Blame - tests/test_ssl.py - platform/external/python/pyopenssl

2008-03-21 17:04:05 -0400

[diff] [blame]

4

"""

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

5

Unit tests for :mod:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

6

"""

7

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

import datetime

import uuid

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

11

from gc import collect, get_referrers

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

12

from errno import ECONNREFUSED, EINPROGRESS, EWOULDBLOCK, EPIPE, ESHUTDOWN

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

13

from sys import platform, getfilesystemencoding, version_info

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

14

from socket import MSG_PEEK, SHUT_RDWR, error, socket

Jean-Paul Calderone

a65cf6c

2009-07-19 10:26:52 -0400

[diff] [blame]

15

from os import makedirs

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

16

from os.path import join

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

17

from weakref import ref

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

18

from warnings import simplefilter

Jean-Paul Calderone

460cc1f

2009-03-07 11:31:12 -0500

[diff] [blame]

19

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

20

import pytest

21

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

22

from six import PY3, text_type

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

23

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

24

from cryptography import x509

25

from cryptography.hazmat.backends import default_backend

26

from cryptography.hazmat.primitives import hashes

27

from cryptography.hazmat.primitives import serialization

28

from cryptography.hazmat.primitives.asymmetric import rsa

29

from cryptography.x509.oid import NameOID

30

31

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

32

from OpenSSL.crypto import TYPE_RSA, FILETYPE_PEM

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

33

from OpenSSL.crypto import PKey, X509, X509Extension, X509Store

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

34

from OpenSSL.crypto import dump_privatekey, load_privatekey

35

from OpenSSL.crypto import dump_certificate, load_certificate

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

36

from OpenSSL.crypto import get_elliptic_curves

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

37

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

38

from OpenSSL.SSL import OPENSSL_VERSION_NUMBER, SSLEAY_VERSION, SSLEAY_CFLAGS

39

from OpenSSL.SSL import SSLEAY_PLATFORM, SSLEAY_DIR, SSLEAY_BUILT_ON

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

40

from OpenSSL.SSL import SENT_SHUTDOWN, RECEIVED_SHUTDOWN

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

41

from OpenSSL.SSL import (

42

SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD,

43

TLSv1_1_METHOD, TLSv1_2_METHOD)

44

from OpenSSL.SSL import OP_SINGLE_DH_USE, OP_NO_SSLv2, OP_NO_SSLv3

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

45

from OpenSSL.SSL import (

46

VERIFY_PEER, VERIFY_FAIL_IF_NO_PEER_CERT, VERIFY_CLIENT_ONCE, VERIFY_NONE)

Jean-Paul Calderone

0222a49

2011-09-08 18:26:03 -0400

[diff] [blame]

47

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

48

from OpenSSL.SSL import (

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

49

SESS_CACHE_OFF, SESS_CACHE_CLIENT, SESS_CACHE_SERVER, SESS_CACHE_BOTH,

50

SESS_CACHE_NO_AUTO_CLEAR, SESS_CACHE_NO_INTERNAL_LOOKUP,

51

SESS_CACHE_NO_INTERNAL_STORE, SESS_CACHE_NO_INTERNAL)

52

53

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

54

Error, SysCallError, WantReadError, WantWriteError, ZeroReturnError)

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

55

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

56

Context, ContextType, Session, Connection, ConnectionType, SSLeay_version)

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

57

from OpenSSL.SSL import _make_requires

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

58

Cory Benfield

ba1820d

2015-04-13 17:39:12 -0400

[diff] [blame]

59

from OpenSSL._util import lib as _lib

60

Alex Gaynor

2016-07-31 10:54:24 -0400

[diff] [blame]

61

from OpenSSL.SSL import (

62

OP_NO_QUERY_MTU, OP_COOKIE_EXCHANGE, OP_NO_TICKET, OP_NO_COMPRESSION,

63

MODE_RELEASE_BUFFERS)

Jean-Paul Calderone

0222a49

2011-09-08 18:26:03 -0400

[diff] [blame]

64

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

65

try:

66

from OpenSSL.SSL import OP_NO_TLSv1, OP_NO_TLSv1_1, OP_NO_TLSv1_2

67

except ImportError:

68

OP_NO_TLSv1 = OP_NO_TLSv1_1 = OP_NO_TLSv1_2 = None

69

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

70

from OpenSSL.SSL import (

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

71

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK,

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

72

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

73

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

74

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

75

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

76

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

77

try:

78

from OpenSSL.SSL import (

79

SSL_ST_INIT, SSL_ST_BEFORE, SSL_ST_OK, SSL_ST_RENEGOTIATE

80

)

81

except ImportError:

82

SSL_ST_INIT = SSL_ST_BEFORE = SSL_ST_OK = SSL_ST_RENEGOTIATE = None

83

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

84

from .util import WARNING_TYPE_EXPECTED, NON_ASCII, is_consistent_type

Hynek Schlawack

f0e6685

2015-10-16 20:18:38 +0200

[diff] [blame]

85

from .test_crypto import (

86

cleartextCertificatePEM, cleartextPrivateKeyPEM,

87

client_cert_pem, client_key_pem, server_cert_pem, server_key_pem,

88

root_cert_pem)

89

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

90

Alex Gaynor

d0bdd2d

2016-09-10 14:23:46 -0400

[diff] [blame]

91

# openssl dhparam 1024 -out dh-1024.pem (note that 1024 is a small number of

92

# bits to use)

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

93

dhparam = """\

94

-----BEGIN DH PARAMETERS-----

Alex Gaynor

d0bdd2d

2016-09-10 14:23:46 -0400

[diff] [blame]

95

MIGHAoGBALdUMvn+C9MM+y5BWZs11mSeH6HHoEq0UVbzVq7UojC1hbsZUuGukQ3a

96

Qh2/pwqb18BZFykrWB0zv/OkLa0kx4cuUgNrUVq1EFheBiX6YqryJ7t2sO09NQiO

97

V7H54LmltOT/hEh6QWsJqb6BQgH65bswvV/XkYGja8/T0GzvbaVzAgEC

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

98

-----END DH PARAMETERS-----

"""

Hynek Schlawack

2015-09-05 20:48:34 +0200

[diff] [blame]

102

skip_if_py3 = pytest.mark.skipif(PY3, reason="Python 2 only")

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

103

skip_if_py26 = pytest.mark.skipif(

104

version_info[0:2] == (2, 6),

105

reason="Python 2.7 and later only"

106

)

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

107

108

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

109

def join_bytes_or_unicode(prefix, suffix):

110

"""

111

Join two path components of either ``bytes`` or ``unicode``.

112

113

The return type is the same as the type of ``prefix``.

114

"""

115

# If the types are the same, nothing special is necessary.

116

if type(prefix) == type(suffix):

117

return join(prefix, suffix)

118

119

# Otherwise, coerce suffix to the type of prefix.

120

if isinstance(prefix, text_type):

121

return join(prefix, suffix.decode(getfilesystemencoding()))

122

else:

123

return join(prefix, suffix.encode(getfilesystemencoding()))

124

125

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

126

def verify_cb(conn, cert, errnum, depth, ok):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

127

return ok

128

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

129

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

130

def socket_pair():

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

131

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

132

Establish and return a pair of network sockets connected to each other.

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

133

"""

134

# Connect a pair of sockets

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(1)

client = socket()

client.setblocking(False)

Jean-Paul Calderone

f23c5d9

2009-07-23 17:58:15 -0400

[diff] [blame]

140

client.connect_ex(("127.0.0.1", port.getsockname()[1]))

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

141

client.setblocking(True)

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

142

server = port.accept()[0]

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

143

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

144

# Let's pass some unencrypted data to make sure our socket connection is

145

# fine. Just one byte, so we don't have to worry about buffers getting

146

# filled up or fragmentation.

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

147

server.send(b"x")

148

assert client.recv(1024) == b"x"

149

client.send(b"y")

150

assert server.recv(1024) == b"y"

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

151

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

152

# Most of our callers want non-blocking sockets, make it easy for them.

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

153

server.setblocking(False)

154

client.setblocking(False)

Jim Shaver

46f2891

2015-05-29 19:32:16 -0400

[diff] [blame]

155

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

156

return (server, client)

157

158

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

159

def handshake(client, server):

160

conns = [client, server]

while conns:

for conn in conns:

try:

conn.do_handshake()

except WantReadError:

pass

else:

conns.remove(conn)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

171

def _create_certificate_chain():

172

"""

173

Construct and return a chain of certificates.

174

175

1. A new self-signed certificate authority certificate (cacert)

176

2. A new intermediate certificate signed by cacert (icert)

177

3. A new server certificate signed by icert (scert)

178

"""

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

179

caext = X509Extension(b'basicConstraints', False, b'CA:true')

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

180

181

# Step 1

182

cakey = PKey()

Alex Gaynor

0737a5e

2016-09-10 14:35:09 -0400

[diff] [blame]

183

cakey.generate_key(TYPE_RSA, 1024)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

184

cacert = X509()

185

cacert.get_subject().commonName = "Authority Certificate"

186

cacert.set_issuer(cacert.get_subject())

187

cacert.set_pubkey(cakey)

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

188

cacert.set_notBefore(b"20000101000000Z")

189

cacert.set_notAfter(b"20200101000000Z")

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

190

cacert.add_extensions([caext])

191

cacert.set_serial_number(0)

192

cacert.sign(cakey, "sha1")

193

194

# Step 2

195

ikey = PKey()

Alex Gaynor

0737a5e

2016-09-10 14:35:09 -0400

[diff] [blame]

196

ikey.generate_key(TYPE_RSA, 1024)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

197

icert = X509()

198

icert.get_subject().commonName = "Intermediate Certificate"

199

icert.set_issuer(cacert.get_subject())

200

icert.set_pubkey(ikey)

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

201

icert.set_notBefore(b"20000101000000Z")

202

icert.set_notAfter(b"20200101000000Z")

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

203

icert.add_extensions([caext])

204

icert.set_serial_number(0)

205

icert.sign(cakey, "sha1")

206

207

# Step 3

208

skey = PKey()

Alex Gaynor

0737a5e

2016-09-10 14:35:09 -0400

[diff] [blame]

209

skey.generate_key(TYPE_RSA, 1024)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

210

scert = X509()

211

scert.get_subject().commonName = "Server Certificate"

212

scert.set_issuer(icert.get_subject())

213

scert.set_pubkey(skey)

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

214

scert.set_notBefore(b"20000101000000Z")

215

scert.set_notAfter(b"20200101000000Z")

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

216

scert.add_extensions([

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

217

X509Extension(b'basicConstraints', True, b'CA:false')])

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

218

scert.set_serial_number(0)

219

scert.sign(ikey, "sha1")

220

221

return [(cakey, cacert), (ikey, icert), (skey, scert)]

222

223

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

224

def loopback_client_factory(socket):

225

client = Connection(Context(TLSv1_METHOD), socket)

226

client.set_connect_state()

return client

def loopback_server_factory(socket):

231

ctx = Context(TLSv1_METHOD)

232

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

233

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

234

server = Connection(ctx, socket)

235

server.set_accept_state()

return server

def loopback(server_factory=None, client_factory=None):

240

"""

241

Create a connected socket pair and force two connected SSL sockets

242

to talk to each other via memory BIOs.

243

"""

244

if server_factory is None:

245

server_factory = loopback_server_factory

246

if client_factory is None:

247

client_factory = loopback_client_factory

248

249

(server, client) = socket_pair()

250

server = server_factory(server)

251

client = client_factory(client)

252

253

handshake(client, server)

254

255

server.setblocking(True)

256

client.setblocking(True)

257

return server, client

258

259

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

260

def interact_in_memory(client_conn, server_conn):

261

"""

262

Try to read application bytes from each of the two `Connection` objects.

263

Copy bytes back and forth between their send/receive buffers for as long

264

as there is anything to copy. When there is nothing more to copy,

265

return `None`. If one of them actually manages to deliver some application

266

bytes, return a two-tuple of the connection from which the bytes were read

267

and the bytes themselves.

"""

wrote = True

while wrote:

# Loop until neither side has anything to say

272

wrote = False

273

274

# Copy stuff from each side's send buffer to the other side's

275

# receive buffer.

276

for (read, write) in [(client_conn, server_conn),

277

(server_conn, client_conn)]:

278

279

# Give the side a chance to generate some more bytes, or succeed.

280

try:

281

data = read.recv(2 ** 16)

282

except WantReadError:

283

# It didn't succeed, so we'll hope it generated some output.

284

pass

285

else:

286

# It did succeed, so we'll stop now and let the caller deal

# with it.

return (read, data)

while True:

# Keep copying as long as there's more stuff there.

292

try:

293

dirty = read.bio_read(4096)

294

except WantReadError:

295

# Okay, nothing more waiting to be sent. Stop

296

# processing this send buffer.

297

break

298

else:

299

# Keep track of the fact that someone generated some

300

# output.

301

wrote = True

302

write.bio_write(dirty)

303

304

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

305

def handshake_in_memory(client_conn, server_conn):

306

"""

307

Perform the TLS handshake between two `Connection` instances connected to

308

each other via memory BIOs.

309

"""

310

client_conn.set_connect_state()

311

server_conn.set_accept_state()

312

313

for conn in [client_conn, server_conn]:

314

try:

315

conn.do_handshake()

316

except WantReadError:

317

pass

318

319

interact_in_memory(client_conn, server_conn)

320

321

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

322

class TestVersion(object):

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

323

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

324

Tests for version information exposed by `OpenSSL.SSL.SSLeay_version` and

325

`OpenSSL.SSL.OPENSSL_VERSION_NUMBER`.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

326

"""

327

def test_OPENSSL_VERSION_NUMBER(self):

328

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

329

`OPENSSL_VERSION_NUMBER` is an integer with status in the low byte and

330

the patch, fix, minor, and major versions in the nibbles above that.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

331

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

332

assert isinstance(OPENSSL_VERSION_NUMBER, int)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

333

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

334

def test_SSLeay_version(self):

335

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

336

`SSLeay_version` takes a version type indicator and returns one of a

337

number of version strings based on that indicator.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

338

"""

339

versions = {}

340

for t in [SSLEAY_VERSION, SSLEAY_CFLAGS, SSLEAY_BUILT_ON,

341

SSLEAY_PLATFORM, SSLEAY_DIR]:

342

version = SSLeay_version(t)

343

versions[version] = t

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

344

assert isinstance(version, bytes)

345

assert len(versions) == 5

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

346

347

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

348

@pytest.fixture

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

349

def ca_file(tmpdir):

350

"""

351

Create a valid PEM file with CA certificates and return the path.

352

"""

353

key = rsa.generate_private_key(

354

public_exponent=65537,

355

key_size=2048,

356

backend=default_backend()

357

)

358

public_key = key.public_key()

359

360

builder = x509.CertificateBuilder()

361

builder = builder.subject_name(x509.Name([

362

x509.NameAttribute(NameOID.COMMON_NAME, u"pyopenssl.org"),

363

]))

364

builder = builder.issuer_name(x509.Name([

365

x509.NameAttribute(NameOID.COMMON_NAME, u"pyopenssl.org"),

366

]))

367

one_day = datetime.timedelta(1, 0, 0)

368

builder = builder.not_valid_before(datetime.datetime.today() - one_day)

369

builder = builder.not_valid_after(datetime.datetime.today() + one_day)

370

builder = builder.serial_number(int(uuid.uuid4()))

371

builder = builder.public_key(public_key)

372

builder = builder.add_extension(

373

x509.BasicConstraints(ca=True, path_length=None), critical=True,

374

)

375

376

certificate = builder.sign(

377

private_key=key, algorithm=hashes.SHA256(),

378

backend=default_backend()

379

)

380

381

ca_file = tmpdir.join("test.pem")

382

ca_file.write_binary(

383

certificate.public_bytes(

384

encoding=serialization.Encoding.PEM,

)

)

return str(ca_file).encode("ascii")

389

390

391

@pytest.fixture

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

392

def context():

393

"""

394

A simple TLS 1.0 context.

395

"""

396

return Context(TLSv1_METHOD)

397

398

399

class TestContext(object):

Hynek Schlawack

aa86121

2016-03-13 13:53:48 +0100

[diff] [blame]

400

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

401

Unit tests for `OpenSSL.SSL.Context`.

Hynek Schlawack

aa86121

2016-03-13 13:53:48 +0100

[diff] [blame]

402

"""

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

403

@pytest.mark.parametrize("cipher_string", [

404

b"hello world:AES128-SHA",

405

u"hello world:AES128-SHA",

406

])

407

def test_set_cipher_list(self, context, cipher_string):

408

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

409

`Context.set_cipher_list` accepts both byte and unicode strings

Hynek Schlawack

a7a63af

2016-03-11 12:05:26 +0100

[diff] [blame]

410

for naming the ciphers which connections created with the context

411

object will be able to choose from.

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

412

"""

413

context.set_cipher_list(cipher_string)

414

conn = Connection(context, None)

415

416

assert "AES128-SHA" in conn.get_cipher_list()

417

418

@pytest.mark.parametrize("cipher_list,error", [

419

(object(), TypeError),

420

("imaginary-cipher", Error),

421

])

422

def test_set_cipher_list_wrong_args(self, context, cipher_list, error):

423

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

424

`Context.set_cipher_list` raises `TypeError` when passed a non-string

425

argument and raises `OpenSSL.SSL.Error` when passed an incorrect cipher

426

list string.

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

427

"""

428

with pytest.raises(error):

429

context.set_cipher_list(cipher_list)

430

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

431

def test_load_client_ca(self, context, ca_file):

432

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

433

`Context.load_client_ca` works as far as we can tell.

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

434

"""

435

context.load_client_ca(ca_file)

436

437

def test_load_client_ca_invalid(self, context, tmpdir):

438

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

439

`Context.load_client_ca` raises an Error if the ca file is invalid.

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

440

"""

441

ca_file = tmpdir.join("test.pem")

442

ca_file.write("")

443

444

with pytest.raises(Error) as e:

445

context.load_client_ca(str(ca_file).encode("ascii"))

446

447

assert "PEM routines" == e.value.args[0][0][0]

448

449

def test_load_client_ca_unicode(self, context, ca_file):

450

"""

451

Passing the path as unicode raises a warning but works.

