Blame - tests/test_ssl.py - platform/external/python/pyopenssl

2008-03-21 17:04:05 -0400

[diff] [blame]

4

"""

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

5

Unit tests for :mod:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

6

"""

7

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

8

import datetime

Arne Schwabe

3562df8

2020-11-27 19:29:49 +0100

[diff] [blame^]

9

import gc

Maximilian Hils

2017-02-10 14:56:55 +0100

[diff] [blame]

10

import sys

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

11

import uuid

12

Jean-Paul Calderone

4c1aacd

2014-01-11 08:15:17 -0500

[diff] [blame]

13

from gc import collect, get_referrers

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

14

from errno import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

EAFNOSUPPORT,

ECONNREFUSED,

EINPROGRESS,

EWOULDBLOCK,

EPIPE,

ESHUTDOWN,

)

Jeremy Lainé

1ae7cb6

2018-03-21 14:49:42 +0100

[diff] [blame]

22

from sys import platform, getfilesystemencoding

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

23

from socket import AF_INET, AF_INET6, MSG_PEEK, SHUT_RDWR, error, socket

Jean-Paul Calderone

a65cf6c

2009-07-19 10:26:52 -0400

[diff] [blame]

24

from os import makedirs

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

25

from os.path import join

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

26

from weakref import ref

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

27

from warnings import simplefilter

Jean-Paul Calderone

460cc1f

2009-03-07 11:31:12 -0500

[diff] [blame]

28

Alex Gaynor

963ae03

2019-07-06 17:38:32 -0400

[diff] [blame]

29

import flaky

30

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

31

import pytest

32

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

33

from pretend import raiser

34

Hugo van Kemenade

60827f8

2019-08-30 00:39:35 +0300

[diff] [blame]

35

from six import PY2, text_type

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

36

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

37

from cryptography import x509

38

from cryptography.hazmat.backends import default_backend

39

from cryptography.hazmat.primitives import hashes

40

from cryptography.hazmat.primitives import serialization

41

from cryptography.hazmat.primitives.asymmetric import rsa

42

from cryptography.x509.oid import NameOID

43

44

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

45

from OpenSSL.crypto import TYPE_RSA, FILETYPE_PEM

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

46

from OpenSSL.crypto import PKey, X509, X509Extension, X509Store

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

47

from OpenSSL.crypto import dump_privatekey, load_privatekey

48

from OpenSSL.crypto import dump_certificate, load_certificate

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

49

from OpenSSL.crypto import get_elliptic_curves

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

50

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

51

from OpenSSL.SSL import OPENSSL_VERSION_NUMBER, SSLEAY_VERSION, SSLEAY_CFLAGS

52

from OpenSSL.SSL import SSLEAY_PLATFORM, SSLEAY_DIR, SSLEAY_BUILT_ON

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

53

from OpenSSL.SSL import SENT_SHUTDOWN, RECEIVED_SHUTDOWN

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

54

from OpenSSL.SSL import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

SSLv2_METHOD,

SSLv3_METHOD,

SSLv23_METHOD,

TLSv1_METHOD,

TLSv1_1_METHOD,

TLSv1_2_METHOD,

)

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

62

from OpenSSL.SSL import OP_SINGLE_DH_USE, OP_NO_SSLv2, OP_NO_SSLv3

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

63

from OpenSSL.SSL import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

64

VERIFY_PEER,

65

VERIFY_FAIL_IF_NO_PEER_CERT,

66

VERIFY_CLIENT_ONCE,

67

VERIFY_NONE,

68

)

Jean-Paul Calderone

0222a49

2011-09-08 18:26:03 -0400

[diff] [blame]

69

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

70

from OpenSSL import SSL

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

71

from OpenSSL.SSL import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

SESS_CACHE_OFF,

SESS_CACHE_CLIENT,

SESS_CACHE_SERVER,

SESS_CACHE_BOTH,

SESS_CACHE_NO_AUTO_CLEAR,

77

SESS_CACHE_NO_INTERNAL_LOOKUP,

78

SESS_CACHE_NO_INTERNAL_STORE,

79

SESS_CACHE_NO_INTERNAL,

80

)

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

81

82

from OpenSSL.SSL import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

Error,

SysCallError,

WantReadError,

WantWriteError,

ZeroReturnError,

)

from OpenSSL.SSL import Context, Session, Connection, SSLeay_version

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

90

from OpenSSL.SSL import _make_requires

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

91

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

92

from OpenSSL._util import ffi as _ffi, lib as _lib

Cory Benfield

ba1820d

2015-04-13 17:39:12 -0400

[diff] [blame]

93

Alex Gaynor

d3b5d9b

2016-07-31 10:54:24 -0400

[diff] [blame]

94

from OpenSSL.SSL import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

OP_NO_QUERY_MTU,

OP_COOKIE_EXCHANGE,

OP_NO_TICKET,

OP_NO_COMPRESSION,

MODE_RELEASE_BUFFERS,

100

NO_OVERLAPPING_PROTOCOLS,

101

)

Jean-Paul Calderone

0222a49

2011-09-08 18:26:03 -0400

[diff] [blame]

102

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

103

from OpenSSL.SSL import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

SSL_ST_CONNECT,

SSL_ST_ACCEPT,

SSL_ST_MASK,

SSL_CB_LOOP,

SSL_CB_EXIT,

SSL_CB_READ,

SSL_CB_WRITE,

SSL_CB_ALERT,

SSL_CB_READ_ALERT,

SSL_CB_WRITE_ALERT,

SSL_CB_ACCEPT_LOOP,

SSL_CB_ACCEPT_EXIT,

SSL_CB_CONNECT_LOOP,

SSL_CB_CONNECT_EXIT,

SSL_CB_HANDSHAKE_START,

119

SSL_CB_HANDSHAKE_DONE,

120

)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

121

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

122

try:

123

from OpenSSL.SSL import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

SSL_ST_INIT,

SSL_ST_BEFORE,

SSL_ST_OK,

SSL_ST_RENEGOTIATE,

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

128

)

129

except ImportError:

130

SSL_ST_INIT = SSL_ST_BEFORE = SSL_ST_OK = SSL_ST_RENEGOTIATE = None

131

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

132

from .util import WARNING_TYPE_EXPECTED, NON_ASCII, is_consistent_type

Hynek Schlawack

f0e6685

2015-10-16 20:18:38 +0200

[diff] [blame]

133

from .test_crypto import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

client_cert_pem,

client_key_pem,

server_cert_pem,

server_key_pem,

root_cert_pem,

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame]

139

root_key_pem,

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

140

)

Hynek Schlawack

f0e6685

2015-10-16 20:18:38 +0200

[diff] [blame]

141

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

142

Paul Kehrer

41dc136

2020-08-04 23:44:18 -0500

[diff] [blame]

143

# openssl dhparam 2048 -out dh-2048.pem

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

144

dhparam = """\

145

-----BEGIN DH PARAMETERS-----

Paul Kehrer

41dc136

2020-08-04 23:44:18 -0500

[diff] [blame]

146

MIIBCAKCAQEA2F5e976d/GjsaCdKv5RMWL/YV7fq1UUWpPAer5fDXflLMVUuYXxE

147

3m3ayZob9lbpgEU0jlPAsXHfQPGxpKmvhv+xV26V/DEoukED8JeZUY/z4pigoptl

148

+8+TYdNNE/rFSZQFXIp+v2D91IEgmHBnZlKFSbKR+p8i0KjExXGjU6ji3S5jkOku

149

ogikc7df1Ui0hWNJCmTjExq07aXghk97PsdFSxjdawuG3+vos5bnNoUwPLYlFc/z

150

ITYG0KXySiCLi4UDlXTZTz7u/+OYczPEgqa/JPUddbM/kfvaRAnjY38cfQ7qXf8Y

151

i5s5yYK7a/0eWxxRr2qraYaUj8RwDpH9CwIBAg==

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

152

-----END DH PARAMETERS-----

"""

Hugo van Kemenade

2019-08-30 00:39:35 +0300

[diff] [blame]

156

skip_if_py3 = pytest.mark.skipif(not PY2, reason="Python 2 only")

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

157

158

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

159

def socket_any_family():

160

try:

161

return socket(AF_INET)

162

except error as e:

163

if e.errno == EAFNOSUPPORT:

164

return socket(AF_INET6)

raise

def loopback_address(socket):

169

if socket.family == AF_INET:

170

return "127.0.0.1"

171

else:

172

assert socket.family == AF_INET6

return "::1"

Jean-Paul Calderone

2015-04-12 11:38:49 -0400

[diff] [blame]

176

def join_bytes_or_unicode(prefix, suffix):

177

"""

178

Join two path components of either ``bytes`` or ``unicode``.

179

180

The return type is the same as the type of ``prefix``.

181

"""

182

# If the types are the same, nothing special is necessary.

183

if type(prefix) == type(suffix):

184

return join(prefix, suffix)

185

186

# Otherwise, coerce suffix to the type of prefix.

187

if isinstance(prefix, text_type):

188

return join(prefix, suffix.decode(getfilesystemencoding()))

189

else:

190

return join(prefix, suffix.encode(getfilesystemencoding()))

191

192

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

193

def verify_cb(conn, cert, errnum, depth, ok):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

194

return ok

195

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

196

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

197

def socket_pair():

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

198

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

199

Establish and return a pair of network sockets connected to each other.

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

200

"""

201

# Connect a pair of sockets

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

202

port = socket_any_family()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

203

port.bind(("", 0))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

204

port.listen(1)

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

205

client = socket(port.family)

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

206

client.setblocking(False)

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

207

client.connect_ex((loopback_address(port), port.getsockname()[1]))

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

208

client.setblocking(True)

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

209

server = port.accept()[0]

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

210

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

211

# Let's pass some unencrypted data to make sure our socket connection is

212

# fine. Just one byte, so we don't have to worry about buffers getting

213

# filled up or fragmentation.

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

214

server.send(b"x")

215

assert client.recv(1024) == b"x"

216

client.send(b"y")

217

assert server.recv(1024) == b"y"

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

218

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

219

# Most of our callers want non-blocking sockets, make it easy for them.

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

220

server.setblocking(False)

221

client.setblocking(False)

Jim Shaver

46f2891

2015-05-29 19:32:16 -0400

[diff] [blame]

222

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

223

return (server, client)

224

225

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

226

def handshake(client, server):

227

conns = [client, server]

while conns:

for conn in conns:

try:

conn.do_handshake()

except WantReadError:

pass

else:

conns.remove(conn)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

238

def _create_certificate_chain():

239

"""

240

Construct and return a chain of certificates.

241

242

1. A new self-signed certificate authority certificate (cacert)

243

2. A new intermediate certificate signed by cacert (icert)

244

3. A new server certificate signed by icert (scert)

245

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

246

caext = X509Extension(b"basicConstraints", False, b"CA:true")

247

not_after_date = datetime.date.today() + datetime.timedelta(days=365)

Alex Gaynor

2020-01-12 11:59:49 -0600

[diff] [blame]

248

not_after = not_after_date.strftime("%Y%m%d%H%M%SZ").encode("ascii")

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

249

250

# Step 1

251

cakey = PKey()

Alex Gaynor

8cd336e

2020-08-03 10:36:32 -0400

[diff] [blame]

252

cakey.generate_key(TYPE_RSA, 2048)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

253

cacert = X509()

David Benjamin

6b79947

2020-06-24 17:14:16 -0400

[diff] [blame]

254

cacert.set_version(2)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

255

cacert.get_subject().commonName = "Authority Certificate"

256

cacert.set_issuer(cacert.get_subject())

257

cacert.set_pubkey(cakey)

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

258

cacert.set_notBefore(b"20000101000000Z")

Alex Gaynor

2020-01-12 11:59:49 -0600

[diff] [blame]

259

cacert.set_notAfter(not_after)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

260

cacert.add_extensions([caext])

261

cacert.set_serial_number(0)

Paul Kehrer

d4b6046

2020-08-03 18:26:03 -0500

[diff] [blame]

262

cacert.sign(cakey, "sha256")

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

263

264

# Step 2

265

ikey = PKey()

Alex Gaynor

8cd336e

2020-08-03 10:36:32 -0400

[diff] [blame]

266

ikey.generate_key(TYPE_RSA, 2048)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

267

icert = X509()

David Benjamin

6b79947

2020-06-24 17:14:16 -0400

[diff] [blame]

268

icert.set_version(2)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

269

icert.get_subject().commonName = "Intermediate Certificate"

270

icert.set_issuer(cacert.get_subject())

271

icert.set_pubkey(ikey)

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

272

icert.set_notBefore(b"20000101000000Z")

Alex Gaynor

2020-01-12 11:59:49 -0600

[diff] [blame]

273

icert.set_notAfter(not_after)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

274

icert.add_extensions([caext])

275

icert.set_serial_number(0)

Paul Kehrer

d4b6046

2020-08-03 18:26:03 -0500

[diff] [blame]

276

icert.sign(cakey, "sha256")

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

277

278

# Step 3

279

skey = PKey()

Alex Gaynor

8cd336e

2020-08-03 10:36:32 -0400

[diff] [blame]

280

skey.generate_key(TYPE_RSA, 2048)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

281

scert = X509()

David Benjamin

6b79947

2020-06-24 17:14:16 -0400

[diff] [blame]

282

scert.set_version(2)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

283

scert.get_subject().commonName = "Server Certificate"

284

scert.set_issuer(icert.get_subject())

285

scert.set_pubkey(skey)

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

286

scert.set_notBefore(b"20000101000000Z")

Alex Gaynor

2020-01-12 11:59:49 -0600

[diff] [blame]

287

scert.set_notAfter(not_after)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

288

scert.add_extensions(

289

[X509Extension(b"basicConstraints", True, b"CA:false")]

290

)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

291

scert.set_serial_number(0)

Paul Kehrer

d4b6046

2020-08-03 18:26:03 -0500

[diff] [blame]

292

scert.sign(ikey, "sha256")

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

293

294

return [(cakey, cacert), (ikey, icert), (skey, scert)]

295

296

Paul Kehrer

2019-01-21 12:24:02 -0600

[diff] [blame]

297

def loopback_client_factory(socket, version=SSLv23_METHOD):

298

client = Connection(Context(version), socket)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

299

client.set_connect_state()

return client

Paul Kehrer

2019-01-21 12:24:02 -0600

[diff] [blame]

303

def loopback_server_factory(socket, version=SSLv23_METHOD):

304

ctx = Context(version)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

305

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

306

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

307

server = Connection(ctx, socket)

308

server.set_accept_state()

return server

def loopback(server_factory=None, client_factory=None):

313

"""

314

Create a connected socket pair and force two connected SSL sockets

315

to talk to each other via memory BIOs.

316

"""

317

if server_factory is None:

318

server_factory = loopback_server_factory

319

if client_factory is None:

320

client_factory = loopback_client_factory

321

322

(server, client) = socket_pair()

323

server = server_factory(server)

324

client = client_factory(client)

325

326

handshake(client, server)

327

328

server.setblocking(True)

329

client.setblocking(True)

330

return server, client

331

332

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

333

def interact_in_memory(client_conn, server_conn):

334

"""

335

Try to read application bytes from each of the two `Connection` objects.

336

Copy bytes back and forth between their send/receive buffers for as long

337

as there is anything to copy. When there is nothing more to copy,

338

return `None`. If one of them actually manages to deliver some application

339

bytes, return a two-tuple of the connection from which the bytes were read

340

and the bytes themselves.

"""

wrote = True

while wrote:

# Loop until neither side has anything to say

345

wrote = False

346

347

# Copy stuff from each side's send buffer to the other side's

348

# receive buffer.

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

349

for (read, write) in [

350

(client_conn, server_conn),

351

(server_conn, client_conn),

352

]:

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

353

354

# Give the side a chance to generate some more bytes, or succeed.

355

try:

356

data = read.recv(2 ** 16)

357

except WantReadError:

358

# It didn't succeed, so we'll hope it generated some output.

359

pass

360

else:

361

# It did succeed, so we'll stop now and let the caller deal

# with it.

return (read, data)

while True:

# Keep copying as long as there's more stuff there.

367

try:

368

dirty = read.bio_read(4096)

369

except WantReadError:

370

# Okay, nothing more waiting to be sent. Stop

371

# processing this send buffer.

372

break

373

else:

374

# Keep track of the fact that someone generated some

375

# output.

376

wrote = True

377

write.bio_write(dirty)

378

379

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

380

def handshake_in_memory(client_conn, server_conn):

381

"""

382

Perform the TLS handshake between two `Connection` instances connected to

383

each other via memory BIOs.

384

"""

385

client_conn.set_connect_state()

386

server_conn.set_accept_state()

387

388

for conn in [client_conn, server_conn]:

389

try:

390

conn.do_handshake()

391

except WantReadError:

392

pass

393

394

interact_in_memory(client_conn, server_conn)

395

396

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

397

class TestVersion(object):

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

398

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

399

Tests for version information exposed by `OpenSSL.SSL.SSLeay_version` and

400

`OpenSSL.SSL.OPENSSL_VERSION_NUMBER`.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

401

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

402

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

403

def test_OPENSSL_VERSION_NUMBER(self):

404

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

405

`OPENSSL_VERSION_NUMBER` is an integer with status in the low byte and

406

the patch, fix, minor, and major versions in the nibbles above that.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

407

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

408

assert isinstance(OPENSSL_VERSION_NUMBER, int)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

409

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

410

def test_SSLeay_version(self):

411

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

412

`SSLeay_version` takes a version type indicator and returns one of a

413

number of version strings based on that indicator.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

414

"""

415

versions = {}

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

for t in [

SSLEAY_VERSION,

SSLEAY_CFLAGS,

SSLEAY_BUILT_ON,

SSLEAY_PLATFORM,

SSLEAY_DIR,

]:

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

423

version = SSLeay_version(t)

424

versions[version] = t

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

425

assert isinstance(version, bytes)

426

assert len(versions) == 5

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

427

428

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

429

@pytest.fixture

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

430

def ca_file(tmpdir):

431

"""

432

Create a valid PEM file with CA certificates and return the path.

433

"""

434

key = rsa.generate_private_key(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

435

public_exponent=65537, key_size=2048, backend=default_backend()

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

436

)

437

public_key = key.public_key()

438

439

builder = x509.CertificateBuilder()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

440

builder = builder.subject_name(

441

x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u"pyopenssl.org")])

442

)

443

builder = builder.issuer_name(

444

x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u"pyopenssl.org")])

445

)

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

446

one_day = datetime.timedelta(1, 0, 0)

447

builder = builder.not_valid_before(datetime.datetime.today() - one_day)

448

builder = builder.not_valid_after(datetime.datetime.today() + one_day)

449

builder = builder.serial_number(int(uuid.uuid4()))

450

builder = builder.public_key(public_key)

451

builder = builder.add_extension(

Alex Gaynor

2020-08-26 22:50:40 -0400

[diff] [blame]

452

x509.BasicConstraints(ca=True, path_length=None),

453

critical=True,

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

454

)

455

456

certificate = builder.sign(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

457

private_key=key, algorithm=hashes.SHA256(), backend=default_backend()

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

458

)

459

460

ca_file = tmpdir.join("test.pem")

461

ca_file.write_binary(

Alex Gaynor

2020-08-26 22:50:40 -0400

[diff] [blame]

462

certificate.public_bytes(

463

encoding=serialization.Encoding.PEM,

464

)

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

465

)

466

467

return str(ca_file).encode("ascii")

468

469

470

@pytest.fixture

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

471

def context():

472

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

473

A simple "best TLS you can get" context. TLS 1.2+ in any reasonable OpenSSL

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

474

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

475

return Context(SSLv23_METHOD)

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

476

477

478

class TestContext(object):

Hynek Schlawack

aa86121

2016-03-13 13:53:48 +0100

[diff] [blame]

479

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

480

Unit tests for `OpenSSL.SSL.Context`.

Hynek Schlawack

aa86121

2016-03-13 13:53:48 +0100

[diff] [blame]

481

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

482

483

@pytest.mark.parametrize(

484

"cipher_string",

485

[b"hello world:AES128-SHA", u"hello world:AES128-SHA"],

486

)

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

487

def test_set_cipher_list(self, context, cipher_string):

488

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

489

`Context.set_cipher_list` accepts both byte and unicode strings

Hynek Schlawack

a7a63af

2016-03-11 12:05:26 +0100

[diff] [blame]

490

for naming the ciphers which connections created with the context

491

object will be able to choose from.

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

492

"""

493

context.set_cipher_list(cipher_string)

494

conn = Connection(context, None)

495

496

assert "AES128-SHA" in conn.get_cipher_list()

497

Mark Williams

2019-02-14 19:30:07 -0800

[diff] [blame]

498

def test_set_cipher_list_wrong_type(self, context):

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

499

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

500

`Context.set_cipher_list` raises `TypeError` when passed a non-string

Mark Williams

2019-02-14 19:30:07 -0800

[diff] [blame]

501

argument.

