.get_servername()))

1325

context = Context(TLSv1_METHOD)

1326

context.set_tlsext_servername_callback(servername)

1327

1328

# Lose our reference to it. The Context is responsible for keeping it

# alive now.

del servername

collect()

# Necessary to actually accept the connection

1334

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1335

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1336

1337

# Do a little connection to trigger the logic

1338

server = Connection(context, None)

1339

server.set_accept_state()

1340

1341

client = Connection(Context(TLSv1_METHOD), None)

1342

client.set_connect_state()

1343

1344

self._interactInMemory(server, client)

1345

1346

self.assertEqual([(server, None)], args)

1347

1348

1349

def test_servername(self):

1350

"""

1351

When a client specifies a server name in its hello message, the callback

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1352

passed to :py:obj:`Contexts.set_tlsext_servername_callback` is invoked and the

1353

result of :py:obj:`Connection.get_servername` is that server name.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1354

"""

1355

args = []

1356

def servername(conn):

1357

args.append((conn, conn.get_servername()))

1358

context = Context(TLSv1_METHOD)

1359

context.set_tlsext_servername_callback(servername)

1360

1361

# Necessary to actually accept the connection

1362

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1363

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1364

1365

# Do a little connection to trigger the logic

1366

server = Connection(context, None)

1367

server.set_accept_state()

1368

1369

client = Connection(Context(TLSv1_METHOD), None)

1370

client.set_connect_state()

1371

client.set_tlsext_host_name(b("foo1.example.com"))

1372

1373

self._interactInMemory(server, client)

1374

1375

self.assertEqual([(server, b("foo1.example.com"))], args)

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

1379

class SessionTests(TestCase):

1380

"""

1381

Unit tests for :py:obj:`OpenSSL.SSL.Session`.

1382

"""

1383

def test_construction(self):

1384

"""

1385

:py:class:`Session` can be constructed with no arguments, creating a new

1386

instance of that type.

1387

"""

1388

new_session = Session()

1389

self.assertTrue(isinstance(new_session, Session))

1390

1391

1392

def test_construction_wrong_args(self):

1393

"""

1394

If any arguments are passed to :py:class:`Session`, :py:obj:`TypeError`

1395

is raised.

1396

"""

1397

self.assertRaises(TypeError, Session, 123)

1398

self.assertRaises(TypeError, Session, "hello")

1399

self.assertRaises(TypeError, Session, object())

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1403

class ConnectionTests(TestCase, _LoopbackMixin):

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1404

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1405

Unit tests for :py:obj:`OpenSSL.SSL.Connection`.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1406

"""

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

1407

# XXX get_peer_certificate -> None

1408

# XXX sock_shutdown

1409

# XXX master_key -> TypeError

1410

# XXX server_random -> TypeError

1411

# XXX state_string

1412

# XXX connect -> TypeError

1413

# XXX connect_ex -> TypeError

1414

# XXX set_connect_state -> TypeError

1415

# XXX set_accept_state -> TypeError

1416

# XXX renegotiate_pending

1417

# XXX do_handshake -> TypeError

1418

# XXX bio_read -> TypeError

1419

# XXX recv -> TypeError

1420

# XXX send -> TypeError

1421

# XXX bio_write -> TypeError

1422

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1423

def test_type(self):

1424

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1425

:py:obj:`Connection` and :py:obj:`ConnectionType` refer to the same type object and

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1426

can be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1427

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1428

self.assertIdentical(Connection, ConnectionType)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1429

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1430

self.assertConsistentType(Connection, 'Connection', ctx, None)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1431

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1432

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1433

def test_get_context(self):

1434

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1435

:py:obj:`Connection.get_context` returns the :py:obj:`Context` instance used to

1436

construct the :py:obj:`Connection` instance.

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1437

"""

1438

context = Context(TLSv1_METHOD)

1439

connection = Connection(context, None)

1440

self.assertIdentical(connection.get_context(), context)

1441

1442

1443

def test_get_context_wrong_args(self):

1444

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1445

:py:obj:`Connection.get_context` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1446

arguments.

1447

"""

1448

connection = Connection(Context(TLSv1_METHOD), None)

1449

self.assertRaises(TypeError, connection.get_context, None)

1450

1451

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1452

def test_set_context_wrong_args(self):

1453

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1454

:py:obj:`Connection.set_context` raises :py:obj:`TypeError` if called with a

1455

non-:py:obj:`Context` instance argument or with any number of arguments other

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1456

than 1.

1457

"""

1458

ctx = Context(TLSv1_METHOD)

1459

connection = Connection(ctx, None)

1460

self.assertRaises(TypeError, connection.set_context)

1461

self.assertRaises(TypeError, connection.set_context, object())

1462

self.assertRaises(TypeError, connection.set_context, "hello")

1463

self.assertRaises(TypeError, connection.set_context, 1)

1464

self.assertRaises(TypeError, connection.set_context, 1, 2)

1465

self.assertRaises(

1466

TypeError, connection.set_context, Context(TLSv1_METHOD), 2)

1467

self.assertIdentical(ctx, connection.get_context())

1468

1469

1470

def test_set_context(self):

1471

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1472

:py:obj:`Connection.set_context` specifies a new :py:obj:`Context` instance to be used

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1473

for the connection.

1474

"""

1475

original = Context(SSLv23_METHOD)

1476

replacement = Context(TLSv1_METHOD)

1477

connection = Connection(original, None)

1478

connection.set_context(replacement)

1479

self.assertIdentical(replacement, connection.get_context())

1480

# Lose our references to the contexts, just in case the Connection isn't

1481

# properly managing its own contributions to their reference counts.

1482

del original, replacement

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

collect()

def test_set_tlsext_host_name_wrong_args(self):

1487

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1488

If :py:obj:`Connection.set_tlsext_host_name` is called with a non-byte string

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1489

argument or a byte string with an embedded NUL or other than one

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1490

argument, :py:obj:`TypeError` is raised.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1491

"""

1492

conn = Connection(Context(TLSv1_METHOD), None)

1493

self.assertRaises(TypeError, conn.set_tlsext_host_name)

1494

self.assertRaises(TypeError, conn.set_tlsext_host_name, object())

1495

self.assertRaises(TypeError, conn.set_tlsext_host_name, 123, 456)

1496

self.assertRaises(

1497

TypeError, conn.set_tlsext_host_name, b("with\0null"))

1498

1499

if version_info >= (3,):

1500

# On Python 3.x, don't accidentally implicitly convert from text.

1501

self.assertRaises(

1502

TypeError,

1503

conn.set_tlsext_host_name, b("example.com").decode("ascii"))

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1504

1505

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

1506

def test_get_servername_wrong_args(self):

1507

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1508

:py:obj:`Connection.get_servername` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

1509

arguments.

