Blame - tests/test_ssl.py - platform/external/python/pyopenssl

2008-03-21 17:04:05 -0400

[diff] [blame]

4

"""

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

5

Unit tests for :mod:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

6

"""

7

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

8

import datetime

Maximilian Hils

868dc3c

2017-02-10 14:56:55 +0100

[diff] [blame]

9

import sys

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

10

import uuid

11

Jean-Paul Calderone

4c1aacd

2014-01-11 08:15:17 -0500

[diff] [blame]

12

from gc import collect, get_referrers

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

13

from errno import ECONNREFUSED, EINPROGRESS, EWOULDBLOCK, EPIPE, ESHUTDOWN

Jeremy Lainé

1ae7cb6

2018-03-21 14:49:42 +0100

[diff] [blame]

14

from sys import platform, getfilesystemencoding

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

15

from socket import MSG_PEEK, SHUT_RDWR, error, socket

Jean-Paul Calderone

a65cf6c

2009-07-19 10:26:52 -0400

[diff] [blame]

16

from os import makedirs

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

17

from os.path import join

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

18

from weakref import ref

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

19

from warnings import simplefilter

Jean-Paul Calderone

460cc1f

2009-03-07 11:31:12 -0500

[diff] [blame]

20

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

21

import pytest

22

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

23

from pretend import raiser

24

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

25

from six import PY3, text_type

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

26

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

27

from cryptography import x509

28

from cryptography.hazmat.backends import default_backend

29

from cryptography.hazmat.primitives import hashes

30

from cryptography.hazmat.primitives import serialization

31

from cryptography.hazmat.primitives.asymmetric import rsa

32

from cryptography.x509.oid import NameOID

33

34

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

35

from OpenSSL.crypto import TYPE_RSA, FILETYPE_PEM

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

36

from OpenSSL.crypto import PKey, X509, X509Extension, X509Store

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

37

from OpenSSL.crypto import dump_privatekey, load_privatekey

38

from OpenSSL.crypto import dump_certificate, load_certificate

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

39

from OpenSSL.crypto import get_elliptic_curves

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

40

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

41

from OpenSSL.SSL import OPENSSL_VERSION_NUMBER, SSLEAY_VERSION, SSLEAY_CFLAGS

42

from OpenSSL.SSL import SSLEAY_PLATFORM, SSLEAY_DIR, SSLEAY_BUILT_ON

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

43

from OpenSSL.SSL import SENT_SHUTDOWN, RECEIVED_SHUTDOWN

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

44

from OpenSSL.SSL import (

45

SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD,

46

TLSv1_1_METHOD, TLSv1_2_METHOD)

47

from OpenSSL.SSL import OP_SINGLE_DH_USE, OP_NO_SSLv2, OP_NO_SSLv3

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

48

from OpenSSL.SSL import (

49

VERIFY_PEER, VERIFY_FAIL_IF_NO_PEER_CERT, VERIFY_CLIENT_ONCE, VERIFY_NONE)

Jean-Paul Calderone

0222a49

2011-09-08 18:26:03 -0400

[diff] [blame]

50

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

51

from OpenSSL import SSL

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

52

from OpenSSL.SSL import (

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

53

SESS_CACHE_OFF, SESS_CACHE_CLIENT, SESS_CACHE_SERVER, SESS_CACHE_BOTH,

54

SESS_CACHE_NO_AUTO_CLEAR, SESS_CACHE_NO_INTERNAL_LOOKUP,

55

SESS_CACHE_NO_INTERNAL_STORE, SESS_CACHE_NO_INTERNAL)

56

57

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

58

Error, SysCallError, WantReadError, WantWriteError, ZeroReturnError)

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

59

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

60

Context, ContextType, Session, Connection, ConnectionType, SSLeay_version)

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

61

from OpenSSL.SSL import _make_requires

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

62

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

63

from OpenSSL._util import ffi as _ffi, lib as _lib

Cory Benfield

ba1820d

2015-04-13 17:39:12 -0400

[diff] [blame]

64

Alex Gaynor

2016-07-31 10:54:24 -0400

[diff] [blame]

65

from OpenSSL.SSL import (

66

OP_NO_QUERY_MTU, OP_COOKIE_EXCHANGE, OP_NO_TICKET, OP_NO_COMPRESSION,

67

MODE_RELEASE_BUFFERS)

Jean-Paul Calderone

0222a49

2011-09-08 18:26:03 -0400

[diff] [blame]

68

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

69

from OpenSSL.SSL import (

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

70

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK,

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

71

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

72

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

73

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

74

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

75

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

76

try:

77

from OpenSSL.SSL import (

78

SSL_ST_INIT, SSL_ST_BEFORE, SSL_ST_OK, SSL_ST_RENEGOTIATE

79

)

80

except ImportError:

81

SSL_ST_INIT = SSL_ST_BEFORE = SSL_ST_OK = SSL_ST_RENEGOTIATE = None

82

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

83

from .util import WARNING_TYPE_EXPECTED, NON_ASCII, is_consistent_type

Hynek Schlawack

f0e6685

2015-10-16 20:18:38 +0200

[diff] [blame]

84

from .test_crypto import (

85

cleartextCertificatePEM, cleartextPrivateKeyPEM,

86

client_cert_pem, client_key_pem, server_cert_pem, server_key_pem,

87

root_cert_pem)

88

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

89

Alex Gaynor

d0bdd2d

2016-09-10 14:23:46 -0400

[diff] [blame]

90

# openssl dhparam 1024 -out dh-1024.pem (note that 1024 is a small number of

91

# bits to use)

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

92

dhparam = """\

93

-----BEGIN DH PARAMETERS-----

Alex Gaynor

d0bdd2d

2016-09-10 14:23:46 -0400

[diff] [blame]

94

MIGHAoGBALdUMvn+C9MM+y5BWZs11mSeH6HHoEq0UVbzVq7UojC1hbsZUuGukQ3a

95

Qh2/pwqb18BZFykrWB0zv/OkLa0kx4cuUgNrUVq1EFheBiX6YqryJ7t2sO09NQiO

96

V7H54LmltOT/hEh6QWsJqb6BQgH65bswvV/XkYGja8/T0GzvbaVzAgEC

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

97

-----END DH PARAMETERS-----

"""

Hynek Schlawack

2015-09-05 20:48:34 +0200

[diff] [blame]

101

skip_if_py3 = pytest.mark.skipif(PY3, reason="Python 2 only")

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

102

103

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

104

def join_bytes_or_unicode(prefix, suffix):

105

"""

106

Join two path components of either ``bytes`` or ``unicode``.

107

108

The return type is the same as the type of ``prefix``.

109

"""

110

# If the types are the same, nothing special is necessary.

111

if type(prefix) == type(suffix):

112

return join(prefix, suffix)

113

114

# Otherwise, coerce suffix to the type of prefix.

115

if isinstance(prefix, text_type):

116

return join(prefix, suffix.decode(getfilesystemencoding()))

117

else:

118

return join(prefix, suffix.encode(getfilesystemencoding()))

119

120

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

121

def verify_cb(conn, cert, errnum, depth, ok):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

122

return ok

123

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

124

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

125

def socket_pair():

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

126

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

127

Establish and return a pair of network sockets connected to each other.

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

128

"""

129

# Connect a pair of sockets

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(1)

client = socket()

client.setblocking(False)

Jean-Paul Calderone

f23c5d9

2009-07-23 17:58:15 -0400

[diff] [blame]

135

client.connect_ex(("127.0.0.1", port.getsockname()[1]))

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

136

client.setblocking(True)

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

137

server = port.accept()[0]

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

138

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

139

# Let's pass some unencrypted data to make sure our socket connection is

140

# fine. Just one byte, so we don't have to worry about buffers getting

141

# filled up or fragmentation.

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

142

server.send(b"x")

143

assert client.recv(1024) == b"x"

144

client.send(b"y")

145

assert server.recv(1024) == b"y"

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

146

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

147

# Most of our callers want non-blocking sockets, make it easy for them.

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

148

server.setblocking(False)

149

client.setblocking(False)

Jim Shaver

46f2891

2015-05-29 19:32:16 -0400

[diff] [blame]

150

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

151

return (server, client)

152

153

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

154

def handshake(client, server):

155

conns = [client, server]

while conns:

for conn in conns:

try:

conn.do_handshake()

except WantReadError:

pass

else:

conns.remove(conn)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

166

def _create_certificate_chain():

167

"""

168

Construct and return a chain of certificates.

169

170

1. A new self-signed certificate authority certificate (cacert)

171

2. A new intermediate certificate signed by cacert (icert)

172

3. A new server certificate signed by icert (scert)

173

"""

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

174

caext = X509Extension(b'basicConstraints', False, b'CA:true')

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

175

176

# Step 1

177

cakey = PKey()

Alex Gaynor

0737a5e

2016-09-10 14:35:09 -0400

[diff] [blame]

178

cakey.generate_key(TYPE_RSA, 1024)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

179

cacert = X509()

180

cacert.get_subject().commonName = "Authority Certificate"

181

cacert.set_issuer(cacert.get_subject())

182

cacert.set_pubkey(cakey)

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

183

cacert.set_notBefore(b"20000101000000Z")

184

cacert.set_notAfter(b"20200101000000Z")

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

185

cacert.add_extensions([caext])

186

cacert.set_serial_number(0)

187

cacert.sign(cakey, "sha1")

188

189

# Step 2

190

ikey = PKey()

Alex Gaynor

0737a5e

2016-09-10 14:35:09 -0400

[diff] [blame]

191

ikey.generate_key(TYPE_RSA, 1024)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

192

icert = X509()

193

icert.get_subject().commonName = "Intermediate Certificate"

194

icert.set_issuer(cacert.get_subject())

195

icert.set_pubkey(ikey)

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

196

icert.set_notBefore(b"20000101000000Z")

197

icert.set_notAfter(b"20200101000000Z")

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

198

icert.add_extensions([caext])

199

icert.set_serial_number(0)

200

icert.sign(cakey, "sha1")

201

202

# Step 3

203

skey = PKey()

Alex Gaynor

0737a5e

2016-09-10 14:35:09 -0400

[diff] [blame]

204

skey.generate_key(TYPE_RSA, 1024)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

205

scert = X509()

206

scert.get_subject().commonName = "Server Certificate"

207

scert.set_issuer(icert.get_subject())

208

scert.set_pubkey(skey)

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

209

scert.set_notBefore(b"20000101000000Z")

210

scert.set_notAfter(b"20200101000000Z")

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

211

scert.add_extensions([

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

212

X509Extension(b'basicConstraints', True, b'CA:false')])

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

213

scert.set_serial_number(0)

214

scert.sign(ikey, "sha1")

215

216

return [(cakey, cacert), (ikey, icert), (skey, scert)]

217

218

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

219

def loopback_client_factory(socket):

Alex Gaynor

85b1758

2017-08-07 11:52:08 -0400

[diff] [blame]

220

client = Connection(Context(SSLv23_METHOD), socket)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

221

client.set_connect_state()

return client

def loopback_server_factory(socket):

Alex Gaynor

85b1758

2017-08-07 11:52:08 -0400

[diff] [blame]

226

ctx = Context(SSLv23_METHOD)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

227

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

228

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

229

server = Connection(ctx, socket)

230

server.set_accept_state()

return server

def loopback(server_factory=None, client_factory=None):

235

"""

236

Create a connected socket pair and force two connected SSL sockets

237

to talk to each other via memory BIOs.

238

"""

239

if server_factory is None:

240

server_factory = loopback_server_factory

241

if client_factory is None:

242

client_factory = loopback_client_factory

243

244

(server, client) = socket_pair()

245

server = server_factory(server)

246

client = client_factory(client)

247

248

handshake(client, server)

249

250

server.setblocking(True)

251

client.setblocking(True)

252

return server, client

253

254

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

255

def interact_in_memory(client_conn, server_conn):

256

"""

257

Try to read application bytes from each of the two `Connection` objects.

258

Copy bytes back and forth between their send/receive buffers for as long

259

as there is anything to copy. When there is nothing more to copy,

260

return `None`. If one of them actually manages to deliver some application

261

bytes, return a two-tuple of the connection from which the bytes were read

262

and the bytes themselves.

"""

wrote = True

while wrote:

# Loop until neither side has anything to say

267

wrote = False

268

269

# Copy stuff from each side's send buffer to the other side's

270

# receive buffer.

271

for (read, write) in [(client_conn, server_conn),

272

(server_conn, client_conn)]:

273

274

# Give the side a chance to generate some more bytes, or succeed.

275

try:

276

data = read.recv(2 ** 16)

277

except WantReadError:

278

# It didn't succeed, so we'll hope it generated some output.

279

pass

280

else:

281

# It did succeed, so we'll stop now and let the caller deal

# with it.

return (read, data)

while True:

# Keep copying as long as there's more stuff there.

287

try:

288

dirty = read.bio_read(4096)

289

except WantReadError:

290

# Okay, nothing more waiting to be sent. Stop

291

# processing this send buffer.

292

break

293

else:

294

# Keep track of the fact that someone generated some

295

# output.

296

wrote = True

297

write.bio_write(dirty)

298

299

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

300

def handshake_in_memory(client_conn, server_conn):

301

"""

302

Perform the TLS handshake between two `Connection` instances connected to

303

each other via memory BIOs.

304

"""

305

client_conn.set_connect_state()

306

server_conn.set_accept_state()

307

308

for conn in [client_conn, server_conn]:

309

try:

310

conn.do_handshake()

311

except WantReadError:

312

pass

313

314

interact_in_memory(client_conn, server_conn)

315

316

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

317

class TestVersion(object):

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

318

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

319

Tests for version information exposed by `OpenSSL.SSL.SSLeay_version` and

320

`OpenSSL.SSL.OPENSSL_VERSION_NUMBER`.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

321

"""

322

def test_OPENSSL_VERSION_NUMBER(self):

323

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

324

`OPENSSL_VERSION_NUMBER` is an integer with status in the low byte and

325

the patch, fix, minor, and major versions in the nibbles above that.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

326

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

327

assert isinstance(OPENSSL_VERSION_NUMBER, int)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

328

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

329

def test_SSLeay_version(self):

330

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

331

`SSLeay_version` takes a version type indicator and returns one of a

332

number of version strings based on that indicator.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

333

"""

334

versions = {}

335

for t in [SSLEAY_VERSION, SSLEAY_CFLAGS, SSLEAY_BUILT_ON,

336

SSLEAY_PLATFORM, SSLEAY_DIR]:

337

version = SSLeay_version(t)

338

versions[version] = t

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

339

assert isinstance(version, bytes)

340

assert len(versions) == 5

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

341

342

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

343

@pytest.fixture

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

344

def ca_file(tmpdir):

345

"""

346

Create a valid PEM file with CA certificates and return the path.

347

"""

348

key = rsa.generate_private_key(

349

public_exponent=65537,

350

key_size=2048,

351

backend=default_backend()

352

)

353

public_key = key.public_key()

354

355

builder = x509.CertificateBuilder()

356

builder = builder.subject_name(x509.Name([

357

x509.NameAttribute(NameOID.COMMON_NAME, u"pyopenssl.org"),

358

]))

359

builder = builder.issuer_name(x509.Name([

360

x509.NameAttribute(NameOID.COMMON_NAME, u"pyopenssl.org"),

361

]))

362

one_day = datetime.timedelta(1, 0, 0)

363

builder = builder.not_valid_before(datetime.datetime.today() - one_day)

364

builder = builder.not_valid_after(datetime.datetime.today() + one_day)

365

builder = builder.serial_number(int(uuid.uuid4()))

366

builder = builder.public_key(public_key)

367

builder = builder.add_extension(

368

x509.BasicConstraints(ca=True, path_length=None), critical=True,

369

)

370

371

certificate = builder.sign(

372

private_key=key, algorithm=hashes.SHA256(),

373

backend=default_backend()

374

)

375

376

ca_file = tmpdir.join("test.pem")

377

ca_file.write_binary(

378

certificate.public_bytes(

379

encoding=serialization.Encoding.PEM,

)

)

return str(ca_file).encode("ascii")

384

385

386

@pytest.fixture

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

387

def context():

388

"""

389

A simple TLS 1.0 context.

390

"""

391

return Context(TLSv1_METHOD)

392

393

394

class TestContext(object):

Hynek Schlawack

aa86121

2016-03-13 13:53:48 +0100

[diff] [blame]

395

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

396

Unit tests for `OpenSSL.SSL.Context`.

Hynek Schlawack

aa86121

2016-03-13 13:53:48 +0100

[diff] [blame]

397

"""

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

398

@pytest.mark.parametrize("cipher_string", [

399

b"hello world:AES128-SHA",

400

u"hello world:AES128-SHA",

401

])

402

def test_set_cipher_list(self, context, cipher_string):

403

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

404

`Context.set_cipher_list` accepts both byte and unicode strings

Hynek Schlawack

a7a63af

2016-03-11 12:05:26 +0100

[diff] [blame]

405

for naming the ciphers which connections created with the context

406

object will be able to choose from.

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

407

"""

408

context.set_cipher_list(cipher_string)

409

conn = Connection(context, None)

410

411

assert "AES128-SHA" in conn.get_cipher_list()

412

413

@pytest.mark.parametrize("cipher_list,error", [

414

(object(), TypeError),

415

("imaginary-cipher", Error),

416

])

417

def test_set_cipher_list_wrong_args(self, context, cipher_list, error):

418

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

419

`Context.set_cipher_list` raises `TypeError` when passed a non-string

420

argument and raises `OpenSSL.SSL.Error` when passed an incorrect cipher

421

list string.

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

422

"""

423

with pytest.raises(error):

424

context.set_cipher_list(cipher_list)

425

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

426

def test_load_client_ca(self, context, ca_file):

427

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

428

`Context.load_client_ca` works as far as we can tell.

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

429

"""

430

context.load_client_ca(ca_file)

431

432

def test_load_client_ca_invalid(self, context, tmpdir):

433

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

434

`Context.load_client_ca` raises an Error if the ca file is invalid.

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

435

"""

436

ca_file = tmpdir.join("test.pem")

437

ca_file.write("")

438

439

with pytest.raises(Error) as e:

440

context.load_client_ca(str(ca_file).encode("ascii"))

441

442

assert "PEM routines" == e.value.args[0][0][0]

443

444

def test_load_client_ca_unicode(self, context, ca_file):

445

"""

446

Passing the path as unicode raises a warning but works.

447

"""

448

pytest.deprecated_call(

449

context.load_client_ca, ca_file.decode("ascii")

450

)

451

452

def test_set_session_id(self, context):

453

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

454

`Context.set_session_id` works as far as we can tell.

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

455

"""

456

context.set_session_id(b"abc")

457

458

def test_set_session_id_fail(self, context):

459

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

460

`Context.set_session_id` errors are propagated.

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

461

"""

462

with pytest.raises(Error) as e:

463

context.set_session_id(b"abc" * 1000)

assert [

("SSL routines",

"SSL_CTX_set_session_id_context",

468

"ssl session id context too long")

469

] == e.value.args[0]

470

471

def test_set_session_id_unicode(self, context):

472

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

473

`Context.set_session_id` raises a warning if a unicode string is

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

474

passed.

