Blame - OpenSSL/test/test_ssl.py - platform/external/python/pyopenssl

2008-03-21 17:04:05 -0400

[diff] [blame]

4

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

5

Unit tests for :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

6

"""

7

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

8

from gc import collect, get_referrers

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

9

from errno import ECONNREFUSED, EINPROGRESS, EWOULDBLOCK, EPIPE, ESHUTDOWN

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

10

from sys import platform, version_info

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

11

from socket import SHUT_RDWR, error, socket

Jean-Paul Calderone

a65cf6c

2009-07-19 10:26:52 -0400

[diff] [blame]

12

from os import makedirs

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

13

from os.path import join

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

14

from unittest import main

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

15

from weakref import ref

Jean-Paul Calderone

460cc1f

2009-03-07 11:31:12 -0500

[diff] [blame]

16

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

17

from six import PY3, text_type, u

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

18

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

19

from OpenSSL.crypto import TYPE_RSA, FILETYPE_PEM

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

20

from OpenSSL.crypto import PKey, X509, X509Extension, X509Store

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

21

from OpenSSL.crypto import dump_privatekey, load_privatekey

22

from OpenSSL.crypto import dump_certificate, load_certificate

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

23

from OpenSSL.crypto import get_elliptic_curves

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

24

Jean-Paul Calderone

b41d1f4

2014-04-17 16:02:04 -0400

[diff] [blame]

25

from OpenSSL.SSL import _lib

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

26

from OpenSSL.SSL import OPENSSL_VERSION_NUMBER, SSLEAY_VERSION, SSLEAY_CFLAGS

27

from OpenSSL.SSL import SSLEAY_PLATFORM, SSLEAY_DIR, SSLEAY_BUILT_ON

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

28

from OpenSSL.SSL import SENT_SHUTDOWN, RECEIVED_SHUTDOWN

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

29

from OpenSSL.SSL import (

30

SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD,

31

TLSv1_1_METHOD, TLSv1_2_METHOD)

32

from OpenSSL.SSL import OP_SINGLE_DH_USE, OP_NO_SSLv2, OP_NO_SSLv3

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

33

from OpenSSL.SSL import (

34

VERIFY_PEER, VERIFY_FAIL_IF_NO_PEER_CERT, VERIFY_CLIENT_ONCE, VERIFY_NONE)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

35

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

36

from OpenSSL.SSL import (

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

37

SESS_CACHE_OFF, SESS_CACHE_CLIENT, SESS_CACHE_SERVER, SESS_CACHE_BOTH,

38

SESS_CACHE_NO_AUTO_CLEAR, SESS_CACHE_NO_INTERNAL_LOOKUP,

39

SESS_CACHE_NO_INTERNAL_STORE, SESS_CACHE_NO_INTERNAL)

40

41

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

42

Error, SysCallError, WantReadError, WantWriteError, ZeroReturnError)

Jean-Paul Calderone

e0fcf51

2012-02-13 09:10:15 -0500

[diff] [blame]

43

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

44

Context, ContextType, Session, Connection, ConnectionType, SSLeay_version)

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

45

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

46

from OpenSSL.test.util import TestCase, b

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

47

from OpenSSL.test.test_crypto import (

48

cleartextCertificatePEM, cleartextPrivateKeyPEM)

49

from OpenSSL.test.test_crypto import (

50

client_cert_pem, client_key_pem, server_cert_pem, server_key_pem,

51

root_cert_pem)

52

Jean-Paul Calderone

4bccf5e

2008-12-28 22:50:42 -0500

[diff] [blame]

53

try:

54

from OpenSSL.SSL import OP_NO_QUERY_MTU

55

except ImportError:

56

OP_NO_QUERY_MTU = None

57

try:

58

from OpenSSL.SSL import OP_COOKIE_EXCHANGE

59

except ImportError:

60

OP_COOKIE_EXCHANGE = None

61

try:

62

from OpenSSL.SSL import OP_NO_TICKET

63

except ImportError:

64

OP_NO_TICKET = None

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

65

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

66

try:

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

67

from OpenSSL.SSL import OP_NO_COMPRESSION

68

except ImportError:

69

OP_NO_COMPRESSION = None

70

71

try:

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

72

from OpenSSL.SSL import MODE_RELEASE_BUFFERS

73

except ImportError:

74

MODE_RELEASE_BUFFERS = None

75

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

76

try:

77

from OpenSSL.SSL import OP_NO_TLSv1, OP_NO_TLSv1_1, OP_NO_TLSv1_2

78

except ImportError:

79

OP_NO_TLSv1 = OP_NO_TLSv1_1 = OP_NO_TLSv1_2 = None

80

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

81

from OpenSSL.SSL import (

82

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT, SSL_ST_BEFORE,

83

SSL_ST_OK, SSL_ST_RENEGOTIATE,

84

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

85

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

86

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

87

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

88

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

89

# openssl dhparam 128 -out dh-128.pem (note that 128 is a small number of bits

90

# to use)

91

dhparam = """\

92

-----BEGIN DH PARAMETERS-----

93

MBYCEQCobsg29c9WZP/54oAPcwiDAgEC

94

-----END DH PARAMETERS-----

"""

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

98

def verify_cb(conn, cert, errnum, depth, ok):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

99

return ok

100

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

101

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

102

def socket_pair():

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

103

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

104

Establish and return a pair of network sockets connected to each other.

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

105

"""

106

# Connect a pair of sockets

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(1)

client = socket()

client.setblocking(False)

Jean-Paul Calderone

f23c5d9

2009-07-23 17:58:15 -0400

[diff] [blame]

112

client.connect_ex(("127.0.0.1", port.getsockname()[1]))

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

113

client.setblocking(True)

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

114

server = port.accept()[0]

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

115

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

116

# Let's pass some unencrypted data to make sure our socket connection is

117

# fine. Just one byte, so we don't have to worry about buffers getting

118

# filled up or fragmentation.

Jean-Paul Calderone

9e4eeae

2010-08-22 21:32:52 -0400

[diff] [blame]

119

server.send(b("x"))

120

assert client.recv(1024) == b("x")

121

client.send(b("y"))

122

assert server.recv(1024) == b("y")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

123

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

124

# Most of our callers want non-blocking sockets, make it easy for them.

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

125

server.setblocking(False)

126

client.setblocking(False)

127

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

128

return (server, client)

129

130

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

131

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

132

def handshake(client, server):

133

conns = [client, server]

while conns:

for conn in conns:

try:

conn.do_handshake()

except WantReadError:

pass

else:

conns.remove(conn)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

144

def _create_certificate_chain():

145

"""

146

Construct and return a chain of certificates.

147

148

1. A new self-signed certificate authority certificate (cacert)

149

2. A new intermediate certificate signed by cacert (icert)

150

3. A new server certificate signed by icert (scert)

151

"""

152

caext = X509Extension(b('basicConstraints'), False, b('CA:true'))

# Step 1

cakey = PKey()

cakey.generate_key(TYPE_RSA, 512)

157

cacert = X509()

158

cacert.get_subject().commonName = "Authority Certificate"

159

cacert.set_issuer(cacert.get_subject())

160

cacert.set_pubkey(cakey)

161

cacert.set_notBefore(b("20000101000000Z"))

162

cacert.set_notAfter(b("20200101000000Z"))

163

cacert.add_extensions([caext])

164

cacert.set_serial_number(0)

165

cacert.sign(cakey, "sha1")

# Step 2

ikey = PKey()

ikey.generate_key(TYPE_RSA, 512)

170

icert = X509()

171

icert.get_subject().commonName = "Intermediate Certificate"

172

icert.set_issuer(cacert.get_subject())

173

icert.set_pubkey(ikey)

174

icert.set_notBefore(b("20000101000000Z"))

175

icert.set_notAfter(b("20200101000000Z"))

176

icert.add_extensions([caext])

177

icert.set_serial_number(0)

178

icert.sign(cakey, "sha1")

# Step 3

skey = PKey()

skey.generate_key(TYPE_RSA, 512)

183

scert = X509()

184

scert.get_subject().commonName = "Server Certificate"

185

scert.set_issuer(icert.get_subject())

186

scert.set_pubkey(skey)

187

scert.set_notBefore(b("20000101000000Z"))

188

scert.set_notAfter(b("20200101000000Z"))

189

scert.add_extensions([

190

X509Extension(b('basicConstraints'), True, b('CA:false'))])

191

scert.set_serial_number(0)

192

scert.sign(ikey, "sha1")

193

194

return [(cakey, cacert), (ikey, icert), (skey, scert)]

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

198

class _LoopbackMixin:

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

199

"""

200

Helper mixin which defines methods for creating a connected socket pair and

201

for forcing two connected SSL sockets to talk to each other via memory BIOs.

202

"""

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

203

def _loopbackClientFactory(self, socket):

204

client = Connection(Context(TLSv1_METHOD), socket)

205

client.set_connect_state()

206

return client

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

207

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

208

209

def _loopbackServerFactory(self, socket):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

210

ctx = Context(TLSv1_METHOD)

211

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

212

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

213

server = Connection(ctx, socket)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

214

server.set_accept_state()

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

return server

def _loopback(self, serverFactory=None, clientFactory=None):

219

if serverFactory is None:

220

serverFactory = self._loopbackServerFactory

221

if clientFactory is None:

222

clientFactory = self._loopbackClientFactory

223

224

(server, client) = socket_pair()

225

server = serverFactory(server)

226

client = clientFactory(client)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

227

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

228

handshake(client, server)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

229

230

server.setblocking(True)

231

client.setblocking(True)

232

return server, client

233

234

235

def _interactInMemory(self, client_conn, server_conn):

236

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

237

Try to read application bytes from each of the two :py:obj:`Connection`

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

238

objects. Copy bytes back and forth between their send/receive buffers

239

for as long as there is anything to copy. When there is nothing more

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

240

to copy, return :py:obj:`None`. If one of them actually manages to deliver

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

241

some application bytes, return a two-tuple of the connection from which

242

the bytes were read and the bytes themselves.

"""

wrote = True

while wrote:

# Loop until neither side has anything to say

247

wrote = False

248

249

# Copy stuff from each side's send buffer to the other side's

250

# receive buffer.

251

for (read, write) in [(client_conn, server_conn),

252

(server_conn, client_conn)]:

253

254

# Give the side a chance to generate some more bytes, or

255

# succeed.

256

try:

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

257

data = read.recv(2 ** 16)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

258

except WantReadError:

259

# It didn't succeed, so we'll hope it generated some

# output.

pass

else:

# It did succeed, so we'll stop now and let the caller deal

264

# with it.

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

265

return (read, data)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

266

267

while True:

268

# Keep copying as long as there's more stuff there.

269

try:

270

dirty = read.bio_read(4096)

271

except WantReadError:

272

# Okay, nothing more waiting to be sent. Stop

273

# processing this send buffer.

274

break

275

else:

276

# Keep track of the fact that someone generated some

277

# output.

278

wrote = True

279

write.bio_write(dirty)

280

281

Jean-Paul Calderone

6a8cd11

2014-04-02 21:09:08 -0400

[diff] [blame]

282

def _handshakeInMemory(self, client_conn, server_conn):

Jean-Paul Calderone

b2b4078

2014-05-06 08:47:40 -0400

[diff] [blame]

283

"""

284

Perform the TLS handshake between two :py:class:`Connection` instances

285

connected to each other via memory BIOs.

286

"""

Jean-Paul Calderone

6a8cd11

2014-04-02 21:09:08 -0400

[diff] [blame]

287

client_conn.set_connect_state()

288

server_conn.set_accept_state()

289

290

for conn in [client_conn, server_conn]:

291

try:

292

conn.do_handshake()

293

except WantReadError:

294

pass

295

296

self._interactInMemory(client_conn, server_conn)

297

298

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

299

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

300

class VersionTests(TestCase):

301

"""

302

Tests for version information exposed by

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

303

:py:obj:`OpenSSL.SSL.SSLeay_version` and

304

:py:obj:`OpenSSL.SSL.OPENSSL_VERSION_NUMBER`.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

305

"""

306

def test_OPENSSL_VERSION_NUMBER(self):

307

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

308

:py:obj:`OPENSSL_VERSION_NUMBER` is an integer with status in the low

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

309

byte and the patch, fix, minor, and major versions in the

310

nibbles above that.

311

"""

312

self.assertTrue(isinstance(OPENSSL_VERSION_NUMBER, int))

313

314

315

def test_SSLeay_version(self):

316

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

317

:py:obj:`SSLeay_version` takes a version type indicator and returns

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

318

one of a number of version strings based on that indicator.

319

"""

320

versions = {}

321

for t in [SSLEAY_VERSION, SSLEAY_CFLAGS, SSLEAY_BUILT_ON,

322

SSLEAY_PLATFORM, SSLEAY_DIR]:

323

version = SSLeay_version(t)

324

versions[version] = t

325

self.assertTrue(isinstance(version, bytes))

326

self.assertEqual(len(versions), 5)

327

328

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

329

330

class ContextTests(TestCase, _LoopbackMixin):

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

331

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

332

Unit tests for :py:obj:`OpenSSL.SSL.Context`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

333

"""

334

def test_method(self):

335

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

336

:py:obj:`Context` can be instantiated with one of :py:obj:`SSLv2_METHOD`,

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

337

:py:obj:`SSLv3_METHOD`, :py:obj:`SSLv23_METHOD`, :py:obj:`TLSv1_METHOD`,

338

:py:obj:`TLSv1_1_METHOD`, or :py:obj:`TLSv1_2_METHOD`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

339

"""

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

340

methods = [

341

SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD]

342

for meth in methods:

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

343

Context(meth)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

344

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

345

346

maybe = [SSLv2_METHOD, TLSv1_1_METHOD, TLSv1_2_METHOD]

for meth in maybe:

try:

Context(meth)

except (Error, ValueError):

351

# Some versions of OpenSSL have SSLv2 / TLSv1.1 / TLSv1.2, some

352

# don't. Difficult to say in advance.

353

pass

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

354

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

355

self.assertRaises(TypeError, Context, "")

356

self.assertRaises(ValueError, Context, 10)

357

358

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

359

if not PY3:

360

def test_method_long(self):

361

"""

362

On Python 2 :py:class:`Context` accepts values of type

363

:py:obj:`long` as well as :py:obj:`int`.

