Blame - OpenSSL/test/test_ssl.py - platform/external/python/pyopenssl

2008-03-21 17:04:05 -0400

[diff] [blame]

4

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

5

Unit tests for :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

6

"""

7

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

8

from gc import collect, get_referrers

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

9

from errno import ECONNREFUSED, EINPROGRESS, EWOULDBLOCK, EPIPE, ESHUTDOWN

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

10

from sys import platform, version_info, getfilesystemencoding

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

11

from socket import SHUT_RDWR, error, socket

Jean-Paul Calderone

a65cf6c

2009-07-19 10:26:52 -0400

[diff] [blame]

12

from os import makedirs

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

13

from os.path import join

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

14

from unittest import main

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

15

from weakref import ref

Jean-Paul Calderone

460cc1f

2009-03-07 11:31:12 -0500

[diff] [blame]

16

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame^]

17

from six import PY3, binary_type, text_type, u

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

18

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

19

from OpenSSL.crypto import TYPE_RSA, FILETYPE_PEM

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

20

from OpenSSL.crypto import PKey, X509, X509Extension, X509Store

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

21

from OpenSSL.crypto import dump_privatekey, load_privatekey

22

from OpenSSL.crypto import dump_certificate, load_certificate

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

23

from OpenSSL.crypto import get_elliptic_curves

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

24

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

25

from OpenSSL.SSL import OPENSSL_VERSION_NUMBER, SSLEAY_VERSION, SSLEAY_CFLAGS

26

from OpenSSL.SSL import SSLEAY_PLATFORM, SSLEAY_DIR, SSLEAY_BUILT_ON

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

27

from OpenSSL.SSL import SENT_SHUTDOWN, RECEIVED_SHUTDOWN

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

28

from OpenSSL.SSL import (

29

SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD,

30

TLSv1_1_METHOD, TLSv1_2_METHOD)

31

from OpenSSL.SSL import OP_SINGLE_DH_USE, OP_NO_SSLv2, OP_NO_SSLv3

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

32

from OpenSSL.SSL import (

33

VERIFY_PEER, VERIFY_FAIL_IF_NO_PEER_CERT, VERIFY_CLIENT_ONCE, VERIFY_NONE)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

34

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

35

from OpenSSL.SSL import (

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

36

SESS_CACHE_OFF, SESS_CACHE_CLIENT, SESS_CACHE_SERVER, SESS_CACHE_BOTH,

37

SESS_CACHE_NO_AUTO_CLEAR, SESS_CACHE_NO_INTERNAL_LOOKUP,

38

SESS_CACHE_NO_INTERNAL_STORE, SESS_CACHE_NO_INTERNAL)

39

40

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

41

Error, SysCallError, WantReadError, WantWriteError, ZeroReturnError)

Jean-Paul Calderone

e0fcf51

2012-02-13 09:10:15 -0500

[diff] [blame]

42

from OpenSSL.SSL import (

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

43

Context, ContextType, Session, Connection, ConnectionType, SSLeay_version)

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

44

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

45

from OpenSSL.test.util import NON_ASCII, TestCase, b

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

46

from OpenSSL.test.test_crypto import (

47

cleartextCertificatePEM, cleartextPrivateKeyPEM)

48

from OpenSSL.test.test_crypto import (

49

client_cert_pem, client_key_pem, server_cert_pem, server_key_pem,

50

root_cert_pem)

51

Jean-Paul Calderone

4bccf5e

2008-12-28 22:50:42 -0500

[diff] [blame]

52

try:

53

from OpenSSL.SSL import OP_NO_QUERY_MTU

54

except ImportError:

55

OP_NO_QUERY_MTU = None

56

try:

57

from OpenSSL.SSL import OP_COOKIE_EXCHANGE

58

except ImportError:

59

OP_COOKIE_EXCHANGE = None

60

try:

61

from OpenSSL.SSL import OP_NO_TICKET

62

except ImportError:

63

OP_NO_TICKET = None

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

64

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

65

try:

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

66

from OpenSSL.SSL import OP_NO_COMPRESSION

67

except ImportError:

68

OP_NO_COMPRESSION = None

69

70

try:

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

71

from OpenSSL.SSL import MODE_RELEASE_BUFFERS

72

except ImportError:

73

MODE_RELEASE_BUFFERS = None

74

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

75

try:

76

from OpenSSL.SSL import OP_NO_TLSv1, OP_NO_TLSv1_1, OP_NO_TLSv1_2

77

except ImportError:

78

OP_NO_TLSv1 = OP_NO_TLSv1_1 = OP_NO_TLSv1_2 = None

79

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

80

from OpenSSL.SSL import (

81

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT, SSL_ST_BEFORE,

82

SSL_ST_OK, SSL_ST_RENEGOTIATE,

83

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

84

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

85

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

86

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

87

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

88

# openssl dhparam 128 -out dh-128.pem (note that 128 is a small number of bits

89

# to use)

90

dhparam = """\

91

-----BEGIN DH PARAMETERS-----

92

MBYCEQCobsg29c9WZP/54oAPcwiDAgEC

93

-----END DH PARAMETERS-----

"""

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

97

def verify_cb(conn, cert, errnum, depth, ok):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

98

return ok

99

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

100

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

101

def socket_pair():

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

102

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

103

Establish and return a pair of network sockets connected to each other.

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

104

"""

105

# Connect a pair of sockets

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(1)

client = socket()

client.setblocking(False)

Jean-Paul Calderone

f23c5d9

2009-07-23 17:58:15 -0400

[diff] [blame]

111

client.connect_ex(("127.0.0.1", port.getsockname()[1]))

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

112

client.setblocking(True)

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

113

server = port.accept()[0]

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

114

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

115

# Let's pass some unencrypted data to make sure our socket connection is

116

# fine. Just one byte, so we don't have to worry about buffers getting

117

# filled up or fragmentation.

Jean-Paul Calderone

9e4eeae

2010-08-22 21:32:52 -0400

[diff] [blame]

118

server.send(b("x"))

119

assert client.recv(1024) == b("x")

120

client.send(b("y"))

121

assert server.recv(1024) == b("y")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

122

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

123

# Most of our callers want non-blocking sockets, make it easy for them.

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

124

server.setblocking(False)

125

client.setblocking(False)

126

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

127

return (server, client)

128

129

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

130

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

131

def handshake(client, server):

132

conns = [client, server]

while conns:

for conn in conns:

try:

conn.do_handshake()

except WantReadError:

pass

else:

conns.remove(conn)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

143

def _create_certificate_chain():

144

"""

145

Construct and return a chain of certificates.

146

147

1. A new self-signed certificate authority certificate (cacert)

148

2. A new intermediate certificate signed by cacert (icert)

149

3. A new server certificate signed by icert (scert)

150

"""

151

caext = X509Extension(b('basicConstraints'), False, b('CA:true'))

# Step 1

cakey = PKey()

cakey.generate_key(TYPE_RSA, 512)

156

cacert = X509()

157

cacert.get_subject().commonName = "Authority Certificate"

158

cacert.set_issuer(cacert.get_subject())

159

cacert.set_pubkey(cakey)

160

cacert.set_notBefore(b("20000101000000Z"))

161

cacert.set_notAfter(b("20200101000000Z"))

162

cacert.add_extensions([caext])

163

cacert.set_serial_number(0)

164

cacert.sign(cakey, "sha1")

# Step 2

ikey = PKey()

ikey.generate_key(TYPE_RSA, 512)

169

icert = X509()

170

icert.get_subject().commonName = "Intermediate Certificate"

171

icert.set_issuer(cacert.get_subject())

172

icert.set_pubkey(ikey)

173

icert.set_notBefore(b("20000101000000Z"))

174

icert.set_notAfter(b("20200101000000Z"))

175

icert.add_extensions([caext])

176

icert.set_serial_number(0)

177

icert.sign(cakey, "sha1")

# Step 3

skey = PKey()

skey.generate_key(TYPE_RSA, 512)

182

scert = X509()

183

scert.get_subject().commonName = "Server Certificate"

184

scert.set_issuer(icert.get_subject())

185

scert.set_pubkey(skey)

186

scert.set_notBefore(b("20000101000000Z"))

187

scert.set_notAfter(b("20200101000000Z"))

188

scert.add_extensions([

189

X509Extension(b('basicConstraints'), True, b('CA:false'))])

190

scert.set_serial_number(0)

191

scert.sign(ikey, "sha1")

192

193

return [(cakey, cacert), (ikey, icert), (skey, scert)]

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

197

class _LoopbackMixin:

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

198

"""

199

Helper mixin which defines methods for creating a connected socket pair and

200

for forcing two connected SSL sockets to talk to each other via memory BIOs.

201

"""

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

202

def _loopbackClientFactory(self, socket):

203

client = Connection(Context(TLSv1_METHOD), socket)

204

client.set_connect_state()

205

return client

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

206

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

207

208

def _loopbackServerFactory(self, socket):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

209

ctx = Context(TLSv1_METHOD)

210

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

211

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

212

server = Connection(ctx, socket)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

213

server.set_accept_state()

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

return server

def _loopback(self, serverFactory=None, clientFactory=None):

218

if serverFactory is None:

219

serverFactory = self._loopbackServerFactory

220

if clientFactory is None:

221

clientFactory = self._loopbackClientFactory

222

223

(server, client) = socket_pair()

224

server = serverFactory(server)

225

client = clientFactory(client)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

226

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

227

handshake(client, server)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

228

229

server.setblocking(True)

230

client.setblocking(True)

231

return server, client

232

233

234

def _interactInMemory(self, client_conn, server_conn):

235

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

236

Try to read application bytes from each of the two :py:obj:`Connection`

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

237

objects. Copy bytes back and forth between their send/receive buffers

238

for as long as there is anything to copy. When there is nothing more

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

239

to copy, return :py:obj:`None`. If one of them actually manages to deliver

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

240

some application bytes, return a two-tuple of the connection from which

241

the bytes were read and the bytes themselves.

"""

wrote = True

while wrote:

# Loop until neither side has anything to say

246

wrote = False

247

248

# Copy stuff from each side's send buffer to the other side's

249

# receive buffer.

250

for (read, write) in [(client_conn, server_conn),

251

(server_conn, client_conn)]:

252

253

# Give the side a chance to generate some more bytes, or

254

# succeed.

255

try:

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

256

data = read.recv(2 ** 16)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

257

except WantReadError:

258

# It didn't succeed, so we'll hope it generated some

# output.

pass

else:

# It did succeed, so we'll stop now and let the caller deal

263

# with it.

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

264

return (read, data)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

265

266

while True:

267

# Keep copying as long as there's more stuff there.

268

try:

269

dirty = read.bio_read(4096)

270

except WantReadError:

271

# Okay, nothing more waiting to be sent. Stop

272

# processing this send buffer.

273

break

274

else:

275

# Keep track of the fact that someone generated some

276

# output.

277

wrote = True

278

write.bio_write(dirty)

279

280

Jean-Paul Calderone

6a8cd11

2014-04-02 21:09:08 -0400

[diff] [blame]

281

def _handshakeInMemory(self, client_conn, server_conn):

Jean-Paul Calderone

b2b4078

2014-05-06 08:47:40 -0400

[diff] [blame]

282

"""

283

Perform the TLS handshake between two :py:class:`Connection` instances

284

connected to each other via memory BIOs.

285

"""

Jean-Paul Calderone

6a8cd11

2014-04-02 21:09:08 -0400

[diff] [blame]

286

client_conn.set_connect_state()

287

server_conn.set_accept_state()

288

289

for conn in [client_conn, server_conn]:

290

try:

291

conn.do_handshake()

292

except WantReadError:

293

pass

294

295

self._interactInMemory(client_conn, server_conn)

296

297

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

298

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

299

class VersionTests(TestCase):

300

"""

301

Tests for version information exposed by

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

302

:py:obj:`OpenSSL.SSL.SSLeay_version` and

303

:py:obj:`OpenSSL.SSL.OPENSSL_VERSION_NUMBER`.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

304

"""

305

def test_OPENSSL_VERSION_NUMBER(self):

306

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

307

:py:obj:`OPENSSL_VERSION_NUMBER` is an integer with status in the low

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

308

byte and the patch, fix, minor, and major versions in the

309

nibbles above that.

310

"""

311

self.assertTrue(isinstance(OPENSSL_VERSION_NUMBER, int))

312

313

314

def test_SSLeay_version(self):

315

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

316

:py:obj:`SSLeay_version` takes a version type indicator and returns

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

317

one of a number of version strings based on that indicator.

318

"""

319

versions = {}

320

for t in [SSLEAY_VERSION, SSLEAY_CFLAGS, SSLEAY_BUILT_ON,

321

SSLEAY_PLATFORM, SSLEAY_DIR]:

322

version = SSLeay_version(t)

323

versions[version] = t

324

self.assertTrue(isinstance(version, bytes))

325

self.assertEqual(len(versions), 5)

326

327

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

328

329

class ContextTests(TestCase, _LoopbackMixin):

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

330

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

331

Unit tests for :py:obj:`OpenSSL.SSL.Context`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

332

"""

333

def test_method(self):

334

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

335

:py:obj:`Context` can be instantiated with one of :py:obj:`SSLv2_METHOD`,

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

336

:py:obj:`SSLv3_METHOD`, :py:obj:`SSLv23_METHOD`, :py:obj:`TLSv1_METHOD`,

337

:py:obj:`TLSv1_1_METHOD`, or :py:obj:`TLSv1_2_METHOD`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

338

"""

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

339

methods = [

340

SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD]

341

for meth in methods:

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

342

Context(meth)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

343

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

344

345

maybe = [SSLv2_METHOD, TLSv1_1_METHOD, TLSv1_2_METHOD]

for meth in maybe:

try:

Context(meth)

except (Error, ValueError):

350

# Some versions of OpenSSL have SSLv2 / TLSv1.1 / TLSv1.2, some

351

# don't. Difficult to say in advance.

352

pass

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

353

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

354

self.assertRaises(TypeError, Context, "")

355

self.assertRaises(ValueError, Context, 10)

356

357

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

358

if not PY3:

359

def test_method_long(self):

360

"""

361

On Python 2 :py:class:`Context` accepts values of type

362

:py:obj:`long` as well as :py:obj:`int`.

363

"""

364

Context(long(TLSv1_METHOD))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

368

def test_type(self):

369

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

370

:py:obj:`Context` and :py:obj:`ContextType` refer to the same type object and can be

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

371

used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

372

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

373

self.assertIdentical(Context, ContextType)

374

self.assertConsistentType(Context, 'Context', TLSv1_METHOD)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

375

376

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

377

def test_use_privatekey(self):

378

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

379

:py:obj:`Context.use_privatekey` takes an :py:obj:`OpenSSL.crypto.PKey` instance.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

380

"""

381

key = PKey()

382

key.generate_key(TYPE_RSA, 128)

383

ctx = Context(TLSv1_METHOD)

384

ctx.use_privatekey(key)

385

self.assertRaises(TypeError, ctx.use_privatekey, "")

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

386

387

Jean-Paul Calderone

173cff9

2013-03-06 10:29:21 -0800

[diff] [blame]

388

def test_use_privatekey_file_missing(self):

389

"""

390

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error`

391

when passed the name of a file which does not exist.