475

"""

476

pytest.deprecated_call(context.set_session_id, u"abc")

477

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

478

def test_method(self):

479

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

480

`Context` can be instantiated with one of `SSLv2_METHOD`,

481

`SSLv3_METHOD`, `SSLv23_METHOD`, `TLSv1_METHOD`, `TLSv1_1_METHOD`,

482

or `TLSv1_2_METHOD`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

483

"""

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

484

methods = [SSLv23_METHOD, TLSv1_METHOD]

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

485

for meth in methods:

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

486

Context(meth)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

487

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

488

maybe = [SSLv2_METHOD, SSLv3_METHOD, TLSv1_1_METHOD, TLSv1_2_METHOD]

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

for meth in maybe:

try:

Context(meth)

except (Error, ValueError):

493

# Some versions of OpenSSL have SSLv2 / TLSv1.1 / TLSv1.2, some

494

# don't. Difficult to say in advance.

495

pass

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

496

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

497

with pytest.raises(TypeError):

498

Context("")

499

with pytest.raises(ValueError):

500

Context(10)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

501

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

502

@skip_if_py3

503

def test_method_long(self):

504

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

505

On Python 2 `Context` accepts values of type `long` as well as `int`.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

506

"""

507

Context(long(TLSv1_METHOD))

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

508

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

509

def test_type(self):

510

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

511

`Context` and `ContextType` refer to the same type object and can

512

be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

513

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

514

assert Context is ContextType

515

assert is_consistent_type(Context, 'Context', TLSv1_METHOD)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

516

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

517

def test_use_privatekey(self):

518

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

519

`Context.use_privatekey` takes an `OpenSSL.crypto.PKey` instance.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

520

"""

521

key = PKey()

Alex Gaynor

6e9f976

2018-05-12 07:44:37 -0400

[diff] [blame]

522

key.generate_key(TYPE_RSA, 512)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

523

ctx = Context(TLSv1_METHOD)

524

ctx.use_privatekey(key)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

525

with pytest.raises(TypeError):

526

ctx.use_privatekey("")

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

527

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

528

def test_use_privatekey_file_missing(self, tmpfile):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

529

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

530

`Context.use_privatekey_file` raises `OpenSSL.SSL.Error` when passed

531

the name of a file which does not exist.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

532

"""

533

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

534

with pytest.raises(Error):

535

ctx.use_privatekey_file(tmpfile)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

536

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

537

def _use_privatekey_file_test(self, pemfile, filetype):

538

"""

539

Verify that calling ``Context.use_privatekey_file`` with the given

540

arguments does not raise an exception.

541

"""

542

key = PKey()

Alex Gaynor

6e9f976

2018-05-12 07:44:37 -0400

[diff] [blame]

543

key.generate_key(TYPE_RSA, 512)

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

544

545

with open(pemfile, "wt") as pem:

546

pem.write(

547

dump_privatekey(FILETYPE_PEM, key).decode("ascii")

548

)

549

550

ctx = Context(TLSv1_METHOD)

551

ctx.use_privatekey_file(pemfile, filetype)

552

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

553

@pytest.mark.parametrize('filetype', [object(), "", None, 1.0])

554

def test_wrong_privatekey_file_wrong_args(self, tmpfile, filetype):

555

"""

556

`Context.use_privatekey_file` raises `TypeError` when called with

557

a `filetype` which is not a valid file encoding.

558

"""

559

ctx = Context(TLSv1_METHOD)

560

with pytest.raises(TypeError):

561

ctx.use_privatekey_file(tmpfile, filetype)

562

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

563

def test_use_privatekey_file_bytes(self, tmpfile):

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

564

"""

565

A private key can be specified from a file by passing a ``bytes``

566

instance giving the file name to ``Context.use_privatekey_file``.

567

"""

568

self._use_privatekey_file_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

569

tmpfile + NON_ASCII.encode(getfilesystemencoding()),

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

FILETYPE_PEM,

)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

573

def test_use_privatekey_file_unicode(self, tmpfile):

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

574

"""

575

A private key can be specified from a file by passing a ``unicode``

576

instance giving the file name to ``Context.use_privatekey_file``.

577

"""

578

self._use_privatekey_file_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

579

tmpfile.decode(getfilesystemencoding()) + NON_ASCII,

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

FILETYPE_PEM,

)

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

583

@skip_if_py3

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

584

def test_use_privatekey_file_long(self, tmpfile):

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

585

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

586

On Python 2 `Context.use_privatekey_file` accepts a filetype of

587

type `long` as well as `int`.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

588

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

589

self._use_privatekey_file_test(tmpfile, long(FILETYPE_PEM))

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

590

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

591

def test_use_certificate_wrong_args(self):

592

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

593

`Context.use_certificate_wrong_args` raises `TypeError` when not passed

594

exactly one `OpenSSL.crypto.X509` instance as an argument.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

595

"""

596

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

597

with pytest.raises(TypeError):

598

ctx.use_certificate("hello, world")

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

599

600

def test_use_certificate_uninitialized(self):

601

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

602

`Context.use_certificate` raises `OpenSSL.SSL.Error` when passed a

603

`OpenSSL.crypto.X509` instance which has not been initialized

604

(ie, which does not actually have any certificate data).

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

605

"""

606

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

607

with pytest.raises(Error):

608

ctx.use_certificate(X509())

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

609

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

610

def test_use_certificate(self):

611

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

612

`Context.use_certificate` sets the certificate which will be

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

613

used to identify connections created using the context.

614

"""

615

# TODO

616

# Hard to assert anything. But we could set a privatekey then ask

617

# OpenSSL if the cert and key agree using check_privatekey. Then as

618

# long as check_privatekey works right we're good...

619

ctx = Context(TLSv1_METHOD)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

620

ctx.use_certificate(

621

load_certificate(FILETYPE_PEM, cleartextCertificatePEM)

622

)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

623

624

def test_use_certificate_file_wrong_args(self):

625

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

626

`Context.use_certificate_file` raises `TypeError` if the first

627

argument is not a byte string or the second argument is not an integer.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

628

"""

629

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

630

with pytest.raises(TypeError):

631

ctx.use_certificate_file(object(), FILETYPE_PEM)

632

with pytest.raises(TypeError):

633

ctx.use_certificate_file(b"somefile", object())

634

with pytest.raises(TypeError):

635

ctx.use_certificate_file(object(), FILETYPE_PEM)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

636

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

637

def test_use_certificate_file_missing(self, tmpfile):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

638

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

639

`Context.use_certificate_file` raises `OpenSSL.SSL.Error` if passed

640

the name of a file which does not exist.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

641

"""

642

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

643

with pytest.raises(Error):

644

ctx.use_certificate_file(tmpfile)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

645

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

646

def _use_certificate_file_test(self, certificate_file):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

647

"""

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

648

Verify that calling ``Context.use_certificate_file`` with the given

649

filename doesn't raise an exception.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

650

"""

651

# TODO

652

# Hard to assert anything. But we could set a privatekey then ask

653

# OpenSSL if the cert and key agree using check_privatekey. Then as

654

# long as check_privatekey works right we're good...

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

655

with open(certificate_file, "wb") as pem_file:

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

656

pem_file.write(cleartextCertificatePEM)

657

658

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

659

ctx.use_certificate_file(certificate_file)

660

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

661

def test_use_certificate_file_bytes(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

662

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

663

`Context.use_certificate_file` sets the certificate (given as a

664

`bytes` filename) which will be used to identify connections created

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

665

using the context.

666

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

667

filename = tmpfile + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

668

self._use_certificate_file_test(filename)

669

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

670

def test_use_certificate_file_unicode(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

671

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

672

`Context.use_certificate_file` sets the certificate (given as a

673

`bytes` filename) which will be used to identify connections created

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

674

using the context.

675

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

676

filename = tmpfile.decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

677

self._use_certificate_file_test(filename)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

678

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

679

@skip_if_py3

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

680

def test_use_certificate_file_long(self, tmpfile):

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

681

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

682

On Python 2 `Context.use_certificate_file` accepts a

683

filetype of type `long` as well as `int`.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

684

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

685

pem_filename = tmpfile

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

686

with open(pem_filename, "wb") as pem_file:

687

pem_file.write(cleartextCertificatePEM)

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

688

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

689

ctx = Context(TLSv1_METHOD)

690

ctx.use_certificate_file(pem_filename, long(FILETYPE_PEM))

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

691

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

692

def test_check_privatekey_valid(self):

693

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

694

`Context.check_privatekey` returns `None` if the `Context` instance

695

has been configured to use a matched key and certificate pair.

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

696

"""

697

key = load_privatekey(FILETYPE_PEM, client_key_pem)

698

cert = load_certificate(FILETYPE_PEM, client_cert_pem)

699

context = Context(TLSv1_METHOD)

700

context.use_privatekey(key)

701

context.use_certificate(cert)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

702

assert None is context.check_privatekey()

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

703

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

704

def test_check_privatekey_invalid(self):

705

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

706

`Context.check_privatekey` raises `Error` if the `Context` instance

707

has been configured to use a key and certificate pair which don't

708

relate to each other.

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

709

"""

710

key = load_privatekey(FILETYPE_PEM, client_key_pem)

711

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

712

context = Context(TLSv1_METHOD)

713

context.use_privatekey(key)

714

context.use_certificate(cert)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

715

with pytest.raises(Error):

716

context.check_privatekey()

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

717

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

718

def test_app_data(self):

719

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

720

`Context.set_app_data` stores an object for later retrieval

721

using `Context.get_app_data`.

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

722

"""

723

app_data = object()

724

context = Context(TLSv1_METHOD)

725

context.set_app_data(app_data)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

726

assert context.get_app_data() is app_data

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

727

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

728

def test_set_options_wrong_args(self):

729

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

730

`Context.set_options` raises `TypeError` if called with

731

a non-`int` argument.

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

732

"""

733

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

734

with pytest.raises(TypeError):

735

context.set_options(None)

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

736

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

737

def test_set_options(self):

738

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

739

`Context.set_options` returns the new options value.

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

740

"""

741

context = Context(TLSv1_METHOD)

742

options = context.set_options(OP_NO_SSLv2)

Alex Gaynor

2310f8b

2016-09-10 14:39:32 -0400

[diff] [blame]

743

assert options & OP_NO_SSLv2 == OP_NO_SSLv2

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

744

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

745

@skip_if_py3

746

def test_set_options_long(self):

747

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

748

On Python 2 `Context.set_options` accepts values of type

749

`long` as well as `int`.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

750

"""

751

context = Context(TLSv1_METHOD)

752

options = context.set_options(long(OP_NO_SSLv2))

Alex Gaynor

2310f8b

2016-09-10 14:39:32 -0400

[diff] [blame]

753

assert options & OP_NO_SSLv2 == OP_NO_SSLv2

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

754

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

755

def test_set_mode_wrong_args(self):

756

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

757

`Context.set_mode` raises `TypeError` if called with

758

a non-`int` argument.

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

759

"""

760

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

761

with pytest.raises(TypeError):

762

context.set_mode(None)

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

763

Alex Gaynor

2016-07-31 10:54:24 -0400

[diff] [blame]

764

def test_set_mode(self):

765

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

766

`Context.set_mode` accepts a mode bitvector and returns the

Alex Gaynor

2016-07-31 10:54:24 -0400

[diff] [blame]

767

newly set mode.

768

"""

769

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

770

assert MODE_RELEASE_BUFFERS & context.set_mode(MODE_RELEASE_BUFFERS)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

771

Alex Gaynor

2016-07-31 10:54:24 -0400

[diff] [blame]

772

@skip_if_py3

773

def test_set_mode_long(self):

774

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

775

On Python 2 `Context.set_mode` accepts values of type `long` as well

776

as `int`.

Alex Gaynor

2016-07-31 10:54:24 -0400

[diff] [blame]

777

"""

778

context = Context(TLSv1_METHOD)

779

mode = context.set_mode(long(MODE_RELEASE_BUFFERS))

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

780

assert MODE_RELEASE_BUFFERS & mode

Jean-Paul Calderone

0222a49

2011-09-08 18:26:03 -0400

[diff] [blame]

781

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

782

def test_set_timeout_wrong_args(self):

783

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

784

`Context.set_timeout` raises `TypeError` if called with

785

a non-`int` argument.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

786

"""

787

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

788

with pytest.raises(TypeError):

789

context.set_timeout(None)

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

790

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

791

def test_timeout(self):

792

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

793

`Context.set_timeout` sets the session timeout for all connections

794

created using the context object. `Context.get_timeout` retrieves

795

this value.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

796

"""

797

context = Context(TLSv1_METHOD)

798

context.set_timeout(1234)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

799

assert context.get_timeout() == 1234

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

800

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

801

@skip_if_py3

802

def test_timeout_long(self):

803

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

804

On Python 2 `Context.set_timeout` accepts values of type `long` as

805

well as int.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

806

"""

807

context = Context(TLSv1_METHOD)

808

context.set_timeout(long(1234))

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

809

assert context.get_timeout() == 1234

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

810

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

811

def test_set_verify_depth_wrong_args(self):

812

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

813

`Context.set_verify_depth` raises `TypeError` if called with a

814

non-`int` argument.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

815

"""

816

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

817

with pytest.raises(TypeError):

818

context.set_verify_depth(None)

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

819

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

820

def test_verify_depth(self):

821

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

822

`Context.set_verify_depth` sets the number of certificates in

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

823

a chain to follow before giving up. The value can be retrieved with

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

824

`Context.get_verify_depth`.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

825

"""

826

context = Context(TLSv1_METHOD)

827

context.set_verify_depth(11)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

828

assert context.get_verify_depth() == 11

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

829

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

830

@skip_if_py3

831

def test_verify_depth_long(self):

832

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

833

On Python 2 `Context.set_verify_depth` accepts values of type `long`

834

as well as int.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

835

"""

836

context = Context(TLSv1_METHOD)

837

context.set_verify_depth(long(11))

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

838

assert context.get_verify_depth() == 11

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

839

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

840

def _write_encrypted_pem(self, passphrase, tmpfile):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

841

"""

842

Write a new private key out to a new file, encrypted using the given

843

passphrase. Return the path to the new file.

844

"""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

845

key = PKey()

Alex Gaynor

6e9f976

2018-05-12 07:44:37 -0400

[diff] [blame]

846

key.generate_key(TYPE_RSA, 512)

Jean-Paul Calderone

a986883

2010-08-22 21:38:34 -0400

[diff] [blame]

847

pem = dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

848

with open(tmpfile, 'w') as fObj:

849

fObj.write(pem.decode('ascii'))

850

return tmpfile

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

851

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

852

def test_set_passwd_cb_wrong_args(self):

853

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

854

`Context.set_passwd_cb` raises `TypeError` if called with a

855

non-callable first argument.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

856

"""

857

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

858

with pytest.raises(TypeError):

859

context.set_passwd_cb(None)

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

860

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

861

def test_set_passwd_cb(self, tmpfile):

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

862

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

863

`Context.set_passwd_cb` accepts a callable which will be invoked when

864

a private key is loaded from an encrypted PEM.

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

865

"""

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

866

passphrase = b"foobar"

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

867

pemFile = self._write_encrypted_pem(passphrase, tmpfile)

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

868

calledWith = []

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

869

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

870

def passphraseCallback(maxlen, verify, extra):

871

calledWith.append((maxlen, verify, extra))

872

return passphrase

873

context = Context(TLSv1_METHOD)

874

context.set_passwd_cb(passphraseCallback)

875

context.use_privatekey_file(pemFile)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

876

assert len(calledWith) == 1

877

assert isinstance(calledWith[0][0], int)

878

assert isinstance(calledWith[0][1], int)

879

assert calledWith[0][2] is None

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

880

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

881

def test_passwd_callback_exception(self, tmpfile):

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

882

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

883

`Context.use_privatekey_file` propagates any exception raised

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

884

by the passphrase callback.

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

885

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

886

pemFile = self._write_encrypted_pem(b"monkeys are nice", tmpfile)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

887

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

888

def passphraseCallback(maxlen, verify, extra):

889

raise RuntimeError("Sorry, I am a fail.")

890

891

context = Context(TLSv1_METHOD)

892

context.set_passwd_cb(passphraseCallback)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

893

with pytest.raises(RuntimeError):

894

context.use_privatekey_file(pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

895

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

896

def test_passwd_callback_false(self, tmpfile):

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

897

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

898

`Context.use_privatekey_file` raises `OpenSSL.SSL.Error` if the

899

passphrase callback returns a false value.

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

900

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

901

pemFile = self._write_encrypted_pem(b"monkeys are nice", tmpfile)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

902

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

903

def passphraseCallback(maxlen, verify, extra):

Jean-Paul Calderone

4f0467a

2014-01-11 11:58:41 -0500

[diff] [blame]

904

return b""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

905

906

context = Context(TLSv1_METHOD)

907

context.set_passwd_cb(passphraseCallback)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

908

with pytest.raises(Error):

909

context.use_privatekey_file(pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

910

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

911

def test_passwd_callback_non_string(self, tmpfile):

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

912

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

913

`Context.use_privatekey_file` raises `OpenSSL.SSL.Error` if the

914

passphrase callback returns a true non-string value.

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

915

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

916

pemFile = self._write_encrypted_pem(b"monkeys are nice", tmpfile)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

917

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

918

def passphraseCallback(maxlen, verify, extra):

919

return 10

920

921

context = Context(TLSv1_METHOD)

922

context.set_passwd_cb(passphraseCallback)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

923

# TODO: Surely this is the wrong error?

924

with pytest.raises(ValueError):

925

context.use_privatekey_file(pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

926

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

927

def test_passwd_callback_too_long(self, tmpfile):

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

928

"""

929

If the passphrase returned by the passphrase callback returns a string

930

longer than the indicated maximum length, it is truncated.

931

"""

932

# A priori knowledge!

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

933

passphrase = b"x" * 1024

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

934

pemFile = self._write_encrypted_pem(passphrase, tmpfile)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

935

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

936

def passphraseCallback(maxlen, verify, extra):

937

assert maxlen == 1024

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

938

return passphrase + b"y"

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

939

940

context = Context(TLSv1_METHOD)

941

context.set_passwd_cb(passphraseCallback)

942

# This shall succeed because the truncated result is the correct

943

# passphrase.

944

context.use_privatekey_file(pemFile)

945

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

946

def test_set_info_callback(self):

947

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

948

`Context.set_info_callback` accepts a callable which will be

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

949

invoked when certain information about an SSL connection is available.

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

950

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

951

(server, client) = socket_pair()

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

952

953

clientSSL = Connection(Context(TLSv1_METHOD), client)

954

clientSSL.set_connect_state()

955

956

called = []

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

957

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

958

def info(conn, where, ret):

959

called.append((conn, where, ret))

960

context = Context(TLSv1_METHOD)

961

context.set_info_callback(info)

962

context.use_certificate(

963

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

964

context.use_privatekey(

965

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

966

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

967

serverSSL = Connection(context, server)

968

serverSSL.set_accept_state()

969

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

970

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

971

Jean-Paul Calderone

3835e52

2014-02-02 11:12:30 -0500

[diff] [blame]

972

# The callback must always be called with a Connection instance as the

973

# first argument. It would probably be better to split this into

974

# separate tests for client and server side info callbacks so we could

975

# assert it is called with the right Connection instance. It would

976

# also be good to assert *something* about `where` and `ret`.

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

977

notConnections = [

978

conn for (conn, where, ret) in called

979

if not isinstance(conn, Connection)]

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

980

assert [] == notConnections, (

981

"Some info callback arguments were not Connection instances.")

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

982

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

983

def _load_verify_locations_test(self, *args):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

984

"""

985

Create a client context which will verify the peer certificate and call

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

986

its `load_verify_locations` method with the given arguments.