364

"""

365

Context(long(TLSv1_METHOD))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

369

def test_type(self):

370

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

371

:py:obj:`Context` and :py:obj:`ContextType` refer to the same type object and can be

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

372

used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

373

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

374

self.assertIdentical(Context, ContextType)

375

self.assertConsistentType(Context, 'Context', TLSv1_METHOD)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

376

377

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

378

def test_use_privatekey(self):

379

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

380

:py:obj:`Context.use_privatekey` takes an :py:obj:`OpenSSL.crypto.PKey` instance.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

381

"""

382

key = PKey()

383

key.generate_key(TYPE_RSA, 128)

384

ctx = Context(TLSv1_METHOD)

385

ctx.use_privatekey(key)

386

self.assertRaises(TypeError, ctx.use_privatekey, "")

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

387

388

Jean-Paul Calderone

173cff9

2013-03-06 10:29:21 -0800

[diff] [blame]

389

def test_use_privatekey_file_missing(self):

390

"""

391

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error`

392

when passed the name of a file which does not exist.

393

"""

394

ctx = Context(TLSv1_METHOD)

395

self.assertRaises(Error, ctx.use_privatekey_file, self.mktemp())

396

397

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

398

if not PY3:

399

def test_use_privatekey_file_long(self):

400

"""

401

On Python 2 :py:obj:`Context.use_privatekey_file` accepts a

402

filetype of type :py:obj:`long` as well as :py:obj:`int`.

403

"""

404

pemfile = self.mktemp()

405

406

key = PKey()

407

key.generate_key(TYPE_RSA, 128)

408

409

with open(pemfile, "wt") as pem:

410

pem.write(

411

dump_privatekey(FILETYPE_PEM, key).decode("ascii"))

412

413

ctx = Context(TLSv1_METHOD)

414

ctx.use_privatekey_file(pemfile, long(FILETYPE_PEM))

415

416

Jean-Paul Calderone

173cff9

2013-03-06 10:29:21 -0800

[diff] [blame]

417

def test_use_certificate_wrong_args(self):

418

"""

419

:py:obj:`Context.use_certificate_wrong_args` raises :py:obj:`TypeError`

420

when not passed exactly one :py:obj:`OpenSSL.crypto.X509` instance as an

421

argument.

422

"""

423

ctx = Context(TLSv1_METHOD)

424

self.assertRaises(TypeError, ctx.use_certificate)

425

self.assertRaises(TypeError, ctx.use_certificate, "hello, world")

426

self.assertRaises(TypeError, ctx.use_certificate, X509(), "hello, world")

427

428

429

def test_use_certificate_uninitialized(self):

430

"""

431

:py:obj:`Context.use_certificate` raises :py:obj:`OpenSSL.SSL.Error`

432

when passed a :py:obj:`OpenSSL.crypto.X509` instance which has not been

433

initialized (ie, which does not actually have any certificate data).

434

"""

435

ctx = Context(TLSv1_METHOD)

436

self.assertRaises(Error, ctx.use_certificate, X509())

437

438

439

def test_use_certificate(self):

440

"""

441

:py:obj:`Context.use_certificate` sets the certificate which will be

442

used to identify connections created using the context.

443

"""

444

# TODO

445

# Hard to assert anything. But we could set a privatekey then ask

446

# OpenSSL if the cert and key agree using check_privatekey. Then as

447

# long as check_privatekey works right we're good...

448

ctx = Context(TLSv1_METHOD)

449

ctx.use_certificate(load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

450

451

452

def test_use_certificate_file_wrong_args(self):

453

"""

454

:py:obj:`Context.use_certificate_file` raises :py:obj:`TypeError` if

455

called with zero arguments or more than two arguments, or if the first

456

argument is not a byte string or the second argumnent is not an integer.

457

"""

458

ctx = Context(TLSv1_METHOD)

459

self.assertRaises(TypeError, ctx.use_certificate_file)

460

self.assertRaises(TypeError, ctx.use_certificate_file, b"somefile", object())

461

self.assertRaises(

462

TypeError, ctx.use_certificate_file, b"somefile", FILETYPE_PEM, object())

463

self.assertRaises(

464

TypeError, ctx.use_certificate_file, object(), FILETYPE_PEM)

465

self.assertRaises(

466

TypeError, ctx.use_certificate_file, b"somefile", object())

467

468

469

def test_use_certificate_file_missing(self):

470

"""

471

:py:obj:`Context.use_certificate_file` raises

472

`:py:obj:`OpenSSL.SSL.Error` if passed the name of a file which does not

473

exist.

474

"""

475

ctx = Context(TLSv1_METHOD)

476

self.assertRaises(Error, ctx.use_certificate_file, self.mktemp())

477

478

479

def test_use_certificate_file(self):

480

"""

481

:py:obj:`Context.use_certificate` sets the certificate which will be

482

used to identify connections created using the context.

483

"""

484

# TODO

485

# Hard to assert anything. But we could set a privatekey then ask

486

# OpenSSL if the cert and key agree using check_privatekey. Then as

487

# long as check_privatekey works right we're good...

488

pem_filename = self.mktemp()

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

489

with open(pem_filename, "wb") as pem_file:

Jean-Paul Calderone

173cff9

2013-03-06 10:29:21 -0800

[diff] [blame]

490

pem_file.write(cleartextCertificatePEM)

491

492

ctx = Context(TLSv1_METHOD)

493

ctx.use_certificate_file(pem_filename)

494

495

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

496

if not PY3:

497

def test_use_certificate_file_long(self):

498

"""

499

On Python 2 :py:obj:`Context.use_certificate_file` accepts a

500

filetype of type :py:obj:`long` as well as :py:obj:`int`.

501

"""

502

pem_filename = self.mktemp()

503

with open(pem_filename, "wb") as pem_file:

504

pem_file.write(cleartextCertificatePEM)

505

506

ctx = Context(TLSv1_METHOD)

507

ctx.use_certificate_file(pem_filename, long(FILETYPE_PEM))

508

509

Jean-Paul Calderone

932f5cc

2014-12-11 13:58:00 -0500

[diff] [blame^]

510

def test_check_privatekey_valid(self):

511

"""

512

:py:obj:`Context.check_privatekey` returns :py:obj:`None` if the

513

:py:obj:`Context` instance has been configured to use a matched key and

514

certificate pair.

515

"""

516

key = load_privatekey(FILETYPE_PEM, client_key_pem)

517

cert = load_certificate(FILETYPE_PEM, client_cert_pem)

518

context = Context(TLSv1_METHOD)

519

context.use_privatekey(key)

520

context.use_certificate(cert)

521

self.assertIs(None, context.check_privatekey())

522

523

524

def test_check_privatekey_invalid(self):

525

"""

526

:py:obj:`Context.check_privatekey` raises :py:obj:`Error` if the

527

:py:obj:`Context` instance has been configured to use a key and

528

certificate pair which don't relate to each other.

529

"""

530

key = load_privatekey(FILETYPE_PEM, client_key_pem)

531

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

532

context = Context(TLSv1_METHOD)

533

context.use_privatekey(key)

534

context.use_certificate(cert)

535

self.assertRaises(Error, context.check_privatekey)

536

537

538

def test_check_privatekey_wrong_args(self):

539

"""

540

:py:obj:`Context.check_privatekey` raises :py:obj:`TypeError` if called

541

with other than no arguments.

542

"""

543

context = Context(TLSv1_METHOD)

544

self.assertRaises(TypeError, context.check_privatekey, object())

545

546

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

547

def test_set_app_data_wrong_args(self):

548

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

549

:py:obj:`Context.set_app_data` raises :py:obj:`TypeError` if called with other than

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

550

one argument.

551

"""

552

context = Context(TLSv1_METHOD)

553

self.assertRaises(TypeError, context.set_app_data)

554

self.assertRaises(TypeError, context.set_app_data, None, None)

555

556

557

def test_get_app_data_wrong_args(self):

558

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

559

:py:obj:`Context.get_app_data` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

560

arguments.

561

"""

562

context = Context(TLSv1_METHOD)

563

self.assertRaises(TypeError, context.get_app_data, None)

564

565

566

def test_app_data(self):

567

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

568

:py:obj:`Context.set_app_data` stores an object for later retrieval using

569

:py:obj:`Context.get_app_data`.

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

570

"""

571

app_data = object()

572

context = Context(TLSv1_METHOD)

573

context.set_app_data(app_data)

574

self.assertIdentical(context.get_app_data(), app_data)

575

576

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

577

def test_set_options_wrong_args(self):

578

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

579

:py:obj:`Context.set_options` raises :py:obj:`TypeError` if called with the wrong

580

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

581

"""

582

context = Context(TLSv1_METHOD)

583

self.assertRaises(TypeError, context.set_options)

584

self.assertRaises(TypeError, context.set_options, None)

585

self.assertRaises(TypeError, context.set_options, 1, None)

586

587

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

588

def test_set_options(self):

589

"""

590

:py:obj:`Context.set_options` returns the new options value.

591

"""

592

context = Context(TLSv1_METHOD)

593

options = context.set_options(OP_NO_SSLv2)

594

self.assertTrue(OP_NO_SSLv2 & options)

if not PY3:

def test_set_options_long(self):

599

"""

600

On Python 2 :py:obj:`Context.set_options` accepts values of type

601

:py:obj:`long` as well as :py:obj:`int`.

602

"""

603

context = Context(TLSv1_METHOD)

604

options = context.set_options(long(OP_NO_SSLv2))

605

self.assertTrue(OP_NO_SSLv2 & options)

606

607

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

608

def test_set_mode_wrong_args(self):

609

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

610

:py:obj:`Context.set`mode} raises :py:obj:`TypeError` if called with the wrong

611

number of arguments or a non-:py:obj:`int` argument.

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

612

"""

613

context = Context(TLSv1_METHOD)

614

self.assertRaises(TypeError, context.set_mode)

615

self.assertRaises(TypeError, context.set_mode, None)

616

self.assertRaises(TypeError, context.set_mode, 1, None)

617

618

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

619

if MODE_RELEASE_BUFFERS is not None:

620

def test_set_mode(self):

621

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

622

:py:obj:`Context.set_mode` accepts a mode bitvector and returns the newly

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

623

set mode.

624

"""

625

context = Context(TLSv1_METHOD)

626

self.assertTrue(

627

MODE_RELEASE_BUFFERS & context.set_mode(MODE_RELEASE_BUFFERS))

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

628

629

if not PY3:

630

def test_set_mode_long(self):

631

"""

632

On Python 2 :py:obj:`Context.set_mode` accepts values of type

633

:py:obj:`long` as well as :py:obj:`int`.

634

"""

635

context = Context(TLSv1_METHOD)

636

mode = context.set_mode(long(MODE_RELEASE_BUFFERS))

637

self.assertTrue(MODE_RELEASE_BUFFERS & mode)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

638

else:

639

"MODE_RELEASE_BUFFERS unavailable - OpenSSL version may be too old"

640

641

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

642

def test_set_timeout_wrong_args(self):

643

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

644

:py:obj:`Context.set_timeout` raises :py:obj:`TypeError` if called with the wrong

645

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

646

"""

647

context = Context(TLSv1_METHOD)

648

self.assertRaises(TypeError, context.set_timeout)

649

self.assertRaises(TypeError, context.set_timeout, None)

650

self.assertRaises(TypeError, context.set_timeout, 1, None)

651

652

653

def test_get_timeout_wrong_args(self):

654

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

655

:py:obj:`Context.get_timeout` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

656

"""

657

context = Context(TLSv1_METHOD)

658

self.assertRaises(TypeError, context.get_timeout, None)

659

660

661

def test_timeout(self):

662

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

663

:py:obj:`Context.set_timeout` sets the session timeout for all connections

664

created using the context object. :py:obj:`Context.get_timeout` retrieves this

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

665

value.

666

"""

667

context = Context(TLSv1_METHOD)

668

context.set_timeout(1234)

669

self.assertEquals(context.get_timeout(), 1234)

670

671

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

672

if not PY3:

673

def test_timeout_long(self):

674

"""

675

On Python 2 :py:obj:`Context.set_timeout` accepts values of type

676

`long` as well as int.

677

"""

678

context = Context(TLSv1_METHOD)

679

context.set_timeout(long(1234))

680

self.assertEquals(context.get_timeout(), 1234)

681

682

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

683

def test_set_verify_depth_wrong_args(self):

684

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

685

:py:obj:`Context.set_verify_depth` raises :py:obj:`TypeError` if called with the wrong

686

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

687

"""

688

context = Context(TLSv1_METHOD)

689

self.assertRaises(TypeError, context.set_verify_depth)

690

self.assertRaises(TypeError, context.set_verify_depth, None)

691

self.assertRaises(TypeError, context.set_verify_depth, 1, None)

692

693

694

def test_get_verify_depth_wrong_args(self):

695

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

696

:py:obj:`Context.get_verify_depth` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

697

"""

698

context = Context(TLSv1_METHOD)

699

self.assertRaises(TypeError, context.get_verify_depth, None)

700

701

702

def test_verify_depth(self):

703

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

704

:py:obj:`Context.set_verify_depth` sets the number of certificates in a chain

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

705

to follow before giving up. The value can be retrieved with

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

706

:py:obj:`Context.get_verify_depth`.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

707

"""

708

context = Context(TLSv1_METHOD)

709

context.set_verify_depth(11)

710

self.assertEquals(context.get_verify_depth(), 11)

711

712

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

713

if not PY3:

714

def test_verify_depth_long(self):

715

"""

716

On Python 2 :py:obj:`Context.set_verify_depth` accepts values of

717

type `long` as well as int.

718

"""

719

context = Context(TLSv1_METHOD)

720

context.set_verify_depth(long(11))

721

self.assertEquals(context.get_verify_depth(), 11)

722

723

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

724

def _write_encrypted_pem(self, passphrase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

725

"""

726

Write a new private key out to a new file, encrypted using the given

727

passphrase. Return the path to the new file.