392

"""

393

ctx = Context(TLSv1_METHOD)

394

self.assertRaises(Error, ctx.use_privatekey_file, self.mktemp())

395

396

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

397

if not PY3:

398

def test_use_privatekey_file_long(self):

399

"""

400

On Python 2 :py:obj:`Context.use_privatekey_file` accepts a

401

filetype of type :py:obj:`long` as well as :py:obj:`int`.

402

"""

403

pemfile = self.mktemp()

404

405

key = PKey()

406

key.generate_key(TYPE_RSA, 128)

407

408

with open(pemfile, "wt") as pem:

409

pem.write(

410

dump_privatekey(FILETYPE_PEM, key).decode("ascii"))

411

412

ctx = Context(TLSv1_METHOD)

413

ctx.use_privatekey_file(pemfile, long(FILETYPE_PEM))

414

415

Jean-Paul Calderone

173cff9

2013-03-06 10:29:21 -0800

[diff] [blame]

416

def test_use_certificate_wrong_args(self):

417

"""

418

:py:obj:`Context.use_certificate_wrong_args` raises :py:obj:`TypeError`

419

when not passed exactly one :py:obj:`OpenSSL.crypto.X509` instance as an

420

argument.

421

"""

422

ctx = Context(TLSv1_METHOD)

423

self.assertRaises(TypeError, ctx.use_certificate)

424

self.assertRaises(TypeError, ctx.use_certificate, "hello, world")

425

self.assertRaises(TypeError, ctx.use_certificate, X509(), "hello, world")

426

427

428

def test_use_certificate_uninitialized(self):

429

"""

430

:py:obj:`Context.use_certificate` raises :py:obj:`OpenSSL.SSL.Error`

431

when passed a :py:obj:`OpenSSL.crypto.X509` instance which has not been

432

initialized (ie, which does not actually have any certificate data).

433

"""

434

ctx = Context(TLSv1_METHOD)

435

self.assertRaises(Error, ctx.use_certificate, X509())

436

437

438

def test_use_certificate(self):

439

"""

440

:py:obj:`Context.use_certificate` sets the certificate which will be

441

used to identify connections created using the context.

442

"""

443

# TODO

444

# Hard to assert anything. But we could set a privatekey then ask

445

# OpenSSL if the cert and key agree using check_privatekey. Then as

446

# long as check_privatekey works right we're good...

447

ctx = Context(TLSv1_METHOD)

448

ctx.use_certificate(load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

449

450

451

def test_use_certificate_file_wrong_args(self):

452

"""

453

:py:obj:`Context.use_certificate_file` raises :py:obj:`TypeError` if

454

called with zero arguments or more than two arguments, or if the first

455

argument is not a byte string or the second argumnent is not an integer.

456

"""

457

ctx = Context(TLSv1_METHOD)

458

self.assertRaises(TypeError, ctx.use_certificate_file)

459

self.assertRaises(TypeError, ctx.use_certificate_file, b"somefile", object())

460

self.assertRaises(

461

TypeError, ctx.use_certificate_file, b"somefile", FILETYPE_PEM, object())

462

self.assertRaises(

463

TypeError, ctx.use_certificate_file, object(), FILETYPE_PEM)

464

self.assertRaises(

465

TypeError, ctx.use_certificate_file, b"somefile", object())

466

467

468

def test_use_certificate_file_missing(self):

469

"""

470

:py:obj:`Context.use_certificate_file` raises

471

`:py:obj:`OpenSSL.SSL.Error` if passed the name of a file which does not

472

exist.

473

"""

474

ctx = Context(TLSv1_METHOD)

475

self.assertRaises(Error, ctx.use_certificate_file, self.mktemp())

476

477

478

def test_use_certificate_file(self):

479

"""

480

:py:obj:`Context.use_certificate` sets the certificate which will be

481

used to identify connections created using the context.

482

"""

483

# TODO

484

# Hard to assert anything. But we could set a privatekey then ask

485

# OpenSSL if the cert and key agree using check_privatekey. Then as

486

# long as check_privatekey works right we're good...

487

pem_filename = self.mktemp()

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

488

with open(pem_filename, "wb") as pem_file:

Jean-Paul Calderone

173cff9

2013-03-06 10:29:21 -0800

[diff] [blame]

489

pem_file.write(cleartextCertificatePEM)

490

491

ctx = Context(TLSv1_METHOD)

492

ctx.use_certificate_file(pem_filename)

493

494

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

495

if not PY3:

496

def test_use_certificate_file_long(self):

497

"""

498

On Python 2 :py:obj:`Context.use_certificate_file` accepts a

499

filetype of type :py:obj:`long` as well as :py:obj:`int`.

500

"""

501

pem_filename = self.mktemp()

502

with open(pem_filename, "wb") as pem_file:

503

pem_file.write(cleartextCertificatePEM)

504

505

ctx = Context(TLSv1_METHOD)

506

ctx.use_certificate_file(pem_filename, long(FILETYPE_PEM))

507

508

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

509

def test_set_app_data_wrong_args(self):

510

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

511

:py:obj:`Context.set_app_data` raises :py:obj:`TypeError` if called with other than

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

512

one argument.

513

"""

514

context = Context(TLSv1_METHOD)

515

self.assertRaises(TypeError, context.set_app_data)

516

self.assertRaises(TypeError, context.set_app_data, None, None)

517

518

519

def test_get_app_data_wrong_args(self):

520

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

521

:py:obj:`Context.get_app_data` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

522

arguments.

523

"""

524

context = Context(TLSv1_METHOD)

525

self.assertRaises(TypeError, context.get_app_data, None)

526

527

528

def test_app_data(self):

529

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

530

:py:obj:`Context.set_app_data` stores an object for later retrieval using

531

:py:obj:`Context.get_app_data`.

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

532

"""

533

app_data = object()

534

context = Context(TLSv1_METHOD)

535

context.set_app_data(app_data)

536

self.assertIdentical(context.get_app_data(), app_data)

537

538

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

539

def test_set_options_wrong_args(self):

540

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

541

:py:obj:`Context.set_options` raises :py:obj:`TypeError` if called with the wrong

542

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

543

"""

544

context = Context(TLSv1_METHOD)

545

self.assertRaises(TypeError, context.set_options)

546

self.assertRaises(TypeError, context.set_options, None)

547

self.assertRaises(TypeError, context.set_options, 1, None)

548

549

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

550

def test_set_options(self):

551

"""

552

:py:obj:`Context.set_options` returns the new options value.

553

"""

554

context = Context(TLSv1_METHOD)

555

options = context.set_options(OP_NO_SSLv2)

556

self.assertTrue(OP_NO_SSLv2 & options)

if not PY3:

def test_set_options_long(self):

561

"""

562

On Python 2 :py:obj:`Context.set_options` accepts values of type

563

:py:obj:`long` as well as :py:obj:`int`.

564

"""

565

context = Context(TLSv1_METHOD)

566

options = context.set_options(long(OP_NO_SSLv2))

567

self.assertTrue(OP_NO_SSLv2 & options)

568

569

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

570

def test_set_mode_wrong_args(self):

571

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

572

:py:obj:`Context.set`mode} raises :py:obj:`TypeError` if called with the wrong

573

number of arguments or a non-:py:obj:`int` argument.

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

574

"""

575

context = Context(TLSv1_METHOD)

576

self.assertRaises(TypeError, context.set_mode)

577

self.assertRaises(TypeError, context.set_mode, None)

578

self.assertRaises(TypeError, context.set_mode, 1, None)

579

580

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

581

if MODE_RELEASE_BUFFERS is not None:

582

def test_set_mode(self):

583

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

584

:py:obj:`Context.set_mode` accepts a mode bitvector and returns the newly

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

585

set mode.

586

"""

587

context = Context(TLSv1_METHOD)

588

self.assertTrue(

589

MODE_RELEASE_BUFFERS & context.set_mode(MODE_RELEASE_BUFFERS))

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

590

591

if not PY3:

592

def test_set_mode_long(self):

593

"""

594

On Python 2 :py:obj:`Context.set_mode` accepts values of type

595

:py:obj:`long` as well as :py:obj:`int`.

596

"""

597

context = Context(TLSv1_METHOD)

598

mode = context.set_mode(long(MODE_RELEASE_BUFFERS))

599

self.assertTrue(MODE_RELEASE_BUFFERS & mode)

Jean-Paul Calderone

2011-09-08 18:26:03 -0400

[diff] [blame]

600

else:

601

"MODE_RELEASE_BUFFERS unavailable - OpenSSL version may be too old"

602

603

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

604

def test_set_timeout_wrong_args(self):

605

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

606

:py:obj:`Context.set_timeout` raises :py:obj:`TypeError` if called with the wrong

607

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

608

"""

609

context = Context(TLSv1_METHOD)

610

self.assertRaises(TypeError, context.set_timeout)

611

self.assertRaises(TypeError, context.set_timeout, None)

612

self.assertRaises(TypeError, context.set_timeout, 1, None)

613

614

615

def test_get_timeout_wrong_args(self):

616

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

617

:py:obj:`Context.get_timeout` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

618

"""

619

context = Context(TLSv1_METHOD)

620

self.assertRaises(TypeError, context.get_timeout, None)

621

622

623

def test_timeout(self):

624

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

625

:py:obj:`Context.set_timeout` sets the session timeout for all connections

626

created using the context object. :py:obj:`Context.get_timeout` retrieves this

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

627

value.

628

"""

629

context = Context(TLSv1_METHOD)

630

context.set_timeout(1234)

631

self.assertEquals(context.get_timeout(), 1234)

632

633

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

634

if not PY3:

635

def test_timeout_long(self):

636

"""

637

On Python 2 :py:obj:`Context.set_timeout` accepts values of type

638

`long` as well as int.

639

"""

640

context = Context(TLSv1_METHOD)

641

context.set_timeout(long(1234))

642

self.assertEquals(context.get_timeout(), 1234)

643

644

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

645

def test_set_verify_depth_wrong_args(self):

646

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

647

:py:obj:`Context.set_verify_depth` raises :py:obj:`TypeError` if called with the wrong

648

number of arguments or a non-:py:obj:`int` argument.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

649

"""

650

context = Context(TLSv1_METHOD)

651

self.assertRaises(TypeError, context.set_verify_depth)

652

self.assertRaises(TypeError, context.set_verify_depth, None)

653

self.assertRaises(TypeError, context.set_verify_depth, 1, None)

654

655

656

def test_get_verify_depth_wrong_args(self):

657

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

658

:py:obj:`Context.get_verify_depth` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

659

"""

660

context = Context(TLSv1_METHOD)

661

self.assertRaises(TypeError, context.get_verify_depth, None)

662

663

664

def test_verify_depth(self):

665

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

666

:py:obj:`Context.set_verify_depth` sets the number of certificates in a chain

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

667

to follow before giving up. The value can be retrieved with

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

668

:py:obj:`Context.get_verify_depth`.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

669

"""

670

context = Context(TLSv1_METHOD)

671

context.set_verify_depth(11)

672

self.assertEquals(context.get_verify_depth(), 11)

673

674

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

675

if not PY3:

676

def test_verify_depth_long(self):

677

"""

678

On Python 2 :py:obj:`Context.set_verify_depth` accepts values of

679

type `long` as well as int.

680

"""

681

context = Context(TLSv1_METHOD)

682

context.set_verify_depth(long(11))

683

self.assertEquals(context.get_verify_depth(), 11)

684

685

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

686

def _write_encrypted_pem(self, passphrase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

687

"""

688

Write a new private key out to a new file, encrypted using the given

689

passphrase. Return the path to the new file.

690

"""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

691

key = PKey()

692

key.generate_key(TYPE_RSA, 128)

693

pemFile = self.mktemp()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

694

fObj = open(pemFile, 'w')

695

pem = dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase)

696

fObj.write(pem.decode('ascii'))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

fObj.close()

return pemFile

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

701

def test_set_passwd_cb_wrong_args(self):

702

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

703

:py:obj:`Context.set_passwd_cb` raises :py:obj:`TypeError` if called with the

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

704

wrong arguments or with a non-callable first argument.

705

"""

706

context = Context(TLSv1_METHOD)

707

self.assertRaises(TypeError, context.set_passwd_cb)

708

self.assertRaises(TypeError, context.set_passwd_cb, None)

709

self.assertRaises(TypeError, context.set_passwd_cb, lambda: None, None, None)

710

711

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

712

def test_set_passwd_cb(self):

713

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

714

:py:obj:`Context.set_passwd_cb` accepts a callable which will be invoked when

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

715

a private key is loaded from an encrypted PEM.

716

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

717

passphrase = b("foobar")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

718

pemFile = self._write_encrypted_pem(passphrase)

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

719

calledWith = []

720

def passphraseCallback(maxlen, verify, extra):

721

calledWith.append((maxlen, verify, extra))

722

return passphrase

723

context = Context(TLSv1_METHOD)

724

context.set_passwd_cb(passphraseCallback)

725

context.use_privatekey_file(pemFile)

726

self.assertTrue(len(calledWith), 1)

727

self.assertTrue(isinstance(calledWith[0][0], int))

728

self.assertTrue(isinstance(calledWith[0][1], int))

729

self.assertEqual(calledWith[0][2], None)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

730

731

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

732

def test_passwd_callback_exception(self):

733

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

734

:py:obj:`Context.use_privatekey_file` propagates any exception raised by the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

735

passphrase callback.

736

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

737

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

738

def passphraseCallback(maxlen, verify, extra):

739

raise RuntimeError("Sorry, I am a fail.")

740

741

context = Context(TLSv1_METHOD)

742

context.set_passwd_cb(passphraseCallback)

743

self.assertRaises(RuntimeError, context.use_privatekey_file, pemFile)

744

745

746

def test_passwd_callback_false(self):

747

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

748

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

749

passphrase callback returns a false value.

750

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

751

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

752

def passphraseCallback(maxlen, verify, extra):

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

753

return b""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

754

755

context = Context(TLSv1_METHOD)

756

context.set_passwd_cb(passphraseCallback)

757

self.assertRaises(Error, context.use_privatekey_file, pemFile)

758

759

760

def test_passwd_callback_non_string(self):

761

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

762

:py:obj:`Context.use_privatekey_file` raises :py:obj:`OpenSSL.SSL.Error` if the

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

763

passphrase callback returns a true non-string value.