Jean-Paul Calderone

64efa2c

2011-09-11 10:00:09 -0400

[diff] [blame]

987

Then connect it to a server and ensure that the handshake succeeds.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

988

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

989

(server, client) = socket_pair()

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

990

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

991

clientContext = Context(TLSv1_METHOD)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

992

clientContext.load_verify_locations(*args)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

993

# Require that the server certificate verify properly or the

994

# connection will fail.

995

clientContext.set_verify(

996

VERIFY_PEER,

997

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

998

999

clientSSL = Connection(clientContext, client)

1000

clientSSL.set_connect_state()

1001

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1002

serverContext = Context(TLSv1_METHOD)

1003

serverContext.use_certificate(

1004

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1005

serverContext.use_privatekey(

1006

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1007

1008

serverSSL = Connection(serverContext, server)

1009

serverSSL.set_accept_state()

1010

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

1011

# Without load_verify_locations above, the handshake

1012

# will fail:

1013

# Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',

1014

# 'certificate verify failed')]

1015

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1016

1017

cert = clientSSL.get_peer_certificate()

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1018

assert cert.get_subject().CN == 'Testing Root CA'

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

1019

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1020

def _load_verify_cafile(self, cafile):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1021

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1022

Verify that if path to a file containing a certificate is passed to

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1023

`Context.load_verify_locations` for the ``cafile`` parameter, that

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1024

certificate is used as a trust root for the purposes of verifying

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1025

connections created using that `Context`.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1026

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1027

with open(cafile, 'w') as fObj:

1028

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1029

1030

self._load_verify_locations_test(cafile)

1031

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1032

def test_load_verify_bytes_cafile(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1033

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1034

`Context.load_verify_locations` accepts a file name as a `bytes`

1035

instance and uses the certificates within for verification purposes.

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1036

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1037

cafile = tmpfile + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1038

self._load_verify_cafile(cafile)

1039

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1040

def test_load_verify_unicode_cafile(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1041

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1042

`Context.load_verify_locations` accepts a file name as a `unicode`

1043

instance and uses the certificates within for verification purposes.

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1044

"""

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1045

self._load_verify_cafile(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1046

tmpfile.decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1047

)

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1048

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1049

def test_load_verify_invalid_file(self, tmpfile):

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

1050

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1051

`Context.load_verify_locations` raises `Error` when passed a

1052

non-existent cafile.

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

1053

"""

1054

clientContext = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1055

with pytest.raises(Error):

1056

clientContext.load_verify_locations(tmpfile)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1057

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1058

def _load_verify_directory_locations_capath(self, capath):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1059

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1060

Verify that if path to a directory containing certificate files is

1061

passed to ``Context.load_verify_locations`` for the ``capath``

1062

parameter, those certificates are used as trust roots for the purposes

1063

of verifying connections created using that ``Context``.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1064

"""

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1065

makedirs(capath)

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

1066

# Hash values computed manually with c_rehash to avoid depending on

1067

# c_rehash in the test suite. One is from OpenSSL 0.9.8, the other

1068

# from OpenSSL 1.0.0.

Jean-Paul Calderone

4f0467a

2014-01-11 11:58:41 -0500

[diff] [blame]

1069

for name in [b'c7adac82.0', b'c3705638.0']:

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

1070

cafile = join_bytes_or_unicode(capath, name)

1071

with open(cafile, 'w') as fObj:

1072

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1073

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1074

self._load_verify_locations_test(None, capath)

1075

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1076

def test_load_verify_directory_bytes_capath(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1077

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1078

`Context.load_verify_locations` accepts a directory name as a `bytes`

1079

instance and uses the certificates within for verification purposes.

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1080

"""

1081

self._load_verify_directory_locations_capath(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1082

tmpfile + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1083

)

1084

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1085

def test_load_verify_directory_unicode_capath(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1086

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1087

`Context.load_verify_locations` accepts a directory name as a `unicode`

1088

instance and uses the certificates within for verification purposes.

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1089

"""

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1090

self._load_verify_directory_locations_capath(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1091

tmpfile.decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1092

)

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1093

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1094

def test_load_verify_locations_wrong_args(self):

1095

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1096

`Context.load_verify_locations` raises `TypeError` if with non-`str`

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

1097

arguments.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1098

"""

1099

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1100

with pytest.raises(TypeError):

1101

context.load_verify_locations(object())

1102

with pytest.raises(TypeError):

1103

context.load_verify_locations(object(), object())

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1104

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1105

@pytest.mark.skipif(

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1106

not platform.startswith("linux"),

1107

reason="Loading fallback paths is a linux-specific behavior to "

1108

"accommodate pyca/cryptography manylinux1 wheels"

1109

)

1110

def test_fallback_default_verify_paths(self, monkeypatch):

1111

"""

1112

Test that we load certificates successfully on linux from the fallback

1113

path. To do this we set the _CRYPTOGRAPHY_MANYLINUX1_CA_FILE and

1114

_CRYPTOGRAPHY_MANYLINUX1_CA_DIR vars to be equal to whatever the

1115

current OpenSSL default is and we disable

1116

SSL_CTX_SET_default_verify_paths so that it can't find certs unless

1117

it loads via fallback.

1118

"""

1119

context = Context(TLSv1_METHOD)

1120

monkeypatch.setattr(

1121

_lib, "SSL_CTX_set_default_verify_paths", lambda x: 1

)

monkeypatch.setattr(

SSL,

"_CRYPTOGRAPHY_MANYLINUX1_CA_FILE",

1126

_ffi.string(_lib.X509_get_default_cert_file())

)

monkeypatch.setattr(

SSL,

"_CRYPTOGRAPHY_MANYLINUX1_CA_DIR",

1131

_ffi.string(_lib.X509_get_default_cert_dir())

1132

)

1133

context.set_default_verify_paths()

1134

store = context.get_cert_store()

1135

sk_obj = _lib.X509_STORE_get0_objects(store._store)

1136

assert sk_obj != _ffi.NULL

1137

num = _lib.sk_X509_OBJECT_num(sk_obj)

1138

assert num != 0

1139

1140

def test_check_env_vars(self, monkeypatch):

1141

"""

1142

Test that we return True/False appropriately if the env vars are set.

1143

"""

1144

context = Context(TLSv1_METHOD)

1145

dir_var = "CUSTOM_DIR_VAR"

1146

file_var = "CUSTOM_FILE_VAR"

1147

assert context._check_env_vars_set(dir_var, file_var) is False

1148

monkeypatch.setenv(dir_var, "value")

1149

monkeypatch.setenv(file_var, "value")

1150

assert context._check_env_vars_set(dir_var, file_var) is True

1151

assert context._check_env_vars_set(dir_var, file_var) is True

1152

1153

def test_verify_no_fallback_if_env_vars_set(self, monkeypatch):

1154

"""

1155

Test that we don't use the fallback path if env vars are set.

1156

"""

1157

context = Context(TLSv1_METHOD)

1158

monkeypatch.setattr(

1159

_lib, "SSL_CTX_set_default_verify_paths", lambda x: 1

1160

)

1161

dir_env_var = _ffi.string(

1162

_lib.X509_get_default_cert_dir_env()

1163

).decode("ascii")

1164

file_env_var = _ffi.string(

1165

_lib.X509_get_default_cert_file_env()

1166

).decode("ascii")

1167

monkeypatch.setenv(dir_env_var, "value")

1168

monkeypatch.setenv(file_env_var, "value")

1169

context.set_default_verify_paths()

monkeypatch.setattr(

context,

"_fallback_default_verify_paths",

1174

raiser(SystemError)

1175

)

1176

context.set_default_verify_paths()

1177

1178

@pytest.mark.skipif(

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1179

platform == "win32",

1180

reason="set_default_verify_paths appears not to work on Windows. "

Jean-Paul Calderone

28fb8f0

2009-07-24 18:01:31 -0400

[diff] [blame]

1181

"See LP#404343 and LP#404344."

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1182

)

1183

def test_set_default_verify_paths(self):

1184

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1185

`Context.set_default_verify_paths` causes the platform-specific CA

1186

certificate locations to be used for verification purposes.

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1187

"""

1188

# Testing this requires a server with a certificate signed by one

1189

# of the CAs in the platform CA location. Getting one of those

1190

# costs money. Fortunately (or unfortunately, depending on your

1191

# perspective), it's easy to think of a public server on the

1192

# internet which has such a certificate. Connecting to the network

1193

# in a unit test is bad, but it's the only way I can think of to

1194

# really test this. -exarkun

Hynek Schlawack

bf88793

2015-10-21 17:13:47 +0200

[diff] [blame]

1195

context = Context(SSLv23_METHOD)

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1196

context.set_default_verify_paths()

1197

context.set_verify(

1198

VERIFY_PEER,

1199

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1200

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1201

client = socket()

Hynek Schlawack

bf88793

2015-10-21 17:13:47 +0200

[diff] [blame]

1202

client.connect(("encrypted.google.com", 443))

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1203

clientSSL = Connection(context, client)

1204

clientSSL.set_connect_state()

Alex Gaynor

373926c

2018-05-12 07:43:07 -0400

[diff] [blame]

1205

clientSSL.set_tlsext_host_name(b"encrypted.google.com")

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1206

clientSSL.do_handshake()

1207

clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1208

assert clientSSL.recv(1024)

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

1209

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1210

def test_fallback_path_is_not_file_or_dir(self):

1211

"""

1212

Test that when passed empty arrays or paths that do not exist no

1213

errors are raised.

1214

"""

1215

context = Context(TLSv1_METHOD)

1216

context._fallback_default_verify_paths([], [])

1217

context._fallback_default_verify_paths(

1218

["/not/a/file"], ["/not/a/dir"]

1219

)

1220

Jean-Paul Calderone

12608a8

2009-11-07 10:35:15 -0500

[diff] [blame]

1221

def test_add_extra_chain_cert_invalid_cert(self):

1222

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1223

`Context.add_extra_chain_cert` raises `TypeError` if called with an

1224

object which is not an instance of `X509`.

Jean-Paul Calderone

12608a8

2009-11-07 10:35:15 -0500

[diff] [blame]

1225

"""

1226

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1227

with pytest.raises(TypeError):

1228

context.add_extra_chain_cert(object())

Jean-Paul Calderone

12608a8

2009-11-07 10:35:15 -0500

[diff] [blame]

1229

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1230

def _handshake_test(self, serverContext, clientContext):

1231

"""

1232

Verify that a client and server created with the given contexts can

1233

successfully handshake and communicate.

1234

"""

1235

serverSocket, clientSocket = socket_pair()

1236

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1237

server = Connection(serverContext, serverSocket)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1238

server.set_accept_state()

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1239

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1240

client = Connection(clientContext, clientSocket)

1241

client.set_connect_state()

1242

1243

# Make them talk to each other.

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1244

# interact_in_memory(client, server)

1245

for _ in range(3):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1246

for s in [client, server]:

1247

try:

1248

s.do_handshake()

1249

except WantReadError:

1250

pass

1251

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1252

def test_set_verify_callback_connection_argument(self):

1253

"""

1254

The first argument passed to the verify callback is the

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1255

`Connection` instance for which verification is taking place.

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1256

"""

1257

serverContext = Context(TLSv1_METHOD)

1258

serverContext.use_privatekey(

1259

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1260

serverContext.use_certificate(

1261

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1262

serverConnection = Connection(serverContext, None)

1263

1264

class VerifyCallback(object):

1265

def callback(self, connection, *args):

1266

self.connection = connection

1267

return 1

1268

1269

verify = VerifyCallback()

1270

clientContext = Context(TLSv1_METHOD)

1271

clientContext.set_verify(VERIFY_PEER, verify.callback)

1272

clientConnection = Connection(clientContext, None)

1273

clientConnection.set_connect_state()

1274

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1275

handshake_in_memory(clientConnection, serverConnection)

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1276

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1277

assert verify.connection is clientConnection

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1278

Paul Kehrer

e738186

2017-11-30 20:55:25 +0800

[diff] [blame]

1279

def test_x509_in_verify_works(self):

1280

"""

1281

We had a bug where the X509 cert instantiated in the callback wrapper

1282

didn't __init__ so it was missing objects needed when calling

1283

get_subject. This test sets up a handshake where we call get_subject

1284

on the cert provided to the verify callback.

1285

"""

1286

serverContext = Context(TLSv1_METHOD)

1287

serverContext.use_privatekey(

1288

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1289

serverContext.use_certificate(

1290

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1291

serverConnection = Connection(serverContext, None)

1292

1293

def verify_cb_get_subject(conn, cert, errnum, depth, ok):

1294

assert cert.get_subject()

1295

return 1

1296

1297

clientContext = Context(TLSv1_METHOD)

1298

clientContext.set_verify(VERIFY_PEER, verify_cb_get_subject)

1299

clientConnection = Connection(clientContext, None)

1300

clientConnection.set_connect_state()

1301

1302

handshake_in_memory(clientConnection, serverConnection)

1303

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1304

def test_set_verify_callback_exception(self):

1305

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1306

If the verify callback passed to `Context.set_verify` raises an

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1307

exception, verification fails and the exception is propagated to the

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1308

caller of `Connection.do_handshake`.

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1309

"""

1310

serverContext = Context(TLSv1_METHOD)

1311

serverContext.use_privatekey(

1312

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1313

serverContext.use_certificate(

1314

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1315

1316

clientContext = Context(TLSv1_METHOD)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

1317

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1318

def verify_callback(*args):

1319

raise Exception("silly verify failure")

1320

clientContext.set_verify(VERIFY_PEER, verify_callback)

1321

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

1322

with pytest.raises(Exception) as exc:

1323

self._handshake_test(serverContext, clientContext)

1324

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1325

assert "silly verify failure" == str(exc.value)

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1326

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1327

def test_add_extra_chain_cert(self, tmpdir):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1328

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1329

`Context.add_extra_chain_cert` accepts an `X509`

Hynek Schlawack

4813c0e

2015-04-16 13:38:01 -0400

[diff] [blame]

1330

instance to add to the certificate chain.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1331

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1332

See `_create_certificate_chain` for the details of the

Hynek Schlawack

4813c0e

2015-04-16 13:38:01 -0400

[diff] [blame]

1333

certificate chain tested.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1334

1335

The chain is tested by starting a server with scert and connecting

1336

to it with a client which trusts cacert and requires verification to

1337

succeed.

1338

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1339

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1340

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1341

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1342

# Dump the CA certificate to a file because that's the only way to load

1343

# it as a trusted CA in the client context.

Hynek Schlawack

4813c0e

2015-04-16 13:38:01 -0400

[diff] [blame]

1344

for cert, name in [(cacert, 'ca.pem'),

1345

(icert, 'i.pem'),

1346

(scert, 's.pem')]:

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1347

with tmpdir.join(name).open('w') as f:

Hynek Schlawack

e90680f

2015-04-16 15:09:27 -0400

[diff] [blame]

1348

f.write(dump_certificate(FILETYPE_PEM, cert).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1349

Hynek Schlawack

1902c01

2015-04-16 15:06:41 -0400

[diff] [blame]

1350

for key, name in [(cakey, 'ca.key'),

1351

(ikey, 'i.key'),

1352

(skey, 's.key')]:

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1353

with tmpdir.join(name).open('w') as f:

Hynek Schlawack

e90680f

2015-04-16 15:09:27 -0400

[diff] [blame]

1354

f.write(dump_privatekey(FILETYPE_PEM, key).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1355

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1356

# Create the server context

1357

serverContext = Context(TLSv1_METHOD)

1358

serverContext.use_privatekey(skey)

1359

serverContext.use_certificate(scert)

Jean-Paul Calderone

16cf03d

2010-09-08 18:53:39 -0400

[diff] [blame]

1360

# The client already has cacert, we only need to give them icert.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1361

serverContext.add_extra_chain_cert(icert)

1362

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1363

# Create the client

1364

clientContext = Context(TLSv1_METHOD)

1365

clientContext.set_verify(

1366

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1367

clientContext.load_verify_locations(str(tmpdir.join("ca.pem")))

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1368

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1369

# Try it out.

1370

self._handshake_test(serverContext, clientContext)

1371

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1372

def _use_certificate_chain_file_test(self, certdir):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1373

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1374

Verify that `Context.use_certificate_chain_file` reads a

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1375

certificate chain from a specified file.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1376

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1377

The chain is tested by starting a server with scert and connecting to

1378

it with a client which trusts cacert and requires verification to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1379

succeed.

1380

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1381

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1382

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1383

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1384

makedirs(certdir)

1385

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

1386

chainFile = join_bytes_or_unicode(certdir, "chain.pem")

1387

caFile = join_bytes_or_unicode(certdir, "ca.pem")

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1388

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1389

# Write out the chain file.

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1390

with open(chainFile, 'wb') as fObj:

1391

# Most specific to least general.

1392

fObj.write(dump_certificate(FILETYPE_PEM, scert))

1393

fObj.write(dump_certificate(FILETYPE_PEM, icert))

1394

fObj.write(dump_certificate(FILETYPE_PEM, cacert))

1395

1396

with open(caFile, 'w') as fObj:

1397

fObj.write(dump_certificate(FILETYPE_PEM, cacert).decode('ascii'))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1398

1399

serverContext = Context(TLSv1_METHOD)

1400

serverContext.use_certificate_chain_file(chainFile)

1401

serverContext.use_privatekey(skey)

1402

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1403

clientContext = Context(TLSv1_METHOD)

1404

clientContext.set_verify(

1405

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1406

clientContext.load_verify_locations(caFile)

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1407

1408

self._handshake_test(serverContext, clientContext)

1409

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1410

def test_use_certificate_chain_file_bytes(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1411

"""

1412

``Context.use_certificate_chain_file`` accepts the name of a file (as

1413

an instance of ``bytes``) to specify additional certificates to use to

1414

construct and verify a trust chain.

1415

"""

1416

self._use_certificate_chain_file_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1417

tmpfile + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1418

)

1419

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1420

def test_use_certificate_chain_file_unicode(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1421

"""

1422

``Context.use_certificate_chain_file`` accepts the name of a file (as

1423

an instance of ``unicode``) to specify additional certificates to use

1424

to construct and verify a trust chain.

1425

"""

1426

self._use_certificate_chain_file_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1427

tmpfile.decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1428

)

1429

Jean-Paul Calderone

131052e

2013-03-05 11:56:19 -0800

[diff] [blame]

1430

def test_use_certificate_chain_file_wrong_args(self):

1431

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1432

`Context.use_certificate_chain_file` raises `TypeError` if passed a

1433

non-byte string single argument.

Jean-Paul Calderone

131052e

2013-03-05 11:56:19 -0800

[diff] [blame]

1434

"""

1435

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1436

with pytest.raises(TypeError):

1437

context.use_certificate_chain_file(object())

Jean-Paul Calderone

131052e

2013-03-05 11:56:19 -0800

[diff] [blame]

1438

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1439

def test_use_certificate_chain_file_missing_file(self, tmpfile):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1440

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1441

`Context.use_certificate_chain_file` raises `OpenSSL.SSL.Error` when

1442

passed a bad chain file name (for example, the name of a file which

1443

does not exist).

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1444

"""

1445

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1446

with pytest.raises(Error):

1447

context.use_certificate_chain_file(tmpfile)

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1448

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1449

def test_set_verify_mode(self):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1450

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1451

`Context.get_verify_mode` returns the verify mode flags previously

1452

passed to `Context.set_verify`.