728

"""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

729

key = PKey()

730

key.generate_key(TYPE_RSA, 128)

731

pemFile = self.mktemp()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

732

fObj = open(pemFile, 'w')

733

pem = dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase)

734

fObj.write(pem.decode('ascii'))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

fObj.close()

return pemFile

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

739

def test_set_passwd_cb_wrong_args(self):

740

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

741

:py:obj:`Context.set_passwd_cb` raises :py:obj:`TypeError` if called with the

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

742

wrong arguments or with a non-callable first argument.

743

"""

744

context = Context(TLSv1_METHOD)

745

self.assertRaises(TypeError, context.set_passwd_cb)

746

self.assertRaises(TypeError, context.set_passwd_cb, None)

747

self.assertRaises(TypeError, context.set_passwd_cb, lambda: None, None, None)

748

749

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

750

def test_set_passwd_cb(self):

751

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

752

:py:obj:`Context.set_passwd_cb` accepts a callable which will be invoked when

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

753

a private key is loaded from an encrypted PEM.

754

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

755

passphrase = b("foobar")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

756

pemFile = self._write_encrypted_pem(passphrase)

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

757

calledWith = []

758

def passphraseCallback(maxlen, verify, extra):

759

calledWith.append((maxlen, verify, extra))

760

return passphrase

761

context = Context(TLSv1_METHOD)

762

context.set_passwd_cb(passphraseCallback)

763

context.use_privatekey_file(pemFile)

764

self.assertTrue(len(calledWith), 1)

765

self.assertTrue(isinstance(calledWith[0][0], int))

766

self.assertTrue(isinstance(calledWith[0][1], int))

767

self.assertEqual(calledWith[0][2], None)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

768

769

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

770

def test_passwd_callback_exception(self):

771

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

772

:py:obj:`Context.use_privatekey_file` propagates any exception raised by the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

773

passphrase callback.

774

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

775

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

776

def passphraseCallback(maxlen, verify, extra):

777

raise RuntimeError("Sorry, I am a fail.")

778

779

context = Context(TLSv1_METHOD)

780

context.set_passwd_cb(passphraseCallback)

781

self.assertRaises(RuntimeError, context.use_privatekey_file, pemFile)

782

783

784

def test_passwd_callback_false(self):

785

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

786

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

787

passphrase callback returns a false value.

788

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

789

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

790

def passphraseCallback(maxlen, verify, extra):

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

791

return b""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

792

793

context = Context(TLSv1_METHOD)

794

context.set_passwd_cb(passphraseCallback)

795

self.assertRaises(Error, context.use_privatekey_file, pemFile)

796

797

798

def test_passwd_callback_non_string(self):

799

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

800

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

801

passphrase callback returns a true non-string value.

802

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

803

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

804

def passphraseCallback(maxlen, verify, extra):

805

return 10

806

807

context = Context(TLSv1_METHOD)

808

context.set_passwd_cb(passphraseCallback)

Jean-Paul Calderone

8a1bea5

2013-03-05 07:57:57 -0800

[diff] [blame]

809

self.assertRaises(ValueError, context.use_privatekey_file, pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

810

811

812

def test_passwd_callback_too_long(self):

813

"""

814

If the passphrase returned by the passphrase callback returns a string

815

longer than the indicated maximum length, it is truncated.

816

"""

817

# A priori knowledge!

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

818

passphrase = b("x") * 1024

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

819

pemFile = self._write_encrypted_pem(passphrase)

820

def passphraseCallback(maxlen, verify, extra):

821

assert maxlen == 1024

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

822

return passphrase + b("y")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

823

824

context = Context(TLSv1_METHOD)

825

context.set_passwd_cb(passphraseCallback)

826

# This shall succeed because the truncated result is the correct

827

# passphrase.

828

context.use_privatekey_file(pemFile)

829

830

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

831

def test_set_info_callback(self):

832

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

833

:py:obj:`Context.set_info_callback` accepts a callable which will be invoked

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

834

when certain information about an SSL connection is available.

835

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

836

(server, client) = socket_pair()

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

837

838

clientSSL = Connection(Context(TLSv1_METHOD), client)

839

clientSSL.set_connect_state()

840

841

called = []

842

def info(conn, where, ret):

843

called.append((conn, where, ret))

844

context = Context(TLSv1_METHOD)

845

context.set_info_callback(info)

846

context.use_certificate(

847

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

848

context.use_privatekey(

849

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

850

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

851

serverSSL = Connection(context, server)

852

serverSSL.set_accept_state()

853

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

854

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

855

Jean-Paul Calderone

3835e52

2014-02-02 11:12:30 -0500

[diff] [blame]

856

# The callback must always be called with a Connection instance as the

857

# first argument. It would probably be better to split this into

858

# separate tests for client and server side info callbacks so we could

859

# assert it is called with the right Connection instance. It would

860

# also be good to assert *something* about `where` and `ret`.

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

861

notConnections = [

862

conn for (conn, where, ret) in called

863

if not isinstance(conn, Connection)]

864

self.assertEqual(

865

[], notConnections,

866

"Some info callback arguments were not Connection instaces.")

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

867

868

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

869

def _load_verify_locations_test(self, *args):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

870

"""

871

Create a client context which will verify the peer certificate and call

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

872

its :py:obj:`load_verify_locations` method with the given arguments.

873

Then connect it to a server and ensure that the handshake succeeds.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

874

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

875

(server, client) = socket_pair()

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

876

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

877

clientContext = Context(TLSv1_METHOD)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

878

clientContext.load_verify_locations(*args)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

879

# Require that the server certificate verify properly or the

880

# connection will fail.

881

clientContext.set_verify(

882

VERIFY_PEER,

883

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

884

885

clientSSL = Connection(clientContext, client)

886

clientSSL.set_connect_state()

887

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

888

serverContext = Context(TLSv1_METHOD)

889

serverContext.use_certificate(

890

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

891

serverContext.use_privatekey(

892

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

893

894

serverSSL = Connection(serverContext, server)

895

serverSSL.set_accept_state()

896

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

897

# Without load_verify_locations above, the handshake

898

# will fail:

899

# Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',

900

# 'certificate verify failed')]

901

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

902

903

cert = clientSSL.get_peer_certificate()

Jean-Paul Calderone

20131f5

2009-04-01 12:05:45 -0400

[diff] [blame]

904

self.assertEqual(cert.get_subject().CN, 'Testing Root CA')

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

905

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

906

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

907

def test_load_verify_file(self):

908

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

909

:py:obj:`Context.load_verify_locations` accepts a file name and uses the

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

910

certificates within for verification purposes.

911

"""

912

cafile = self.mktemp()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

913

fObj = open(cafile, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

914

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

915

fObj.close()

916

917

self._load_verify_locations_test(cafile)

918

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

919

920

def test_load_verify_invalid_file(self):

921

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

922

:py:obj:`Context.load_verify_locations` raises :py:obj:`Error` when passed a

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

923

non-existent cafile.

924

"""

925

clientContext = Context(TLSv1_METHOD)

926

self.assertRaises(

927

Error, clientContext.load_verify_locations, self.mktemp())

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

928

929

930

def test_load_verify_directory(self):

931

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

932

:py:obj:`Context.load_verify_locations` accepts a directory name and uses

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

933

the certificates within for verification purposes.

934

"""

935

capath = self.mktemp()

936

makedirs(capath)

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

937

# Hash values computed manually with c_rehash to avoid depending on

938

# c_rehash in the test suite. One is from OpenSSL 0.9.8, the other

939

# from OpenSSL 1.0.0.

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

940

for name in [b'c7adac82.0', b'c3705638.0']:

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

941

cafile = join(capath, name)

942

fObj = open(cafile, 'w')

943

fObj.write(cleartextCertificatePEM.decode('ascii'))

944

fObj.close()

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

945

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

946

self._load_verify_locations_test(None, capath)

947

948

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

949

def test_load_verify_locations_wrong_args(self):

950

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

951

:py:obj:`Context.load_verify_locations` raises :py:obj:`TypeError` if called with

952

the wrong number of arguments or with non-:py:obj:`str` arguments.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

953

"""

954

context = Context(TLSv1_METHOD)

955

self.assertRaises(TypeError, context.load_verify_locations)

956

self.assertRaises(TypeError, context.load_verify_locations, object())

957

self.assertRaises(TypeError, context.load_verify_locations, object(), object())

958

self.assertRaises(TypeError, context.load_verify_locations, None, None, None)

959

960

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

961

if platform == "win32":

962

"set_default_verify_paths appears not to work on Windows. "

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

963

"See LP#404343 and LP#404344."

964

else:

965

def test_set_default_verify_paths(self):

966

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

967

:py:obj:`Context.set_default_verify_paths` causes the platform-specific CA

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

968

certificate locations to be used for verification purposes.

969

"""

970

# Testing this requires a server with a certificate signed by one of

971

# the CAs in the platform CA location. Getting one of those costs

972

# money. Fortunately (or unfortunately, depending on your

973

# perspective), it's easy to think of a public server on the

974

# internet which has such a certificate. Connecting to the network

975

# in a unit test is bad, but it's the only way I can think of to

976

# really test this. -exarkun

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

977

Alex Gaynor

b586da3

2014-11-15 09:22:21 -0800

[diff] [blame]

978

# Arg, verisign.com doesn't speak anything newer than TLS 1.0

979

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

980

context.set_default_verify_paths()

981

context.set_verify(

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

982

VERIFY_PEER,

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

983

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

984

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

985

client = socket()

986

client.connect(('verisign.com', 443))

987

clientSSL = Connection(context, client)

988

clientSSL.set_connect_state()

989

clientSSL.do_handshake()

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

990

clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

991

self.assertTrue(clientSSL.recv(1024))

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

992

993

994

def test_set_default_verify_paths_signature(self):

995

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

996

:py:obj:`Context.set_default_verify_paths` takes no arguments and raises

997

:py:obj:`TypeError` if given any.

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

998

"""

999

context = Context(TLSv1_METHOD)

1000

self.assertRaises(TypeError, context.set_default_verify_paths, None)

1001

self.assertRaises(TypeError, context.set_default_verify_paths, 1)

1002

self.assertRaises(TypeError, context.set_default_verify_paths, "")

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

1003

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1004

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1005

def test_add_extra_chain_cert_invalid_cert(self):

1006

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1007

:py:obj:`Context.add_extra_chain_cert` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1008

other than one argument or if called with an object which is not an

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1009

instance of :py:obj:`X509`.

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1010

"""

1011

context = Context(TLSv1_METHOD)

1012

self.assertRaises(TypeError, context.add_extra_chain_cert)

1013

self.assertRaises(TypeError, context.add_extra_chain_cert, object())

1014

self.assertRaises(TypeError, context.add_extra_chain_cert, object(), object())

1015

1016

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1017

def _handshake_test(self, serverContext, clientContext):

1018

"""

1019

Verify that a client and server created with the given contexts can

1020

successfully handshake and communicate.

1021

"""

1022

serverSocket, clientSocket = socket_pair()

1023

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1024

server = Connection(serverContext, serverSocket)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1025

server.set_accept_state()

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1026

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1027

client = Connection(clientContext, clientSocket)

1028

client.set_connect_state()

1029

1030

# Make them talk to each other.

1031

# self._interactInMemory(client, server)

1032

for i in range(3):

1033

for s in [client, server]:

1034

try:

1035

s.do_handshake()

1036

except WantReadError:

pass

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1040

def test_set_verify_callback_connection_argument(self):

1041

"""

1042

The first argument passed to the verify callback is the

1043

:py:class:`Connection` instance for which verification is taking place.

1044

"""

1045

serverContext = Context(TLSv1_METHOD)

1046

serverContext.use_privatekey(

1047

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1048

serverContext.use_certificate(

1049

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1050

serverConnection = Connection(serverContext, None)

1051

1052

class VerifyCallback(object):

1053

def callback(self, connection, *args):

1054

self.connection = connection

1055

return 1

1056

1057

verify = VerifyCallback()

1058

clientContext = Context(TLSv1_METHOD)

1059

clientContext.set_verify(VERIFY_PEER, verify.callback)

1060

clientConnection = Connection(clientContext, None)

1061

clientConnection.set_connect_state()

1062

1063

self._handshakeInMemory(clientConnection, serverConnection)

1064

1065

self.assertIdentical(verify.connection, clientConnection)

1066

1067

Jean-Paul Calderone

7e166fe

2013-03-06 20:54:38 -0800

[diff] [blame]

1068

def test_set_verify_callback_exception(self):

1069

"""

1070

If the verify callback passed to :py:obj:`Context.set_verify` raises an

1071

exception, verification fails and the exception is propagated to the

1072

caller of :py:obj:`Connection.do_handshake`.

1073

"""

1074

serverContext = Context(TLSv1_METHOD)

1075

serverContext.use_privatekey(

1076

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1077

serverContext.use_certificate(

1078

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1079

1080

clientContext = Context(TLSv1_METHOD)

1081

def verify_callback(*args):

1082

raise Exception("silly verify failure")

1083

clientContext.set_verify(VERIFY_PEER, verify_callback)

1084

1085

exc = self.assertRaises(

1086

Exception, self._handshake_test, serverContext, clientContext)

1087

self.assertEqual("silly verify failure", str(exc))

1088

1089

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1090

def test_add_extra_chain_cert(self):

1091

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1092

:py:obj:`Context.add_extra_chain_cert` accepts an :py:obj:`X509` instance to add to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1093

the certificate chain.

1094

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1095

See :py:obj:`_create_certificate_chain` for the details of the certificate

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1096

chain tested.

1097

1098

The chain is tested by starting a server with scert and connecting

1099

to it with a client which trusts cacert and requires verification to

1100

succeed.