764

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

765

pemFile = self._write_encrypted_pem(b("monkeys are nice"))

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

766

def passphraseCallback(maxlen, verify, extra):

767

return 10

768

769

context = Context(TLSv1_METHOD)

770

context.set_passwd_cb(passphraseCallback)

Jean-Paul Calderone

8a1bea5

2013-03-05 07:57:57 -0800

[diff] [blame]

771

self.assertRaises(ValueError, context.use_privatekey_file, pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

772

773

774

def test_passwd_callback_too_long(self):

775

"""

776

If the passphrase returned by the passphrase callback returns a string

777

longer than the indicated maximum length, it is truncated.

778

"""

779

# A priori knowledge!

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

780

passphrase = b("x") * 1024

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

781

pemFile = self._write_encrypted_pem(passphrase)

782

def passphraseCallback(maxlen, verify, extra):

783

assert maxlen == 1024

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

784

return passphrase + b("y")

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

785

786

context = Context(TLSv1_METHOD)

787

context.set_passwd_cb(passphraseCallback)

788

# This shall succeed because the truncated result is the correct

789

# passphrase.

790

context.use_privatekey_file(pemFile)

791

792

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

793

def test_set_info_callback(self):

794

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

795

:py:obj:`Context.set_info_callback` accepts a callable which will be invoked

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

796

when certain information about an SSL connection is available.

797

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

798

(server, client) = socket_pair()

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

799

800

clientSSL = Connection(Context(TLSv1_METHOD), client)

801

clientSSL.set_connect_state()

802

803

called = []

804

def info(conn, where, ret):

805

called.append((conn, where, ret))

806

context = Context(TLSv1_METHOD)

807

context.set_info_callback(info)

808

context.use_certificate(

809

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

810

context.use_privatekey(

811

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

812

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

813

serverSSL = Connection(context, server)

814

serverSSL.set_accept_state()

815

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

816

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

817

Jean-Paul Calderone

3835e52

2014-02-02 11:12:30 -0500

[diff] [blame]

818

# The callback must always be called with a Connection instance as the

819

# first argument. It would probably be better to split this into

820

# separate tests for client and server side info callbacks so we could

821

# assert it is called with the right Connection instance. It would

822

# also be good to assert *something* about `where` and `ret`.

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

823

notConnections = [

824

conn for (conn, where, ret) in called

825

if not isinstance(conn, Connection)]

826

self.assertEqual(

827

[], notConnections,

828

"Some info callback arguments were not Connection instaces.")

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

829

830

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

831

def _load_verify_locations_test(self, *args):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

832

"""

833

Create a client context which will verify the peer certificate and call

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

834

its :py:obj:`load_verify_locations` method with the given arguments.

835

Then connect it to a server and ensure that the handshake succeeds.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

836

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

837

(server, client) = socket_pair()

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

838

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

839

clientContext = Context(TLSv1_METHOD)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

840

clientContext.load_verify_locations(*args)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

841

# Require that the server certificate verify properly or the

842

# connection will fail.

843

clientContext.set_verify(

844

VERIFY_PEER,

845

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

846

847

clientSSL = Connection(clientContext, client)

848

clientSSL.set_connect_state()

849

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

850

serverContext = Context(TLSv1_METHOD)

851

serverContext.use_certificate(

852

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

853

serverContext.use_privatekey(

854

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

855

856

serverSSL = Connection(serverContext, server)

857

serverSSL.set_accept_state()

858

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

859

# Without load_verify_locations above, the handshake

860

# will fail:

861

# Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',

862

# 'certificate verify failed')]

863

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

864

865

cert = clientSSL.get_peer_certificate()

Jean-Paul Calderone

20131f5

2009-04-01 12:05:45 -0400

[diff] [blame]

866

self.assertEqual(cert.get_subject().CN, 'Testing Root CA')

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

867

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

868

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

869

def _load_verify_cafile(self, cafile):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

870

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

871

Verify that if path to a file containing a certificate is passed to

872

``Context.load_verify_locations`` for the ``cafile`` parameter, that

873

certificate is used as a trust root for the purposes of verifying

874

connections created using that ``Context``.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

875

"""

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

876

fObj = open(cafile, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

877

fObj.write(cleartextCertificatePEM.decode('ascii'))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

878

fObj.close()

879

880

self._load_verify_locations_test(cafile)

881

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

882

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

883

def test_load_verify_bytes_cafile(self):

884

"""

885

:py:obj:`Context.load_verify_locations` accepts a file name as a

886

``bytes`` instance and uses the certificates within for verification

887

purposes.

888

"""

889

cafile = self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

890

self._load_verify_cafile(cafile)

891

892

893

def test_load_verify_unicode_cafile(self):

894

"""

895

:py:obj:`Context.load_verify_locations` accepts a file name as a

896

``unicode`` instance and uses the certificates within for verification

897

purposes.

898

"""

899

cafile = self.mktemp() + NON_ASCII

900

self._load_verify_cafile(cafile)

901

902

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

903

def test_load_verify_invalid_file(self):

904

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

905

:py:obj:`Context.load_verify_locations` raises :py:obj:`Error` when passed a

Jean-Paul Calderone

2008-09-07 20:18:55 -0400

[diff] [blame]

906

non-existent cafile.

907

"""

908

clientContext = Context(TLSv1_METHOD)

909

self.assertRaises(

910

Error, clientContext.load_verify_locations, self.mktemp())

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

911

912

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

913

def _load_verify_directory_locations_capath(self, capath):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

914

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

915

Verify that if path to a directory containing certificate files is

916

passed to ``Context.load_verify_locations`` for the ``capath``

917

parameter, those certificates are used as trust roots for the purposes

918

of verifying connections created using that ``Context``.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

919

"""

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

920

makedirs(capath)

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

921

# Hash values computed manually with c_rehash to avoid depending on

922

# c_rehash in the test suite. One is from OpenSSL 0.9.8, the other

923

# from OpenSSL 1.0.0.

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

924

for name in [b'c7adac82.0', b'c3705638.0']:

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

925

cafile = join(capath, name)

926

fObj = open(cafile, 'w')

927

fObj.write(cleartextCertificatePEM.decode('ascii'))

928

fObj.close()

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

929

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

930

self._load_verify_locations_test(None, capath)

931

932

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

933

def test_load_verify_directory_bytes_capath(self):

934

"""

935

:py:obj:`Context.load_verify_locations` accepts a directory name as a

936

``bytes`` instance and uses the certificates within for verification

937

purposes.

938

"""

939

self._load_verify_directory_locations_capath(

940

self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

)

def test_load_verify_directory_unicode_capath(self):

945

"""

946

:py:obj:`Context.load_verify_locations` accepts a directory name as a

947

``unicode`` instance and uses the certificates within for verification

948

purposes.

949

"""

950

self._load_verify_directory_locations_capath(self.mktemp() + NON_ASCII)

951

952

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

953

def test_load_verify_locations_wrong_args(self):

954

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

955

:py:obj:`Context.load_verify_locations` raises :py:obj:`TypeError` if called with

956

the wrong number of arguments or with non-:py:obj:`str` arguments.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

957

"""

958

context = Context(TLSv1_METHOD)

959

self.assertRaises(TypeError, context.load_verify_locations)

960

self.assertRaises(TypeError, context.load_verify_locations, object())

961

self.assertRaises(TypeError, context.load_verify_locations, object(), object())

962

self.assertRaises(TypeError, context.load_verify_locations, None, None, None)

963

964

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

965

if platform == "win32":

966

"set_default_verify_paths appears not to work on Windows. "

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

967

"See LP#404343 and LP#404344."

968

else:

969

def test_set_default_verify_paths(self):

970

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

971

:py:obj:`Context.set_default_verify_paths` causes the platform-specific CA

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

972

certificate locations to be used for verification purposes.

973

"""

974

# Testing this requires a server with a certificate signed by one of

975

# the CAs in the platform CA location. Getting one of those costs

976

# money. Fortunately (or unfortunately, depending on your

977

# perspective), it's easy to think of a public server on the

978

# internet which has such a certificate. Connecting to the network

979

# in a unit test is bad, but it's the only way I can think of to

980

# really test this. -exarkun

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

981

Alex Gaynor

b586da3

2014-11-15 09:22:21 -0800

[diff] [blame]

982

# Arg, verisign.com doesn't speak anything newer than TLS 1.0

983

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

984

context.set_default_verify_paths()

985

context.set_verify(

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

986

VERIFY_PEER,

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

987

lambda conn, cert, errno, depth, preverify_ok: preverify_ok)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

988

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

989

client = socket()

990

client.connect(('verisign.com', 443))

991

clientSSL = Connection(context, client)

992

clientSSL.set_connect_state()

993

clientSSL.do_handshake()

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

994

clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")

Jean-Paul Calderone

2009-07-24 18:01:31 -0400

[diff] [blame]

995

self.assertTrue(clientSSL.recv(1024))

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

996

997

998

def test_set_default_verify_paths_signature(self):

999

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1000

:py:obj:`Context.set_default_verify_paths` takes no arguments and raises

1001

:py:obj:`TypeError` if given any.

Jean-Paul Calderone

9eadb96

2008-09-07 21:20:44 -0400

[diff] [blame]

1002

"""

1003

context = Context(TLSv1_METHOD)

1004

self.assertRaises(TypeError, context.set_default_verify_paths, None)

1005

self.assertRaises(TypeError, context.set_default_verify_paths, 1)

1006

self.assertRaises(TypeError, context.set_default_verify_paths, "")

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

1007

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1008

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1009

def test_add_extra_chain_cert_invalid_cert(self):

1010

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1011

:py:obj:`Context.add_extra_chain_cert` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1012

other than one argument or if called with an object which is not an

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1013

instance of :py:obj:`X509`.

Jean-Paul Calderone

2009-11-07 10:35:15 -0500

[diff] [blame]

1014

"""

1015

context = Context(TLSv1_METHOD)

1016

self.assertRaises(TypeError, context.add_extra_chain_cert)

1017

self.assertRaises(TypeError, context.add_extra_chain_cert, object())

1018

self.assertRaises(TypeError, context.add_extra_chain_cert, object(), object())

1019

1020

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1021

def _handshake_test(self, serverContext, clientContext):

1022

"""

1023

Verify that a client and server created with the given contexts can

1024

successfully handshake and communicate.

1025

"""

1026

serverSocket, clientSocket = socket_pair()

1027

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1028

server = Connection(serverContext, serverSocket)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1029

server.set_accept_state()

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1030

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1031

client = Connection(clientContext, clientSocket)

1032

client.set_connect_state()

1033

1034

# Make them talk to each other.

1035

# self._interactInMemory(client, server)

1036

for i in range(3):

1037

for s in [client, server]:

1038

try:

1039

s.do_handshake()

1040

except WantReadError:

pass

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1044

def test_set_verify_callback_connection_argument(self):

1045

"""

1046

The first argument passed to the verify callback is the

1047

:py:class:`Connection` instance for which verification is taking place.

1048

"""

1049

serverContext = Context(TLSv1_METHOD)

1050

serverContext.use_privatekey(

1051

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1052

serverContext.use_certificate(

1053

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1054

serverConnection = Connection(serverContext, None)

1055

1056

class VerifyCallback(object):

1057

def callback(self, connection, *args):

1058

self.connection = connection

1059

return 1

1060

1061

verify = VerifyCallback()

1062

clientContext = Context(TLSv1_METHOD)

1063

clientContext.set_verify(VERIFY_PEER, verify.callback)

1064

clientConnection = Connection(clientContext, None)

1065

clientConnection.set_connect_state()

1066

1067

self._handshakeInMemory(clientConnection, serverConnection)

1068

1069

self.assertIdentical(verify.connection, clientConnection)

1070

1071

Jean-Paul Calderone

7e166fe

2013-03-06 20:54:38 -0800

[diff] [blame]

1072

def test_set_verify_callback_exception(self):

1073

"""

1074

If the verify callback passed to :py:obj:`Context.set_verify` raises an

1075

exception, verification fails and the exception is propagated to the

1076

caller of :py:obj:`Connection.do_handshake`.

1077

"""

1078

serverContext = Context(TLSv1_METHOD)

1079

serverContext.use_privatekey(

1080

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM))

1081

serverContext.use_certificate(

1082

load_certificate(FILETYPE_PEM, cleartextCertificatePEM))

1083

1084

clientContext = Context(TLSv1_METHOD)

1085

def verify_callback(*args):

1086

raise Exception("silly verify failure")

1087

clientContext.set_verify(VERIFY_PEER, verify_callback)

1088

1089

exc = self.assertRaises(

1090

Exception, self._handshake_test, serverContext, clientContext)

1091

self.assertEqual("silly verify failure", str(exc))

1092

1093

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1094

def test_add_extra_chain_cert(self):

1095

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1096

:py:obj:`Context.add_extra_chain_cert` accepts an :py:obj:`X509` instance to add to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1097

the certificate chain.

1098

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1099

See :py:obj:`_create_certificate_chain` for the details of the certificate

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1100

chain tested.

1101

1102

The chain is tested by starting a server with scert and connecting

1103

to it with a client which trusts cacert and requires verification to

1104

succeed.

1105

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1106

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1107

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1108

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1109

# Dump the CA certificate to a file because that's the only way to load

1110

# it as a trusted CA in the client context.

1111

for cert, name in [(cacert, 'ca.pem'), (icert, 'i.pem'), (scert, 's.pem')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1112

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1113

fObj.write(dump_certificate(FILETYPE_PEM, cert).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1114

fObj.close()

1115

1116

for key, name in [(cakey, 'ca.key'), (ikey, 'i.key'), (skey, 's.key')]:

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

1117

fObj = open(name, 'w')

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

1118

fObj.write(dump_privatekey(FILETYPE_PEM, key).decode('ascii'))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1119

fObj.close()

1120

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1121

# Create the server context

1122

serverContext = Context(TLSv1_METHOD)

1123

serverContext.use_privatekey(skey)

1124

serverContext.use_certificate(scert)

Jean-Paul Calderone

16cf03d

2010-09-08 18:53:39 -0400

[diff] [blame]

1125

# The client already has cacert, we only need to give them icert.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1126

serverContext.add_extra_chain_cert(icert)

1127

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1128

# Create the client

1129

clientContext = Context(TLSv1_METHOD)

1130

clientContext.set_verify(

1131

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1132

clientContext.load_verify_locations(b"ca.pem")

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1133

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1134

# Try it out.

1135

self._handshake_test(serverContext, clientContext)

1136

1137

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame^]

1138

def _use_certificate_chain_file_test(self, certdir):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1139

"""

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame^]

1140

Verify that :py:obj:`Context.use_certificate_chain_file` reads a

1141

certificate chain from a specified file.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1142

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame^]

1143

The chain is tested by starting a server with scert and connecting to

1144

it with a client which trusts cacert and requires verification to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1145

succeed.