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1453

"""

1454

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1455

assert context.get_verify_mode() == 0

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1456

context.set_verify(

1457

VERIFY_PEER | VERIFY_CLIENT_ONCE, lambda *args: None)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1458

assert context.get_verify_mode() == (VERIFY_PEER | VERIFY_CLIENT_ONCE)

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1459

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1460

@skip_if_py3

1461

def test_set_verify_mode_long(self):

1462

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1463

On Python 2 `Context.set_verify_mode` accepts values of type `long`

1464

as well as `int`.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1465

"""

1466

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1467

assert context.get_verify_mode() == 0

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1468

context.set_verify(

Hynek Schlawack

b4ceed3

2015-09-05 20:55:19 +0200

[diff] [blame]

1469

long(VERIFY_PEER | VERIFY_CLIENT_ONCE), lambda *args: None

1470

) # pragma: nocover

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1471

assert context.get_verify_mode() == (VERIFY_PEER | VERIFY_CLIENT_ONCE)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1472

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1473

@pytest.mark.parametrize('mode', [None, 1.0, object(), 'mode'])

1474

def test_set_verify_wrong_mode_arg(self, mode):

1475

"""

1476

`Context.set_verify` raises `TypeError` if the first argument is

1477

not an integer.

1478

"""

1479

context = Context(TLSv1_METHOD)

1480

with pytest.raises(TypeError):

1481

context.set_verify(mode=mode, callback=lambda *args: None)

1482

1483

@pytest.mark.parametrize('callback', [None, 1.0, 'mode', ('foo', 'bar')])

1484

def test_set_verify_wrong_callable_arg(self, callback):

1485

"""

Alex Gaynor

40bc0f1

2018-05-14 14:06:16 -0400

[diff] [blame]

1486

`Context.set_verify` raises `TypeError` if the second argument

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1487

is not callable.

1488

"""

1489

context = Context(TLSv1_METHOD)

1490

with pytest.raises(TypeError):

1491

context.set_verify(mode=VERIFY_PEER, callback=callback)

1492

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1493

def test_load_tmp_dh_wrong_args(self):

1494

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1495

`Context.load_tmp_dh` raises `TypeError` if called with a

1496

non-`str` argument.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1497

"""

1498

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1499

with pytest.raises(TypeError):

1500

context.load_tmp_dh(object())

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1501

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1502

def test_load_tmp_dh_missing_file(self):

1503

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1504

`Context.load_tmp_dh` raises `OpenSSL.SSL.Error` if the

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

1505

specified file does not exist.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1506

"""

1507

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1508

with pytest.raises(Error):

1509

context.load_tmp_dh(b"hello")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1510

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1511

def _load_tmp_dh_test(self, dhfilename):

Jean-Paul Calderone

4e0c43f

2015-04-13 10:15:17 -0400

[diff] [blame]

1512

"""

1513

Verify that calling ``Context.load_tmp_dh`` with the given filename

1514

does not raise an exception.

1515

"""

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1516

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1517

with open(dhfilename, "w") as dhfile:

1518

dhfile.write(dhparam)

1519

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1520

context.load_tmp_dh(dhfilename)

1521

# XXX What should I assert here? -exarkun

1522

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1523

def test_load_tmp_dh_bytes(self, tmpfile):

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1524

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1525

`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1526

specified file (given as ``bytes``).

1527

"""

1528

self._load_tmp_dh_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1529

tmpfile + NON_ASCII.encode(getfilesystemencoding()),

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1530

)

1531

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1532

def test_load_tmp_dh_unicode(self, tmpfile):

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1533

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1534

`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1535

specified file (given as ``unicode``).

1536

"""

1537

self._load_tmp_dh_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1538

tmpfile.decode(getfilesystemencoding()) + NON_ASCII,

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1539

)

1540

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1541

def test_set_tmp_ecdh(self):

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1542

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1543

`Context.set_tmp_ecdh` sets the elliptic curve for Diffie-Hellman to

1544

the specified curve.

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1545

"""

1546

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1547

for curve in get_elliptic_curves():

Hynek Schlawack

a07fa8c

2015-10-17 10:15:28 +0200

[diff] [blame]

1548

if curve.name.startswith(u"Oakley-"):

Hynek Schlawack

7408aff

2015-10-17 09:51:16 +0200

[diff] [blame]

1549

# Setting Oakley-EC2N-4 and Oakley-EC2N-3 adds

1550

# ('bignum routines', 'BN_mod_inverse', 'no inverse') to the

1551

# error queue on OpenSSL 1.0.2.

1552

continue

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1553

# The only easily "assertable" thing is that it does not raise an

1554

# exception.

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1555

context.set_tmp_ecdh(curve)

Alex Gaynor

12dc084

2014-01-17 12:51:31 -0600

[diff] [blame]

1556

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1557

def test_set_session_cache_mode_wrong_args(self):

1558

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1559

`Context.set_session_cache_mode` raises `TypeError` if called with

1560

a non-integer argument.

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1561

called with other than one integer argument.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1562

"""

1563

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1564

with pytest.raises(TypeError):

1565

context.set_session_cache_mode(object())

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1566

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1567

def test_session_cache_mode(self):

1568

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1569

`Context.set_session_cache_mode` specifies how sessions are cached.

1570

The setting can be retrieved via `Context.get_session_cache_mode`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1571

"""

1572

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1573

context.set_session_cache_mode(SESS_CACHE_OFF)

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1574

off = context.set_session_cache_mode(SESS_CACHE_BOTH)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1575

assert SESS_CACHE_OFF == off

1576

assert SESS_CACHE_BOTH == context.get_session_cache_mode()

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1577

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1578

@skip_if_py3

1579

def test_session_cache_mode_long(self):

1580

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1581

On Python 2 `Context.set_session_cache_mode` accepts values

1582

of type `long` as well as `int`.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1583

"""

1584

context = Context(TLSv1_METHOD)

1585

context.set_session_cache_mode(long(SESS_CACHE_BOTH))

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1586

assert SESS_CACHE_BOTH == context.get_session_cache_mode()

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1587

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1588

def test_get_cert_store(self):

1589

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1590

`Context.get_cert_store` returns a `X509Store` instance.

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1591

"""

1592

context = Context(TLSv1_METHOD)

1593

store = context.get_cert_store()

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1594

assert isinstance(store, X509Store)

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1595

1596

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1597

class TestServerNameCallback(object):

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1598

"""

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1599

Tests for `Context.set_tlsext_servername_callback` and its

1600

interaction with `Connection`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1601

"""

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1602

def test_old_callback_forgotten(self):

1603

"""

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1604

If `Context.set_tlsext_servername_callback` is used to specify

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1605

a new callback, the one it replaces is dereferenced.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1606

"""

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1607

def callback(connection): # pragma: no cover

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1608

pass

1609

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1610

def replacement(connection): # pragma: no cover

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1611

pass

1612

1613

context = Context(TLSv1_METHOD)

1614

context.set_tlsext_servername_callback(callback)

1615

1616

tracker = ref(callback)

1617

del callback

1618

1619

context.set_tlsext_servername_callback(replacement)

Jean-Paul Calderone

d4033eb

2014-01-11 08:21:46 -0500

[diff] [blame]

1620

1621

# One run of the garbage collector happens to work on CPython. PyPy

1622

# doesn't collect the underlying object until a second run for whatever

1623

# reason. That's fine, it still demonstrates our code has properly

1624

# dropped the reference.

1625

collect()

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1626

collect()

Jean-Paul Calderone

4c1aacd

2014-01-11 08:15:17 -0500

[diff] [blame]

1627

1628

callback = tracker()

1629

if callback is not None:

1630

referrers = get_referrers(callback)

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1631

if len(referrers) > 1: # pragma: nocover

1632

pytest.fail("Some references remain: %r" % (referrers,))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1633

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1634

def test_no_servername(self):

1635

"""

1636

When a client specifies no server name, the callback passed to

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1637

`Context.set_tlsext_servername_callback` is invoked and the

1638

result of `Connection.get_servername` is `None`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1639

"""

1640

args = []

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1641

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1642

def servername(conn):

1643

args.append((conn, conn.get_servername()))

1644

context = Context(TLSv1_METHOD)

1645

context.set_tlsext_servername_callback(servername)

1646

1647

# Lose our reference to it. The Context is responsible for keeping it

# alive now.

del servername

collect()

# Necessary to actually accept the connection

1653

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1654

context.use_certificate(

1655

load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1656

1657

# Do a little connection to trigger the logic

1658

server = Connection(context, None)

1659

server.set_accept_state()

1660

1661

client = Connection(Context(TLSv1_METHOD), None)

1662

client.set_connect_state()

1663

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1664

interact_in_memory(server, client)

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1665

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1666

assert args == [(server, None)]

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1667

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1668

def test_servername(self):

1669

"""

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1670

When a client specifies a server name in its hello message, the

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1671

callback passed to `Contexts.set_tlsext_servername_callback` is

1672

invoked and the result of `Connection.get_servername` is that

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1673

server name.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1674

"""

1675

args = []

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1676

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1677

def servername(conn):

1678

args.append((conn, conn.get_servername()))

1679

context = Context(TLSv1_METHOD)

1680

context.set_tlsext_servername_callback(servername)

1681

1682

# Necessary to actually accept the connection

1683

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1684

context.use_certificate(

1685

load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1686

1687

# Do a little connection to trigger the logic

1688

server = Connection(context, None)

1689

server.set_accept_state()

1690

1691

client = Connection(Context(TLSv1_METHOD), None)

1692

client.set_connect_state()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

1693

client.set_tlsext_host_name(b"foo1.example.com")

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1694

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1695

interact_in_memory(server, client)

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1696

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1697

assert args == [(server, b"foo1.example.com")]

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1698

1699

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1700

class TestNextProtoNegotiation(object):

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1701

"""

1702

Test for Next Protocol Negotiation in PyOpenSSL.

1703

"""

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1704

def test_npn_success(self):

1705

"""

1706

Tests that clients and servers that agree on the negotiated next

1707

protocol can correct establish a connection, and that the agreed

1708

protocol is reported by the connections.

"""

advertise_args = []

select_args = []

def advertise(conn):

advertise_args.append((conn,))

1715

return [b'http/1.1', b'spdy/2']

1716

1717

def select(conn, options):

1718

select_args.append((conn, options))

1719

return b'spdy/2'

1720

1721

server_context = Context(TLSv1_METHOD)

1722

server_context.set_npn_advertise_callback(advertise)

1723

1724

client_context = Context(TLSv1_METHOD)

1725

client_context.set_npn_select_callback(select)

1726

1727

# Necessary to actually accept the connection

1728

server_context.use_privatekey(

1729

load_privatekey(FILETYPE_PEM, server_key_pem))

1730

server_context.use_certificate(

1731

load_certificate(FILETYPE_PEM, server_cert_pem))

1732

1733

# Do a little connection to trigger the logic

1734

server = Connection(server_context, None)

1735

server.set_accept_state()

1736

1737

client = Connection(client_context, None)

1738

client.set_connect_state()

1739

1740

interact_in_memory(server, client)

1741

1742

assert advertise_args == [(server,)]

1743

assert select_args == [(client, [b'http/1.1', b'spdy/2'])]

1744

1745

assert server.get_next_proto_negotiated() == b'spdy/2'

1746

assert client.get_next_proto_negotiated() == b'spdy/2'

1747

1748

def test_npn_client_fail(self):

1749

"""

1750

Tests that when clients and servers cannot agree on what protocol

1751

to use next that the TLS connection does not get established.

"""

advertise_args = []

select_args = []

def advertise(conn):

advertise_args.append((conn,))

1758

return [b'http/1.1', b'spdy/2']

1759

1760

def select(conn, options):

1761

select_args.append((conn, options))

1762

return b''

1763

1764

server_context = Context(TLSv1_METHOD)

1765

server_context.set_npn_advertise_callback(advertise)

1766

1767

client_context = Context(TLSv1_METHOD)

1768

client_context.set_npn_select_callback(select)

1769

1770

# Necessary to actually accept the connection

1771

server_context.use_privatekey(

1772

load_privatekey(FILETYPE_PEM, server_key_pem))

1773

server_context.use_certificate(

1774

load_certificate(FILETYPE_PEM, server_cert_pem))

1775

1776

# Do a little connection to trigger the logic

1777

server = Connection(server_context, None)

1778

server.set_accept_state()

1779

1780

client = Connection(client_context, None)

1781

client.set_connect_state()

1782

1783

# If the client doesn't return anything, the connection will fail.

1784

with pytest.raises(Error):

1785

interact_in_memory(server, client)

1786

1787

assert advertise_args == [(server,)]

1788

assert select_args == [(client, [b'http/1.1', b'spdy/2'])]

1789

1790

def test_npn_select_error(self):

1791

"""

1792

Test that we can handle exceptions in the select callback. If

1793

select fails it should be fatal to the connection.

"""

advertise_args = []

def advertise(conn):

advertise_args.append((conn,))

1799

return [b'http/1.1', b'spdy/2']

1800

1801

def select(conn, options):

1802

raise TypeError

1803

1804

server_context = Context(TLSv1_METHOD)

1805

server_context.set_npn_advertise_callback(advertise)

1806

1807

client_context = Context(TLSv1_METHOD)

1808

client_context.set_npn_select_callback(select)

1809

1810

# Necessary to actually accept the connection

1811

server_context.use_privatekey(

1812

load_privatekey(FILETYPE_PEM, server_key_pem))

1813

server_context.use_certificate(

1814

load_certificate(FILETYPE_PEM, server_cert_pem))

1815

1816

# Do a little connection to trigger the logic

1817

server = Connection(server_context, None)

1818

server.set_accept_state()

1819

1820

client = Connection(client_context, None)

1821

client.set_connect_state()

1822

1823

# If the callback throws an exception it should be raised here.

1824

with pytest.raises(TypeError):

1825

interact_in_memory(server, client)

1826

assert advertise_args == [(server,), ]

1827

1828

def test_npn_advertise_error(self):

1829

"""

1830

Test that we can handle exceptions in the advertise callback. If

1831

advertise fails no NPN is advertised to the client.

"""

select_args = []

def advertise(conn):

raise TypeError

def select(conn, options): # pragma: nocover

Cory Benfield

ba1820d

2015-04-13 17:39:12 -0400

[diff] [blame]

1839

"""

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1840

Assert later that no args are actually appended.

Cory Benfield

ba1820d

2015-04-13 17:39:12 -0400

[diff] [blame]

1841

"""

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1842

select_args.append((conn, options))

1843

return b''

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1844

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1845

server_context = Context(TLSv1_METHOD)

1846

server_context.set_npn_advertise_callback(advertise)

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1847

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1848

client_context = Context(TLSv1_METHOD)

1849

client_context.set_npn_select_callback(select)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1850

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1851

# Necessary to actually accept the connection

1852

server_context.use_privatekey(

1853

load_privatekey(FILETYPE_PEM, server_key_pem))

1854

server_context.use_certificate(

1855

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1856

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1857

# Do a little connection to trigger the logic

1858

server = Connection(server_context, None)

1859

server.set_accept_state()

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1860

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1861

client = Connection(client_context, None)

1862

client.set_connect_state()

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1863

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1864

# If the client doesn't return anything, the connection will fail.

1865

with pytest.raises(TypeError):

1866

interact_in_memory(server, client)

1867

assert select_args == []

Cory Benfield

0ea76e7

2015-03-22 09:05:28 +0000

[diff] [blame]

1868

1869

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1870

class TestApplicationLayerProtoNegotiation(object):

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1871

"""

1872

Tests for ALPN in PyOpenSSL.

1873

"""

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1874

# Skip tests on versions that don't support ALPN.

1875

if _lib.Cryptography_HAS_ALPN:

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1876

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1877

def test_alpn_success(self):

1878

"""

Cory Benfield

2015-04-13 18:12:53 -0400

[diff] [blame]

1879

Clients and servers that agree on the negotiated ALPN protocol can

1880

correct establish a connection, and the agreed protocol is reported

1881

by the connections.

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1882

"""

1883

select_args = []

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1884

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1885

def select(conn, options):

1886

select_args.append((conn, options))

1887

return b'spdy/2'

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1888

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1889

client_context = Context(TLSv1_METHOD)

1890

client_context.set_alpn_protos([b'http/1.1', b'spdy/2'])

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1891

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1892

server_context = Context(TLSv1_METHOD)

1893

server_context.set_alpn_select_callback(select)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1894

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1895

# Necessary to actually accept the connection

1896

server_context.use_privatekey(

1897

load_privatekey(FILETYPE_PEM, server_key_pem))

1898

server_context.use_certificate(

1899

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1900

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1901

# Do a little connection to trigger the logic

1902

server = Connection(server_context, None)

1903

server.set_accept_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1904

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1905

client = Connection(client_context, None)

1906

client.set_connect_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1907

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1908

interact_in_memory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1909

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1910

assert select_args == [(server, [b'http/1.1', b'spdy/2'])]

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1911

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1912

assert server.get_alpn_proto_negotiated() == b'spdy/2'

1913

assert client.get_alpn_proto_negotiated() == b'spdy/2'

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1914

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1915

def test_alpn_set_on_connection(self):

1916

"""

1917

The same as test_alpn_success, but setting the ALPN protocols on

1918

the connection rather than the context.

1919

"""

1920

select_args = []

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1921

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1922

def select(conn, options):

1923

select_args.append((conn, options))

1924

return b'spdy/2'

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1925

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1926

# Setup the client context but don't set any ALPN protocols.

1927

client_context = Context(TLSv1_METHOD)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1928

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1929

server_context = Context(TLSv1_METHOD)

1930

server_context.set_alpn_select_callback(select)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1931

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1932

# Necessary to actually accept the connection

1933

server_context.use_privatekey(

1934

load_privatekey(FILETYPE_PEM, server_key_pem))

1935

server_context.use_certificate(

1936

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1937

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1938

# Do a little connection to trigger the logic

1939

server = Connection(server_context, None)

1940

server.set_accept_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1941

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1942

# Set the ALPN protocols on the client connection.

1943

client = Connection(client_context, None)

1944

client.set_alpn_protos([b'http/1.1', b'spdy/2'])

1945

client.set_connect_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1946

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1947

interact_in_memory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1948

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1949

assert select_args == [(server, [b'http/1.1', b'spdy/2'])]

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1950

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1951

assert server.get_alpn_proto_negotiated() == b'spdy/2'

1952

assert client.get_alpn_proto_negotiated() == b'spdy/2'

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1953

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1954

def test_alpn_server_fail(self):

1955

"""

Cory Benfield

2015-04-13 18:12:53 -0400

[diff] [blame]

1956

When clients and servers cannot agree on what protocol to use next

1957

the TLS connection does not get established.

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1958

"""

1959

select_args = []

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1960

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1961

def select(conn, options):

1962

select_args.append((conn, options))

1963

return b''

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1964

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1965

client_context = Context(TLSv1_METHOD)

1966

client_context.set_alpn_protos([b'http/1.1', b'spdy/2'])

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1967

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1968

server_context = Context(TLSv1_METHOD)

1969

server_context.set_alpn_select_callback(select)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1970

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1971

# Necessary to actually accept the connection

1972

server_context.use_privatekey(

1973

load_privatekey(FILETYPE_PEM, server_key_pem))

1974

server_context.use_certificate(

1975

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1976

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1977

# Do a little connection to trigger the logic

1978

server = Connection(server_context, None)

1979

server.set_accept_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1980

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1981

client = Connection(client_context, None)

1982

client.set_connect_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1983

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1984

# If the client doesn't return anything, the connection will fail.

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1985

with pytest.raises(Error):

1986

interact_in_memory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1987

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1988

assert select_args == [(server, [b'http/1.1', b'spdy/2'])]

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1989

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1990

def test_alpn_no_server(self):

1991

"""

Cory Benfield

2015-04-13 18:12:53 -0400

[diff] [blame]

1992

When clients and servers cannot agree on what protocol to use next

1993

because the server doesn't offer ALPN, no protocol is negotiated.