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

502

"""

Mark Williams

2019-02-14 19:30:07 -0800

[diff] [blame]

503

with pytest.raises(TypeError):

504

context.set_cipher_list(object())

505

Alex Gaynor

963ae03

2019-07-06 17:38:32 -0400

[diff] [blame]

506

@flaky.flaky

Mark Williams

2019-02-14 19:30:07 -0800

[diff] [blame]

507

def test_set_cipher_list_no_cipher_match(self, context):

508

"""

509

`Context.set_cipher_list` raises `OpenSSL.SSL.Error` with a

510

`"no cipher match"` reason string regardless of the TLS

511

version.

512

"""

513

with pytest.raises(Error) as excinfo:

514

context.set_cipher_list(b"imaginary-cipher")

515

assert excinfo.value.args == (

Alex Gaynor

2020-08-26 22:50:40 -0400

[diff] [blame]

[

(

"SSL routines",

"SSL_CTX_set_cipher_list",

520

"no cipher match",

521

)

522

],

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

523

)

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

524

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

525

def test_load_client_ca(self, context, ca_file):

526

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

527

`Context.load_client_ca` works as far as we can tell.

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

528

"""

529

context.load_client_ca(ca_file)

530

531

def test_load_client_ca_invalid(self, context, tmpdir):

532

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

533

`Context.load_client_ca` raises an Error if the ca file is invalid.

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

534

"""

535

ca_file = tmpdir.join("test.pem")

536

ca_file.write("")

537

538

with pytest.raises(Error) as e:

539

context.load_client_ca(str(ca_file).encode("ascii"))

540

541

assert "PEM routines" == e.value.args[0][0][0]

542

543

def test_load_client_ca_unicode(self, context, ca_file):

544

"""

545

Passing the path as unicode raises a warning but works.

546

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

547

pytest.deprecated_call(context.load_client_ca, ca_file.decode("ascii"))

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

548

549

def test_set_session_id(self, context):

550

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

551

`Context.set_session_id` works as far as we can tell.

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

552

"""

553

context.set_session_id(b"abc")

554

555

def test_set_session_id_fail(self, context):

556

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

557

`Context.set_session_id` errors are propagated.

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

558

"""

559

with pytest.raises(Error) as e:

560

context.set_session_id(b"abc" * 1000)

561

562

assert [

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

563

(

564

"SSL routines",

565

"SSL_CTX_set_session_id_context",

566

"ssl session id context too long",

567

)

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

568

] == e.value.args[0]

569

570

def test_set_session_id_unicode(self, context):

571

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

572

`Context.set_session_id` raises a warning if a unicode string is

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

573

passed.

574

"""

575

pytest.deprecated_call(context.set_session_id, u"abc")

576

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

577

def test_method(self):

578

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

579

`Context` can be instantiated with one of `SSLv2_METHOD`,

580

`SSLv3_METHOD`, `SSLv23_METHOD`, `TLSv1_METHOD`, `TLSv1_1_METHOD`,

581

or `TLSv1_2_METHOD`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

582

"""

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

583

methods = [SSLv23_METHOD, TLSv1_METHOD]

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

584

for meth in methods:

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

585

Context(meth)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

586

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

587

maybe = [SSLv2_METHOD, SSLv3_METHOD, TLSv1_1_METHOD, TLSv1_2_METHOD]

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

for meth in maybe:

try:

Context(meth)

except (Error, ValueError):

592

# Some versions of OpenSSL have SSLv2 / TLSv1.1 / TLSv1.2, some

593

# don't. Difficult to say in advance.

594

pass

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

595

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

596

with pytest.raises(TypeError):

597

Context("")

598

with pytest.raises(ValueError):

599

Context(10)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

600

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

601

def test_type(self):

602

"""

Alex Gaynor

01f90a1

2019-02-07 09:14:48 -0500

[diff] [blame]

603

`Context` can be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

604

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

605

assert is_consistent_type(Context, "Context", TLSv1_METHOD)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

606

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

607

def test_use_privatekey(self):

608

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

609

`Context.use_privatekey` takes an `OpenSSL.crypto.PKey` instance.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

610

"""

611

key = PKey()

Paul Kehrer

2020-08-03 15:54:20 -0500

[diff] [blame]

612

key.generate_key(TYPE_RSA, 1024)

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

613

ctx = Context(SSLv23_METHOD)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

614

ctx.use_privatekey(key)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

615

with pytest.raises(TypeError):

616

ctx.use_privatekey("")

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

617

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

618

def test_use_privatekey_file_missing(self, tmpfile):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

619

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

620

`Context.use_privatekey_file` raises `OpenSSL.SSL.Error` when passed

621

the name of a file which does not exist.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

622

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

623

ctx = Context(SSLv23_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

624

with pytest.raises(Error):

625

ctx.use_privatekey_file(tmpfile)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

626

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

627

def _use_privatekey_file_test(self, pemfile, filetype):

628

"""

629

Verify that calling ``Context.use_privatekey_file`` with the given

630

arguments does not raise an exception.

631

"""

632

key = PKey()

Paul Kehrer

2020-08-03 15:54:20 -0500

[diff] [blame]

633

key.generate_key(TYPE_RSA, 1024)

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

634

635

with open(pemfile, "wt") as pem:

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

636

pem.write(dump_privatekey(FILETYPE_PEM, key).decode("ascii"))

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

637

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

638

ctx = Context(SSLv23_METHOD)

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

639

ctx.use_privatekey_file(pemfile, filetype)

640

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

641

@pytest.mark.parametrize("filetype", [object(), "", None, 1.0])

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

642

def test_wrong_privatekey_file_wrong_args(self, tmpfile, filetype):

643

"""

644

`Context.use_privatekey_file` raises `TypeError` when called with

645

a `filetype` which is not a valid file encoding.

646

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

647

ctx = Context(SSLv23_METHOD)

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

648

with pytest.raises(TypeError):

649

ctx.use_privatekey_file(tmpfile, filetype)

650

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

651

def test_use_privatekey_file_bytes(self, tmpfile):

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

652

"""

653

A private key can be specified from a file by passing a ``bytes``

654

instance giving the file name to ``Context.use_privatekey_file``.

655

"""

656

self._use_privatekey_file_test(

Alex Gaynor

2020-08-26 22:50:40 -0400

[diff] [blame]

657

tmpfile + NON_ASCII.encode(getfilesystemencoding()),

658

FILETYPE_PEM,

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

659

)

660

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

661

def test_use_privatekey_file_unicode(self, tmpfile):

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

662

"""

663

A private key can be specified from a file by passing a ``unicode``

664

instance giving the file name to ``Context.use_privatekey_file``.

665

"""

666

self._use_privatekey_file_test(

Alex Gaynor

2020-08-26 22:50:40 -0400

[diff] [blame]

667

tmpfile.decode(getfilesystemencoding()) + NON_ASCII,

668

FILETYPE_PEM,

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

669

)

670

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

671

def test_use_certificate_wrong_args(self):

672

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

673

`Context.use_certificate_wrong_args` raises `TypeError` when not passed

674

exactly one `OpenSSL.crypto.X509` instance as an argument.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

675

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

676

ctx = Context(SSLv23_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

677

with pytest.raises(TypeError):

678

ctx.use_certificate("hello, world")

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

679

680

def test_use_certificate_uninitialized(self):

681

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

682

`Context.use_certificate` raises `OpenSSL.SSL.Error` when passed a

683

`OpenSSL.crypto.X509` instance which has not been initialized

684

(ie, which does not actually have any certificate data).

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

685

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

686

ctx = Context(SSLv23_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

687

with pytest.raises(Error):

688

ctx.use_certificate(X509())

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

689

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

690

def test_use_certificate(self):

691

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

692

`Context.use_certificate` sets the certificate which will be

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

693

used to identify connections created using the context.

694

"""

695

# TODO

696

# Hard to assert anything. But we could set a privatekey then ask

697

# OpenSSL if the cert and key agree using check_privatekey. Then as

698

# long as check_privatekey works right we're good...

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

699

ctx = Context(SSLv23_METHOD)

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame]

700

ctx.use_certificate(load_certificate(FILETYPE_PEM, root_cert_pem))

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

701

702

def test_use_certificate_file_wrong_args(self):

703

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

704

`Context.use_certificate_file` raises `TypeError` if the first

705

argument is not a byte string or the second argument is not an integer.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

706

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

707

ctx = Context(SSLv23_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

708

with pytest.raises(TypeError):

709

ctx.use_certificate_file(object(), FILETYPE_PEM)

710

with pytest.raises(TypeError):

711

ctx.use_certificate_file(b"somefile", object())

712

with pytest.raises(TypeError):

713

ctx.use_certificate_file(object(), FILETYPE_PEM)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

714

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

715

def test_use_certificate_file_missing(self, tmpfile):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

716

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

717

`Context.use_certificate_file` raises `OpenSSL.SSL.Error` if passed

718

the name of a file which does not exist.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

719

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

720

ctx = Context(SSLv23_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

721

with pytest.raises(Error):

722

ctx.use_certificate_file(tmpfile)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

723

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

724

def _use_certificate_file_test(self, certificate_file):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

725

"""

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

726

Verify that calling ``Context.use_certificate_file`` with the given

727

filename doesn't raise an exception.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

728

"""

729

# TODO

730

# Hard to assert anything. But we could set a privatekey then ask

731

# OpenSSL if the cert and key agree using check_privatekey. Then as

732

# long as check_privatekey works right we're good...

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

733

with open(certificate_file, "wb") as pem_file:

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame]

734

pem_file.write(root_cert_pem)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

735

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

736

ctx = Context(SSLv23_METHOD)

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

737

ctx.use_certificate_file(certificate_file)

738

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

739

def test_use_certificate_file_bytes(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

740

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

741

`Context.use_certificate_file` sets the certificate (given as a

742

`bytes` filename) which will be used to identify connections created

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

743

using the context.

744

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

745

filename = tmpfile + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

746

self._use_certificate_file_test(filename)

747

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

748

def test_use_certificate_file_unicode(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

749

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

750

`Context.use_certificate_file` sets the certificate (given as a

751

`bytes` filename) which will be used to identify connections created

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

752

using the context.

753

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

754

filename = tmpfile.decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

755

self._use_certificate_file_test(filename)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

756

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

757

def test_check_privatekey_valid(self):

758

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

759

`Context.check_privatekey` returns `None` if the `Context` instance

760

has been configured to use a matched key and certificate pair.

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

761

"""

762

key = load_privatekey(FILETYPE_PEM, client_key_pem)

763

cert = load_certificate(FILETYPE_PEM, client_cert_pem)

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

764

context = Context(SSLv23_METHOD)

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

765

context.use_privatekey(key)

766

context.use_certificate(cert)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

767

assert None is context.check_privatekey()

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

768

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

769

def test_check_privatekey_invalid(self):

770

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

771

`Context.check_privatekey` raises `Error` if the `Context` instance

772

has been configured to use a key and certificate pair which don't

773

relate to each other.

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

774

"""

775

key = load_privatekey(FILETYPE_PEM, client_key_pem)

776

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

777

context = Context(SSLv23_METHOD)

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

778

context.use_privatekey(key)

779

context.use_certificate(cert)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

780

with pytest.raises(Error):

781

context.check_privatekey()

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

782

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

783

def test_app_data(self):

784

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

785

`Context.set_app_data` stores an object for later retrieval

786

using `Context.get_app_data`.

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

787

"""

788

app_data = object()

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

789

context = Context(SSLv23_METHOD)

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

790

context.set_app_data(app_data)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

791

assert context.get_app_data() is app_data

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

792

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

793

def test_set_options_wrong_args(self):

794

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

795

`Context.set_options` raises `TypeError` if called with

796

a non-`int` argument.

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

797

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

798

context = Context(SSLv23_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

799

with pytest.raises(TypeError):

800

context.set_options(None)

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

801

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

802

def test_set_options(self):

803

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

804

`Context.set_options` returns the new options value.

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

805

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

806

context = Context(SSLv23_METHOD)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

807

options = context.set_options(OP_NO_SSLv2)

Alex Gaynor

2310f8b

2016-09-10 14:39:32 -0400

[diff] [blame]

808

assert options & OP_NO_SSLv2 == OP_NO_SSLv2

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

809

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

810

def test_set_mode_wrong_args(self):

811

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

812

`Context.set_mode` raises `TypeError` if called with

813

a non-`int` argument.

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

814

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

815

context = Context(SSLv23_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

816

with pytest.raises(TypeError):

817

context.set_mode(None)

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

818

Alex Gaynor

d3b5d9b

2016-07-31 10:54:24 -0400

[diff] [blame]

819

def test_set_mode(self):

820

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

821

`Context.set_mode` accepts a mode bitvector and returns the

Alex Gaynor

d3b5d9b

2016-07-31 10:54:24 -0400

[diff] [blame]

822

newly set mode.

823

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

824

context = Context(SSLv23_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

825

assert MODE_RELEASE_BUFFERS & context.set_mode(MODE_RELEASE_BUFFERS)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

826

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

827

def test_set_timeout_wrong_args(self):

828

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

829

`Context.set_timeout` raises `TypeError` if called with

830

a non-`int` argument.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

831

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

832

context = Context(SSLv23_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

833

with pytest.raises(TypeError):

834

context.set_timeout(None)

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

835

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

836

def test_timeout(self):

837

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

838

`Context.set_timeout` sets the session timeout for all connections

839

created using the context object. `Context.get_timeout` retrieves

840

this value.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

841

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

842

context = Context(SSLv23_METHOD)

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

843

context.set_timeout(1234)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

844

assert context.get_timeout() == 1234

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

845

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

846

def test_set_verify_depth_wrong_args(self):

847

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

848

`Context.set_verify_depth` raises `TypeError` if called with a

849

non-`int` argument.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

850

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

851

context = Context(SSLv23_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

852

with pytest.raises(TypeError):

853

context.set_verify_depth(None)

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

854

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

855

def test_verify_depth(self):

856

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

857

`Context.set_verify_depth` sets the number of certificates in

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

858

a chain to follow before giving up. The value can be retrieved with

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

859

`Context.get_verify_depth`.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

860

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

861

context = Context(SSLv23_METHOD)

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

862

context.set_verify_depth(11)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

863

assert context.get_verify_depth() == 11

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

864

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

865

def _write_encrypted_pem(self, passphrase, tmpfile):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

866

"""

867

Write a new private key out to a new file, encrypted using the given

868

passphrase. Return the path to the new file.

869

"""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

870

key = PKey()

Paul Kehrer

2020-08-03 15:54:20 -0500

[diff] [blame]

871

key.generate_key(TYPE_RSA, 1024)

Jean-Paul Calderone

a986883

2010-08-22 21:38:34 -0400

[diff] [blame]

872

pem = dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

873

with open(tmpfile, "w") as fObj:

874

fObj.write(pem.decode("ascii"))

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

875

return tmpfile

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

876

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

877

def test_set_passwd_cb_wrong_args(self):

878

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

879

`Context.set_passwd_cb` raises `TypeError` if called with a

880

non-callable first argument.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

881

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

882

context = Context(SSLv23_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

883

with pytest.raises(TypeError):

884

context.set_passwd_cb(None)

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

885

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

886

def test_set_passwd_cb(self, tmpfile):

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

887

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

888

`Context.set_passwd_cb` accepts a callable which will be invoked when

889

a private key is loaded from an encrypted PEM.

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

890

"""

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

891

passphrase = b"foobar"

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

892

pemFile = self._write_encrypted_pem(passphrase, tmpfile)

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

893

calledWith = []

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

894

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

895

def passphraseCallback(maxlen, verify, extra):

896

calledWith.append((maxlen, verify, extra))

897

return passphrase

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

898

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

899

context = Context(SSLv23_METHOD)

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

900

context.set_passwd_cb(passphraseCallback)

901

context.use_privatekey_file(pemFile)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

902

assert len(calledWith) == 1

903

assert isinstance(calledWith[0][0], int)

904

assert isinstance(calledWith[0][1], int)

905

assert calledWith[0][2] is None

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

906

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

907

def test_passwd_callback_exception(self, tmpfile):

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

908

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

909

`Context.use_privatekey_file` propagates any exception raised

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

910

by the passphrase callback.

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

911

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

912

pemFile = self._write_encrypted_pem(b"monkeys are nice", tmpfile)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

913

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

914

def passphraseCallback(maxlen, verify, extra):

915

raise RuntimeError("Sorry, I am a fail.")

916

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

917

context = Context(SSLv23_METHOD)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

918

context.set_passwd_cb(passphraseCallback)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

919

with pytest.raises(RuntimeError):

920

context.use_privatekey_file(pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

921

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

922

def test_passwd_callback_false(self, tmpfile):

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

923

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

924

`Context.use_privatekey_file` raises `OpenSSL.SSL.Error` if the

925

passphrase callback returns a false value.

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

926

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

927

pemFile = self._write_encrypted_pem(b"monkeys are nice", tmpfile)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

928

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

929

def passphraseCallback(maxlen, verify, extra):

Jean-Paul Calderone

4f0467a

2014-01-11 11:58:41 -0500

[diff] [blame]

930

return b""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

931

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

932

context = Context(SSLv23_METHOD)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

933

context.set_passwd_cb(passphraseCallback)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

934

with pytest.raises(Error):

935

context.use_privatekey_file(pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

936

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

937

def test_passwd_callback_non_string(self, tmpfile):

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

938

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

939

`Context.use_privatekey_file` raises `OpenSSL.SSL.Error` if the

940

passphrase callback returns a true non-string value.

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

941

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

942

pemFile = self._write_encrypted_pem(b"monkeys are nice", tmpfile)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

943

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

944

def passphraseCallback(maxlen, verify, extra):

945

return 10

946

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

947

context = Context(SSLv23_METHOD)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

948

context.set_passwd_cb(passphraseCallback)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

949

# TODO: Surely this is the wrong error?

950

with pytest.raises(ValueError):

951

context.use_privatekey_file(pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

952

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

953

def test_passwd_callback_too_long(self, tmpfile):

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

954

"""

955

If the passphrase returned by the passphrase callback returns a string

956

longer than the indicated maximum length, it is truncated.

957

"""

958

# A priori knowledge!

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

959

passphrase = b"x" * 1024

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

960

pemFile = self._write_encrypted_pem(passphrase, tmpfile)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

961

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

962

def passphraseCallback(maxlen, verify, extra):

963

assert maxlen == 1024

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

964

return passphrase + b"y"

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

965

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

966

context = Context(SSLv23_METHOD)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

967

context.set_passwd_cb(passphraseCallback)

968

# This shall succeed because the truncated result is the correct

969

# passphrase.

970

context.use_privatekey_file(pemFile)

971

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

972

def test_set_info_callback(self):

973

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

974

`Context.set_info_callback` accepts a callable which will be

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

975

invoked when certain information about an SSL connection is available.

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

976

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

977

(server, client) = socket_pair()

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

978

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

979

clientSSL = Connection(Context(SSLv23_METHOD), client)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

980

clientSSL.set_connect_state()

981

982

called = []

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

983

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

984

def info(conn, where, ret):

985

called.append((conn, where, ret))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

986

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

987

context = Context(SSLv23_METHOD)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

988

context.set_info_callback(info)

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame]

989

context.use_certificate(load_certificate(FILETYPE_PEM, root_cert_pem))

990

context.use_privatekey(load_privatekey(FILETYPE_PEM, root_key_pem))

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

991

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

992

serverSSL = Connection(context, server)

993

serverSSL.set_accept_state()

994

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

995

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

996

Jean-Paul Calderone

3835e52

2014-02-02 11:12:30 -0500

[diff] [blame]

997

# The callback must always be called with a Connection instance as the

998

# first argument. It would probably be better to split this into

999

# separate tests for client and server side info callbacks so we could

1000

# assert it is called with the right Connection instance. It would

1001

# also be good to assert *something* about `where` and `ret`.

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

1002

notConnections = [

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1003

conn

1004

for (conn, where, ret) in called

1005

if not isinstance(conn, Connection)

]

assert (

[] == notConnections

), "Some info callback arguments were not Connection instances."

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1010

Maximilian Hils

2020-07-28 16:31:22 +0200

[diff] [blame]

1011

@pytest.mark.skipif(

1012

not getattr(_lib, "Cryptography_HAS_KEYLOG", None),

1013

reason="SSL_CTX_set_keylog_callback unavailable",

1014

)

1015

def test_set_keylog_callback(self):

1016

"""

1017

`Context.set_keylog_callback` accepts a callable which will be

1018

invoked when key material is generated or received.