1510

"""

1511

connection = Connection(Context(TLSv1_METHOD), None)

1512

self.assertRaises(TypeError, connection.get_servername, object())

1513

self.assertRaises(TypeError, connection.get_servername, 1)

1514

self.assertRaises(TypeError, connection.get_servername, "hello")

1515

1516

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1517

def test_pending(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1518

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1519

:py:obj:`Connection.pending` returns the number of bytes available for

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1520

immediate read.

1521

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1522

connection = Connection(Context(TLSv1_METHOD), None)

1523

self.assertEquals(connection.pending(), 0)

1524

1525

1526

def test_pending_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1527

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1528

:py:obj:`Connection.pending` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1529

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1530

connection = Connection(Context(TLSv1_METHOD), None)

1531

self.assertRaises(TypeError, connection.pending, None)

1532

1533

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1534

def test_connect_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1535

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1536

:py:obj:`Connection.connect` raises :py:obj:`TypeError` if called with a non-address

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1537

argument or with the wrong number of arguments.

1538

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1539

connection = Connection(Context(TLSv1_METHOD), socket())

1540

self.assertRaises(TypeError, connection.connect, None)

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1541

self.assertRaises(TypeError, connection.connect)

1542

self.assertRaises(TypeError, connection.connect, ("127.0.0.1", 1), None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1543

1544

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1545

def test_connect_refused(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1546

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1547

:py:obj:`Connection.connect` raises :py:obj:`socket.error` if the underlying socket

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1548

connect method raises it.

1549

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1550

client = socket()

1551

context = Context(TLSv1_METHOD)

1552

clientSSL = Connection(context, client)

1553

exc = self.assertRaises(error, clientSSL.connect, ("127.0.0.1", 1))

Jean-Paul Calderone

35adf9d

2010-07-29 18:40:44 -0400

[diff] [blame]

1554

self.assertEquals(exc.args[0], ECONNREFUSED)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1555

1556

1557

def test_connect(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1558

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1559

:py:obj:`Connection.connect` establishes a connection to the specified address.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1560

"""

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(3)

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

1566

clientSSL.connect(('127.0.0.1', port.getsockname()[1]))

1567

# XXX An assertion? Or something?

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1568

1569

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1570

if platform == "darwin":

1571

"connect_ex sometimes causes a kernel panic on OS X 10.6.4"

1572

else:

1573

def test_connect_ex(self):

1574

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1575

If there is a connection error, :py:obj:`Connection.connect_ex` returns the

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1576

errno instead of raising an exception.

"""

port = socket()

port.bind(('', 0))

port.listen(3)

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

1581

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1582

clientSSL = Connection(Context(TLSv1_METHOD), socket())

1583

clientSSL.setblocking(False)

1584

result = clientSSL.connect_ex(port.getsockname())

1585

expected = (EINPROGRESS, EWOULDBLOCK)

1586

self.assertTrue(

1587

result in expected, "%r not in %r" % (result, expected))

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

1588

1589

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1590

def test_accept_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1591

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1592

:py:obj:`Connection.accept` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1593

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1594

connection = Connection(Context(TLSv1_METHOD), socket())

1595

self.assertRaises(TypeError, connection.accept, None)

1596

1597

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1598

def test_accept(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1599

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1600

:py:obj:`Connection.accept` accepts a pending connection attempt and returns a

1601

tuple of a new :py:obj:`Connection` (the accepted client) and the address the

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1602

connection originated from.

1603

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1604

ctx = Context(TLSv1_METHOD)

1605

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1606

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1607

port = socket()

1608

portSSL = Connection(ctx, port)

1609

portSSL.bind(('', 0))

1610

portSSL.listen(3)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1611

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1612

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

1613

1614

# Calling portSSL.getsockname() here to get the server IP address sounds

1615

# great, but frequently fails on Windows.

1616

clientSSL.connect(('127.0.0.1', portSSL.getsockname()[1]))

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1617

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1618

serverSSL, address = portSSL.accept()

1619

1620

self.assertTrue(isinstance(serverSSL, Connection))

1621

self.assertIdentical(serverSSL.get_context(), ctx)

1622

self.assertEquals(address, clientSSL.getsockname())

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1623

1624

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1625

def test_shutdown_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1626

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1627

:py:obj:`Connection.shutdown` raises :py:obj:`TypeError` if called with the wrong

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1628

number of arguments or with arguments other than integers.

1629

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1630

connection = Connection(Context(TLSv1_METHOD), None)

1631

self.assertRaises(TypeError, connection.shutdown, None)

Jean-Paul Calderone

1d3e022

2010-07-29 22:52:45 -0400

[diff] [blame]

1632

self.assertRaises(TypeError, connection.get_shutdown, None)

1633

self.assertRaises(TypeError, connection.set_shutdown)

1634

self.assertRaises(TypeError, connection.set_shutdown, None)

1635

self.assertRaises(TypeError, connection.set_shutdown, 0, 1)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1636

1637

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1638

def test_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1639

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1640

:py:obj:`Connection.shutdown` performs an SSL-level connection shutdown.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1641

"""

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1642

server, client = self._loopback()

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

1643

self.assertFalse(server.shutdown())

1644

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1645

self.assertRaises(ZeroReturnError, client.recv, 1024)

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

1646

self.assertEquals(client.get_shutdown(), RECEIVED_SHUTDOWN)

1647

client.shutdown()

1648

self.assertEquals(client.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

1649

self.assertRaises(ZeroReturnError, server.recv, 1024)

1650

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1651

1652

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

1653

def test_set_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1654

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1655

:py:obj:`Connection.set_shutdown` sets the state of the SSL connection shutdown

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1656

process.

1657

"""

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

1658

connection = Connection(Context(TLSv1_METHOD), socket())

1659

connection.set_shutdown(RECEIVED_SHUTDOWN)

1660

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

1661

1662

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

1663

if not PY3:

1664

def test_set_shutdown_long(self):

1665

"""

1666

On Python 2 :py:obj:`Connection.set_shutdown` accepts an argument

1667

of type :py:obj:`long` as well as :py:obj:`int`.

1668

"""

1669

connection = Connection(Context(TLSv1_METHOD), socket())

1670

connection.set_shutdown(long(RECEIVED_SHUTDOWN))

1671

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

1672

1673

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1674

def test_app_data_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1675

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1676

:py:obj:`Connection.set_app_data` raises :py:obj:`TypeError` if called with other than

1677

one argument. :py:obj:`Connection.get_app_data` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1678

with any arguments.

1679

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1680

conn = Connection(Context(TLSv1_METHOD), None)

1681

self.assertRaises(TypeError, conn.get_app_data, None)

1682

self.assertRaises(TypeError, conn.set_app_data)

1683

self.assertRaises(TypeError, conn.set_app_data, None, None)

1684

1685

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

1686

def test_app_data(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1687

"""

1688

Any object can be set as app data by passing it to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1689

:py:obj:`Connection.set_app_data` and later retrieved with

1690

:py:obj:`Connection.get_app_data`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1691

"""

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

1692

conn = Connection(Context(TLSv1_METHOD), None)

1693

app_data = object()

1694

conn.set_app_data(app_data)

1695

self.assertIdentical(conn.get_app_data(), app_data)

1696

1697

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1698

def test_makefile(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1699

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1700

:py:obj:`Connection.makefile` is not implemented and calling that method raises

1701

:py:obj:`NotImplementedError`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1702

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1703

conn = Connection(Context(TLSv1_METHOD), None)

1704

self.assertRaises(NotImplementedError, conn.makefile)

1705

1706

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1707

def test_get_peer_cert_chain_wrong_args(self):

1708

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1709

:py:obj:`Connection.get_peer_cert_chain` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1710

arguments.