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1994

"""

1995

client_context = Context(TLSv1_METHOD)

1996

client_context.set_alpn_protos([b'http/1.1', b'spdy/2'])

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

1997

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1998

server_context = Context(TLSv1_METHOD)

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

1999

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

2000

# Necessary to actually accept the connection

2001

server_context.use_privatekey(

2002

load_privatekey(FILETYPE_PEM, server_key_pem))

2003

server_context.use_certificate(

2004

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

2005

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

2006

# Do a little connection to trigger the logic

2007

server = Connection(server_context, None)

2008

server.set_accept_state()

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

2009

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

2010

client = Connection(client_context, None)

2011

client.set_connect_state()

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

2012

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

2013

# Do the dance.

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

2014

interact_in_memory(server, client)

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

2015

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

2016

assert client.get_alpn_proto_negotiated() == b''

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

2017

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

2018

def test_alpn_callback_exception(self):

2019

"""

Cory Benfield

2015-04-13 18:12:53 -0400

[diff] [blame]

2020

We can handle exceptions in the ALPN select callback.

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

2021

"""

2022

select_args = []

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2023

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

2024

def select(conn, options):

2025

select_args.append((conn, options))

Cory Benfield

ef40145

2015-04-13 18:17:36 -0400

[diff] [blame]

2026

raise TypeError()

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

2027

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

2028

client_context = Context(TLSv1_METHOD)

2029

client_context.set_alpn_protos([b'http/1.1', b'spdy/2'])

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

2030

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

2031

server_context = Context(TLSv1_METHOD)

2032

server_context.set_alpn_select_callback(select)

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

2033

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

2034

# Necessary to actually accept the connection

2035

server_context.use_privatekey(

2036

load_privatekey(FILETYPE_PEM, server_key_pem))

2037

server_context.use_certificate(

2038

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

2039

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

2040

# Do a little connection to trigger the logic

2041

server = Connection(server_context, None)

2042

server.set_accept_state()

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

2043

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

2044

client = Connection(client_context, None)

2045

client.set_connect_state()

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

2046

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

2047

with pytest.raises(TypeError):

2048

interact_in_memory(server, client)

2049

assert select_args == [(server, [b'http/1.1', b'spdy/2'])]

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

2050

Cory Benfield

2015-04-13 17:51:12 -0400

[diff] [blame]

2051

else:

2052

# No ALPN.

2053

def test_alpn_not_implemented(self):

Cory Benfield

ef40145

2015-04-13 18:17:36 -0400

[diff] [blame]

2054

"""

2055

If ALPN is not in OpenSSL, we should raise NotImplementedError.

2056

"""

Cory Benfield

2015-04-13 17:51:12 -0400

[diff] [blame]

2057

# Test the context methods first.

2058

context = Context(TLSv1_METHOD)

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

2059

with pytest.raises(NotImplementedError):

2060

context.set_alpn_protos(None)

2061

with pytest.raises(NotImplementedError):

2062

context.set_alpn_select_callback(None)

Cory Benfield

2015-04-13 17:51:12 -0400

[diff] [blame]

2063

2064

# Now test a connection.

2065

conn = Connection(context)

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

2066

with pytest.raises(NotImplementedError):

2067

conn.set_alpn_protos(None)

Cory Benfield

2015-04-13 17:51:12 -0400

[diff] [blame]

2068

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

2069

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

2070

class TestSession(object):

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

2071

"""

2072

Unit tests for :py:obj:`OpenSSL.SSL.Session`.

2073

"""

2074

def test_construction(self):

2075

"""

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2076

:py:class:`Session` can be constructed with no arguments, creating

2077

a new instance of that type.

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

2078

"""

2079

new_session = Session()

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

2080

assert isinstance(new_session, Session)

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

2081

2082

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2083

class TestConnection(object):

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2084

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2085

Unit tests for `OpenSSL.SSL.Connection`.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2086

"""

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

2087

# XXX get_peer_certificate -> None

2088

# XXX sock_shutdown

2089

# XXX master_key -> TypeError

2090

# XXX server_random -> TypeError

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

2091

# XXX connect -> TypeError

2092

# XXX connect_ex -> TypeError

2093

# XXX set_connect_state -> TypeError

2094

# XXX set_accept_state -> TypeError

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

2095

# XXX do_handshake -> TypeError

2096

# XXX bio_read -> TypeError

2097

# XXX recv -> TypeError

2098

# XXX send -> TypeError

2099

# XXX bio_write -> TypeError

2100

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2101

def test_type(self):

2102

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2103

`Connection` and `ConnectionType` refer to the same type object and

2104

can be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2105

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2106

assert Connection is ConnectionType

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2107

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2108

assert is_consistent_type(Connection, 'Connection', ctx, None)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2109

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

2110

@pytest.mark.parametrize('bad_context', [object(), 'context', None, 1])

2111

def test_wrong_args(self, bad_context):

2112

"""

2113

`Connection.__init__` raises `TypeError` if called with a non-`Context`

2114

instance argument.

2115

"""

2116

with pytest.raises(TypeError):

2117

Connection(bad_context)

2118

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

2119

def test_get_context(self):

2120

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2121

`Connection.get_context` returns the `Context` instance used to

2122

construct the `Connection` instance.

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

2123

"""

2124

context = Context(TLSv1_METHOD)

2125

connection = Connection(context, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2126

assert connection.get_context() is context

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

2127

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2128

def test_set_context_wrong_args(self):

2129

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2130

`Connection.set_context` raises `TypeError` if called with a

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

2131

non-`Context` instance argument.

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2132

"""

2133

ctx = Context(TLSv1_METHOD)

2134

connection = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2135

with pytest.raises(TypeError):

2136

connection.set_context(object())

2137

with pytest.raises(TypeError):

2138

connection.set_context("hello")

2139

with pytest.raises(TypeError):

2140

connection.set_context(1)

2141

assert ctx is connection.get_context()

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2142

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2143

def test_set_context(self):

2144

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2145

`Connection.set_context` specifies a new `Context` instance to be

2146

used for the connection.

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2147

"""

2148

original = Context(SSLv23_METHOD)

2149

replacement = Context(TLSv1_METHOD)

2150

connection = Connection(original, None)

2151

connection.set_context(replacement)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2152

assert replacement is connection.get_context()

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2153

# Lose our references to the contexts, just in case the Connection

2154

# isn't properly managing its own contributions to their reference

2155

# counts.

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2156

del original, replacement

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2157

collect()

2158

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2159

def test_set_tlsext_host_name_wrong_args(self):

2160

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2161

If `Connection.set_tlsext_host_name` is called with a non-byte string

2162

argument or a byte string with an embedded NUL, `TypeError` is raised.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2163

"""

2164

conn = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2165

with pytest.raises(TypeError):

2166

conn.set_tlsext_host_name(object())

2167

with pytest.raises(TypeError):

2168

conn.set_tlsext_host_name(b"with\0null")

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2169

Abraham Martin

c5484ba

2015-03-25 15:33:05 +0000

[diff] [blame]

2170

if PY3:

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2171

# On Python 3.x, don't accidentally implicitly convert from text.

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2172

with pytest.raises(TypeError):

2173

conn.set_tlsext_host_name(b"example.com".decode("ascii"))

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

2174

Jean-Paul Calderone

1d69a72

2010-07-29 09:05:53 -0400

[diff] [blame]

2175

def test_pending(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2176

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2177

`Connection.pending` returns the number of bytes available for

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2178

immediate read.

2179

"""

Jean-Paul Calderone

1d69a72

2010-07-29 09:05:53 -0400

[diff] [blame]

2180

connection = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2181

assert connection.pending() == 0

Jean-Paul Calderone

1d69a72

2010-07-29 09:05:53 -0400

[diff] [blame]

2182

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

2183

def test_peek(self):

2184

"""

Hynek Schlawack

3bcf315

2017-02-18 08:25:34 +0100

[diff] [blame]

2185

`Connection.recv` peeks into the connection if `socket.MSG_PEEK` is

2186

passed.

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

2187

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2188

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

2189

server.send(b'xy')

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2190

assert client.recv(2, MSG_PEEK) == b'xy'

2191

assert client.recv(2, MSG_PEEK) == b'xy'

2192

assert client.recv(2) == b'xy'

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

2193

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2194

def test_connect_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2195

"""

Hynek Schlawack

3bcf315

2017-02-18 08:25:34 +0100

[diff] [blame]

2196

`Connection.connect` raises `TypeError` if called with a non-address

2197

argument.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2198

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2199

connection = Connection(Context(TLSv1_METHOD), socket())

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2200

with pytest.raises(TypeError):

2201

connection.connect(None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2202

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2203

def test_connect_refused(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2204

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2205

`Connection.connect` raises `socket.error` if the underlying socket

2206

connect method raises it.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2207

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2208

client = socket()

2209

context = Context(TLSv1_METHOD)

2210

clientSSL = Connection(context, client)

Alex Gaynor

122717b

2015-09-05 14:14:18 -0400

[diff] [blame]

2211

# pytest.raises here doesn't work because of a bug in py.test on Python

2212

# 2.6: https://github.com/pytest-dev/pytest/issues/988

Alex Gaynor

e69c278

2015-09-05 14:07:48 -0400

[diff] [blame]

2213

try:

Alex Gaynor

1aabb2e

2015-09-05 13:35:18 -0400

[diff] [blame]

2214

clientSSL.connect(("127.0.0.1", 1))

Alex Gaynor

e69c278

2015-09-05 14:07:48 -0400

[diff] [blame]

2215

except error as e:

Alex Gaynor

20a4c08

2015-09-05 14:24:15 -0400

[diff] [blame]

2216

exc = e

2217

assert exc.args[0] == ECONNREFUSED

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2218

2219

def test_connect(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2220

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2221

`Connection.connect` establishes a connection to the specified address.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2222

"""

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(3)

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

2228

clientSSL.connect(('127.0.0.1', port.getsockname()[1]))

2229

# XXX An assertion? Or something?

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2230

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2231

@pytest.mark.skipif(

2232

platform == "darwin",

2233

reason="connect_ex sometimes causes a kernel panic on OS X 10.6.4"

2234

)

2235

def test_connect_ex(self):

2236

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2237

If there is a connection error, `Connection.connect_ex` returns the

2238

errno instead of raising an exception.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

"""

port = socket()

port.bind(('', 0))

port.listen(3)

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2243

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2244

clientSSL = Connection(Context(TLSv1_METHOD), socket())

2245

clientSSL.setblocking(False)

2246

result = clientSSL.connect_ex(port.getsockname())

2247

expected = (EINPROGRESS, EWOULDBLOCK)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2248

assert result in expected

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2249

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2250

def test_accept(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2251

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2252

`Connection.accept` accepts a pending connection attempt and returns a

2253

tuple of a new `Connection` (the accepted client) and the address the

2254

connection originated from.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2255

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2256

ctx = Context(TLSv1_METHOD)

2257

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2258

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2259

port = socket()

2260

portSSL = Connection(ctx, port)

2261

portSSL.bind(('', 0))

2262

portSSL.listen(3)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2263

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2264

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

2265

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2266

# Calling portSSL.getsockname() here to get the server IP address

2267

# sounds great, but frequently fails on Windows.

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

2268

clientSSL.connect(('127.0.0.1', portSSL.getsockname()[1]))

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2269

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2270

serverSSL, address = portSSL.accept()

2271

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2272

assert isinstance(serverSSL, Connection)

2273

assert serverSSL.get_context() is ctx

2274

assert address == clientSSL.getsockname()

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2275

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2276

def test_shutdown_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2277

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2278

`Connection.set_shutdown` raises `TypeError` if called with arguments

2279

other than integers.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2280

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2281

connection = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2282

with pytest.raises(TypeError):

2283

connection.set_shutdown(None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2284

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2285

def test_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2286

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2287

`Connection.shutdown` performs an SSL-level connection shutdown.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2288

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2289

server, client = loopback()

2290

assert not server.shutdown()

2291

assert server.get_shutdown() == SENT_SHUTDOWN

2292

with pytest.raises(ZeroReturnError):

2293

client.recv(1024)

2294

assert client.get_shutdown() == RECEIVED_SHUTDOWN

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

2295

client.shutdown()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2296

assert client.get_shutdown() == (SENT_SHUTDOWN | RECEIVED_SHUTDOWN)

2297

with pytest.raises(ZeroReturnError):

2298

server.recv(1024)

2299

assert server.get_shutdown() == (SENT_SHUTDOWN | RECEIVED_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2300

Paul Aurich

2015-01-08 08:34:33 -0800

[diff] [blame]

2301

def test_shutdown_closed(self):

2302

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2303

If the underlying socket is closed, `Connection.shutdown` propagates

2304

the write error from the low level write call.

Paul Aurich

2015-01-08 08:34:33 -0800

[diff] [blame]

2305

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2306

server, client = loopback()

Paul Aurich

2015-01-08 08:34:33 -0800

[diff] [blame]

2307

server.sock_shutdown(2)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2308

with pytest.raises(SysCallError) as exc:

2309

server.shutdown()

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

2310

if platform == "win32":

2311

assert exc.value.args[0] == ESHUTDOWN

2312

else:

2313

assert exc.value.args[0] == EPIPE

Paul Aurich

2015-01-08 08:34:33 -0800

[diff] [blame]

2314

Glyph

8938947

2015-04-14 17:29:26 -0400

[diff] [blame]

2315

def test_shutdown_truncated(self):

Glyph

6064ec3

2015-04-14 16:38:22 -0400

[diff] [blame]

2316

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2317

If the underlying connection is truncated, `Connection.shutdown`

2318

raises an `Error`.

Glyph

6064ec3

2015-04-14 16:38:22 -0400

[diff] [blame]

2319

"""

Glyph

8938947

2015-04-14 17:29:26 -0400

[diff] [blame]

2320

server_ctx = Context(TLSv1_METHOD)

2321

client_ctx = Context(TLSv1_METHOD)

2322

server_ctx.use_privatekey(

2323

load_privatekey(FILETYPE_PEM, server_key_pem))

2324

server_ctx.use_certificate(

2325

load_certificate(FILETYPE_PEM, server_cert_pem))

2326

server = Connection(server_ctx, None)

2327

client = Connection(client_ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2328

handshake_in_memory(client, server)

2329

assert not server.shutdown()

2330

with pytest.raises(WantReadError):

2331

server.shutdown()

Glyph

8938947

2015-04-14 17:29:26 -0400

[diff] [blame]

2332

server.bio_shutdown()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2333

with pytest.raises(Error):

2334

server.shutdown()

Glyph

6064ec3

2015-04-14 16:38:22 -0400

[diff] [blame]

2335

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2336

def test_set_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2337

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2338

`Connection.set_shutdown` sets the state of the SSL connection

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2339

shutdown process.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2340

"""

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2341

connection = Connection(Context(TLSv1_METHOD), socket())

2342

connection.set_shutdown(RECEIVED_SHUTDOWN)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2343

assert connection.get_shutdown() == RECEIVED_SHUTDOWN

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2344

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2345

@skip_if_py3

2346

def test_set_shutdown_long(self):

2347

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2348

On Python 2 `Connection.set_shutdown` accepts an argument

2349

of type `long` as well as `int`.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2350

"""

2351

connection = Connection(Context(TLSv1_METHOD), socket())

2352

connection.set_shutdown(long(RECEIVED_SHUTDOWN))

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2353

assert connection.get_shutdown() == RECEIVED_SHUTDOWN

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

2354

kjav

2015-09-07 12:14:01 +0100

[diff] [blame]

2355

def test_state_string(self):

2356

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2357

`Connection.state_string` verbosely describes the current state of

2358

the `Connection`.

kjav

2015-09-07 12:14:01 +0100

[diff] [blame]

2359

"""

Hynek Schlawack

b0274ce

2015-10-16 19:56:26 +0200

[diff] [blame]

2360

server, client = socket_pair()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2361

server = loopback_server_factory(server)

2362

client = loopback_client_factory(client)

kjav

2015-09-07 12:14:01 +0100

[diff] [blame]

2363

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2364

assert server.get_state_string() in [

2365

b"before/accept initialization", b"before SSL initialization"

2366

]

2367

assert client.get_state_string() in [

2368

b"before/connect initialization", b"before SSL initialization"

2369

]

kjav

2015-09-07 12:14:01 +0100

[diff] [blame]

2370

Jean-Paul Calderone

2010-07-29 09:51:06 -0400

[diff] [blame]

2371

def test_app_data(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2372

"""

2373

Any object can be set as app data by passing it to

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2374

`Connection.set_app_data` and later retrieved with

2375

`Connection.get_app_data`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2376

"""

Jean-Paul Calderone

2010-07-29 09:51:06 -0400

[diff] [blame]

2377

conn = Connection(Context(TLSv1_METHOD), None)

Todd Chapman

4f73e4f

2015-08-27 11:26:43 -0400

[diff] [blame]

2378

assert None is conn.get_app_data()

Jean-Paul Calderone

2010-07-29 09:51:06 -0400

[diff] [blame]

2379

app_data = object()

2380

conn.set_app_data(app_data)

Todd Chapman

4f73e4f

2015-08-27 11:26:43 -0400

[diff] [blame]

2381

assert conn.get_app_data() is app_data

Jean-Paul Calderone

2010-07-29 09:51:06 -0400

[diff] [blame]

2382

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2383

def test_makefile(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2384

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2385

`Connection.makefile` is not implemented and calling that

2386

method raises `NotImplementedError`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2387

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2388

conn = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2389

with pytest.raises(NotImplementedError):

2390

conn.makefile()

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2391

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2392

def test_get_peer_cert_chain(self):

2393

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2394

`Connection.get_peer_cert_chain` returns a list of certificates

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2395

which the connected server returned for the certification verification.

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2396

"""

2397

chain = _create_certificate_chain()

2398

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

2399

2400

serverContext = Context(TLSv1_METHOD)

2401

serverContext.use_privatekey(skey)

2402

serverContext.use_certificate(scert)

2403

serverContext.add_extra_chain_cert(icert)

2404

serverContext.add_extra_chain_cert(cacert)

2405

server = Connection(serverContext, None)

2406

server.set_accept_state()

2407

2408

# Create the client

2409

clientContext = Context(TLSv1_METHOD)

2410

clientContext.set_verify(VERIFY_NONE, verify_cb)

2411

client = Connection(clientContext, None)

2412

client.set_connect_state()

2413

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2414

interact_in_memory(client, server)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2415

2416

chain = client.get_peer_cert_chain()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2417

assert len(chain) == 3

2418

assert "Server Certificate" == chain[0].get_subject().CN

2419

assert "Intermediate Certificate" == chain[1].get_subject().CN

2420

assert "Authority Certificate" == chain[2].get_subject().CN

Jean-Paul Calderone

24a4243

2011-05-19 22:21:18 -0400

[diff] [blame]

2421

Jean-Paul Calderone

24a4243

2011-05-19 22:21:18 -0400

[diff] [blame]

2422

def test_get_peer_cert_chain_none(self):

2423

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2424

`Connection.get_peer_cert_chain` returns `None` if the peer sends

2425

no certificate chain.