452

"""

453

pytest.deprecated_call(

454

context.load_client_ca, ca_file.decode("ascii")

455

)

456

457

def test_set_session_id(self, context):

458

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

459

`Context.set_session_id` works as far as we can tell.

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

460

"""

461

context.set_session_id(b"abc")

462

463

def test_set_session_id_fail(self, context):

464

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

465

`Context.set_session_id` errors are propagated.

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

466

"""

467

with pytest.raises(Error) as e:

468

context.set_session_id(b"abc" * 1000)

assert [

("SSL routines",

"SSL_CTX_set_session_id_context",

473

"ssl session id context too long")

474

] == e.value.args[0]

475

476

def test_set_session_id_unicode(self, context):

477

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

478

`Context.set_session_id` raises a warning if a unicode string is

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

479

passed.

480

"""

481

pytest.deprecated_call(context.set_session_id, u"abc")

482

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

483

def test_method(self):

484

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

485

`Context` can be instantiated with one of `SSLv2_METHOD`,

486

`SSLv3_METHOD`, `SSLv23_METHOD`, `TLSv1_METHOD`, `TLSv1_1_METHOD`,

487

or `TLSv1_2_METHOD`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

488

"""

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

489

methods = [SSLv23_METHOD, TLSv1_METHOD]

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

490

for meth in methods:

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

491

Context(meth)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

492

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

493

maybe = [SSLv2_METHOD, SSLv3_METHOD, TLSv1_1_METHOD, TLSv1_2_METHOD]

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

for meth in maybe:

try:

Context(meth)

except (Error, ValueError):

498

# Some versions of OpenSSL have SSLv2 / TLSv1.1 / TLSv1.2, some

499

# don't. Difficult to say in advance.

500

pass

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

501

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

502

with pytest.raises(TypeError):

503

Context("")

504

with pytest.raises(ValueError):

505

Context(10)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

506

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

507

@skip_if_py3

508

def test_method_long(self):

509

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

510

On Python 2 `Context` accepts values of type `long` as well as `int`.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

511

"""

512

Context(long(TLSv1_METHOD))

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

513

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

514

def test_type(self):

515

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

516

`Context` and `ContextType` refer to the same type object and can

517

be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

518

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

519

assert Context is ContextType

520

assert is_consistent_type(Context, 'Context', TLSv1_METHOD)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

521

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

522

def test_use_privatekey(self):

523

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

524

`Context.use_privatekey` takes an `OpenSSL.crypto.PKey` instance.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

525

"""

526

key = PKey()

527

key.generate_key(TYPE_RSA, 128)

528

ctx = Context(TLSv1_METHOD)

529

ctx.use_privatekey(key)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

530

with pytest.raises(TypeError):

531

ctx.use_privatekey("")

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

532

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

533

def test_use_privatekey_file_missing(self, tmpfile):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

534

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

535

`Context.use_privatekey_file` raises `OpenSSL.SSL.Error` when passed

536

the name of a file which does not exist.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

537

"""

538

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

539

with pytest.raises(Error):

540

ctx.use_privatekey_file(tmpfile)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

541

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

542

def _use_privatekey_file_test(self, pemfile, filetype):

543

"""

544

Verify that calling ``Context.use_privatekey_file`` with the given

545

arguments does not raise an exception.

546

"""

547

key = PKey()

548

key.generate_key(TYPE_RSA, 128)

549

550

with open(pemfile, "wt") as pem:

551

pem.write(

552

dump_privatekey(FILETYPE_PEM, key).decode("ascii")

553

)

554

555

ctx = Context(TLSv1_METHOD)

556

ctx.use_privatekey_file(pemfile, filetype)

557

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

558

def test_use_privatekey_file_bytes(self, tmpfile):

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

559

"""

560

A private key can be specified from a file by passing a ``bytes``

561

instance giving the file name to ``Context.use_privatekey_file``.

562

"""

563

self._use_privatekey_file_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

564

tmpfile + NON_ASCII.encode(getfilesystemencoding()),

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

FILETYPE_PEM,

)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

568

def test_use_privatekey_file_unicode(self, tmpfile):

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

569

"""

570

A private key can be specified from a file by passing a ``unicode``

571

instance giving the file name to ``Context.use_privatekey_file``.

572

"""

573

self._use_privatekey_file_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

574

tmpfile.decode(getfilesystemencoding()) + NON_ASCII,

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

FILETYPE_PEM,

)

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

578

@skip_if_py3

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

579

def test_use_privatekey_file_long(self, tmpfile):

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

580

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

581

On Python 2 `Context.use_privatekey_file` accepts a filetype of

582

type `long` as well as `int`.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

583

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

584

self._use_privatekey_file_test(tmpfile, long(FILETYPE_PEM))

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

585

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

586

def test_use_certificate_wrong_args(self):

587

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

588

`Context.use_certificate_wrong_args` raises `TypeError` when not passed

589

exactly one `OpenSSL.crypto.X509` instance as an argument.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

590

"""

591

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

592

with pytest.raises(TypeError):

593

ctx.use_certificate("hello, world")

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

594

595

def test_use_certificate_uninitialized(self):

596

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

597

`Context.use_certificate` raises `OpenSSL.SSL.Error` when passed a

598

`OpenSSL.crypto.X509` instance which has not been initialized

599

(ie, which does not actually have any certificate data).

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

600

"""

601

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

602

with pytest.raises(Error):

603

ctx.use_certificate(X509())

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

604

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

605

def test_use_certificate(self):

606

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

607

`Context.use_certificate` sets the certificate which will be

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

608

used to identify connections created using the context.

609

"""

610

# TODO

611

# Hard to assert anything. But we could set a privatekey then ask

612

# OpenSSL if the cert and key agree using check_privatekey. Then as

613

# long as check_privatekey works right we're good...

614

ctx = Context(TLSv1_METHOD)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

615

ctx.use_certificate(

616

load_certificate(FILETYPE_PEM, cleartextCertificatePEM)

617

)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

618

619

def test_use_certificate_file_wrong_args(self):

620

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

621

`Context.use_certificate_file` raises `TypeError` if the first

622

argument is not a byte string or the second argument is not an integer.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

623

"""

624

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

625

with pytest.raises(TypeError):

626

ctx.use_certificate_file(object(), FILETYPE_PEM)

627

with pytest.raises(TypeError):

628

ctx.use_certificate_file(b"somefile", object())

629

with pytest.raises(TypeError):

630

ctx.use_certificate_file(object(), FILETYPE_PEM)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

631

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

632

def test_use_certificate_file_missing(self, tmpfile):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

633

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

634

`Context.use_certificate_file` raises `OpenSSL.SSL.Error` if passed

635

the name of a file which does not exist.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

636

"""

637

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

638

with pytest.raises(Error):

639

ctx.use_certificate_file(tmpfile)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

640

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

641

def _use_certificate_file_test(self, certificate_file):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

642

"""

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

643

Verify that calling ``Context.use_certificate_file`` with the given

644

filename doesn't raise an exception.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

645

"""

646

# TODO

647

# Hard to assert anything. But we could set a privatekey then ask

648

# OpenSSL if the cert and key agree using check_privatekey. Then as

649

# long as check_privatekey works right we're good...

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

650

with open(certificate_file, "wb") as pem_file:

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

651

pem_file.write(cleartextCertificatePEM)

652

653

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

654

ctx.use_certificate_file(certificate_file)

655

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

656

def test_use_certificate_file_bytes(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

657

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

658

`Context.use_certificate_file` sets the certificate (given as a

659

`bytes` filename) which will be used to identify connections created

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

660

using the context.

661

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

662

filename = tmpfile + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

663

self._use_certificate_file_test(filename)

664

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

665

def test_use_certificate_file_unicode(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

666

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

667

`Context.use_certificate_file` sets the certificate (given as a

668

`bytes` filename) which will be used to identify connections created

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

669

using the context.

670

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

671

filename = tmpfile.decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

672

self._use_certificate_file_test(filename)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

673

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

674

@skip_if_py3

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

675

def test_use_certificate_file_long(self, tmpfile):

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

676

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

677

On Python 2 `Context.use_certificate_file` accepts a

678

filetype of type `long` as well as `int`.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

679

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

680

pem_filename = tmpfile

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

681

with open(pem_filename, "wb") as pem_file:

682

pem_file.write(cleartextCertificatePEM)

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

683

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

684

ctx = Context(TLSv1_METHOD)

685

ctx.use_certificate_file(pem_filename, long(FILETYPE_PEM))

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

686

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

687

def test_check_privatekey_valid(self):

688

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

689

`Context.check_privatekey` returns `None` if the `Context` instance

690

has been configured to use a matched key and certificate pair.

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

691

"""

692

key = load_privatekey(FILETYPE_PEM, client_key_pem)

693

cert = load_certificate(FILETYPE_PEM, client_cert_pem)

694

context = Context(TLSv1_METHOD)

695

context.use_privatekey(key)

696

context.use_certificate(cert)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

697

assert None is context.check_privatekey()

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

698

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

699

def test_check_privatekey_invalid(self):

700

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

701

`Context.check_privatekey` raises `Error` if the `Context` instance

702

has been configured to use a key and certificate pair which don't

703

relate to each other.

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

704

"""

705

key = load_privatekey(FILETYPE_PEM, client_key_pem)

706

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

707

context = Context(TLSv1_METHOD)

708

context.use_privatekey(key)

709

context.use_certificate(cert)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

710

with pytest.raises(Error):

711

context.check_privatekey()

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

712

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

713

def test_app_data(self):

714

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

715

`Context.set_app_data` stores an object for later retrieval

716

using `Context.get_app_data`.

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

717

"""

718

app_data = object()

719

context = Context(TLSv1_METHOD)

720

context.set_app_data(app_data)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

721

assert context.get_app_data() is app_data

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

722

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

723

def test_set_options_wrong_args(self):

724

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

725

`Context.set_options` raises `TypeError` if called with

726

a non-`int` argument.

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

727

"""

728

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

729

with pytest.raises(TypeError):

730

context.set_options(None)

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

731

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

732

def test_set_options(self):

733

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

734

`Context.set_options` returns the new options value.

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

735

"""

736

context = Context(TLSv1_METHOD)

737

options = context.set_options(OP_NO_SSLv2)

Alex Gaynor

2310f8b

2016-09-10 14:39:32 -0400

[diff] [blame]

738

assert options & OP_NO_SSLv2 == OP_NO_SSLv2

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

739

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

740

@skip_if_py3

741

def test_set_options_long(self):

742

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

743

On Python 2 `Context.set_options` accepts values of type

744

`long` as well as `int`.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

745

"""

746

context = Context(TLSv1_METHOD)

747

options = context.set_options(long(OP_NO_SSLv2))

Alex Gaynor

2310f8b

2016-09-10 14:39:32 -0400

[diff] [blame]

748

assert options & OP_NO_SSLv2 == OP_NO_SSLv2

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

749

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

750

def test_set_mode_wrong_args(self):

751

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

752

`Context.set_mode` raises `TypeError` if called with

753

a non-`int` argument.

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

754

"""

755

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

756

with pytest.raises(TypeError):

757

context.set_mode(None)

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

758

Alex Gaynor

2016-07-31 10:54:24 -0400

[diff] [blame]

759

def test_set_mode(self):

760

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

761

`Context.set_mode` accepts a mode bitvector and returns the

Alex Gaynor

2016-07-31 10:54:24 -0400

[diff] [blame]

762

newly set mode.

763

"""

764

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

765

assert MODE_RELEASE_BUFFERS & context.set_mode(MODE_RELEASE_BUFFERS)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

766

Alex Gaynor

2016-07-31 10:54:24 -0400

[diff] [blame]

767

@skip_if_py3

768

def test_set_mode_long(self):

769

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

770

On Python 2 `Context.set_mode` accepts values of type `long` as well

771

as `int`.

Alex Gaynor

2016-07-31 10:54:24 -0400

[diff] [blame]

772

"""

773

context = Context(TLSv1_METHOD)

774

mode = context.set_mode(long(MODE_RELEASE_BUFFERS))

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

775

assert MODE_RELEASE_BUFFERS & mode

Jean-Paul Calderone

0222a49

2011-09-08 18:26:03 -0400

[diff] [blame]

776

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

777

def test_set_timeout_wrong_args(self):

778

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

779

`Context.set_timeout` raises `TypeError` if called with

780

a non-`int` argument.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

781

"""

782

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

783

with pytest.raises(TypeError):

784

context.set_timeout(None)

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

785

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

786

def test_timeout(self):

787

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

788

`Context.set_timeout` sets the session timeout for all connections

789

created using the context object. `Context.get_timeout` retrieves

790

this value.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

791

"""

792

context = Context(TLSv1_METHOD)

793

context.set_timeout(1234)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

794

assert context.get_timeout() == 1234

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

795

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

796

@skip_if_py3

797

def test_timeout_long(self):

798

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

799

On Python 2 `Context.set_timeout` accepts values of type `long` as

800

well as int.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

801

"""

802

context = Context(TLSv1_METHOD)

803

context.set_timeout(long(1234))

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

804

assert context.get_timeout() == 1234

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

805

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

806

def test_set_verify_depth_wrong_args(self):

807

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

808

`Context.set_verify_depth` raises `TypeError` if called with a

809

non-`int` argument.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

810

"""

811

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

812

with pytest.raises(TypeError):

813

context.set_verify_depth(None)

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

814

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

815

def test_verify_depth(self):

816

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

817

`Context.set_verify_depth` sets the number of certificates in

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

818

a chain to follow before giving up. The value can be retrieved with

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

819

`Context.get_verify_depth`.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

820

"""

821

context = Context(TLSv1_METHOD)

822

context.set_verify_depth(11)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

823

assert context.get_verify_depth() == 11

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

824

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

825

@skip_if_py3

826

def test_verify_depth_long(self):

827

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

828

On Python 2 `Context.set_verify_depth` accepts values of type `long`

829

as well as int.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

830

"""

831

context = Context(TLSv1_METHOD)

832

context.set_verify_depth(long(11))

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

833

assert context.get_verify_depth() == 11

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

834

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

835

def _write_encrypted_pem(self, passphrase, tmpfile):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

836

"""

837

Write a new private key out to a new file, encrypted using the given

838

passphrase. Return the path to the new file.

839

"""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

840

key = PKey()

841

key.generate_key(TYPE_RSA, 128)

Jean-Paul Calderone

a986883

2010-08-22 21:38:34 -0400

[diff] [blame]

842

pem = dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

843

with open(tmpfile, 'w') as fObj:

844

fObj.write(pem.decode('ascii'))

845

return tmpfile

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

846

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

847

def test_set_passwd_cb_wrong_args(self):

848

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

849

`Context.set_passwd_cb` raises `TypeError` if called with a

850

non-callable first argument.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

851

"""

852

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

853

with pytest.raises(TypeError):

854

context.set_passwd_cb(None)

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

855

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

856

def test_set_passwd_cb(self, tmpfile):

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

857

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

858

`Context.set_passwd_cb` accepts a callable which will be invoked when

859

a private key is loaded from an encrypted PEM.

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

860

"""

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

861

passphrase = b"foobar"

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

862

pemFile = self._write_encrypted_pem(passphrase, tmpfile)

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

863

calledWith = []

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

864

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

865

def passphraseCallback(maxlen, verify, extra):

866

calledWith.append((maxlen, verify, extra))

867

return passphrase

868

context = Context(TLSv1_METHOD)

869

context.set_passwd_cb(passphraseCallback)

870

context.use_privatekey_file(pemFile)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

871

assert len(calledWith) == 1

872

assert isinstance(calledWith[0][0], int)

873

assert isinstance(calledWith[0][1], int)

874

assert calledWith[0][2] is None

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

875

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

876

def test_passwd_callback_exception(self, tmpfile):

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

877

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

878

`Context.use_privatekey_file` propagates any exception raised

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

879

by the passphrase callback.

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

880

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

881

pemFile = self._write_encrypted_pem(b"monkeys are nice", tmpfile)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

882

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

883

def passphraseCallback(maxlen, verify, extra):

884

raise RuntimeError("Sorry, I am a fail.")

885

886

context = Context(TLSv1_METHOD)

887

context.set_passwd_cb(passphraseCallback)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

888

with pytest.raises(RuntimeError):

889

context.use_privatekey_file(pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

890

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

891

def test_passwd_callback_false(self, tmpfile):

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

892

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

893

`Context.use_privatekey_file` raises `OpenSSL.SSL.Error` if the

894

passphrase callback returns a false value.

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

895

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

896

pemFile = self._write_encrypted_pem(b"monkeys are nice", tmpfile)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

897

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

898

def passphraseCallback(maxlen, verify, extra):

Jean-Paul Calderone

4f0467a

2014-01-11 11:58:41 -0500

[diff] [blame]

899

return b""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

900

901

context = Context(TLSv1_METHOD)

902

context.set_passwd_cb(passphraseCallback)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

903

with pytest.raises(Error):

904

context.use_privatekey_file(pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

905

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

906

def test_passwd_callback_non_string(self, tmpfile):

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

907

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

908

`Context.use_privatekey_file` raises `OpenSSL.SSL.Error` if the

909

passphrase callback returns a true non-string value.

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

910

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

911

pemFile = self._write_encrypted_pem(b"monkeys are nice", tmpfile)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

912

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

913

def passphraseCallback(maxlen, verify, extra):

914

return 10

915

916

context = Context(TLSv1_METHOD)

917

context.set_passwd_cb(passphraseCallback)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

918

# TODO: Surely this is the wrong error?

919

with pytest.raises(ValueError):

920

context.use_privatekey_file(pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

921

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

922

def test_passwd_callback_too_long(self, tmpfile):

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

923

"""

924

If the passphrase returned by the passphrase callback returns a string

925

longer than the indicated maximum length, it is truncated.

926

"""

927

# A priori knowledge!

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

928

passphrase = b"x" * 1024

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

929

pemFile = self._write_encrypted_pem(passphrase, tmpfile)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

930

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

931

def passphraseCallback(maxlen, verify, extra):

932

assert maxlen == 1024

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

933

return passphrase + b"y"

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

934

935

context = Context(TLSv1_METHOD)

936

context.set_passwd_cb(passphraseCallback)

937

# This shall succeed because the truncated result is the correct

938

# passphrase.

939

context.use_privatekey_file(pemFile)

940

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

941

def test_set_info_callback(self):

942

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

943

`Context.set_info_callback` accepts a callable which will be

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

944

invoked when certain information about an SSL connection is available.