"""

called = []

def keylog(conn, line):

1023

called.append((conn, line))

1024

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1025

server_context = Context(TLSv1_2_METHOD)

Maximilian Hils

2020-07-28 16:31:22 +0200

[diff] [blame]

1026

server_context.set_keylog_callback(keylog)

1027

server_context.use_certificate(

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame]

1028

load_certificate(FILETYPE_PEM, root_cert_pem)

Maximilian Hils

2020-07-28 16:31:22 +0200

[diff] [blame]

1029

)

1030

server_context.use_privatekey(

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame]

1031

load_privatekey(FILETYPE_PEM, root_key_pem)

Maximilian Hils

2020-07-28 16:31:22 +0200

[diff] [blame]

1032

)

1033

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1034

client_context = Context(SSLv23_METHOD)

Maximilian Hils

2020-07-28 16:31:22 +0200

[diff] [blame]

1035

1036

self._handshake_test(server_context, client_context)

1037

1038

assert called

1039

assert all(isinstance(conn, Connection) for conn, line in called)

1040

assert all(b"CLIENT_RANDOM" in line for conn, line in called)

1041

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1042

def _load_verify_locations_test(self, *args):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

1043

"""

1044

Create a client context which will verify the peer certificate and call

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1045

its `load_verify_locations` method with the given arguments.

Jean-Paul Calderone

64efa2c

2011-09-11 10:00:09 -0400

[diff] [blame]

1046

Then connect it to a server and ensure that the handshake succeeds.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

1047

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

1048

(server, client) = socket_pair()

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1049

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1050

clientContext = Context(SSLv23_METHOD)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1051

clientContext.load_verify_locations(*args)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1052

# Require that the server certificate verify properly or the

1053

# connection will fail.

1054

clientContext.set_verify(

1055

VERIFY_PEER,

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1056

lambda conn, cert, errno, depth, preverify_ok: preverify_ok,

1057

)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1058

1059

clientSSL = Connection(clientContext, client)

1060

clientSSL.set_connect_state()

1061

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1062

serverContext = Context(SSLv23_METHOD)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1063

serverContext.use_certificate(

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame]

1064

load_certificate(FILETYPE_PEM, root_cert_pem)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1065

)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1066

serverContext.use_privatekey(

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame]

1067

load_privatekey(FILETYPE_PEM, root_key_pem)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1068

)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1069

1070

serverSSL = Connection(serverContext, server)

1071

serverSSL.set_accept_state()

1072

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

1073

# Without load_verify_locations above, the handshake

1074

# will fail:

1075

# Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',

1076

# 'certificate verify failed')]

1077

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1078

1079

cert = clientSSL.get_peer_certificate()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1080

assert cert.get_subject().CN == "Testing Root CA"

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

1081

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1082

def _load_verify_cafile(self, cafile):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1083

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1084

Verify that if path to a file containing a certificate is passed to

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1085

`Context.load_verify_locations` for the ``cafile`` parameter, that

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1086

certificate is used as a trust root for the purposes of verifying

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1087

connections created using that `Context`.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1088

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1089

with open(cafile, "w") as fObj:

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame]

1090

fObj.write(root_cert_pem.decode("ascii"))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1091

1092

self._load_verify_locations_test(cafile)

1093

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1094

def test_load_verify_bytes_cafile(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1095

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1096

`Context.load_verify_locations` accepts a file name as a `bytes`

1097

instance and uses the certificates within for verification purposes.

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1098

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1099

cafile = tmpfile + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1100

self._load_verify_cafile(cafile)

1101

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1102

def test_load_verify_unicode_cafile(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1103

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1104

`Context.load_verify_locations` accepts a file name as a `unicode`

1105

instance and uses the certificates within for verification purposes.

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1106

"""

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1107

self._load_verify_cafile(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1108

tmpfile.decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1109

)

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1110

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1111

def test_load_verify_invalid_file(self, tmpfile):

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

1112

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1113

`Context.load_verify_locations` raises `Error` when passed a

1114

non-existent cafile.

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

1115

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1116

clientContext = Context(SSLv23_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1117

with pytest.raises(Error):

1118

clientContext.load_verify_locations(tmpfile)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1119

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1120

def _load_verify_directory_locations_capath(self, capath):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1121

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1122

Verify that if path to a directory containing certificate files is

1123

passed to ``Context.load_verify_locations`` for the ``capath``

1124

parameter, those certificates are used as trust roots for the purposes

1125

of verifying connections created using that ``Context``.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1126

"""

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1127

makedirs(capath)

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

1128

# Hash values computed manually with c_rehash to avoid depending on

1129

# c_rehash in the test suite. One is from OpenSSL 0.9.8, the other

1130

# from OpenSSL 1.0.0.

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1131

for name in [b"c7adac82.0", b"c3705638.0"]:

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

1132

cafile = join_bytes_or_unicode(capath, name)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1133

with open(cafile, "w") as fObj:

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame]

1134

fObj.write(root_cert_pem.decode("ascii"))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1135

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1136

self._load_verify_locations_test(None, capath)

1137

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1138

def test_load_verify_directory_bytes_capath(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1139

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1140

`Context.load_verify_locations` accepts a directory name as a `bytes`

1141

instance and uses the certificates within for verification purposes.

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1142

"""

1143

self._load_verify_directory_locations_capath(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1144

tmpfile + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1145

)

1146

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1147

def test_load_verify_directory_unicode_capath(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1148

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1149

`Context.load_verify_locations` accepts a directory name as a `unicode`

1150

instance and uses the certificates within for verification purposes.

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1151

"""

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1152

self._load_verify_directory_locations_capath(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1153

tmpfile.decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1154

)

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1155

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1156

def test_load_verify_locations_wrong_args(self):

1157

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1158

`Context.load_verify_locations` raises `TypeError` if with non-`str`

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

1159

arguments.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1160

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1161

context = Context(SSLv23_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1162

with pytest.raises(TypeError):

1163

context.load_verify_locations(object())

1164

with pytest.raises(TypeError):

1165

context.load_verify_locations(object(), object())

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1166

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1167

@pytest.mark.skipif(

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1168

not platform.startswith("linux"),

1169

reason="Loading fallback paths is a linux-specific behavior to "

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1170

"accommodate pyca/cryptography manylinux1 wheels",

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1171

)

1172

def test_fallback_default_verify_paths(self, monkeypatch):

1173

"""

1174

Test that we load certificates successfully on linux from the fallback

1175

path. To do this we set the _CRYPTOGRAPHY_MANYLINUX1_CA_FILE and

1176

_CRYPTOGRAPHY_MANYLINUX1_CA_DIR vars to be equal to whatever the

1177

current OpenSSL default is and we disable

1178

SSL_CTX_SET_default_verify_paths so that it can't find certs unless

1179

it loads via fallback.

1180

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1181

context = Context(SSLv23_METHOD)

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1182

monkeypatch.setattr(

1183

_lib, "SSL_CTX_set_default_verify_paths", lambda x: 1

)

monkeypatch.setattr(

SSL,

"_CRYPTOGRAPHY_MANYLINUX1_CA_FILE",

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1188

_ffi.string(_lib.X509_get_default_cert_file()),

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

)

monkeypatch.setattr(

SSL,

"_CRYPTOGRAPHY_MANYLINUX1_CA_DIR",

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1193

_ffi.string(_lib.X509_get_default_cert_dir()),

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1194

)

1195

context.set_default_verify_paths()

1196

store = context.get_cert_store()

1197

sk_obj = _lib.X509_STORE_get0_objects(store._store)

1198

assert sk_obj != _ffi.NULL

1199

num = _lib.sk_X509_OBJECT_num(sk_obj)

1200

assert num != 0

1201

1202

def test_check_env_vars(self, monkeypatch):

1203

"""

1204

Test that we return True/False appropriately if the env vars are set.

1205

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1206

context = Context(SSLv23_METHOD)

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1207

dir_var = "CUSTOM_DIR_VAR"

1208

file_var = "CUSTOM_FILE_VAR"

1209

assert context._check_env_vars_set(dir_var, file_var) is False

1210

monkeypatch.setenv(dir_var, "value")

1211

monkeypatch.setenv(file_var, "value")

1212

assert context._check_env_vars_set(dir_var, file_var) is True

1213

assert context._check_env_vars_set(dir_var, file_var) is True

1214

1215

def test_verify_no_fallback_if_env_vars_set(self, monkeypatch):

1216

"""

1217

Test that we don't use the fallback path if env vars are set.

1218

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1219

context = Context(SSLv23_METHOD)

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1220

monkeypatch.setattr(

1221

_lib, "SSL_CTX_set_default_verify_paths", lambda x: 1

1222

)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1223

dir_env_var = _ffi.string(_lib.X509_get_default_cert_dir_env()).decode(

1224

"ascii"

1225

)

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1226

file_env_var = _ffi.string(

1227

_lib.X509_get_default_cert_file_env()

1228

).decode("ascii")

1229

monkeypatch.setenv(dir_env_var, "value")

1230

monkeypatch.setenv(file_env_var, "value")

1231

context.set_default_verify_paths()

1232

1233

monkeypatch.setattr(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1234

context, "_fallback_default_verify_paths", raiser(SystemError)

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1235

)

1236

context.set_default_verify_paths()

1237

1238

@pytest.mark.skipif(

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1239

platform == "win32",

1240

reason="set_default_verify_paths appears not to work on Windows. "

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1241

"See LP#404343 and LP#404344.",

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1242

)

1243

def test_set_default_verify_paths(self):

1244

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1245

`Context.set_default_verify_paths` causes the platform-specific CA

1246

certificate locations to be used for verification purposes.

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1247

"""

1248

# Testing this requires a server with a certificate signed by one

1249

# of the CAs in the platform CA location. Getting one of those

1250

# costs money. Fortunately (or unfortunately, depending on your

1251

# perspective), it's easy to think of a public server on the

1252

# internet which has such a certificate. Connecting to the network

1253

# in a unit test is bad, but it's the only way I can think of to

1254

# really test this. -exarkun

Hynek Schlawack

bf88793

2015-10-21 17:13:47 +0200

[diff] [blame]

1255

context = Context(SSLv23_METHOD)

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1256

context.set_default_verify_paths()

1257

context.set_verify(

1258

VERIFY_PEER,

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1259

lambda conn, cert, errno, depth, preverify_ok: preverify_ok,

1260

)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1261

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

1262

client = socket_any_family()

Hynek Schlawack

bf88793

2015-10-21 17:13:47 +0200

[diff] [blame]

1263

client.connect(("encrypted.google.com", 443))

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1264

clientSSL = Connection(context, client)

1265

clientSSL.set_connect_state()

Alex Gaynor

373926c

2018-05-12 07:43:07 -0400

[diff] [blame]

1266

clientSSL.set_tlsext_host_name(b"encrypted.google.com")

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1267

clientSSL.do_handshake()

1268

clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1269

assert clientSSL.recv(1024)

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

1270

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1271

def test_fallback_path_is_not_file_or_dir(self):

1272

"""

1273

Test that when passed empty arrays or paths that do not exist no

1274

errors are raised.

1275

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1276

context = Context(SSLv23_METHOD)

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1277

context._fallback_default_verify_paths([], [])

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1278

context._fallback_default_verify_paths(["/not/a/file"], ["/not/a/dir"])

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1279

Jean-Paul Calderone

12608a8

2009-11-07 10:35:15 -0500

[diff] [blame]

1280

def test_add_extra_chain_cert_invalid_cert(self):

1281

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1282

`Context.add_extra_chain_cert` raises `TypeError` if called with an

1283

object which is not an instance of `X509`.

Jean-Paul Calderone

12608a8

2009-11-07 10:35:15 -0500

[diff] [blame]

1284

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1285

context = Context(SSLv23_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1286

with pytest.raises(TypeError):

1287

context.add_extra_chain_cert(object())

Jean-Paul Calderone

12608a8

2009-11-07 10:35:15 -0500

[diff] [blame]

1288

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1289

def _handshake_test(self, serverContext, clientContext):

1290

"""

1291

Verify that a client and server created with the given contexts can

1292

successfully handshake and communicate.

1293

"""

1294

serverSocket, clientSocket = socket_pair()

1295

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1296

server = Connection(serverContext, serverSocket)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1297

server.set_accept_state()

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1298

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1299

client = Connection(clientContext, clientSocket)

1300

client.set_connect_state()

1301

1302

# Make them talk to each other.

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1303

# interact_in_memory(client, server)

1304

for _ in range(3):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1305

for s in [client, server]:

1306

try:

1307

s.do_handshake()

1308

except WantReadError:

1309

pass

1310

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1311

def test_set_verify_callback_connection_argument(self):

1312

"""

1313

The first argument passed to the verify callback is the

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1314

`Connection` instance for which verification is taking place.

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1315

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1316

serverContext = Context(SSLv23_METHOD)

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1317

serverContext.use_privatekey(

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame]

1318

load_privatekey(FILETYPE_PEM, root_key_pem)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1319

)

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1320

serverContext.use_certificate(

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame]

1321

load_certificate(FILETYPE_PEM, root_cert_pem)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1322

)

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1323

serverConnection = Connection(serverContext, None)

1324

1325

class VerifyCallback(object):

1326

def callback(self, connection, *args):

1327

self.connection = connection

1328

return 1

1329

1330

verify = VerifyCallback()

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1331

clientContext = Context(SSLv23_METHOD)

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1332

clientContext.set_verify(VERIFY_PEER, verify.callback)

1333

clientConnection = Connection(clientContext, None)

1334

clientConnection.set_connect_state()

1335

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1336

handshake_in_memory(clientConnection, serverConnection)

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1337

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1338

assert verify.connection is clientConnection

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1339

Paul Kehrer

2017-11-30 20:55:25 +0800

[diff] [blame]

1340

def test_x509_in_verify_works(self):

1341

"""

1342

We had a bug where the X509 cert instantiated in the callback wrapper

1343

didn't __init__ so it was missing objects needed when calling

1344

get_subject. This test sets up a handshake where we call get_subject

1345

on the cert provided to the verify callback.

1346

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1347

serverContext = Context(SSLv23_METHOD)

Paul Kehrer

2017-11-30 20:55:25 +0800

[diff] [blame]

1348

serverContext.use_privatekey(

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame]

1349

load_privatekey(FILETYPE_PEM, root_key_pem)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1350

)

Paul Kehrer

2017-11-30 20:55:25 +0800

[diff] [blame]

1351

serverContext.use_certificate(

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame]

1352

load_certificate(FILETYPE_PEM, root_cert_pem)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1353

)

Paul Kehrer

2017-11-30 20:55:25 +0800

[diff] [blame]

1354

serverConnection = Connection(serverContext, None)

1355

1356

def verify_cb_get_subject(conn, cert, errnum, depth, ok):

1357

assert cert.get_subject()

1358

return 1

1359

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1360

clientContext = Context(SSLv23_METHOD)

Paul Kehrer

2017-11-30 20:55:25 +0800

[diff] [blame]

1361

clientContext.set_verify(VERIFY_PEER, verify_cb_get_subject)

1362

clientConnection = Connection(clientContext, None)

1363

clientConnection.set_connect_state()

1364

1365

handshake_in_memory(clientConnection, serverConnection)

1366

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1367

def test_set_verify_callback_exception(self):

1368

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1369

If the verify callback passed to `Context.set_verify` raises an

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1370

exception, verification fails and the exception is propagated to the

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1371

caller of `Connection.do_handshake`.

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1372

"""

Paul Kehrer

2019-01-21 12:24:02 -0600

[diff] [blame]

1373

serverContext = Context(TLSv1_2_METHOD)

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1374

serverContext.use_privatekey(

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame]

1375

load_privatekey(FILETYPE_PEM, root_key_pem)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1376

)

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1377

serverContext.use_certificate(

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame]

1378

load_certificate(FILETYPE_PEM, root_cert_pem)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1379

)

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1380

Paul Kehrer

2019-01-21 12:24:02 -0600

[diff] [blame]

1381

clientContext = Context(TLSv1_2_METHOD)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

1382

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1383

def verify_callback(*args):

1384

raise Exception("silly verify failure")

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1385

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1386

clientContext.set_verify(VERIFY_PEER, verify_callback)

1387

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

1388

with pytest.raises(Exception) as exc:

1389

self._handshake_test(serverContext, clientContext)

1390

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1391

assert "silly verify failure" == str(exc.value)

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1392

Arne Schwabe

3562df8

2020-11-27 19:29:49 +0100

[diff] [blame^]

1393

def test_set_verify_callback_reference(self):

1394

"""

1395

If the verify callback passed to `Context.set_verify` is set multiple

1396

times, the pointers to the old call functions should not be dangling

1397

and trigger a segfault.

1398

"""

1399

serverContext = Context(TLSv1_2_METHOD)

1400

serverContext.use_privatekey(

1401

load_privatekey(FILETYPE_PEM, root_key_pem)

1402

)

1403

serverContext.use_certificate(

1404

load_certificate(FILETYPE_PEM, root_cert_pem)

1405

)

1406

1407

clientContext = Context(TLSv1_2_METHOD)

clients = []

for i in range(5):

def verify_callback(*args):

1414

return True

1415

1416

serverSocket, clientSocket = socket_pair()

1417

client = Connection(clientContext, clientSocket)

1418

1419

clients.append((serverSocket, client))

1420

1421

clientContext.set_verify(VERIFY_PEER, verify_callback)

gc.collect()

# Make them talk to each other.

1426

for serverSocket, client in clients:

1427

server = Connection(serverContext, serverSocket)

1428

server.set_accept_state()

1429

client.set_connect_state()

1430

1431

for _ in range(5):

1432

for s in [client, server]:

1433

try:

1434

s.do_handshake()

1435

except WantReadError:

1436

pass

1437

Maximilian Hils

2020-08-08 03:08:17 +0200

[diff] [blame]

1438

@pytest.mark.parametrize("mode", [SSL.VERIFY_PEER, SSL.VERIFY_NONE])

1439

def test_set_verify_default_callback(self, mode):

1440

"""

1441

If the verify callback is omitted, the preverify value is used.

1442

"""

1443

serverContext = Context(TLSv1_2_METHOD)

1444

serverContext.use_privatekey(

1445

load_privatekey(FILETYPE_PEM, root_key_pem)

1446

)

1447

serverContext.use_certificate(

1448

load_certificate(FILETYPE_PEM, root_cert_pem)

1449

)

1450

1451

clientContext = Context(TLSv1_2_METHOD)

1452

clientContext.set_verify(mode, None)

1453

1454

if mode == SSL.VERIFY_PEER:

1455

with pytest.raises(Exception) as exc:

1456

self._handshake_test(serverContext, clientContext)

1457

assert "certificate verify failed" in str(exc.value)

1458

else:

1459

self._handshake_test(serverContext, clientContext)

1460

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1461

def test_add_extra_chain_cert(self, tmpdir):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1462

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1463

`Context.add_extra_chain_cert` accepts an `X509`

Hynek Schlawack

4813c0e

2015-04-16 13:38:01 -0400

[diff] [blame]

1464

instance to add to the certificate chain.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1465

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1466

See `_create_certificate_chain` for the details of the

Hynek Schlawack

4813c0e

2015-04-16 13:38:01 -0400

[diff] [blame]

1467

certificate chain tested.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1468

1469

The chain is tested by starting a server with scert and connecting

1470

to it with a client which trusts cacert and requires verification to

1471

succeed.

1472

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1473

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1474

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1475

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1476

# Dump the CA certificate to a file because that's the only way to load

1477

# it as a trusted CA in the client context.

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

for cert, name in [

(cacert, "ca.pem"),

(icert, "i.pem"),

(scert, "s.pem"),

]:

with tmpdir.join(name).open("w") as f:

1484

f.write(dump_certificate(FILETYPE_PEM, cert).decode("ascii"))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1485

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1486

for key, name in [(cakey, "ca.key"), (ikey, "i.key"), (skey, "s.key")]:

1487

with tmpdir.join(name).open("w") as f:

1488

f.write(dump_privatekey(FILETYPE_PEM, key).decode("ascii"))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1489

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1490

# Create the server context

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1491

serverContext = Context(SSLv23_METHOD)

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1492

serverContext.use_privatekey(skey)

1493

serverContext.use_certificate(scert)

Jean-Paul Calderone

16cf03d

2010-09-08 18:53:39 -0400

[diff] [blame]

1494

# The client already has cacert, we only need to give them icert.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1495

serverContext.add_extra_chain_cert(icert)

1496

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1497

# Create the client

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1498

clientContext = Context(SSLv23_METHOD)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1499

clientContext.set_verify(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1500

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb

1501

)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1502

clientContext.load_verify_locations(str(tmpdir.join("ca.pem")))

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1503

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1504

# Try it out.

1505

self._handshake_test(serverContext, clientContext)

1506

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1507

def _use_certificate_chain_file_test(self, certdir):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1508

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1509

Verify that `Context.use_certificate_chain_file` reads a

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1510

certificate chain from a specified file.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1511

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1512

The chain is tested by starting a server with scert and connecting to

1513

it with a client which trusts cacert and requires verification to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1514

succeed.