Jean-Paul Calderone

24a4243

2011-05-19 22:21:18 -0400

[diff] [blame]

2426

"""

2427

ctx = Context(TLSv1_METHOD)

2428

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2429

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

2430

server = Connection(ctx, None)

2431

server.set_accept_state()

2432

client = Connection(Context(TLSv1_METHOD), None)

2433

client.set_connect_state()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2434

interact_in_memory(client, server)

2435

assert None is server.get_peer_cert_chain()

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2436

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2437

def test_get_session_unconnected(self):

2438

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2439

`Connection.get_session` returns `None` when used with an object

2440

which has not been connected.

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2441

"""

2442

ctx = Context(TLSv1_METHOD)

2443

server = Connection(ctx, None)

2444

session = server.get_session()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2445

assert None is session

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2446

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2447

def test_server_get_session(self):

2448

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2449

On the server side of a connection, `Connection.get_session` returns a

2450

`Session` instance representing the SSL session for that connection.

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2451

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2452

server, client = loopback()

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2453

session = server.get_session()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2454

assert isinstance(session, Session)

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2455

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2456

def test_client_get_session(self):

2457

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2458

On the client side of a connection, `Connection.get_session`

2459

returns a `Session` instance representing the SSL session for

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2460

that connection.

2461

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2462

server, client = loopback()

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2463

session = client.get_session()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2464

assert isinstance(session, Session)

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2465

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2466

def test_set_session_wrong_args(self):

2467

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2468

`Connection.set_session` raises `TypeError` if called with an object

2469

that is not an instance of `Session`.

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2470

"""

2471

ctx = Context(TLSv1_METHOD)

2472

connection = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2473

with pytest.raises(TypeError):

2474

connection.set_session(123)

2475

with pytest.raises(TypeError):

2476

connection.set_session("hello")

2477

with pytest.raises(TypeError):

2478

connection.set_session(object())

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2479

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2480

def test_client_set_session(self):

2481

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2482

`Connection.set_session`, when used prior to a connection being

2483

established, accepts a `Session` instance and causes an attempt to

2484

re-use the session it represents when the SSL handshake is performed.

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2485

"""

2486

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2487

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

Alex Gaynor

332848f

2017-08-07 12:40:09 -0400

[diff] [blame]

2488

ctx = Context(SSLv23_METHOD)

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2489

ctx.use_privatekey(key)

2490

ctx.use_certificate(cert)

2491

ctx.set_session_id("unity-test")

2492

2493

def makeServer(socket):

2494

server = Connection(ctx, socket)

2495

server.set_accept_state()

2496

return server

2497

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2498

originalServer, originalClient = loopback(

2499

server_factory=makeServer)

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2500

originalSession = originalClient.get_session()

2501

2502

def makeClient(socket):

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2503

client = loopback_client_factory(socket)

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2504

client.set_session(originalSession)

2505

return client

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2506

resumedServer, resumedClient = loopback(

2507

server_factory=makeServer,

2508

client_factory=makeClient)

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2509

2510

# This is a proxy: in general, we have no access to any unique

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2511

# identifier for the session (new enough versions of OpenSSL expose

2512

# a hash which could be usable, but "new enough" is very, very new).

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2513

# Instead, exploit the fact that the master key is re-used if the

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2514

# session is re-used. As long as the master key for the two

2515

# connections is the same, the session was re-used!

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2516

assert originalServer.master_key() == resumedServer.master_key()

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2517

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2518

def test_set_session_wrong_method(self):

2519

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2520

If `Connection.set_session` is passed a `Session` instance associated

2521

with a context using a different SSL method than the `Connection`

2522

is using, a `OpenSSL.SSL.Error` is raised.

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2523

"""

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2524

# Make this work on both OpenSSL 1.0.0, which doesn't support TLSv1.2

2525

# and also on OpenSSL 1.1.0 which doesn't support SSLv3. (SSL_ST_INIT

2526

# is a way to check for 1.1.0)

Alex Gaynor

aa32e71

2017-06-29 20:56:12 -0700

[diff] [blame]

2527

if SSL_ST_INIT is None:

2528

v1 = TLSv1_2_METHOD

2529

v2 = TLSv1_METHOD

2530

elif hasattr(_lib, "SSLv3_method"):

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2531

v1 = TLSv1_METHOD

2532

v2 = SSLv3_METHOD

2533

else:

Alex Gaynor

aa32e71

2017-06-29 20:56:12 -0700

[diff] [blame]

2534

pytest.skip("Test requires either OpenSSL 1.1.0 or SSLv3")

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2535

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2536

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2537

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2538

ctx = Context(v1)

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2539

ctx.use_privatekey(key)

2540

ctx.use_certificate(cert)

2541

ctx.set_session_id("unity-test")

2542

2543

def makeServer(socket):

2544

server = Connection(ctx, socket)

2545

server.set_accept_state()

2546

return server

2547

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2548

def makeOriginalClient(socket):

2549

client = Connection(Context(v1), socket)

2550

client.set_connect_state()

2551

return client

2552

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2553

originalServer, originalClient = loopback(

2554

server_factory=makeServer, client_factory=makeOriginalClient)

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2555

originalSession = originalClient.get_session()

2556

2557

def makeClient(socket):

2558

# Intentionally use a different, incompatible method here.

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2559

client = Connection(Context(v2), socket)

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2560

client.set_connect_state()

2561

client.set_session(originalSession)

2562

return client

2563

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2564

with pytest.raises(Error):

2565

loopback(client_factory=makeClient, server_factory=makeServer)

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2566

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2567

def test_wantWriteError(self):

2568

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2569

`Connection` methods which generate output raise

2570

`OpenSSL.SSL.WantWriteError` if writing to the connection's BIO

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2571

fail indicating a should-write state.

2572

"""

2573

client_socket, server_socket = socket_pair()

2574

# Fill up the client's send buffer so Connection won't be able to write

Jean-Paul Calderone

bbff8b9

2014-03-22 14:20:30 -0400

[diff] [blame]

2575

# anything. Only write a single byte at a time so we can be sure we

2576

# completely fill the buffer. Even though the socket API is allowed to

2577

# signal a short write via its return value it seems this doesn't

2578

# always happen on all platforms (FreeBSD and OS X particular) for the

2579

# very last bit of available buffer space.

2580

msg = b"x"

2581

for i in range(1024 * 1024 * 4):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2582

try:

2583

client_socket.send(msg)

2584

except error as e:

2585

if e.errno == EWOULDBLOCK:

2586

break

2587

raise

2588

else:

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2589

pytest.fail(

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2590

"Failed to fill socket buffer, cannot test BIO want write")

2591

2592

ctx = Context(TLSv1_METHOD)

2593

conn = Connection(ctx, client_socket)

2594

# Client's speak first, so make it an SSL client

2595

conn.set_connect_state()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2596

with pytest.raises(WantWriteError):

2597

conn.do_handshake()

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

# XXX want_read

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2601

def test_get_finished_before_connect(self):

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2602

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2603

`Connection.get_finished` returns `None` before TLS handshake

2604

is completed.

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2605

"""

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2606

ctx = Context(TLSv1_METHOD)

2607

connection = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2608

assert connection.get_finished() is None

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2609

2610

def test_get_peer_finished_before_connect(self):

2611

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2612

`Connection.get_peer_finished` returns `None` before TLS handshake

2613

is completed.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2614

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2615

ctx = Context(TLSv1_METHOD)

2616

connection = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2617

assert connection.get_peer_finished() is None

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2618

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2619

def test_get_finished(self):

2620

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2621

`Connection.get_finished` method returns the TLS Finished message send

2622

from client, or server. Finished messages are send during

Jean-Paul Calderone

5b05b48

2014-03-30 11:28:54 -0400

[diff] [blame]

2623

TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2624

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2625

server, client = loopback()

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2626

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2627

assert server.get_finished() is not None

2628

assert len(server.get_finished()) > 0

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2629

2630

def test_get_peer_finished(self):

2631

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2632

`Connection.get_peer_finished` method returns the TLS Finished

Jean-Paul Calderone

5b05b48

2014-03-30 11:28:54 -0400

[diff] [blame]

2633

message received from client, or server. Finished messages are send

2634

during TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2635

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2636

server, client = loopback()

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2637

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2638

assert server.get_peer_finished() is not None

2639

assert len(server.get_peer_finished()) > 0

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2640

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2641

def test_tls_finished_message_symmetry(self):

2642

"""

Hynek Schlawack

dddd111

2015-09-05 21:12:30 +0200

[diff] [blame]

2643

The TLS Finished message send by server must be the TLS Finished

2644

message received by client.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2645

Hynek Schlawack

dddd111

2015-09-05 21:12:30 +0200

[diff] [blame]

2646

The TLS Finished message send by client must be the TLS Finished

2647

message received by server.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2648

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2649

server, client = loopback()

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2650

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2651

assert server.get_finished() == client.get_peer_finished()

2652

assert client.get_finished() == server.get_peer_finished()

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2653

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2654

def test_get_cipher_name_before_connect(self):

2655

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2656

`Connection.get_cipher_name` returns `None` if no connection

2657

has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2658

"""

2659

ctx = Context(TLSv1_METHOD)

2660

conn = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2661

assert conn.get_cipher_name() is None

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2662

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2663

def test_get_cipher_name(self):

2664

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2665

`Connection.get_cipher_name` returns a `unicode` string giving the

2666

name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2667

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2668

server, client = loopback()

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2669

server_cipher_name, client_cipher_name = \

2670

server.get_cipher_name(), client.get_cipher_name()

2671

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2672

assert isinstance(server_cipher_name, text_type)

2673

assert isinstance(client_cipher_name, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2674

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2675

assert server_cipher_name == client_cipher_name

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2676

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2677

def test_get_cipher_version_before_connect(self):

2678

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2679

`Connection.get_cipher_version` returns `None` if no connection

2680

has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2681

"""

2682

ctx = Context(TLSv1_METHOD)

2683

conn = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2684

assert conn.get_cipher_version() is None

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2685

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2686

def test_get_cipher_version(self):

2687

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2688

`Connection.get_cipher_version` returns a `unicode` string giving

2689

the protocol name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2690

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2691

server, client = loopback()

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2692

server_cipher_version, client_cipher_version = \

2693

server.get_cipher_version(), client.get_cipher_version()

2694

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2695

assert isinstance(server_cipher_version, text_type)

2696

assert isinstance(client_cipher_version, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2697

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2698

assert server_cipher_version == client_cipher_version

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2699

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2700

def test_get_cipher_bits_before_connect(self):

2701

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2702

`Connection.get_cipher_bits` returns `None` if no connection has

2703

been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2704

"""

2705

ctx = Context(TLSv1_METHOD)

2706

conn = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2707

assert conn.get_cipher_bits() is None

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2708

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2709

def test_get_cipher_bits(self):

2710

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2711

`Connection.get_cipher_bits` returns the number of secret bits

Jean-Paul Calderone

5b05b48

2014-03-30 11:28:54 -0400

[diff] [blame]

2712

of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2713

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2714

server, client = loopback()

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2715

server_cipher_bits, client_cipher_bits = \

2716

server.get_cipher_bits(), client.get_cipher_bits()

2717

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2718

assert isinstance(server_cipher_bits, int)

2719

assert isinstance(client_cipher_bits, int)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2720

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2721

assert server_cipher_bits == client_cipher_bits

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2722

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2723

def test_get_protocol_version_name(self):

2724

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2725

`Connection.get_protocol_version_name()` returns a string giving the

2726

protocol version of the current connection.

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2727

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2728

server, client = loopback()

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2729

client_protocol_version_name = client.get_protocol_version_name()

2730

server_protocol_version_name = server.get_protocol_version_name()

2731

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2732

assert isinstance(server_protocol_version_name, text_type)

2733

assert isinstance(client_protocol_version_name, text_type)

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2734

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2735

assert server_protocol_version_name == client_protocol_version_name

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2736

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2737

def test_get_protocol_version(self):

2738

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2739

`Connection.get_protocol_version()` returns an integer

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2740

giving the protocol version of the current connection.

2741

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2742

server, client = loopback()

Jim Shaver

85a4dff

2015-04-27 17:42:46 -0400

[diff] [blame]

2743

client_protocol_version = client.get_protocol_version()

2744

server_protocol_version = server.get_protocol_version()

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2745

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2746

assert isinstance(server_protocol_version, int)

2747

assert isinstance(client_protocol_version, int)

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2748

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2749

assert server_protocol_version == client_protocol_version

2750

2751

def test_wantReadError(self):

2752

"""

2753

`Connection.bio_read` raises `OpenSSL.SSL.WantReadError` if there are

2754

no bytes available to be read from the BIO.

2755

"""

2756

ctx = Context(TLSv1_METHOD)

2757

conn = Connection(ctx, None)

2758

with pytest.raises(WantReadError):

2759

conn.bio_read(1024)

2760

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

2761

@pytest.mark.parametrize('bufsize', [1.0, None, object(), 'bufsize'])

2762

def test_bio_read_wrong_args(self, bufsize):

2763

"""

2764

`Connection.bio_read` raises `TypeError` if passed a non-integer

2765

argument.

2766

"""

2767

ctx = Context(TLSv1_METHOD)

2768

conn = Connection(ctx, None)

2769

with pytest.raises(TypeError):

2770

conn.bio_read(bufsize)

2771

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2772

def test_buffer_size(self):

2773

"""

2774

`Connection.bio_read` accepts an integer giving the maximum number

2775

of bytes to read and return.

2776

"""

2777

ctx = Context(TLSv1_METHOD)

2778

conn = Connection(ctx, None)

2779

conn.set_connect_state()

2780

try:

2781

conn.do_handshake()

2782

except WantReadError:

2783

pass

2784

data = conn.bio_read(2)

2785

assert 2 == len(data)

2786

2787

@skip_if_py3

2788

def test_buffer_size_long(self):

2789

"""

2790

On Python 2 `Connection.bio_read` accepts values of type `long` as

2791

well as `int`.

2792

"""

2793

ctx = Context(TLSv1_METHOD)

2794

conn = Connection(ctx, None)

2795

conn.set_connect_state()

2796

try:

2797

conn.do_handshake()

2798

except WantReadError:

2799

pass

2800

data = conn.bio_read(long(2))

2801

assert 2 == len(data)

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2802

Jean-Paul Calderone

dbd7627

2014-03-29 18:09:40 -0400

[diff] [blame]

2803

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2804

class TestConnectionGetCipherList(object):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2805

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2806

Tests for `Connection.get_cipher_list`.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2807

"""

Jean-Paul Calderone

2010-07-28 19:14:16 -0400

[diff] [blame]

2808

def test_result(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2809

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2810

`Connection.get_cipher_list` returns a list of `bytes` giving the

2811

names of the ciphers which might be used.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2812

"""

Jean-Paul Calderone

2010-07-28 19:14:16 -0400

[diff] [blame]

2813

connection = Connection(Context(TLSv1_METHOD), None)

2814

ciphers = connection.get_cipher_list()

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2815

assert isinstance(ciphers, list)

Jean-Paul Calderone

2010-07-28 19:14:16 -0400

[diff] [blame]

2816

for cipher in ciphers:

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2817

assert isinstance(cipher, str)

Jean-Paul Calderone

2010-07-28 19:14:16 -0400

[diff] [blame]

2818

2819

Maximilian Hils

868dc3c

2017-02-10 14:56:55 +0100

[diff] [blame]

2820

class VeryLarge(bytes):

2821

"""

2822

Mock object so that we don't have to allocate 2**31 bytes

"""

def __len__(self):

return 2**31

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2828

class TestConnectionSend(object):

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2829

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2830

Tests for `Connection.send`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2831

"""

2832

def test_wrong_args(self):

2833

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2834

When called with arguments other than string argument for its first

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2835

parameter, `Connection.send` raises `TypeError`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2836

"""

2837

connection = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2838

with pytest.raises(TypeError):

2839

connection.send(object())

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2840

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2841

def test_short_bytes(self):

2842

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2843

When passed a short byte string, `Connection.send` transmits all of it

2844

and returns the number of bytes sent.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2845

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2846

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

2847

count = server.send(b'xy')

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2848

assert count == 2

2849

assert client.recv(2) == b'xy'

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2850

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2851

def test_text(self):

2852

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2853

When passed a text, `Connection.send` transmits all of it and

Jean-Paul Calderone

6462b07

2015-03-29 07:03:11 -0400

[diff] [blame]

2854

returns the number of bytes sent. It also raises a DeprecationWarning.

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2855

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2856

server, client = loopback()

2857

with pytest.warns(DeprecationWarning) as w:

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2858

simplefilter("always")

Jean-Paul Calderone

13a0e65

2015-03-29 07:58:51 -0400

[diff] [blame]

2859

count = server.send(b"xy".decode("ascii"))

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2860

assert (

Jean-Paul Calderone

13a0e65

2015-03-29 07:58:51 -0400

[diff] [blame]

2861

"{0} for buf is no longer accepted, use bytes".format(

Jean-Paul Calderone

6462b07

2015-03-29 07:03:11 -0400

[diff] [blame]

2862

WARNING_TYPE_EXPECTED

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2863

) == str(w[-1].message))

2864

assert count == 2

2865

assert client.recv(2) == b'xy'

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2866

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

2867

def test_short_memoryview(self):

2868

"""

2869

When passed a memoryview onto a small number of bytes,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2870

`Connection.send` transmits all of them and returns the number

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

2871

of bytes sent.

2872

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2873

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

2874

count = server.send(memoryview(b'xy'))

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2875

assert count == 2

2876

assert client.recv(2) == b'xy'

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2877

Hynek Schlawack

8e94f1b

2015-09-05 21:31:00 +0200

[diff] [blame]

2878

@skip_if_py3

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

2879

def test_short_buffer(self):

2880

"""

2881

When passed a buffer containing a small number of bytes,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2882

`Connection.send` transmits all of them and returns the number

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

2883

of bytes sent.

2884

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2885

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

2886

count = server.send(buffer(b'xy'))

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2887

assert count == 2

2888

assert client.recv(2) == b'xy'

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

2889

Maximilian Hils

868dc3c

2017-02-10 14:56:55 +0100

[diff] [blame]

2890

@pytest.mark.skipif(

2891

sys.maxsize < 2**31,

2892

reason="sys.maxsize < 2**31 - test requires 64 bit"

2893

)

2894

def test_buf_too_large(self):

2895

"""

2896

When passed a buffer containing >= 2**31 bytes,

2897

`Connection.send` bails out as SSL_write only

2898

accepts an int for the buffer length.

2899

"""

2900

connection = Connection(Context(TLSv1_METHOD), None)

2901

with pytest.raises(ValueError) as exc_info:

2902

connection.send(VeryLarge())

2903

exc_info.match(r"Cannot send more than .+ bytes at once")

2904

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2905

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2906

def _make_memoryview(size):

2907

"""

2908

Create a new ``memoryview`` wrapped around a ``bytearray`` of the given

2909

size.

2910

"""

2911

return memoryview(bytearray(size))

2912

2913

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2914

class TestConnectionRecvInto(object):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2915

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2916

Tests for `Connection.recv_into`.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2917

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2918

def _no_length_test(self, factory):

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2919

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2920

Assert that when the given buffer is passed to `Connection.recv_into`,

2921

whatever bytes are available to be received that fit into that buffer

2922

are written into that buffer.