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

945

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

946

(server, client) = socket_pair()

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

947

948

clientSSL = Connection(Context(TLSv1_METHOD), client)

949

clientSSL.set_connect_state()

950

951

called = []

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

952

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

953

def info(conn, where, ret):

954

called.append((conn, where, ret))

955

context = Context(TLSv1_METHOD)

956

context.set_info_callback(info)

957

context.use_certificate(

958

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

959

context.use_privatekey(

960

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

961

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

962

serverSSL = Connection(context, server)

963

serverSSL.set_accept_state()

964

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

965

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

966

Jean-Paul Calderone

3835e52

2014-02-02 11:12:30 -0500

[diff] [blame]

967

# The callback must always be called with a Connection instance as the

968

# first argument. It would probably be better to split this into

969

# separate tests for client and server side info callbacks so we could

970

# assert it is called with the right Connection instance. It would

971

# also be good to assert *something* about `where` and `ret`.

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

972

notConnections = [

973

conn for (conn, where, ret) in called

974

if not isinstance(conn, Connection)]

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

975

assert [] == notConnections, (

976

"Some info callback arguments were not Connection instances.")

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

977

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

978

def _load_verify_locations_test(self, *args):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

979

"""

980

Create a client context which will verify the peer certificate and call

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

981

its `load_verify_locations` method with the given arguments.

Jean-Paul Calderone

64efa2c

2011-09-11 10:00:09 -0400

[diff] [blame]

982

Then connect it to a server and ensure that the handshake succeeds.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

983

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

984

(server, client) = socket_pair()

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

985

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

986

clientContext = Context(TLSv1_METHOD)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

987

clientContext.load_verify_locations(*args)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

988

# Require that the server certificate verify properly or the

989

# connection will fail.

990

clientContext.set_verify(

991

VERIFY_PEER,

992

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

993

994

clientSSL = Connection(clientContext, client)

995

clientSSL.set_connect_state()

996

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

997

serverContext = Context(TLSv1_METHOD)

998

serverContext.use_certificate(

999

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1000

serverContext.use_privatekey(

1001

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1002

1003

serverSSL = Connection(serverContext, server)

1004

serverSSL.set_accept_state()

1005

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

1006

# Without load_verify_locations above, the handshake

1007

# will fail:

1008

# Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',

1009

# 'certificate verify failed')]

1010

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1011

1012

cert = clientSSL.get_peer_certificate()

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1013

assert cert.get_subject().CN == 'Testing Root CA'

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

1014

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1015

def _load_verify_cafile(self, cafile):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1016

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1017

Verify that if path to a file containing a certificate is passed to

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1018

`Context.load_verify_locations` for the ``cafile`` parameter, that

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1019

certificate is used as a trust root for the purposes of verifying

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1020

connections created using that `Context`.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1021

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1022

with open(cafile, 'w') as fObj:

1023

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1024

1025

self._load_verify_locations_test(cafile)

1026

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1027

def test_load_verify_bytes_cafile(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1028

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1029

`Context.load_verify_locations` accepts a file name as a `bytes`

1030

instance and uses the certificates within for verification purposes.

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1031

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1032

cafile = tmpfile + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1033

self._load_verify_cafile(cafile)

1034

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1035

def test_load_verify_unicode_cafile(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1036

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1037

`Context.load_verify_locations` accepts a file name as a `unicode`

1038

instance and uses the certificates within for verification purposes.

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1039

"""

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1040

self._load_verify_cafile(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1041

tmpfile.decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1042

)

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1043

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1044

def test_load_verify_invalid_file(self, tmpfile):

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

1045

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1046

`Context.load_verify_locations` raises `Error` when passed a

1047

non-existent cafile.

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

1048

"""

1049

clientContext = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1050

with pytest.raises(Error):

1051

clientContext.load_verify_locations(tmpfile)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1052

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1053

def _load_verify_directory_locations_capath(self, capath):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1054

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1055

Verify that if path to a directory containing certificate files is

1056

passed to ``Context.load_verify_locations`` for the ``capath``

1057

parameter, those certificates are used as trust roots for the purposes

1058

of verifying connections created using that ``Context``.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1059

"""

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1060

makedirs(capath)

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

1061

# Hash values computed manually with c_rehash to avoid depending on

1062

# c_rehash in the test suite. One is from OpenSSL 0.9.8, the other

1063

# from OpenSSL 1.0.0.

Jean-Paul Calderone

4f0467a

2014-01-11 11:58:41 -0500

[diff] [blame]

1064

for name in [b'c7adac82.0', b'c3705638.0']:

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

1065

cafile = join_bytes_or_unicode(capath, name)

1066

with open(cafile, 'w') as fObj:

1067

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1068

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1069

self._load_verify_locations_test(None, capath)

1070

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1071

def test_load_verify_directory_bytes_capath(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1072

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1073

`Context.load_verify_locations` accepts a directory name as a `bytes`

1074

instance and uses the certificates within for verification purposes.

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1075

"""

1076

self._load_verify_directory_locations_capath(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1077

tmpfile + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1078

)

1079

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1080

def test_load_verify_directory_unicode_capath(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1081

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1082

`Context.load_verify_locations` accepts a directory name as a `unicode`

1083

instance and uses the certificates within for verification purposes.

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1084

"""

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1085

self._load_verify_directory_locations_capath(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1086

tmpfile.decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1087

)

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1088

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1089

def test_load_verify_locations_wrong_args(self):

1090

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1091

`Context.load_verify_locations` raises `TypeError` if with non-`str`

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

1092

arguments.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1093

"""

1094

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1095

with pytest.raises(TypeError):

1096

context.load_verify_locations(object())

1097

with pytest.raises(TypeError):

1098

context.load_verify_locations(object(), object())

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1099

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1100

@pytest.mark.skipif(

1101

platform == "win32",

1102

reason="set_default_verify_paths appears not to work on Windows. "

Jean-Paul Calderone

28fb8f0

2009-07-24 18:01:31 -0400

[diff] [blame]

1103

"See LP#404343 and LP#404344."

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1104

)

1105

def test_set_default_verify_paths(self):

1106

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1107

`Context.set_default_verify_paths` causes the platform-specific CA

1108

certificate locations to be used for verification purposes.

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1109

"""

1110

# Testing this requires a server with a certificate signed by one

1111

# of the CAs in the platform CA location. Getting one of those

1112

# costs money. Fortunately (or unfortunately, depending on your

1113

# perspective), it's easy to think of a public server on the

1114

# internet which has such a certificate. Connecting to the network

1115

# in a unit test is bad, but it's the only way I can think of to

1116

# really test this. -exarkun

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1117

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1118

# Arg, verisign.com doesn't speak anything newer than TLS 1.0

Hynek Schlawack

bf88793

2015-10-21 17:13:47 +0200

[diff] [blame]

1119

context = Context(SSLv23_METHOD)

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1120

context.set_default_verify_paths()

1121

context.set_verify(

1122

VERIFY_PEER,

1123

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1124

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1125

client = socket()

Hynek Schlawack

bf88793

2015-10-21 17:13:47 +0200

[diff] [blame]

1126

client.connect(("encrypted.google.com", 443))

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1127

clientSSL = Connection(context, client)

1128

clientSSL.set_connect_state()

1129

clientSSL.do_handshake()

1130

clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1131

assert clientSSL.recv(1024)

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

1132

Jean-Paul Calderone

12608a8

2009-11-07 10:35:15 -0500

[diff] [blame]

1133

def test_add_extra_chain_cert_invalid_cert(self):

1134

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1135

`Context.add_extra_chain_cert` raises `TypeError` if called with an

1136

object which is not an instance of `X509`.

Jean-Paul Calderone

12608a8

2009-11-07 10:35:15 -0500

[diff] [blame]

1137

"""

1138

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1139

with pytest.raises(TypeError):

1140

context.add_extra_chain_cert(object())

Jean-Paul Calderone

12608a8

2009-11-07 10:35:15 -0500

[diff] [blame]

1141

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1142

def _handshake_test(self, serverContext, clientContext):

1143

"""

1144

Verify that a client and server created with the given contexts can

1145

successfully handshake and communicate.

1146

"""

1147

serverSocket, clientSocket = socket_pair()

1148

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1149

server = Connection(serverContext, serverSocket)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1150

server.set_accept_state()

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1151

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1152

client = Connection(clientContext, clientSocket)

1153

client.set_connect_state()

1154

1155

# Make them talk to each other.

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1156

# interact_in_memory(client, server)

1157

for _ in range(3):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1158

for s in [client, server]:

1159

try:

1160

s.do_handshake()

1161

except WantReadError:

1162

pass

1163

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1164

def test_set_verify_callback_connection_argument(self):

1165

"""

1166

The first argument passed to the verify callback is the

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1167

`Connection` instance for which verification is taking place.

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1168

"""

1169

serverContext = Context(TLSv1_METHOD)

1170

serverContext.use_privatekey(

1171

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1172

serverContext.use_certificate(

1173

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1174

serverConnection = Connection(serverContext, None)

1175

1176

class VerifyCallback(object):

1177

def callback(self, connection, *args):

1178

self.connection = connection

1179

return 1

1180

1181

verify = VerifyCallback()

1182

clientContext = Context(TLSv1_METHOD)

1183

clientContext.set_verify(VERIFY_PEER, verify.callback)

1184

clientConnection = Connection(clientContext, None)

1185

clientConnection.set_connect_state()

1186

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1187

handshake_in_memory(clientConnection, serverConnection)

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1188

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1189

assert verify.connection is clientConnection

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1190

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1191

def test_set_verify_callback_exception(self):

1192

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1193

If the verify callback passed to `Context.set_verify` raises an

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1194

exception, verification fails and the exception is propagated to the

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1195

caller of `Connection.do_handshake`.

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1196

"""

1197

serverContext = Context(TLSv1_METHOD)

1198

serverContext.use_privatekey(

1199

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1200

serverContext.use_certificate(

1201

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1202

1203

clientContext = Context(TLSv1_METHOD)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

1204

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1205

def verify_callback(*args):

1206

raise Exception("silly verify failure")

1207

clientContext.set_verify(VERIFY_PEER, verify_callback)

1208

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

1209

with pytest.raises(Exception) as exc:

1210

self._handshake_test(serverContext, clientContext)

1211

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1212

assert "silly verify failure" == str(exc.value)

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1213

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1214

def test_add_extra_chain_cert(self, tmpdir):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1215

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1216

`Context.add_extra_chain_cert` accepts an `X509`

Hynek Schlawack

4813c0e

2015-04-16 13:38:01 -0400

[diff] [blame]

1217

instance to add to the certificate chain.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1218

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1219

See `_create_certificate_chain` for the details of the

Hynek Schlawack

4813c0e

2015-04-16 13:38:01 -0400

[diff] [blame]

1220

certificate chain tested.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1221

1222

The chain is tested by starting a server with scert and connecting

1223

to it with a client which trusts cacert and requires verification to

1224

succeed.

1225

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1226

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1227

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1228

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1229

# Dump the CA certificate to a file because that's the only way to load

1230

# it as a trusted CA in the client context.

Hynek Schlawack

4813c0e

2015-04-16 13:38:01 -0400

[diff] [blame]

1231

for cert, name in [(cacert, 'ca.pem'),

1232

(icert, 'i.pem'),

1233

(scert, 's.pem')]:

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1234

with tmpdir.join(name).open('w') as f:

Hynek Schlawack

e90680f

2015-04-16 15:09:27 -0400

[diff] [blame]

1235

f.write(dump_certificate(FILETYPE_PEM, cert).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1236

Hynek Schlawack

1902c01

2015-04-16 15:06:41 -0400

[diff] [blame]

1237

for key, name in [(cakey, 'ca.key'),

1238

(ikey, 'i.key'),

1239

(skey, 's.key')]:

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1240

with tmpdir.join(name).open('w') as f:

Hynek Schlawack

e90680f

2015-04-16 15:09:27 -0400

[diff] [blame]

1241

f.write(dump_privatekey(FILETYPE_PEM, key).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1242

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1243

# Create the server context

1244

serverContext = Context(TLSv1_METHOD)

1245

serverContext.use_privatekey(skey)

1246

serverContext.use_certificate(scert)

Jean-Paul Calderone

16cf03d

2010-09-08 18:53:39 -0400

[diff] [blame]

1247

# The client already has cacert, we only need to give them icert.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1248

serverContext.add_extra_chain_cert(icert)

1249

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1250

# Create the client

1251

clientContext = Context(TLSv1_METHOD)

1252

clientContext.set_verify(

1253

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1254

clientContext.load_verify_locations(str(tmpdir.join("ca.pem")))

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1255

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1256

# Try it out.

1257

self._handshake_test(serverContext, clientContext)

1258

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1259

def _use_certificate_chain_file_test(self, certdir):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1260

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1261

Verify that `Context.use_certificate_chain_file` reads a

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1262

certificate chain from a specified file.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1263

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1264

The chain is tested by starting a server with scert and connecting to

1265

it with a client which trusts cacert and requires verification to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1266

succeed.

1267

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1268

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1269

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1270

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1271

makedirs(certdir)

1272

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

1273

chainFile = join_bytes_or_unicode(certdir, "chain.pem")

1274

caFile = join_bytes_or_unicode(certdir, "ca.pem")

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1275

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1276

# Write out the chain file.

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1277

with open(chainFile, 'wb') as fObj:

1278

# Most specific to least general.

1279

fObj.write(dump_certificate(FILETYPE_PEM, scert))

1280

fObj.write(dump_certificate(FILETYPE_PEM, icert))

1281

fObj.write(dump_certificate(FILETYPE_PEM, cacert))

1282

1283

with open(caFile, 'w') as fObj:

1284

fObj.write(dump_certificate(FILETYPE_PEM, cacert).decode('ascii'))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1285

1286

serverContext = Context(TLSv1_METHOD)

1287

serverContext.use_certificate_chain_file(chainFile)

1288

serverContext.use_privatekey(skey)

1289

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1290

clientContext = Context(TLSv1_METHOD)

1291

clientContext.set_verify(

1292

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1293

clientContext.load_verify_locations(caFile)

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1294

1295

self._handshake_test(serverContext, clientContext)

1296

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1297

def test_use_certificate_chain_file_bytes(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1298

"""

1299

``Context.use_certificate_chain_file`` accepts the name of a file (as

1300

an instance of ``bytes``) to specify additional certificates to use to

1301

construct and verify a trust chain.

1302

"""

1303

self._use_certificate_chain_file_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1304

tmpfile + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1305

)

1306

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1307

def test_use_certificate_chain_file_unicode(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1308

"""

1309

``Context.use_certificate_chain_file`` accepts the name of a file (as

1310

an instance of ``unicode``) to specify additional certificates to use

1311

to construct and verify a trust chain.

1312

"""

1313

self._use_certificate_chain_file_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1314

tmpfile.decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1315

)

1316

Jean-Paul Calderone

131052e

2013-03-05 11:56:19 -0800

[diff] [blame]

1317

def test_use_certificate_chain_file_wrong_args(self):

1318

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1319

`Context.use_certificate_chain_file` raises `TypeError` if passed a

1320

non-byte string single argument.

Jean-Paul Calderone

131052e

2013-03-05 11:56:19 -0800

[diff] [blame]

1321

"""

1322

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1323

with pytest.raises(TypeError):

1324

context.use_certificate_chain_file(object())

Jean-Paul Calderone

131052e

2013-03-05 11:56:19 -0800

[diff] [blame]

1325

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1326

def test_use_certificate_chain_file_missing_file(self, tmpfile):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1327

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1328

`Context.use_certificate_chain_file` raises `OpenSSL.SSL.Error` when

1329

passed a bad chain file name (for example, the name of a file which

1330

does not exist).

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1331

"""

1332

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1333

with pytest.raises(Error):

1334

context.use_certificate_chain_file(tmpfile)

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1335

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1336

def test_set_verify_mode(self):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1337

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1338

`Context.get_verify_mode` returns the verify mode flags previously

1339

passed to `Context.set_verify`.

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1340

"""

1341

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1342

assert context.get_verify_mode() == 0

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1343

context.set_verify(

1344

VERIFY_PEER | VERIFY_CLIENT_ONCE, lambda *args: None)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1345

assert context.get_verify_mode() == (VERIFY_PEER | VERIFY_CLIENT_ONCE)

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1346

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1347

@skip_if_py3

1348

def test_set_verify_mode_long(self):

1349

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1350

On Python 2 `Context.set_verify_mode` accepts values of type `long`

1351

as well as `int`.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1352

"""

1353

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1354

assert context.get_verify_mode() == 0

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1355

context.set_verify(

Hynek Schlawack

b4ceed3

2015-09-05 20:55:19 +0200

[diff] [blame]

1356

long(VERIFY_PEER | VERIFY_CLIENT_ONCE), lambda *args: None

1357

) # pragma: nocover

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1358

assert context.get_verify_mode() == (VERIFY_PEER | VERIFY_CLIENT_ONCE)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1359

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1360

def test_load_tmp_dh_wrong_args(self):

1361

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1362

`Context.load_tmp_dh` raises `TypeError` if called with a

1363

non-`str` argument.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1364

"""

1365

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1366

with pytest.raises(TypeError):

1367

context.load_tmp_dh(object())

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1368

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1369

def test_load_tmp_dh_missing_file(self):

1370

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1371

`Context.load_tmp_dh` raises `OpenSSL.SSL.Error` if the

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

1372

specified file does not exist.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1373

"""

1374

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1375

with pytest.raises(Error):

1376

context.load_tmp_dh(b"hello")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1377

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1378

def _load_tmp_dh_test(self, dhfilename):

Jean-Paul Calderone

4e0c43f

2015-04-13 10:15:17 -0400

[diff] [blame]

1379

"""

1380

Verify that calling ``Context.load_tmp_dh`` with the given filename

1381

does not raise an exception.

1382

"""

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1383

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1384

with open(dhfilename, "w") as dhfile:

1385

dhfile.write(dhparam)

1386

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1387

context.load_tmp_dh(dhfilename)

1388

# XXX What should I assert here? -exarkun

1389

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1390

def test_load_tmp_dh_bytes(self, tmpfile):

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1391

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1392

`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1393

specified file (given as ``bytes``).