1711

"""

1712

conn = Connection(Context(TLSv1_METHOD), None)

1713

self.assertRaises(TypeError, conn.get_peer_cert_chain, 1)

1714

self.assertRaises(TypeError, conn.get_peer_cert_chain, "foo")

1715

self.assertRaises(TypeError, conn.get_peer_cert_chain, object())

1716

self.assertRaises(TypeError, conn.get_peer_cert_chain, [])

1717

1718

1719

def test_get_peer_cert_chain(self):

1720

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1721

:py:obj:`Connection.get_peer_cert_chain` returns a list of certificates which

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1722

the connected server returned for the certification verification.

1723

"""

1724

chain = _create_certificate_chain()

1725

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1726

1727

serverContext = Context(TLSv1_METHOD)

1728

serverContext.use_privatekey(skey)

1729

serverContext.use_certificate(scert)

1730

serverContext.add_extra_chain_cert(icert)

1731

serverContext.add_extra_chain_cert(cacert)

1732

server = Connection(serverContext, None)

1733

server.set_accept_state()

1734

1735

# Create the client

1736

clientContext = Context(TLSv1_METHOD)

1737

clientContext.set_verify(VERIFY_NONE, verify_cb)

1738

client = Connection(clientContext, None)

1739

client.set_connect_state()

1740

1741

self._interactInMemory(client, server)

1742

1743

chain = client.get_peer_cert_chain()

1744

self.assertEqual(len(chain), 3)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

1745

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1746

"Server Certificate", chain[0].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

1747

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1748

"Intermediate Certificate", chain[1].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

1749

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1750

"Authority Certificate", chain[2].get_subject().CN)

1751

1752

1753

def test_get_peer_cert_chain_none(self):

1754

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1755

:py:obj:`Connection.get_peer_cert_chain` returns :py:obj:`None` if the peer sends no

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1756

certificate chain.

1757

"""

1758

ctx = Context(TLSv1_METHOD)

1759

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1760

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1761

server = Connection(ctx, None)

1762

server.set_accept_state()

1763

client = Connection(Context(TLSv1_METHOD), None)

1764

client.set_connect_state()

1765

self._interactInMemory(client, server)

1766

self.assertIdentical(None, server.get_peer_cert_chain())

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1767

1768

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

1769

def test_get_session_wrong_args(self):

1770

"""

1771

:py:obj:`Connection.get_session` raises :py:obj:`TypeError` if called

1772

with any arguments.

1773

"""

1774

ctx = Context(TLSv1_METHOD)

1775

server = Connection(ctx, None)

1776

self.assertRaises(TypeError, server.get_session, 123)

1777

self.assertRaises(TypeError, server.get_session, "hello")

1778

self.assertRaises(TypeError, server.get_session, object())

1779

1780

1781

def test_get_session_unconnected(self):

1782

"""

1783

:py:obj:`Connection.get_session` returns :py:obj:`None` when used with

1784

an object which has not been connected.

1785

"""

1786

ctx = Context(TLSv1_METHOD)

1787

server = Connection(ctx, None)

1788

session = server.get_session()

1789

self.assertIdentical(None, session)

1790

1791

1792

def test_server_get_session(self):

1793

"""

1794

On the server side of a connection, :py:obj:`Connection.get_session`

1795

returns a :py:class:`Session` instance representing the SSL session for

1796

that connection.

1797

"""

1798

server, client = self._loopback()

1799

session = server.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1800

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

1801

1802

1803

def test_client_get_session(self):

1804

"""

1805

On the client side of a connection, :py:obj:`Connection.get_session`

1806

returns a :py:class:`Session` instance representing the SSL session for

1807

that connection.

1808

"""

1809

server, client = self._loopback()

1810

session = client.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1811

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

1812

1813

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

1814

def test_set_session_wrong_args(self):

1815

"""

1816

If called with an object that is not an instance of :py:class:`Session`,

1817

or with other than one argument, :py:obj:`Connection.set_session` raises

1818

:py:obj:`TypeError`.

1819

"""

1820

ctx = Context(TLSv1_METHOD)

1821

connection = Connection(ctx, None)

1822

self.assertRaises(TypeError, connection.set_session)

1823

self.assertRaises(TypeError, connection.set_session, 123)

1824

self.assertRaises(TypeError, connection.set_session, "hello")

1825

self.assertRaises(TypeError, connection.set_session, object())

1826

self.assertRaises(

1827

TypeError, connection.set_session, Session(), Session())

1828

1829

1830

def test_client_set_session(self):

1831

"""

1832

:py:obj:`Connection.set_session`, when used prior to a connection being

1833

established, accepts a :py:class:`Session` instance and causes an

1834

attempt to re-use the session it represents when the SSL handshake is

1835

performed.

1836

"""

1837

key = load_privatekey(FILETYPE_PEM, server_key_pem)

1838

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

1839

ctx = Context(TLSv1_METHOD)

1840

ctx.use_privatekey(key)

1841

ctx.use_certificate(cert)

1842

ctx.set_session_id("unity-test")

1843

1844

def makeServer(socket):

1845

server = Connection(ctx, socket)

1846

server.set_accept_state()

1847

return server

1848

1849

originalServer, originalClient = self._loopback(

1850

serverFactory=makeServer)

1851

originalSession = originalClient.get_session()

1852

1853

def makeClient(socket):

1854

client = self._loopbackClientFactory(socket)

1855

client.set_session(originalSession)

1856

return client

1857

resumedServer, resumedClient = self._loopback(

1858

serverFactory=makeServer,

1859

clientFactory=makeClient)

1860

1861

# This is a proxy: in general, we have no access to any unique

1862

# identifier for the session (new enough versions of OpenSSL expose a

1863

# hash which could be usable, but "new enough" is very, very new).

1864

# Instead, exploit the fact that the master key is re-used if the

1865

# session is re-used. As long as the master key for the two connections

1866

# is the same, the session was re-used!

1867

self.assertEqual(

1868

originalServer.master_key(), resumedServer.master_key())

1869

1870

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

1871

def test_set_session_wrong_method(self):

1872

"""

Jean-Paul Calderone

068cb59

2012-02-14 16:52:43 -0500

[diff] [blame]

1873

If :py:obj:`Connection.set_session` is passed a :py:class:`Session`

1874

instance associated with a context using a different SSL method than the

1875

:py:obj:`Connection` is using, a :py:class:`OpenSSL.SSL.Error` is

1876

raised.