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2923

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2924

output_buffer = factory(5)

2925

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2926

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

2927

server.send(b'xy')

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

2928

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2929

assert client.recv_into(output_buffer) == 2

2930

assert output_buffer == bytearray(b'xy\x00\x00\x00')

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

2931

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

2932

def test_bytearray_no_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2933

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2934

`Connection.recv_into` can be passed a `bytearray` instance and data

2935

in the receive buffer is written to it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2936

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2937

self._no_length_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2938

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2939

def _respects_length_test(self, factory):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2940

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2941

Assert that when the given buffer is passed to `Connection.recv_into`

2942

along with a value for `nbytes` that is less than the size of that

2943

buffer, only `nbytes` bytes are written into the buffer.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2944

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2945

output_buffer = factory(10)

2946

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2947

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

2948

server.send(b'abcdefghij')

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2949

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2950

assert client.recv_into(output_buffer, 5) == 5

2951

assert output_buffer == bytearray(b'abcde\x00\x00\x00\x00\x00')

Jean-Paul Calderone

c295a2f

2015-03-15 17:11:18 -0400

[diff] [blame]

2952

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

2953

def test_bytearray_respects_length(self):

Jean-Paul Calderone

c295a2f

2015-03-15 17:11:18 -0400

[diff] [blame]

2954

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2955

When called with a `bytearray` instance, `Connection.recv_into`

2956

respects the `nbytes` parameter and doesn't copy in more than that

2957

number of bytes.

Jean-Paul Calderone

c295a2f

2015-03-15 17:11:18 -0400

[diff] [blame]

2958

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2959

self._respects_length_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2960

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2961

def _doesnt_overfill_test(self, factory):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2962

"""

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2963

Assert that if there are more bytes available to be read from the

2964

receive buffer than would fit into the buffer passed to

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2965

`Connection.recv_into`, only as many as fit are written into it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2966

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2967

output_buffer = factory(5)

2968

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2969

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

2970

server.send(b'abcdefghij')

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2971

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2972

assert client.recv_into(output_buffer) == 5

2973

assert output_buffer == bytearray(b'abcde')

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2974

rest = client.recv(5)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2975

assert b'fghij' == rest

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2976

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

2977

def test_bytearray_doesnt_overfill(self):

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2978

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2979

When called with a `bytearray` instance, `Connection.recv_into`

2980

respects the size of the array and doesn't write more bytes into it

2981

than will fit.

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2982

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2983

self._doesnt_overfill_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2984

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

2985

def test_bytearray_really_doesnt_overfill(self):

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2986

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2987

When called with a `bytearray` instance and an `nbytes` value that is

2988

too large, `Connection.recv_into` respects the size of the array and

2989

not the `nbytes` value and doesn't write more bytes into the buffer

2990

than will fit.

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2991

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2992

self._doesnt_overfill_test(bytearray)

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2993

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

2994

def test_peek(self):

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2995

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

2996

server.send(b'xy')

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

2997

2998

for _ in range(2):

2999

output_buffer = bytearray(5)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3000

assert client.recv_into(output_buffer, flags=MSG_PEEK) == 2

3001

assert output_buffer == bytearray(b'xy\x00\x00\x00')

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

3002

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3003

def test_memoryview_no_length(self):

3004

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3005

`Connection.recv_into` can be passed a `memoryview` instance and data

3006

in the receive buffer is written to it.

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3007

"""

3008

self._no_length_test(_make_memoryview)

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

3009

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3010

def test_memoryview_respects_length(self):

3011

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3012

When called with a `memoryview` instance, `Connection.recv_into`

3013

respects the ``nbytes`` parameter and doesn't copy more than that

3014

number of bytes in.

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3015

"""

3016

self._respects_length_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3017

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3018

def test_memoryview_doesnt_overfill(self):

3019

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3020

When called with a `memoryview` instance, `Connection.recv_into`

3021

respects the size of the array and doesn't write more bytes into it

3022

than will fit.

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3023

"""

3024

self._doesnt_overfill_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3025

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3026

def test_memoryview_really_doesnt_overfill(self):

3027

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3028

When called with a `memoryview` instance and an `nbytes` value that is

3029

too large, `Connection.recv_into` respects the size of the array and

3030

not the `nbytes` value and doesn't write more bytes into the buffer

3031

than will fit.

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3032

"""

3033

self._doesnt_overfill_test(_make_memoryview)

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

3034

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3035

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3036

class TestConnectionSendall(object):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3037

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3038

Tests for `Connection.sendall`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3039

"""

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3040

def test_wrong_args(self):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3041

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3042

When called with arguments other than a string argument for its first

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3043

parameter, `Connection.sendall` raises `TypeError`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3044

"""

3045

connection = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3046

with pytest.raises(TypeError):

3047

connection.sendall(object())

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3048

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3049

def test_short(self):

3050

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3051

`Connection.sendall` transmits all of the bytes in the string

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

3052

passed to it.

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3053

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3054

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

3055

server.sendall(b'x')

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3056

assert client.recv(1) == b'x'

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3057

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3058

def test_text(self):

3059

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3060

`Connection.sendall` transmits all the content in the string passed

3061

to it, raising a DeprecationWarning in case of this being a text.

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3062

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3063

server, client = loopback()

3064

with pytest.warns(DeprecationWarning) as w:

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3065

simplefilter("always")

Jean-Paul Calderone

8dc37a1

2015-03-29 08:16:52 -0400

[diff] [blame]

3066

server.sendall(b"x".decode("ascii"))

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3067

assert (

Jean-Paul Calderone

13a0e65

2015-03-29 07:58:51 -0400

[diff] [blame]

3068

"{0} for buf is no longer accepted, use bytes".format(

Jean-Paul Calderone

6462b07

2015-03-29 07:03:11 -0400

[diff] [blame]

3069

WARNING_TYPE_EXPECTED

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3070

) == str(w[-1].message))

3071

assert client.recv(1) == b"x"

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3072

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

3073

def test_short_memoryview(self):

3074

"""

3075

When passed a memoryview onto a small number of bytes,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3076

`Connection.sendall` transmits all of them.

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

3077

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3078

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

3079

server.sendall(memoryview(b'x'))

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3080

assert client.recv(1) == b'x'

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3081

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

3082

@skip_if_py3

3083

def test_short_buffers(self):

3084

"""

3085

When passed a buffer containing a small number of bytes,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3086

`Connection.sendall` transmits all of them.

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

3087

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3088

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

3089

server.sendall(buffer(b'x'))

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3090

assert client.recv(1) == b'x'

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

3091

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3092

def test_long(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3093

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3094

`Connection.sendall` transmits all the bytes in the string passed to it

3095

even if this requires multiple calls of an underlying write function.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3096

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3097

server, client = loopback()

Jean-Paul Calderone

6241c70

2010-09-16 19:59:24 -0400

[diff] [blame]

3098

# Should be enough, underlying SSL_write should only do 16k at a time.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3099

# On Windows, after 32k of bytes the write will block (forever

3100

# - because no one is yet reading).

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

3101

message = b'x' * (1024 * 32 - 1) + b'y'

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3102

server.sendall(message)

3103

accum = []

3104

received = 0

3105

while received < len(message):

Jean-Paul Calderone

b1f7f5f

2010-08-22 21:40:52 -0400

[diff] [blame]

3106

data = client.recv(1024)

3107

accum.append(data)

3108

received += len(data)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3109

assert message == b''.join(accum)

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3110

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

3111

def test_closed(self):

3112

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3113

If the underlying socket is closed, `Connection.sendall` propagates the

3114

write error from the low level write call.

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

3115

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3116

server, client = loopback()

Jean-Paul Calderone

05d43e8

2010-09-24 18:01:36 -0400

[diff] [blame]

3117

server.sock_shutdown(2)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3118

with pytest.raises(SysCallError) as err:

3119

server.sendall(b"hello, world")

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

3120

if platform == "win32":

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3121

assert err.value.args[0] == ESHUTDOWN

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

3122

else:

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3123

assert err.value.args[0] == EPIPE

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

3124

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3125

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3126

class TestConnectionRenegotiate(object):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3127

"""

3128

Tests for SSL renegotiation APIs.

3129

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

3130

def test_total_renegotiations(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3131

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3132

`Connection.total_renegotiations` returns `0` before any renegotiations

3133

have happened.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3134

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

3135

connection = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3136

assert connection.total_renegotiations() == 0

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

3137

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

3138

def test_renegotiate(self):

3139

"""

3140

Go through a complete renegotiation cycle.

3141

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3142

server, client = loopback()

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3143

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

3144

server.send(b"hello world")

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3145

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

3146

assert b"hello world" == client.recv(len(b"hello world"))

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3147

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

3148

assert 0 == server.total_renegotiations()

3149

assert False is server.renegotiate_pending()

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3150

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

3151

assert True is server.renegotiate()

3152

3153

assert True is server.renegotiate_pending()

3154

3155

server.setblocking(False)

3156

client.setblocking(False)

3157

3158

client.do_handshake()

3159

server.do_handshake()

3160

3161

assert 1 == server.total_renegotiations()

3162

while False is server.renegotiate_pending():

3163

pass

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3164

3165

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3166

class TestError(object):

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3167

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3168

Unit tests for `OpenSSL.SSL.Error`.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3169

"""

3170

def test_type(self):

3171

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3172

`Error` is an exception type.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3173

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3174

assert issubclass(Error, Exception)

3175

assert Error.__name__ == 'Error'

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

3176

3177

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3178

class TestConstants(object):

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3179

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3180

Tests for the values of constants exposed in `OpenSSL.SSL`.

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3181

3182

These are values defined by OpenSSL intended only to be used as flags to

3183

OpenSSL APIs. The only assertions it seems can be made about them is

3184

their values.

3185

"""

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3186

@pytest.mark.skipif(

3187

OP_NO_QUERY_MTU is None,

3188

reason="OP_NO_QUERY_MTU unavailable - OpenSSL version may be too old"

3189

)

3190

def test_op_no_query_mtu(self):

3191

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3192

The value of `OpenSSL.SSL.OP_NO_QUERY_MTU` is 0x1000, the value

3193

of `SSL_OP_NO_QUERY_MTU` defined by `openssl/ssl.h`.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3194

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3195

assert OP_NO_QUERY_MTU == 0x1000

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3196

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3197

@pytest.mark.skipif(

3198

OP_COOKIE_EXCHANGE is None,

3199

reason="OP_COOKIE_EXCHANGE unavailable - "

3200

"OpenSSL version may be too old"

3201

)

3202

def test_op_cookie_exchange(self):

3203

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3204

The value of `OpenSSL.SSL.OP_COOKIE_EXCHANGE` is 0x2000, the

3205

value of `SSL_OP_COOKIE_EXCHANGE` defined by `openssl/ssl.h`.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3206

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3207

assert OP_COOKIE_EXCHANGE == 0x2000

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3208

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3209

@pytest.mark.skipif(

3210

OP_NO_TICKET is None,

3211

reason="OP_NO_TICKET unavailable - OpenSSL version may be too old"

3212

)

3213

def test_op_no_ticket(self):

3214

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3215

The value of `OpenSSL.SSL.OP_NO_TICKET` is 0x4000, the value of

3216

`SSL_OP_NO_TICKET` defined by `openssl/ssl.h`.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3217

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3218

assert OP_NO_TICKET == 0x4000

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3219

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3220

@pytest.mark.skipif(

3221

OP_NO_COMPRESSION is None,

3222

reason="OP_NO_COMPRESSION unavailable - OpenSSL version may be too old"

3223

)

3224

def test_op_no_compression(self):

3225

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3226

The value of `OpenSSL.SSL.OP_NO_COMPRESSION` is 0x20000, the

3227

value of `SSL_OP_NO_COMPRESSION` defined by `openssl/ssl.h`.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3228

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3229

assert OP_NO_COMPRESSION == 0x20000

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

3230

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3231

def test_sess_cache_off(self):

3232

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3233

The value of `OpenSSL.SSL.SESS_CACHE_OFF` 0x0, the value of

3234

`SSL_SESS_CACHE_OFF` defined by `openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3235

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3236

assert 0x0 == SESS_CACHE_OFF

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3237

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3238

def test_sess_cache_client(self):

3239

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3240

The value of `OpenSSL.SSL.SESS_CACHE_CLIENT` 0x1, the value of

3241

`SSL_SESS_CACHE_CLIENT` defined by `openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3242

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3243

assert 0x1 == SESS_CACHE_CLIENT

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3244

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3245

def test_sess_cache_server(self):

3246

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3247

The value of `OpenSSL.SSL.SESS_CACHE_SERVER` 0x2, the value of

3248

`SSL_SESS_CACHE_SERVER` defined by `openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3249

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3250

assert 0x2 == SESS_CACHE_SERVER

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3251

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3252

def test_sess_cache_both(self):

3253

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3254

The value of `OpenSSL.SSL.SESS_CACHE_BOTH` 0x3, the value of

3255

`SSL_SESS_CACHE_BOTH` defined by `openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3256

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3257

assert 0x3 == SESS_CACHE_BOTH

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3258

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3259

def test_sess_cache_no_auto_clear(self):

3260

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3261

The value of `OpenSSL.SSL.SESS_CACHE_NO_AUTO_CLEAR` 0x80, the

3262

value of `SSL_SESS_CACHE_NO_AUTO_CLEAR` defined by

3263

`openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3264

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3265

assert 0x80 == SESS_CACHE_NO_AUTO_CLEAR

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3266

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3267

def test_sess_cache_no_internal_lookup(self):

3268

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3269

The value of `OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_LOOKUP` 0x100,

3270

the value of `SSL_SESS_CACHE_NO_INTERNAL_LOOKUP` defined by

3271

`openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3272

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3273

assert 0x100 == SESS_CACHE_NO_INTERNAL_LOOKUP

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3274

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3275

def test_sess_cache_no_internal_store(self):

3276

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3277

The value of `OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_STORE` 0x200,

3278

the value of `SSL_SESS_CACHE_NO_INTERNAL_STORE` defined by

3279

`openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3280

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3281

assert 0x200 == SESS_CACHE_NO_INTERNAL_STORE

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3282

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3283

def test_sess_cache_no_internal(self):

3284

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3285

The value of `OpenSSL.SSL.SESS_CACHE_NO_INTERNAL` 0x300, the

3286

value of `SSL_SESS_CACHE_NO_INTERNAL` defined by

3287

`openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3288

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3289

assert 0x300 == SESS_CACHE_NO_INTERNAL

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3290

3291

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3292

class TestMemoryBIO(object):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3293

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3294

Tests for `OpenSSL.SSL.Connection` using a memory BIO.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3295

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3296

def _server(self, sock):

3297

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3298

Create a new server-side SSL `Connection` object wrapped around `sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3299

"""

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3300

# Create the server side Connection. This is mostly setup boilerplate

3301

# - use TLSv1, use a particular certificate, etc.

3302

server_ctx = Context(TLSv1_METHOD)

Alex Gaynor

4330778

2015-09-04 09:05:45 -0400

[diff] [blame]

3303

server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE)

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3304

server_ctx.set_verify(

3305

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT | VERIFY_CLIENT_ONCE,

3306

verify_cb

3307

)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3308

server_store = server_ctx.get_cert_store()

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3309

server_ctx.use_privatekey(

3310

load_privatekey(FILETYPE_PEM, server_key_pem))

3311

server_ctx.use_certificate(

3312

load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3313

server_ctx.check_privatekey()

3314

server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3315

# Here the Connection is actually created. If None is passed as the

3316

# 2nd parameter, it indicates a memory BIO should be created.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3317

server_conn = Connection(server_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3318

server_conn.set_accept_state()

3319

return server_conn

3320

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3321

def _client(self, sock):

3322

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3323

Create a new client-side SSL `Connection` object wrapped around `sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3324

"""

3325

# Now create the client side Connection. Similar boilerplate to the

3326

# above.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3327

client_ctx = Context(TLSv1_METHOD)

Alex Gaynor

4330778

2015-09-04 09:05:45 -0400

[diff] [blame]

3328

client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE)

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3329

client_ctx.set_verify(

3330

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT | VERIFY_CLIENT_ONCE,

3331

verify_cb

3332

)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3333

client_store = client_ctx.get_cert_store()

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3334

client_ctx.use_privatekey(

3335

load_privatekey(FILETYPE_PEM, client_key_pem))

3336

client_ctx.use_certificate(

3337

load_certificate(FILETYPE_PEM, client_cert_pem))

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3338

client_ctx.check_privatekey()

3339

client_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3340

client_conn = Connection(client_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3341

client_conn.set_connect_state()

3342

return client_conn

3343

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3344

def test_memory_connect(self):

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3345

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3346

Two `Connection`s which use memory BIOs can be manually connected by

3347

reading from the output of each and writing those bytes to the input of

3348

the other and in this way establish a connection and exchange

3349

application-level bytes with each other.

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3350

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3351

server_conn = self._server(None)

3352

client_conn = self._client(None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3353

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3354

# There should be no key or nonces yet.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3355

assert server_conn.master_key() is None

3356

assert server_conn.client_random() is None

3357

assert server_conn.server_random() is None

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3358

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3359

# First, the handshake needs to happen. We'll deliver bytes back and

3360

# forth between the client and server until neither of them feels like

3361

# speaking any more.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3362

assert interact_in_memory(client_conn, server_conn) is None

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3363

3364

# Now that the handshake is done, there should be a key and nonces.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3365

assert server_conn.master_key() is not None

3366

assert server_conn.client_random() is not None

3367

assert server_conn.server_random() is not None

3368

assert server_conn.client_random() == client_conn.client_random()

3369

assert server_conn.server_random() == client_conn.server_random()

3370

assert server_conn.client_random() != server_conn.server_random()

3371

assert client_conn.client_random() != client_conn.server_random()

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3372

Paul Kehrer

bdb7639

2017-12-01 04:54:32 +0800

[diff] [blame]

3373

# Export key material for other uses.

3374

cekm = client_conn.export_keying_material(b'LABEL', 32)

3375

sekm = server_conn.export_keying_material(b'LABEL', 32)

3376

assert cekm is not None

3377

assert sekm is not None

3378

assert cekm == sekm

3379

assert len(sekm) == 32

3380

3381

# Export key material for other uses with additional context.

3382

cekmc = client_conn.export_keying_material(b'LABEL', 32, b'CONTEXT')

3383

sekmc = server_conn.export_keying_material(b'LABEL', 32, b'CONTEXT')

3384

assert cekmc is not None

3385

assert sekmc is not None

3386

assert cekmc == sekmc

3387

assert cekmc != cekm

3388

assert sekmc != sekm

3389

# Export with alternate label

3390

cekmt = client_conn.export_keying_material(b'test', 32, b'CONTEXT')

3391

sekmt = server_conn.export_keying_material(b'test', 32, b'CONTEXT')

3392

assert cekmc != cekmt

3393

assert sekmc != sekmt

3394

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3395

# Here are the bytes we'll try to send.

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

3396

important_message = b'One if by land, two if by sea.'

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3397

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3398

server_conn.write(important_message)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3399

assert (

3400

interact_in_memory(client_conn, server_conn) ==

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3401

(client_conn, important_message))

3402

3403

client_conn.write(important_message[::-1])

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3404

assert (

3405

interact_in_memory(client_conn, server_conn) ==

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3406

(server_conn, important_message[::-1]))

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3407

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3408

def test_socket_connect(self):

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3409

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3410

Just like `test_memory_connect` but with an actual socket.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3411

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3412

This is primarily to rule out the memory BIO code as the source of any

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3413

problems encountered while passing data over a `Connection` (if

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3414

this test fails, there must be a problem outside the memory BIO code,

3415

as no memory BIO is involved here). Even though this isn't a memory

3416

BIO test, it's convenient to have it here.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3417

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3418

server_conn, client_conn = loopback()

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3419

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

3420

important_message = b"Help me Obi Wan Kenobi, you're my only hope."