1394

"""

1395

self._load_tmp_dh_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1396

tmpfile + NON_ASCII.encode(getfilesystemencoding()),

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1397

)

1398

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1399

def test_load_tmp_dh_unicode(self, tmpfile):

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1400

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1401

`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1402

specified file (given as ``unicode``).

1403

"""

1404

self._load_tmp_dh_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1405

tmpfile.decode(getfilesystemencoding()) + NON_ASCII,

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1406

)

1407

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1408

def test_set_tmp_ecdh(self):

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1409

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1410

`Context.set_tmp_ecdh` sets the elliptic curve for Diffie-Hellman to

1411

the specified curve.

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1412

"""

1413

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1414

for curve in get_elliptic_curves():

Hynek Schlawack

a07fa8c

2015-10-17 10:15:28 +0200

[diff] [blame]

1415

if curve.name.startswith(u"Oakley-"):

Hynek Schlawack

7408aff

2015-10-17 09:51:16 +0200

[diff] [blame]

1416

# Setting Oakley-EC2N-4 and Oakley-EC2N-3 adds

1417

# ('bignum routines', 'BN_mod_inverse', 'no inverse') to the

1418

# error queue on OpenSSL 1.0.2.

1419

continue

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1420

# The only easily "assertable" thing is that it does not raise an

1421

# exception.

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1422

context.set_tmp_ecdh(curve)

Alex Gaynor

12dc084

2014-01-17 12:51:31 -0600

[diff] [blame]

1423

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1424

def test_set_session_cache_mode_wrong_args(self):

1425

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1426

`Context.set_session_cache_mode` raises `TypeError` if called with

1427

a non-integer argument.

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1428

called with other than one integer argument.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1429

"""

1430

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1431

with pytest.raises(TypeError):

1432

context.set_session_cache_mode(object())

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1433

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1434

def test_session_cache_mode(self):

1435

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1436

`Context.set_session_cache_mode` specifies how sessions are cached.

1437

The setting can be retrieved via `Context.get_session_cache_mode`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1438

"""

1439

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1440

context.set_session_cache_mode(SESS_CACHE_OFF)

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1441

off = context.set_session_cache_mode(SESS_CACHE_BOTH)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1442

assert SESS_CACHE_OFF == off

1443

assert SESS_CACHE_BOTH == context.get_session_cache_mode()

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1444

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1445

@skip_if_py3

1446

def test_session_cache_mode_long(self):

1447

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1448

On Python 2 `Context.set_session_cache_mode` accepts values

1449

of type `long` as well as `int`.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1450

"""

1451

context = Context(TLSv1_METHOD)

1452

context.set_session_cache_mode(long(SESS_CACHE_BOTH))

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1453

assert SESS_CACHE_BOTH == context.get_session_cache_mode()

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1454

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1455

def test_get_cert_store(self):

1456

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1457

`Context.get_cert_store` returns a `X509Store` instance.

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1458

"""

1459

context = Context(TLSv1_METHOD)

1460

store = context.get_cert_store()

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1461

assert isinstance(store, X509Store)

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1462

1463

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1464

class TestServerNameCallback(object):

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1465

"""

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1466

Tests for `Context.set_tlsext_servername_callback` and its

1467

interaction with `Connection`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1468

"""

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1469

def test_old_callback_forgotten(self):

1470

"""

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1471

If `Context.set_tlsext_servername_callback` is used to specify

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1472

a new callback, the one it replaces is dereferenced.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1473

"""

1474

def callback(connection):

1475

pass

1476

1477

def replacement(connection):

1478

pass

1479

1480

context = Context(TLSv1_METHOD)

1481

context.set_tlsext_servername_callback(callback)

1482

1483

tracker = ref(callback)

1484

del callback

1485

1486

context.set_tlsext_servername_callback(replacement)

Jean-Paul Calderone

d4033eb

2014-01-11 08:21:46 -0500

[diff] [blame]

1487

1488

# One run of the garbage collector happens to work on CPython. PyPy

1489

# doesn't collect the underlying object until a second run for whatever

1490

# reason. That's fine, it still demonstrates our code has properly

1491

# dropped the reference.

1492

collect()

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1493

collect()

Jean-Paul Calderone

4c1aacd

2014-01-11 08:15:17 -0500

[diff] [blame]

1494

1495

callback = tracker()

1496

if callback is not None:

1497

referrers = get_referrers(callback)

Jean-Paul Calderone

7de3956

2014-01-11 08:17:59 -0500

[diff] [blame]

1498

if len(referrers) > 1:

Jean-Paul Calderone

4c1aacd

2014-01-11 08:15:17 -0500

[diff] [blame]

1499

self.fail("Some references remain: %r" % (referrers,))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1500

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1501

def test_no_servername(self):

1502

"""

1503

When a client specifies no server name, the callback passed to

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1504

`Context.set_tlsext_servername_callback` is invoked and the

1505

result of `Connection.get_servername` is `None`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1506

"""

1507

args = []

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1508

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1509

def servername(conn):

1510

args.append((conn, conn.get_servername()))

1511

context = Context(TLSv1_METHOD)

1512

context.set_tlsext_servername_callback(servername)

1513

1514

# Lose our reference to it. The Context is responsible for keeping it

# alive now.

del servername

collect()

# Necessary to actually accept the connection

1520

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1521

context.use_certificate(

1522

load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1523

1524

# Do a little connection to trigger the logic

1525

server = Connection(context, None)

1526

server.set_accept_state()

1527

1528

client = Connection(Context(TLSv1_METHOD), None)

1529

client.set_connect_state()

1530

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1531

interact_in_memory(server, client)

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1532

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1533

assert args == [(server, None)]

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1534

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1535

def test_servername(self):

1536

"""

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1537

When a client specifies a server name in its hello message, the

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1538

callback passed to `Contexts.set_tlsext_servername_callback` is

1539

invoked and the result of `Connection.get_servername` is that

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1540

server name.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1541

"""

1542

args = []

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1543

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1544

def servername(conn):

1545

args.append((conn, conn.get_servername()))

1546

context = Context(TLSv1_METHOD)

1547

context.set_tlsext_servername_callback(servername)

1548

1549

# Necessary to actually accept the connection

1550

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1551

context.use_certificate(

1552

load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1553

1554

# Do a little connection to trigger the logic

1555

server = Connection(context, None)

1556

server.set_accept_state()

1557

1558

client = Connection(Context(TLSv1_METHOD), None)

1559

client.set_connect_state()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

1560

client.set_tlsext_host_name(b"foo1.example.com")

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1561

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1562

interact_in_memory(server, client)

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1563

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1564

assert args == [(server, b"foo1.example.com")]

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1565

1566

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1567

class TestNextProtoNegotiation(object):

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1568

"""

1569

Test for Next Protocol Negotiation in PyOpenSSL.

1570

"""

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1571

def test_npn_success(self):

1572

"""

1573

Tests that clients and servers that agree on the negotiated next

1574

protocol can correct establish a connection, and that the agreed

1575

protocol is reported by the connections.

"""

advertise_args = []

select_args = []

def advertise(conn):

advertise_args.append((conn,))

1582

return [b'http/1.1', b'spdy/2']

1583

1584

def select(conn, options):

1585

select_args.append((conn, options))

1586

return b'spdy/2'

1587

1588

server_context = Context(TLSv1_METHOD)

1589

server_context.set_npn_advertise_callback(advertise)

1590

1591

client_context = Context(TLSv1_METHOD)

1592

client_context.set_npn_select_callback(select)

1593

1594

# Necessary to actually accept the connection

1595

server_context.use_privatekey(

1596

load_privatekey(FILETYPE_PEM, server_key_pem))

1597

server_context.use_certificate(

1598

load_certificate(FILETYPE_PEM, server_cert_pem))

1599

1600

# Do a little connection to trigger the logic

1601

server = Connection(server_context, None)

1602

server.set_accept_state()

1603

1604

client = Connection(client_context, None)

1605

client.set_connect_state()

1606

1607

interact_in_memory(server, client)

1608

1609

assert advertise_args == [(server,)]

1610

assert select_args == [(client, [b'http/1.1', b'spdy/2'])]

1611

1612

assert server.get_next_proto_negotiated() == b'spdy/2'

1613

assert client.get_next_proto_negotiated() == b'spdy/2'

1614

1615

def test_npn_client_fail(self):

1616

"""

1617

Tests that when clients and servers cannot agree on what protocol

1618

to use next that the TLS connection does not get established.

"""

advertise_args = []

select_args = []

def advertise(conn):

advertise_args.append((conn,))

1625

return [b'http/1.1', b'spdy/2']

1626

1627

def select(conn, options):

1628

select_args.append((conn, options))

1629

return b''

1630

1631

server_context = Context(TLSv1_METHOD)

1632

server_context.set_npn_advertise_callback(advertise)

1633

1634

client_context = Context(TLSv1_METHOD)

1635

client_context.set_npn_select_callback(select)

1636

1637

# Necessary to actually accept the connection

1638

server_context.use_privatekey(

1639

load_privatekey(FILETYPE_PEM, server_key_pem))

1640

server_context.use_certificate(

1641

load_certificate(FILETYPE_PEM, server_cert_pem))

1642

1643

# Do a little connection to trigger the logic

1644

server = Connection(server_context, None)

1645

server.set_accept_state()

1646

1647

client = Connection(client_context, None)

1648

client.set_connect_state()

1649

1650

# If the client doesn't return anything, the connection will fail.

1651

with pytest.raises(Error):

1652

interact_in_memory(server, client)

1653

1654

assert advertise_args == [(server,)]

1655

assert select_args == [(client, [b'http/1.1', b'spdy/2'])]

1656

1657

def test_npn_select_error(self):

1658

"""

1659

Test that we can handle exceptions in the select callback. If

1660

select fails it should be fatal to the connection.

"""

advertise_args = []

def advertise(conn):

advertise_args.append((conn,))

1666

return [b'http/1.1', b'spdy/2']

1667

1668

def select(conn, options):

1669

raise TypeError

1670

1671

server_context = Context(TLSv1_METHOD)

1672

server_context.set_npn_advertise_callback(advertise)

1673

1674

client_context = Context(TLSv1_METHOD)

1675

client_context.set_npn_select_callback(select)

1676

1677

# Necessary to actually accept the connection

1678

server_context.use_privatekey(

1679

load_privatekey(FILETYPE_PEM, server_key_pem))

1680

server_context.use_certificate(

1681

load_certificate(FILETYPE_PEM, server_cert_pem))

1682

1683

# Do a little connection to trigger the logic

1684

server = Connection(server_context, None)

1685

server.set_accept_state()

1686

1687

client = Connection(client_context, None)

1688

client.set_connect_state()

1689

1690

# If the callback throws an exception it should be raised here.

1691

with pytest.raises(TypeError):

1692

interact_in_memory(server, client)

1693

assert advertise_args == [(server,), ]

1694

1695

def test_npn_advertise_error(self):

1696

"""

1697

Test that we can handle exceptions in the advertise callback. If

1698

advertise fails no NPN is advertised to the client.

"""

select_args = []

def advertise(conn):

raise TypeError

def select(conn, options): # pragma: nocover

Cory Benfield

ba1820d

2015-04-13 17:39:12 -0400

[diff] [blame]

1706

"""

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1707

Assert later that no args are actually appended.

Cory Benfield

ba1820d

2015-04-13 17:39:12 -0400

[diff] [blame]

1708

"""

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1709

select_args.append((conn, options))

1710

return b''

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1711

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1712

server_context = Context(TLSv1_METHOD)

1713

server_context.set_npn_advertise_callback(advertise)

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1714

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1715

client_context = Context(TLSv1_METHOD)

1716

client_context.set_npn_select_callback(select)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1717

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1718

# Necessary to actually accept the connection

1719

server_context.use_privatekey(

1720

load_privatekey(FILETYPE_PEM, server_key_pem))

1721

server_context.use_certificate(

1722

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1723

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1724

# Do a little connection to trigger the logic

1725

server = Connection(server_context, None)

1726

server.set_accept_state()

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1727

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1728

client = Connection(client_context, None)

1729

client.set_connect_state()

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1730

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1731

# If the client doesn't return anything, the connection will fail.

1732

with pytest.raises(TypeError):

1733

interact_in_memory(server, client)

1734

assert select_args == []

Cory Benfield

0ea76e7

2015-03-22 09:05:28 +0000

[diff] [blame]

1735

1736

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1737

class TestApplicationLayerProtoNegotiation(object):

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1738

"""

1739

Tests for ALPN in PyOpenSSL.

1740

"""

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1741

# Skip tests on versions that don't support ALPN.

1742

if _lib.Cryptography_HAS_ALPN:

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1743

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1744

def test_alpn_success(self):

1745

"""

Cory Benfield

2015-04-13 18:12:53 -0400

[diff] [blame]

1746

Clients and servers that agree on the negotiated ALPN protocol can

1747

correct establish a connection, and the agreed protocol is reported

1748

by the connections.

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1749

"""

1750

select_args = []

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1751

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1752

def select(conn, options):

1753

select_args.append((conn, options))

1754

return b'spdy/2'

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1755

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1756

client_context = Context(TLSv1_METHOD)

1757

client_context.set_alpn_protos([b'http/1.1', b'spdy/2'])

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1758

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1759

server_context = Context(TLSv1_METHOD)

1760

server_context.set_alpn_select_callback(select)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1761

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1762

# Necessary to actually accept the connection

1763

server_context.use_privatekey(

1764

load_privatekey(FILETYPE_PEM, server_key_pem))

1765

server_context.use_certificate(

1766

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1767

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1768

# Do a little connection to trigger the logic

1769

server = Connection(server_context, None)

1770

server.set_accept_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1771

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1772

client = Connection(client_context, None)

1773

client.set_connect_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1774

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1775

interact_in_memory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1776

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1777

assert select_args == [(server, [b'http/1.1', b'spdy/2'])]

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1778

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1779

assert server.get_alpn_proto_negotiated() == b'spdy/2'

1780

assert client.get_alpn_proto_negotiated() == b'spdy/2'

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1781

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1782

def test_alpn_set_on_connection(self):

1783

"""

1784

The same as test_alpn_success, but setting the ALPN protocols on

1785

the connection rather than the context.

1786

"""

1787

select_args = []

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1788

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1789

def select(conn, options):

1790

select_args.append((conn, options))

1791

return b'spdy/2'

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1792

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1793

# Setup the client context but don't set any ALPN protocols.

1794

client_context = Context(TLSv1_METHOD)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1795

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1796

server_context = Context(TLSv1_METHOD)

1797

server_context.set_alpn_select_callback(select)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1798

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1799

# Necessary to actually accept the connection

1800

server_context.use_privatekey(

1801

load_privatekey(FILETYPE_PEM, server_key_pem))

1802

server_context.use_certificate(

1803

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1804

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1805

# Do a little connection to trigger the logic

1806

server = Connection(server_context, None)

1807

server.set_accept_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1808

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1809

# Set the ALPN protocols on the client connection.

1810

client = Connection(client_context, None)

1811

client.set_alpn_protos([b'http/1.1', b'spdy/2'])

1812

client.set_connect_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1813

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1814

interact_in_memory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1815

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1816

assert select_args == [(server, [b'http/1.1', b'spdy/2'])]

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1817

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1818

assert server.get_alpn_proto_negotiated() == b'spdy/2'

1819

assert client.get_alpn_proto_negotiated() == b'spdy/2'

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1820

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1821

def test_alpn_server_fail(self):

1822

"""

Cory Benfield

2015-04-13 18:12:53 -0400

[diff] [blame]

1823

When clients and servers cannot agree on what protocol to use next

1824

the TLS connection does not get established.

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1825

"""

1826

select_args = []

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1827

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1828

def select(conn, options):

1829

select_args.append((conn, options))

1830

return b''

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1831

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1832

client_context = Context(TLSv1_METHOD)

1833

client_context.set_alpn_protos([b'http/1.1', b'spdy/2'])

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1834

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1835

server_context = Context(TLSv1_METHOD)

1836

server_context.set_alpn_select_callback(select)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1837

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1838

# Necessary to actually accept the connection

1839

server_context.use_privatekey(

1840

load_privatekey(FILETYPE_PEM, server_key_pem))

1841

server_context.use_certificate(

1842

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1843

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1844

# Do a little connection to trigger the logic

1845

server = Connection(server_context, None)

1846

server.set_accept_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1847

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1848

client = Connection(client_context, None)

1849

client.set_connect_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1850

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1851

# If the client doesn't return anything, the connection will fail.

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1852

with pytest.raises(Error):

1853

interact_in_memory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1854

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1855

assert select_args == [(server, [b'http/1.1', b'spdy/2'])]

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1856

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1857

def test_alpn_no_server(self):

1858

"""

Cory Benfield

2015-04-13 18:12:53 -0400

[diff] [blame]

1859

When clients and servers cannot agree on what protocol to use next

1860

because the server doesn't offer ALPN, no protocol is negotiated.

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1861

"""

1862

client_context = Context(TLSv1_METHOD)

1863

client_context.set_alpn_protos([b'http/1.1', b'spdy/2'])

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

1864

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1865

server_context = Context(TLSv1_METHOD)

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

1866

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1867

# Necessary to actually accept the connection

1868

server_context.use_privatekey(

1869

load_privatekey(FILETYPE_PEM, server_key_pem))

1870

server_context.use_certificate(

1871

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

1872

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1873

# Do a little connection to trigger the logic

1874

server = Connection(server_context, None)

1875

server.set_accept_state()

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

1876

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1877

client = Connection(client_context, None)

1878

client.set_connect_state()

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

1879

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1880

# Do the dance.

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1881

interact_in_memory(server, client)

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

1882

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1883

assert client.get_alpn_proto_negotiated() == b''

Cory Benfield

2015-04-11 17:57:35 -0400

[diff] [blame]

1884

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1885

def test_alpn_callback_exception(self):

1886

"""

Cory Benfield

2015-04-13 18:12:53 -0400

[diff] [blame]

1887

We can handle exceptions in the ALPN select callback.