1515

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1516

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1517

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1518

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1519

makedirs(certdir)

1520

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

1521

chainFile = join_bytes_or_unicode(certdir, "chain.pem")

1522

caFile = join_bytes_or_unicode(certdir, "ca.pem")

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1523

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1524

# Write out the chain file.

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1525

with open(chainFile, "wb") as fObj:

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1526

# Most specific to least general.

1527

fObj.write(dump_certificate(FILETYPE_PEM, scert))

1528

fObj.write(dump_certificate(FILETYPE_PEM, icert))

1529

fObj.write(dump_certificate(FILETYPE_PEM, cacert))

1530

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1531

with open(caFile, "w") as fObj:

1532

fObj.write(dump_certificate(FILETYPE_PEM, cacert).decode("ascii"))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1533

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1534

serverContext = Context(SSLv23_METHOD)

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1535

serverContext.use_certificate_chain_file(chainFile)

1536

serverContext.use_privatekey(skey)

1537

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1538

clientContext = Context(SSLv23_METHOD)

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1539

clientContext.set_verify(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1540

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb

1541

)

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1542

clientContext.load_verify_locations(caFile)

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1543

1544

self._handshake_test(serverContext, clientContext)

1545

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1546

def test_use_certificate_chain_file_bytes(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1547

"""

1548

``Context.use_certificate_chain_file`` accepts the name of a file (as

1549

an instance of ``bytes``) to specify additional certificates to use to

1550

construct and verify a trust chain.

1551

"""

1552

self._use_certificate_chain_file_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1553

tmpfile + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1554

)

1555

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1556

def test_use_certificate_chain_file_unicode(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1557

"""

1558

``Context.use_certificate_chain_file`` accepts the name of a file (as

1559

an instance of ``unicode``) to specify additional certificates to use

1560

to construct and verify a trust chain.

1561

"""

1562

self._use_certificate_chain_file_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1563

tmpfile.decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1564

)

1565

Jean-Paul Calderone

131052e

2013-03-05 11:56:19 -0800

[diff] [blame]

1566

def test_use_certificate_chain_file_wrong_args(self):

1567

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1568

`Context.use_certificate_chain_file` raises `TypeError` if passed a

1569

non-byte string single argument.

Jean-Paul Calderone

131052e

2013-03-05 11:56:19 -0800

[diff] [blame]

1570

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1571

context = Context(SSLv23_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1572

with pytest.raises(TypeError):

1573

context.use_certificate_chain_file(object())

Jean-Paul Calderone

131052e

2013-03-05 11:56:19 -0800

[diff] [blame]

1574

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1575

def test_use_certificate_chain_file_missing_file(self, tmpfile):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1576

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1577

`Context.use_certificate_chain_file` raises `OpenSSL.SSL.Error` when

1578

passed a bad chain file name (for example, the name of a file which

1579

does not exist).

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1580

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1581

context = Context(SSLv23_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1582

with pytest.raises(Error):

1583

context.use_certificate_chain_file(tmpfile)

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1584

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1585

def test_set_verify_mode(self):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1586

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1587

`Context.get_verify_mode` returns the verify mode flags previously

1588

passed to `Context.set_verify`.

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1589

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1590

context = Context(SSLv23_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1591

assert context.get_verify_mode() == 0

Maximilian Hils

2020-08-08 03:08:17 +0200

[diff] [blame]

1592

context.set_verify(VERIFY_PEER | VERIFY_CLIENT_ONCE)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1593

assert context.get_verify_mode() == (VERIFY_PEER | VERIFY_CLIENT_ONCE)

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1594

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1595

@pytest.mark.parametrize("mode", [None, 1.0, object(), "mode"])

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1596

def test_set_verify_wrong_mode_arg(self, mode):

1597

"""

1598

`Context.set_verify` raises `TypeError` if the first argument is

1599

not an integer.

1600

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1601

context = Context(SSLv23_METHOD)

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1602

with pytest.raises(TypeError):

Maximilian Hils

2020-08-08 03:08:17 +0200

[diff] [blame]

1603

context.set_verify(mode=mode)

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1604

Maximilian Hils

2020-08-08 03:08:17 +0200

[diff] [blame]

1605

@pytest.mark.parametrize("callback", [1.0, "mode", ("foo", "bar")])

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1606

def test_set_verify_wrong_callable_arg(self, callback):

1607

"""

Alex Gaynor

40bc0f1

2018-05-14 14:06:16 -0400

[diff] [blame]

1608

`Context.set_verify` raises `TypeError` if the second argument

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1609

is not callable.

1610

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1611

context = Context(SSLv23_METHOD)

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1612

with pytest.raises(TypeError):

1613

context.set_verify(mode=VERIFY_PEER, callback=callback)

1614

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1615

def test_load_tmp_dh_wrong_args(self):

1616

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1617

`Context.load_tmp_dh` raises `TypeError` if called with a

1618

non-`str` argument.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1619

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1620

context = Context(SSLv23_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1621

with pytest.raises(TypeError):

1622

context.load_tmp_dh(object())

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1623

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1624

def test_load_tmp_dh_missing_file(self):

1625

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1626

`Context.load_tmp_dh` raises `OpenSSL.SSL.Error` if the

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

1627

specified file does not exist.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1628

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1629

context = Context(SSLv23_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1630

with pytest.raises(Error):

1631

context.load_tmp_dh(b"hello")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1632

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1633

def _load_tmp_dh_test(self, dhfilename):

Jean-Paul Calderone

4e0c43f

2015-04-13 10:15:17 -0400

[diff] [blame]

1634

"""

1635

Verify that calling ``Context.load_tmp_dh`` with the given filename

1636

does not raise an exception.

1637

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1638

context = Context(SSLv23_METHOD)

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1639

with open(dhfilename, "w") as dhfile:

1640

dhfile.write(dhparam)

1641

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1642

context.load_tmp_dh(dhfilename)

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1643

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1644

def test_load_tmp_dh_bytes(self, tmpfile):

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1645

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1646

`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1647

specified file (given as ``bytes``).

1648

"""

1649

self._load_tmp_dh_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1650

tmpfile + NON_ASCII.encode(getfilesystemencoding()),

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1651

)

1652

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1653

def test_load_tmp_dh_unicode(self, tmpfile):

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1654

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1655

`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1656

specified file (given as ``unicode``).

1657

"""

1658

self._load_tmp_dh_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1659

tmpfile.decode(getfilesystemencoding()) + NON_ASCII,

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1660

)

1661

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1662

def test_set_tmp_ecdh(self):

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1663

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1664

`Context.set_tmp_ecdh` sets the elliptic curve for Diffie-Hellman to

1665

the specified curve.

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1666

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1667

context = Context(SSLv23_METHOD)

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1668

for curve in get_elliptic_curves():

Hynek Schlawack

a07fa8c

2015-10-17 10:15:28 +0200

[diff] [blame]

1669

if curve.name.startswith(u"Oakley-"):

Hynek Schlawack

7408aff

2015-10-17 09:51:16 +0200

[diff] [blame]

1670

# Setting Oakley-EC2N-4 and Oakley-EC2N-3 adds

1671

# ('bignum routines', 'BN_mod_inverse', 'no inverse') to the

1672

# error queue on OpenSSL 1.0.2.

1673

continue

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1674

# The only easily "assertable" thing is that it does not raise an

1675

# exception.

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1676

context.set_tmp_ecdh(curve)

Alex Gaynor

12dc084

2014-01-17 12:51:31 -0600

[diff] [blame]

1677

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1678

def test_set_session_cache_mode_wrong_args(self):

1679

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1680

`Context.set_session_cache_mode` raises `TypeError` if called with

1681

a non-integer argument.

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1682

called with other than one integer argument.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1683

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1684

context = Context(SSLv23_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1685

with pytest.raises(TypeError):

1686

context.set_session_cache_mode(object())

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1687

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1688

def test_session_cache_mode(self):

1689

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1690

`Context.set_session_cache_mode` specifies how sessions are cached.

1691

The setting can be retrieved via `Context.get_session_cache_mode`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1692

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1693

context = Context(SSLv23_METHOD)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1694

context.set_session_cache_mode(SESS_CACHE_OFF)

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1695

off = context.set_session_cache_mode(SESS_CACHE_BOTH)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1696

assert SESS_CACHE_OFF == off

1697

assert SESS_CACHE_BOTH == context.get_session_cache_mode()

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1698

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1699

def test_get_cert_store(self):

1700

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1701

`Context.get_cert_store` returns a `X509Store` instance.

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1702

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1703

context = Context(SSLv23_METHOD)

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1704

store = context.get_cert_store()

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1705

assert isinstance(store, X509Store)

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1706

Jeremy Lainé

2018-05-16 18:33:25 +0200

[diff] [blame]

1707

def test_set_tlsext_use_srtp_not_bytes(self):

1708

"""

1709

`Context.set_tlsext_use_srtp' enables negotiating SRTP keying material.

1710

1711

It raises a TypeError if the list of profiles is not a byte string.

1712

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1713

context = Context(SSLv23_METHOD)

Jeremy Lainé

2018-05-16 18:33:25 +0200

[diff] [blame]

1714

with pytest.raises(TypeError):

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1715

context.set_tlsext_use_srtp(text_type("SRTP_AES128_CM_SHA1_80"))

Jeremy Lainé

2018-05-16 18:33:25 +0200

[diff] [blame]

1716

1717

def test_set_tlsext_use_srtp_invalid_profile(self):

1718

"""

1719

`Context.set_tlsext_use_srtp' enables negotiating SRTP keying material.

1720

1721

It raises an Error if the call to OpenSSL fails.

1722

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1723

context = Context(SSLv23_METHOD)

Jeremy Lainé

2018-05-16 18:33:25 +0200

[diff] [blame]

1724

with pytest.raises(Error):

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1725

context.set_tlsext_use_srtp(b"SRTP_BOGUS")

Jeremy Lainé

2018-05-16 18:33:25 +0200

[diff] [blame]

1726

1727

def test_set_tlsext_use_srtp_valid(self):

1728

"""

1729

`Context.set_tlsext_use_srtp' enables negotiating SRTP keying material.

1730

1731

It does not return anything.

1732

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1733

context = Context(SSLv23_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1734

assert context.set_tlsext_use_srtp(b"SRTP_AES128_CM_SHA1_80") is None

Jeremy Lainé

2018-05-16 18:33:25 +0200

[diff] [blame]

1735

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1736

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1737

class TestServerNameCallback(object):

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1738

"""

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1739

Tests for `Context.set_tlsext_servername_callback` and its

1740

interaction with `Connection`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1741

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1742

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1743

def test_old_callback_forgotten(self):

1744

"""

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1745

If `Context.set_tlsext_servername_callback` is used to specify

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1746

a new callback, the one it replaces is dereferenced.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1747

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1748

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1749

def callback(connection): # pragma: no cover

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1750

pass

1751

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1752

def replacement(connection): # pragma: no cover

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1753

pass

1754

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1755

context = Context(SSLv23_METHOD)

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1756

context.set_tlsext_servername_callback(callback)

1757

1758

tracker = ref(callback)

1759

del callback

1760

1761

context.set_tlsext_servername_callback(replacement)

Jean-Paul Calderone

d4033eb

2014-01-11 08:21:46 -0500

[diff] [blame]

1762

1763

# One run of the garbage collector happens to work on CPython. PyPy

1764

# doesn't collect the underlying object until a second run for whatever

1765

# reason. That's fine, it still demonstrates our code has properly

1766

# dropped the reference.

1767

collect()

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1768

collect()

Jean-Paul Calderone

4c1aacd

2014-01-11 08:15:17 -0500

[diff] [blame]

1769

1770

callback = tracker()

1771

if callback is not None:

1772

referrers = get_referrers(callback)

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1773

if len(referrers) > 1: # pragma: nocover

1774

pytest.fail("Some references remain: %r" % (referrers,))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1775

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1776

def test_no_servername(self):

1777

"""

1778

When a client specifies no server name, the callback passed to

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1779

`Context.set_tlsext_servername_callback` is invoked and the

1780

result of `Connection.get_servername` is `None`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1781

"""

1782

args = []

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1783

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1784

def servername(conn):

1785

args.append((conn, conn.get_servername()))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1786

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1787

context = Context(SSLv23_METHOD)

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1788

context.set_tlsext_servername_callback(servername)

1789

1790

# Lose our reference to it. The Context is responsible for keeping it

# alive now.

del servername

collect()

# Necessary to actually accept the connection

1796

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1797

context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1798

load_certificate(FILETYPE_PEM, server_cert_pem)

1799

)

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1800

1801

# Do a little connection to trigger the logic

1802

server = Connection(context, None)

1803

server.set_accept_state()

1804

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1805

client = Connection(Context(SSLv23_METHOD), None)

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1806

client.set_connect_state()

1807

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1808

interact_in_memory(server, client)

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1809

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1810

assert args == [(server, None)]

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1811

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1812

def test_servername(self):

1813

"""

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1814

When a client specifies a server name in its hello message, the

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1815

callback passed to `Contexts.set_tlsext_servername_callback` is

1816

invoked and the result of `Connection.get_servername` is that

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1817

server name.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1818

"""

1819

args = []

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1820

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1821

def servername(conn):

1822

args.append((conn, conn.get_servername()))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1823

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1824

context = Context(SSLv23_METHOD)

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1825

context.set_tlsext_servername_callback(servername)

1826

1827

# Necessary to actually accept the connection

1828

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1829

context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1830

load_certificate(FILETYPE_PEM, server_cert_pem)

1831

)

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1832

1833

# Do a little connection to trigger the logic

1834

server = Connection(context, None)

1835

server.set_accept_state()

1836

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1837

client = Connection(Context(SSLv23_METHOD), None)

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1838

client.set_connect_state()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

1839

client.set_tlsext_host_name(b"foo1.example.com")

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1840

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1841

interact_in_memory(server, client)

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1842

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1843

assert args == [(server, b"foo1.example.com")]

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1844

1845

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1846

class TestApplicationLayerProtoNegotiation(object):

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1847

"""

1848

Tests for ALPN in PyOpenSSL.

1849

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1850

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1851

def test_alpn_success(self):

1852

"""

1853

Clients and servers that agree on the negotiated ALPN protocol can

1854

correct establish a connection, and the agreed protocol is reported

1855

by the connections.

1856

"""

1857

select_args = []

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1858

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1859

def select(conn, options):

1860

select_args.append((conn, options))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1861

return b"spdy/2"

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1862

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1863

client_context = Context(SSLv23_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1864

client_context.set_alpn_protos([b"http/1.1", b"spdy/2"])

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1865

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1866

server_context = Context(SSLv23_METHOD)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1867

server_context.set_alpn_select_callback(select)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1868

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1869

# Necessary to actually accept the connection

1870

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1871

load_privatekey(FILETYPE_PEM, server_key_pem)

1872

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1873

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1874

load_certificate(FILETYPE_PEM, server_cert_pem)

1875

)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1876

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1877

# Do a little connection to trigger the logic

1878

server = Connection(server_context, None)

1879

server.set_accept_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1880

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1881

client = Connection(client_context, None)

1882

client.set_connect_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1883

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1884

interact_in_memory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1885

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1886

assert select_args == [(server, [b"http/1.1", b"spdy/2"])]

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1887

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1888

assert server.get_alpn_proto_negotiated() == b"spdy/2"

1889

assert client.get_alpn_proto_negotiated() == b"spdy/2"

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1890

1891

def test_alpn_set_on_connection(self):

1892

"""

1893

The same as test_alpn_success, but setting the ALPN protocols on

1894

the connection rather than the context.

"""

select_args = []

def select(conn, options):

1899

select_args.append((conn, options))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1900

return b"spdy/2"

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1901

1902

# Setup the client context but don't set any ALPN protocols.

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1903

client_context = Context(SSLv23_METHOD)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1904

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1905

server_context = Context(SSLv23_METHOD)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1906

server_context.set_alpn_select_callback(select)

1907

1908

# Necessary to actually accept the connection

1909

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1910

load_privatekey(FILETYPE_PEM, server_key_pem)

1911

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1912

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1913

load_certificate(FILETYPE_PEM, server_cert_pem)

1914

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1915

1916

# Do a little connection to trigger the logic

1917

server = Connection(server_context, None)

1918

server.set_accept_state()

1919

1920

# Set the ALPN protocols on the client connection.

1921

client = Connection(client_context, None)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1922

client.set_alpn_protos([b"http/1.1", b"spdy/2"])

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1923

client.set_connect_state()

1924

1925

interact_in_memory(server, client)

1926

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1927

assert select_args == [(server, [b"http/1.1", b"spdy/2"])]

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1928

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1929

assert server.get_alpn_proto_negotiated() == b"spdy/2"

1930

assert client.get_alpn_proto_negotiated() == b"spdy/2"

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1931

1932

def test_alpn_server_fail(self):

1933

"""

1934

When clients and servers cannot agree on what protocol to use next

1935

the TLS connection does not get established.

"""

select_args = []

def select(conn, options):

1940

select_args.append((conn, options))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1941

return b""

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1942

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1943

client_context = Context(SSLv23_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1944

client_context.set_alpn_protos([b"http/1.1", b"spdy/2"])

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1945

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

1946

server_context = Context(SSLv23_METHOD)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1947

server_context.set_alpn_select_callback(select)

1948

1949

# Necessary to actually accept the connection

1950

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1951

load_privatekey(FILETYPE_PEM, server_key_pem)

1952

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1953

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1954

load_certificate(FILETYPE_PEM, server_cert_pem)

1955

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1956

1957

# Do a little connection to trigger the logic

1958

server = Connection(server_context, None)

1959

server.set_accept_state()

1960

1961

client = Connection(client_context, None)

1962

client.set_connect_state()

1963

1964

# If the client doesn't return anything, the connection will fail.

1965

with pytest.raises(Error):

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1966

interact_in_memory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1967

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1968

assert select_args == [(server, [b"http/1.1", b"spdy/2"])]

Cory Benfield

e46fa84

2015-04-13 16:50:49 -0400

[diff] [blame]

1969

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1970

def test_alpn_no_server_overlap(self):

1971

"""

1972

A server can allow a TLS handshake to complete without

1973

agreeing to an application protocol by returning

1974

``NO_OVERLAPPING_PROTOCOLS``.

1975

"""

1976

refusal_args = []

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1977

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1978

def refusal(conn, options):

1979

refusal_args.append((conn, options))

1980

return NO_OVERLAPPING_PROTOCOLS

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1981

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1982

client_context = Context(SSLv23_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1983

client_context.set_alpn_protos([b"http/1.1", b"spdy/2"])

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1984

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1985

server_context = Context(SSLv23_METHOD)

1986

server_context.set_alpn_select_callback(refusal)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1987

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1988

# Necessary to actually accept the connection

1989

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1990

load_privatekey(FILETYPE_PEM, server_key_pem)

1991

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1992

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1993

load_certificate(FILETYPE_PEM, server_cert_pem)

1994

)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1995

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1996

# Do a little connection to trigger the logic

1997

server = Connection(server_context, None)

1998

server.set_accept_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1999

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2000

client = Connection(client_context, None)

2001

client.set_connect_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2002

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2003

# Do the dance.

2004

interact_in_memory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2005

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2006

assert refusal_args == [(server, [b"http/1.1", b"spdy/2"])]

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2007

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2008

assert client.get_alpn_proto_negotiated() == b""

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2009

2010

def test_alpn_select_cb_returns_invalid_value(self):

2011

"""

2012

If the ALPN selection callback returns anything other than

2013

a bytestring or ``NO_OVERLAPPING_PROTOCOLS``, a

2014

:py:exc:`TypeError` is raised.