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

1877

"""

1878

key = load_privatekey(FILETYPE_PEM, server_key_pem)

1879

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

1880

ctx = Context(TLSv1_METHOD)

1881

ctx.use_privatekey(key)

1882

ctx.use_certificate(cert)

1883

ctx.set_session_id("unity-test")

1884

1885

def makeServer(socket):

1886

server = Connection(ctx, socket)

1887

server.set_accept_state()

1888

return server

1889

1890

originalServer, originalClient = self._loopback(

1891

serverFactory=makeServer)

1892

originalSession = originalClient.get_session()

1893

1894

def makeClient(socket):

1895

# Intentionally use a different, incompatible method here.

1896

client = Connection(Context(SSLv3_METHOD), socket)

1897

client.set_connect_state()

1898

client.set_session(originalSession)

return client

self.assertRaises(

Error,

self._loopback, clientFactory=makeClient, serverFactory=makeServer)

1904

1905

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

1906

def test_wantWriteError(self):

1907

"""

1908

:py:obj:`Connection` methods which generate output raise

1909

:py:obj:`OpenSSL.SSL.WantWriteError` if writing to the connection's BIO

1910

fail indicating a should-write state.

1911

"""

1912

client_socket, server_socket = socket_pair()

1913

# Fill up the client's send buffer so Connection won't be able to write

1914

# anything.

Jean-Paul Calderone

7d7c9c2

2014-02-18 16:38:26 -0500

[diff] [blame]

1915

msg = b"x" * 512

Jean-Paul Calderone

22c28b4

2014-02-18 16:40:34 -0500

[diff] [blame]

1916

for i in range(2048):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

1917

try:

1918

client_socket.send(msg)

1919

except error as e:

1920

if e.errno == EWOULDBLOCK:

break

raise

else:

self.fail(

"Failed to fill socket buffer, cannot test BIO want write")

1926

1927

ctx = Context(TLSv1_METHOD)

1928

conn = Connection(ctx, client_socket)

1929

# Client's speak first, so make it an SSL client

1930

conn.set_connect_state()

1931

self.assertRaises(WantWriteError, conn.do_handshake)

# XXX want_read

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame^]

1935

def test_get_cipher_name_before_connect(self):

1936

"""

1937

:py:obj:`Connection.get_cipher_name` returns :py:obj:`None`

1938

if no connection has been established.

1939

"""

1940

ctx = Context(TLSv1_METHOD)

1941

conn = Connection(ctx, None)

1942

self.assertIs(conn.get_cipher_name(), None)

1943

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

1944

def test_get_cipher_name(self):

1945

"""

1946

:py:obj:`Connection.get_cipher_name` returns the name of the currently

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame^]

1947

used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

1948

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

1949

server, client = self._loopback()

1950

server_cipher_name, client_cipher_name = \

1951

server.get_cipher_name(), client.get_cipher_name()

1952

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame^]

1953

self.assertIsInstance(server_cipher_name, str)

1954

self.assertIsInstance(client_cipher_name, str)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

1955

1956

self.assertEqual(server_cipher_name, client_cipher_name)

1957

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame^]

1958

def test_get_cipher_version_before_connect(self):

1959

"""

1960

:py:obj:`Connection.get_cipher_version` returns :py:obj:`None`

1961

if no connection has been established.

1962

"""

1963

ctx = Context(TLSv1_METHOD)

1964

conn = Connection(ctx, None)

1965

self.assertIs(conn.get_cipher_version(), None)

1966

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

1967

def test_get_cipher_version(self):

1968

"""

1969

:py:obj:`Connection.get_cipher_version` returns the protocol name of the currently

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame^]

1970

used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

1971

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

1972

server, client = self._loopback()

1973

server_cipher_version, client_cipher_version = \

1974

server.get_cipher_version(), client.get_cipher_version()

1975

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame^]

1976

self.assertIsInstance(server_cipher_version, str)

1977

self.assertIsInstance(client_cipher_version, str)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

1978

1979

self.assertEqual(server_cipher_version, client_cipher_version)

1980

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame^]

1981

def test_get_cipher_bits_before_connect(self):

1982

"""

1983

:py:obj:`Connection.get_cipher_bits` returns :py:obj:`None`

1984

if no connection has been established.

1985

"""

1986

ctx = Context(TLSv1_METHOD)

1987

conn = Connection(ctx, None)

1988

self.assertIs(conn.get_cipher_bits(), None)

1989

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

1990

def test_get_cipher_bits(self):

1991

"""

1992

:py:obj:`Connection.get_cipher_bits` returns the number of secret bits of the currently

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame^]

1993

used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

1994

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

1995

server, client = self._loopback()

1996

server_cipher_bits, client_cipher_bits = \

1997

server.get_cipher_bits(), client.get_cipher_bits()

1998

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame^]

1999

self.assertIsInstance(server_cipher_bits, int)

2000

self.assertIsInstance(client_cipher_bits, int)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2001

2002

self.assertEqual(server_cipher_bits, client_cipher_bits)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2003

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2004

class ConnectionGetCipherListTests(TestCase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2005

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2006

Tests for :py:obj:`Connection.get_cipher_list`.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2007

"""

Jean-Paul Calderone

54a2bc0

2010-09-09 17:52:38 -0400

[diff] [blame]

2008

def test_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2009

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2010

:py:obj:`Connection.get_cipher_list` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2011

arguments.

2012

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2013

connection = Connection(Context(TLSv1_METHOD), None)

2014

self.assertRaises(TypeError, connection.get_cipher_list, None)

2015

2016

2017

def test_result(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2018

"""

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2019

:py:obj:`Connection.get_cipher_list` returns a :py:obj:`list` of

2020

:py:obj:`bytes` giving the names of the ciphers which might be used.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2021

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2022

connection = Connection(Context(TLSv1_METHOD), None)

2023

ciphers = connection.get_cipher_list()

2024

self.assertTrue(isinstance(ciphers, list))

2025

for cipher in ciphers:

2026

self.assertTrue(isinstance(cipher, str))

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2030

class ConnectionSendTests(TestCase, _LoopbackMixin):

2031

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2032

Tests for :py:obj:`Connection.send`

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2033

"""

2034

def test_wrong_args(self):

2035

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2036

When called with arguments other than string argument for its first

2037

parameter or more than two arguments, :py:obj:`Connection.send` raises

2038

:py:obj:`TypeError`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2039

"""

2040

connection = Connection(Context(TLSv1_METHOD), None)

Jean-Paul Calderone

77fa260

2011-01-05 18:23:39 -0500

[diff] [blame]

2041

self.assertRaises(TypeError, connection.send)

2042

self.assertRaises(TypeError, connection.send, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2043

self.assertRaises(TypeError, connection.send, "foo", object(), "bar")

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2044

2045

2046

def test_short_bytes(self):

2047

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2048

When passed a short byte string, :py:obj:`Connection.send` transmits all of it

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2049

and returns the number of bytes sent.