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1888

"""

1889

select_args = []

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1890

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1891

def select(conn, options):

1892

select_args.append((conn, options))

Cory Benfield

ef40145

2015-04-13 18:17:36 -0400

[diff] [blame]

1893

raise TypeError()

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

1894

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1895

client_context = Context(TLSv1_METHOD)

1896

client_context.set_alpn_protos([b'http/1.1', b'spdy/2'])

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

1897

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1898

server_context = Context(TLSv1_METHOD)

1899

server_context.set_alpn_select_callback(select)

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

1900

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1901

# Necessary to actually accept the connection

1902

server_context.use_privatekey(

1903

load_privatekey(FILETYPE_PEM, server_key_pem))

1904

server_context.use_certificate(

1905

load_certificate(FILETYPE_PEM, server_cert_pem))

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

1906

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1907

# Do a little connection to trigger the logic

1908

server = Connection(server_context, None)

1909

server.set_accept_state()

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

1910

Cory Benfield

2015-04-13 16:50:49 -0400

[diff] [blame]

1911

client = Connection(client_context, None)

1912

client.set_connect_state()

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

1913

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1914

with pytest.raises(TypeError):

1915

interact_in_memory(server, client)

1916

assert select_args == [(server, [b'http/1.1', b'spdy/2'])]

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

1917

Cory Benfield

2015-04-13 17:51:12 -0400

[diff] [blame]

1918

else:

1919

# No ALPN.

1920

def test_alpn_not_implemented(self):

Cory Benfield

ef40145

2015-04-13 18:17:36 -0400

[diff] [blame]

1921

"""

1922

If ALPN is not in OpenSSL, we should raise NotImplementedError.

1923

"""

Cory Benfield

2015-04-13 17:51:12 -0400

[diff] [blame]

1924

# Test the context methods first.

1925

context = Context(TLSv1_METHOD)

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1926

with pytest.raises(NotImplementedError):

1927

context.set_alpn_protos(None)

1928

with pytest.raises(NotImplementedError):

1929

context.set_alpn_select_callback(None)

Cory Benfield

2015-04-13 17:51:12 -0400

[diff] [blame]

1930

1931

# Now test a connection.

1932

conn = Connection(context)

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1933

with pytest.raises(NotImplementedError):

1934

conn.set_alpn_protos(None)

Cory Benfield

2015-04-13 17:51:12 -0400

[diff] [blame]

1935

Cory Benfield

2015-04-12 09:11:49 -0400

[diff] [blame]

1936

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1937

class TestSession(object):

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

1938

"""

1939

Unit tests for :py:obj:`OpenSSL.SSL.Session`.

1940

"""

1941

def test_construction(self):

1942

"""

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1943

:py:class:`Session` can be constructed with no arguments, creating

1944

a new instance of that type.

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

1945

"""

1946

new_session = Session()

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1947

assert isinstance(new_session, Session)

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

1948

1949

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

1950

class TestConnection(object):

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1951

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

1952

Unit tests for `OpenSSL.SSL.Connection`.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1953

"""

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

1954

# XXX get_peer_certificate -> None

1955

# XXX sock_shutdown

1956

# XXX master_key -> TypeError

1957

# XXX server_random -> TypeError

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

1958

# XXX connect -> TypeError

1959

# XXX connect_ex -> TypeError

1960

# XXX set_connect_state -> TypeError

1961

# XXX set_accept_state -> TypeError

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

1962

# XXX do_handshake -> TypeError

1963

# XXX bio_read -> TypeError

1964

# XXX recv -> TypeError

1965

# XXX send -> TypeError

1966

# XXX bio_write -> TypeError

1967

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1968

def test_type(self):

1969

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

1970

`Connection` and `ConnectionType` refer to the same type object and

1971

can be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1972

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

1973

assert Connection is ConnectionType

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1974

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

1975

assert is_consistent_type(Connection, 'Connection', ctx, None)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1976

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1977

def test_get_context(self):

1978

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

1979

`Connection.get_context` returns the `Context` instance used to

1980

construct the `Connection` instance.

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1981

"""

1982

context = Context(TLSv1_METHOD)

1983

connection = Connection(context, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

1984

assert connection.get_context() is context

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1985

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1986

def test_set_context_wrong_args(self):

1987

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

1988

`Connection.set_context` raises `TypeError` if called with a

1989

non-`Context` instance argument,

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1990

"""

1991

ctx = Context(TLSv1_METHOD)

1992

connection = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

1993

with pytest.raises(TypeError):

1994

connection.set_context(object())

1995

with pytest.raises(TypeError):

1996

connection.set_context("hello")

1997

with pytest.raises(TypeError):

1998

connection.set_context(1)

1999

assert ctx is connection.get_context()

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2000

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2001

def test_set_context(self):

2002

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2003

`Connection.set_context` specifies a new `Context` instance to be

2004

used for the connection.

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2005

"""

2006

original = Context(SSLv23_METHOD)

2007

replacement = Context(TLSv1_METHOD)

2008

connection = Connection(original, None)

2009

connection.set_context(replacement)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2010

assert replacement is connection.get_context()

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2011

# Lose our references to the contexts, just in case the Connection

2012

# isn't properly managing its own contributions to their reference

2013

# counts.

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2014

del original, replacement

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2015

collect()

2016

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2017

def test_set_tlsext_host_name_wrong_args(self):

2018

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2019

If `Connection.set_tlsext_host_name` is called with a non-byte string

2020

argument or a byte string with an embedded NUL, `TypeError` is raised.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2021

"""

2022

conn = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2023

with pytest.raises(TypeError):

2024

conn.set_tlsext_host_name(object())

2025

with pytest.raises(TypeError):

2026

conn.set_tlsext_host_name(b"with\0null")

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2027

Abraham Martin

c5484ba

2015-03-25 15:33:05 +0000

[diff] [blame]

2028

if PY3:

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2029

# On Python 3.x, don't accidentally implicitly convert from text.

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2030

with pytest.raises(TypeError):

2031

conn.set_tlsext_host_name(b"example.com".decode("ascii"))

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

2032

Jean-Paul Calderone

1d69a72

2010-07-29 09:05:53 -0400

[diff] [blame]

2033

def test_pending(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2034

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2035

`Connection.pending` returns the number of bytes available for

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2036

immediate read.

2037

"""

Jean-Paul Calderone

1d69a72

2010-07-29 09:05:53 -0400

[diff] [blame]

2038

connection = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2039

assert connection.pending() == 0

Jean-Paul Calderone

1d69a72

2010-07-29 09:05:53 -0400

[diff] [blame]

2040

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

2041

def test_peek(self):

2042

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2043

`Connection.recv` peeks into the connection if `socket.MSG_PEEK`

2044

is passed.

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

2045

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2046

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

2047

server.send(b'xy')

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2048

assert client.recv(2, MSG_PEEK) == b'xy'

2049

assert client.recv(2, MSG_PEEK) == b'xy'

2050

assert client.recv(2) == b'xy'

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

2051

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2052

def test_connect_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2053

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2054

`Connection.connect` raises `TypeError` if called with

2055

a non-address argument.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2056

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2057

connection = Connection(Context(TLSv1_METHOD), socket())

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2058

with pytest.raises(TypeError):

2059

connection.connect(None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2060

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2061

def test_connect_refused(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2062

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2063

`Connection.connect` raises `socket.error` if the underlying socket

2064

connect method raises it.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2065

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2066

client = socket()

2067

context = Context(TLSv1_METHOD)

2068

clientSSL = Connection(context, client)

Alex Gaynor

122717b

2015-09-05 14:14:18 -0400

[diff] [blame]

2069

# pytest.raises here doesn't work because of a bug in py.test on Python

2070

# 2.6: https://github.com/pytest-dev/pytest/issues/988

Alex Gaynor

e69c278

2015-09-05 14:07:48 -0400

[diff] [blame]

2071

try:

Alex Gaynor

1aabb2e

2015-09-05 13:35:18 -0400

[diff] [blame]

2072

clientSSL.connect(("127.0.0.1", 1))

Alex Gaynor

e69c278

2015-09-05 14:07:48 -0400

[diff] [blame]

2073

except error as e:

Alex Gaynor

20a4c08

2015-09-05 14:24:15 -0400

[diff] [blame]

2074

exc = e

2075

assert exc.args[0] == ECONNREFUSED

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2076

2077

def test_connect(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2078

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2079

`Connection.connect` establishes a connection to the specified address.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2080

"""

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(3)

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

2086

clientSSL.connect(('127.0.0.1', port.getsockname()[1]))

2087

# XXX An assertion? Or something?

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2088

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2089

@pytest.mark.skipif(

2090

platform == "darwin",

2091

reason="connect_ex sometimes causes a kernel panic on OS X 10.6.4"

2092

)

2093

def test_connect_ex(self):

2094

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2095

If there is a connection error, `Connection.connect_ex` returns the

2096

errno instead of raising an exception.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

"""

port = socket()

port.bind(('', 0))

port.listen(3)

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2101

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2102

clientSSL = Connection(Context(TLSv1_METHOD), socket())

2103

clientSSL.setblocking(False)

2104

result = clientSSL.connect_ex(port.getsockname())

2105

expected = (EINPROGRESS, EWOULDBLOCK)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2106

assert result in expected

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2107

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2108

def test_accept(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2109

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2110

`Connection.accept` accepts a pending connection attempt and returns a

2111

tuple of a new `Connection` (the accepted client) and the address the

2112

connection originated from.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2113

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2114

ctx = Context(TLSv1_METHOD)

2115

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2116

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2117

port = socket()

2118

portSSL = Connection(ctx, port)

2119

portSSL.bind(('', 0))

2120

portSSL.listen(3)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2121

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2122

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

2123

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2124

# Calling portSSL.getsockname() here to get the server IP address

2125

# sounds great, but frequently fails on Windows.

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

2126

clientSSL.connect(('127.0.0.1', portSSL.getsockname()[1]))

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2127

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2128

serverSSL, address = portSSL.accept()

2129

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2130

assert isinstance(serverSSL, Connection)

2131

assert serverSSL.get_context() is ctx

2132

assert address == clientSSL.getsockname()

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2133

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2134

def test_shutdown_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2135

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2136

`Connection.set_shutdown` raises `TypeError` if called with arguments

2137

other than integers.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2138

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2139

connection = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2140

with pytest.raises(TypeError):

2141

connection.set_shutdown(None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2142

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2143

def test_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2144

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2145

`Connection.shutdown` performs an SSL-level connection shutdown.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2146

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2147

server, client = loopback()

2148

assert not server.shutdown()

2149

assert server.get_shutdown() == SENT_SHUTDOWN

2150

with pytest.raises(ZeroReturnError):

2151

client.recv(1024)

2152

assert client.get_shutdown() == RECEIVED_SHUTDOWN

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

2153

client.shutdown()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2154

assert client.get_shutdown() == (SENT_SHUTDOWN | RECEIVED_SHUTDOWN)

2155

with pytest.raises(ZeroReturnError):

2156

server.recv(1024)

2157

assert server.get_shutdown() == (SENT_SHUTDOWN | RECEIVED_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2158

Paul Aurich

2015-01-08 08:34:33 -0800

[diff] [blame]

2159

def test_shutdown_closed(self):

2160

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2161

If the underlying socket is closed, `Connection.shutdown` propagates

2162

the write error from the low level write call.

Paul Aurich

2015-01-08 08:34:33 -0800

[diff] [blame]

2163

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2164

server, client = loopback()

Paul Aurich

2015-01-08 08:34:33 -0800

[diff] [blame]

2165

server.sock_shutdown(2)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2166

with pytest.raises(SysCallError) as exc:

2167

server.shutdown()

2168

if platform == "win32":

2169

assert exc.value.args[0] == ESHUTDOWN

2170

else:

2171

assert exc.value.args[0] == EPIPE

Paul Aurich

2015-01-08 08:34:33 -0800

[diff] [blame]

2172

Glyph

8938947

2015-04-14 17:29:26 -0400

[diff] [blame]

2173

def test_shutdown_truncated(self):

Glyph

6064ec3

2015-04-14 16:38:22 -0400

[diff] [blame]

2174

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2175

If the underlying connection is truncated, `Connection.shutdown`

2176

raises an `Error`.

Glyph

6064ec3

2015-04-14 16:38:22 -0400

[diff] [blame]

2177

"""

Glyph

8938947

2015-04-14 17:29:26 -0400

[diff] [blame]

2178

server_ctx = Context(TLSv1_METHOD)

2179

client_ctx = Context(TLSv1_METHOD)

2180

server_ctx.use_privatekey(

2181

load_privatekey(FILETYPE_PEM, server_key_pem))

2182

server_ctx.use_certificate(

2183

load_certificate(FILETYPE_PEM, server_cert_pem))

2184

server = Connection(server_ctx, None)

2185

client = Connection(client_ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2186

handshake_in_memory(client, server)

2187

assert not server.shutdown()

2188

with pytest.raises(WantReadError):

2189

server.shutdown()

Glyph

8938947

2015-04-14 17:29:26 -0400

[diff] [blame]

2190

server.bio_shutdown()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2191

with pytest.raises(Error):

2192

server.shutdown()

Glyph

6064ec3

2015-04-14 16:38:22 -0400

[diff] [blame]

2193

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2194

def test_set_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2195

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2196

`Connection.set_shutdown` sets the state of the SSL connection

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2197

shutdown process.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2198

"""

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2199

connection = Connection(Context(TLSv1_METHOD), socket())

2200

connection.set_shutdown(RECEIVED_SHUTDOWN)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2201

assert connection.get_shutdown() == RECEIVED_SHUTDOWN

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2202

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2203

@skip_if_py3

2204

def test_set_shutdown_long(self):

2205

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2206

On Python 2 `Connection.set_shutdown` accepts an argument

2207

of type `long` as well as `int`.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2208

"""

2209

connection = Connection(Context(TLSv1_METHOD), socket())

2210

connection.set_shutdown(long(RECEIVED_SHUTDOWN))

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2211

assert connection.get_shutdown() == RECEIVED_SHUTDOWN

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

2212

kjav

2015-09-07 12:14:01 +0100

[diff] [blame]

2213

def test_state_string(self):

2214

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2215

`Connection.state_string` verbosely describes the current state of

2216

the `Connection`.

kjav

2015-09-07 12:14:01 +0100

[diff] [blame]

2217

"""

Hynek Schlawack

b0274ce

2015-10-16 19:56:26 +0200

[diff] [blame]

2218

server, client = socket_pair()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2219

server = loopback_server_factory(server)

2220

client = loopback_client_factory(client)

kjav

2015-09-07 12:14:01 +0100

[diff] [blame]

2221

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2222

assert server.get_state_string() in [

2223

b"before/accept initialization", b"before SSL initialization"

2224

]

2225

assert client.get_state_string() in [

2226

b"before/connect initialization", b"before SSL initialization"

2227

]

kjav

2015-09-07 12:14:01 +0100

[diff] [blame]

2228

Jean-Paul Calderone

2010-07-29 09:51:06 -0400

[diff] [blame]

2229

def test_app_data(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2230

"""

2231

Any object can be set as app data by passing it to

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2232

`Connection.set_app_data` and later retrieved with

2233

`Connection.get_app_data`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2234

"""

Jean-Paul Calderone

2010-07-29 09:51:06 -0400

[diff] [blame]

2235

conn = Connection(Context(TLSv1_METHOD), None)

Todd Chapman

4f73e4f

2015-08-27 11:26:43 -0400

[diff] [blame]

2236

assert None is conn.get_app_data()

Jean-Paul Calderone

2010-07-29 09:51:06 -0400

[diff] [blame]

2237

app_data = object()

2238

conn.set_app_data(app_data)

Todd Chapman

4f73e4f

2015-08-27 11:26:43 -0400

[diff] [blame]

2239

assert conn.get_app_data() is app_data

Jean-Paul Calderone

2010-07-29 09:51:06 -0400

[diff] [blame]

2240

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2241

def test_makefile(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2242

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2243

`Connection.makefile` is not implemented and calling that

2244

method raises `NotImplementedError`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2245

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2246

conn = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2247

with pytest.raises(NotImplementedError):

2248

conn.makefile()

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2249

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2250

def test_get_peer_cert_chain(self):

2251

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2252

`Connection.get_peer_cert_chain` returns a list of certificates

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2253

which the connected server returned for the certification verification.

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2254

"""

2255

chain = _create_certificate_chain()

2256

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

2257

2258

serverContext = Context(TLSv1_METHOD)

2259

serverContext.use_privatekey(skey)

2260

serverContext.use_certificate(scert)

2261

serverContext.add_extra_chain_cert(icert)

2262

serverContext.add_extra_chain_cert(cacert)

2263

server = Connection(serverContext, None)

2264

server.set_accept_state()

2265

2266

# Create the client

2267

clientContext = Context(TLSv1_METHOD)

2268

clientContext.set_verify(VERIFY_NONE, verify_cb)

2269

client = Connection(clientContext, None)

2270

client.set_connect_state()

2271

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2272

interact_in_memory(client, server)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2273

2274

chain = client.get_peer_cert_chain()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2275

assert len(chain) == 3

2276

assert "Server Certificate" == chain[0].get_subject().CN

2277

assert "Intermediate Certificate" == chain[1].get_subject().CN

2278

assert "Authority Certificate" == chain[2].get_subject().CN

Jean-Paul Calderone

24a4243

2011-05-19 22:21:18 -0400

[diff] [blame]

2279

Jean-Paul Calderone

24a4243

2011-05-19 22:21:18 -0400

[diff] [blame]

2280

def test_get_peer_cert_chain_none(self):

2281

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2282

`Connection.get_peer_cert_chain` returns `None` if the peer sends

2283

no certificate chain.

Jean-Paul Calderone

24a4243

2011-05-19 22:21:18 -0400

[diff] [blame]

2284

"""

2285

ctx = Context(TLSv1_METHOD)

2286

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2287

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

2288

server = Connection(ctx, None)

2289

server.set_accept_state()

2290

client = Connection(Context(TLSv1_METHOD), None)

2291

client.set_connect_state()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2292

interact_in_memory(client, server)

2293

assert None is server.get_peer_cert_chain()

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2294

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2295

def test_get_session_unconnected(self):

2296

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2297

`Connection.get_session` returns `None` when used with an object

2298

which has not been connected.

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2299

"""

2300

ctx = Context(TLSv1_METHOD)

2301

server = Connection(ctx, None)

2302

session = server.get_session()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2303

assert None is session

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2304

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2305

def test_server_get_session(self):

2306

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2307

On the server side of a connection, `Connection.get_session` returns a

2308

`Session` instance representing the SSL session for that connection.