"""

invalid_cb_args = []

def invalid_cb(conn, options):

2019

invalid_cb_args.append((conn, options))

2020

return u"can't return unicode"

2021

2022

client_context = Context(SSLv23_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2023

client_context.set_alpn_protos([b"http/1.1", b"spdy/2"])

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2024

2025

server_context = Context(SSLv23_METHOD)

2026

server_context.set_alpn_select_callback(invalid_cb)

2027

2028

# Necessary to actually accept the connection

2029

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2030

load_privatekey(FILETYPE_PEM, server_key_pem)

2031

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2032

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2033

load_certificate(FILETYPE_PEM, server_cert_pem)

2034

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2035

2036

# Do a little connection to trigger the logic

2037

server = Connection(server_context, None)

2038

server.set_accept_state()

2039

2040

client = Connection(client_context, None)

2041

client.set_connect_state()

2042

2043

# Do the dance.

2044

with pytest.raises(TypeError):

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

2045

interact_in_memory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2046

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2047

assert invalid_cb_args == [(server, [b"http/1.1", b"spdy/2"])]

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2048

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2049

assert client.get_alpn_proto_negotiated() == b""

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2050

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2051

def test_alpn_no_server(self):

2052

"""

2053

When clients and servers cannot agree on what protocol to use next

2054

because the server doesn't offer ALPN, no protocol is negotiated.

2055

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2056

client_context = Context(SSLv23_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2057

client_context.set_alpn_protos([b"http/1.1", b"spdy/2"])

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2058

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2059

server_context = Context(SSLv23_METHOD)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2060

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2061

# Necessary to actually accept the connection

2062

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2063

load_privatekey(FILETYPE_PEM, server_key_pem)

2064

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2065

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2066

load_certificate(FILETYPE_PEM, server_cert_pem)

2067

)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2068

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2069

# Do a little connection to trigger the logic

2070

server = Connection(server_context, None)

2071

server.set_accept_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2072

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2073

client = Connection(client_context, None)

2074

client.set_connect_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2075

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2076

# Do the dance.

2077

interact_in_memory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2078

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2079

assert client.get_alpn_proto_negotiated() == b""

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2080

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2081

def test_alpn_callback_exception(self):

2082

"""

2083

We can handle exceptions in the ALPN select callback.

2084

"""

2085

select_args = []

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2086

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2087

def select(conn, options):

2088

select_args.append((conn, options))

2089

raise TypeError()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2090

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2091

client_context = Context(SSLv23_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2092

client_context.set_alpn_protos([b"http/1.1", b"spdy/2"])

Mark Williams

2019-11-17 19:56:26 -0800

[diff] [blame]

2093

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2094

server_context = Context(SSLv23_METHOD)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2095

server_context.set_alpn_select_callback(select)

Mark Williams

2019-11-17 19:56:26 -0800

[diff] [blame]

2096

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2097

# Necessary to actually accept the connection

2098

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2099

load_privatekey(FILETYPE_PEM, server_key_pem)

2100

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2101

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2102

load_certificate(FILETYPE_PEM, server_cert_pem)

2103

)

Mark Williams

2019-11-17 19:56:26 -0800

[diff] [blame]

2104

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2105

# Do a little connection to trigger the logic

2106

server = Connection(server_context, None)

2107

server.set_accept_state()

Mark Williams

2019-11-17 19:56:26 -0800

[diff] [blame]

2108

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2109

client = Connection(client_context, None)

2110

client.set_connect_state()

Mark Williams

2019-11-17 19:56:26 -0800

[diff] [blame]

2111

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2112

with pytest.raises(TypeError):

Mark Williams

2019-11-17 19:56:26 -0800

[diff] [blame]

2113

interact_in_memory(server, client)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2114

assert select_args == [(server, [b"http/1.1", b"spdy/2"])]

Cory Benfield

0f7b04c

2015-04-13 17:51:12 -0400

[diff] [blame]

2115

Cory Benfield

f1177e7

2015-04-12 09:11:49 -0400

[diff] [blame]

2116

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

2117

class TestSession(object):

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

2118

"""

2119

Unit tests for :py:obj:`OpenSSL.SSL.Session`.

2120

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2121

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

2122

def test_construction(self):

2123

"""

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2124

:py:class:`Session` can be constructed with no arguments, creating

2125

a new instance of that type.

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

2126

"""

2127

new_session = Session()

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

2128

assert isinstance(new_session, Session)

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

2129

2130

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2131

class TestConnection(object):

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2132

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2133

Unit tests for `OpenSSL.SSL.Connection`.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2134

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2135

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

2136

# XXX get_peer_certificate -> None

2137

# XXX sock_shutdown

2138

# XXX master_key -> TypeError

2139

# XXX server_random -> TypeError

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

2140

# XXX connect -> TypeError

2141

# XXX connect_ex -> TypeError

2142

# XXX set_connect_state -> TypeError

2143

# XXX set_accept_state -> TypeError

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

2144

# XXX do_handshake -> TypeError

2145

# XXX bio_read -> TypeError

2146

# XXX recv -> TypeError

2147

# XXX send -> TypeError

2148

# XXX bio_write -> TypeError

2149

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2150

def test_type(self):

2151

"""

Alex Gaynor

01f90a1

2019-02-07 09:14:48 -0500

[diff] [blame]

2152

`Connection` can be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2153

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2154

ctx = Context(SSLv23_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2155

assert is_consistent_type(Connection, "Connection", ctx, None)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2156

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2157

@pytest.mark.parametrize("bad_context", [object(), "context", None, 1])

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

2158

def test_wrong_args(self, bad_context):

2159

"""

2160

`Connection.__init__` raises `TypeError` if called with a non-`Context`

2161

instance argument.

2162

"""

2163

with pytest.raises(TypeError):

2164

Connection(bad_context)

2165

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2166

@pytest.mark.parametrize("bad_bio", [object(), None, 1, [1, 2, 3]])

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

2167

def test_bio_write_wrong_args(self, bad_bio):

2168

"""

2169

`Connection.bio_write` raises `TypeError` if called with a non-bytes

2170

(or text) argument.

2171

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2172

context = Context(SSLv23_METHOD)

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

2173

connection = Connection(context, None)

2174

with pytest.raises(TypeError):

2175

connection.bio_write(bad_bio)

2176

2177

def test_bio_write(self):

2178

"""

2179

`Connection.bio_write` does not raise if called with bytes or

2180

bytearray, warns if called with text.

2181

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2182

context = Context(SSLv23_METHOD)

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

2183

connection = Connection(context, None)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2184

connection.bio_write(b"xy")

2185

connection.bio_write(bytearray(b"za"))

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

2186

with pytest.warns(DeprecationWarning):

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2187

connection.bio_write(u"deprecated")

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

2188

Jean-Paul Calderone

2009-11-22 11:46:42 -0500

[diff] [blame]

2189

def test_get_context(self):

2190

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2191

`Connection.get_context` returns the `Context` instance used to

2192

construct the `Connection` instance.

Jean-Paul Calderone

2009-11-22 11:46:42 -0500

[diff] [blame]

2193

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2194

context = Context(SSLv23_METHOD)

Jean-Paul Calderone

2009-11-22 11:46:42 -0500

[diff] [blame]

2195

connection = Connection(context, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2196

assert connection.get_context() is context

Jean-Paul Calderone

2009-11-22 11:46:42 -0500

[diff] [blame]

2197

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2198

def test_set_context_wrong_args(self):

2199

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2200

`Connection.set_context` raises `TypeError` if called with a

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

2201

non-`Context` instance argument.

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2202

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2203

ctx = Context(SSLv23_METHOD)

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2204

connection = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2205

with pytest.raises(TypeError):

2206

connection.set_context(object())

2207

with pytest.raises(TypeError):

2208

connection.set_context("hello")

2209

with pytest.raises(TypeError):

2210

connection.set_context(1)

2211

assert ctx is connection.get_context()

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2212

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2213

def test_set_context(self):

2214

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2215

`Connection.set_context` specifies a new `Context` instance to be

2216

used for the connection.

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2217

"""

2218

original = Context(SSLv23_METHOD)

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2219

replacement = Context(SSLv23_METHOD)

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2220

connection = Connection(original, None)

2221

connection.set_context(replacement)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2222

assert replacement is connection.get_context()

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2223

# Lose our references to the contexts, just in case the Connection

2224

# isn't properly managing its own contributions to their reference

2225

# counts.

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2226

del original, replacement

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2227

collect()

2228

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2229

def test_set_tlsext_host_name_wrong_args(self):

2230

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2231

If `Connection.set_tlsext_host_name` is called with a non-byte string

2232

argument or a byte string with an embedded NUL, `TypeError` is raised.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2233

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2234

conn = Connection(Context(SSLv23_METHOD), None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2235

with pytest.raises(TypeError):

2236

conn.set_tlsext_host_name(object())

2237

with pytest.raises(TypeError):

2238

conn.set_tlsext_host_name(b"with\0null")

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2239

Hugo van Kemenade

60827f8

2019-08-30 00:39:35 +0300

[diff] [blame]

2240

if not PY2:

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2241

# On Python 3.x, don't accidentally implicitly convert from text.

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2242

with pytest.raises(TypeError):

2243

conn.set_tlsext_host_name(b"example.com".decode("ascii"))

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

2244

Jean-Paul Calderone

1d69a72

2010-07-29 09:05:53 -0400

[diff] [blame]

2245

def test_pending(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2246

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2247

`Connection.pending` returns the number of bytes available for

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2248

immediate read.

2249

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2250

connection = Connection(Context(SSLv23_METHOD), None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2251

assert connection.pending() == 0

Jean-Paul Calderone

1d69a72

2010-07-29 09:05:53 -0400

[diff] [blame]

2252

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

2253

def test_peek(self):

2254

"""

Hynek Schlawack

3bcf315

2017-02-18 08:25:34 +0100

[diff] [blame]

2255

`Connection.recv` peeks into the connection if `socket.MSG_PEEK` is

2256

passed.

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

2257

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2258

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2259

server.send(b"xy")

2260

assert client.recv(2, MSG_PEEK) == b"xy"

2261

assert client.recv(2, MSG_PEEK) == b"xy"

2262

assert client.recv(2) == b"xy"

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

2263

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2264

def test_connect_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2265

"""

Hynek Schlawack

3bcf315

2017-02-18 08:25:34 +0100

[diff] [blame]

2266

`Connection.connect` raises `TypeError` if called with a non-address

2267

argument.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2268

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2269

connection = Connection(Context(SSLv23_METHOD), socket_any_family())

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2270

with pytest.raises(TypeError):

2271

connection.connect(None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2272

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2273

def test_connect_refused(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2274

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2275

`Connection.connect` raises `socket.error` if the underlying socket

2276

connect method raises it.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2277

"""

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2278

client = socket_any_family()

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2279

context = Context(SSLv23_METHOD)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2280

clientSSL = Connection(context, client)

Alex Gaynor

122717b

2015-09-05 14:14:18 -0400

[diff] [blame]

2281

# pytest.raises here doesn't work because of a bug in py.test on Python

2282

# 2.6: https://github.com/pytest-dev/pytest/issues/988

Alex Gaynor

e69c278

2015-09-05 14:07:48 -0400

[diff] [blame]

2283

try:

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2284

clientSSL.connect((loopback_address(client), 1))

Alex Gaynor

e69c278

2015-09-05 14:07:48 -0400

[diff] [blame]

2285

except error as e:

Alex Gaynor

20a4c08

2015-09-05 14:24:15 -0400

[diff] [blame]

2286

exc = e

2287

assert exc.args[0] == ECONNREFUSED

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2288

2289

def test_connect(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2290

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2291

`Connection.connect` establishes a connection to the specified address.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2292

"""

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2293

port = socket_any_family()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2294

port.bind(("", 0))

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2295

port.listen(3)

2296

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2297

clientSSL = Connection(Context(SSLv23_METHOD), socket(port.family))

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2298

clientSSL.connect((loopback_address(port), port.getsockname()[1]))

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

2299

# XXX An assertion? Or something?

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2300

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2301

@pytest.mark.skipif(

2302

platform == "darwin",

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2303

reason="connect_ex sometimes causes a kernel panic on OS X 10.6.4",

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2304

)

2305

def test_connect_ex(self):

2306

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2307

If there is a connection error, `Connection.connect_ex` returns the

2308

errno instead of raising an exception.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2309

"""

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2310

port = socket_any_family()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2311

port.bind(("", 0))

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2312

port.listen(3)

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2313

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2314

clientSSL = Connection(Context(SSLv23_METHOD), socket(port.family))

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2315

clientSSL.setblocking(False)

2316

result = clientSSL.connect_ex(port.getsockname())

2317

expected = (EINPROGRESS, EWOULDBLOCK)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2318

assert result in expected

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2319

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2320

def test_accept(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2321

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2322

`Connection.accept` accepts a pending connection attempt and returns a

2323

tuple of a new `Connection` (the accepted client) and the address the

2324

connection originated from.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2325

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2326

ctx = Context(SSLv23_METHOD)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2327

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2328

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2329

port = socket_any_family()

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2330

portSSL = Connection(ctx, port)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2331

portSSL.bind(("", 0))

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2332

portSSL.listen(3)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2333

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2334

clientSSL = Connection(Context(SSLv23_METHOD), socket(port.family))

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

2335

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2336

# Calling portSSL.getsockname() here to get the server IP address

2337

# sounds great, but frequently fails on Windows.

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2338

clientSSL.connect((loopback_address(port), portSSL.getsockname()[1]))

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2339

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2340

serverSSL, address = portSSL.accept()

2341

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2342

assert isinstance(serverSSL, Connection)

2343

assert serverSSL.get_context() is ctx

2344

assert address == clientSSL.getsockname()

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2345

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2346

def test_shutdown_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2347

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2348

`Connection.set_shutdown` raises `TypeError` if called with arguments

2349

other than integers.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2350

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2351

connection = Connection(Context(SSLv23_METHOD), None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2352

with pytest.raises(TypeError):

2353

connection.set_shutdown(None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2354

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2355

def test_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2356

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2357

`Connection.shutdown` performs an SSL-level connection shutdown.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2358

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2359

server, client = loopback()

2360

assert not server.shutdown()

2361

assert server.get_shutdown() == SENT_SHUTDOWN

2362

with pytest.raises(ZeroReturnError):

2363

client.recv(1024)

2364

assert client.get_shutdown() == RECEIVED_SHUTDOWN

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

2365

client.shutdown()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2366

assert client.get_shutdown() == (SENT_SHUTDOWN | RECEIVED_SHUTDOWN)

2367

with pytest.raises(ZeroReturnError):

2368

server.recv(1024)

2369

assert server.get_shutdown() == (SENT_SHUTDOWN | RECEIVED_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2370

Paul Aurich

2015-01-08 08:34:33 -0800

[diff] [blame]

2371

def test_shutdown_closed(self):

2372

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2373

If the underlying socket is closed, `Connection.shutdown` propagates

2374

the write error from the low level write call.

Paul Aurich

2015-01-08 08:34:33 -0800

[diff] [blame]

2375

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2376

server, client = loopback()

Paul Aurich

2015-01-08 08:34:33 -0800

[diff] [blame]

2377

server.sock_shutdown(2)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2378

with pytest.raises(SysCallError) as exc:

2379

server.shutdown()

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

2380

if platform == "win32":

2381

assert exc.value.args[0] == ESHUTDOWN

2382

else:

2383

assert exc.value.args[0] == EPIPE

Paul Aurich

2015-01-08 08:34:33 -0800

[diff] [blame]

2384

Glyph

2015-04-14 17:29:26 -0400

[diff] [blame]

2385

def test_shutdown_truncated(self):

Glyph

6064ec3

2015-04-14 16:38:22 -0400

[diff] [blame]

2386

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2387

If the underlying connection is truncated, `Connection.shutdown`

2388

raises an `Error`.

Glyph

6064ec3

2015-04-14 16:38:22 -0400

[diff] [blame]

2389

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2390

server_ctx = Context(SSLv23_METHOD)

2391

client_ctx = Context(SSLv23_METHOD)

Glyph

2015-04-14 17:29:26 -0400

[diff] [blame]

2392

server_ctx.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2393

load_privatekey(FILETYPE_PEM, server_key_pem)

2394

)

Glyph

2015-04-14 17:29:26 -0400

[diff] [blame]

2395

server_ctx.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2396

load_certificate(FILETYPE_PEM, server_cert_pem)

2397

)

Glyph

2015-04-14 17:29:26 -0400

[diff] [blame]

2398

server = Connection(server_ctx, None)

2399

client = Connection(client_ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2400

handshake_in_memory(client, server)

2401

assert not server.shutdown()

2402

with pytest.raises(WantReadError):

2403

server.shutdown()

Glyph

2015-04-14 17:29:26 -0400

[diff] [blame]

2404

server.bio_shutdown()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2405

with pytest.raises(Error):

2406

server.shutdown()

Glyph

6064ec3

2015-04-14 16:38:22 -0400

[diff] [blame]

2407

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2408

def test_set_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2409

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2410

`Connection.set_shutdown` sets the state of the SSL connection

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2411

shutdown process.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2412

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2413

connection = Connection(Context(SSLv23_METHOD), socket_any_family())

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2414

connection.set_shutdown(RECEIVED_SHUTDOWN)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2415

assert connection.get_shutdown() == RECEIVED_SHUTDOWN

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2416

kjav

2015-09-07 12:14:01 +0100

[diff] [blame]

2417

def test_state_string(self):

2418

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2419

`Connection.state_string` verbosely describes the current state of

2420

the `Connection`.

kjav

2015-09-07 12:14:01 +0100

[diff] [blame]

2421

"""

Hynek Schlawack

b0274ce

2015-10-16 19:56:26 +0200

[diff] [blame]

2422

server, client = socket_pair()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2423

server = loopback_server_factory(server)

2424

client = loopback_client_factory(client)

kjav

2015-09-07 12:14:01 +0100

[diff] [blame]

2425

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2426

assert server.get_state_string() in [

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2427

b"before/accept initialization",

2428

b"before SSL initialization",

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2429

]

2430

assert client.get_state_string() in [

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2431

b"before/connect initialization",

2432

b"before SSL initialization",

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2433

]

kjav

2015-09-07 12:14:01 +0100

[diff] [blame]

2434

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

2435

def test_app_data(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2436

"""

2437

Any object can be set as app data by passing it to

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2438

`Connection.set_app_data` and later retrieved with

2439

`Connection.get_app_data`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2440

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2441

conn = Connection(Context(SSLv23_METHOD), None)

Todd Chapman

4f73e4f

2015-08-27 11:26:43 -0400

[diff] [blame]

2442

assert None is conn.get_app_data()

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

2443

app_data = object()

2444

conn.set_app_data(app_data)

Todd Chapman

4f73e4f

2015-08-27 11:26:43 -0400

[diff] [blame]

2445

assert conn.get_app_data() is app_data

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

2446

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2447

def test_makefile(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2448

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2449

`Connection.makefile` is not implemented and calling that

2450

method raises `NotImplementedError`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2451

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2452

conn = Connection(Context(SSLv23_METHOD), None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2453

with pytest.raises(NotImplementedError):

2454

conn.makefile()

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2455

Jeremy Lainé

460a19d

2018-05-16 19:44:19 +0200

[diff] [blame]

2456

def test_get_certificate(self):

2457

"""

2458

`Connection.get_certificate` returns the local certificate.

2459

"""

2460

chain = _create_certificate_chain()

2461

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

2462

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2463

context = Context(SSLv23_METHOD)

Jeremy Lainé

460a19d

2018-05-16 19:44:19 +0200

[diff] [blame]

2464

context.use_certificate(scert)

2465

client = Connection(context, None)

2466

cert = client.get_certificate()

2467

assert cert is not None

2468

assert "Server Certificate" == cert.get_subject().CN

2469

2470

def test_get_certificate_none(self):

2471

"""

2472

`Connection.get_certificate` returns the local certificate.

2473

2474

If there is no certificate, it returns None.

2475

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2476

context = Context(SSLv23_METHOD)

Jeremy Lainé

460a19d

2018-05-16 19:44:19 +0200

[diff] [blame]

2477

client = Connection(context, None)

2478

cert = client.get_certificate()

2479

assert cert is None

2480

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2481

def test_get_peer_cert_chain(self):

2482

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2483

`Connection.get_peer_cert_chain` returns a list of certificates

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2484

which the connected server returned for the certification verification.

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2485

"""

2486

chain = _create_certificate_chain()

2487

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

2488

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2489

serverContext = Context(SSLv23_METHOD)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2490

serverContext.use_privatekey(skey)

2491

serverContext.use_certificate(scert)

2492

serverContext.add_extra_chain_cert(icert)

2493

serverContext.add_extra_chain_cert(cacert)

2494

server = Connection(serverContext, None)

2495

server.set_accept_state()

2496

2497

# Create the client

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2498

clientContext = Context(SSLv23_METHOD)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2499

clientContext.set_verify(VERIFY_NONE, verify_cb)

2500

client = Connection(clientContext, None)

2501

client.set_connect_state()

2502

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2503

interact_in_memory(client, server)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2504

2505

chain = client.get_peer_cert_chain()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2506

assert len(chain) == 3

2507

assert "Server Certificate" == chain[0].get_subject().CN

2508

assert "Intermediate Certificate" == chain[1].get_subject().CN

2509

assert "Authority Certificate" == chain[2].get_subject().CN

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2510

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2511

def test_get_peer_cert_chain_none(self):

2512

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2513

`Connection.get_peer_cert_chain` returns `None` if the peer sends

2514

no certificate chain.