2050

"""

2051

server, client = self._loopback()

2052

count = server.send(b('xy'))

2053

self.assertEquals(count, 2)

2054

self.assertEquals(client.recv(2), b('xy'))

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2060

else:

2061

def test_short_memoryview(self):

2062

"""

2063

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2064

:py:obj:`Connection.send` transmits all of them and returns the number of

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2065

bytes sent.

2066

"""

2067

server, client = self._loopback()

2068

count = server.send(memoryview(b('xy')))

2069

self.assertEquals(count, 2)

2070

self.assertEquals(client.recv(2), b('xy'))

2071

2072

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2073

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2074

class ConnectionSendallTests(TestCase, _LoopbackMixin):

2075

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2076

Tests for :py:obj:`Connection.sendall`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2077

"""

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2078

def test_wrong_args(self):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2079

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2080

When called with arguments other than a string argument for its first

2081

parameter or with more than two arguments, :py:obj:`Connection.sendall`

2082

raises :py:obj:`TypeError`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2083

"""

2084

connection = Connection(Context(TLSv1_METHOD), None)

2085

self.assertRaises(TypeError, connection.sendall)

2086

self.assertRaises(TypeError, connection.sendall, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2087

self.assertRaises(

2088

TypeError, connection.sendall, "foo", object(), "bar")

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2089

2090

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2091

def test_short(self):

2092

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2093

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2094

it.

2095

"""

2096

server, client = self._loopback()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

2097

server.sendall(b('x'))

2098

self.assertEquals(client.recv(1), b('x'))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2099

2100

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2105

else:

2106

def test_short_memoryview(self):

2107

"""

2108

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2109

:py:obj:`Connection.sendall` transmits all of them.

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2110

"""

2111

server, client = self._loopback()

2112

server.sendall(memoryview(b('x')))

2113

self.assertEquals(client.recv(1), b('x'))

2114

2115

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2116

def test_long(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2117

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2118

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2119

it even if this requires multiple calls of an underlying write function.

2120

"""

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2121

server, client = self._loopback()

Jean-Paul Calderone

6241c70

2010-09-16 19:59:24 -0400

[diff] [blame]

2122

# Should be enough, underlying SSL_write should only do 16k at a time.

2123

# On Windows, after 32k of bytes the write will block (forever - because

2124

# no one is yet reading).

Jean-Paul Calderone

9e4c135

2010-09-19 09:34:43 -0400

[diff] [blame]

2125

message = b('x') * (1024 * 32 - 1) + b('y')

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2126

server.sendall(message)

2127

accum = []

2128

received = 0

2129

while received < len(message):

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

2130

data = client.recv(1024)

2131

accum.append(data)

2132

received += len(data)

Jean-Paul Calderone

f404785

2010-09-19 09:45:57 -0400

[diff] [blame]

2133

self.assertEquals(message, b('').join(accum))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2134

2135

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2136

def test_closed(self):

2137

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2138

If the underlying socket is closed, :py:obj:`Connection.sendall` propagates the

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2139

write error from the low level write call.

2140

"""

2141

server, client = self._loopback()

Jean-Paul Calderone

05d43e8

2010-09-24 18:01:36 -0400

[diff] [blame]

2142

server.sock_shutdown(2)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2143

exc = self.assertRaises(SysCallError, server.sendall, b"hello, world")

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

2144

if platform == "win32":

2145

self.assertEqual(exc.args[0], ESHUTDOWN)

2146

else:

2147

self.assertEqual(exc.args[0], EPIPE)

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2148

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2149

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

2150

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2151

class ConnectionRenegotiateTests(TestCase, _LoopbackMixin):

2152

"""

2153

Tests for SSL renegotiation APIs.

2154

"""

2155

def test_renegotiate_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2156

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2157

:py:obj:`Connection.renegotiate` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2158

arguments.

2159

"""

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2160

connection = Connection(Context(TLSv1_METHOD), None)

2161

self.assertRaises(TypeError, connection.renegotiate, None)

2162

2163

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2164

def test_total_renegotiations_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2165

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2166

:py:obj:`Connection.total_renegotiations` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2167

any arguments.

2168

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2169

connection = Connection(Context(TLSv1_METHOD), None)

2170

self.assertRaises(TypeError, connection.total_renegotiations, None)

2171

2172

2173

def test_total_renegotiations(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2174

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2175

:py:obj:`Connection.total_renegotiations` returns :py:obj:`0` before any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2176

renegotiations have happened.

2177

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2178

connection = Connection(Context(TLSv1_METHOD), None)

2179

self.assertEquals(connection.total_renegotiations(), 0)

2180

2181

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2182

# def test_renegotiate(self):

2183

# """

2184

# """

2185

# server, client = self._loopback()

2186

2187

# server.send("hello world")

2188

# self.assertEquals(client.recv(len("hello world")), "hello world")

2189

2190

# self.assertEquals(server.total_renegotiations(), 0)

2191

# self.assertTrue(server.renegotiate())

2192

2193

# server.setblocking(False)

2194

# client.setblocking(False)

2195

# while server.renegotiate_pending():

2196

# client.do_handshake()

2197

# server.do_handshake()

2198

2199

# self.assertEquals(server.total_renegotiations(), 1)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2204

class ErrorTests(TestCase):

2205

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2206

Unit tests for :py:obj:`OpenSSL.SSL.Error`.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2207

"""

2208

def test_type(self):

2209

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2210

:py:obj:`Error` is an exception type.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2211

"""

2212

self.assertTrue(issubclass(Error, Exception))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2213

self.assertEqual(Error.__name__, 'Error')

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2217

class ConstantsTests(TestCase):

2218

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2219

Tests for the values of constants exposed in :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2220

2221

These are values defined by OpenSSL intended only to be used as flags to

2222

OpenSSL APIs. The only assertions it seems can be made about them is

2223

their values.

2224

"""

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2225

# unittest.TestCase has no skip mechanism

2226

if OP_NO_QUERY_MTU is not None:

2227

def test_op_no_query_mtu(self):

2228

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2229

The value of :py:obj:`OpenSSL.SSL.OP_NO_QUERY_MTU` is 0x1000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2230

:py:const:`SSL_OP_NO_QUERY_MTU` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2231

"""

2232

self.assertEqual(OP_NO_QUERY_MTU, 0x1000)

2233

else:

2234

"OP_NO_QUERY_MTU unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2235

2236

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2237

if OP_COOKIE_EXCHANGE is not None:

2238

def test_op_cookie_exchange(self):

2239

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2240

The value of :py:obj:`OpenSSL.SSL.OP_COOKIE_EXCHANGE` is 0x2000, the value

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2241

of :py:const:`SSL_OP_COOKIE_EXCHANGE` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2242

"""

2243

self.assertEqual(OP_COOKIE_EXCHANGE, 0x2000)

2244

else:

2245

"OP_COOKIE_EXCHANGE unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2246

2247

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2248

if OP_NO_TICKET is not None:

2249

def test_op_no_ticket(self):