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2309

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2310

server, client = loopback()

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2311

session = server.get_session()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2312

assert isinstance(session, Session)

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2313

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2314

def test_client_get_session(self):

2315

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2316

On the client side of a connection, `Connection.get_session`

2317

returns a `Session` instance representing the SSL session for

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2318

that connection.

2319

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2320

server, client = loopback()

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2321

session = client.get_session()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2322

assert isinstance(session, Session)

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2323

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2324

def test_set_session_wrong_args(self):

2325

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2326

`Connection.set_session` raises `TypeError` if called with an object

2327

that is not an instance of `Session`.

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2328

"""

2329

ctx = Context(TLSv1_METHOD)

2330

connection = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2331

with pytest.raises(TypeError):

2332

connection.set_session(123)

2333

with pytest.raises(TypeError):

2334

connection.set_session("hello")

2335

with pytest.raises(TypeError):

2336

connection.set_session(object())

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2337

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2338

def test_client_set_session(self):

2339

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2340

`Connection.set_session`, when used prior to a connection being

2341

established, accepts a `Session` instance and causes an attempt to

2342

re-use the session it represents when the SSL handshake is performed.

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2343

"""

2344

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2345

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

2346

ctx = Context(TLSv1_METHOD)

2347

ctx.use_privatekey(key)

2348

ctx.use_certificate(cert)

2349

ctx.set_session_id("unity-test")

2350

2351

def makeServer(socket):

2352

server = Connection(ctx, socket)

2353

server.set_accept_state()

2354

return server

2355

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2356

originalServer, originalClient = loopback(

2357

server_factory=makeServer)

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2358

originalSession = originalClient.get_session()

2359

2360

def makeClient(socket):

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2361

client = loopback_client_factory(socket)

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2362

client.set_session(originalSession)

2363

return client

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2364

resumedServer, resumedClient = loopback(

2365

server_factory=makeServer,

2366

client_factory=makeClient)

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2367

2368

# This is a proxy: in general, we have no access to any unique

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2369

# identifier for the session (new enough versions of OpenSSL expose

2370

# a hash which could be usable, but "new enough" is very, very new).

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2371

# Instead, exploit the fact that the master key is re-used if the

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2372

# session is re-used. As long as the master key for the two

2373

# connections is the same, the session was re-used!

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2374

assert originalServer.master_key() == resumedServer.master_key()

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2375

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2376

def test_set_session_wrong_method(self):

2377

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2378

If `Connection.set_session` is passed a `Session` instance associated

2379

with a context using a different SSL method than the `Connection`

2380

is using, a `OpenSSL.SSL.Error` is raised.

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2381

"""

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2382

# Make this work on both OpenSSL 1.0.0, which doesn't support TLSv1.2

2383

# and also on OpenSSL 1.1.0 which doesn't support SSLv3. (SSL_ST_INIT

2384

# is a way to check for 1.1.0)

2385

if SSL_ST_INIT is not None:

v1 = TLSv1_METHOD

v2 = SSLv3_METHOD

else:

v1 = TLSv1_2_METHOD

v2 = TLSv1_METHOD

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2392

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2393

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2394

ctx = Context(v1)

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2395

ctx.use_privatekey(key)

2396

ctx.use_certificate(cert)

2397

ctx.set_session_id("unity-test")

2398

2399

def makeServer(socket):

2400

server = Connection(ctx, socket)

2401

server.set_accept_state()

2402

return server

2403

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2404

def makeOriginalClient(socket):

2405

client = Connection(Context(v1), socket)

2406

client.set_connect_state()

2407

return client

2408

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2409

originalServer, originalClient = loopback(

2410

server_factory=makeServer, client_factory=makeOriginalClient)

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2411

originalSession = originalClient.get_session()

2412

2413

def makeClient(socket):

2414

# Intentionally use a different, incompatible method here.

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2415

client = Connection(Context(v2), socket)

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2416

client.set_connect_state()

2417

client.set_session(originalSession)

2418

return client

2419

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2420

with pytest.raises(Error):

2421

loopback(client_factory=makeClient, server_factory=makeServer)

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2422

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2423

def test_wantWriteError(self):

2424

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2425

`Connection` methods which generate output raise

2426

`OpenSSL.SSL.WantWriteError` if writing to the connection's BIO

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2427

fail indicating a should-write state.

2428

"""

2429

client_socket, server_socket = socket_pair()

2430

# Fill up the client's send buffer so Connection won't be able to write

Jean-Paul Calderone

bbff8b9

2014-03-22 14:20:30 -0400

[diff] [blame]

2431

# anything. Only write a single byte at a time so we can be sure we

2432

# completely fill the buffer. Even though the socket API is allowed to

2433

# signal a short write via its return value it seems this doesn't

2434

# always happen on all platforms (FreeBSD and OS X particular) for the

2435

# very last bit of available buffer space.

2436

msg = b"x"

2437

for i in range(1024 * 1024 * 4):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2438

try:

2439

client_socket.send(msg)

2440

except error as e:

2441

if e.errno == EWOULDBLOCK:

2442

break

2443

raise

2444

else:

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2445

pytest.fail(

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2446

"Failed to fill socket buffer, cannot test BIO want write")

2447

2448

ctx = Context(TLSv1_METHOD)

2449

conn = Connection(ctx, client_socket)

2450

# Client's speak first, so make it an SSL client

2451

conn.set_connect_state()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2452

with pytest.raises(WantWriteError):

2453

conn.do_handshake()

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

# XXX want_read

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2457

def test_get_finished_before_connect(self):

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2458

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2459

`Connection.get_finished` returns `None` before TLS handshake

2460

is completed.

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2461

"""

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2462

ctx = Context(TLSv1_METHOD)

2463

connection = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2464

assert connection.get_finished() is None

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2465

2466

def test_get_peer_finished_before_connect(self):

2467

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2468

`Connection.get_peer_finished` returns `None` before TLS handshake

2469

is completed.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2470

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2471

ctx = Context(TLSv1_METHOD)

2472

connection = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2473

assert connection.get_peer_finished() is None

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2474

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2475

def test_get_finished(self):

2476

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2477

`Connection.get_finished` method returns the TLS Finished message send

2478

from client, or server. Finished messages are send during

Jean-Paul Calderone

5b05b48

2014-03-30 11:28:54 -0400

[diff] [blame]

2479

TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2480

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2481

server, client = loopback()

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2482

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2483

assert server.get_finished() is not None

2484

assert len(server.get_finished()) > 0

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2485

2486

def test_get_peer_finished(self):

2487

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2488

`Connection.get_peer_finished` method returns the TLS Finished

Jean-Paul Calderone

5b05b48

2014-03-30 11:28:54 -0400

[diff] [blame]

2489

message received from client, or server. Finished messages are send

2490

during TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2491

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2492

server, client = loopback()

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2493

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2494

assert server.get_peer_finished() is not None

2495

assert len(server.get_peer_finished()) > 0

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2496

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2497

def test_tls_finished_message_symmetry(self):

2498

"""

Hynek Schlawack

dddd111

2015-09-05 21:12:30 +0200

[diff] [blame]

2499

The TLS Finished message send by server must be the TLS Finished

2500

message received by client.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2501

Hynek Schlawack

dddd111

2015-09-05 21:12:30 +0200

[diff] [blame]

2502

The TLS Finished message send by client must be the TLS Finished

2503

message received by server.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2504

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2505

server, client = loopback()

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2506

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2507

assert server.get_finished() == client.get_peer_finished()

2508

assert client.get_finished() == server.get_peer_finished()

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2509

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2510

def test_get_cipher_name_before_connect(self):

2511

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2512

`Connection.get_cipher_name` returns `None` if no connection

2513

has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2514

"""

2515

ctx = Context(TLSv1_METHOD)

2516

conn = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2517

assert conn.get_cipher_name() is None

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2518

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2519

def test_get_cipher_name(self):

2520

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2521

`Connection.get_cipher_name` returns a `unicode` string giving the

2522

name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2523

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2524

server, client = loopback()

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2525

server_cipher_name, client_cipher_name = \

2526

server.get_cipher_name(), client.get_cipher_name()

2527

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2528

assert isinstance(server_cipher_name, text_type)

2529

assert isinstance(client_cipher_name, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2530

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2531

assert server_cipher_name == client_cipher_name

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2532

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2533

def test_get_cipher_version_before_connect(self):

2534

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2535

`Connection.get_cipher_version` returns `None` if no connection

2536

has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2537

"""

2538

ctx = Context(TLSv1_METHOD)

2539

conn = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2540

assert conn.get_cipher_version() is None

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2541

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2542

def test_get_cipher_version(self):

2543

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2544

`Connection.get_cipher_version` returns a `unicode` string giving

2545

the protocol name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2546

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2547

server, client = loopback()

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2548

server_cipher_version, client_cipher_version = \

2549

server.get_cipher_version(), client.get_cipher_version()

2550

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2551

assert isinstance(server_cipher_version, text_type)

2552

assert isinstance(client_cipher_version, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2553

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2554

assert server_cipher_version == client_cipher_version

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2555

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2556

def test_get_cipher_bits_before_connect(self):

2557

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2558

`Connection.get_cipher_bits` returns `None` if no connection has

2559

been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2560

"""

2561

ctx = Context(TLSv1_METHOD)

2562

conn = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2563

assert conn.get_cipher_bits() is None

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2564

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2565

def test_get_cipher_bits(self):

2566

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2567

`Connection.get_cipher_bits` returns the number of secret bits

Jean-Paul Calderone

5b05b48

2014-03-30 11:28:54 -0400

[diff] [blame]

2568

of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2569

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2570

server, client = loopback()

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2571

server_cipher_bits, client_cipher_bits = \

2572

server.get_cipher_bits(), client.get_cipher_bits()

2573

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2574

assert isinstance(server_cipher_bits, int)

2575

assert isinstance(client_cipher_bits, int)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2576

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2577

assert server_cipher_bits == client_cipher_bits

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2578

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2579

def test_get_protocol_version_name(self):

2580

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2581

`Connection.get_protocol_version_name()` returns a string giving the

2582

protocol version of the current connection.

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2583

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2584

server, client = loopback()

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2585

client_protocol_version_name = client.get_protocol_version_name()

2586

server_protocol_version_name = server.get_protocol_version_name()

2587

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2588

assert isinstance(server_protocol_version_name, text_type)

2589

assert isinstance(client_protocol_version_name, text_type)

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2590

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2591

assert server_protocol_version_name == client_protocol_version_name

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2592

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2593

def test_get_protocol_version(self):

2594

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2595

`Connection.get_protocol_version()` returns an integer

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2596

giving the protocol version of the current connection.

2597

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2598

server, client = loopback()

Jim Shaver

85a4dff

2015-04-27 17:42:46 -0400

[diff] [blame]

2599

client_protocol_version = client.get_protocol_version()

2600

server_protocol_version = server.get_protocol_version()

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2601

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2602

assert isinstance(server_protocol_version, int)

2603

assert isinstance(client_protocol_version, int)

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2604

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2605

assert server_protocol_version == client_protocol_version

2606

2607

def test_wantReadError(self):

2608

"""

2609

`Connection.bio_read` raises `OpenSSL.SSL.WantReadError` if there are

2610

no bytes available to be read from the BIO.

2611

"""

2612

ctx = Context(TLSv1_METHOD)

2613

conn = Connection(ctx, None)

2614

with pytest.raises(WantReadError):

2615

conn.bio_read(1024)

2616

2617

def test_buffer_size(self):

2618

"""

2619

`Connection.bio_read` accepts an integer giving the maximum number

2620

of bytes to read and return.

2621

"""

2622

ctx = Context(TLSv1_METHOD)

2623

conn = Connection(ctx, None)

2624

conn.set_connect_state()

2625

try:

2626

conn.do_handshake()

2627

except WantReadError:

2628

pass

2629

data = conn.bio_read(2)

2630

assert 2 == len(data)

2631

2632

@skip_if_py3

2633

def test_buffer_size_long(self):

2634

"""

2635

On Python 2 `Connection.bio_read` accepts values of type `long` as

2636

well as `int`.

2637

"""

2638

ctx = Context(TLSv1_METHOD)

2639

conn = Connection(ctx, None)

2640

conn.set_connect_state()

2641

try:

2642

conn.do_handshake()

2643

except WantReadError:

2644

pass

2645

data = conn.bio_read(long(2))

2646

assert 2 == len(data)

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2647

Jean-Paul Calderone

dbd7627

2014-03-29 18:09:40 -0400

[diff] [blame]

2648

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2649

class TestConnectionGetCipherList(object):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2650

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2651

Tests for `Connection.get_cipher_list`.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2652

"""

Jean-Paul Calderone

2010-07-28 19:14:16 -0400

[diff] [blame]

2653

def test_result(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2654

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2655

`Connection.get_cipher_list` returns a list of `bytes` giving the

2656

names of the ciphers which might be used.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2657

"""

Jean-Paul Calderone

2010-07-28 19:14:16 -0400

[diff] [blame]

2658

connection = Connection(Context(TLSv1_METHOD), None)

2659

ciphers = connection.get_cipher_list()

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2660

assert isinstance(ciphers, list)

Jean-Paul Calderone

2010-07-28 19:14:16 -0400

[diff] [blame]

2661

for cipher in ciphers:

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2662

assert isinstance(cipher, str)

Jean-Paul Calderone

2010-07-28 19:14:16 -0400

[diff] [blame]

2663

2664

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2665

class TestConnectionSend(object):

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2666

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2667

Tests for `Connection.send`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2668

"""

2669

def test_wrong_args(self):

2670

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2671

When called with arguments other than string argument for its first

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2672

parameter, `Connection.send` raises `TypeError`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2673

"""

2674

connection = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2675

with pytest.raises(TypeError):

2676

connection.send(object())

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2677

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2678

def test_short_bytes(self):

2679

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2680

When passed a short byte string, `Connection.send` transmits all of it

2681

and returns the number of bytes sent.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2682

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2683

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

2684

count = server.send(b'xy')

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2685

assert count == 2

2686

assert client.recv(2) == b'xy'

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2687

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2688

def test_text(self):

2689

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2690

When passed a text, `Connection.send` transmits all of it and

Jean-Paul Calderone

6462b07

2015-03-29 07:03:11 -0400

[diff] [blame]

2691

returns the number of bytes sent. It also raises a DeprecationWarning.

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2692

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2693

server, client = loopback()

2694

with pytest.warns(DeprecationWarning) as w:

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2695

simplefilter("always")

Jean-Paul Calderone

13a0e65

2015-03-29 07:58:51 -0400

[diff] [blame]

2696

count = server.send(b"xy".decode("ascii"))

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2697

assert (

Jean-Paul Calderone

13a0e65

2015-03-29 07:58:51 -0400

[diff] [blame]

2698

"{0} for buf is no longer accepted, use bytes".format(

Jean-Paul Calderone

6462b07

2015-03-29 07:03:11 -0400

[diff] [blame]

2699

WARNING_TYPE_EXPECTED

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2700

) == str(w[-1].message))

2701

assert count == 2

2702

assert client.recv(2) == b'xy'

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2703

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

2704

@skip_if_py26

2705

def test_short_memoryview(self):

2706

"""

2707

When passed a memoryview onto a small number of bytes,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2708

`Connection.send` transmits all of them and returns the number

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

2709

of bytes sent.

2710

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2711

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

2712

count = server.send(memoryview(b'xy'))

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2713

assert count == 2

2714

assert client.recv(2) == b'xy'

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2715

Hynek Schlawack

8e94f1b

2015-09-05 21:31:00 +0200

[diff] [blame]

2716

@skip_if_py3

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

2717

def test_short_buffer(self):

2718

"""

2719

When passed a buffer containing a small number of bytes,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2720

`Connection.send` transmits all of them and returns the number

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

2721

of bytes sent.

2722

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2723

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

2724

count = server.send(buffer(b'xy'))

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2725

assert count == 2

2726

assert client.recv(2) == b'xy'

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

2727

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2728

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2729

def _make_memoryview(size):

2730

"""

2731

Create a new ``memoryview`` wrapped around a ``bytearray`` of the given

2732

size.

2733

"""

2734

return memoryview(bytearray(size))

2735

2736

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2737

class TestConnectionRecvInto(object):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2738

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2739

Tests for `Connection.recv_into`.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2740

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2741

def _no_length_test(self, factory):

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2742

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2743

Assert that when the given buffer is passed to `Connection.recv_into`,

2744

whatever bytes are available to be received that fit into that buffer

2745

are written into that buffer.

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

2746

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2747

output_buffer = factory(5)

2748

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2749

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

2750

server.send(b'xy')

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

2751

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2752

assert client.recv_into(output_buffer) == 2

2753

assert output_buffer == bytearray(b'xy\x00\x00\x00')

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

2754

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

2755

def test_bytearray_no_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2756

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2757

`Connection.recv_into` can be passed a `bytearray` instance and data

2758

in the receive buffer is written to it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2759

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2760

self._no_length_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2761

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2762

def _respects_length_test(self, factory):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2763

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2764

Assert that when the given buffer is passed to `Connection.recv_into`

2765

along with a value for `nbytes` that is less than the size of that

2766

buffer, only `nbytes` bytes are written into the buffer.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2767

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2768

output_buffer = factory(10)

2769

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2770

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

2771

server.send(b'abcdefghij')

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2772

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2773

assert client.recv_into(output_buffer, 5) == 5

2774

assert output_buffer == bytearray(b'abcde\x00\x00\x00\x00\x00')

Jean-Paul Calderone

c295a2f

2015-03-15 17:11:18 -0400

[diff] [blame]

2775

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

2776

def test_bytearray_respects_length(self):

Jean-Paul Calderone

c295a2f

2015-03-15 17:11:18 -0400

[diff] [blame]

2777

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2778

When called with a `bytearray` instance, `Connection.recv_into`

2779

respects the `nbytes` parameter and doesn't copy in more than that

2780

number of bytes.