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3421

client_conn.send(important_message)

3422

msg = server_conn.recv(1024)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3423

assert msg == important_message

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3424

3425

# Again in the other direction, just for fun.

3426

important_message = important_message[::-1]

3427

server_conn.send(important_message)

3428

msg = client_conn.recv(1024)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3429

assert msg == important_message

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3430

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3431

def test_socket_overrides_memory(self):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3432

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3433

Test that `OpenSSL.SSL.bio_read` and `OpenSSL.SSL.bio_write` don't

3434

work on `OpenSSL.SSL.Connection`() that use sockets.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3435

"""

Alex Gaynor

51d424c

2016-09-10 14:50:11 -0400

[diff] [blame]

3436

context = Context(TLSv1_METHOD)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3437

client = socket()

3438

clientSSL = Connection(context, client)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3439

with pytest.raises(TypeError):

3440

clientSSL.bio_read(100)

3441

with pytest.raises(TypeError):

3442

clientSSL.bio_write("foo")

3443

with pytest.raises(TypeError):

3444

clientSSL.bio_shutdown()

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3445

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3446

def test_outgoing_overflow(self):

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3447

"""

3448

If more bytes than can be written to the memory BIO are passed to

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3449

`Connection.send` at once, the number of bytes which were written is

3450

returned and that many bytes from the beginning of the input can be

3451

read from the other end of the connection.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3452

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3453

server = self._server(None)

3454

client = self._client(None)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3455

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3456

interact_in_memory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3457

3458

size = 2 ** 15

Jean-Paul Calderone

4f0467a

2014-01-11 11:58:41 -0500

[diff] [blame]

3459

sent = client.send(b"x" * size)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3460

# Sanity check. We're trying to test what happens when the entire

3461

# input can't be sent. If the entire input was sent, this test is

3462

# meaningless.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3463

assert sent < size

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3464

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3465

receiver, received = interact_in_memory(client, server)

3466

assert receiver is server

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3467

3468

# We can rely on all of these bytes being received at once because

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3469

# loopback passes 2 ** 16 to recv - more than 2 ** 15.

3470

assert len(received) == sent

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3471

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3472

def test_shutdown(self):

3473

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3474

`Connection.bio_shutdown` signals the end of the data stream

3475

from which the `Connection` reads.

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3476

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3477

server = self._server(None)

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3478

server.bio_shutdown()

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3479

with pytest.raises(Error) as err:

3480

server.recv(1024)

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3481

# We don't want WantReadError or ZeroReturnError or anything - it's a

3482

# handshake failure.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3483

assert type(err.value) in [Error, SysCallError]

Jean-Paul Calderone

0b88b6a

2009-07-05 12:44:41 -0400

[diff] [blame]

3484

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3485

def test_unexpected_EOF(self):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3486

"""

3487

If the connection is lost before an orderly SSL shutdown occurs,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3488

`OpenSSL.SSL.SysCallError` is raised with a message of

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3489

"Unexpected EOF".

3490

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3491

server_conn, client_conn = loopback()

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3492

client_conn.sock_shutdown(SHUT_RDWR)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3493

with pytest.raises(SysCallError) as err:

3494

server_conn.recv(1024)

3495

assert err.value.args == (-1, "Unexpected EOF")

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3496

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3497

def _check_client_ca_list(self, func):

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3498

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3499

Verify the return value of the `get_client_ca_list` method for

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3500

server and client connections.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3501

Jonathan Ballet

78b92a2

2011-07-16 08:07:26 +0900

[diff] [blame]

3502

:param func: A function which will be called with the server context

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3503

before the client and server are connected to each other. This

3504

function should specify a list of CAs for the server to send to the

3505

client and return that same list. The list will be used to verify

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3506

that `get_client_ca_list` returns the proper value at

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3507

various times.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3508

"""

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3509

server = self._server(None)

3510

client = self._client(None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3511

assert client.get_client_ca_list() == []

3512

assert server.get_client_ca_list() == []

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3513

ctx = server.get_context()

3514

expected = func(ctx)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3515

assert client.get_client_ca_list() == []

3516

assert server.get_client_ca_list() == expected

3517

interact_in_memory(client, server)

3518

assert client.get_client_ca_list() == expected

3519

assert server.get_client_ca_list() == expected

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3520

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3521

def test_set_client_ca_list_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3522

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3523

`Context.set_client_ca_list` raises a `TypeError` if called with a

3524

non-list or a list that contains objects other than X509Names.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3525

"""

3526

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3527

with pytest.raises(TypeError):

3528

ctx.set_client_ca_list("spam")

3529

with pytest.raises(TypeError):

3530

ctx.set_client_ca_list(["spam"])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3531

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3532

def test_set_empty_ca_list(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3533

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3534

If passed an empty list, `Context.set_client_ca_list` configures the

3535

context to send no CA names to the client and, on both the server and

3536

client sides, `Connection.get_client_ca_list` returns an empty list

3537

after the connection is set up.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3538

"""

3539

def no_ca(ctx):

3540

ctx.set_client_ca_list([])

3541

return []

3542

self._check_client_ca_list(no_ca)

3543

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3544

def test_set_one_ca_list(self):

3545

"""

3546

If passed a list containing a single X509Name,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3547

`Context.set_client_ca_list` configures the context to send

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3548

that CA name to the client and, on both the server and client sides,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3549

`Connection.get_client_ca_list` returns a list containing that

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3550

X509Name after the connection is set up.

3551

"""

3552

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3553

cadesc = cacert.get_subject()

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3554

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3555

def single_ca(ctx):

3556

ctx.set_client_ca_list([cadesc])

3557

return [cadesc]

3558

self._check_client_ca_list(single_ca)

3559

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3560

def test_set_multiple_ca_list(self):

3561

"""

3562

If passed a list containing multiple X509Name objects,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3563

`Context.set_client_ca_list` configures the context to send

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3564

those CA names to the client and, on both the server and client sides,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3565

`Connection.get_client_ca_list` returns a list containing those

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3566

X509Names after the connection is set up.

3567

"""

3568

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3569

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3570

3571

sedesc = secert.get_subject()

3572

cldesc = clcert.get_subject()

3573

3574

def multiple_ca(ctx):

3575

L = [sedesc, cldesc]

3576

ctx.set_client_ca_list(L)

3577

return L

3578

self._check_client_ca_list(multiple_ca)

3579

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3580

def test_reset_ca_list(self):

3581

"""

3582

If called multiple times, only the X509Names passed to the final call

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3583

of `Context.set_client_ca_list` are used to configure the CA

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3584

names sent to the client.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3585

"""

3586

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3587

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3588

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3589

3590

cadesc = cacert.get_subject()

3591

sedesc = secert.get_subject()

3592

cldesc = clcert.get_subject()

3593

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3594

def changed_ca(ctx):

3595

ctx.set_client_ca_list([sedesc, cldesc])

3596

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3597

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3598

self._check_client_ca_list(changed_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3599

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3600

def test_mutated_ca_list(self):

3601

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3602

If the list passed to `Context.set_client_ca_list` is mutated

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3603

afterwards, this does not affect the list of CA names sent to the

3604

client.

3605

"""

3606

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3607

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3608

3609

cadesc = cacert.get_subject()

3610

sedesc = secert.get_subject()

3611

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3612

def mutated_ca(ctx):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3613

L = [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3614

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3615

L.append(sedesc)

3616

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3617

self._check_client_ca_list(mutated_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3618

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3619

def test_add_client_ca_wrong_args(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3620

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3621

`Context.add_client_ca` raises `TypeError` if called with

3622

a non-X509 object.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3623

"""

3624

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3625

with pytest.raises(TypeError):

3626

ctx.add_client_ca("spam")

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3627

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3628

def test_one_add_client_ca(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3629

"""

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3630

A certificate's subject can be added as a CA to be sent to the client

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3631

with `Context.add_client_ca`.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3632

"""

3633

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3634

cadesc = cacert.get_subject()

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3635

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3636

def single_ca(ctx):

3637

ctx.add_client_ca(cacert)

3638

return [cadesc]

3639

self._check_client_ca_list(single_ca)

3640

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3641

def test_multiple_add_client_ca(self):

3642

"""

3643

Multiple CA names can be sent to the client by calling

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3644

`Context.add_client_ca` with multiple X509 objects.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3645

"""

3646

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3647

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3648

3649

cadesc = cacert.get_subject()

3650

sedesc = secert.get_subject()

3651

3652

def multiple_ca(ctx):

3653

ctx.add_client_ca(cacert)

3654

ctx.add_client_ca(secert)

3655

return [cadesc, sedesc]

3656

self._check_client_ca_list(multiple_ca)

3657

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3658

def test_set_and_add_client_ca(self):

3659

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3660

A call to `Context.set_client_ca_list` followed by a call to

3661

`Context.add_client_ca` results in using the CA names from the

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3662

first call and the CA name from the second call.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3663

"""

3664

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3665

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3666

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3667

3668

cadesc = cacert.get_subject()

3669

sedesc = secert.get_subject()

3670

cldesc = clcert.get_subject()

3671

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3672

def mixed_set_add_ca(ctx):

3673

ctx.set_client_ca_list([cadesc, sedesc])

3674

ctx.add_client_ca(clcert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3675

return [cadesc, sedesc, cldesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3676

self._check_client_ca_list(mixed_set_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3677

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3678

def test_set_after_add_client_ca(self):

3679

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3680

A call to `Context.set_client_ca_list` after a call to

3681

`Context.add_client_ca` replaces the CA name specified by the

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3682

former call with the names specified by the latter call.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3683

"""

3684

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3685

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3686

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3687

3688

cadesc = cacert.get_subject()

3689

sedesc = secert.get_subject()

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3690

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3691

def set_replaces_add_ca(ctx):

3692

ctx.add_client_ca(clcert)

3693

ctx.set_client_ca_list([cadesc])

3694

ctx.add_client_ca(secert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3695

return [cadesc, sedesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3696

self._check_client_ca_list(set_replaces_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3697

Jean-Paul Calderone

0b88b6a

2009-07-05 12:44:41 -0400

[diff] [blame]

3698

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3699

class TestInfoConstants(object):

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

3700

"""

3701

Tests for assorted constants exposed for use in info callbacks.

3702

"""

3703

def test_integers(self):

3704

"""

3705

All of the info constants are integers.

3706

3707

This is a very weak test. It would be nice to have one that actually

3708

verifies that as certain info events happen, the value passed to the

3709

info callback matches up with the constant exposed by OpenSSL.SSL.

3710

"""

3711

for const in [

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

3712

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK,

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

3713

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

3714

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

3715

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3716

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE

3717

]:

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

3718

assert isinstance(const, int)

3719

3720

# These constants don't exist on OpenSSL 1.1.0

3721

for const in [

3722

SSL_ST_INIT, SSL_ST_BEFORE, SSL_ST_OK, SSL_ST_RENEGOTIATE

3723

]:

3724

assert const is None or isinstance(const, int)

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

3725

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

3726

Cory Benfield

1d14214

2016-03-30 11:51:45 +0100

[diff] [blame]

3727

class TestRequires(object):

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3728

"""

3729

Tests for the decorator factory used to conditionally raise

Cory Benfield

1d14214

2016-03-30 11:51:45 +0100

[diff] [blame]

3730

NotImplementedError when older OpenSSLs are used.

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3731

"""

3732

def test_available(self):

3733

"""

3734

When the OpenSSL functionality is available the decorated functions

3735

work appropriately.

3736

"""

3737

feature_guard = _make_requires(True, "Error text")

results = []

@feature_guard

def inner():

results.append(True)

return True

Cory Benfield

2016-03-30 14:24:16 +0100

[diff] [blame]

3745

assert inner() is True

3746

assert [True] == results

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3747

3748

def test_unavailable(self):

3749

"""

3750

When the OpenSSL functionality is not available the decorated function

3751

does not execute and NotImplementedError is raised.

3752

"""

3753

feature_guard = _make_requires(False, "Error text")

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3754

3755

@feature_guard

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

3756

def inner(): # pragma: nocover

3757

pytest.fail("Should not be called")

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3758

Cory Benfield

1d14214

2016-03-30 11:51:45 +0100

[diff] [blame]

3759

with pytest.raises(NotImplementedError) as e:

3760

inner()

3761

3762

assert "Error text" in str(e.value)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3763

3764

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3765

class TestOCSP(object):

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3766

"""

3767

Tests for PyOpenSSL's OCSP stapling support.

3768

"""

3769

sample_ocsp_data = b"this is totally ocsp data"

3770

3771

def _client_connection(self, callback, data, request_ocsp=True):

3772

"""

3773

Builds a client connection suitable for using OCSP.

3774

3775

:param callback: The callback to register for OCSP.

3776

:param data: The opaque data object that will be handed to the

3777

OCSP callback.

3778

:param request_ocsp: Whether the client will actually ask for OCSP

3779

stapling. Useful for testing only.

3780

"""

3781

ctx = Context(SSLv23_METHOD)

3782

ctx.set_ocsp_client_callback(callback, data)

3783

client = Connection(ctx)

3784

3785

if request_ocsp:

3786

client.request_ocsp()

3787

3788

client.set_connect_state()

3789

return client

3790

3791

def _server_connection(self, callback, data):

3792

"""

3793

Builds a server connection suitable for using OCSP.

3794

3795

:param callback: The callback to register for OCSP.

3796

:param data: The opaque data object that will be handed to the

3797

OCSP callback.

3798

"""

3799

ctx = Context(SSLv23_METHOD)

3800

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

3801

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

3802

ctx.set_ocsp_server_callback(callback, data)

3803

server = Connection(ctx)

3804

server.set_accept_state()

3805

return server

3806

3807

def test_callbacks_arent_called_by_default(self):

3808

"""

3809

If both the client and the server have registered OCSP callbacks, but

3810

the client does not send the OCSP request, neither callback gets

3811

called.

3812

"""

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

3813

def ocsp_callback(*args, **kwargs): # pragma: nocover

3814

pytest.fail("Should not be called")

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3815

3816

client = self._client_connection(

3817

callback=ocsp_callback, data=None, request_ocsp=False

3818

)

3819

server = self._server_connection(callback=ocsp_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3820

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3821

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3822

def test_client_negotiates_without_server(self):

3823

"""

3824

If the client wants to do OCSP but the server does not, the handshake

3825

succeeds, and the client callback fires with an empty byte string.

"""

called = []

def ocsp_callback(conn, ocsp_data, ignored):

3830

called.append(ocsp_data)

3831

return True

3832

3833

client = self._client_connection(callback=ocsp_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3834

server = loopback_server_factory(socket=None)

3835

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3836

3837

assert len(called) == 1

3838

assert called[0] == b''

3839

3840

def test_client_receives_servers_data(self):

3841

"""

3842

The data the server sends in its callback is received by the client.

"""

calls = []

def server_callback(*args, **kwargs):

3847

return self.sample_ocsp_data

3848

3849

def client_callback(conn, ocsp_data, ignored):

3850

calls.append(ocsp_data)

3851

return True

3852

3853

client = self._client_connection(callback=client_callback, data=None)

3854

server = self._server_connection(callback=server_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3855

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3856

3857

assert len(calls) == 1

3858

assert calls[0] == self.sample_ocsp_data

3859

3860

def test_callbacks_are_invoked_with_connections(self):

3861

"""

3862

The first arguments to both callbacks are their respective connections.

"""

client_calls = []

server_calls = []

def client_callback(conn, *args, **kwargs):

3868

client_calls.append(conn)

3869

return True

3870

3871

def server_callback(conn, *args, **kwargs):

3872

server_calls.append(conn)

3873

return self.sample_ocsp_data

3874

3875

client = self._client_connection(callback=client_callback, data=None)

3876

server = self._server_connection(callback=server_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3877

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3878

3879

assert len(client_calls) == 1

3880

assert len(server_calls) == 1

3881

assert client_calls[0] is client

3882

assert server_calls[0] is server

3883

3884

def test_opaque_data_is_passed_through(self):

3885

"""

3886

Both callbacks receive an opaque, user-provided piece of data in their

3887

callbacks as the final argument.

"""

calls = []

def server_callback(*args):

3892

calls.append(args)

3893

return self.sample_ocsp_data

3894

3895

def client_callback(*args):

calls.append(args)

return True

sentinel = object()

client = self._client_connection(

3902

callback=client_callback, data=sentinel

3903

)

3904

server = self._server_connection(

3905

callback=server_callback, data=sentinel

3906

)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3907

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3908

3909

assert len(calls) == 2

3910

assert calls[0][-1] is sentinel

3911

assert calls[1][-1] is sentinel

3912

3913

def test_server_returns_empty_string(self):

3914

"""

3915

If the server returns an empty bytestring from its callback, the

3916

client callback is called with the empty bytestring.

"""

client_calls = []

def server_callback(*args):

3921

return b''

3922

3923

def client_callback(conn, ocsp_data, ignored):

3924

client_calls.append(ocsp_data)

3925

return True

3926

3927

client = self._client_connection(callback=client_callback, data=None)

3928

server = self._server_connection(callback=server_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3929

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3930

3931

assert len(client_calls) == 1

3932

assert client_calls[0] == b''

3933

3934

def test_client_returns_false_terminates_handshake(self):

3935

"""

3936

If the client returns False from its callback, the handshake fails.

3937

"""

3938

def server_callback(*args):

3939

return self.sample_ocsp_data

3940

3941

def client_callback(*args):

3942

return False

3943

3944

client = self._client_connection(callback=client_callback, data=None)

3945

server = self._server_connection(callback=server_callback, data=None)

3946

3947

with pytest.raises(Error):

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3948

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3949

3950

def test_exceptions_in_client_bubble_up(self):

3951

"""

3952

The callbacks thrown in the client callback bubble up to the caller.

3953

"""

3954

class SentinelException(Exception):

3955

pass

3956

3957

def server_callback(*args):

3958

return self.sample_ocsp_data

3959

3960

def client_callback(*args):

3961

raise SentinelException()

3962

3963

client = self._client_connection(callback=client_callback, data=None)

3964

server = self._server_connection(callback=server_callback, data=None)

3965

3966

with pytest.raises(SentinelException):

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3967

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3968

3969

def test_exceptions_in_server_bubble_up(self):

3970

"""

3971

The callbacks thrown in the server callback bubble up to the caller.

3972

"""

3973

class SentinelException(Exception):

3974

pass

3975

3976

def server_callback(*args):

3977

raise SentinelException()

3978

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

3979

def client_callback(*args): # pragma: nocover

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3980

pytest.fail("Should not be called")

3981

3982

client = self._client_connection(callback=client_callback, data=None)

3983

server = self._server_connection(callback=server_callback, data=None)

3984

3985

with pytest.raises(SentinelException):

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3986

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3987

3988

def test_server_must_return_bytes(self):

3989

"""

3990

The server callback must return a bytestring, or a TypeError is thrown.

3991

"""

3992

def server_callback(*args):

3993

return self.sample_ocsp_data.decode('ascii')

3994

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

3995

def client_callback(*args): # pragma: nocover

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3996

pytest.fail("Should not be called")

3997

3998

client = self._client_connection(callback=client_callback, data=None)

3999

server = self._server_connection(callback=server_callback, data=None)

4000

4001

with pytest.raises(TypeError):

Alex Chan