1146

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1147

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1148

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1149

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame^]

1150

makedirs(certdir)

1151

1152

if isinstance(certdir, binary_type):

1153

chainFile = join(certdir, b("chain.pem"))

1154

caFile = join(certdir, b("ca.pem"))

1155

else:

1156

chainFile = join(certdir, u"chain.pem")

1157

caFile = join(certdir, u"ca.pem")

1158

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1159

# Write out the chain file.

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame^]

1160

with open(chainFile, 'wb') as fObj:

1161

# Most specific to least general.

1162

fObj.write(dump_certificate(FILETYPE_PEM, scert))

1163

fObj.write(dump_certificate(FILETYPE_PEM, icert))

1164

fObj.write(dump_certificate(FILETYPE_PEM, cacert))

1165

1166

with open(caFile, 'w') as fObj:

1167

fObj.write(dump_certificate(FILETYPE_PEM, cacert).decode('ascii'))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1168

1169

serverContext = Context(TLSv1_METHOD)

1170

serverContext.use_certificate_chain_file(chainFile)

1171

serverContext.use_privatekey(skey)

1172

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1173

clientContext = Context(TLSv1_METHOD)

1174

clientContext.set_verify(

1175

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb)

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame^]

1176

clientContext.load_verify_locations(caFile)

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1177

1178

self._handshake_test(serverContext, clientContext)

1179

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1180

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame^]

1181

def test_use_certificate_chain_file_bytes(self):

1182

"""

1183

``Context.use_certificate_chain_file`` accepts the name of a file (as

1184

an instance of ``bytes``) to specify additional certificates to use to

1185

construct and verify a trust chain.

1186

"""

1187

self._use_certificate_chain_file_test(

1188

self.mktemp() + NON_ASCII.encode(getfilesystemencoding())

)

def test_use_certificate_chain_file_unicode(self):

1193

"""

1194

``Context.use_certificate_chain_file`` accepts the name of a file (as

1195

an instance of ``unicode``) to specify additional certificates to use

1196

to construct and verify a trust chain.

1197

"""

1198

self._use_certificate_chain_file_test(

1199

self.mktemp().decode(getfilesystemencoding()) + NON_ASCII

)

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1203

def test_use_certificate_chain_file_wrong_args(self):

1204

"""

1205

:py:obj:`Context.use_certificate_chain_file` raises :py:obj:`TypeError`

1206

if passed zero or more than one argument or when passed a non-byte

1207

string single argument. It also raises :py:obj:`OpenSSL.SSL.Error` when

1208

passed a bad chain file name (for example, the name of a file which does

1209

not exist).

1210

"""

1211

context = Context(TLSv1_METHOD)

1212

self.assertRaises(TypeError, context.use_certificate_chain_file)

1213

self.assertRaises(TypeError, context.use_certificate_chain_file, object())

1214

self.assertRaises(TypeError, context.use_certificate_chain_file, b"foo", object())

1215

1216

self.assertRaises(Error, context.use_certificate_chain_file, self.mktemp())

1217

Jean-Paul Calderone

e0d7936

2010-08-03 18:46:46 -0400

[diff] [blame]

1218

# XXX load_client_ca

1219

# XXX set_session_id

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1220

1221

def test_get_verify_mode_wrong_args(self):

1222

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1223

:py:obj:`Context.get_verify_mode` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1224

arguments.

1225

"""

1226

context = Context(TLSv1_METHOD)

1227

self.assertRaises(TypeError, context.get_verify_mode, None)

1228

1229

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1230

def test_set_verify_mode(self):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1231

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1232

:py:obj:`Context.get_verify_mode` returns the verify mode flags previously

1233

passed to :py:obj:`Context.set_verify`.

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1234

"""

1235

context = Context(TLSv1_METHOD)

1236

self.assertEquals(context.get_verify_mode(), 0)

1237

context.set_verify(

1238

VERIFY_PEER | VERIFY_CLIENT_ONCE, lambda *args: None)

1239

self.assertEquals(

1240

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1241

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1242

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1243

if not PY3:

1244

def test_set_verify_mode_long(self):

1245

"""

1246

On Python 2 :py:obj:`Context.set_verify_mode` accepts values of

1247

type :py:obj:`long` as well as :py:obj:`int`.

1248

"""

1249

context = Context(TLSv1_METHOD)

1250

self.assertEquals(context.get_verify_mode(), 0)

1251

context.set_verify(

1252

long(VERIFY_PEER | VERIFY_CLIENT_ONCE), lambda *args: None)

1253

self.assertEquals(

1254

context.get_verify_mode(), VERIFY_PEER | VERIFY_CLIENT_ONCE)

1255

1256

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1257

def test_load_tmp_dh_wrong_args(self):

1258

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1259

:py:obj:`Context.load_tmp_dh` raises :py:obj:`TypeError` if called with the wrong

1260

number of arguments or with a non-:py:obj:`str` argument.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1261

"""

1262

context = Context(TLSv1_METHOD)

1263

self.assertRaises(TypeError, context.load_tmp_dh)

1264

self.assertRaises(TypeError, context.load_tmp_dh, "foo", None)

1265

self.assertRaises(TypeError, context.load_tmp_dh, object())

1266

1267

1268

def test_load_tmp_dh_missing_file(self):

1269

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1270

:py:obj:`Context.load_tmp_dh` raises :py:obj:`OpenSSL.SSL.Error` if the specified file

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1271

does not exist.

1272

"""

1273

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1274

self.assertRaises(Error, context.load_tmp_dh, b"hello")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1275

1276

1277

def test_load_tmp_dh(self):

1278

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1279

:py:obj:`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1280

specified file.

1281

"""

1282

context = Context(TLSv1_METHOD)

1283

dhfilename = self.mktemp()

1284

dhfile = open(dhfilename, "w")

1285

dhfile.write(dhparam)

1286

dhfile.close()

1287

context.load_tmp_dh(dhfilename)

1288

# XXX What should I assert here? -exarkun

1289

1290

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1291

def test_set_tmp_ecdh(self):

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1292

"""

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1293

:py:obj:`Context.set_tmp_ecdh` sets the elliptic curve for

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1294

Diffie-Hellman to the specified curve.

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1295

"""

1296

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1297

for curve in get_elliptic_curves():

1298

# The only easily "assertable" thing is that it does not raise an

1299

# exception.

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1300

context.set_tmp_ecdh(curve)

Alex Gaynor

12dc084

2014-01-17 12:51:31 -0600

[diff] [blame]

1301

1302

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1303

def test_set_cipher_list_bytes(self):

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1304

"""

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1305

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`bytes` naming the

1306

ciphers which connections created with the context object will be able

1307

to choose from.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1308

"""

1309

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

1310

context.set_cipher_list(b"hello world:EXP-RC4-MD5")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1311

conn = Connection(context, None)

1312

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1313

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1314

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1315

def test_set_cipher_list_text(self):

1316

"""

1317

:py:obj:`Context.set_cipher_list` accepts a :py:obj:`unicode` naming

1318

the ciphers which connections created with the context object will be

1319

able to choose from.

1320

"""

1321

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

1322

context.set_cipher_list(u("hello world:EXP-RC4-MD5"))

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1323

conn = Connection(context, None)

1324

self.assertEquals(conn.get_cipher_list(), ["EXP-RC4-MD5"])

1325

1326

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1327

def test_set_cipher_list_wrong_args(self):

1328

"""

Jean-Paul Calderone

1704483

2014-01-18 10:20:11 -0500

[diff] [blame]

1329

:py:obj:`Context.set_cipher_list` raises :py:obj:`TypeError` when

1330

passed zero arguments or more than one argument or when passed a

1331

non-string single argument and raises :py:obj:`OpenSSL.SSL.Error` when

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1332

passed an incorrect cipher list string.

1333

"""

1334

context = Context(TLSv1_METHOD)

1335

self.assertRaises(TypeError, context.set_cipher_list)

1336

self.assertRaises(TypeError, context.set_cipher_list, object())

1337

self.assertRaises(TypeError, context.set_cipher_list, b"EXP-RC4-MD5", object())

1338

Jean-Paul Calderone

2014-01-18 10:19:56 -0500

[diff] [blame]

1339

self.assertRaises(Error, context.set_cipher_list, "imaginary-cipher")

Jean-Paul Calderone

2013-03-05 11:56:19 -0800

[diff] [blame]

1340

1341

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1342

def test_set_session_cache_mode_wrong_args(self):

1343

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1344

:py:obj:`Context.set_session_cache_mode` raises :py:obj:`TypeError` if

1345

called with other than one integer argument.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1346

"""

1347

context = Context(TLSv1_METHOD)

1348

self.assertRaises(TypeError, context.set_session_cache_mode)

1349

self.assertRaises(TypeError, context.set_session_cache_mode, object())

1350

1351

1352

def test_get_session_cache_mode_wrong_args(self):

1353

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1354

:py:obj:`Context.get_session_cache_mode` raises :py:obj:`TypeError` if

1355

called with any arguments.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1356

"""

1357

context = Context(TLSv1_METHOD)

1358

self.assertRaises(TypeError, context.get_session_cache_mode, 1)

1359

1360

1361

def test_session_cache_mode(self):

1362

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1363

:py:obj:`Context.set_session_cache_mode` specifies how sessions are

1364

cached. The setting can be retrieved via

1365

:py:obj:`Context.get_session_cache_mode`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1366

"""

1367

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1368

context.set_session_cache_mode(SESS_CACHE_OFF)

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1369

off = context.set_session_cache_mode(SESS_CACHE_BOTH)

1370

self.assertEqual(SESS_CACHE_OFF, off)

1371

self.assertEqual(SESS_CACHE_BOTH, context.get_session_cache_mode())

1372

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1373

if not PY3:

1374

def test_session_cache_mode_long(self):

1375

"""

1376

On Python 2 :py:obj:`Context.set_session_cache_mode` accepts values

1377

of type :py:obj:`long` as well as :py:obj:`int`.

1378

"""

1379

context = Context(TLSv1_METHOD)

1380

context.set_session_cache_mode(long(SESS_CACHE_BOTH))

1381

self.assertEqual(

1382

SESS_CACHE_BOTH, context.get_session_cache_mode())

1383

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1384

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1385

def test_get_cert_store(self):

1386

"""

1387

:py:obj:`Context.get_cert_store` returns a :py:obj:`X509Store` instance.

1388

"""

1389

context = Context(TLSv1_METHOD)

1390

store = context.get_cert_store()

1391

self.assertIsInstance(store, X509Store)

1392

1393

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1394

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1395

class ServerNameCallbackTests(TestCase, _LoopbackMixin):

1396

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1397

Tests for :py:obj:`Context.set_tlsext_servername_callback` and its interaction with

1398

:py:obj:`Connection`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1399

"""

1400

def test_wrong_args(self):

1401

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1402

:py:obj:`Context.set_tlsext_servername_callback` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1403

with other than one argument.

1404

"""

1405

context = Context(TLSv1_METHOD)

1406

self.assertRaises(TypeError, context.set_tlsext_servername_callback)

1407

self.assertRaises(

1408

TypeError, context.set_tlsext_servername_callback, 1, 2)

1409

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1410

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1411

def test_old_callback_forgotten(self):

1412

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1413

If :py:obj:`Context.set_tlsext_servername_callback` is used to specify a new

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1414

callback, the one it replaces is dereferenced.

1415

"""

1416

def callback(connection):

1417

pass

1418

1419

def replacement(connection):

1420

pass

1421

1422

context = Context(TLSv1_METHOD)

1423

context.set_tlsext_servername_callback(callback)

1424

1425

tracker = ref(callback)

1426

del callback

1427

1428

context.set_tlsext_servername_callback(replacement)

Jean-Paul Calderone

d4033eb

2014-01-11 08:21:46 -0500

[diff] [blame]

1429

1430

# One run of the garbage collector happens to work on CPython. PyPy

1431

# doesn't collect the underlying object until a second run for whatever

1432

# reason. That's fine, it still demonstrates our code has properly

1433

# dropped the reference.

1434

collect()

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1435

collect()

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1436

1437

callback = tracker()

1438

if callback is not None:

1439

referrers = get_referrers(callback)

Jean-Paul Calderone

7de3956

2014-01-11 08:17:59 -0500

[diff] [blame]

1440

if len(referrers) > 1:

Jean-Paul Calderone

2014-01-11 08:15:17 -0500

[diff] [blame]

1441

self.fail("Some references remain: %r" % (referrers,))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1442

1443

1444

def test_no_servername(self):

1445

"""

1446

When a client specifies no server name, the callback passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1447

:py:obj:`Context.set_tlsext_servername_callback` is invoked and the result of

1448

:py:obj:`Connection.get_servername` is :py:obj:`None`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1449

"""

1450

args = []

1451

def servername(conn):

1452

args.append((conn, conn.get_servername()))

1453

context = Context(TLSv1_METHOD)

1454

context.set_tlsext_servername_callback(servername)

1455

1456

# Lose our reference to it. The Context is responsible for keeping it

# alive now.

del servername

collect()

# Necessary to actually accept the connection

1462

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1463

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1464

1465

# Do a little connection to trigger the logic

1466

server = Connection(context, None)

1467

server.set_accept_state()

1468

1469

client = Connection(Context(TLSv1_METHOD), None)

1470

client.set_connect_state()

1471

1472

self._interactInMemory(server, client)

1473

1474

self.assertEqual([(server, None)], args)

1475

1476

1477

def test_servername(self):

1478

"""

1479

When a client specifies a server name in its hello message, the callback

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1480

passed to :py:obj:`Contexts.set_tlsext_servername_callback` is invoked and the

1481

result of :py:obj:`Connection.get_servername` is that server name.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1482

"""

1483

args = []

1484

def servername(conn):

1485

args.append((conn, conn.get_servername()))

1486

context = Context(TLSv1_METHOD)

1487

context.set_tlsext_servername_callback(servername)

1488

1489

# Necessary to actually accept the connection

1490

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1491

context.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1492

1493

# Do a little connection to trigger the logic

1494

server = Connection(context, None)

1495

server.set_accept_state()

1496

1497

client = Connection(Context(TLSv1_METHOD), None)

1498

client.set_connect_state()

1499

client.set_tlsext_host_name(b("foo1.example.com"))

1500

1501

self._interactInMemory(server, client)

1502

1503

self.assertEqual([(server, b("foo1.example.com"))], args)

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

1507

class SessionTests(TestCase):

1508

"""

1509

Unit tests for :py:obj:`OpenSSL.SSL.Session`.

1510

"""

1511

def test_construction(self):

1512

"""

1513

:py:class:`Session` can be constructed with no arguments, creating a new

1514

instance of that type.

1515

"""

1516

new_session = Session()

1517

self.assertTrue(isinstance(new_session, Session))

1518

1519

1520

def test_construction_wrong_args(self):

1521

"""

1522

If any arguments are passed to :py:class:`Session`, :py:obj:`TypeError`

1523

is raised.