1101

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1102

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1103

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1104

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1105

# Dump the CA certificate to a file because that's the only way to load

1106

# it as a trusted CA in the client context.

1107

for cert, name in [(cacert, 'ca.pem'), (icert, 'i.pem'), (scert, 's.pem')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1108

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1109

fObj.write(dump_certificate(FILETYPE_PEM, cert).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1110

fObj.close()

1111

1112

for key, name in [(cakey, 'ca.key'), (ikey, 'i.key'), (skey, 's.key')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1113

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1114

fObj.write(dump_privatekey(FILETYPE_PEM, key).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1115

fObj.close()

1116

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1117

# Create the server context

1118

serverContext = Context(TLSv1_METHOD)

1119

serverContext.use_privatekey(skey)

1120

serverContext.use_certificate(scert)

Jean-Paul Calderone

16cf03d

2010-09-08 18:53:39 -0400

[diff] [blame]

1121

# The client already has cacert, we only need to give them icert.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1122

serverContext.add_extra_chain_cert(icert)

1123

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1124

# Create the client

1125

clientContext = Context(TLSv1_METHOD)

1126

clientContext.set_verify(

1127

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1128

clientContext.load_verify_locations(b"ca.pem")

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1129

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1130

# Try it out.

1131

self._handshake_test(serverContext, clientContext)

1132

1133

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1134

def test_use_certificate_chain_file(self):

1135

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1136

:py:obj:`Context.use_certificate_chain_file` reads a certificate chain from

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1137

the specified file.

1138

1139

The chain is tested by starting a server with scert and connecting

1140

to it with a client which trusts cacert and requires verification to

1141

succeed.

1142

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1143

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1144

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1145

1146

# Write out the chain file.

1147

chainFile = self.mktemp()

Jean-Paul Calderone

d860798

2014-01-18 10:30:55 -0500

[diff] [blame]

1148

fObj = open(chainFile, 'wb')

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1149

# Most specific to least general.

Jean-Paul Calderone

d860798

2014-01-18 10:30:55 -0500

[diff] [blame]

1150

fObj.write(dump_certificate(FILETYPE_PEM, scert))

1151

fObj.write(dump_certificate(FILETYPE_PEM, icert))

1152

fObj.write(dump_certificate(FILETYPE_PEM, cacert))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1153

fObj.close()

1154

1155

serverContext = Context(TLSv1_METHOD)

1156

serverContext.use_certificate_chain_file(chainFile)

1157

serverContext.use_privatekey(skey)

1158

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1159

fObj = open('ca.pem', 'w')

1160

fObj.write(dump_certificate(FILETYPE_PEM, cacert).decode('ascii'))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1161

fObj.close()

1162

1163

clientContext = Context(TLSv1_METHOD)

1164

clientContext.set_verify(

1165

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1166

clientContext.load_verify_locations(b"ca.pem")

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1167

1168

self._handshake_test(serverContext, clientContext)

1169

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1170

1171

def test_use_certificate_chain_file_wrong_args(self):

1172

"""

1173

:py:obj:`Context.use_certificate_chain_file` raises :py:obj:`TypeError`

1174

if passed zero or more than one argument or when passed a non-byte

1175

string single argument. It also raises :py:obj:`OpenSSL.SSL.Error` when

1176

passed a bad chain file name (for example, the name of a file which does

1177

not exist).

1178

"""

1179

context = Context(TLSv1_METHOD)

1180

self.assertRaises(TypeError, context.use_certificate_chain_file)

1181

self.assertRaises(TypeError, context.use_certificate_chain_file, object())

1182

self.assertRaises(TypeError, context.use_certificate_chain_file, b"foo", object())

1183

1184

self.assertRaises(Error, context.use_certificate_chain_file, self.mktemp())

1185

Jean-Paul Calderone

e0d7936

2010-08-03 18:46:46 -0400

[diff] [blame]

1186

# XXX load_client_ca

1187

# XXX set_session_id

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1188

1189

def test_get_verify_mode_wrong_args(self):

1190

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1191

:py:obj:`Context.get_verify_mode` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1192

arguments.

1193

"""

1194

context = Context(TLSv1_METHOD)

1195

self.assertRaises(TypeError, context.get_verify_mode, None)

1196

1197

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1198

def test_set_verify_mode(self):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1199

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1200

:py:obj:`Context.get_verify_mode` returns the verify mode flags previously

1201

passed to :py:obj:`Context.set_verify`.

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1202

"""

1203

context = Context(TLSv1_METHOD)

1204

self.assertEquals(context.get_verify_mode(), 0)

1205

context.set_verify(

1206

VERIFY_PEER | VERIFY_CLIENT_ONCE, lambda *args: None)

1207

self.assertEquals(

1208

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1209

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1210

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1211

if not PY3:

1212

def test_set_verify_mode_long(self):

1213

"""

1214

On Python 2 :py:obj:`Context.set_verify_mode` accepts values of

1215

type :py:obj:`long` as well as :py:obj:`int`.

1216

"""

1217

context = Context(TLSv1_METHOD)

1218

self.assertEquals(context.get_verify_mode(), 0)

1219

context.set_verify(

1220

long(VERIFY_PEER | VERIFY_CLIENT_ONCE), lambda *args: None)

1221

self.assertEquals(

1222

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1223

1224

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1225

def test_load_tmp_dh_wrong_args(self):

1226

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1227

:py:obj:`Context.load_tmp_dh` raises :py:obj:`TypeError` if called with the wrong

1228

number of arguments or with a non-:py:obj:`str` argument.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1229

"""

1230

context = Context(TLSv1_METHOD)

1231

self.assertRaises(TypeError, context.load_tmp_dh)

1232

self.assertRaises(TypeError, context.load_tmp_dh, "foo", None)

1233

self.assertRaises(TypeError, context.load_tmp_dh, object())

1234

1235

1236

def test_load_tmp_dh_missing_file(self):

1237

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1238

:py:obj:`Context.load_tmp_dh` raises :py:obj:`OpenSSL.SSL.Error` if the specified file

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1239

does not exist.

1240

"""

1241

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1242

self.assertRaises(Error, context.load_tmp_dh, b"hello")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1243

1244

1245

def test_load_tmp_dh(self):

1246

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1247

:py:obj:`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1248

specified file.

1249

"""

1250

context = Context(TLSv1_METHOD)

1251

dhfilename = self.mktemp()

1252

dhfile = open(dhfilename, "w")

1253

dhfile.write(dhparam)

1254

dhfile.close()

1255

context.load_tmp_dh(dhfilename)

1256

# XXX What should I assert here? -exarkun

1257

1258

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1259

def test_set_tmp_ecdh(self):

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1260

"""

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1261

:py:obj:`Context.set_tmp_ecdh` sets the elliptic curve for

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1262

Diffie-Hellman to the specified curve.

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1263

"""

1264

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1265

for curve in get_elliptic_curves():

1266

# The only easily "assertable" thing is that it does not raise an

1267

# exception.

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1268

context.set_tmp_ecdh(curve)

Alex Gaynor

12dc084

2014-01-17 12:51:31 -0600

[diff] [blame]

1269

1270

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1271

def test_set_cipher_list_bytes(self):

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1272

"""

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1273

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`bytes` naming the

1274

ciphers which connections created with the context object will be able

1275

to choose from.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1276

"""

1277

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1278

context.set_cipher_list(b"hello world:EXP-RC4-MD5")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1279

conn = Connection(context, None)

1280

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1281

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1282

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1283

def test_set_cipher_list_text(self):

1284

"""

1285

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`unicode` naming

1286

the ciphers which connections created with the context object will be

1287

able to choose from.

1288

"""

1289

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

1290

context.set_cipher_list(u("hello world:EXP-RC4-MD5"))

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1291

conn = Connection(context, None)

1292

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

1293

1294

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1295

def test_set_cipher_list_wrong_args(self):

1296

"""

Jean-Paul Calderone

1704483

2014-01-18 10:20:11 -0500

[diff] [blame]

1297

:py:obj:`Context.set_cipher_list` raises :py:obj:`TypeError` when

1298

passed zero arguments or more than one argument or when passed a

1299

non-string single argument and raises :py:obj:`OpenSSL.SSL.Error` when

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1300

passed an incorrect cipher list string.

1301

"""

1302

context = Context(TLSv1_METHOD)

1303

self.assertRaises(TypeError, context.set_cipher_list)

1304

self.assertRaises(TypeError, context.set_cipher_list, object())

1305

self.assertRaises(TypeError, context.set_cipher_list, b"EXP-RC4-MD5", object())

1306

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1307

self.assertRaises(Error, context.set_cipher_list, "imaginary-cipher")

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1308

1309

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1310

def test_set_session_cache_mode_wrong_args(self):

1311

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1312

:py:obj:`Context.set_session_cache_mode` raises :py:obj:`TypeError` if

1313

called with other than one integer argument.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1314

"""

1315

context = Context(TLSv1_METHOD)

1316

self.assertRaises(TypeError, context.set_session_cache_mode)

1317

self.assertRaises(TypeError, context.set_session_cache_mode, object())

1318

1319

1320

def test_get_session_cache_mode_wrong_args(self):

1321

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1322

:py:obj:`Context.get_session_cache_mode` raises :py:obj:`TypeError` if

1323

called with any arguments.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1324

"""

1325

context = Context(TLSv1_METHOD)

1326

self.assertRaises(TypeError, context.get_session_cache_mode, 1)

1327

1328

1329

def test_session_cache_mode(self):

1330

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1331

:py:obj:`Context.set_session_cache_mode` specifies how sessions are

1332

cached. The setting can be retrieved via

1333

:py:obj:`Context.get_session_cache_mode`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1334

"""

1335

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1336

context.set_session_cache_mode(SESS_CACHE_OFF)

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1337

off = context.set_session_cache_mode(SESS_CACHE_BOTH)

1338

self.assertEqual(SESS_CACHE_OFF, off)

1339

self.assertEqual(SESS_CACHE_BOTH, context.get_session_cache_mode())

1340

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1341

if not PY3:

1342

def test_session_cache_mode_long(self):

1343

"""

1344

On Python 2 :py:obj:`Context.set_session_cache_mode` accepts values

1345

of type :py:obj:`long` as well as :py:obj:`int`.

1346

"""

1347

context = Context(TLSv1_METHOD)

1348

context.set_session_cache_mode(long(SESS_CACHE_BOTH))

1349

self.assertEqual(

1350

SESS_CACHE_BOTH, context.get_session_cache_mode())

1351

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1352

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1353

def test_get_cert_store(self):

1354

"""

1355

:py:obj:`Context.get_cert_store` returns a :py:obj:`X509Store` instance.

1356

"""

1357

context = Context(TLSv1_METHOD)

1358

store = context.get_cert_store()

1359

self.assertIsInstance(store, X509Store)

1360

1361

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1362

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1363

class ServerNameCallbackTests(TestCase, _LoopbackMixin):

1364

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1365

Tests for :py:obj:`Context.set_tlsext_servername_callback` and its interaction with

1366

:py:obj:`Connection`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1367

"""

1368

def test_wrong_args(self):

1369

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1370

:py:obj:`Context.set_tlsext_servername_callback` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1371

with other than one argument.

1372

"""

1373

context = Context(TLSv1_METHOD)

1374

self.assertRaises(TypeError, context.set_tlsext_servername_callback)

1375

self.assertRaises(

1376

TypeError, context.set_tlsext_servername_callback, 1, 2)

1377

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1378

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1379

def test_old_callback_forgotten(self):

1380

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1381

If :py:obj:`Context.set_tlsext_servername_callback` is used to specify a new

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1382

callback, the one it replaces is dereferenced.

1383

"""

1384

def callback(connection):

1385

pass

1386

1387

def replacement(connection):

1388

pass

1389

1390

context = Context(TLSv1_METHOD)

1391

context.set_tlsext_servername_callback(callback)

1392

1393

tracker = ref(callback)

1394

del callback

1395

1396

context.set_tlsext_servername_callback(replacement)

Jean-Paul Calderone

d4033eb

2014-01-11 08:21:46 -0500

[diff] [blame]

1397

1398

# One run of the garbage collector happens to work on CPython. PyPy

1399

# doesn't collect the underlying object until a second run for whatever

1400

# reason. That's fine, it still demonstrates our code has properly

1401

# dropped the reference.

1402

collect()

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1403

collect()

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1404

1405

callback = tracker()

1406

if callback is not None:

1407

referrers = get_referrers(callback)

Jean-Paul Calderone

7de3956

2014-01-11 08:17:59 -0500

[diff] [blame]

1408

if len(referrers) > 1:

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1409

self.fail("Some references remain: %r" % (referrers,))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1410

1411

1412

def test_no_servername(self):

1413

"""

1414

When a client specifies no server name, the callback passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1415

:py:obj:`Context.set_tlsext_servername_callback` is invoked and the result of

1416

:py:obj:`Connection.get_servername` is :py:obj:`None`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1417

"""

1418

args = []

1419

def servername(conn):

1420

args.append((conn, conn.get_servername()))

1421

context = Context(TLSv1_METHOD)

1422

context.set_tlsext_servername_callback(servername)

1423

1424

# Lose our reference to it. The Context is responsible for keeping it

# alive now.

del servername

collect()

# Necessary to actually accept the connection

1430

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1431

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1432

1433

# Do a little connection to trigger the logic

1434

server = Connection(context, None)

1435

server.set_accept_state()

1436

1437

client = Connection(Context(TLSv1_METHOD), None)

1438

client.set_connect_state()

1439

1440

self._interactInMemory(server, client)

1441

1442

self.assertEqual([(server, None)], args)

1443

1444

1445

def test_servername(self):

1446

"""

1447

When a client specifies a server name in its hello message, the callback

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1448

passed to :py:obj:`Contexts.set_tlsext_servername_callback` is invoked and the

1449

result of :py:obj:`Connection.get_servername` is that server name.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1450

"""

1451

args = []

1452

def servername(conn):

1453

args.append((conn, conn.get_servername()))

1454

context = Context(TLSv1_METHOD)

1455

context.set_tlsext_servername_callback(servername)

1456

1457

# Necessary to actually accept the connection

1458

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1459

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1460

1461

# Do a little connection to trigger the logic

1462

server = Connection(context, None)

1463

server.set_accept_state()

1464

1465

client = Connection(Context(TLSv1_METHOD), None)

1466

client.set_connect_state()

1467

client.set_tlsext_host_name(b("foo1.example.com"))

1468

1469

self._interactInMemory(server, client)

1470

1471

self.assertEqual([(server, b("foo1.example.com"))], args)

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

1475

class SessionTests(TestCase):

1476

"""

1477

Unit tests for :py:obj:`OpenSSL.SSL.Session`.