2250

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2251

The value of :py:obj:`OpenSSL.SSL.OP_NO_TICKET` is 0x4000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2252

:py:const:`SSL_OP_NO_TICKET` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2253

"""

2254

self.assertEqual(OP_NO_TICKET, 0x4000)

Jean-Paul Calderone

cebd178

2011-09-11 10:01:31 -0400

[diff] [blame]

2255

else:

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2256

"OP_NO_TICKET unavailable - OpenSSL version may be too old"

Rick Dean

5b7b637

2009-04-01 11:34:06 -0500

[diff] [blame]

2257

2258

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

2259

if OP_NO_COMPRESSION is not None:

2260

def test_op_no_compression(self):

2261

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2262

The value of :py:obj:`OpenSSL.SSL.OP_NO_COMPRESSION` is 0x20000, the value

2263

of :py:const:`SSL_OP_NO_COMPRESSION` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

2264

"""

2265

self.assertEqual(OP_NO_COMPRESSION, 0x20000)

2266

else:

2267

"OP_NO_COMPRESSION unavailable - OpenSSL version may be too old"

2268

2269

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2270

def test_sess_cache_off(self):

2271

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2272

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_OFF` 0x0, the value of

2273

:py:obj:`SSL_SESS_CACHE_OFF` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2274

"""

2275

self.assertEqual(0x0, SESS_CACHE_OFF)

2276

2277

2278

def test_sess_cache_client(self):

2279

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2280

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_CLIENT` 0x1, the value of

2281

:py:obj:`SSL_SESS_CACHE_CLIENT` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2282

"""

2283

self.assertEqual(0x1, SESS_CACHE_CLIENT)

2284

2285

2286

def test_sess_cache_server(self):

2287

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2288

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_SERVER` 0x2, the value of

2289

:py:obj:`SSL_SESS_CACHE_SERVER` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2290

"""

2291

self.assertEqual(0x2, SESS_CACHE_SERVER)

2292

2293

2294

def test_sess_cache_both(self):

2295

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2296

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_BOTH` 0x3, the value of

2297

:py:obj:`SSL_SESS_CACHE_BOTH` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2298

"""

2299

self.assertEqual(0x3, SESS_CACHE_BOTH)

2300

2301

2302

def test_sess_cache_no_auto_clear(self):

2303

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2304

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_AUTO_CLEAR` 0x80, the

2305

value of :py:obj:`SSL_SESS_CACHE_NO_AUTO_CLEAR` defined by

2306

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2307

"""

2308

self.assertEqual(0x80, SESS_CACHE_NO_AUTO_CLEAR)

2309

2310

2311

def test_sess_cache_no_internal_lookup(self):

2312

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2313

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_LOOKUP` 0x100,

2314

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_LOOKUP` defined by

2315

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2316

"""

2317

self.assertEqual(0x100, SESS_CACHE_NO_INTERNAL_LOOKUP)

2318

2319

2320

def test_sess_cache_no_internal_store(self):

2321

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2322

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_STORE` 0x200,

2323

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_STORE` defined by

2324

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2325

"""

2326

self.assertEqual(0x200, SESS_CACHE_NO_INTERNAL_STORE)

2327

2328

2329

def test_sess_cache_no_internal(self):

2330

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2331

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL` 0x300, the

2332

value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL` defined by

2333

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2334

"""

2335

self.assertEqual(0x300, SESS_CACHE_NO_INTERNAL)

2336

2337

Jean-Paul Calderone

eeee26a

2009-04-27 11:24:30 -0400

[diff] [blame]

2338

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2339

class MemoryBIOTests(TestCase, _LoopbackMixin):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2340

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2341

Tests for :py:obj:`OpenSSL.SSL.Connection` using a memory BIO.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2342

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2343

def _server(self, sock):

2344

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2345

Create a new server-side SSL :py:obj:`Connection` object wrapped around

2346

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2347

"""

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2348

# Create the server side Connection. This is mostly setup boilerplate

2349

# - use TLSv1, use a particular certificate, etc.

2350

server_ctx = Context(TLSv1_METHOD)

2351

server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

2352

server_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

2353

server_store = server_ctx.get_cert_store()

2354

server_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2355

server_ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

2356

server_ctx.check_privatekey()

2357

server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2358

# Here the Connection is actually created. If None is passed as the 2nd

2359

# parameter, it indicates a memory BIO should be created.

2360

server_conn = Connection(server_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2361

server_conn.set_accept_state()

return server_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2365

def _client(self, sock):

2366

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2367

Create a new client-side SSL :py:obj:`Connection` object wrapped around

2368

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2369

"""

2370

# Now create the client side Connection. Similar boilerplate to the

2371

# above.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2372

client_ctx = Context(TLSv1_METHOD)

2373

client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

2374

client_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

2375

client_store = client_ctx.get_cert_store()

2376

client_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, client_key_pem))

2377

client_ctx.use_certificate(load_certificate(FILETYPE_PEM, client_cert_pem))

2378

client_ctx.check_privatekey()

2379

client_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2380

client_conn = Connection(client_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2381

client_conn.set_connect_state()

return client_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2385

def test_memoryConnect(self):

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2386

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2387

Two :py:obj:`Connection`s which use memory BIOs can be manually connected by

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2388

reading from the output of each and writing those bytes to the input of

2389

the other and in this way establish a connection and exchange

2390

application-level bytes with each other.

2391

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2392

server_conn = self._server(None)

2393

client_conn = self._client(None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2394

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2395

# There should be no key or nonces yet.

2396

self.assertIdentical(server_conn.master_key(), None)

2397

self.assertIdentical(server_conn.client_random(), None)

2398

self.assertIdentical(server_conn.server_random(), None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2399

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2400

# First, the handshake needs to happen. We'll deliver bytes back and

2401

# forth between the client and server until neither of them feels like

2402

# speaking any more.

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2403

self.assertIdentical(

2404

self._interactInMemory(client_conn, server_conn), None)

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2405

2406

# Now that the handshake is done, there should be a key and nonces.

2407

self.assertNotIdentical(server_conn.master_key(), None)

2408

self.assertNotIdentical(server_conn.client_random(), None)

2409

self.assertNotIdentical(server_conn.server_random(), None)

Jean-Paul Calderone

6c051e6

2009-07-05 13:50:34 -0400

[diff] [blame]

2410

self.assertEquals(server_conn.client_random(), client_conn.client_random())

2411

self.assertEquals(server_conn.server_random(), client_conn.server_random())

2412

self.assertNotEquals(server_conn.client_random(), server_conn.server_random())

2413

self.assertNotEquals(client_conn.client_random(), client_conn.server_random())

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2414

2415

# Here are the bytes we'll try to send.

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

2416

important_message = b('One if by land, two if by sea.')