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2515

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2516

ctx = Context(SSLv23_METHOD)

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2517

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2518

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

2519

server = Connection(ctx, None)

2520

server.set_accept_state()

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2521

client = Connection(Context(SSLv23_METHOD), None)

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

2522

client.set_connect_state()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2523

interact_in_memory(client, server)

2524

assert None is server.get_peer_cert_chain()

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2525

Shane Harvey

33c5499

2020-08-05 16:48:51 -0700

[diff] [blame]

2526

def test_get_verified_chain(self):

2527

"""

2528

`Connection.get_verified_chain` returns a list of certificates

2529

which the connected server returned for the certification verification.

2530

"""

2531

chain = _create_certificate_chain()

2532

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

2533

2534

serverContext = Context(SSLv23_METHOD)

2535

serverContext.use_privatekey(skey)

2536

serverContext.use_certificate(scert)

2537

serverContext.add_extra_chain_cert(icert)

2538

serverContext.add_extra_chain_cert(cacert)

2539

server = Connection(serverContext, None)

2540

server.set_accept_state()

2541

2542

# Create the client

2543

clientContext = Context(SSLv23_METHOD)

2544

# cacert is self-signed so the client must trust it for verification

2545

# to succeed.

2546

clientContext.get_cert_store().add_cert(cacert)

2547

clientContext.set_verify(VERIFY_PEER, verify_cb)

2548

client = Connection(clientContext, None)

2549

client.set_connect_state()

2550

2551

interact_in_memory(client, server)

2552

2553

chain = client.get_verified_chain()

2554

assert len(chain) == 3

2555

assert "Server Certificate" == chain[0].get_subject().CN

2556

assert "Intermediate Certificate" == chain[1].get_subject().CN

2557

assert "Authority Certificate" == chain[2].get_subject().CN

2558

2559

def test_get_verified_chain_none(self):

2560

"""

2561

`Connection.get_verified_chain` returns `None` if the peer sends

2562

no certificate chain.

2563

"""

2564

ctx = Context(SSLv23_METHOD)

2565

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2566

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

2567

server = Connection(ctx, None)

2568

server.set_accept_state()

2569

client = Connection(Context(SSLv23_METHOD), None)

2570

client.set_connect_state()

2571

interact_in_memory(client, server)

2572

assert None is server.get_verified_chain()

2573

2574

def test_get_verified_chain_unconnected(self):

2575

"""

2576

`Connection.get_verified_chain` returns `None` when used with an object

2577

which has not been connected.

2578

"""

2579

ctx = Context(SSLv23_METHOD)

2580

server = Connection(ctx, None)

2581

assert None is server.get_verified_chain()

2582

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2583

def test_get_session_unconnected(self):

2584

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2585

`Connection.get_session` returns `None` when used with an object

2586

which has not been connected.

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2587

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2588

ctx = Context(SSLv23_METHOD)

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2589

server = Connection(ctx, None)

2590

session = server.get_session()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2591

assert None is session

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2592

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2593

def test_server_get_session(self):

2594

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2595

On the server side of a connection, `Connection.get_session` returns a

2596

`Session` instance representing the SSL session for that connection.

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2597

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2598

server, client = loopback()

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2599

session = server.get_session()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2600

assert isinstance(session, Session)

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2601

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2602

def test_client_get_session(self):

2603

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2604

On the client side of a connection, `Connection.get_session`

2605

returns a `Session` instance representing the SSL session for

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2606

that connection.

2607

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2608

server, client = loopback()

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2609

session = client.get_session()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2610

assert isinstance(session, Session)

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2611

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2612

def test_set_session_wrong_args(self):

2613

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2614

`Connection.set_session` raises `TypeError` if called with an object

2615

that is not an instance of `Session`.

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2616

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2617

ctx = Context(SSLv23_METHOD)

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2618

connection = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2619

with pytest.raises(TypeError):

2620

connection.set_session(123)

2621

with pytest.raises(TypeError):

2622

connection.set_session("hello")

2623

with pytest.raises(TypeError):

2624

connection.set_session(object())

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2625

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2626

def test_client_set_session(self):

2627

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2628

`Connection.set_session`, when used prior to a connection being

2629

established, accepts a `Session` instance and causes an attempt to

2630

re-use the session it represents when the SSL handshake is performed.

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2631

"""

2632

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2633

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

Paul Kehrer

2019-01-21 12:24:02 -0600

[diff] [blame]

2634

ctx = Context(TLSv1_2_METHOD)

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2635

ctx.use_privatekey(key)

2636

ctx.use_certificate(cert)

2637

ctx.set_session_id("unity-test")

2638

2639

def makeServer(socket):

2640

server = Connection(ctx, socket)

2641

server.set_accept_state()

2642

return server

2643

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2644

originalServer, originalClient = loopback(server_factory=makeServer)

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2645

originalSession = originalClient.get_session()

2646

2647

def makeClient(socket):

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2648

client = loopback_client_factory(socket)

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2649

client.set_session(originalSession)

2650

return client

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2651

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2652

resumedServer, resumedClient = loopback(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2653

server_factory=makeServer, client_factory=makeClient

2654

)

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2655

2656

# This is a proxy: in general, we have no access to any unique

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2657

# identifier for the session (new enough versions of OpenSSL expose

2658

# a hash which could be usable, but "new enough" is very, very new).

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2659

# Instead, exploit the fact that the master key is re-used if the

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2660

# session is re-used. As long as the master key for the two

2661

# connections is the same, the session was re-used!

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2662

assert originalServer.master_key() == resumedServer.master_key()

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2663

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2664

def test_set_session_wrong_method(self):

2665

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2666

If `Connection.set_session` is passed a `Session` instance associated

2667

with a context using a different SSL method than the `Connection`

2668

is using, a `OpenSSL.SSL.Error` is raised.

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2669

"""

Alex Gaynor

124a013

2020-10-27 00:15:17 -0400

[diff] [blame]

2670

v1 = TLSv1_2_METHOD

2671

v2 = TLSv1_METHOD

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2672

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2673

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2674

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2675

ctx = Context(v1)

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2676

ctx.use_privatekey(key)

2677

ctx.use_certificate(cert)

Paul Kehrer

2020-08-03 15:54:20 -0500

[diff] [blame]

2678

ctx.set_session_id(b"unity-test")

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2679

2680

def makeServer(socket):

2681

server = Connection(ctx, socket)

2682

server.set_accept_state()

2683

return server

2684

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2685

def makeOriginalClient(socket):

2686

client = Connection(Context(v1), socket)

2687

client.set_connect_state()

2688

return client

2689

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2690

originalServer, originalClient = loopback(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2691

server_factory=makeServer, client_factory=makeOriginalClient

2692

)

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2693

originalSession = originalClient.get_session()

2694

2695

def makeClient(socket):

2696

# Intentionally use a different, incompatible method here.

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2697

client = Connection(Context(v2), socket)

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2698

client.set_connect_state()

2699

client.set_session(originalSession)

2700

return client

2701

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2702

with pytest.raises(Error):

2703

loopback(client_factory=makeClient, server_factory=makeServer)

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2704

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2705

def test_wantWriteError(self):

2706

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2707

`Connection` methods which generate output raise

2708

`OpenSSL.SSL.WantWriteError` if writing to the connection's BIO

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2709

fail indicating a should-write state.

2710

"""

2711

client_socket, server_socket = socket_pair()

2712

# Fill up the client's send buffer so Connection won't be able to write

Jean-Paul Calderone

bbff8b9

2014-03-22 14:20:30 -0400

[diff] [blame]

2713

# anything. Only write a single byte at a time so we can be sure we

2714

# completely fill the buffer. Even though the socket API is allowed to

2715

# signal a short write via its return value it seems this doesn't

2716

# always happen on all platforms (FreeBSD and OS X particular) for the

2717

# very last bit of available buffer space.

2718

msg = b"x"

catern

b2777a4

2018-08-09 15:38:13 -0400

[diff] [blame]

2719

for i in range(1024 * 1024 * 64):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2720

try:

2721

client_socket.send(msg)

2722

except error as e:

2723

if e.errno == EWOULDBLOCK:

2724

break

2725

raise

2726

else:

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2727

pytest.fail(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2728

"Failed to fill socket buffer, cannot test BIO want write"

2729

)

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2730

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2731

ctx = Context(SSLv23_METHOD)

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2732

conn = Connection(ctx, client_socket)

2733

# Client's speak first, so make it an SSL client

2734

conn.set_connect_state()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2735

with pytest.raises(WantWriteError):

2736

conn.do_handshake()

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

# XXX want_read

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2740

def test_get_finished_before_connect(self):

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2741

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2742

`Connection.get_finished` returns `None` before TLS handshake

2743

is completed.

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2744

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2745

ctx = Context(SSLv23_METHOD)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2746

connection = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2747

assert connection.get_finished() is None

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2748

2749

def test_get_peer_finished_before_connect(self):

2750

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2751

`Connection.get_peer_finished` returns `None` before TLS handshake

2752

is completed.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2753

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2754

ctx = Context(SSLv23_METHOD)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2755

connection = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2756

assert connection.get_peer_finished() is None

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2757

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2758

def test_get_finished(self):

2759

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2760

`Connection.get_finished` method returns the TLS Finished message send

2761

from client, or server. Finished messages are send during

Jean-Paul Calderone

5b05b48

2014-03-30 11:28:54 -0400

[diff] [blame]

2762

TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2763

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2764

server, client = loopback()

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2765

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2766

assert server.get_finished() is not None

2767

assert len(server.get_finished()) > 0

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2768

2769

def test_get_peer_finished(self):

2770

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2771

`Connection.get_peer_finished` method returns the TLS Finished

Jean-Paul Calderone

5b05b48

2014-03-30 11:28:54 -0400

[diff] [blame]

2772

message received from client, or server. Finished messages are send

2773

during TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2774

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2775

server, client = loopback()

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2776

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2777

assert server.get_peer_finished() is not None

2778

assert len(server.get_peer_finished()) > 0

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2779

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2780

def test_tls_finished_message_symmetry(self):

2781

"""

Hynek Schlawack

dddd111

2015-09-05 21:12:30 +0200

[diff] [blame]

2782

The TLS Finished message send by server must be the TLS Finished

2783

message received by client.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2784

Hynek Schlawack

dddd111

2015-09-05 21:12:30 +0200

[diff] [blame]

2785

The TLS Finished message send by client must be the TLS Finished

2786

message received by server.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2787

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2788

server, client = loopback()

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2789

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2790

assert server.get_finished() == client.get_peer_finished()

2791

assert client.get_finished() == server.get_peer_finished()

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2792

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2793

def test_get_cipher_name_before_connect(self):

2794

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2795

`Connection.get_cipher_name` returns `None` if no connection

2796

has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2797

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2798

ctx = Context(SSLv23_METHOD)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2799

conn = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2800

assert conn.get_cipher_name() is None

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2801

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2802

def test_get_cipher_name(self):

2803

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2804

`Connection.get_cipher_name` returns a `unicode` string giving the

2805

name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2806

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2807

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2808

server_cipher_name, client_cipher_name = (

2809

server.get_cipher_name(),

2810

client.get_cipher_name(),

2811

)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2812

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2813

assert isinstance(server_cipher_name, text_type)

2814

assert isinstance(client_cipher_name, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2815

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2816

assert server_cipher_name == client_cipher_name

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2817

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2818

def test_get_cipher_version_before_connect(self):

2819

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2820

`Connection.get_cipher_version` returns `None` if no connection

2821

has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2822

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2823

ctx = Context(SSLv23_METHOD)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2824

conn = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2825

assert conn.get_cipher_version() is None

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2826

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2827

def test_get_cipher_version(self):

2828

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2829

`Connection.get_cipher_version` returns a `unicode` string giving

2830

the protocol name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2831

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2832

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2833

server_cipher_version, client_cipher_version = (

2834

server.get_cipher_version(),

2835

client.get_cipher_version(),

2836

)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2837

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2838

assert isinstance(server_cipher_version, text_type)

2839

assert isinstance(client_cipher_version, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2840

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2841

assert server_cipher_version == client_cipher_version

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2842

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2843

def test_get_cipher_bits_before_connect(self):

2844

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2845

`Connection.get_cipher_bits` returns `None` if no connection has

2846

been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2847

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2848

ctx = Context(SSLv23_METHOD)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2849

conn = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2850

assert conn.get_cipher_bits() is None

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2851

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2852

def test_get_cipher_bits(self):

2853

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2854

`Connection.get_cipher_bits` returns the number of secret bits

Jean-Paul Calderone

5b05b48

2014-03-30 11:28:54 -0400

[diff] [blame]

2855

of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2856

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2857

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2858

server_cipher_bits, client_cipher_bits = (

2859

server.get_cipher_bits(),

2860

client.get_cipher_bits(),

2861

)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2862

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2863

assert isinstance(server_cipher_bits, int)

2864

assert isinstance(client_cipher_bits, int)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2865

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2866

assert server_cipher_bits == client_cipher_bits

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2867

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2868

def test_get_protocol_version_name(self):

2869

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2870

`Connection.get_protocol_version_name()` returns a string giving the

2871

protocol version of the current connection.

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2872

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2873

server, client = loopback()

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2874

client_protocol_version_name = client.get_protocol_version_name()

2875

server_protocol_version_name = server.get_protocol_version_name()

2876

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2877

assert isinstance(server_protocol_version_name, text_type)

2878

assert isinstance(client_protocol_version_name, text_type)

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2879

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2880

assert server_protocol_version_name == client_protocol_version_name

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2881

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2882

def test_get_protocol_version(self):

2883

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2884

`Connection.get_protocol_version()` returns an integer

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2885

giving the protocol version of the current connection.

2886

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2887

server, client = loopback()

Jim Shaver

85a4dff

2015-04-27 17:42:46 -0400

[diff] [blame]

2888

client_protocol_version = client.get_protocol_version()

2889

server_protocol_version = server.get_protocol_version()

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2890

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2891

assert isinstance(server_protocol_version, int)

2892

assert isinstance(client_protocol_version, int)

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2893

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2894

assert server_protocol_version == client_protocol_version

2895

2896

def test_wantReadError(self):

2897

"""

2898

`Connection.bio_read` raises `OpenSSL.SSL.WantReadError` if there are

2899

no bytes available to be read from the BIO.

2900

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2901

ctx = Context(SSLv23_METHOD)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2902

conn = Connection(ctx, None)

2903

with pytest.raises(WantReadError):

2904

conn.bio_read(1024)

2905

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2906

@pytest.mark.parametrize("bufsize", [1.0, None, object(), "bufsize"])

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

2907

def test_bio_read_wrong_args(self, bufsize):

2908

"""

2909

`Connection.bio_read` raises `TypeError` if passed a non-integer

2910

argument.

2911

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2912

ctx = Context(SSLv23_METHOD)

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

2913

conn = Connection(ctx, None)

2914

with pytest.raises(TypeError):

2915

conn.bio_read(bufsize)

2916

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2917

def test_buffer_size(self):

2918

"""

2919

`Connection.bio_read` accepts an integer giving the maximum number

2920

of bytes to read and return.

2921

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2922

ctx = Context(SSLv23_METHOD)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2923

conn = Connection(ctx, None)

2924

conn.set_connect_state()

2925

try:

2926

conn.do_handshake()

2927

except WantReadError:

2928

pass

2929

data = conn.bio_read(2)

2930

assert 2 == len(data)

2931

Jean-Paul Calderone

dbd7627

2014-03-29 18:09:40 -0400

[diff] [blame]

2932

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2933

class TestConnectionGetCipherList(object):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2934

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2935

Tests for `Connection.get_cipher_list`.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2936

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2937

Jean-Paul Calderone

2010-07-28 19:14:16 -0400

[diff] [blame]

2938

def test_result(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2939

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2940

`Connection.get_cipher_list` returns a list of `bytes` giving the

2941

names of the ciphers which might be used.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2942

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2943

connection = Connection(Context(SSLv23_METHOD), None)

Jean-Paul Calderone

2010-07-28 19:14:16 -0400

[diff] [blame]

2944

ciphers = connection.get_cipher_list()

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2945

assert isinstance(ciphers, list)

Jean-Paul Calderone

2010-07-28 19:14:16 -0400

[diff] [blame]

2946

for cipher in ciphers:

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2947

assert isinstance(cipher, str)

Jean-Paul Calderone

2010-07-28 19:14:16 -0400

[diff] [blame]

2948

2949

Maximilian Hils

2017-02-10 14:56:55 +0100

[diff] [blame]

2950

class VeryLarge(bytes):

2951

"""

2952

Mock object so that we don't have to allocate 2**31 bytes

2953

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2954

Maximilian Hils

2017-02-10 14:56:55 +0100

[diff] [blame]

2955

def __len__(self):

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2956

return 2 ** 31

Maximilian Hils

2017-02-10 14:56:55 +0100

[diff] [blame]

2957

2958

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2959

class TestConnectionSend(object):

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2960

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2961

Tests for `Connection.send`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2962

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2963

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2964

def test_wrong_args(self):

2965

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2966

When called with arguments other than string argument for its first

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2967

parameter, `Connection.send` raises `TypeError`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2968

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

2969

connection = Connection(Context(SSLv23_METHOD), None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2970

with pytest.raises(TypeError):

2971

connection.send(object())

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

2972

with pytest.raises(TypeError):

2973

connection.send([1, 2, 3])

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2974

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2975

def test_short_bytes(self):

2976

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2977

When passed a short byte string, `Connection.send` transmits all of it

2978

and returns the number of bytes sent.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2979

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2980

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2981

count = server.send(b"xy")

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2982

assert count == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2983

assert client.recv(2) == b"xy"

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2984

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2985

def test_text(self):

2986

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2987

When passed a text, `Connection.send` transmits all of it and

Jean-Paul Calderone

6462b07

2015-03-29 07:03:11 -0400

[diff] [blame]

2988

returns the number of bytes sent. It also raises a DeprecationWarning.

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2989

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2990

server, client = loopback()

2991

with pytest.warns(DeprecationWarning) as w:

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2992

simplefilter("always")

Jean-Paul Calderone

13a0e65

2015-03-29 07:58:51 -0400

[diff] [blame]

2993

count = server.send(b"xy".decode("ascii"))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2994

assert "{0} for buf is no longer accepted, use bytes".format(

2995

WARNING_TYPE_EXPECTED

2996

) == str(w[-1].message)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2997

assert count == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2998

assert client.recv(2) == b"xy"

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2999

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3000

def test_short_memoryview(self):

3001

"""

3002

When passed a memoryview onto a small number of bytes,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3003

`Connection.send` transmits all of them and returns the number

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3004

of bytes sent.

3005

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3006

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3007

count = server.send(memoryview(b"xy"))

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3008

assert count == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3009

assert client.recv(2) == b"xy"

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

3010

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

3011

def test_short_bytearray(self):

3012

"""

3013

When passed a short bytearray, `Connection.send` transmits all of

3014

it and returns the number of bytes sent.

3015

"""

3016

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3017

count = server.send(bytearray(b"xy"))

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

3018

assert count == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3019

assert client.recv(2) == b"xy"

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

3020

Hynek Schlawack

8e94f1b

2015-09-05 21:31:00 +0200

[diff] [blame]

3021

@skip_if_py3

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3022

def test_short_buffer(self):

3023

"""

3024

When passed a buffer containing a small number of bytes,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3025

`Connection.send` transmits all of them and returns the number

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3026

of bytes sent.

3027

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3028

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3029

count = server.send(buffer(b"xy")) # noqa: F821

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3030

assert count == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3031

assert client.recv(2) == b"xy"

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

3032

Maximilian Hils

2017-02-10 14:56:55 +0100

[diff] [blame]

3033

@pytest.mark.skipif(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3034

sys.maxsize < 2 ** 31,

3035

reason="sys.maxsize < 2**31 - test requires 64 bit",

Maximilian Hils

2017-02-10 14:56:55 +0100

[diff] [blame]

3036

)

3037

def test_buf_too_large(self):

3038

"""

3039

When passed a buffer containing >= 2**31 bytes,

3040

`Connection.send` bails out as SSL_write only

3041

accepts an int for the buffer length.