1478

"""

1479

def test_construction(self):

1480

"""

1481

:py:class:`Session` can be constructed with no arguments, creating a new

1482

instance of that type.

1483

"""

1484

new_session = Session()

1485

self.assertTrue(isinstance(new_session, Session))

1486

1487

1488

def test_construction_wrong_args(self):

1489

"""

1490

If any arguments are passed to :py:class:`Session`, :py:obj:`TypeError`

1491

is raised.

1492

"""

1493

self.assertRaises(TypeError, Session, 123)

1494

self.assertRaises(TypeError, Session, "hello")

1495

self.assertRaises(TypeError, Session, object())

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1499

class ConnectionTests(TestCase, _LoopbackMixin):

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1500

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1501

Unit tests for :py:obj:`OpenSSL.SSL.Connection`.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1502

"""

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

1503

# XXX get_peer_certificate -> None

1504

# XXX sock_shutdown

1505

# XXX master_key -> TypeError

1506

# XXX server_random -> TypeError

1507

# XXX state_string

1508

# XXX connect -> TypeError

1509

# XXX connect_ex -> TypeError

1510

# XXX set_connect_state -> TypeError

1511

# XXX set_accept_state -> TypeError

1512

# XXX renegotiate_pending

1513

# XXX do_handshake -> TypeError

1514

# XXX bio_read -> TypeError

1515

# XXX recv -> TypeError

1516

# XXX send -> TypeError

1517

# XXX bio_write -> TypeError

1518

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1519

def test_type(self):

1520

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1521

:py:obj:`Connection` and :py:obj:`ConnectionType` refer to the same type object and

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1522

can be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1523

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1524

self.assertIdentical(Connection, ConnectionType)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1525

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1526

self.assertConsistentType(Connection, 'Connection', ctx, None)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1527

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1528

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1529

def test_get_context(self):

1530

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1531

:py:obj:`Connection.get_context` returns the :py:obj:`Context` instance used to

1532

construct the :py:obj:`Connection` instance.

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1533

"""

1534

context = Context(TLSv1_METHOD)

1535

connection = Connection(context, None)

1536

self.assertIdentical(connection.get_context(), context)

1537

1538

1539

def test_get_context_wrong_args(self):

1540

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1541

:py:obj:`Connection.get_context` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1542

arguments.

1543

"""

1544

connection = Connection(Context(TLSv1_METHOD), None)

1545

self.assertRaises(TypeError, connection.get_context, None)

1546

1547

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1548

def test_set_context_wrong_args(self):

1549

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1550

:py:obj:`Connection.set_context` raises :py:obj:`TypeError` if called with a

1551

non-:py:obj:`Context` instance argument or with any number of arguments other

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1552

than 1.

1553

"""

1554

ctx = Context(TLSv1_METHOD)

1555

connection = Connection(ctx, None)

1556

self.assertRaises(TypeError, connection.set_context)

1557

self.assertRaises(TypeError, connection.set_context, object())

1558

self.assertRaises(TypeError, connection.set_context, "hello")

1559

self.assertRaises(TypeError, connection.set_context, 1)

1560

self.assertRaises(TypeError, connection.set_context, 1, 2)

1561

self.assertRaises(

1562

TypeError, connection.set_context, Context(TLSv1_METHOD), 2)

1563

self.assertIdentical(ctx, connection.get_context())

1564

1565

1566

def test_set_context(self):

1567

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1568

:py:obj:`Connection.set_context` specifies a new :py:obj:`Context` instance to be used

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1569

for the connection.

1570

"""

1571

original = Context(SSLv23_METHOD)

1572

replacement = Context(TLSv1_METHOD)

1573

connection = Connection(original, None)

1574

connection.set_context(replacement)

1575

self.assertIdentical(replacement, connection.get_context())

1576

# Lose our references to the contexts, just in case the Connection isn't

1577

# properly managing its own contributions to their reference counts.

1578

del original, replacement

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

collect()

def test_set_tlsext_host_name_wrong_args(self):

1583

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1584

If :py:obj:`Connection.set_tlsext_host_name` is called with a non-byte string

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1585

argument or a byte string with an embedded NUL or other than one

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1586

argument, :py:obj:`TypeError` is raised.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1587

"""

1588

conn = Connection(Context(TLSv1_METHOD), None)

1589

self.assertRaises(TypeError, conn.set_tlsext_host_name)

1590

self.assertRaises(TypeError, conn.set_tlsext_host_name, object())

1591

self.assertRaises(TypeError, conn.set_tlsext_host_name, 123, 456)

1592

self.assertRaises(

1593

TypeError, conn.set_tlsext_host_name, b("with\0null"))

1594

1595

if version_info >= (3,):

1596

# On Python 3.x, don't accidentally implicitly convert from text.

1597

self.assertRaises(

1598

TypeError,

1599

conn.set_tlsext_host_name, b("example.com").decode("ascii"))

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1600

1601

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

1602

def test_get_servername_wrong_args(self):

1603

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1604

:py:obj:`Connection.get_servername` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

1605

arguments.

1606

"""

1607

connection = Connection(Context(TLSv1_METHOD), None)

1608

self.assertRaises(TypeError, connection.get_servername, object())

1609

self.assertRaises(TypeError, connection.get_servername, 1)

1610

self.assertRaises(TypeError, connection.get_servername, "hello")

1611

1612

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1613

def test_pending(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1614

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1615

:py:obj:`Connection.pending` returns the number of bytes available for

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1616

immediate read.

1617

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1618

connection = Connection(Context(TLSv1_METHOD), None)

1619

self.assertEquals(connection.pending(), 0)

1620

1621

1622

def test_pending_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1623

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1624

:py:obj:`Connection.pending` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1625

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1626

connection = Connection(Context(TLSv1_METHOD), None)

1627

self.assertRaises(TypeError, connection.pending, None)

1628

1629

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1630

def test_connect_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1631

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1632

:py:obj:`Connection.connect` raises :py:obj:`TypeError` if called with a non-address

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1633

argument or with the wrong number of arguments.

1634

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1635

connection = Connection(Context(TLSv1_METHOD), socket())

1636

self.assertRaises(TypeError, connection.connect, None)

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1637

self.assertRaises(TypeError, connection.connect)

1638

self.assertRaises(TypeError, connection.connect, ("127.0.0.1", 1), None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1639

1640

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1641

def test_connect_refused(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1642

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1643

:py:obj:`Connection.connect` raises :py:obj:`socket.error` if the underlying socket

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1644

connect method raises it.

1645

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1646

client = socket()

1647

context = Context(TLSv1_METHOD)

1648

clientSSL = Connection(context, client)

1649

exc = self.assertRaises(error, clientSSL.connect, ("127.0.0.1", 1))

Jean-Paul Calderone

35adf9d

2010-07-29 18:40:44 -0400

[diff] [blame]

1650

self.assertEquals(exc.args[0], ECONNREFUSED)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1651

1652

1653

def test_connect(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1654

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1655

:py:obj:`Connection.connect` establishes a connection to the specified address.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1656

"""

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(3)

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

1662

clientSSL.connect(('127.0.0.1', port.getsockname()[1]))

1663

# XXX An assertion? Or something?

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1664

1665

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1666

if platform == "darwin":

1667

"connect_ex sometimes causes a kernel panic on OS X 10.6.4"

1668

else:

1669

def test_connect_ex(self):

1670

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1671

If there is a connection error, :py:obj:`Connection.connect_ex` returns the

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1672

errno instead of raising an exception.

"""

port = socket()

port.bind(('', 0))

port.listen(3)

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

1677

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1678

clientSSL = Connection(Context(TLSv1_METHOD), socket())

1679

clientSSL.setblocking(False)

1680

result = clientSSL.connect_ex(port.getsockname())

1681

expected = (EINPROGRESS, EWOULDBLOCK)

1682

self.assertTrue(

1683

result in expected, "%r not in %r" % (result, expected))

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

1684

1685

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1686

def test_accept_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1687

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1688

:py:obj:`Connection.accept` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1689

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1690

connection = Connection(Context(TLSv1_METHOD), socket())

1691

self.assertRaises(TypeError, connection.accept, None)

1692

1693

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1694

def test_accept(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1695

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1696

:py:obj:`Connection.accept` accepts a pending connection attempt and returns a

1697

tuple of a new :py:obj:`Connection` (the accepted client) and the address the

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1698

connection originated from.

1699

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1700

ctx = Context(TLSv1_METHOD)

1701

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1702

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1703

port = socket()

1704

portSSL = Connection(ctx, port)

1705

portSSL.bind(('', 0))

1706

portSSL.listen(3)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1707

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1708

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

1709

1710

# Calling portSSL.getsockname() here to get the server IP address sounds

1711

# great, but frequently fails on Windows.

1712

clientSSL.connect(('127.0.0.1', portSSL.getsockname()[1]))

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1713

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1714

serverSSL, address = portSSL.accept()

1715

1716

self.assertTrue(isinstance(serverSSL, Connection))

1717

self.assertIdentical(serverSSL.get_context(), ctx)

1718

self.assertEquals(address, clientSSL.getsockname())

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1719

1720

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1721

def test_shutdown_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1722

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1723

:py:obj:`Connection.shutdown` raises :py:obj:`TypeError` if called with the wrong

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1724

number of arguments or with arguments other than integers.

1725

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1726

connection = Connection(Context(TLSv1_METHOD), None)

1727

self.assertRaises(TypeError, connection.shutdown, None)

Jean-Paul Calderone

1d3e022

2010-07-29 22:52:45 -0400

[diff] [blame]

1728

self.assertRaises(TypeError, connection.get_shutdown, None)

1729

self.assertRaises(TypeError, connection.set_shutdown)

1730

self.assertRaises(TypeError, connection.set_shutdown, None)

1731

self.assertRaises(TypeError, connection.set_shutdown, 0, 1)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1732

1733

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1734

def test_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1735

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1736

:py:obj:`Connection.shutdown` performs an SSL-level connection shutdown.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1737

"""

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1738

server, client = self._loopback()

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

1739

self.assertFalse(server.shutdown())

1740

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1741

self.assertRaises(ZeroReturnError, client.recv, 1024)

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

1742

self.assertEquals(client.get_shutdown(), RECEIVED_SHUTDOWN)

1743

client.shutdown()

1744

self.assertEquals(client.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

1745

self.assertRaises(ZeroReturnError, server.recv, 1024)

1746

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1747

1748

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

1749

def test_set_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1750

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1751

:py:obj:`Connection.set_shutdown` sets the state of the SSL connection shutdown

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1752

process.

1753

"""

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

1754

connection = Connection(Context(TLSv1_METHOD), socket())

1755

connection.set_shutdown(RECEIVED_SHUTDOWN)

1756

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

1757

1758

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

1759

if not PY3:

1760

def test_set_shutdown_long(self):

1761

"""

1762

On Python 2 :py:obj:`Connection.set_shutdown` accepts an argument

1763

of type :py:obj:`long` as well as :py:obj:`int`.

1764

"""

1765

connection = Connection(Context(TLSv1_METHOD), socket())

1766

connection.set_shutdown(long(RECEIVED_SHUTDOWN))

1767

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

1768

1769

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1770

def test_app_data_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1771

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1772

:py:obj:`Connection.set_app_data` raises :py:obj:`TypeError` if called with other than

1773

one argument. :py:obj:`Connection.get_app_data` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1774

with any arguments.

1775

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1776

conn = Connection(Context(TLSv1_METHOD), None)

1777

self.assertRaises(TypeError, conn.get_app_data, None)

1778

self.assertRaises(TypeError, conn.set_app_data)

1779

self.assertRaises(TypeError, conn.set_app_data, None, None)

1780

1781

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

1782

def test_app_data(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1783

"""

1784

Any object can be set as app data by passing it to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1785

:py:obj:`Connection.set_app_data` and later retrieved with

1786

:py:obj:`Connection.get_app_data`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1787

"""

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

1788

conn = Connection(Context(TLSv1_METHOD), None)

1789

app_data = object()

1790

conn.set_app_data(app_data)

1791

self.assertIdentical(conn.get_app_data(), app_data)

1792

1793

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1794

def test_makefile(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1795

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1796

:py:obj:`Connection.makefile` is not implemented and calling that method raises

1797

:py:obj:`NotImplementedError`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1798

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1799

conn = Connection(Context(TLSv1_METHOD), None)

1800

self.assertRaises(NotImplementedError, conn.makefile)

1801

1802

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1803

def test_get_peer_cert_chain_wrong_args(self):

1804

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1805

:py:obj:`Connection.get_peer_cert_chain` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1806

arguments.

1807

"""

1808

conn = Connection(Context(TLSv1_METHOD), None)

1809

self.assertRaises(TypeError, conn.get_peer_cert_chain, 1)

1810

self.assertRaises(TypeError, conn.get_peer_cert_chain, "foo")

1811

self.assertRaises(TypeError, conn.get_peer_cert_chain, object())

1812

self.assertRaises(TypeError, conn.get_peer_cert_chain, [])

1813

1814

1815

def test_get_peer_cert_chain(self):

1816

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1817

:py:obj:`Connection.get_peer_cert_chain` returns a list of certificates which

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1818

the connected server returned for the certification verification.

1819

"""

1820

chain = _create_certificate_chain()

1821

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1822

1823

serverContext = Context(TLSv1_METHOD)

1824

serverContext.use_privatekey(skey)

1825

serverContext.use_certificate(scert)

1826

serverContext.add_extra_chain_cert(icert)

1827

serverContext.add_extra_chain_cert(cacert)

1828

server = Connection(serverContext, None)

1829

server.set_accept_state()

1830

1831

# Create the client

1832

clientContext = Context(TLSv1_METHOD)

1833

clientContext.set_verify(VERIFY_NONE, verify_cb)

1834

client = Connection(clientContext, None)

1835

client.set_connect_state()

1836

1837

self._interactInMemory(client, server)

1838

1839

chain = client.get_peer_cert_chain()

1840

self.assertEqual(len(chain), 3)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

1841

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1842

"Server Certificate", chain[0].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

1843

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1844

"Intermediate Certificate", chain[1].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

1845

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1846

"Authority Certificate", chain[2].get_subject().CN)

1847

1848

1849

def test_get_peer_cert_chain_none(self):

1850

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1851

:py:obj:`Connection.get_peer_cert_chain` returns :py:obj:`None` if the peer sends no

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1852

certificate chain.