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2417

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2418

server_conn.write(important_message)

2419

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2420

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2421

(client_conn, important_message))

2422

2423

client_conn.write(important_message[::-1])

2424

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2425

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2426

(server_conn, important_message[::-1]))

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2427

2428

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2429

def test_socketConnect(self):

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2430

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2431

Just like :py:obj:`test_memoryConnect` but with an actual socket.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2432

2433

This is primarily to rule out the memory BIO code as the source of

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2434

any problems encountered while passing data over a :py:obj:`Connection` (if

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2435

this test fails, there must be a problem outside the memory BIO

2436

code, as no memory BIO is involved here). Even though this isn't a

2437

memory BIO test, it's convenient to have it here.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2438

"""

Jean-Paul Calderone

06c7cc9

2010-09-24 23:52:00 -0400

[diff] [blame]

2439

server_conn, client_conn = self._loopback()

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2440

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

2441

important_message = b("Help me Obi Wan Kenobi, you're my only hope.")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2442

client_conn.send(important_message)

2443

msg = server_conn.recv(1024)

2444

self.assertEqual(msg, important_message)

2445

2446

# Again in the other direction, just for fun.

2447

important_message = important_message[::-1]

2448

server_conn.send(important_message)

2449

msg = client_conn.recv(1024)

2450

self.assertEqual(msg, important_message)

2451

2452

Jean-Paul Calderone

fc4ed0f

2009-04-27 11:51:27 -0400

[diff] [blame]

2453

def test_socketOverridesMemory(self):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2454

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2455

Test that :py:obj:`OpenSSL.SSL.bio_read` and :py:obj:`OpenSSL.SSL.bio_write` don't

2456

work on :py:obj:`OpenSSL.SSL.Connection`() that use sockets.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2457

"""

2458

context = Context(SSLv3_METHOD)

2459

client = socket()

2460

clientSSL = Connection(context, client)

2461

self.assertRaises( TypeError, clientSSL.bio_read, 100)

2462

self.assertRaises( TypeError, clientSSL.bio_write, "foo")

Jean-Paul Calderone

07acf3f

2009-05-05 13:23:28 -0400

[diff] [blame]

2463

self.assertRaises( TypeError, clientSSL.bio_shutdown )

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2464

2465

2466

def test_outgoingOverflow(self):

2467

"""

2468

If more bytes than can be written to the memory BIO are passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2469

:py:obj:`Connection.send` at once, the number of bytes which were written is

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2470

returned and that many bytes from the beginning of the input can be

2471

read from the other end of the connection.

2472

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2473

server = self._server(None)

2474

client = self._client(None)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2475

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2476

self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2477

2478

size = 2 ** 15

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2479

sent = client.send(b"x" * size)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2480

# Sanity check. We're trying to test what happens when the entire

2481

# input can't be sent. If the entire input was sent, this test is

2482

# meaningless.

2483

self.assertTrue(sent < size)

2484

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2485

receiver, received = self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2486

self.assertIdentical(receiver, server)

2487

2488

# We can rely on all of these bytes being received at once because

2489

# _loopback passes 2 ** 16 to recv - more than 2 ** 15.

2490

self.assertEquals(len(received), sent)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

2491

2492

2493

def test_shutdown(self):

2494

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2495

:py:obj:`Connection.bio_shutdown` signals the end of the data stream from

2496

which the :py:obj:`Connection` reads.

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

2497

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2498

server = self._server(None)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

2499

server.bio_shutdown()

2500

e = self.assertRaises(Error, server.recv, 1024)

2501

# We don't want WantReadError or ZeroReturnError or anything - it's a

2502

# handshake failure.

2503

self.assertEquals(e.__class__, Error)

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

2504

2505

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2506

def test_unexpectedEndOfFile(self):

2507

"""

2508

If the connection is lost before an orderly SSL shutdown occurs,

2509

:py:obj:`OpenSSL.SSL.SysCallError` is raised with a message of

2510

"Unexpected EOF".

2511

"""

2512

server_conn, client_conn = self._loopback()

2513

client_conn.sock_shutdown(SHUT_RDWR)

2514

exc = self.assertRaises(SysCallError, server_conn.recv, 1024)

2515

self.assertEqual(exc.args, (-1, "Unexpected EOF"))

2516

2517

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2518

def _check_client_ca_list(self, func):

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2519

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2520

Verify the return value of the :py:obj:`get_client_ca_list` method for server and client connections.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2521

Jonathan Ballet

78b92a2

2011-07-16 08:07:26 +0900

[diff] [blame]

2522

:param func: A function which will be called with the server context

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2523

before the client and server are connected to each other. This

2524

function should specify a list of CAs for the server to send to the

2525

client and return that same list. The list will be used to verify

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2526

that :py:obj:`get_client_ca_list` returns the proper value at various

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2527

times.

2528

"""

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2529

server = self._server(None)

2530

client = self._client(None)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2531

self.assertEqual(client.get_client_ca_list(), [])

2532

self.assertEqual(server.get_client_ca_list(), [])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2533

ctx = server.get_context()

2534

expected = func(ctx)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2535

self.assertEqual(client.get_client_ca_list(), [])

2536

self.assertEqual(server.get_client_ca_list(), expected)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2537

self._interactInMemory(client, server)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2538

self.assertEqual(client.get_client_ca_list(), expected)

2539

self.assertEqual(server.get_client_ca_list(), expected)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2540

2541

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2542

def test_set_client_ca_list_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2543

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2544

:py:obj:`Context.set_client_ca_list` raises a :py:obj:`TypeError` if called with a

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2545

non-list or a list that contains objects other than X509Names.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2546

"""

2547

ctx = Context(TLSv1_METHOD)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2548

self.assertRaises(TypeError, ctx.set_client_ca_list, "spam")

2549

self.assertRaises(TypeError, ctx.set_client_ca_list, ["spam"])

2550

self.assertIdentical(ctx.set_client_ca_list([]), None)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2551

2552

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2553

def test_set_empty_ca_list(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2554

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2555

If passed an empty list, :py:obj:`Context.set_client_ca_list` configures the

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2556

context to send no CA names to the client and, on both the server and

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2557

client sides, :py:obj:`Connection.get_client_ca_list` returns an empty list

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2558

after the connection is set up.

2559

"""

2560

def no_ca(ctx):

2561

ctx.set_client_ca_list([])

2562

return []

2563

self._check_client_ca_list(no_ca)

2564

2565

2566

def test_set_one_ca_list(self):

2567

"""

2568

If passed a list containing a single X509Name,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2569

:py:obj:`Context.set_client_ca_list` configures the context to send that CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2570

name to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2571

:py:obj:`Connection.get_client_ca_list` returns a list containing that

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2572

X509Name after the connection is set up.

2573

"""

2574

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2575

cadesc = cacert.get_subject()

2576

def single_ca(ctx):

2577

ctx.set_client_ca_list([cadesc])

2578

return [cadesc]

2579

self._check_client_ca_list(single_ca)

2580

2581

2582

def test_set_multiple_ca_list(self):

2583

"""

2584

If passed a list containing multiple X509Name objects,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2585

:py:obj:`Context.set_client_ca_list` configures the context to send those CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2586

names to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2587

:py:obj:`Connection.get_client_ca_list` returns a list containing those

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2588

X509Names after the connection is set up.