1524

"""

1525

self.assertRaises(TypeError, Session, 123)

1526

self.assertRaises(TypeError, Session, "hello")

1527

self.assertRaises(TypeError, Session, object())

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1531

class ConnectionTests(TestCase, _LoopbackMixin):

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1532

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1533

Unit tests for :py:obj:`OpenSSL.SSL.Connection`.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1534

"""

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

1535

# XXX get_peer_certificate -> None

1536

# XXX sock_shutdown

1537

# XXX master_key -> TypeError

1538

# XXX server_random -> TypeError

1539

# XXX state_string

1540

# XXX connect -> TypeError

1541

# XXX connect_ex -> TypeError

1542

# XXX set_connect_state -> TypeError

1543

# XXX set_accept_state -> TypeError

1544

# XXX renegotiate_pending

1545

# XXX do_handshake -> TypeError

1546

# XXX bio_read -> TypeError

1547

# XXX recv -> TypeError

1548

# XXX send -> TypeError

1549

# XXX bio_write -> TypeError

1550

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1551

def test_type(self):

1552

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1553

:py:obj:`Connection` and :py:obj:`ConnectionType` refer to the same type object and

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1554

can be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1555

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1556

self.assertIdentical(Connection, ConnectionType)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1557

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1558

self.assertConsistentType(Connection, 'Connection', ctx, None)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

1559

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

1560

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1561

def test_get_context(self):

1562

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1563

:py:obj:`Connection.get_context` returns the :py:obj:`Context` instance used to

1564

construct the :py:obj:`Connection` instance.

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1565

"""

1566

context = Context(TLSv1_METHOD)

1567

connection = Connection(context, None)

1568

self.assertIdentical(connection.get_context(), context)

1569

1570

1571

def test_get_context_wrong_args(self):

1572

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1573

:py:obj:`Connection.get_context` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

1574

arguments.

1575

"""

1576

connection = Connection(Context(TLSv1_METHOD), None)

1577

self.assertRaises(TypeError, connection.get_context, None)

1578

1579

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1580

def test_set_context_wrong_args(self):

1581

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1582

:py:obj:`Connection.set_context` raises :py:obj:`TypeError` if called with a

1583

non-:py:obj:`Context` instance argument or with any number of arguments other

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1584

than 1.

1585

"""

1586

ctx = Context(TLSv1_METHOD)

1587

connection = Connection(ctx, None)

1588

self.assertRaises(TypeError, connection.set_context)

1589

self.assertRaises(TypeError, connection.set_context, object())

1590

self.assertRaises(TypeError, connection.set_context, "hello")

1591

self.assertRaises(TypeError, connection.set_context, 1)

1592

self.assertRaises(TypeError, connection.set_context, 1, 2)

1593

self.assertRaises(

1594

TypeError, connection.set_context, Context(TLSv1_METHOD), 2)

1595

self.assertIdentical(ctx, connection.get_context())

1596

1597

1598

def test_set_context(self):

1599

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1600

:py:obj:`Connection.set_context` specifies a new :py:obj:`Context` instance to be used

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1601

for the connection.

1602

"""

1603

original = Context(SSLv23_METHOD)

1604

replacement = Context(TLSv1_METHOD)

1605

connection = Connection(original, None)

1606

connection.set_context(replacement)

1607

self.assertIdentical(replacement, connection.get_context())

1608

# Lose our references to the contexts, just in case the Connection isn't

1609

# properly managing its own contributions to their reference counts.

1610

del original, replacement

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

collect()

def test_set_tlsext_host_name_wrong_args(self):

1615

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1616

If :py:obj:`Connection.set_tlsext_host_name` is called with a non-byte string

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1617

argument or a byte string with an embedded NUL or other than one

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1618

argument, :py:obj:`TypeError` is raised.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1619

"""

1620

conn = Connection(Context(TLSv1_METHOD), None)

1621

self.assertRaises(TypeError, conn.set_tlsext_host_name)

1622

self.assertRaises(TypeError, conn.set_tlsext_host_name, object())

1623

self.assertRaises(TypeError, conn.set_tlsext_host_name, 123, 456)

1624

self.assertRaises(

1625

TypeError, conn.set_tlsext_host_name, b("with\0null"))

1626

1627

if version_info >= (3,):

1628

# On Python 3.x, don't accidentally implicitly convert from text.

1629

self.assertRaises(

1630

TypeError,

1631

conn.set_tlsext_host_name, b("example.com").decode("ascii"))

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

1632

1633

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

1634

def test_get_servername_wrong_args(self):

1635

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1636

:py:obj:`Connection.get_servername` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

1637

arguments.

1638

"""

1639

connection = Connection(Context(TLSv1_METHOD), None)

1640

self.assertRaises(TypeError, connection.get_servername, object())

1641

self.assertRaises(TypeError, connection.get_servername, 1)

1642

self.assertRaises(TypeError, connection.get_servername, "hello")

1643

1644

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1645

def test_pending(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1646

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1647

:py:obj:`Connection.pending` returns the number of bytes available for

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1648

immediate read.

1649

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1650

connection = Connection(Context(TLSv1_METHOD), None)

1651

self.assertEquals(connection.pending(), 0)

1652

1653

1654

def test_pending_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1655

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1656

:py:obj:`Connection.pending` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1657

"""

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

1658

connection = Connection(Context(TLSv1_METHOD), None)

1659

self.assertRaises(TypeError, connection.pending, None)

1660

1661

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1662

def test_connect_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1663

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1664

:py:obj:`Connection.connect` raises :py:obj:`TypeError` if called with a non-address

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1665

argument or with the wrong number of arguments.

1666

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1667

connection = Connection(Context(TLSv1_METHOD), socket())

1668

self.assertRaises(TypeError, connection.connect, None)

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1669

self.assertRaises(TypeError, connection.connect)

1670

self.assertRaises(TypeError, connection.connect, ("127.0.0.1", 1), None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1671

1672

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1673

def test_connect_refused(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1674

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1675

:py:obj:`Connection.connect` raises :py:obj:`socket.error` if the underlying socket

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1676

connect method raises it.

1677

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1678

client = socket()

1679

context = Context(TLSv1_METHOD)

1680

clientSSL = Connection(context, client)

1681

exc = self.assertRaises(error, clientSSL.connect, ("127.0.0.1", 1))

Jean-Paul Calderone

35adf9d

2010-07-29 18:40:44 -0400

[diff] [blame]

1682

self.assertEquals(exc.args[0], ECONNREFUSED)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1683

1684

1685

def test_connect(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1686

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1687

:py:obj:`Connection.connect` establishes a connection to the specified address.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1688

"""

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

port = socket()

port.bind(('', 0))

port.listen(3)

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

1694

clientSSL.connect(('127.0.0.1', port.getsockname()[1]))

1695

# XXX An assertion? Or something?

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1696

1697

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1698

if platform == "darwin":

1699

"connect_ex sometimes causes a kernel panic on OS X 10.6.4"

1700

else:

1701

def test_connect_ex(self):

1702

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1703

If there is a connection error, :py:obj:`Connection.connect_ex` returns the

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1704

errno instead of raising an exception.

"""

port = socket()

port.bind(('', 0))

port.listen(3)

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

1709

Jean-Paul Calderone

7b61487

2010-09-24 17:43:44 -0400

[diff] [blame]

1710

clientSSL = Connection(Context(TLSv1_METHOD), socket())

1711

clientSSL.setblocking(False)

1712

result = clientSSL.connect_ex(port.getsockname())

1713

expected = (EINPROGRESS, EWOULDBLOCK)

1714

self.assertTrue(

1715

result in expected, "%r not in %r" % (result, expected))

Jean-Paul Calderone

55d91f4

2010-07-29 19:22:17 -0400

[diff] [blame]

1716

1717

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1718

def test_accept_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1719

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1720

:py:obj:`Connection.accept` raises :py:obj:`TypeError` if called with any arguments.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1721

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1722

connection = Connection(Context(TLSv1_METHOD), socket())

1723

self.assertRaises(TypeError, connection.accept, None)

1724

1725

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1726

def test_accept(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1727

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1728

:py:obj:`Connection.accept` accepts a pending connection attempt and returns a

1729

tuple of a new :py:obj:`Connection` (the accepted client) and the address the

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1730

connection originated from.

1731

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1732

ctx = Context(TLSv1_METHOD)

1733

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1734

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1735

port = socket()

1736

portSSL = Connection(ctx, port)

1737

portSSL.bind(('', 0))

1738

portSSL.listen(3)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1739

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1740

clientSSL = Connection(Context(TLSv1_METHOD), socket())

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

1741

1742

# Calling portSSL.getsockname() here to get the server IP address sounds

1743

# great, but frequently fails on Windows.

1744

clientSSL.connect(('127.0.0.1', portSSL.getsockname()[1]))

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1745

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

1746

serverSSL, address = portSSL.accept()

1747

1748

self.assertTrue(isinstance(serverSSL, Connection))

1749

self.assertIdentical(serverSSL.get_context(), ctx)

1750

self.assertEquals(address, clientSSL.getsockname())

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

1751

1752

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1753

def test_shutdown_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1754

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1755

:py:obj:`Connection.shutdown` raises :py:obj:`TypeError` if called with the wrong

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1756

number of arguments or with arguments other than integers.

1757

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1758

connection = Connection(Context(TLSv1_METHOD), None)

1759

self.assertRaises(TypeError, connection.shutdown, None)

Jean-Paul Calderone

1d3e022

2010-07-29 22:52:45 -0400

[diff] [blame]

1760

self.assertRaises(TypeError, connection.get_shutdown, None)

1761

self.assertRaises(TypeError, connection.set_shutdown)

1762

self.assertRaises(TypeError, connection.set_shutdown, None)

1763

self.assertRaises(TypeError, connection.set_shutdown, 0, 1)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1764

1765

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1766

def test_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1767

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1768

:py:obj:`Connection.shutdown` performs an SSL-level connection shutdown.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1769

"""

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1770

server, client = self._loopback()

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

1771

self.assertFalse(server.shutdown())

1772

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1773

self.assertRaises(ZeroReturnError, client.recv, 1024)

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

1774

self.assertEquals(client.get_shutdown(), RECEIVED_SHUTDOWN)

1775

client.shutdown()

1776

self.assertEquals(client.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

1777

self.assertRaises(ZeroReturnError, server.recv, 1024)

1778

self.assertEquals(server.get_shutdown(), SENT_SHUTDOWN|RECEIVED_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1779

1780

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

1781

def test_set_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1782

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1783

:py:obj:`Connection.set_shutdown` sets the state of the SSL connection shutdown

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1784

process.

1785

"""

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

1786

connection = Connection(Context(TLSv1_METHOD), socket())

1787

connection.set_shutdown(RECEIVED_SHUTDOWN)

1788

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

1789

1790

Jean-Paul Calderone

2014-02-09 08:49:06 -0500

[diff] [blame]

1791

if not PY3:

1792

def test_set_shutdown_long(self):

1793

"""

1794

On Python 2 :py:obj:`Connection.set_shutdown` accepts an argument

1795

of type :py:obj:`long` as well as :py:obj:`int`.

1796

"""

1797

connection = Connection(Context(TLSv1_METHOD), socket())

1798

connection.set_shutdown(long(RECEIVED_SHUTDOWN))

1799

self.assertEquals(connection.get_shutdown(), RECEIVED_SHUTDOWN)

1800

1801

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1802

def test_app_data_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1803

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1804

:py:obj:`Connection.set_app_data` raises :py:obj:`TypeError` if called with other than

1805

one argument. :py:obj:`Connection.get_app_data` raises :py:obj:`TypeError` if called

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1806

with any arguments.

1807

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1808

conn = Connection(Context(TLSv1_METHOD), None)

1809

self.assertRaises(TypeError, conn.get_app_data, None)

1810

self.assertRaises(TypeError, conn.set_app_data)

1811

self.assertRaises(TypeError, conn.set_app_data, None, None)

1812

1813

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

1814

def test_app_data(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1815

"""

1816

Any object can be set as app data by passing it to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1817

:py:obj:`Connection.set_app_data` and later retrieved with

1818

:py:obj:`Connection.get_app_data`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1819

"""

Jean-Paul Calderone

1bd8c79

2010-07-29 09:51:06 -0400

[diff] [blame]

1820

conn = Connection(Context(TLSv1_METHOD), None)

1821

app_data = object()

1822

conn.set_app_data(app_data)

1823

self.assertIdentical(conn.get_app_data(), app_data)

1824

1825

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1826

def test_makefile(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1827

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1828

:py:obj:`Connection.makefile` is not implemented and calling that method raises

1829

:py:obj:`NotImplementedError`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

1830

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

1831

conn = Connection(Context(TLSv1_METHOD), None)

1832

self.assertRaises(NotImplementedError, conn.makefile)

1833

1834

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1835

def test_get_peer_cert_chain_wrong_args(self):

1836

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1837

:py:obj:`Connection.get_peer_cert_chain` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1838

arguments.

1839

"""

1840

conn = Connection(Context(TLSv1_METHOD), None)

1841

self.assertRaises(TypeError, conn.get_peer_cert_chain, 1)

1842

self.assertRaises(TypeError, conn.get_peer_cert_chain, "foo")

1843

self.assertRaises(TypeError, conn.get_peer_cert_chain, object())

1844

self.assertRaises(TypeError, conn.get_peer_cert_chain, [])

1845

1846

1847

def test_get_peer_cert_chain(self):

1848

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1849

:py:obj:`Connection.get_peer_cert_chain` returns a list of certificates which

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1850

the connected server returned for the certification verification.

1851

"""

1852

chain = _create_certificate_chain()

1853

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1854

1855

serverContext = Context(TLSv1_METHOD)

1856

serverContext.use_privatekey(skey)

1857

serverContext.use_certificate(scert)

1858

serverContext.add_extra_chain_cert(icert)

1859

serverContext.add_extra_chain_cert(cacert)

1860

server = Connection(serverContext, None)

1861

server.set_accept_state()

1862

1863

# Create the client

1864

clientContext = Context(TLSv1_METHOD)

1865

clientContext.set_verify(VERIFY_NONE, verify_cb)

1866

client = Connection(clientContext, None)

1867

client.set_connect_state()

1868

1869

self._interactInMemory(client, server)

1870

1871

chain = client.get_peer_cert_chain()

1872

self.assertEqual(len(chain), 3)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

1873

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1874

"Server Certificate", chain[0].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

1875

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1876

"Intermediate Certificate", chain[1].get_subject().CN)

Jean-Paul Calderone

e33300c

2011-05-19 21:44:38 -0400

[diff] [blame]

1877

self.assertEqual(

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1878

"Authority Certificate", chain[2].get_subject().CN)

1879

1880

1881

def test_get_peer_cert_chain_none(self):

1882

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

1883

:py:obj:`Connection.get_peer_cert_chain` returns :py:obj:`None` if the peer sends no

Jean-Paul Calderone

2011-05-19 22:21:18 -0400

[diff] [blame]

1884

certificate chain.

1885

"""

1886

ctx = Context(TLSv1_METHOD)

1887

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

1888

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

1889

server = Connection(ctx, None)

1890

server.set_accept_state()

1891

client = Connection(Context(TLSv1_METHOD), None)

1892

client.set_connect_state()

1893

self._interactInMemory(client, server)

1894

self.assertIdentical(None, server.get_peer_cert_chain())

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1895

1896

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

1897

def test_get_session_wrong_args(self):

1898

"""

1899

:py:obj:`Connection.get_session` raises :py:obj:`TypeError` if called

1900

with any arguments.