1853

"""

1854

ctx = Context(TLSv1_METHOD)

1855

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1856

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1857

server = Connection(ctx, None)

1858

server.set_accept_state()

1859

client = Connection(Context(TLSv1_METHOD), None)

1860

client.set_connect_state()

1861

self._interactInMemory(client, server)

1862

self.assertIdentical(None, server.get_peer_cert_chain())

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1863

1864

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

1865

def test_get_session_wrong_args(self):

1866

"""

1867

:py:obj:`Connection.get_session` raises :py:obj:`TypeError` if called

1868

with any arguments.

1869

"""

1870

ctx = Context(TLSv1_METHOD)

1871

server = Connection(ctx, None)

1872

self.assertRaises(TypeError, server.get_session, 123)

1873

self.assertRaises(TypeError, server.get_session, "hello")

1874

self.assertRaises(TypeError, server.get_session, object())

1875

1876

1877

def test_get_session_unconnected(self):

1878

"""

1879

:py:obj:`Connection.get_session` returns :py:obj:`None` when used with

1880

an object which has not been connected.

1881

"""

1882

ctx = Context(TLSv1_METHOD)

1883

server = Connection(ctx, None)

1884

session = server.get_session()

1885

self.assertIdentical(None, session)

1886

1887

1888

def test_server_get_session(self):

1889

"""

1890

On the server side of a connection, :py:obj:`Connection.get_session`

1891

returns a :py:class:`Session` instance representing the SSL session for

1892

that connection.

1893

"""

1894

server, client = self._loopback()

1895

session = server.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1896

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

1897

1898

1899

def test_client_get_session(self):

1900

"""

1901

On the client side of a connection, :py:obj:`Connection.get_session`

1902

returns a :py:class:`Session` instance representing the SSL session for

1903

that connection.

1904

"""

1905

server, client = self._loopback()

1906

session = client.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1907

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

1908

1909

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

1910

def test_set_session_wrong_args(self):

1911

"""

1912

If called with an object that is not an instance of :py:class:`Session`,

1913

or with other than one argument, :py:obj:`Connection.set_session` raises

1914

:py:obj:`TypeError`.

1915

"""

1916

ctx = Context(TLSv1_METHOD)

1917

connection = Connection(ctx, None)

1918

self.assertRaises(TypeError, connection.set_session)

1919

self.assertRaises(TypeError, connection.set_session, 123)

1920

self.assertRaises(TypeError, connection.set_session, "hello")

1921

self.assertRaises(TypeError, connection.set_session, object())

1922

self.assertRaises(

1923

TypeError, connection.set_session, Session(), Session())

1924

1925

1926

def test_client_set_session(self):

1927

"""

1928

:py:obj:`Connection.set_session`, when used prior to a connection being

1929

established, accepts a :py:class:`Session` instance and causes an

1930

attempt to re-use the session it represents when the SSL handshake is

1931

performed.

1932

"""

1933

key = load_privatekey(FILETYPE_PEM, server_key_pem)

1934

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

1935

ctx = Context(TLSv1_METHOD)

1936

ctx.use_privatekey(key)

1937

ctx.use_certificate(cert)

1938

ctx.set_session_id("unity-test")

1939

1940

def makeServer(socket):

1941

server = Connection(ctx, socket)

1942

server.set_accept_state()

1943

return server

1944

1945

originalServer, originalClient = self._loopback(

1946

serverFactory=makeServer)

1947

originalSession = originalClient.get_session()

1948

1949

def makeClient(socket):

1950

client = self._loopbackClientFactory(socket)

1951

client.set_session(originalSession)

1952

return client

1953

resumedServer, resumedClient = self._loopback(

1954

serverFactory=makeServer,

1955

clientFactory=makeClient)

1956

1957

# This is a proxy: in general, we have no access to any unique

1958

# identifier for the session (new enough versions of OpenSSL expose a

1959

# hash which could be usable, but "new enough" is very, very new).

1960

# Instead, exploit the fact that the master key is re-used if the

1961

# session is re-used. As long as the master key for the two connections

1962

# is the same, the session was re-used!

1963

self.assertEqual(

1964

originalServer.master_key(), resumedServer.master_key())

1965

1966

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

1967

def test_set_session_wrong_method(self):

1968

"""

Jean-Paul Calderone

068cb59

2012-02-14 16:52:43 -0500

[diff] [blame]

1969

If :py:obj:`Connection.set_session` is passed a :py:class:`Session`

1970

instance associated with a context using a different SSL method than the

1971

:py:obj:`Connection` is using, a :py:class:`OpenSSL.SSL.Error` is

1972

raised.

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

1973

"""

1974

key = load_privatekey(FILETYPE_PEM, server_key_pem)

1975

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

1976

ctx = Context(TLSv1_METHOD)

1977

ctx.use_privatekey(key)

1978

ctx.use_certificate(cert)

1979

ctx.set_session_id("unity-test")

1980

1981

def makeServer(socket):

1982

server = Connection(ctx, socket)

1983

server.set_accept_state()

1984

return server

1985

1986

originalServer, originalClient = self._loopback(

1987

serverFactory=makeServer)

1988

originalSession = originalClient.get_session()

1989

1990

def makeClient(socket):

1991

# Intentionally use a different, incompatible method here.

1992

client = Connection(Context(SSLv3_METHOD), socket)

1993

client.set_connect_state()

1994

client.set_session(originalSession)

return client

self.assertRaises(

Error,

self._loopback, clientFactory=makeClient, serverFactory=makeServer)

2000

2001

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2002

def test_wantWriteError(self):

2003

"""

2004

:py:obj:`Connection` methods which generate output raise

2005

:py:obj:`OpenSSL.SSL.WantWriteError` if writing to the connection's BIO

2006

fail indicating a should-write state.

2007

"""

2008

client_socket, server_socket = socket_pair()

2009

# Fill up the client's send buffer so Connection won't be able to write

Jean-Paul Calderone

bbff8b9

2014-03-22 14:20:30 -0400

[diff] [blame]

2010

# anything. Only write a single byte at a time so we can be sure we

2011

# completely fill the buffer. Even though the socket API is allowed to

2012

# signal a short write via its return value it seems this doesn't

2013

# always happen on all platforms (FreeBSD and OS X particular) for the

2014

# very last bit of available buffer space.

2015

msg = b"x"

2016

for i in range(1024 * 1024 * 4):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2017

try:

2018

client_socket.send(msg)

2019

except error as e:

2020

if e.errno == EWOULDBLOCK:

break

raise

else:

self.fail(

"Failed to fill socket buffer, cannot test BIO want write")

2026

2027

ctx = Context(TLSv1_METHOD)

2028

conn = Connection(ctx, client_socket)

2029

# Client's speak first, so make it an SSL client

2030

conn.set_connect_state()

2031

self.assertRaises(WantWriteError, conn.do_handshake)

# XXX want_read

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2035

def test_get_finished_before_connect(self):

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2036

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2037

:py:obj:`Connection.get_finished` returns :py:obj:`None` before TLS

2038

handshake is completed.

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2039

"""

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2040

ctx = Context(TLSv1_METHOD)

2041

connection = Connection(ctx, None)

2042

self.assertEqual(connection.get_finished(), None)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2043

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2044

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2045

def test_get_peer_finished_before_connect(self):

2046

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2047

:py:obj:`Connection.get_peer_finished` returns :py:obj:`None` before

2048

TLS handshake is completed.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2049

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2050

ctx = Context(TLSv1_METHOD)

2051

connection = Connection(ctx, None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2052

self.assertEqual(connection.get_peer_finished(), None)

2053

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2054

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2055

def test_get_finished(self):

2056

"""

2057

:py:obj:`Connection.get_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2058

message send from client, or server. Finished messages are send during

2059

TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2060

"""

2061

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2062

server, client = self._loopback()

2063

2064

self.assertNotEqual(server.get_finished(), None)

2065

self.assertTrue(len(server.get_finished()) > 0)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2066

Jean-Paul Calderone

d979f23

2014-03-30 11:58:00 -0400

[diff] [blame]

2067

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2068

def test_get_peer_finished(self):

2069

"""

2070

:py:obj:`Connection.get_peer_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2071

message received from client, or server. Finished messages are send

2072

during TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2073

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2074

server, client = self._loopback()

2075

2076

self.assertNotEqual(server.get_peer_finished(), None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2077

self.assertTrue(len(server.get_peer_finished()) > 0)

2078

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2079

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2080

def test_tls_finished_message_symmetry(self):

2081

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2082

The TLS Finished message send by server must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2083

received by client.

2084

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2085

The TLS Finished message send by client must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2086

received by server.

2087

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2088

server, client = self._loopback()

2089

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2090

self.assertEqual(server.get_finished(), client.get_peer_finished())

2091

self.assertEqual(client.get_finished(), server.get_peer_finished())

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2092

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2093

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2094

def test_get_cipher_name_before_connect(self):

2095

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2096

:py:obj:`Connection.get_cipher_name` returns :py:obj:`None` if no

2097

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2098

"""

2099

ctx = Context(TLSv1_METHOD)

2100

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2101

self.assertIdentical(conn.get_cipher_name(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2102

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2103

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2104

def test_get_cipher_name(self):

2105

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2106

:py:obj:`Connection.get_cipher_name` returns a :py:class:`unicode`

2107

string giving the name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2108

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2109

server, client = self._loopback()

2110

server_cipher_name, client_cipher_name = \

2111

server.get_cipher_name(), client.get_cipher_name()

2112

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2113

self.assertIsInstance(server_cipher_name, text_type)

2114

self.assertIsInstance(client_cipher_name, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2115

2116

self.assertEqual(server_cipher_name, client_cipher_name)

2117

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2118

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2119

def test_get_cipher_version_before_connect(self):

2120

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2121

:py:obj:`Connection.get_cipher_version` returns :py:obj:`None` if no

2122

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2123

"""

2124

ctx = Context(TLSv1_METHOD)

2125

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2126

self.assertIdentical(conn.get_cipher_version(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2127

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2128

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2129

def test_get_cipher_version(self):

2130

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2131

:py:obj:`Connection.get_cipher_version` returns a :py:class:`unicode`

2132

string giving the protocol name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2133

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2134

server, client = self._loopback()

2135

server_cipher_version, client_cipher_version = \

2136

server.get_cipher_version(), client.get_cipher_version()

2137

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2138

self.assertIsInstance(server_cipher_version, text_type)

2139

self.assertIsInstance(client_cipher_version, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2140

2141

self.assertEqual(server_cipher_version, client_cipher_version)

2142

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2143

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2144

def test_get_cipher_bits_before_connect(self):

2145

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2146

:py:obj:`Connection.get_cipher_bits` returns :py:obj:`None` if no

2147

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2148

"""

2149

ctx = Context(TLSv1_METHOD)

2150

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2151

self.assertIdentical(conn.get_cipher_bits(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2152

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2153

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2154

def test_get_cipher_bits(self):

2155

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2156

:py:obj:`Connection.get_cipher_bits` returns the number of secret bits

2157

of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2158

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2159

server, client = self._loopback()

2160

server_cipher_bits, client_cipher_bits = \

2161

server.get_cipher_bits(), client.get_cipher_bits()

2162

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2163

self.assertIsInstance(server_cipher_bits, int)

2164

self.assertIsInstance(client_cipher_bits, int)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2165

2166

self.assertEqual(server_cipher_bits, client_cipher_bits)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2167

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2168

2169

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2170

class ConnectionGetCipherListTests(TestCase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2171

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2172

Tests for :py:obj:`Connection.get_cipher_list`.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2173

"""

Jean-Paul Calderone

54a2bc0

2010-09-09 17:52:38 -0400

[diff] [blame]

2174

def test_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2175

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2176

:py:obj:`Connection.get_cipher_list` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2177

arguments.

2178

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2179

connection = Connection(Context(TLSv1_METHOD), None)

2180

self.assertRaises(TypeError, connection.get_cipher_list, None)

2181

2182

2183

def test_result(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2184

"""

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2185

:py:obj:`Connection.get_cipher_list` returns a :py:obj:`list` of

2186

:py:obj:`bytes` giving the names of the ciphers which might be used.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2187

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2188

connection = Connection(Context(TLSv1_METHOD), None)

2189

ciphers = connection.get_cipher_list()

2190

self.assertTrue(isinstance(ciphers, list))

2191

for cipher in ciphers:

2192

self.assertTrue(isinstance(cipher, str))

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2196

class ConnectionSendTests(TestCase, _LoopbackMixin):

2197

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2198

Tests for :py:obj:`Connection.send`

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2199

"""

2200

def test_wrong_args(self):

2201

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2202

When called with arguments other than string argument for its first

2203

parameter or more than two arguments, :py:obj:`Connection.send` raises

2204

:py:obj:`TypeError`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2205

"""

2206

connection = Connection(Context(TLSv1_METHOD), None)

Jean-Paul Calderone

77fa260

2011-01-05 18:23:39 -0500

[diff] [blame]

2207

self.assertRaises(TypeError, connection.send)

2208

self.assertRaises(TypeError, connection.send, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2209

self.assertRaises(TypeError, connection.send, "foo", object(), "bar")

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2210

2211

2212

def test_short_bytes(self):

2213

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2214

When passed a short byte string, :py:obj:`Connection.send` transmits all of it

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2215

and returns the number of bytes sent.

2216

"""

2217

server, client = self._loopback()

2218

count = server.send(b('xy'))

2219

self.assertEquals(count, 2)

2220

self.assertEquals(client.recv(2), b('xy'))

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2226

else:

2227

def test_short_memoryview(self):

2228

"""

2229

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2230

:py:obj:`Connection.send` transmits all of them and returns the number of

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2231

bytes sent.