2589

"""

2590

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2591

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2592

2593

sedesc = secert.get_subject()

2594

cldesc = clcert.get_subject()

2595

2596

def multiple_ca(ctx):

2597

L = [sedesc, cldesc]

2598

ctx.set_client_ca_list(L)

2599

return L

2600

self._check_client_ca_list(multiple_ca)

2601

2602

2603

def test_reset_ca_list(self):

2604

"""

2605

If called multiple times, only the X509Names passed to the final call

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2606

of :py:obj:`Context.set_client_ca_list` are used to configure the CA names

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2607

sent to the client.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2608

"""

2609

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2610

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2611

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2612

2613

cadesc = cacert.get_subject()

2614

sedesc = secert.get_subject()

2615

cldesc = clcert.get_subject()

2616

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2617

def changed_ca(ctx):

2618

ctx.set_client_ca_list([sedesc, cldesc])

2619

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2620

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2621

self._check_client_ca_list(changed_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2622

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2623

2624

def test_mutated_ca_list(self):

2625

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2626

If the list passed to :py:obj:`Context.set_client_ca_list` is mutated

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2627

afterwards, this does not affect the list of CA names sent to the

2628

client.

2629

"""

2630

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2631

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2632

2633

cadesc = cacert.get_subject()

2634

sedesc = secert.get_subject()

2635

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2636

def mutated_ca(ctx):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2637

L = [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2638

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2639

L.append(sedesc)

2640

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2641

self._check_client_ca_list(mutated_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2642

2643

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2644

def test_add_client_ca_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2645

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2646

:py:obj:`Context.add_client_ca` raises :py:obj:`TypeError` if called with a non-X509

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2647

object or with a number of arguments other than one.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2648

"""

2649

ctx = Context(TLSv1_METHOD)

2650

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2651

self.assertRaises(TypeError, ctx.add_client_ca)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2652

self.assertRaises(TypeError, ctx.add_client_ca, "spam")

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2653

self.assertRaises(TypeError, ctx.add_client_ca, cacert, cacert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2654

2655

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2656

def test_one_add_client_ca(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2657

"""

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2658

A certificate's subject can be added as a CA to be sent to the client

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2659

with :py:obj:`Context.add_client_ca`.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2660

"""

2661

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2662

cadesc = cacert.get_subject()

2663

def single_ca(ctx):

2664

ctx.add_client_ca(cacert)

2665

return [cadesc]

2666

self._check_client_ca_list(single_ca)

2667

2668

2669

def test_multiple_add_client_ca(self):

2670

"""

2671

Multiple CA names can be sent to the client by calling

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2672

:py:obj:`Context.add_client_ca` with multiple X509 objects.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2673

"""

2674

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2675

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2676

2677

cadesc = cacert.get_subject()

2678

sedesc = secert.get_subject()

2679

2680

def multiple_ca(ctx):

2681

ctx.add_client_ca(cacert)

2682

ctx.add_client_ca(secert)

2683

return [cadesc, sedesc]

2684

self._check_client_ca_list(multiple_ca)

2685

2686

2687

def test_set_and_add_client_ca(self):

2688

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2689

A call to :py:obj:`Context.set_client_ca_list` followed by a call to

2690

:py:obj:`Context.add_client_ca` results in using the CA names from the first

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2691

call and the CA name from the second call.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2692

"""

2693

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2694

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2695

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2696

2697

cadesc = cacert.get_subject()

2698

sedesc = secert.get_subject()

2699

cldesc = clcert.get_subject()

2700

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2701

def mixed_set_add_ca(ctx):

2702

ctx.set_client_ca_list([cadesc, sedesc])

2703

ctx.add_client_ca(clcert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2704

return [cadesc, sedesc, cldesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2705

self._check_client_ca_list(mixed_set_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2706

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2707

2708

def test_set_after_add_client_ca(self):

2709

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2710

A call to :py:obj:`Context.set_client_ca_list` after a call to

2711

:py:obj:`Context.add_client_ca` replaces the CA name specified by the former

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2712

call with the names specified by the latter cal.

2713

"""

2714

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2715

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2716

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2717

2718

cadesc = cacert.get_subject()

2719

sedesc = secert.get_subject()

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2720

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2721

def set_replaces_add_ca(ctx):

2722

ctx.add_client_ca(clcert)

2723

ctx.set_client_ca_list([cadesc])

2724

ctx.add_client_ca(secert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2725

return [cadesc, sedesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2726

self._check_client_ca_list(set_replaces_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2727

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

2728

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2729

2730

class ConnectionBIOTests(TestCase):

2731

"""

2732

Tests for :py:obj:`Connection.bio_read` and :py:obj:`Connection.bio_write`.

2733

"""

2734

def test_wantReadError(self):

2735

"""

2736

:py:obj:`Connection.bio_read` raises :py:obj:`OpenSSL.SSL.WantReadError`

2737

if there are no bytes available to be read from the BIO.

2738

"""

2739

ctx = Context(TLSv1_METHOD)

2740

conn = Connection(ctx, None)

2741

self.assertRaises(WantReadError, conn.bio_read, 1024)

2742

2743

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2744

def test_buffer_size(self):

2745

"""

2746

:py:obj:`Connection.bio_read` accepts an integer giving the maximum

2747

number of bytes to read and return.

2748

"""

2749

ctx = Context(TLSv1_METHOD)

2750

conn = Connection(ctx, None)

2751

conn.set_connect_state()

2752

try:

2753

conn.do_handshake()

2754

except WantReadError:

2755

pass

2756

data = conn.bio_read(2)

2757

self.assertEqual(2, len(data))

if not PY3:

def test_buffer_size_long(self):

2762

"""

2763

On Python 2 :py:obj:`Connection.bio_read` accepts values of type

2764

:py:obj:`long` as well as :py:obj:`int`.

2765

"""

2766

ctx = Context(TLSv1_METHOD)

2767

conn = Connection(ctx, None)

2768

conn.set_connect_state()

2769

try:

2770

conn.do_handshake()

2771

except WantReadError:

2772

pass

2773

data = conn.bio_read(long(2))

2774

self.assertEqual(2, len(data))

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2778

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

2779

class InfoConstantTests(TestCase):

2780

"""

2781

Tests for assorted constants exposed for use in info callbacks.

2782

"""

2783

def test_integers(self):

2784

"""

2785

All of the info constants are integers.

2786

2787

This is a very weak test. It would be nice to have one that actually

2788

verifies that as certain info events happen, the value passed to the

2789

info callback matches up with the constant exposed by OpenSSL.SSL.

2790

"""

2791

for const in [

2792

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT,

2793

SSL_ST_BEFORE, SSL_ST_OK, SSL_ST_RENEGOTIATE,

2794

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

2795

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

2796

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

2797

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE]:

2798

2799

self.assertTrue(isinstance(const, int))

2800

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

2801

Jean-Paul Calderone