3042

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

3043

connection = Connection(Context(SSLv23_METHOD), None)

Maximilian Hils

2017-02-10 14:56:55 +0100

[diff] [blame]

3044

with pytest.raises(ValueError) as exc_info:

3045

connection.send(VeryLarge())

3046

exc_info.match(r"Cannot send more than .+ bytes at once")

3047

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

3048

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3049

def _make_memoryview(size):

3050

"""

3051

Create a new ``memoryview`` wrapped around a ``bytearray`` of the given

3052

size.

3053

"""

3054

return memoryview(bytearray(size))

3055

3056

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3057

class TestConnectionRecvInto(object):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3058

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3059

Tests for `Connection.recv_into`.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3060

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3061

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3062

def _no_length_test(self, factory):

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

3063

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3064

Assert that when the given buffer is passed to `Connection.recv_into`,

3065

whatever bytes are available to be received that fit into that buffer

3066

are written into that buffer.

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

3067

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3068

output_buffer = factory(5)

3069

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3070

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3071

server.send(b"xy")

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

3072

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3073

assert client.recv_into(output_buffer) == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3074

assert output_buffer == bytearray(b"xy\x00\x00\x00")

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

3075

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

3076

def test_bytearray_no_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3077

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3078

`Connection.recv_into` can be passed a `bytearray` instance and data

3079

in the receive buffer is written to it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3080

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3081

self._no_length_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3082

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3083

def _respects_length_test(self, factory):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3084

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3085

Assert that when the given buffer is passed to `Connection.recv_into`

3086

along with a value for `nbytes` that is less than the size of that

3087

buffer, only `nbytes` bytes are written into the buffer.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3088

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3089

output_buffer = factory(10)

3090

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3091

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3092

server.send(b"abcdefghij")

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3093

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3094

assert client.recv_into(output_buffer, 5) == 5

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3095

assert output_buffer == bytearray(b"abcde\x00\x00\x00\x00\x00")

Jean-Paul Calderone

c295a2f

2015-03-15 17:11:18 -0400

[diff] [blame]

3096

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

3097

def test_bytearray_respects_length(self):

Jean-Paul Calderone

c295a2f

2015-03-15 17:11:18 -0400

[diff] [blame]

3098

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3099

When called with a `bytearray` instance, `Connection.recv_into`

3100

respects the `nbytes` parameter and doesn't copy in more than that

3101

number of bytes.

Jean-Paul Calderone

c295a2f

2015-03-15 17:11:18 -0400

[diff] [blame]

3102

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3103

self._respects_length_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3104

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3105

def _doesnt_overfill_test(self, factory):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3106

"""

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

3107

Assert that if there are more bytes available to be read from the

3108

receive buffer than would fit into the buffer passed to

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3109

`Connection.recv_into`, only as many as fit are written into it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3110

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3111

output_buffer = factory(5)

3112

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3113

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3114

server.send(b"abcdefghij")

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3115

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3116

assert client.recv_into(output_buffer) == 5

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3117

assert output_buffer == bytearray(b"abcde")

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

3118

rest = client.recv(5)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3119

assert b"fghij" == rest

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

3120

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

3121

def test_bytearray_doesnt_overfill(self):

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

3122

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3123

When called with a `bytearray` instance, `Connection.recv_into`

3124

respects the size of the array and doesn't write more bytes into it

3125

than will fit.

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

3126

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3127

self._doesnt_overfill_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3128

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

3129

def test_bytearray_really_doesnt_overfill(self):

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

3130

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3131

When called with a `bytearray` instance and an `nbytes` value that is

3132

too large, `Connection.recv_into` respects the size of the array and

3133

not the `nbytes` value and doesn't write more bytes into the buffer

3134

than will fit.

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

3135

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3136

self._doesnt_overfill_test(bytearray)

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

3137

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

3138

def test_peek(self):

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3139

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3140

server.send(b"xy")

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

3141

3142

for _ in range(2):

3143

output_buffer = bytearray(5)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3144

assert client.recv_into(output_buffer, flags=MSG_PEEK) == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3145

assert output_buffer == bytearray(b"xy\x00\x00\x00")

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

3146

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3147

def test_memoryview_no_length(self):

3148

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3149

`Connection.recv_into` can be passed a `memoryview` instance and data

3150

in the receive buffer is written to it.

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3151

"""

3152

self._no_length_test(_make_memoryview)

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

3153

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3154

def test_memoryview_respects_length(self):

3155

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3156

When called with a `memoryview` instance, `Connection.recv_into`

3157

respects the ``nbytes`` parameter and doesn't copy more than that

3158

number of bytes in.

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3159

"""

3160

self._respects_length_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3161

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3162

def test_memoryview_doesnt_overfill(self):

3163

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3164

When called with a `memoryview` instance, `Connection.recv_into`

3165

respects the size of the array and doesn't write more bytes into it

3166

than will fit.

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3167

"""

3168

self._doesnt_overfill_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3169

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3170

def test_memoryview_really_doesnt_overfill(self):

3171

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3172

When called with a `memoryview` instance and an `nbytes` value that is

3173

too large, `Connection.recv_into` respects the size of the array and

3174

not the `nbytes` value and doesn't write more bytes into the buffer

3175

than will fit.

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3176

"""

3177

self._doesnt_overfill_test(_make_memoryview)

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

3178

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3179

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3180

class TestConnectionSendall(object):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3181

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3182

Tests for `Connection.sendall`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3183

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3184

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3185

def test_wrong_args(self):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3186

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3187

When called with arguments other than a string argument for its first

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3188

parameter, `Connection.sendall` raises `TypeError`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3189

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

3190

connection = Connection(Context(SSLv23_METHOD), None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3191

with pytest.raises(TypeError):

3192

connection.sendall(object())

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

3193

with pytest.raises(TypeError):

3194

connection.sendall([1, 2, 3])

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3195

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3196

def test_short(self):

3197

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3198

`Connection.sendall` transmits all of the bytes in the string

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

3199

passed to it.

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3200

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3201

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3202

server.sendall(b"x")

3203

assert client.recv(1) == b"x"

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3204

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3205

def test_text(self):

3206

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3207

`Connection.sendall` transmits all the content in the string passed

3208

to it, raising a DeprecationWarning in case of this being a text.

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3209

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3210

server, client = loopback()

3211

with pytest.warns(DeprecationWarning) as w:

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3212

simplefilter("always")

Jean-Paul Calderone

8dc37a1

2015-03-29 08:16:52 -0400

[diff] [blame]

3213

server.sendall(b"x".decode("ascii"))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3214

assert "{0} for buf is no longer accepted, use bytes".format(

3215

WARNING_TYPE_EXPECTED

3216

) == str(w[-1].message)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3217

assert client.recv(1) == b"x"

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3218

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

3219

def test_short_memoryview(self):

3220

"""

3221

When passed a memoryview onto a small number of bytes,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3222

`Connection.sendall` transmits all of them.

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

3223

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3224

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3225

server.sendall(memoryview(b"x"))

3226

assert client.recv(1) == b"x"

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3227

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

3228

@skip_if_py3

3229

def test_short_buffers(self):

3230

"""

3231

When passed a buffer containing a small number of bytes,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3232

`Connection.sendall` transmits all of them.

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

3233

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3234

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3235

count = server.sendall(buffer(b"xy")) # noqa: F821

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

3236

assert count == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3237

assert client.recv(2) == b"xy"

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

3238

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3239

def test_long(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3240

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3241

`Connection.sendall` transmits all the bytes in the string passed to it

3242

even if this requires multiple calls of an underlying write function.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3243

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3244

server, client = loopback()

Jean-Paul Calderone

6241c70

2010-09-16 19:59:24 -0400

[diff] [blame]

3245

# Should be enough, underlying SSL_write should only do 16k at a time.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3246

# On Windows, after 32k of bytes the write will block (forever

3247

# - because no one is yet reading).

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3248

message = b"x" * (1024 * 32 - 1) + b"y"

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3249

server.sendall(message)

3250

accum = []

3251

received = 0

3252

while received < len(message):

Jean-Paul Calderone

b1f7f5f

2010-08-22 21:40:52 -0400

[diff] [blame]

3253

data = client.recv(1024)

3254

accum.append(data)

3255

received += len(data)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3256

assert message == b"".join(accum)

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3257

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

3258

def test_closed(self):

3259

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3260

If the underlying socket is closed, `Connection.sendall` propagates the

3261

write error from the low level write call.

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

3262

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3263

server, client = loopback()

Jean-Paul Calderone

05d43e8

2010-09-24 18:01:36 -0400

[diff] [blame]

3264

server.sock_shutdown(2)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3265

with pytest.raises(SysCallError) as err:

3266

server.sendall(b"hello, world")

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

3267

if platform == "win32":

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3268

assert err.value.args[0] == ESHUTDOWN

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

3269

else:

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3270

assert err.value.args[0] == EPIPE

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

3271

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3272

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3273

class TestConnectionRenegotiate(object):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3274

"""

3275

Tests for SSL renegotiation APIs.

3276

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3277

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

3278

def test_total_renegotiations(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3279

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3280

`Connection.total_renegotiations` returns `0` before any renegotiations

3281

have happened.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3282

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

3283

connection = Connection(Context(SSLv23_METHOD), None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3284

assert connection.total_renegotiations() == 0

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

3285

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

3286

def test_renegotiate(self):

3287

"""

3288

Go through a complete renegotiation cycle.

3289

"""

Paul Kehrer

2019-01-21 12:24:02 -0600

[diff] [blame]

3290

server, client = loopback(

3291

lambda s: loopback_server_factory(s, TLSv1_2_METHOD),

3292

lambda s: loopback_client_factory(s, TLSv1_2_METHOD),

3293

)

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3294

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

3295

server.send(b"hello world")

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3296

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

3297

assert b"hello world" == client.recv(len(b"hello world"))

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3298

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

3299

assert 0 == server.total_renegotiations()

3300

assert False is server.renegotiate_pending()

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3301

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

3302

assert True is server.renegotiate()

3303

3304

assert True is server.renegotiate_pending()

3305

3306

server.setblocking(False)

3307

client.setblocking(False)

3308

3309

client.do_handshake()

3310

server.do_handshake()

3311

3312

assert 1 == server.total_renegotiations()

3313

while False is server.renegotiate_pending():

3314

pass

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3315

3316

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3317

class TestError(object):

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3318

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3319

Unit tests for `OpenSSL.SSL.Error`.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3320

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3321

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3322

def test_type(self):

3323

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3324

`Error` is an exception type.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3325

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3326

assert issubclass(Error, Exception)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3327

assert Error.__name__ == "Error"

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

3328

3329

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3330

class TestConstants(object):

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3331

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3332

Tests for the values of constants exposed in `OpenSSL.SSL`.

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3333

3334

These are values defined by OpenSSL intended only to be used as flags to

3335

OpenSSL APIs. The only assertions it seems can be made about them is

3336

their values.

3337

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3338

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3339

@pytest.mark.skipif(

3340

OP_NO_QUERY_MTU is None,

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3341

reason="OP_NO_QUERY_MTU unavailable - OpenSSL version may be too old",

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3342

)

3343

def test_op_no_query_mtu(self):

3344

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3345

The value of `OpenSSL.SSL.OP_NO_QUERY_MTU` is 0x1000, the value

3346

of `SSL_OP_NO_QUERY_MTU` defined by `openssl/ssl.h`.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3347

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3348

assert OP_NO_QUERY_MTU == 0x1000

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3349

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3350

@pytest.mark.skipif(

3351

OP_COOKIE_EXCHANGE is None,

3352

reason="OP_COOKIE_EXCHANGE unavailable - "

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3353

"OpenSSL version may be too old",

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3354

)

3355

def test_op_cookie_exchange(self):

3356

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3357

The value of `OpenSSL.SSL.OP_COOKIE_EXCHANGE` is 0x2000, the

3358

value of `SSL_OP_COOKIE_EXCHANGE` defined by `openssl/ssl.h`.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3359

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3360

assert OP_COOKIE_EXCHANGE == 0x2000

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3361

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3362

@pytest.mark.skipif(

3363

OP_NO_TICKET is None,

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3364

reason="OP_NO_TICKET unavailable - OpenSSL version may be too old",

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3365

)

3366

def test_op_no_ticket(self):

3367

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3368

The value of `OpenSSL.SSL.OP_NO_TICKET` is 0x4000, the value of

3369

`SSL_OP_NO_TICKET` defined by `openssl/ssl.h`.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3370

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3371

assert OP_NO_TICKET == 0x4000

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3372

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3373

@pytest.mark.skipif(

3374

OP_NO_COMPRESSION is None,

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3375

reason=(

3376

"OP_NO_COMPRESSION unavailable - OpenSSL version may be too old"

3377

),

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3378

)

3379

def test_op_no_compression(self):

3380

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3381

The value of `OpenSSL.SSL.OP_NO_COMPRESSION` is 0x20000, the

3382

value of `SSL_OP_NO_COMPRESSION` defined by `openssl/ssl.h`.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3383

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3384

assert OP_NO_COMPRESSION == 0x20000

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

3385

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3386

def test_sess_cache_off(self):

3387

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3388

The value of `OpenSSL.SSL.SESS_CACHE_OFF` 0x0, the value of

3389

`SSL_SESS_CACHE_OFF` defined by `openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3390

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3391

assert 0x0 == SESS_CACHE_OFF

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3392

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3393

def test_sess_cache_client(self):

3394

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3395

The value of `OpenSSL.SSL.SESS_CACHE_CLIENT` 0x1, the value of

3396

`SSL_SESS_CACHE_CLIENT` defined by `openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3397

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3398

assert 0x1 == SESS_CACHE_CLIENT

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3399

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3400

def test_sess_cache_server(self):

3401

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3402

The value of `OpenSSL.SSL.SESS_CACHE_SERVER` 0x2, the value of

3403

`SSL_SESS_CACHE_SERVER` defined by `openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3404

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3405

assert 0x2 == SESS_CACHE_SERVER

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3406

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3407

def test_sess_cache_both(self):

3408

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3409

The value of `OpenSSL.SSL.SESS_CACHE_BOTH` 0x3, the value of

3410

`SSL_SESS_CACHE_BOTH` defined by `openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3411

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3412

assert 0x3 == SESS_CACHE_BOTH

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3413

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3414

def test_sess_cache_no_auto_clear(self):

3415

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3416

The value of `OpenSSL.SSL.SESS_CACHE_NO_AUTO_CLEAR` 0x80, the

3417

value of `SSL_SESS_CACHE_NO_AUTO_CLEAR` defined by

3418

`openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3419

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3420

assert 0x80 == SESS_CACHE_NO_AUTO_CLEAR

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3421

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3422

def test_sess_cache_no_internal_lookup(self):

3423

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3424

The value of `OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_LOOKUP` 0x100,

3425

the value of `SSL_SESS_CACHE_NO_INTERNAL_LOOKUP` defined by

3426

`openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3427

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3428

assert 0x100 == SESS_CACHE_NO_INTERNAL_LOOKUP

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3429

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3430

def test_sess_cache_no_internal_store(self):

3431

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3432

The value of `OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_STORE` 0x200,

3433

the value of `SSL_SESS_CACHE_NO_INTERNAL_STORE` defined by

3434

`openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3435

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3436

assert 0x200 == SESS_CACHE_NO_INTERNAL_STORE

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3437

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3438

def test_sess_cache_no_internal(self):

3439

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3440

The value of `OpenSSL.SSL.SESS_CACHE_NO_INTERNAL` 0x300, the

3441

value of `SSL_SESS_CACHE_NO_INTERNAL` defined by

3442

`openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3443

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3444

assert 0x300 == SESS_CACHE_NO_INTERNAL

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3445

3446

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3447

class TestMemoryBIO(object):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3448

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3449

Tests for `OpenSSL.SSL.Connection` using a memory BIO.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3450

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3451

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3452

def _server(self, sock):

3453

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3454

Create a new server-side SSL `Connection` object wrapped around `sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3455

"""

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3456

# Create the server side Connection. This is mostly setup boilerplate

3457

# - use TLSv1, use a particular certificate, etc.

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

3458

server_ctx = Context(SSLv23_METHOD)

Alex Gaynor

4330778

2015-09-04 09:05:45 -0400

[diff] [blame]

3459

server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE)

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3460

server_ctx.set_verify(

3461

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT | VERIFY_CLIENT_ONCE,

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3462

verify_cb,

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3463

)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3464

server_store = server_ctx.get_cert_store()

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3465

server_ctx.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3466

load_privatekey(FILETYPE_PEM, server_key_pem)

3467

)

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3468

server_ctx.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3469

load_certificate(FILETYPE_PEM, server_cert_pem)

3470

)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3471

server_ctx.check_privatekey()

3472

server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3473

# Here the Connection is actually created. If None is passed as the

3474

# 2nd parameter, it indicates a memory BIO should be created.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3475

server_conn = Connection(server_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3476

server_conn.set_accept_state()

3477

return server_conn

3478

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3479

def _client(self, sock):

3480

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3481

Create a new client-side SSL `Connection` object wrapped around `sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3482

"""

3483

# Now create the client side Connection. Similar boilerplate to the

3484

# above.

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

3485

client_ctx = Context(SSLv23_METHOD)

Alex Gaynor

4330778

2015-09-04 09:05:45 -0400

[diff] [blame]

3486

client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE)

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3487

client_ctx.set_verify(

3488

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT | VERIFY_CLIENT_ONCE,

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3489

verify_cb,

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3490

)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3491

client_store = client_ctx.get_cert_store()

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3492

client_ctx.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3493

load_privatekey(FILETYPE_PEM, client_key_pem)

3494

)

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3495

client_ctx.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3496

load_certificate(FILETYPE_PEM, client_cert_pem)

3497

)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3498

client_ctx.check_privatekey()

3499

client_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3500

client_conn = Connection(client_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3501

client_conn.set_connect_state()

3502

return client_conn

3503

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3504

def test_memory_connect(self):

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3505

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3506

Two `Connection`s which use memory BIOs can be manually connected by

3507

reading from the output of each and writing those bytes to the input of

3508

the other and in this way establish a connection and exchange

3509

application-level bytes with each other.

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3510

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3511

server_conn = self._server(None)

3512

client_conn = self._client(None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3513

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3514

# There should be no key or nonces yet.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3515

assert server_conn.master_key() is None

3516

assert server_conn.client_random() is None

3517

assert server_conn.server_random() is None

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3518

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3519

# First, the handshake needs to happen. We'll deliver bytes back and

3520

# forth between the client and server until neither of them feels like

3521

# speaking any more.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3522

assert interact_in_memory(client_conn, server_conn) is None

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3523

3524

# Now that the handshake is done, there should be a key and nonces.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3525

assert server_conn.master_key() is not None

3526

assert server_conn.client_random() is not None

3527

assert server_conn.server_random() is not None

3528

assert server_conn.client_random() == client_conn.client_random()

3529

assert server_conn.server_random() == client_conn.server_random()

3530

assert server_conn.client_random() != server_conn.server_random()

3531

assert client_conn.client_random() != client_conn.server_random()

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3532

Paul Kehrer

2017-12-01 04:54:32 +0800

[diff] [blame]

3533

# Export key material for other uses.

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3534

cekm = client_conn.export_keying_material(b"LABEL", 32)

3535

sekm = server_conn.export_keying_material(b"LABEL", 32)

Paul Kehrer

2017-12-01 04:54:32 +0800

[diff] [blame]

3536

assert cekm is not None

3537

assert sekm is not None

3538

assert cekm == sekm

3539

assert len(sekm) == 32

3540

3541

# Export key material for other uses with additional context.

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3542

cekmc = client_conn.export_keying_material(b"LABEL", 32, b"CONTEXT")

3543

sekmc = server_conn.export_keying_material(b"LABEL", 32, b"CONTEXT")

Paul Kehrer

2017-12-01 04:54:32 +0800

[diff] [blame]

3544

assert cekmc is not None

3545

assert sekmc is not None

3546

assert cekmc == sekmc

3547

assert cekmc != cekm

3548

assert sekmc != sekm

3549

# Export with alternate label

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3550

cekmt = client_conn.export_keying_material(b"test", 32, b"CONTEXT")

3551

sekmt = server_conn.export_keying_material(b"test", 32, b"CONTEXT")

Paul Kehrer

2017-12-01 04:54:32 +0800

[diff] [blame]

3552

assert cekmc != cekmt

3553

assert sekmc != sekmt

3554

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3555

# Here are the bytes we'll try to send.

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3556

important_message = b"One if by land, two if by sea."