2232

"""

2233

server, client = self._loopback()

2234

count = server.send(memoryview(b('xy')))

2235

self.assertEquals(count, 2)

2236

self.assertEquals(client.recv(2), b('xy'))

2237

2238

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

try:

buffer

except NameError:

"cannot test sending buffer without buffer"

2243

else:

2244

def test_short_buffer(self):

2245

"""

2246

When passed a buffer containing a small number of bytes,

2247

:py:obj:`Connection.send` transmits all of them and returns the number of

2248

bytes sent.

2249

"""

2250

server, client = self._loopback()

2251

count = server.send(buffer(b('xy')))

2252

self.assertEquals(count, 2)

2253

self.assertEquals(client.recv(2), b('xy'))

2254

2255

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2256

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2257

class ConnectionSendallTests(TestCase, _LoopbackMixin):

2258

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2259

Tests for :py:obj:`Connection.sendall`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2260

"""

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2261

def test_wrong_args(self):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2262

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2263

When called with arguments other than a string argument for its first

2264

parameter or with more than two arguments, :py:obj:`Connection.sendall`

2265

raises :py:obj:`TypeError`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2266

"""

2267

connection = Connection(Context(TLSv1_METHOD), None)

2268

self.assertRaises(TypeError, connection.sendall)

2269

self.assertRaises(TypeError, connection.sendall, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2270

self.assertRaises(

2271

TypeError, connection.sendall, "foo", object(), "bar")

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2272

2273

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2274

def test_short(self):

2275

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2276

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2277

it.

2278

"""

2279

server, client = self._loopback()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

2280

server.sendall(b('x'))

2281

self.assertEquals(client.recv(1), b('x'))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2282

2283

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2288

else:

2289

def test_short_memoryview(self):

2290

"""

2291

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2292

:py:obj:`Connection.sendall` transmits all of them.

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2293

"""

2294

server, client = self._loopback()

2295

server.sendall(memoryview(b('x')))

2296

self.assertEquals(client.recv(1), b('x'))

2297

2298

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

try:

buffer

except NameError:

"cannot test sending buffers without buffers"

2303

else:

2304

def test_short_buffers(self):

2305

"""

2306

When passed a buffer containing a small number of bytes,

2307

:py:obj:`Connection.sendall` transmits all of them.

2308

"""

2309

server, client = self._loopback()

2310

server.sendall(buffer(b('x')))

2311

self.assertEquals(client.recv(1), b('x'))

2312

2313

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2314

def test_long(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2315

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2316

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2317

it even if this requires multiple calls of an underlying write function.

2318

"""

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2319

server, client = self._loopback()

Jean-Paul Calderone

6241c70

2010-09-16 19:59:24 -0400

[diff] [blame]

2320

# Should be enough, underlying SSL_write should only do 16k at a time.

2321

# On Windows, after 32k of bytes the write will block (forever - because

2322

# no one is yet reading).

Jean-Paul Calderone

9e4c135

2010-09-19 09:34:43 -0400

[diff] [blame]

2323

message = b('x') * (1024 * 32 - 1) + b('y')

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2324

server.sendall(message)

2325

accum = []

2326

received = 0

2327

while received < len(message):

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

2328

data = client.recv(1024)

2329

accum.append(data)

2330

received += len(data)

Jean-Paul Calderone

f404785

2010-09-19 09:45:57 -0400

[diff] [blame]

2331

self.assertEquals(message, b('').join(accum))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2332

2333

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2334

def test_closed(self):

2335

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2336

If the underlying socket is closed, :py:obj:`Connection.sendall` propagates the

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2337

write error from the low level write call.

2338

"""

2339

server, client = self._loopback()

Jean-Paul Calderone

05d43e8

2010-09-24 18:01:36 -0400

[diff] [blame]

2340

server.sock_shutdown(2)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2341

exc = self.assertRaises(SysCallError, server.sendall, b"hello, world")

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

2342

if platform == "win32":

2343

self.assertEqual(exc.args[0], ESHUTDOWN)

2344

else:

2345

self.assertEqual(exc.args[0], EPIPE)

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2346

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2347

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

2348

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2349

class ConnectionRenegotiateTests(TestCase, _LoopbackMixin):

2350

"""

2351

Tests for SSL renegotiation APIs.

2352

"""

2353

def test_renegotiate_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2354

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2355

:py:obj:`Connection.renegotiate` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2356

arguments.

2357

"""

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2358

connection = Connection(Context(TLSv1_METHOD), None)

2359

self.assertRaises(TypeError, connection.renegotiate, None)

2360

2361

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2362

def test_total_renegotiations_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2363

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2364

:py:obj:`Connection.total_renegotiations` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2365

any arguments.

2366

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2367

connection = Connection(Context(TLSv1_METHOD), None)

2368

self.assertRaises(TypeError, connection.total_renegotiations, None)

2369

2370

2371

def test_total_renegotiations(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2372

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2373

:py:obj:`Connection.total_renegotiations` returns :py:obj:`0` before any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2374

renegotiations have happened.

2375

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2376

connection = Connection(Context(TLSv1_METHOD), None)

2377

self.assertEquals(connection.total_renegotiations(), 0)

2378

2379

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2380

# def test_renegotiate(self):

2381

# """

2382

# """

2383

# server, client = self._loopback()

2384

2385

# server.send("hello world")

2386

# self.assertEquals(client.recv(len("hello world")), "hello world")

2387

2388

# self.assertEquals(server.total_renegotiations(), 0)

2389

# self.assertTrue(server.renegotiate())

2390

2391

# server.setblocking(False)

2392

# client.setblocking(False)

2393

# while server.renegotiate_pending():

2394

# client.do_handshake()

2395

# server.do_handshake()

2396

2397

# self.assertEquals(server.total_renegotiations(), 1)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2402

class ErrorTests(TestCase):

2403

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2404

Unit tests for :py:obj:`OpenSSL.SSL.Error`.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2405

"""

2406

def test_type(self):

2407

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2408

:py:obj:`Error` is an exception type.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2409

"""

2410

self.assertTrue(issubclass(Error, Exception))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2411

self.assertEqual(Error.__name__, 'Error')

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2415

class ConstantsTests(TestCase):

2416

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2417

Tests for the values of constants exposed in :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2418

2419

These are values defined by OpenSSL intended only to be used as flags to

2420

OpenSSL APIs. The only assertions it seems can be made about them is

2421

their values.

2422

"""

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2423

# unittest.TestCase has no skip mechanism

2424

if OP_NO_QUERY_MTU is not None:

2425

def test_op_no_query_mtu(self):

2426

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2427

The value of :py:obj:`OpenSSL.SSL.OP_NO_QUERY_MTU` is 0x1000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2428

:py:const:`SSL_OP_NO_QUERY_MTU` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2429

"""

2430

self.assertEqual(OP_NO_QUERY_MTU, 0x1000)

2431

else:

2432

"OP_NO_QUERY_MTU unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2433

2434

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2435

if OP_COOKIE_EXCHANGE is not None:

2436

def test_op_cookie_exchange(self):

2437

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2438

The value of :py:obj:`OpenSSL.SSL.OP_COOKIE_EXCHANGE` is 0x2000, the value

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2439

of :py:const:`SSL_OP_COOKIE_EXCHANGE` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2440

"""

2441

self.assertEqual(OP_COOKIE_EXCHANGE, 0x2000)

2442

else:

2443

"OP_COOKIE_EXCHANGE unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2444

2445

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2446

if OP_NO_TICKET is not None:

2447

def test_op_no_ticket(self):

2448

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2449

The value of :py:obj:`OpenSSL.SSL.OP_NO_TICKET` is 0x4000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2450

:py:const:`SSL_OP_NO_TICKET` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2451

"""

2452

self.assertEqual(OP_NO_TICKET, 0x4000)

Jean-Paul Calderone

cebd178

2011-09-11 10:01:31 -0400

[diff] [blame]

2453

else:

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2454

"OP_NO_TICKET unavailable - OpenSSL version may be too old"

Rick Dean

5b7b637

2009-04-01 11:34:06 -0500

[diff] [blame]

2455

2456

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

2457

if OP_NO_COMPRESSION is not None:

2458

def test_op_no_compression(self):

2459

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2460

The value of :py:obj:`OpenSSL.SSL.OP_NO_COMPRESSION` is 0x20000, the value

2461

of :py:const:`SSL_OP_NO_COMPRESSION` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

2462

"""

2463

self.assertEqual(OP_NO_COMPRESSION, 0x20000)

2464

else:

2465

"OP_NO_COMPRESSION unavailable - OpenSSL version may be too old"

2466

2467

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2468

def test_sess_cache_off(self):

2469

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2470

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_OFF` 0x0, the value of

2471

:py:obj:`SSL_SESS_CACHE_OFF` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2472

"""

2473

self.assertEqual(0x0, SESS_CACHE_OFF)

2474

2475

2476

def test_sess_cache_client(self):

2477

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2478

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_CLIENT` 0x1, the value of

2479

:py:obj:`SSL_SESS_CACHE_CLIENT` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2480

"""

2481

self.assertEqual(0x1, SESS_CACHE_CLIENT)

2482

2483

2484

def test_sess_cache_server(self):

2485

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2486

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_SERVER` 0x2, the value of

2487

:py:obj:`SSL_SESS_CACHE_SERVER` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2488

"""

2489

self.assertEqual(0x2, SESS_CACHE_SERVER)

2490

2491

2492

def test_sess_cache_both(self):

2493

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2494

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_BOTH` 0x3, the value of

2495

:py:obj:`SSL_SESS_CACHE_BOTH` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2496

"""

2497

self.assertEqual(0x3, SESS_CACHE_BOTH)

2498

2499

2500

def test_sess_cache_no_auto_clear(self):

2501

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2502

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_AUTO_CLEAR` 0x80, the

2503

value of :py:obj:`SSL_SESS_CACHE_NO_AUTO_CLEAR` defined by

2504

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2505

"""

2506

self.assertEqual(0x80, SESS_CACHE_NO_AUTO_CLEAR)

2507

2508

2509

def test_sess_cache_no_internal_lookup(self):

2510

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2511

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_LOOKUP` 0x100,

2512

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_LOOKUP` defined by

2513

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2514

"""

2515

self.assertEqual(0x100, SESS_CACHE_NO_INTERNAL_LOOKUP)

2516

2517

2518

def test_sess_cache_no_internal_store(self):

2519

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2520

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_STORE` 0x200,

2521

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_STORE` defined by

2522

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2523

"""

2524

self.assertEqual(0x200, SESS_CACHE_NO_INTERNAL_STORE)

2525

2526

2527

def test_sess_cache_no_internal(self):

2528

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2529

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL` 0x300, the

2530

value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL` defined by

2531

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2532

"""

2533

self.assertEqual(0x300, SESS_CACHE_NO_INTERNAL)

2534

2535

Jean-Paul Calderone

eeee26a

2009-04-27 11:24:30 -0400

[diff] [blame]

2536

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2537

class MemoryBIOTests(TestCase, _LoopbackMixin):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2538

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2539

Tests for :py:obj:`OpenSSL.SSL.Connection` using a memory BIO.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2540

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2541

def _server(self, sock):

2542

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2543

Create a new server-side SSL :py:obj:`Connection` object wrapped around

2544

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2545

"""

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2546

# Create the server side Connection. This is mostly setup boilerplate

2547

# - use TLSv1, use a particular certificate, etc.

2548

server_ctx = Context(TLSv1_METHOD)

2549

server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

2550

server_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

2551

server_store = server_ctx.get_cert_store()

2552

server_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2553

server_ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

2554

server_ctx.check_privatekey()

2555

server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2556

# Here the Connection is actually created. If None is passed as the 2nd

2557

# parameter, it indicates a memory BIO should be created.

2558

server_conn = Connection(server_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2559

server_conn.set_accept_state()

return server_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2563

def _client(self, sock):

2564

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2565

Create a new client-side SSL :py:obj:`Connection` object wrapped around

2566

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2567

"""

2568

# Now create the client side Connection. Similar boilerplate to the

2569

# above.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2570

client_ctx = Context(TLSv1_METHOD)

2571

client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

2572

client_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

2573

client_store = client_ctx.get_cert_store()

2574

client_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, client_key_pem))

2575

client_ctx.use_certificate(load_certificate(FILETYPE_PEM, client_cert_pem))

2576

client_ctx.check_privatekey()

2577

client_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2578

client_conn = Connection(client_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2579

client_conn.set_connect_state()

return client_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2583

def test_memoryConnect(self):

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2584

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2585

Two :py:obj:`Connection`s which use memory BIOs can be manually connected by

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2586

reading from the output of each and writing those bytes to the input of

2587

the other and in this way establish a connection and exchange

2588

application-level bytes with each other.

2589

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2590

server_conn = self._server(None)

2591

client_conn = self._client(None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2592

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2593

# There should be no key or nonces yet.

2594

self.assertIdentical(server_conn.master_key(), None)

2595

self.assertIdentical(server_conn.client_random(), None)

2596

self.assertIdentical(server_conn.server_random(), None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2597

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2598

# First, the handshake needs to happen. We'll deliver bytes back and

2599

# forth between the client and server until neither of them feels like

2600

# speaking any more.

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2601

self.assertIdentical(

2602

self._interactInMemory(client_conn, server_conn), None)

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2603

2604

# Now that the handshake is done, there should be a key and nonces.

2605

self.assertNotIdentical(server_conn.master_key(), None)

2606

self.assertNotIdentical(server_conn.client_random(), None)

2607

self.assertNotIdentical(server_conn.server_random(), None)

Jean-Paul Calderone

6c051e6

2009-07-05 13:50:34 -0400

[diff] [blame]

2608

self.assertEquals(server_conn.client_random(), client_conn.client_random())

2609

self.assertEquals(server_conn.server_random(), client_conn.server_random())

2610

self.assertNotEquals(server_conn.client_random(), server_conn.server_random())

2611

self.assertNotEquals(client_conn.client_random(), client_conn.server_random())

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2612

2613

# Here are the bytes we'll try to send.

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

2614

important_message = b('One if by land, two if by sea.')