1901

"""

1902

ctx = Context(TLSv1_METHOD)

1903

server = Connection(ctx, None)

1904

self.assertRaises(TypeError, server.get_session, 123)

1905

self.assertRaises(TypeError, server.get_session, "hello")

1906

self.assertRaises(TypeError, server.get_session, object())

1907

1908

1909

def test_get_session_unconnected(self):

1910

"""

1911

:py:obj:`Connection.get_session` returns :py:obj:`None` when used with

1912

an object which has not been connected.

1913

"""

1914

ctx = Context(TLSv1_METHOD)

1915

server = Connection(ctx, None)

1916

session = server.get_session()

1917

self.assertIdentical(None, session)

1918

1919

1920

def test_server_get_session(self):

1921

"""

1922

On the server side of a connection, :py:obj:`Connection.get_session`

1923

returns a :py:class:`Session` instance representing the SSL session for

1924

that connection.

1925

"""

1926

server, client = self._loopback()

1927

session = server.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1928

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

1929

1930

1931

def test_client_get_session(self):

1932

"""

1933

On the client side of a connection, :py:obj:`Connection.get_session`

1934

returns a :py:class:`Session` instance representing the SSL session for

1935

that connection.

1936

"""

1937

server, client = self._loopback()

1938

session = client.get_session()

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1939

self.assertIsInstance(session, Session)

Jean-Paul Calderone

64eaffc

2012-02-13 11:53:49 -0500

[diff] [blame]

1940

1941

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

1942

def test_set_session_wrong_args(self):

1943

"""

1944

If called with an object that is not an instance of :py:class:`Session`,

1945

or with other than one argument, :py:obj:`Connection.set_session` raises

1946

:py:obj:`TypeError`.

1947

"""

1948

ctx = Context(TLSv1_METHOD)

1949

connection = Connection(ctx, None)

1950

self.assertRaises(TypeError, connection.set_session)

1951

self.assertRaises(TypeError, connection.set_session, 123)

1952

self.assertRaises(TypeError, connection.set_session, "hello")

1953

self.assertRaises(TypeError, connection.set_session, object())

1954

self.assertRaises(

1955

TypeError, connection.set_session, Session(), Session())

1956

1957

1958

def test_client_set_session(self):

1959

"""

1960

:py:obj:`Connection.set_session`, when used prior to a connection being

1961

established, accepts a :py:class:`Session` instance and causes an

1962

attempt to re-use the session it represents when the SSL handshake is

1963

performed.

1964

"""

1965

key = load_privatekey(FILETYPE_PEM, server_key_pem)

1966

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

1967

ctx = Context(TLSv1_METHOD)

1968

ctx.use_privatekey(key)

1969

ctx.use_certificate(cert)

1970

ctx.set_session_id("unity-test")

1971

1972

def makeServer(socket):

1973

server = Connection(ctx, socket)

1974

server.set_accept_state()

1975

return server

1976

1977

originalServer, originalClient = self._loopback(

1978

serverFactory=makeServer)

1979

originalSession = originalClient.get_session()

1980

1981

def makeClient(socket):

1982

client = self._loopbackClientFactory(socket)

1983

client.set_session(originalSession)

1984

return client

1985

resumedServer, resumedClient = self._loopback(

1986

serverFactory=makeServer,

1987

clientFactory=makeClient)

1988

1989

# This is a proxy: in general, we have no access to any unique

1990

# identifier for the session (new enough versions of OpenSSL expose a

1991

# hash which could be usable, but "new enough" is very, very new).

1992

# Instead, exploit the fact that the master key is re-used if the

1993

# session is re-used. As long as the master key for the two connections

1994

# is the same, the session was re-used!

1995

self.assertEqual(

1996

originalServer.master_key(), resumedServer.master_key())

1997

1998

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

1999

def test_set_session_wrong_method(self):

2000

"""

Jean-Paul Calderone

068cb59

2012-02-14 16:52:43 -0500

[diff] [blame]

2001

If :py:obj:`Connection.set_session` is passed a :py:class:`Session`

2002

instance associated with a context using a different SSL method than the

2003

:py:obj:`Connection` is using, a :py:class:`OpenSSL.SSL.Error` is

2004

raised.

Jean-Paul Calderone

5ea4149

2012-02-14 16:51:35 -0500

[diff] [blame]

2005

"""

2006

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2007

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

2008

ctx = Context(TLSv1_METHOD)

2009

ctx.use_privatekey(key)

2010

ctx.use_certificate(cert)

2011

ctx.set_session_id("unity-test")

2012

2013

def makeServer(socket):

2014

server = Connection(ctx, socket)

2015

server.set_accept_state()

2016

return server

2017

2018

originalServer, originalClient = self._loopback(

2019

serverFactory=makeServer)

2020

originalSession = originalClient.get_session()

2021

2022

def makeClient(socket):

2023

# Intentionally use a different, incompatible method here.

2024

client = Connection(Context(SSLv3_METHOD), socket)

2025

client.set_connect_state()

2026

client.set_session(originalSession)

return client

self.assertRaises(

Error,

self._loopback, clientFactory=makeClient, serverFactory=makeServer)

2032

2033

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2034

def test_wantWriteError(self):

2035

"""

2036

:py:obj:`Connection` methods which generate output raise

2037

:py:obj:`OpenSSL.SSL.WantWriteError` if writing to the connection's BIO

2038

fail indicating a should-write state.

2039

"""

2040

client_socket, server_socket = socket_pair()

2041

# Fill up the client's send buffer so Connection won't be able to write

Jean-Paul Calderone

bbff8b9

2014-03-22 14:20:30 -0400

[diff] [blame]

2042

# anything. Only write a single byte at a time so we can be sure we

2043

# completely fill the buffer. Even though the socket API is allowed to

2044

# signal a short write via its return value it seems this doesn't

2045

# always happen on all platforms (FreeBSD and OS X particular) for the

2046

# very last bit of available buffer space.

2047

msg = b"x"

2048

for i in range(1024 * 1024 * 4):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2049

try:

2050

client_socket.send(msg)

2051

except error as e:

2052

if e.errno == EWOULDBLOCK:

break

raise

else:

self.fail(

"Failed to fill socket buffer, cannot test BIO want write")

2058

2059

ctx = Context(TLSv1_METHOD)

2060

conn = Connection(ctx, client_socket)

2061

# Client's speak first, so make it an SSL client

2062

conn.set_connect_state()

2063

self.assertRaises(WantWriteError, conn.do_handshake)

# XXX want_read

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2067

def test_get_finished_before_connect(self):

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2068

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2069

:py:obj:`Connection.get_finished` returns :py:obj:`None` before TLS

2070

handshake is completed.

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2071

"""

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2072

ctx = Context(TLSv1_METHOD)

2073

connection = Connection(ctx, None)

2074

self.assertEqual(connection.get_finished(), None)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2075

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2076

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2077

def test_get_peer_finished_before_connect(self):

2078

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2079

:py:obj:`Connection.get_peer_finished` returns :py:obj:`None` before

2080

TLS handshake is completed.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2081

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2082

ctx = Context(TLSv1_METHOD)

2083

connection = Connection(ctx, None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2084

self.assertEqual(connection.get_peer_finished(), None)

2085

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2086

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2087

def test_get_finished(self):

2088

"""

2089

:py:obj:`Connection.get_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2090

message send from client, or server. Finished messages are send during

2091

TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2092

"""

2093

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2094

server, client = self._loopback()

2095

2096

self.assertNotEqual(server.get_finished(), None)

2097

self.assertTrue(len(server.get_finished()) > 0)

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2098

Jean-Paul Calderone

d979f23

2014-03-30 11:58:00 -0400

[diff] [blame]

2099

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2100

def test_get_peer_finished(self):

2101

"""

2102

:py:obj:`Connection.get_peer_finished` method returns the TLS Finished

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2103

message received from client, or server. Finished messages are send

2104

during TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2105

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2106

server, client = self._loopback()

2107

2108

self.assertNotEqual(server.get_peer_finished(), None)

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2109

self.assertTrue(len(server.get_peer_finished()) > 0)

2110

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2111

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2112

def test_tls_finished_message_symmetry(self):

2113

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2114

The TLS Finished message send by server must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2115

received by client.

2116

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2117

The TLS Finished message send by client must be the TLS Finished message

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2118

received by server.

2119

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2120

server, client = self._loopback()

2121

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2122

self.assertEqual(server.get_finished(), client.get_peer_finished())

2123

self.assertEqual(client.get_finished(), server.get_peer_finished())

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2124

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2125

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2126

def test_get_cipher_name_before_connect(self):

2127

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2128

:py:obj:`Connection.get_cipher_name` returns :py:obj:`None` if no

2129

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2130

"""

2131

ctx = Context(TLSv1_METHOD)

2132

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2133

self.assertIdentical(conn.get_cipher_name(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2134

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2135

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2136

def test_get_cipher_name(self):

2137

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2138

:py:obj:`Connection.get_cipher_name` returns a :py:class:`unicode`

2139

string giving the name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2140

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2141

server, client = self._loopback()

2142

server_cipher_name, client_cipher_name = \

2143

server.get_cipher_name(), client.get_cipher_name()

2144

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2145

self.assertIsInstance(server_cipher_name, text_type)

2146

self.assertIsInstance(client_cipher_name, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2147

2148

self.assertEqual(server_cipher_name, client_cipher_name)

2149

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2150

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2151

def test_get_cipher_version_before_connect(self):

2152

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2153

:py:obj:`Connection.get_cipher_version` returns :py:obj:`None` if no

2154

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2155

"""

2156

ctx = Context(TLSv1_METHOD)

2157

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2158

self.assertIdentical(conn.get_cipher_version(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2159

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2160

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2161

def test_get_cipher_version(self):

2162

"""

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2163

:py:obj:`Connection.get_cipher_version` returns a :py:class:`unicode`

2164

string giving the protocol name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2165

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2166

server, client = self._loopback()

2167

server_cipher_version, client_cipher_version = \

2168

server.get_cipher_version(), client.get_cipher_version()

2169

Jean-Paul Calderone

2014-03-30 10:34:17 -0400

[diff] [blame]

2170

self.assertIsInstance(server_cipher_version, text_type)

2171

self.assertIsInstance(client_cipher_version, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2172

2173

self.assertEqual(server_cipher_version, client_cipher_version)

2174

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2175

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2176

def test_get_cipher_bits_before_connect(self):

2177

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2178

:py:obj:`Connection.get_cipher_bits` returns :py:obj:`None` if no

2179

connection has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2180

"""

2181

ctx = Context(TLSv1_METHOD)

2182

conn = Connection(ctx, None)

Jean-Paul Calderone

069e2bf

2014-03-29 18:21:58 -0400

[diff] [blame]

2183

self.assertIdentical(conn.get_cipher_bits(), None)

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2184

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2185

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2186

def test_get_cipher_bits(self):

2187

"""

Jean-Paul Calderone

2014-03-30 11:28:54 -0400

[diff] [blame]

2188

:py:obj:`Connection.get_cipher_bits` returns the number of secret bits

2189

of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2190

"""

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2191

server, client = self._loopback()

2192

server_cipher_bits, client_cipher_bits = \

2193

server.get_cipher_bits(), client.get_cipher_bits()

2194

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2195

self.assertIsInstance(server_cipher_bits, int)

2196

self.assertIsInstance(client_cipher_bits, int)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2197

2198

self.assertEqual(server_cipher_bits, client_cipher_bits)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2199

Jean-Paul Calderone

2014-03-29 18:09:40 -0400

[diff] [blame]

2200

2201

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2202

class ConnectionGetCipherListTests(TestCase):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2203

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2204

Tests for :py:obj:`Connection.get_cipher_list`.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2205

"""

Jean-Paul Calderone

54a2bc0

2010-09-09 17:52:38 -0400

[diff] [blame]

2206

def test_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2207

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2208

:py:obj:`Connection.get_cipher_list` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2209

arguments.

2210

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2211

connection = Connection(Context(TLSv1_METHOD), None)

2212

self.assertRaises(TypeError, connection.get_cipher_list, None)

2213

2214

2215

def test_result(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2216

"""

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2217

:py:obj:`Connection.get_cipher_list` returns a :py:obj:`list` of

2218

:py:obj:`bytes` giving the names of the ciphers which might be used.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2219

"""

Jean-Paul Calderone

f135e62

2010-07-28 19:14:16 -0400

[diff] [blame]

2220

connection = Connection(Context(TLSv1_METHOD), None)

2221

ciphers = connection.get_cipher_list()

2222

self.assertTrue(isinstance(ciphers, list))

2223

for cipher in ciphers:

2224

self.assertTrue(isinstance(cipher, str))

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2228

class ConnectionSendTests(TestCase, _LoopbackMixin):

2229

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2230

Tests for :py:obj:`Connection.send`

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2231

"""

2232

def test_wrong_args(self):

2233

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2234

When called with arguments other than string argument for its first

2235

parameter or more than two arguments, :py:obj:`Connection.send` raises

2236

:py:obj:`TypeError`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2237

"""

2238

connection = Connection(Context(TLSv1_METHOD), None)

Jean-Paul Calderone

77fa260

2011-01-05 18:23:39 -0500

[diff] [blame]

2239

self.assertRaises(TypeError, connection.send)

2240

self.assertRaises(TypeError, connection.send, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2241

self.assertRaises(TypeError, connection.send, "foo", object(), "bar")

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2242

2243

2244

def test_short_bytes(self):

2245

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2246

When passed a short byte string, :py:obj:`Connection.send` transmits all of it

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2247

and returns the number of bytes sent.

2248

"""

2249

server, client = self._loopback()

2250

count = server.send(b('xy'))

2251

self.assertEquals(count, 2)

2252

self.assertEquals(client.recv(2), b('xy'))

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2258

else:

2259

def test_short_memoryview(self):

2260

"""

2261

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2262

:py:obj:`Connection.send` transmits all of them and returns the number of

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

2263

bytes sent.

2264

"""

2265

server, client = self._loopback()

2266

count = server.send(memoryview(b('xy')))

2267

self.assertEquals(count, 2)

2268

self.assertEquals(client.recv(2), b('xy'))

2269

2270

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

try:

buffer

except NameError:

"cannot test sending buffer without buffer"

2275

else:

2276

def test_short_buffer(self):

2277

"""

2278

When passed a buffer containing a small number of bytes,

2279

:py:obj:`Connection.send` transmits all of them and returns the number of

2280

bytes sent.