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3557

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3558

server_conn.write(important_message)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3559

assert interact_in_memory(client_conn, server_conn) == (

3560

client_conn,

3561

important_message,

3562

)

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3563

3564

client_conn.write(important_message[::-1])

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3565

assert interact_in_memory(client_conn, server_conn) == (

3566

server_conn,

3567

important_message[::-1],

3568

)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3569

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3570

def test_socket_connect(self):

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3571

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3572

Just like `test_memory_connect` but with an actual socket.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3573

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3574

This is primarily to rule out the memory BIO code as the source of any

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3575

problems encountered while passing data over a `Connection` (if

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3576

this test fails, there must be a problem outside the memory BIO code,

3577

as no memory BIO is involved here). Even though this isn't a memory

3578

BIO test, it's convenient to have it here.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3579

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3580

server_conn, client_conn = loopback()

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3581

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

3582

important_message = b"Help me Obi Wan Kenobi, you're my only hope."

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3583

client_conn.send(important_message)

3584

msg = server_conn.recv(1024)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3585

assert msg == important_message

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3586

3587

# Again in the other direction, just for fun.

3588

important_message = important_message[::-1]

3589

server_conn.send(important_message)

3590

msg = client_conn.recv(1024)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3591

assert msg == important_message

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3592

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3593

def test_socket_overrides_memory(self):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3594

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3595

Test that `OpenSSL.SSL.bio_read` and `OpenSSL.SSL.bio_write` don't

3596

work on `OpenSSL.SSL.Connection`() that use sockets.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3597

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

3598

context = Context(SSLv23_METHOD)

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

3599

client = socket_any_family()

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3600

clientSSL = Connection(context, client)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3601

with pytest.raises(TypeError):

3602

clientSSL.bio_read(100)

3603

with pytest.raises(TypeError):

Paul Kehrer

2020-08-03 15:54:20 -0500

[diff] [blame]

3604

clientSSL.bio_write(b"foo")

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3605

with pytest.raises(TypeError):

3606

clientSSL.bio_shutdown()

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3607

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3608

def test_outgoing_overflow(self):

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3609

"""

3610

If more bytes than can be written to the memory BIO are passed to

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3611

`Connection.send` at once, the number of bytes which were written is

3612

returned and that many bytes from the beginning of the input can be

3613

read from the other end of the connection.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3614

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3615

server = self._server(None)

3616

client = self._client(None)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3617

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3618

interact_in_memory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3619

3620

size = 2 ** 15

Jean-Paul Calderone

4f0467a

2014-01-11 11:58:41 -0500

[diff] [blame]

3621

sent = client.send(b"x" * size)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3622

# Sanity check. We're trying to test what happens when the entire

3623

# input can't be sent. If the entire input was sent, this test is

3624

# meaningless.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3625

assert sent < size

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3626

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3627

receiver, received = interact_in_memory(client, server)

3628

assert receiver is server

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3629

3630

# We can rely on all of these bytes being received at once because

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3631

# loopback passes 2 ** 16 to recv - more than 2 ** 15.

3632

assert len(received) == sent

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3633

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3634

def test_shutdown(self):

3635

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3636

`Connection.bio_shutdown` signals the end of the data stream

3637

from which the `Connection` reads.

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3638

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3639

server = self._server(None)

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3640

server.bio_shutdown()

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3641

with pytest.raises(Error) as err:

3642

server.recv(1024)

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3643

# We don't want WantReadError or ZeroReturnError or anything - it's a

3644

# handshake failure.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3645

assert type(err.value) in [Error, SysCallError]

Jean-Paul Calderone

0b88b6a

2009-07-05 12:44:41 -0400

[diff] [blame]

3646

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3647

def test_unexpected_EOF(self):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3648

"""

3649

If the connection is lost before an orderly SSL shutdown occurs,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3650

`OpenSSL.SSL.SysCallError` is raised with a message of

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3651

"Unexpected EOF".

3652

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3653

server_conn, client_conn = loopback()

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3654

client_conn.sock_shutdown(SHUT_RDWR)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3655

with pytest.raises(SysCallError) as err:

3656

server_conn.recv(1024)

3657

assert err.value.args == (-1, "Unexpected EOF")

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3658

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3659

def _check_client_ca_list(self, func):

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3660

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3661

Verify the return value of the `get_client_ca_list` method for

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3662

server and client connections.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3663

Jonathan Ballet

78b92a2

2011-07-16 08:07:26 +0900

[diff] [blame]

3664

:param func: A function which will be called with the server context

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3665

before the client and server are connected to each other. This

3666

function should specify a list of CAs for the server to send to the

3667

client and return that same list. The list will be used to verify

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3668

that `get_client_ca_list` returns the proper value at

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3669

various times.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3670

"""

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3671

server = self._server(None)

3672

client = self._client(None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3673

assert client.get_client_ca_list() == []

3674

assert server.get_client_ca_list() == []

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3675

ctx = server.get_context()

3676

expected = func(ctx)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3677

assert client.get_client_ca_list() == []

3678

assert server.get_client_ca_list() == expected

3679

interact_in_memory(client, server)

3680

assert client.get_client_ca_list() == expected

3681

assert server.get_client_ca_list() == expected

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3682

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3683

def test_set_client_ca_list_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3684

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3685

`Context.set_client_ca_list` raises a `TypeError` if called with a

3686

non-list or a list that contains objects other than X509Names.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3687

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

3688

ctx = Context(SSLv23_METHOD)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3689

with pytest.raises(TypeError):

3690

ctx.set_client_ca_list("spam")

3691

with pytest.raises(TypeError):

3692

ctx.set_client_ca_list(["spam"])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3693

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3694

def test_set_empty_ca_list(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3695

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3696

If passed an empty list, `Context.set_client_ca_list` configures the

3697

context to send no CA names to the client and, on both the server and

3698

client sides, `Connection.get_client_ca_list` returns an empty list

3699

after the connection is set up.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3700

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3701

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3702

def no_ca(ctx):

3703

ctx.set_client_ca_list([])

3704

return []

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3705

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3706

self._check_client_ca_list(no_ca)

3707

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3708

def test_set_one_ca_list(self):

3709

"""

3710

If passed a list containing a single X509Name,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3711

`Context.set_client_ca_list` configures the context to send

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3712

that CA name to the client and, on both the server and client sides,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3713

`Connection.get_client_ca_list` returns a list containing that

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3714

X509Name after the connection is set up.

3715

"""

3716

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3717

cadesc = cacert.get_subject()

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3718

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3719

def single_ca(ctx):

3720

ctx.set_client_ca_list([cadesc])

3721

return [cadesc]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3722

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3723

self._check_client_ca_list(single_ca)

3724

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3725

def test_set_multiple_ca_list(self):

3726

"""

3727

If passed a list containing multiple X509Name objects,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3728

`Context.set_client_ca_list` configures the context to send

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3729

those CA names to the client and, on both the server and client sides,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3730

`Connection.get_client_ca_list` returns a list containing those

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3731

X509Names after the connection is set up.

3732

"""

3733

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3734

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3735

3736

sedesc = secert.get_subject()

3737

cldesc = clcert.get_subject()

3738

3739

def multiple_ca(ctx):

3740

L = [sedesc, cldesc]

3741

ctx.set_client_ca_list(L)

3742

return L

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3743

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3744

self._check_client_ca_list(multiple_ca)

3745

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3746

def test_reset_ca_list(self):

3747

"""

3748

If called multiple times, only the X509Names passed to the final call

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3749

of `Context.set_client_ca_list` are used to configure the CA

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3750

names sent to the client.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3751

"""

3752

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3753

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3754

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3755

3756

cadesc = cacert.get_subject()

3757

sedesc = secert.get_subject()

3758

cldesc = clcert.get_subject()

3759

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3760

def changed_ca(ctx):

3761

ctx.set_client_ca_list([sedesc, cldesc])

3762

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3763

return [cadesc]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3764

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3765

self._check_client_ca_list(changed_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3766

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3767

def test_mutated_ca_list(self):

3768

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3769

If the list passed to `Context.set_client_ca_list` is mutated

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3770

afterwards, this does not affect the list of CA names sent to the

3771

client.

3772

"""

3773

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3774

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3775

3776

cadesc = cacert.get_subject()

3777

sedesc = secert.get_subject()

3778

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3779

def mutated_ca(ctx):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3780

L = [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3781

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3782

L.append(sedesc)

3783

return [cadesc]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3784

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3785

self._check_client_ca_list(mutated_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3786

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3787

def test_add_client_ca_wrong_args(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3788

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3789

`Context.add_client_ca` raises `TypeError` if called with

3790

a non-X509 object.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3791

"""

Paul Kehrer

2020-08-03 19:18:15 -0500

[diff] [blame]

3792

ctx = Context(SSLv23_METHOD)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3793

with pytest.raises(TypeError):

3794

ctx.add_client_ca("spam")

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3795

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3796

def test_one_add_client_ca(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3797

"""

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3798

A certificate's subject can be added as a CA to be sent to the client

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3799

with `Context.add_client_ca`.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3800

"""

3801

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3802

cadesc = cacert.get_subject()

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3803

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3804

def single_ca(ctx):

3805

ctx.add_client_ca(cacert)

3806

return [cadesc]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3807

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3808

self._check_client_ca_list(single_ca)

3809

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3810

def test_multiple_add_client_ca(self):

3811

"""

3812

Multiple CA names can be sent to the client by calling

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3813

`Context.add_client_ca` with multiple X509 objects.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3814

"""

3815

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3816

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3817

3818

cadesc = cacert.get_subject()

3819

sedesc = secert.get_subject()

3820

3821

def multiple_ca(ctx):

3822

ctx.add_client_ca(cacert)

3823

ctx.add_client_ca(secert)

3824

return [cadesc, sedesc]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3825

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3826

self._check_client_ca_list(multiple_ca)

3827

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3828

def test_set_and_add_client_ca(self):

3829

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3830

A call to `Context.set_client_ca_list` followed by a call to

3831

`Context.add_client_ca` results in using the CA names from the

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3832

first call and the CA name from the second call.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3833

"""

3834

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3835

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3836

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3837

3838

cadesc = cacert.get_subject()

3839

sedesc = secert.get_subject()

3840

cldesc = clcert.get_subject()

3841

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3842

def mixed_set_add_ca(ctx):

3843

ctx.set_client_ca_list([cadesc, sedesc])

3844

ctx.add_client_ca(clcert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3845

return [cadesc, sedesc, cldesc]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3846

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3847

self._check_client_ca_list(mixed_set_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3848

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3849

def test_set_after_add_client_ca(self):

3850

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3851

A call to `Context.set_client_ca_list` after a call to

3852

`Context.add_client_ca` replaces the CA name specified by the

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3853

former call with the names specified by the latter call.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3854

"""

3855

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3856

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3857

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3858

3859

cadesc = cacert.get_subject()

3860

sedesc = secert.get_subject()

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3861

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3862

def set_replaces_add_ca(ctx):

3863

ctx.add_client_ca(clcert)

3864

ctx.set_client_ca_list([cadesc])

3865

ctx.add_client_ca(secert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3866

return [cadesc, sedesc]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3867

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3868

self._check_client_ca_list(set_replaces_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3869

Jean-Paul Calderone

0b88b6a

2009-07-05 12:44:41 -0400

[diff] [blame]

3870

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3871

class TestInfoConstants(object):

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

3872

"""

3873

Tests for assorted constants exposed for use in info callbacks.

3874

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3875

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

3876

def test_integers(self):

3877

"""

3878

All of the info constants are integers.

3879

3880

This is a very weak test. It would be nice to have one that actually

3881

verifies that as certain info events happen, the value passed to the

3882

info callback matches up with the constant exposed by OpenSSL.SSL.

3883

"""

3884

for const in [

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

SSL_ST_CONNECT,

SSL_ST_ACCEPT,

SSL_ST_MASK,

SSL_CB_LOOP,

SSL_CB_EXIT,

SSL_CB_READ,

SSL_CB_WRITE,

SSL_CB_ALERT,

SSL_CB_READ_ALERT,

SSL_CB_WRITE_ALERT,

SSL_CB_ACCEPT_LOOP,

SSL_CB_ACCEPT_EXIT,

SSL_CB_CONNECT_LOOP,

SSL_CB_CONNECT_EXIT,

SSL_CB_HANDSHAKE_START,

3900

SSL_CB_HANDSHAKE_DONE,

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3901

]:

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

3902

assert isinstance(const, int)

3903

3904

# These constants don't exist on OpenSSL 1.1.0

3905

for const in [

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

SSL_ST_INIT,

SSL_ST_BEFORE,

SSL_ST_OK,

SSL_ST_RENEGOTIATE,

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

3910

]:

3911

assert const is None or isinstance(const, int)

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

3912

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

3913

Cory Benfield

1d14214

2016-03-30 11:51:45 +0100

[diff] [blame]

3914

class TestRequires(object):

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3915

"""

3916

Tests for the decorator factory used to conditionally raise

Cory Benfield

1d14214

2016-03-30 11:51:45 +0100

[diff] [blame]

3917

NotImplementedError when older OpenSSLs are used.

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3918

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3919

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3920

def test_available(self):

3921

"""

3922

When the OpenSSL functionality is available the decorated functions

3923

work appropriately.

3924

"""

3925

feature_guard = _make_requires(True, "Error text")

results = []

@feature_guard

def inner():

results.append(True)

return True

Cory Benfield

2016-03-30 14:24:16 +0100

[diff] [blame]

3933

assert inner() is True

3934

assert [True] == results

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3935

3936

def test_unavailable(self):

3937

"""

3938

When the OpenSSL functionality is not available the decorated function

3939

does not execute and NotImplementedError is raised.

3940

"""

3941

feature_guard = _make_requires(False, "Error text")

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3942

3943

@feature_guard

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

3944

def inner(): # pragma: nocover

3945

pytest.fail("Should not be called")

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3946

Cory Benfield

1d14214

2016-03-30 11:51:45 +0100

[diff] [blame]

3947

with pytest.raises(NotImplementedError) as e:

3948

inner()

3949

3950

assert "Error text" in str(e.value)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3951

3952

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3953

class TestOCSP(object):

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3954

"""

3955

Tests for PyOpenSSL's OCSP stapling support.

3956

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3957

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3958

sample_ocsp_data = b"this is totally ocsp data"

3959

3960

def _client_connection(self, callback, data, request_ocsp=True):

3961

"""

3962

Builds a client connection suitable for using OCSP.

3963

3964

:param callback: The callback to register for OCSP.

3965

:param data: The opaque data object that will be handed to the

3966

OCSP callback.

3967

:param request_ocsp: Whether the client will actually ask for OCSP

3968

stapling. Useful for testing only.

3969

"""

3970

ctx = Context(SSLv23_METHOD)

3971

ctx.set_ocsp_client_callback(callback, data)

3972

client = Connection(ctx)

3973

3974

if request_ocsp:

3975

client.request_ocsp()

3976

3977

client.set_connect_state()

3978

return client

3979

3980

def _server_connection(self, callback, data):

3981

"""

3982

Builds a server connection suitable for using OCSP.

3983

3984

:param callback: The callback to register for OCSP.

3985

:param data: The opaque data object that will be handed to the

3986

OCSP callback.

3987

"""

3988

ctx = Context(SSLv23_METHOD)

3989

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

3990

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

3991

ctx.set_ocsp_server_callback(callback, data)

3992

server = Connection(ctx)

3993

server.set_accept_state()

3994

return server

3995

3996

def test_callbacks_arent_called_by_default(self):

3997

"""

3998

If both the client and the server have registered OCSP callbacks, but

3999

the client does not send the OCSP request, neither callback gets

4000

called.

4001

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

4002

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

4003

def ocsp_callback(*args, **kwargs): # pragma: nocover

4004

pytest.fail("Should not be called")

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4005

4006

client = self._client_connection(

4007

callback=ocsp_callback, data=None, request_ocsp=False

4008

)

4009

server = self._server_connection(callback=ocsp_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4010

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4011

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4012

def test_client_negotiates_without_server(self):

4013

"""

4014

If the client wants to do OCSP but the server does not, the handshake

4015

succeeds, and the client callback fires with an empty byte string.

"""

called = []

def ocsp_callback(conn, ocsp_data, ignored):

4020

called.append(ocsp_data)

4021

return True

4022

4023

client = self._client_connection(callback=ocsp_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4024

server = loopback_server_factory(socket=None)

4025

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4026

4027

assert len(called) == 1

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

4028

assert called[0] == b""

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4029

4030

def test_client_receives_servers_data(self):

4031

"""

4032

The data the server sends in its callback is received by the client.

"""

calls = []

def server_callback(*args, **kwargs):

4037

return self.sample_ocsp_data

4038

4039

def client_callback(conn, ocsp_data, ignored):

4040

calls.append(ocsp_data)

4041

return True

4042

4043

client = self._client_connection(callback=client_callback, data=None)

4044

server = self._server_connection(callback=server_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4045

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4046

4047

assert len(calls) == 1

4048

assert calls[0] == self.sample_ocsp_data

4049

4050

def test_callbacks_are_invoked_with_connections(self):

4051

"""

4052

The first arguments to both callbacks are their respective connections.

"""

client_calls = []

server_calls = []

def client_callback(conn, *args, **kwargs):

4058

client_calls.append(conn)

4059

return True

4060

4061

def server_callback(conn, *args, **kwargs):

4062

server_calls.append(conn)

4063

return self.sample_ocsp_data

4064

4065

client = self._client_connection(callback=client_callback, data=None)

4066

server = self._server_connection(callback=server_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4067

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4068

4069

assert len(client_calls) == 1

4070

assert len(server_calls) == 1

4071

assert client_calls[0] is client

4072

assert server_calls[0] is server

4073

4074

def test_opaque_data_is_passed_through(self):

4075

"""

4076

Both callbacks receive an opaque, user-provided piece of data in their

4077

callbacks as the final argument.

"""

calls = []

def server_callback(*args):

4082

calls.append(args)

4083

return self.sample_ocsp_data

4084

4085

def client_callback(*args):

calls.append(args)

return True

sentinel = object()

client = self._client_connection(

4092

callback=client_callback, data=sentinel

4093

)

4094

server = self._server_connection(

4095

callback=server_callback, data=sentinel

4096

)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4097

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4098

4099

assert len(calls) == 2

4100

assert calls[0][-1] is sentinel

4101

assert calls[1][-1] is sentinel

4102

4103

def test_server_returns_empty_string(self):

4104

"""

4105

If the server returns an empty bytestring from its callback, the

4106

client callback is called with the empty bytestring.

"""

client_calls = []

def server_callback(*args):

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

4111

return b""

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4112

4113

def client_callback(conn, ocsp_data, ignored):

4114

client_calls.append(ocsp_data)

4115

return True

4116

4117

client = self._client_connection(callback=client_callback, data=None)

4118

server = self._server_connection(callback=server_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4119

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4120

4121

assert len(client_calls) == 1

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

4122

assert client_calls[0] == b""

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4123

4124

def test_client_returns_false_terminates_handshake(self):

4125

"""

4126

If the client returns False from its callback, the handshake fails.

4127

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

4128

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4129

def server_callback(*args):

4130

return self.sample_ocsp_data

4131

4132

def client_callback(*args):

4133

return False

4134

4135

client = self._client_connection(callback=client_callback, data=None)

4136

server = self._server_connection(callback=server_callback, data=None)

4137

4138

with pytest.raises(Error):

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4139

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4140

4141

def test_exceptions_in_client_bubble_up(self):

4142

"""

4143

The callbacks thrown in the client callback bubble up to the caller.

4144

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

4145

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4146

class SentinelException(Exception):

4147

pass

4148

4149

def server_callback(*args):

4150

return self.sample_ocsp_data

4151

4152

def client_callback(*args):

4153

raise SentinelException()

4154

4155

client = self._client_connection(callback=client_callback, data=None)

4156

server = self._server_connection(callback=server_callback, data=None)

4157

4158

with pytest.raises(SentinelException):

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4159

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4160

4161

def test_exceptions_in_server_bubble_up(self):

4162

"""

4163

The callbacks thrown in the server callback bubble up to the caller.

4164

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

4165

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4166

class SentinelException(Exception):

4167

pass

4168

4169

def server_callback(*args):

4170

raise SentinelException()

4171

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

4172

def client_callback(*args): # pragma: nocover

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4173

pytest.fail("Should not be called")

4174

4175

client = self._client_connection(callback=client_callback, data=None)

4176

server = self._server_connection(callback=server_callback, data=None)

4177

4178

with pytest.raises(SentinelException):

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4179

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4180

4181

def test_server_must_return_bytes(self):

4182

"""

4183

The server callback must return a bytestring, or a TypeError is thrown.

4184

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

4185

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4186

def server_callback(*args):

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

4187

return self.sample_ocsp_data.decode("ascii")

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4188

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

4189

def client_callback(*args): # pragma: nocover

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4190

pytest.fail("Should not be called")

4191

4192

client = self._client_connection(callback=client_callback, data=None)

4193

server = self._server_connection(callback=server_callback, data=None)

4194

4195

with pytest.raises(TypeError):

Alex Chan