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2615

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2616

server_conn.write(important_message)

2617

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2618

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2619

(client_conn, important_message))

2620

2621

client_conn.write(important_message[::-1])

2622

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2623

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2624

(server_conn, important_message[::-1]))

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2625

2626

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2627

def test_socketConnect(self):

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2628

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2629

Just like :py:obj:`test_memoryConnect` but with an actual socket.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2630

2631

This is primarily to rule out the memory BIO code as the source of

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2632

any problems encountered while passing data over a :py:obj:`Connection` (if

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2633

this test fails, there must be a problem outside the memory BIO

2634

code, as no memory BIO is involved here). Even though this isn't a

2635

memory BIO test, it's convenient to have it here.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2636

"""

Jean-Paul Calderone

06c7cc9

2010-09-24 23:52:00 -0400

[diff] [blame]

2637

server_conn, client_conn = self._loopback()

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2638

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

2639

important_message = b("Help me Obi Wan Kenobi, you're my only hope.")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2640

client_conn.send(important_message)

2641

msg = server_conn.recv(1024)

2642

self.assertEqual(msg, important_message)

2643

2644

# Again in the other direction, just for fun.

2645

important_message = important_message[::-1]

2646

server_conn.send(important_message)

2647

msg = client_conn.recv(1024)

2648

self.assertEqual(msg, important_message)

2649

2650

Jean-Paul Calderone

fc4ed0f

2009-04-27 11:51:27 -0400

[diff] [blame]

2651

def test_socketOverridesMemory(self):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2652

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2653

Test that :py:obj:`OpenSSL.SSL.bio_read` and :py:obj:`OpenSSL.SSL.bio_write` don't

2654

work on :py:obj:`OpenSSL.SSL.Connection`() that use sockets.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2655

"""

2656

context = Context(SSLv3_METHOD)

2657

client = socket()

2658

clientSSL = Connection(context, client)

2659

self.assertRaises( TypeError, clientSSL.bio_read, 100)

2660

self.assertRaises( TypeError, clientSSL.bio_write, "foo")

Jean-Paul Calderone

07acf3f

2009-05-05 13:23:28 -0400

[diff] [blame]

2661

self.assertRaises( TypeError, clientSSL.bio_shutdown )

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2662

2663

2664

def test_outgoingOverflow(self):

2665

"""

2666

If more bytes than can be written to the memory BIO are passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2667

:py:obj:`Connection.send` at once, the number of bytes which were written is

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2668

returned and that many bytes from the beginning of the input can be

2669

read from the other end of the connection.

2670

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2671

server = self._server(None)

2672

client = self._client(None)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2673

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2674

self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2675

2676

size = 2 ** 15

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2677

sent = client.send(b"x" * size)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2678

# Sanity check. We're trying to test what happens when the entire

2679

# input can't be sent. If the entire input was sent, this test is

2680

# meaningless.

2681

self.assertTrue(sent < size)

2682

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2683

receiver, received = self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2684

self.assertIdentical(receiver, server)

2685

2686

# We can rely on all of these bytes being received at once because

2687

# _loopback passes 2 ** 16 to recv - more than 2 ** 15.

2688

self.assertEquals(len(received), sent)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

2689

2690

2691

def test_shutdown(self):

2692

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2693

:py:obj:`Connection.bio_shutdown` signals the end of the data stream from

2694

which the :py:obj:`Connection` reads.

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

2695

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2696

server = self._server(None)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

2697

server.bio_shutdown()

2698

e = self.assertRaises(Error, server.recv, 1024)

2699

# We don't want WantReadError or ZeroReturnError or anything - it's a

2700

# handshake failure.

2701

self.assertEquals(e.__class__, Error)

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

2702

2703

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2704

def test_unexpectedEndOfFile(self):

2705

"""

2706

If the connection is lost before an orderly SSL shutdown occurs,

2707

:py:obj:`OpenSSL.SSL.SysCallError` is raised with a message of

2708

"Unexpected EOF".

2709

"""

2710

server_conn, client_conn = self._loopback()

2711

client_conn.sock_shutdown(SHUT_RDWR)

2712

exc = self.assertRaises(SysCallError, server_conn.recv, 1024)

2713

self.assertEqual(exc.args, (-1, "Unexpected EOF"))

2714

2715

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2716

def _check_client_ca_list(self, func):

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2717

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2718

Verify the return value of the :py:obj:`get_client_ca_list` method for server and client connections.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2719

Jonathan Ballet

78b92a2

2011-07-16 08:07:26 +0900

[diff] [blame]

2720

:param func: A function which will be called with the server context

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2721

before the client and server are connected to each other. This

2722

function should specify a list of CAs for the server to send to the

2723

client and return that same list. The list will be used to verify

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2724

that :py:obj:`get_client_ca_list` returns the proper value at various

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2725

times.

2726

"""

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2727

server = self._server(None)

2728

client = self._client(None)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2729

self.assertEqual(client.get_client_ca_list(), [])

2730

self.assertEqual(server.get_client_ca_list(), [])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2731

ctx = server.get_context()

2732

expected = func(ctx)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2733

self.assertEqual(client.get_client_ca_list(), [])

2734

self.assertEqual(server.get_client_ca_list(), expected)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2735

self._interactInMemory(client, server)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2736

self.assertEqual(client.get_client_ca_list(), expected)

2737

self.assertEqual(server.get_client_ca_list(), expected)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2738

2739

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2740

def test_set_client_ca_list_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2741

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2742

:py:obj:`Context.set_client_ca_list` raises a :py:obj:`TypeError` if called with a

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2743

non-list or a list that contains objects other than X509Names.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2744

"""

2745

ctx = Context(TLSv1_METHOD)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2746

self.assertRaises(TypeError, ctx.set_client_ca_list, "spam")

2747

self.assertRaises(TypeError, ctx.set_client_ca_list, ["spam"])

2748

self.assertIdentical(ctx.set_client_ca_list([]), None)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2749

2750

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2751

def test_set_empty_ca_list(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2752

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2753

If passed an empty list, :py:obj:`Context.set_client_ca_list` configures the

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2754

context to send no CA names to the client and, on both the server and

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2755

client sides, :py:obj:`Connection.get_client_ca_list` returns an empty list

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2756

after the connection is set up.

2757

"""

2758

def no_ca(ctx):

2759

ctx.set_client_ca_list([])

2760

return []

2761

self._check_client_ca_list(no_ca)

2762

2763

2764

def test_set_one_ca_list(self):

2765

"""

2766

If passed a list containing a single X509Name,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2767

:py:obj:`Context.set_client_ca_list` configures the context to send that CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2768

name to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2769

:py:obj:`Connection.get_client_ca_list` returns a list containing that

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2770

X509Name after the connection is set up.

2771

"""

2772

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2773

cadesc = cacert.get_subject()

2774

def single_ca(ctx):

2775

ctx.set_client_ca_list([cadesc])

2776

return [cadesc]

2777

self._check_client_ca_list(single_ca)

2778

2779

2780

def test_set_multiple_ca_list(self):

2781

"""

2782

If passed a list containing multiple X509Name objects,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2783

:py:obj:`Context.set_client_ca_list` configures the context to send those CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2784

names to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2785

:py:obj:`Connection.get_client_ca_list` returns a list containing those

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2786

X509Names after the connection is set up.

2787

"""

2788

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2789

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2790

2791

sedesc = secert.get_subject()

2792

cldesc = clcert.get_subject()

2793

2794

def multiple_ca(ctx):

2795

L = [sedesc, cldesc]

2796

ctx.set_client_ca_list(L)

2797

return L

2798

self._check_client_ca_list(multiple_ca)

2799

2800

2801

def test_reset_ca_list(self):

2802

"""

2803

If called multiple times, only the X509Names passed to the final call

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2804

of :py:obj:`Context.set_client_ca_list` are used to configure the CA names

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2805

sent to the client.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2806

"""

2807

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2808

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2809

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2810

2811

cadesc = cacert.get_subject()

2812

sedesc = secert.get_subject()

2813

cldesc = clcert.get_subject()

2814

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2815

def changed_ca(ctx):

2816

ctx.set_client_ca_list([sedesc, cldesc])

2817

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2818

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2819

self._check_client_ca_list(changed_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2820

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2821

2822

def test_mutated_ca_list(self):

2823

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2824

If the list passed to :py:obj:`Context.set_client_ca_list` is mutated

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2825

afterwards, this does not affect the list of CA names sent to the

2826

client.

2827

"""

2828

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2829

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2830

2831

cadesc = cacert.get_subject()

2832

sedesc = secert.get_subject()

2833

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2834

def mutated_ca(ctx):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2835

L = [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2836

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2837

L.append(sedesc)

2838

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2839

self._check_client_ca_list(mutated_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2840

2841

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2842

def test_add_client_ca_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2843

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2844

:py:obj:`Context.add_client_ca` raises :py:obj:`TypeError` if called with a non-X509

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2845

object or with a number of arguments other than one.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2846

"""

2847

ctx = Context(TLSv1_METHOD)

2848

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2849

self.assertRaises(TypeError, ctx.add_client_ca)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2850

self.assertRaises(TypeError, ctx.add_client_ca, "spam")

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2851

self.assertRaises(TypeError, ctx.add_client_ca, cacert, cacert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2852

2853

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2854

def test_one_add_client_ca(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2855

"""

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2856

A certificate's subject can be added as a CA to be sent to the client

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2857

with :py:obj:`Context.add_client_ca`.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2858

"""

2859

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2860

cadesc = cacert.get_subject()

2861

def single_ca(ctx):

2862

ctx.add_client_ca(cacert)

2863

return [cadesc]

2864

self._check_client_ca_list(single_ca)

2865

2866

2867

def test_multiple_add_client_ca(self):

2868

"""

2869

Multiple CA names can be sent to the client by calling

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2870

:py:obj:`Context.add_client_ca` with multiple X509 objects.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2871

"""

2872

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2873

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2874

2875

cadesc = cacert.get_subject()

2876

sedesc = secert.get_subject()

2877

2878

def multiple_ca(ctx):

2879

ctx.add_client_ca(cacert)

2880

ctx.add_client_ca(secert)

2881

return [cadesc, sedesc]

2882

self._check_client_ca_list(multiple_ca)

2883

2884

2885

def test_set_and_add_client_ca(self):

2886

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2887

A call to :py:obj:`Context.set_client_ca_list` followed by a call to

2888

:py:obj:`Context.add_client_ca` results in using the CA names from the first

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2889

call and the CA name from the second call.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2890

"""

2891

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2892

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2893

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2894

2895

cadesc = cacert.get_subject()

2896

sedesc = secert.get_subject()

2897

cldesc = clcert.get_subject()

2898

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2899

def mixed_set_add_ca(ctx):

2900

ctx.set_client_ca_list([cadesc, sedesc])

2901

ctx.add_client_ca(clcert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2902

return [cadesc, sedesc, cldesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2903

self._check_client_ca_list(mixed_set_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2904

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2905

2906

def test_set_after_add_client_ca(self):

2907

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2908

A call to :py:obj:`Context.set_client_ca_list` after a call to

2909

:py:obj:`Context.add_client_ca` replaces the CA name specified by the former

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2910

call with the names specified by the latter cal.

2911

"""

2912

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2913

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2914

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2915

2916

cadesc = cacert.get_subject()

2917

sedesc = secert.get_subject()

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2918

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2919

def set_replaces_add_ca(ctx):

2920

ctx.add_client_ca(clcert)

2921

ctx.set_client_ca_list([cadesc])

2922

ctx.add_client_ca(secert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2923

return [cadesc, sedesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2924

self._check_client_ca_list(set_replaces_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2925

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

2926

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2927

2928

class ConnectionBIOTests(TestCase):

2929

"""

2930

Tests for :py:obj:`Connection.bio_read` and :py:obj:`Connection.bio_write`.

2931

"""

2932

def test_wantReadError(self):

2933

"""

2934

:py:obj:`Connection.bio_read` raises :py:obj:`OpenSSL.SSL.WantReadError`

2935

if there are no bytes available to be read from the BIO.

2936

"""

2937

ctx = Context(TLSv1_METHOD)

2938

conn = Connection(ctx, None)

2939

self.assertRaises(WantReadError, conn.bio_read, 1024)

2940

2941

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2942

def test_buffer_size(self):

2943

"""

2944

:py:obj:`Connection.bio_read` accepts an integer giving the maximum

2945

number of bytes to read and return.

2946

"""

2947

ctx = Context(TLSv1_METHOD)

2948

conn = Connection(ctx, None)

2949

conn.set_connect_state()

2950

try:

2951

conn.do_handshake()

2952

except WantReadError:

2953

pass

2954

data = conn.bio_read(2)

2955

self.assertEqual(2, len(data))

if not PY3:

def test_buffer_size_long(self):

2960

"""

2961

On Python 2 :py:obj:`Connection.bio_read` accepts values of type

2962

:py:obj:`long` as well as :py:obj:`int`.

2963

"""

2964

ctx = Context(TLSv1_METHOD)

2965

conn = Connection(ctx, None)

2966

conn.set_connect_state()

2967

try:

2968

conn.do_handshake()

2969

except WantReadError:

2970

pass

2971

data = conn.bio_read(long(2))

2972

self.assertEqual(2, len(data))

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2976

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

2977

class InfoConstantTests(TestCase):

2978

"""

2979

Tests for assorted constants exposed for use in info callbacks.

2980

"""

2981

def test_integers(self):

2982

"""

2983

All of the info constants are integers.

2984

2985

This is a very weak test. It would be nice to have one that actually

2986

verifies that as certain info events happen, the value passed to the

2987

info callback matches up with the constant exposed by OpenSSL.SSL.

2988

"""

2989

for const in [

2990

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT,

2991

SSL_ST_BEFORE, SSL_ST_OK, SSL_ST_RENEGOTIATE,

2992

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

2993

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

2994

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

2995

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE]:

2996

2997

self.assertTrue(isinstance(const, int))

2998

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

2999

Jean-Paul Calderone