Jean-Paul Calderone

c295a2f

2015-03-15 17:11:18 -0400

[diff] [blame]

2781

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2782

self._respects_length_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2783

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2784

def _doesnt_overfill_test(self, factory):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2785

"""

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2786

Assert that if there are more bytes available to be read from the

2787

receive buffer than would fit into the buffer passed to

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2788

`Connection.recv_into`, only as many as fit are written into it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2789

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2790

output_buffer = factory(5)

2791

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2792

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

2793

server.send(b'abcdefghij')

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2794

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2795

assert client.recv_into(output_buffer) == 5

2796

assert output_buffer == bytearray(b'abcde')

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2797

rest = client.recv(5)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2798

assert b'fghij' == rest

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2799

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

2800

def test_bytearray_doesnt_overfill(self):

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2801

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2802

When called with a `bytearray` instance, `Connection.recv_into`

2803

respects the size of the array and doesn't write more bytes into it

2804

than will fit.

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

2805

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2806

self._doesnt_overfill_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2807

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

2808

def test_bytearray_really_doesnt_overfill(self):

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2809

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2810

When called with a `bytearray` instance and an `nbytes` value that is

2811

too large, `Connection.recv_into` respects the size of the array and

2812

not the `nbytes` value and doesn't write more bytes into the buffer

2813

than will fit.

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2814

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

2815

self._doesnt_overfill_test(bytearray)

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2816

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

2817

def test_peek(self):

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2818

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

2819

server.send(b'xy')

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

2820

2821

for _ in range(2):

2822

output_buffer = bytearray(5)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2823

assert client.recv_into(output_buffer, flags=MSG_PEEK) == 2

2824

assert output_buffer == bytearray(b'xy\x00\x00\x00')

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

2825

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

2826

@skip_if_py26

2827

def test_memoryview_no_length(self):

2828

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2829

`Connection.recv_into` can be passed a `memoryview` instance and data

2830

in the receive buffer is written to it.

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

2831

"""

2832

self._no_length_test(_make_memoryview)

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

2833

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

2834

@skip_if_py26

2835

def test_memoryview_respects_length(self):

2836

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2837

When called with a `memoryview` instance, `Connection.recv_into`

2838

respects the ``nbytes`` parameter and doesn't copy more than that

2839

number of bytes in.

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

2840

"""

2841

self._respects_length_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2842

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

2843

@skip_if_py26

2844

def test_memoryview_doesnt_overfill(self):

2845

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2846

When called with a `memoryview` instance, `Connection.recv_into`

2847

respects the size of the array and doesn't write more bytes into it

2848

than will fit.

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

2849

"""

2850

self._doesnt_overfill_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2851

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

2852

@skip_if_py26

2853

def test_memoryview_really_doesnt_overfill(self):

2854

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2855

When called with a `memoryview` instance and an `nbytes` value that is

2856

too large, `Connection.recv_into` respects the size of the array and

2857

not the `nbytes` value and doesn't write more bytes into the buffer

2858

than will fit.

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

2859

"""

2860

self._doesnt_overfill_test(_make_memoryview)

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

2861

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

2862

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2863

class TestConnectionSendall(object):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2864

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2865

Tests for `Connection.sendall`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2866

"""

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2867

def test_wrong_args(self):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2868

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2869

When called with arguments other than a string argument for its first

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2870

parameter, `Connection.sendall` raises `TypeError`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2871

"""

2872

connection = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2873

with pytest.raises(TypeError):

2874

connection.sendall(object())

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2875

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2876

def test_short(self):

2877

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2878

`Connection.sendall` transmits all of the bytes in the string

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

2879

passed to it.

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2880

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2881

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

2882

server.sendall(b'x')

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2883

assert client.recv(1) == b'x'

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2884

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2885

def test_text(self):

2886

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2887

`Connection.sendall` transmits all the content in the string passed

2888

to it, raising a DeprecationWarning in case of this being a text.

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2889

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2890

server, client = loopback()

2891

with pytest.warns(DeprecationWarning) as w:

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2892

simplefilter("always")

Jean-Paul Calderone

8dc37a1

2015-03-29 08:16:52 -0400

[diff] [blame]

2893

server.sendall(b"x".decode("ascii"))

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2894

assert (

Jean-Paul Calderone

13a0e65

2015-03-29 07:58:51 -0400

[diff] [blame]

2895

"{0} for buf is no longer accepted, use bytes".format(

Jean-Paul Calderone

6462b07

2015-03-29 07:03:11 -0400

[diff] [blame]

2896

WARNING_TYPE_EXPECTED

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2897

) == str(w[-1].message))

2898

assert client.recv(1) == b"x"

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2899

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

2900

@skip_if_py26

2901

def test_short_memoryview(self):

2902

"""

2903

When passed a memoryview onto a small number of bytes,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2904

`Connection.sendall` transmits all of them.

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

2905

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2906

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

2907

server.sendall(memoryview(b'x'))

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2908

assert client.recv(1) == b'x'

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

2909

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

2910

@skip_if_py3

2911

def test_short_buffers(self):

2912

"""

2913

When passed a buffer containing a small number of bytes,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2914

`Connection.sendall` transmits all of them.

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

2915

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2916

server, client = loopback()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

2917

server.sendall(buffer(b'x'))

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2918

assert client.recv(1) == b'x'

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

2919

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2920

def test_long(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2921

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2922

`Connection.sendall` transmits all the bytes in the string passed to it

2923

even if this requires multiple calls of an underlying write function.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2924

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2925

server, client = loopback()

Jean-Paul Calderone

6241c70

2010-09-16 19:59:24 -0400

[diff] [blame]

2926

# Should be enough, underlying SSL_write should only do 16k at a time.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

2927

# On Windows, after 32k of bytes the write will block (forever

2928

# - because no one is yet reading).

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

2929

message = b'x' * (1024 * 32 - 1) + b'y'

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2930

server.sendall(message)

2931

accum = []

2932

received = 0

2933

while received < len(message):

Jean-Paul Calderone

b1f7f5f

2010-08-22 21:40:52 -0400

[diff] [blame]

2934

data = client.recv(1024)

2935

accum.append(data)

2936

received += len(data)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2937

assert message == b''.join(accum)

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2938

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2939

def test_closed(self):

2940

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2941

If the underlying socket is closed, `Connection.sendall` propagates the

2942

write error from the low level write call.

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2943

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2944

server, client = loopback()

Jean-Paul Calderone

05d43e8

2010-09-24 18:01:36 -0400

[diff] [blame]

2945

server.sock_shutdown(2)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2946

with pytest.raises(SysCallError) as err:

2947

server.sendall(b"hello, world")

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

2948

if platform == "win32":

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2949

assert err.value.args[0] == ESHUTDOWN

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

2950

else:

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2951

assert err.value.args[0] == EPIPE

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2952

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2953

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2954

class TestConnectionRenegotiate(object):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2955

"""

2956

Tests for SSL renegotiation APIs.

2957

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2958

def test_total_renegotiations(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2959

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2960

`Connection.total_renegotiations` returns `0` before any renegotiations

2961

have happened.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2962

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2963

connection = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2964

assert connection.total_renegotiations() == 0

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2965

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

2966

def test_renegotiate(self):

2967

"""

2968

Go through a complete renegotiation cycle.

2969

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2970

server, client = loopback()

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2971

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

2972

server.send(b"hello world")

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2973

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

2974

assert b"hello world" == client.recv(len(b"hello world"))

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2975

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

2976

assert 0 == server.total_renegotiations()

2977

assert False is server.renegotiate_pending()

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2978

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

2979

assert True is server.renegotiate()

2980

2981

assert True is server.renegotiate_pending()

2982

2983

server.setblocking(False)

2984

client.setblocking(False)

2985

2986

client.do_handshake()

2987

server.do_handshake()

2988

2989

assert 1 == server.total_renegotiations()

2990

while False is server.renegotiate_pending():

2991

pass

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2992

2993

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2994

class TestError(object):

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2995

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

2996

Unit tests for `OpenSSL.SSL.Error`.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2997

"""

2998

def test_type(self):

2999

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3000

`Error` is an exception type.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3001

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3002

assert issubclass(Error, Exception)

3003

assert Error.__name__ == 'Error'

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

3004

3005

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3006

class TestConstants(object):

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3007

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3008

Tests for the values of constants exposed in `OpenSSL.SSL`.

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3009

3010

These are values defined by OpenSSL intended only to be used as flags to

3011

OpenSSL APIs. The only assertions it seems can be made about them is

3012

their values.

3013

"""

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3014

@pytest.mark.skipif(

3015

OP_NO_QUERY_MTU is None,

3016

reason="OP_NO_QUERY_MTU unavailable - OpenSSL version may be too old"

3017

)

3018

def test_op_no_query_mtu(self):

3019

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3020

The value of `OpenSSL.SSL.OP_NO_QUERY_MTU` is 0x1000, the value

3021

of `SSL_OP_NO_QUERY_MTU` defined by `openssl/ssl.h`.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3022

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3023

assert OP_NO_QUERY_MTU == 0x1000

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3024

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3025

@pytest.mark.skipif(

3026

OP_COOKIE_EXCHANGE is None,

3027

reason="OP_COOKIE_EXCHANGE unavailable - "

3028

"OpenSSL version may be too old"

3029

)

3030

def test_op_cookie_exchange(self):

3031

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3032

The value of `OpenSSL.SSL.OP_COOKIE_EXCHANGE` is 0x2000, the

3033

value of `SSL_OP_COOKIE_EXCHANGE` defined by `openssl/ssl.h`.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3034

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3035

assert OP_COOKIE_EXCHANGE == 0x2000

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3036

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3037

@pytest.mark.skipif(

3038

OP_NO_TICKET is None,

3039

reason="OP_NO_TICKET unavailable - OpenSSL version may be too old"

3040

)

3041

def test_op_no_ticket(self):

3042

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3043

The value of `OpenSSL.SSL.OP_NO_TICKET` is 0x4000, the value of

3044

`SSL_OP_NO_TICKET` defined by `openssl/ssl.h`.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3045

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3046

assert OP_NO_TICKET == 0x4000

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3047

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3048

@pytest.mark.skipif(

3049

OP_NO_COMPRESSION is None,

3050

reason="OP_NO_COMPRESSION unavailable - OpenSSL version may be too old"

3051

)

3052

def test_op_no_compression(self):

3053

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3054

The value of `OpenSSL.SSL.OP_NO_COMPRESSION` is 0x20000, the

3055

value of `SSL_OP_NO_COMPRESSION` defined by `openssl/ssl.h`.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3056

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3057

assert OP_NO_COMPRESSION == 0x20000

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

3058

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3059

def test_sess_cache_off(self):

3060

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3061

The value of `OpenSSL.SSL.SESS_CACHE_OFF` 0x0, the value of

3062

`SSL_SESS_CACHE_OFF` defined by `openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3063

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3064

assert 0x0 == SESS_CACHE_OFF

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3065

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3066

def test_sess_cache_client(self):

3067

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3068

The value of `OpenSSL.SSL.SESS_CACHE_CLIENT` 0x1, the value of

3069

`SSL_SESS_CACHE_CLIENT` defined by `openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3070

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3071

assert 0x1 == SESS_CACHE_CLIENT

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3072

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3073

def test_sess_cache_server(self):

3074

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3075

The value of `OpenSSL.SSL.SESS_CACHE_SERVER` 0x2, the value of

3076

`SSL_SESS_CACHE_SERVER` defined by `openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3077

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3078

assert 0x2 == SESS_CACHE_SERVER

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3079

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3080

def test_sess_cache_both(self):

3081

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3082

The value of `OpenSSL.SSL.SESS_CACHE_BOTH` 0x3, the value of

3083

`SSL_SESS_CACHE_BOTH` defined by `openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3084

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3085

assert 0x3 == SESS_CACHE_BOTH

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3086

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3087

def test_sess_cache_no_auto_clear(self):

3088

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3089

The value of `OpenSSL.SSL.SESS_CACHE_NO_AUTO_CLEAR` 0x80, the

3090

value of `SSL_SESS_CACHE_NO_AUTO_CLEAR` defined by

3091

`openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3092

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3093

assert 0x80 == SESS_CACHE_NO_AUTO_CLEAR

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3094

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3095

def test_sess_cache_no_internal_lookup(self):

3096

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3097

The value of `OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_LOOKUP` 0x100,

3098

the value of `SSL_SESS_CACHE_NO_INTERNAL_LOOKUP` defined by

3099

`openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3100

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3101

assert 0x100 == SESS_CACHE_NO_INTERNAL_LOOKUP

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3102

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3103

def test_sess_cache_no_internal_store(self):

3104

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3105

The value of `OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_STORE` 0x200,

3106

the value of `SSL_SESS_CACHE_NO_INTERNAL_STORE` defined by

3107

`openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3108

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3109

assert 0x200 == SESS_CACHE_NO_INTERNAL_STORE

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3110

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3111

def test_sess_cache_no_internal(self):

3112

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3113

The value of `OpenSSL.SSL.SESS_CACHE_NO_INTERNAL` 0x300, the

3114

value of `SSL_SESS_CACHE_NO_INTERNAL` defined by

3115

`openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3116

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3117

assert 0x300 == SESS_CACHE_NO_INTERNAL

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3118

3119

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3120

class TestMemoryBIO(object):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3121

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3122

Tests for `OpenSSL.SSL.Connection` using a memory BIO.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3123

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3124

def _server(self, sock):

3125

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3126

Create a new server-side SSL `Connection` object wrapped around `sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3127

"""

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3128

# Create the server side Connection. This is mostly setup boilerplate

3129

# - use TLSv1, use a particular certificate, etc.

3130

server_ctx = Context(TLSv1_METHOD)

Alex Gaynor

4330778

2015-09-04 09:05:45 -0400

[diff] [blame]

3131

server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE)

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3132

server_ctx.set_verify(

3133

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT | VERIFY_CLIENT_ONCE,

3134

verify_cb

3135

)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3136

server_store = server_ctx.get_cert_store()

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3137

server_ctx.use_privatekey(

3138

load_privatekey(FILETYPE_PEM, server_key_pem))

3139

server_ctx.use_certificate(

3140

load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3141

server_ctx.check_privatekey()

3142

server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3143

# Here the Connection is actually created. If None is passed as the

3144

# 2nd parameter, it indicates a memory BIO should be created.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3145

server_conn = Connection(server_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3146

server_conn.set_accept_state()

3147

return server_conn

3148

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3149

def _client(self, sock):

3150

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3151

Create a new client-side SSL `Connection` object wrapped around `sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3152

"""

3153

# Now create the client side Connection. Similar boilerplate to the

3154

# above.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3155

client_ctx = Context(TLSv1_METHOD)

Alex Gaynor

4330778

2015-09-04 09:05:45 -0400

[diff] [blame]

3156

client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE)

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3157

client_ctx.set_verify(

3158

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT | VERIFY_CLIENT_ONCE,

3159

verify_cb

3160

)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3161

client_store = client_ctx.get_cert_store()

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3162

client_ctx.use_privatekey(

3163

load_privatekey(FILETYPE_PEM, client_key_pem))

3164

client_ctx.use_certificate(

3165

load_certificate(FILETYPE_PEM, client_cert_pem))

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3166

client_ctx.check_privatekey()

3167

client_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3168

client_conn = Connection(client_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3169

client_conn.set_connect_state()

3170

return client_conn

3171

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3172

def test_memory_connect(self):

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3173

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3174

Two `Connection`s which use memory BIOs can be manually connected by

3175

reading from the output of each and writing those bytes to the input of

3176

the other and in this way establish a connection and exchange

3177

application-level bytes with each other.

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3178

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3179

server_conn = self._server(None)

3180

client_conn = self._client(None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3181

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3182

# There should be no key or nonces yet.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3183

assert server_conn.master_key() is None

3184

assert server_conn.client_random() is None

3185

assert server_conn.server_random() is None

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3186

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3187

# First, the handshake needs to happen. We'll deliver bytes back and

3188

# forth between the client and server until neither of them feels like

3189

# speaking any more.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3190

assert interact_in_memory(client_conn, server_conn) is None

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3191

3192

# Now that the handshake is done, there should be a key and nonces.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3193

assert server_conn.master_key() is not None

3194

assert server_conn.client_random() is not None

3195

assert server_conn.server_random() is not None

3196

assert server_conn.client_random() == client_conn.client_random()

3197

assert server_conn.server_random() == client_conn.server_random()

3198

assert server_conn.client_random() != server_conn.server_random()

3199

assert client_conn.client_random() != client_conn.server_random()

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3200

3201

# Here are the bytes we'll try to send.

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

3202

important_message = b'One if by land, two if by sea.'

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3203

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3204

server_conn.write(important_message)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3205

assert (

3206

interact_in_memory(client_conn, server_conn) ==

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3207

(client_conn, important_message))

3208

3209

client_conn.write(important_message[::-1])

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3210

assert (

3211

interact_in_memory(client_conn, server_conn) ==

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3212

(server_conn, important_message[::-1]))

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3213

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3214

def test_socket_connect(self):

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3215

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3216

Just like `test_memory_connect` but with an actual socket.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3217

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3218

This is primarily to rule out the memory BIO code as the source of any

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3219

problems encountered while passing data over a `Connection` (if

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3220

this test fails, there must be a problem outside the memory BIO code,

3221

as no memory BIO is involved here). Even though this isn't a memory

3222

BIO test, it's convenient to have it here.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3223

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3224

server_conn, client_conn = loopback()

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3225

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

3226

important_message = b"Help me Obi Wan Kenobi, you're my only hope."