2281

"""

2282

server, client = self._loopback()

2283

count = server.send(buffer(b('xy')))

2284

self.assertEquals(count, 2)

2285

self.assertEquals(client.recv(2), b('xy'))

2286

2287

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2288

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2289

class ConnectionSendallTests(TestCase, _LoopbackMixin):

2290

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2291

Tests for :py:obj:`Connection.sendall`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2292

"""

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2293

def test_wrong_args(self):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2294

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2295

When called with arguments other than a string argument for its first

2296

parameter or with more than two arguments, :py:obj:`Connection.sendall`

2297

raises :py:obj:`TypeError`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2298

"""

2299

connection = Connection(Context(TLSv1_METHOD), None)

2300

self.assertRaises(TypeError, connection.sendall)

2301

self.assertRaises(TypeError, connection.sendall, object())

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2302

self.assertRaises(

2303

TypeError, connection.sendall, "foo", object(), "bar")

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2304

2305

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2306

def test_short(self):

2307

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2308

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2309

it.

2310

"""

2311

server, client = self._loopback()

Jean-Paul Calderone

2010-08-22 21:38:34 -0400

[diff] [blame]

2312

server.sendall(b('x'))

2313

self.assertEquals(client.recv(1), b('x'))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2314

2315

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

try:

memoryview

except NameError:

"cannot test sending memoryview without memoryview"

2320

else:

2321

def test_short_memoryview(self):

2322

"""

2323

When passed a memoryview onto a small number of bytes,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2324

:py:obj:`Connection.sendall` transmits all of them.

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

2325

"""

2326

server, client = self._loopback()

2327

server.sendall(memoryview(b('x')))

2328

self.assertEquals(client.recv(1), b('x'))

2329

2330

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

try:

buffer

except NameError:

"cannot test sending buffers without buffers"

2335

else:

2336

def test_short_buffers(self):

2337

"""

2338

When passed a buffer containing a small number of bytes,

2339

:py:obj:`Connection.sendall` transmits all of them.

2340

"""

2341

server, client = self._loopback()

2342

server.sendall(buffer(b('x')))

2343

self.assertEquals(client.recv(1), b('x'))

2344

2345

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2346

def test_long(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2347

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2348

:py:obj:`Connection.sendall` transmits all of the bytes in the string passed to

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2349

it even if this requires multiple calls of an underlying write function.

2350

"""

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2351

server, client = self._loopback()

Jean-Paul Calderone

6241c70

2010-09-16 19:59:24 -0400

[diff] [blame]

2352

# Should be enough, underlying SSL_write should only do 16k at a time.

2353

# On Windows, after 32k of bytes the write will block (forever - because

2354

# no one is yet reading).

Jean-Paul Calderone

9e4c135

2010-09-19 09:34:43 -0400

[diff] [blame]

2355

message = b('x') * (1024 * 32 - 1) + b('y')

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2356

server.sendall(message)

2357

accum = []

2358

received = 0

2359

while received < len(message):

Jean-Paul Calderone

2010-08-22 21:40:52 -0400

[diff] [blame]

2360

data = client.recv(1024)

2361

accum.append(data)

2362

received += len(data)

Jean-Paul Calderone

f404785

2010-09-19 09:45:57 -0400

[diff] [blame]

2363

self.assertEquals(message, b('').join(accum))

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2364

2365

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2366

def test_closed(self):

2367

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2368

If the underlying socket is closed, :py:obj:`Connection.sendall` propagates the

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2369

write error from the low level write call.

2370

"""

2371

server, client = self._loopback()

Jean-Paul Calderone

05d43e8

2010-09-24 18:01:36 -0400

[diff] [blame]

2372

server.sock_shutdown(2)

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2373

exc = self.assertRaises(SysCallError, server.sendall, b"hello, world")

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

2374

if platform == "win32":

2375

self.assertEqual(exc.args[0], ESHUTDOWN)

2376

else:

2377

self.assertEqual(exc.args[0], EPIPE)

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

2378

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

2379

Jean-Paul Calderone

2010-07-29 09:05:53 -0400

[diff] [blame]

2380

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2381

class ConnectionRenegotiateTests(TestCase, _LoopbackMixin):

2382

"""

2383

Tests for SSL renegotiation APIs.

2384

"""

2385

def test_renegotiate_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2386

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2387

:py:obj:`Connection.renegotiate` raises :py:obj:`TypeError` if called with any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2388

arguments.

2389

"""

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2390

connection = Connection(Context(TLSv1_METHOD), None)

2391

self.assertRaises(TypeError, connection.renegotiate, None)

2392

2393

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2394

def test_total_renegotiations_wrong_args(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2395

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2396

:py:obj:`Connection.total_renegotiations` raises :py:obj:`TypeError` if called with

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2397

any arguments.

2398

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2399

connection = Connection(Context(TLSv1_METHOD), None)

2400

self.assertRaises(TypeError, connection.total_renegotiations, None)

2401

2402

2403

def test_total_renegotiations(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2404

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2405

:py:obj:`Connection.total_renegotiations` returns :py:obj:`0` before any

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2406

renegotiations have happened.

2407

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2408

connection = Connection(Context(TLSv1_METHOD), None)

2409

self.assertEquals(connection.total_renegotiations(), 0)

2410

2411

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

2412

# def test_renegotiate(self):

2413

# """

2414

# """

2415

# server, client = self._loopback()

2416

2417

# server.send("hello world")

2418

# self.assertEquals(client.recv(len("hello world")), "hello world")

2419

2420

# self.assertEquals(server.total_renegotiations(), 0)

2421

# self.assertTrue(server.renegotiate())

2422

2423

# server.setblocking(False)

2424

# client.setblocking(False)

2425

# while server.renegotiate_pending():

2426

# client.do_handshake()

2427

# server.do_handshake()

2428

2429

# self.assertEquals(server.total_renegotiations(), 1)

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2434

class ErrorTests(TestCase):

2435

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2436

Unit tests for :py:obj:`OpenSSL.SSL.Error`.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2437

"""

2438

def test_type(self):

2439

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2440

:py:obj:`Error` is an exception type.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2441

"""

2442

self.assertTrue(issubclass(Error, Exception))

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2443

self.assertEqual(Error.__name__, 'Error')

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2447

class ConstantsTests(TestCase):

2448

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2449

Tests for the values of constants exposed in :py:obj:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2450

2451

These are values defined by OpenSSL intended only to be used as flags to

2452

OpenSSL APIs. The only assertions it seems can be made about them is

2453

their values.

2454

"""

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2455

# unittest.TestCase has no skip mechanism

2456

if OP_NO_QUERY_MTU is not None:

2457

def test_op_no_query_mtu(self):

2458

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2459

The value of :py:obj:`OpenSSL.SSL.OP_NO_QUERY_MTU` is 0x1000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2460

:py:const:`SSL_OP_NO_QUERY_MTU` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2461

"""

2462

self.assertEqual(OP_NO_QUERY_MTU, 0x1000)

2463

else:

2464

"OP_NO_QUERY_MTU unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2465

2466

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2467

if OP_COOKIE_EXCHANGE is not None:

2468

def test_op_cookie_exchange(self):

2469

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2470

The value of :py:obj:`OpenSSL.SSL.OP_COOKIE_EXCHANGE` is 0x2000, the value

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2471

of :py:const:`SSL_OP_COOKIE_EXCHANGE` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2472

"""

2473

self.assertEqual(OP_COOKIE_EXCHANGE, 0x2000)

2474

else:

2475

"OP_COOKIE_EXCHANGE unavailable - OpenSSL version may be too old"

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

2476

2477

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2478

if OP_NO_TICKET is not None:

2479

def test_op_no_ticket(self):

2480

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2481

The value of :py:obj:`OpenSSL.SSL.OP_NO_TICKET` is 0x4000, the value of

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2482

:py:const:`SSL_OP_NO_TICKET` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2483

"""

2484

self.assertEqual(OP_NO_TICKET, 0x4000)

Jean-Paul Calderone

cebd178

2011-09-11 10:01:31 -0400

[diff] [blame]

2485

else:

Jean-Paul Calderone

2008-12-28 22:59:15 -0500

[diff] [blame]

2486

"OP_NO_TICKET unavailable - OpenSSL version may be too old"

Rick Dean

5b7b637

2009-04-01 11:34:06 -0500

[diff] [blame]

2487

2488

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

2489

if OP_NO_COMPRESSION is not None:

2490

def test_op_no_compression(self):

2491

"""

Jean-Paul Calderone

2011-09-11 10:00:09 -0400

[diff] [blame]

2492

The value of :py:obj:`OpenSSL.SSL.OP_NO_COMPRESSION` is 0x20000, the value

2493

of :py:const:`SSL_OP_NO_COMPRESSION` defined by :file:`openssl/ssl.h`.

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

2494

"""

2495

self.assertEqual(OP_NO_COMPRESSION, 0x20000)

2496

else:

2497

"OP_NO_COMPRESSION unavailable - OpenSSL version may be too old"

2498

2499

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2500

def test_sess_cache_off(self):

2501

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2502

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_OFF` 0x0, the value of

2503

:py:obj:`SSL_SESS_CACHE_OFF` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2504

"""

2505

self.assertEqual(0x0, SESS_CACHE_OFF)

2506

2507

2508

def test_sess_cache_client(self):

2509

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2510

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_CLIENT` 0x1, the value of

2511

:py:obj:`SSL_SESS_CACHE_CLIENT` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2512

"""

2513

self.assertEqual(0x1, SESS_CACHE_CLIENT)

2514

2515

2516

def test_sess_cache_server(self):

2517

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2518

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_SERVER` 0x2, the value of

2519

:py:obj:`SSL_SESS_CACHE_SERVER` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2520

"""

2521

self.assertEqual(0x2, SESS_CACHE_SERVER)

2522

2523

2524

def test_sess_cache_both(self):

2525

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2526

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_BOTH` 0x3, the value of

2527

:py:obj:`SSL_SESS_CACHE_BOTH` defined by ``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2528

"""

2529

self.assertEqual(0x3, SESS_CACHE_BOTH)

2530

2531

2532

def test_sess_cache_no_auto_clear(self):

2533

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2534

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_AUTO_CLEAR` 0x80, the

2535

value of :py:obj:`SSL_SESS_CACHE_NO_AUTO_CLEAR` defined by

2536

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2537

"""

2538

self.assertEqual(0x80, SESS_CACHE_NO_AUTO_CLEAR)

2539

2540

2541

def test_sess_cache_no_internal_lookup(self):

2542

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2543

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_LOOKUP` 0x100,

2544

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_LOOKUP` defined by

2545

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2546

"""

2547

self.assertEqual(0x100, SESS_CACHE_NO_INTERNAL_LOOKUP)

2548

2549

2550

def test_sess_cache_no_internal_store(self):

2551

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2552

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_STORE` 0x200,

2553

the value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL_STORE` defined by

2554

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2555

"""

2556

self.assertEqual(0x200, SESS_CACHE_NO_INTERNAL_STORE)

2557

2558

2559

def test_sess_cache_no_internal(self):

2560

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2561

The value of :py:obj:`OpenSSL.SSL.SESS_CACHE_NO_INTERNAL` 0x300, the

2562

value of :py:obj:`SSL_SESS_CACHE_NO_INTERNAL` defined by

2563

``openssl/ssl.h``.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

2564

"""

2565

self.assertEqual(0x300, SESS_CACHE_NO_INTERNAL)

2566

2567

Jean-Paul Calderone

eeee26a

2009-04-27 11:24:30 -0400

[diff] [blame]

2568

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2569

class MemoryBIOTests(TestCase, _LoopbackMixin):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2570

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2571

Tests for :py:obj:`OpenSSL.SSL.Connection` using a memory BIO.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2572

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2573

def _server(self, sock):

2574

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2575

Create a new server-side SSL :py:obj:`Connection` object wrapped around

2576

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2577

"""

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2578

# Create the server side Connection. This is mostly setup boilerplate

2579

# - use TLSv1, use a particular certificate, etc.

2580

server_ctx = Context(TLSv1_METHOD)

2581

server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

2582

server_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

2583

server_store = server_ctx.get_cert_store()

2584

server_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2585

server_ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

2586

server_ctx.check_privatekey()

2587

server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2588

# Here the Connection is actually created. If None is passed as the 2nd

2589

# parameter, it indicates a memory BIO should be created.

2590

server_conn = Connection(server_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2591

server_conn.set_accept_state()

return server_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2595

def _client(self, sock):

2596

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2597

Create a new client-side SSL :py:obj:`Connection` object wrapped around

2598

:py:obj:`sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2599

"""

2600

# Now create the client side Connection. Similar boilerplate to the

2601

# above.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2602

client_ctx = Context(TLSv1_METHOD)

2603

client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE )

2604

client_ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT|VERIFY_CLIENT_ONCE, verify_cb)

2605

client_store = client_ctx.get_cert_store()

2606

client_ctx.use_privatekey(load_privatekey(FILETYPE_PEM, client_key_pem))

2607

client_ctx.use_certificate(load_certificate(FILETYPE_PEM, client_cert_pem))

2608

client_ctx.check_privatekey()

2609

client_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2610

client_conn = Connection(client_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2611

client_conn.set_connect_state()

return client_conn

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2615

def test_memoryConnect(self):

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2616

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2617

Two :py:obj:`Connection`s which use memory BIOs can be manually connected by

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2618

reading from the output of each and writing those bytes to the input of

2619

the other and in this way establish a connection and exchange

2620

application-level bytes with each other.

2621

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2622

server_conn = self._server(None)

2623

client_conn = self._client(None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2624

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2625

# There should be no key or nonces yet.

2626

self.assertIdentical(server_conn.master_key(), None)

2627

self.assertIdentical(server_conn.client_random(), None)

2628

self.assertIdentical(server_conn.server_random(), None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2629

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2630

# First, the handshake needs to happen. We'll deliver bytes back and

2631

# forth between the client and server until neither of them feels like

2632

# speaking any more.

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2633

self.assertIdentical(

2634

self._interactInMemory(client_conn, server_conn), None)

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2635

2636

# Now that the handshake is done, there should be a key and nonces.

2637

self.assertNotIdentical(server_conn.master_key(), None)

2638

self.assertNotIdentical(server_conn.client_random(), None)

2639

self.assertNotIdentical(server_conn.server_random(), None)

Jean-Paul Calderone

6c051e6

2009-07-05 13:50:34 -0400

[diff] [blame]

2640

self.assertEquals(server_conn.client_random(), client_conn.client_random())

2641

self.assertEquals(server_conn.server_random(), client_conn.server_random())

2642

self.assertNotEquals(server_conn.client_random(), server_conn.server_random())

2643

self.assertNotEquals(client_conn.client_random(), client_conn.server_random())

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2644

2645

# Here are the bytes we'll try to send.

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

2646

important_message = b('One if by land, two if by sea.')