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3227

client_conn.send(important_message)

3228

msg = server_conn.recv(1024)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3229

assert msg == important_message

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3230

3231

# Again in the other direction, just for fun.

3232

important_message = important_message[::-1]

3233

server_conn.send(important_message)

3234

msg = client_conn.recv(1024)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3235

assert msg == important_message

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3236

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3237

def test_socket_overrides_memory(self):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3238

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3239

Test that `OpenSSL.SSL.bio_read` and `OpenSSL.SSL.bio_write` don't

3240

work on `OpenSSL.SSL.Connection`() that use sockets.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3241

"""

Alex Gaynor

51d424c

2016-09-10 14:50:11 -0400

[diff] [blame]

3242

context = Context(TLSv1_METHOD)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3243

client = socket()

3244

clientSSL = Connection(context, client)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3245

with pytest.raises(TypeError):

3246

clientSSL.bio_read(100)

3247

with pytest.raises(TypeError):

3248

clientSSL.bio_write("foo")

3249

with pytest.raises(TypeError):

3250

clientSSL.bio_shutdown()

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3251

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3252

def test_outgoing_overflow(self):

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3253

"""

3254

If more bytes than can be written to the memory BIO are passed to

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3255

`Connection.send` at once, the number of bytes which were written is

3256

returned and that many bytes from the beginning of the input can be

3257

read from the other end of the connection.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3258

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3259

server = self._server(None)

3260

client = self._client(None)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3261

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3262

interact_in_memory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3263

3264

size = 2 ** 15

Jean-Paul Calderone

4f0467a

2014-01-11 11:58:41 -0500

[diff] [blame]

3265

sent = client.send(b"x" * size)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3266

# Sanity check. We're trying to test what happens when the entire

3267

# input can't be sent. If the entire input was sent, this test is

3268

# meaningless.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3269

assert sent < size

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3270

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3271

receiver, received = interact_in_memory(client, server)

3272

assert receiver is server

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3273

3274

# We can rely on all of these bytes being received at once because

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3275

# loopback passes 2 ** 16 to recv - more than 2 ** 15.

3276

assert len(received) == sent

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3277

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3278

def test_shutdown(self):

3279

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3280

`Connection.bio_shutdown` signals the end of the data stream

3281

from which the `Connection` reads.

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3282

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3283

server = self._server(None)

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3284

server.bio_shutdown()

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3285

with pytest.raises(Error) as err:

3286

server.recv(1024)

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3287

# We don't want WantReadError or ZeroReturnError or anything - it's a

3288

# handshake failure.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3289

assert type(err.value) in [Error, SysCallError]

Jean-Paul Calderone

0b88b6a

2009-07-05 12:44:41 -0400

[diff] [blame]

3290

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3291

def test_unexpected_EOF(self):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3292

"""

3293

If the connection is lost before an orderly SSL shutdown occurs,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3294

`OpenSSL.SSL.SysCallError` is raised with a message of

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3295

"Unexpected EOF".

3296

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3297

server_conn, client_conn = loopback()

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3298

client_conn.sock_shutdown(SHUT_RDWR)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3299

with pytest.raises(SysCallError) as err:

3300

server_conn.recv(1024)

3301

assert err.value.args == (-1, "Unexpected EOF")

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3302

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3303

def _check_client_ca_list(self, func):

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3304

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3305

Verify the return value of the `get_client_ca_list` method for

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3306

server and client connections.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3307

Jonathan Ballet

78b92a2

2011-07-16 08:07:26 +0900

[diff] [blame]

3308

:param func: A function which will be called with the server context

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3309

before the client and server are connected to each other. This

3310

function should specify a list of CAs for the server to send to the

3311

client and return that same list. The list will be used to verify

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3312

that `get_client_ca_list` returns the proper value at

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3313

various times.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3314

"""

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3315

server = self._server(None)

3316

client = self._client(None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3317

assert client.get_client_ca_list() == []

3318

assert server.get_client_ca_list() == []

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3319

ctx = server.get_context()

3320

expected = func(ctx)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3321

assert client.get_client_ca_list() == []

3322

assert server.get_client_ca_list() == expected

3323

interact_in_memory(client, server)

3324

assert client.get_client_ca_list() == expected

3325

assert server.get_client_ca_list() == expected

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3326

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3327

def test_set_client_ca_list_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3328

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3329

`Context.set_client_ca_list` raises a `TypeError` if called with a

3330

non-list or a list that contains objects other than X509Names.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3331

"""

3332

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3333

with pytest.raises(TypeError):

3334

ctx.set_client_ca_list("spam")

3335

with pytest.raises(TypeError):

3336

ctx.set_client_ca_list(["spam"])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3337

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3338

def test_set_empty_ca_list(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3339

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3340

If passed an empty list, `Context.set_client_ca_list` configures the

3341

context to send no CA names to the client and, on both the server and

3342

client sides, `Connection.get_client_ca_list` returns an empty list

3343

after the connection is set up.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3344

"""

3345

def no_ca(ctx):

3346

ctx.set_client_ca_list([])

3347

return []

3348

self._check_client_ca_list(no_ca)

3349

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3350

def test_set_one_ca_list(self):

3351

"""

3352

If passed a list containing a single X509Name,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3353

`Context.set_client_ca_list` configures the context to send

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3354

that CA name to the client and, on both the server and client sides,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3355

`Connection.get_client_ca_list` returns a list containing that

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3356

X509Name after the connection is set up.

3357

"""

3358

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3359

cadesc = cacert.get_subject()

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3360

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3361

def single_ca(ctx):

3362

ctx.set_client_ca_list([cadesc])

3363

return [cadesc]

3364

self._check_client_ca_list(single_ca)

3365

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3366

def test_set_multiple_ca_list(self):

3367

"""

3368

If passed a list containing multiple X509Name objects,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3369

`Context.set_client_ca_list` configures the context to send

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3370

those CA names to the client and, on both the server and client sides,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3371

`Connection.get_client_ca_list` returns a list containing those

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3372

X509Names after the connection is set up.

3373

"""

3374

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3375

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3376

3377

sedesc = secert.get_subject()

3378

cldesc = clcert.get_subject()

3379

3380

def multiple_ca(ctx):

3381

L = [sedesc, cldesc]

3382

ctx.set_client_ca_list(L)

3383

return L

3384

self._check_client_ca_list(multiple_ca)

3385

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3386

def test_reset_ca_list(self):

3387

"""

3388

If called multiple times, only the X509Names passed to the final call

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3389

of `Context.set_client_ca_list` are used to configure the CA

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3390

names sent to the client.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3391

"""

3392

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3393

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3394

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3395

3396

cadesc = cacert.get_subject()

3397

sedesc = secert.get_subject()

3398

cldesc = clcert.get_subject()

3399

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3400

def changed_ca(ctx):

3401

ctx.set_client_ca_list([sedesc, cldesc])

3402

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3403

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3404

self._check_client_ca_list(changed_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3405

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3406

def test_mutated_ca_list(self):

3407

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3408

If the list passed to `Context.set_client_ca_list` is mutated

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3409

afterwards, this does not affect the list of CA names sent to the

3410

client.

3411

"""

3412

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3413

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3414

3415

cadesc = cacert.get_subject()

3416

sedesc = secert.get_subject()

3417

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3418

def mutated_ca(ctx):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3419

L = [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3420

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3421

L.append(sedesc)

3422

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3423

self._check_client_ca_list(mutated_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3424

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3425

def test_add_client_ca_wrong_args(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3426

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3427

`Context.add_client_ca` raises `TypeError` if called with

3428

a non-X509 object.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3429

"""

3430

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3431

with pytest.raises(TypeError):

3432

ctx.add_client_ca("spam")

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3433

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3434

def test_one_add_client_ca(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3435

"""

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3436

A certificate's subject can be added as a CA to be sent to the client

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3437

with `Context.add_client_ca`.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3438

"""

3439

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3440

cadesc = cacert.get_subject()

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3441

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3442

def single_ca(ctx):

3443

ctx.add_client_ca(cacert)

3444

return [cadesc]

3445

self._check_client_ca_list(single_ca)

3446

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3447

def test_multiple_add_client_ca(self):

3448

"""

3449

Multiple CA names can be sent to the client by calling

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3450

`Context.add_client_ca` with multiple X509 objects.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3451

"""

3452

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3453

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3454

3455

cadesc = cacert.get_subject()

3456

sedesc = secert.get_subject()

3457

3458

def multiple_ca(ctx):

3459

ctx.add_client_ca(cacert)

3460

ctx.add_client_ca(secert)

3461

return [cadesc, sedesc]

3462

self._check_client_ca_list(multiple_ca)

3463

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3464

def test_set_and_add_client_ca(self):

3465

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3466

A call to `Context.set_client_ca_list` followed by a call to

3467

`Context.add_client_ca` results in using the CA names from the

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3468

first call and the CA name from the second call.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3469

"""

3470

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3471

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3472

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3473

3474

cadesc = cacert.get_subject()

3475

sedesc = secert.get_subject()

3476

cldesc = clcert.get_subject()

3477

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3478

def mixed_set_add_ca(ctx):

3479

ctx.set_client_ca_list([cadesc, sedesc])

3480

ctx.add_client_ca(clcert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3481

return [cadesc, sedesc, cldesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3482

self._check_client_ca_list(mixed_set_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3483

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3484

def test_set_after_add_client_ca(self):

3485

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3486

A call to `Context.set_client_ca_list` after a call to

3487

`Context.add_client_ca` replaces the CA name specified by the

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3488

former call with the names specified by the latter call.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3489

"""

3490

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3491

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3492

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3493

3494

cadesc = cacert.get_subject()

3495

sedesc = secert.get_subject()

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3496

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3497

def set_replaces_add_ca(ctx):

3498

ctx.add_client_ca(clcert)

3499

ctx.set_client_ca_list([cadesc])

3500

ctx.add_client_ca(secert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3501

return [cadesc, sedesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3502

self._check_client_ca_list(set_replaces_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3503

Jean-Paul Calderone

0b88b6a

2009-07-05 12:44:41 -0400

[diff] [blame]

3504

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3505

class TestInfoConstants(object):

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

3506

"""

3507

Tests for assorted constants exposed for use in info callbacks.

3508

"""

3509

def test_integers(self):

3510

"""

3511

All of the info constants are integers.

3512

3513

This is a very weak test. It would be nice to have one that actually

3514

verifies that as certain info events happen, the value passed to the

3515

info callback matches up with the constant exposed by OpenSSL.SSL.

3516

"""

3517

for const in [

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

3518

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK,

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

3519

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

3520

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

3521

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3522

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE

3523

]:

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

3524

assert isinstance(const, int)

3525

3526

# These constants don't exist on OpenSSL 1.1.0

3527

for const in [

3528

SSL_ST_INIT, SSL_ST_BEFORE, SSL_ST_OK, SSL_ST_RENEGOTIATE

3529

]:

3530

assert const is None or isinstance(const, int)

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

3531

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

3532

Cory Benfield

1d14214

2016-03-30 11:51:45 +0100

[diff] [blame]

3533

class TestRequires(object):

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3534

"""

3535

Tests for the decorator factory used to conditionally raise

Cory Benfield

1d14214

2016-03-30 11:51:45 +0100

[diff] [blame]

3536

NotImplementedError when older OpenSSLs are used.

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3537

"""

3538

def test_available(self):

3539

"""

3540

When the OpenSSL functionality is available the decorated functions

3541

work appropriately.

3542

"""

3543

feature_guard = _make_requires(True, "Error text")

results = []

@feature_guard

def inner():

results.append(True)

return True

Cory Benfield

2016-03-30 14:24:16 +0100

[diff] [blame]

3551

assert inner() is True

3552

assert [True] == results

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3553

3554

def test_unavailable(self):

3555

"""

3556

When the OpenSSL functionality is not available the decorated function

3557

does not execute and NotImplementedError is raised.

3558

"""

3559

feature_guard = _make_requires(False, "Error text")

results = []

@feature_guard

def inner():

results.append(True)

return True

Cory Benfield

2016-03-30 11:51:45 +0100

[diff] [blame]

3567

with pytest.raises(NotImplementedError) as e:

3568

inner()

3569

3570

assert "Error text" in str(e.value)

Cory Benfield

2333e5e

2016-03-30 14:24:16 +0100

[diff] [blame]

3571

assert results == []

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3572

3573

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3574

class TestOCSP(object):

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3575

"""

3576

Tests for PyOpenSSL's OCSP stapling support.

3577

"""

3578

sample_ocsp_data = b"this is totally ocsp data"

3579

3580

def _client_connection(self, callback, data, request_ocsp=True):

3581

"""

3582

Builds a client connection suitable for using OCSP.

3583

3584

:param callback: The callback to register for OCSP.

3585

:param data: The opaque data object that will be handed to the

3586

OCSP callback.

3587

:param request_ocsp: Whether the client will actually ask for OCSP

3588

stapling. Useful for testing only.

3589

"""

3590

ctx = Context(SSLv23_METHOD)

3591

ctx.set_ocsp_client_callback(callback, data)

3592

client = Connection(ctx)

3593

3594

if request_ocsp:

3595

client.request_ocsp()

3596

3597

client.set_connect_state()

3598

return client

3599

3600

def _server_connection(self, callback, data):

3601

"""

3602

Builds a server connection suitable for using OCSP.

3603

3604

:param callback: The callback to register for OCSP.

3605

:param data: The opaque data object that will be handed to the

3606

OCSP callback.

3607

"""

3608

ctx = Context(SSLv23_METHOD)

3609

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

3610

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

3611

ctx.set_ocsp_server_callback(callback, data)

3612

server = Connection(ctx)

3613

server.set_accept_state()

3614

return server

3615

3616

def test_callbacks_arent_called_by_default(self):

3617

"""

3618

If both the client and the server have registered OCSP callbacks, but

3619

the client does not send the OCSP request, neither callback gets

called.

"""

called = []

def ocsp_callback(*args, **kwargs):

3625

called.append((args, kwargs))

3626

3627

client = self._client_connection(

3628

callback=ocsp_callback, data=None, request_ocsp=False

3629

)

3630

server = self._server_connection(callback=ocsp_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3631

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

assert not called

def test_client_negotiates_without_server(self):

3636

"""

3637

If the client wants to do OCSP but the server does not, the handshake

3638

succeeds, and the client callback fires with an empty byte string.

"""

called = []

def ocsp_callback(conn, ocsp_data, ignored):

3643

called.append(ocsp_data)

3644

return True

3645

3646

client = self._client_connection(callback=ocsp_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3647

server = loopback_server_factory(socket=None)

3648

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3649

3650

assert len(called) == 1

3651

assert called[0] == b''

3652

3653

def test_client_receives_servers_data(self):

3654

"""

3655

The data the server sends in its callback is received by the client.

"""

calls = []

def server_callback(*args, **kwargs):

3660

return self.sample_ocsp_data

3661

3662

def client_callback(conn, ocsp_data, ignored):

3663

calls.append(ocsp_data)

3664

return True

3665

3666

client = self._client_connection(callback=client_callback, data=None)

3667

server = self._server_connection(callback=server_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3668

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3669

3670

assert len(calls) == 1

3671

assert calls[0] == self.sample_ocsp_data

3672

3673

def test_callbacks_are_invoked_with_connections(self):

3674

"""

3675

The first arguments to both callbacks are their respective connections.

"""

client_calls = []

server_calls = []

def client_callback(conn, *args, **kwargs):

3681

client_calls.append(conn)

3682

return True

3683

3684

def server_callback(conn, *args, **kwargs):

3685

server_calls.append(conn)

3686

return self.sample_ocsp_data

3687

3688

client = self._client_connection(callback=client_callback, data=None)

3689

server = self._server_connection(callback=server_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3690

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3691

3692

assert len(client_calls) == 1

3693

assert len(server_calls) == 1

3694

assert client_calls[0] is client

3695

assert server_calls[0] is server

3696

3697

def test_opaque_data_is_passed_through(self):

3698

"""

3699

Both callbacks receive an opaque, user-provided piece of data in their

3700

callbacks as the final argument.

"""

calls = []

def server_callback(*args):

3705

calls.append(args)

3706

return self.sample_ocsp_data

3707

3708

def client_callback(*args):

calls.append(args)

return True

sentinel = object()

client = self._client_connection(

3715

callback=client_callback, data=sentinel

3716

)

3717

server = self._server_connection(

3718

callback=server_callback, data=sentinel

3719

)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3720

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3721

3722

assert len(calls) == 2

3723

assert calls[0][-1] is sentinel

3724

assert calls[1][-1] is sentinel

3725

3726

def test_server_returns_empty_string(self):

3727

"""

3728

If the server returns an empty bytestring from its callback, the

3729

client callback is called with the empty bytestring.

"""

client_calls = []

def server_callback(*args):

3734

return b''

3735

3736

def client_callback(conn, ocsp_data, ignored):

3737

client_calls.append(ocsp_data)

3738

return True

3739

3740

client = self._client_connection(callback=client_callback, data=None)

3741

server = self._server_connection(callback=server_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3742

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3743

3744

assert len(client_calls) == 1

3745

assert client_calls[0] == b''

3746

3747

def test_client_returns_false_terminates_handshake(self):

3748

"""

3749

If the client returns False from its callback, the handshake fails.

3750

"""

3751

def server_callback(*args):

3752

return self.sample_ocsp_data

3753

3754

def client_callback(*args):

3755

return False

3756

3757

client = self._client_connection(callback=client_callback, data=None)

3758

server = self._server_connection(callback=server_callback, data=None)

3759

3760

with pytest.raises(Error):

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3761

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3762

3763

def test_exceptions_in_client_bubble_up(self):

3764

"""

3765

The callbacks thrown in the client callback bubble up to the caller.

3766

"""

3767

class SentinelException(Exception):

3768

pass

3769

3770

def server_callback(*args):

3771

return self.sample_ocsp_data

3772

3773

def client_callback(*args):

3774

raise SentinelException()

3775

3776

client = self._client_connection(callback=client_callback, data=None)

3777

server = self._server_connection(callback=server_callback, data=None)

3778

3779

with pytest.raises(SentinelException):

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3780

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3781

3782

def test_exceptions_in_server_bubble_up(self):

3783

"""

3784

The callbacks thrown in the server callback bubble up to the caller.

3785

"""

3786

class SentinelException(Exception):

3787

pass

3788

3789

def server_callback(*args):

3790

raise SentinelException()

3791

3792

def client_callback(*args):

3793

pytest.fail("Should not be called")

3794

3795

client = self._client_connection(callback=client_callback, data=None)

3796

server = self._server_connection(callback=server_callback, data=None)

3797

3798

with pytest.raises(SentinelException):

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame^]

3799

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

3800

3801

def test_server_must_return_bytes(self):

3802

"""

3803

The server callback must return a bytestring, or a TypeError is thrown.

3804

"""

3805

def server_callback(*args):

3806

return self.sample_ocsp_data.decode('ascii')

3807

3808

def client_callback(*args):

3809

pytest.fail("Should not be called")

3810

3811

client = self._client_connection(callback=client_callback, data=None)

3812

server = self._server_connection(callback=server_callback, data=None)

3813

3814

with pytest.raises(TypeError):

Alex Chan