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2647

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2648

server_conn.write(important_message)

2649

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2650

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2651

(client_conn, important_message))

2652

2653

client_conn.write(important_message[::-1])

2654

self.assertEquals(

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2655

self._interactInMemory(client_conn, server_conn),

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

2656

(server_conn, important_message[::-1]))

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2657

2658

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2659

def test_socketConnect(self):

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2660

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2661

Just like :py:obj:`test_memoryConnect` but with an actual socket.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2662

2663

This is primarily to rule out the memory BIO code as the source of

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2664

any problems encountered while passing data over a :py:obj:`Connection` (if

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2665

this test fails, there must be a problem outside the memory BIO

2666

code, as no memory BIO is involved here). Even though this isn't a

2667

memory BIO test, it's convenient to have it here.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2668

"""

Jean-Paul Calderone

06c7cc9

2010-09-24 23:52:00 -0400

[diff] [blame]

2669

server_conn, client_conn = self._loopback()

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2670

Jean-Paul Calderone

a441fdc

2010-08-22 21:33:57 -0400

[diff] [blame]

2671

important_message = b("Help me Obi Wan Kenobi, you're my only hope.")

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

2672

client_conn.send(important_message)

2673

msg = server_conn.recv(1024)

2674

self.assertEqual(msg, important_message)

2675

2676

# Again in the other direction, just for fun.

2677

important_message = important_message[::-1]

2678

server_conn.send(important_message)

2679

msg = client_conn.recv(1024)

2680

self.assertEqual(msg, important_message)

2681

2682

Jean-Paul Calderone

fc4ed0f

2009-04-27 11:51:27 -0400

[diff] [blame]

2683

def test_socketOverridesMemory(self):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2684

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2685

Test that :py:obj:`OpenSSL.SSL.bio_read` and :py:obj:`OpenSSL.SSL.bio_write` don't

2686

work on :py:obj:`OpenSSL.SSL.Connection`() that use sockets.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

2687

"""

2688

context = Context(SSLv3_METHOD)

2689

client = socket()

2690

clientSSL = Connection(context, client)

2691

self.assertRaises( TypeError, clientSSL.bio_read, 100)

2692

self.assertRaises( TypeError, clientSSL.bio_write, "foo")

Jean-Paul Calderone

07acf3f

2009-05-05 13:23:28 -0400

[diff] [blame]

2693

self.assertRaises( TypeError, clientSSL.bio_shutdown )

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2694

2695

2696

def test_outgoingOverflow(self):

2697

"""

2698

If more bytes than can be written to the memory BIO are passed to

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2699

:py:obj:`Connection.send` at once, the number of bytes which were written is

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2700

returned and that many bytes from the beginning of the input can be

2701

read from the other end of the connection.

2702

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2703

server = self._server(None)

2704

client = self._client(None)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2705

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2706

self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2707

2708

size = 2 ** 15

Jean-Paul Calderone

2014-01-11 11:58:41 -0500

[diff] [blame]

2709

sent = client.send(b"x" * size)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2710

# Sanity check. We're trying to test what happens when the entire

2711

# input can't be sent. If the entire input was sent, this test is

2712

# meaningless.

2713

self.assertTrue(sent < size)

2714

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2715

receiver, received = self._interactInMemory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

2716

self.assertIdentical(receiver, server)

2717

2718

# We can rely on all of these bytes being received at once because

2719

# _loopback passes 2 ** 16 to recv - more than 2 ** 15.

2720

self.assertEquals(len(received), sent)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

2721

2722

2723

def test_shutdown(self):

2724

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2725

:py:obj:`Connection.bio_shutdown` signals the end of the data stream from

2726

which the :py:obj:`Connection` reads.

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

2727

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

2728

server = self._server(None)

Jean-Paul Calderone

3ad85d4

2009-04-30 20:24:35 -0400

[diff] [blame]

2729

server.bio_shutdown()

2730

e = self.assertRaises(Error, server.recv, 1024)

2731

# We don't want WantReadError or ZeroReturnError or anything - it's a

2732

# handshake failure.

2733

self.assertEquals(e.__class__, Error)

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

2734

2735

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2736

def test_unexpectedEndOfFile(self):

2737

"""

2738

If the connection is lost before an orderly SSL shutdown occurs,

2739

:py:obj:`OpenSSL.SSL.SysCallError` is raised with a message of

2740

"Unexpected EOF".

2741

"""

2742

server_conn, client_conn = self._loopback()

2743

client_conn.sock_shutdown(SHUT_RDWR)

2744

exc = self.assertRaises(SysCallError, server_conn.recv, 1024)

2745

self.assertEqual(exc.args, (-1, "Unexpected EOF"))

2746

2747

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2748

def _check_client_ca_list(self, func):

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2749

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2750

Verify the return value of the :py:obj:`get_client_ca_list` method for server and client connections.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2751

Jonathan Ballet

78b92a2

2011-07-16 08:07:26 +0900

[diff] [blame]

2752

:param func: A function which will be called with the server context

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2753

before the client and server are connected to each other. This

2754

function should specify a list of CAs for the server to send to the

2755

client and return that same list. The list will be used to verify

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2756

that :py:obj:`get_client_ca_list` returns the proper value at various

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2757

times.

2758

"""

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2759

server = self._server(None)

2760

client = self._client(None)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2761

self.assertEqual(client.get_client_ca_list(), [])

2762

self.assertEqual(server.get_client_ca_list(), [])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2763

ctx = server.get_context()

2764

expected = func(ctx)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2765

self.assertEqual(client.get_client_ca_list(), [])

2766

self.assertEqual(server.get_client_ca_list(), expected)

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

2767

self._interactInMemory(client, server)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2768

self.assertEqual(client.get_client_ca_list(), expected)

2769

self.assertEqual(server.get_client_ca_list(), expected)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2770

2771

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2772

def test_set_client_ca_list_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2773

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2774

:py:obj:`Context.set_client_ca_list` raises a :py:obj:`TypeError` if called with a

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2775

non-list or a list that contains objects other than X509Names.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2776

"""

2777

ctx = Context(TLSv1_METHOD)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2778

self.assertRaises(TypeError, ctx.set_client_ca_list, "spam")

2779

self.assertRaises(TypeError, ctx.set_client_ca_list, ["spam"])

2780

self.assertIdentical(ctx.set_client_ca_list([]), None)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2781

2782

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2783

def test_set_empty_ca_list(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2784

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2785

If passed an empty list, :py:obj:`Context.set_client_ca_list` configures the

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2786

context to send no CA names to the client and, on both the server and

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2787

client sides, :py:obj:`Connection.get_client_ca_list` returns an empty list

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2788

after the connection is set up.

2789

"""

2790

def no_ca(ctx):

2791

ctx.set_client_ca_list([])

2792

return []

2793

self._check_client_ca_list(no_ca)

2794

2795

2796

def test_set_one_ca_list(self):

2797

"""

2798

If passed a list containing a single X509Name,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2799

:py:obj:`Context.set_client_ca_list` configures the context to send that CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2800

name to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2801

:py:obj:`Connection.get_client_ca_list` returns a list containing that

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2802

X509Name after the connection is set up.

2803

"""

2804

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2805

cadesc = cacert.get_subject()

2806

def single_ca(ctx):

2807

ctx.set_client_ca_list([cadesc])

2808

return [cadesc]

2809

self._check_client_ca_list(single_ca)

2810

2811

2812

def test_set_multiple_ca_list(self):

2813

"""

2814

If passed a list containing multiple X509Name objects,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2815

:py:obj:`Context.set_client_ca_list` configures the context to send those CA

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2816

names to the client and, on both the server and client sides,

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2817

:py:obj:`Connection.get_client_ca_list` returns a list containing those

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2818

X509Names after the connection is set up.

2819

"""

2820

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2821

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2822

2823

sedesc = secert.get_subject()

2824

cldesc = clcert.get_subject()

2825

2826

def multiple_ca(ctx):

2827

L = [sedesc, cldesc]

2828

ctx.set_client_ca_list(L)

2829

return L

2830

self._check_client_ca_list(multiple_ca)

2831

2832

2833

def test_reset_ca_list(self):

2834

"""

2835

If called multiple times, only the X509Names passed to the final call

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2836

of :py:obj:`Context.set_client_ca_list` are used to configure the CA names

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2837

sent to the client.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2838

"""

2839

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2840

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2841

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2842

2843

cadesc = cacert.get_subject()

2844

sedesc = secert.get_subject()

2845

cldesc = clcert.get_subject()

2846

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2847

def changed_ca(ctx):

2848

ctx.set_client_ca_list([sedesc, cldesc])

2849

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2850

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2851

self._check_client_ca_list(changed_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2852

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2853

2854

def test_mutated_ca_list(self):

2855

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2856

If the list passed to :py:obj:`Context.set_client_ca_list` is mutated

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2857

afterwards, this does not affect the list of CA names sent to the

2858

client.

2859

"""

2860

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2861

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2862

2863

cadesc = cacert.get_subject()

2864

sedesc = secert.get_subject()

2865

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2866

def mutated_ca(ctx):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2867

L = [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2868

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2869

L.append(sedesc)

2870

return [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2871

self._check_client_ca_list(mutated_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2872

2873

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2874

def test_add_client_ca_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2875

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2876

:py:obj:`Context.add_client_ca` raises :py:obj:`TypeError` if called with a non-X509

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2877

object or with a number of arguments other than one.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2878

"""

2879

ctx = Context(TLSv1_METHOD)

2880

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2881

self.assertRaises(TypeError, ctx.add_client_ca)

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2882

self.assertRaises(TypeError, ctx.add_client_ca, "spam")

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

2883

self.assertRaises(TypeError, ctx.add_client_ca, cacert, cacert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2884

2885

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2886

def test_one_add_client_ca(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2887

"""

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2888

A certificate's subject can be added as a CA to be sent to the client

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2889

with :py:obj:`Context.add_client_ca`.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2890

"""

2891

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2892

cadesc = cacert.get_subject()

2893

def single_ca(ctx):

2894

ctx.add_client_ca(cacert)

2895

return [cadesc]

2896

self._check_client_ca_list(single_ca)

2897

2898

2899

def test_multiple_add_client_ca(self):

2900

"""

2901

Multiple CA names can be sent to the client by calling

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2902

:py:obj:`Context.add_client_ca` with multiple X509 objects.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2903

"""

2904

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2905

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2906

2907

cadesc = cacert.get_subject()

2908

sedesc = secert.get_subject()

2909

2910

def multiple_ca(ctx):

2911

ctx.add_client_ca(cacert)

2912

ctx.add_client_ca(secert)

2913

return [cadesc, sedesc]

2914

self._check_client_ca_list(multiple_ca)

2915

2916

2917

def test_set_and_add_client_ca(self):

2918

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2919

A call to :py:obj:`Context.set_client_ca_list` followed by a call to

2920

:py:obj:`Context.add_client_ca` results in using the CA names from the first

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2921

call and the CA name from the second call.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2922

"""

2923

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2924

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2925

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2926

2927

cadesc = cacert.get_subject()

2928

sedesc = secert.get_subject()

2929

cldesc = clcert.get_subject()

2930

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2931

def mixed_set_add_ca(ctx):

2932

ctx.set_client_ca_list([cadesc, sedesc])

2933

ctx.add_client_ca(clcert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2934

return [cadesc, sedesc, cldesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2935

self._check_client_ca_list(mixed_set_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2936

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2937

2938

def test_set_after_add_client_ca(self):

2939

"""

Jonathan Ballet

2011-07-16 14:14:58 +0900

[diff] [blame]

2940

A call to :py:obj:`Context.set_client_ca_list` after a call to

2941

:py:obj:`Context.add_client_ca` replaces the CA name specified by the former

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2942

call with the names specified by the latter cal.

2943

"""

2944

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

2945

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

2946

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

2947

2948

cadesc = cacert.get_subject()

2949

sedesc = secert.get_subject()

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

2950

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2951

def set_replaces_add_ca(ctx):

2952

ctx.add_client_ca(clcert)

2953

ctx.set_client_ca_list([cadesc])

2954

ctx.add_client_ca(secert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2955

return [cadesc, sedesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

2956

self._check_client_ca_list(set_replaces_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

2957

Jean-Paul Calderone

2009-07-05 12:44:41 -0400

[diff] [blame]

2958

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2959

2960

class ConnectionBIOTests(TestCase):

2961

"""

2962

Tests for :py:obj:`Connection.bio_read` and :py:obj:`Connection.bio_write`.

2963

"""

2964

def test_wantReadError(self):

2965

"""

2966

:py:obj:`Connection.bio_read` raises :py:obj:`OpenSSL.SSL.WantReadError`

2967

if there are no bytes available to be read from the BIO.

2968

"""

2969

ctx = Context(TLSv1_METHOD)

2970

conn = Connection(ctx, None)

2971

self.assertRaises(WantReadError, conn.bio_read, 1024)

2972

2973

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

2974

def test_buffer_size(self):

2975

"""

2976

:py:obj:`Connection.bio_read` accepts an integer giving the maximum

2977

number of bytes to read and return.

2978

"""

2979

ctx = Context(TLSv1_METHOD)

2980

conn = Connection(ctx, None)

2981

conn.set_connect_state()

2982

try:

2983

conn.do_handshake()

2984

except WantReadError:

2985

pass

2986

data = conn.bio_read(2)

2987

self.assertEqual(2, len(data))

if not PY3:

def test_buffer_size_long(self):

2992

"""

2993

On Python 2 :py:obj:`Connection.bio_read` accepts values of type

2994

:py:obj:`long` as well as :py:obj:`int`.

2995

"""

2996

ctx = Context(TLSv1_METHOD)

2997

conn = Connection(ctx, None)

2998

conn.set_connect_state()

2999

try:

3000

conn.do_handshake()

3001

except WantReadError:

3002

pass

3003

data = conn.bio_read(long(2))

3004

self.assertEqual(2, len(data))

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3008

Jean-Paul Calderone

31e85a8

2011-03-21 19:13:35 -0400

[diff] [blame]

3009

class InfoConstantTests(TestCase):

3010

"""

3011

Tests for assorted constants exposed for use in info callbacks.

3012

"""

3013

def test_integers(self):

3014

"""

3015

All of the info constants are integers.

3016

3017

This is a very weak test. It would be nice to have one that actually

3018

verifies that as certain info events happen, the value passed to the

3019

info callback matches up with the constant exposed by OpenSSL.SSL.

3020

"""

3021

for const in [

3022

SSL_ST_CONNECT, SSL_ST_ACCEPT, SSL_ST_MASK, SSL_ST_INIT,

3023

SSL_ST_BEFORE, SSL_ST_OK, SSL_ST_RENEGOTIATE,

3024

SSL_CB_LOOP, SSL_CB_EXIT, SSL_CB_READ, SSL_CB_WRITE, SSL_CB_ALERT,

3025

SSL_CB_READ_ALERT, SSL_CB_WRITE_ALERT, SSL_CB_ACCEPT_LOOP,

3026

SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP, SSL_CB_CONNECT_EXIT,

3027

SSL_CB_HANDSHAKE_START, SSL_CB_HANDSHAKE_DONE]:

3028

3029

self.assertTrue(isinstance(const, int))

3030

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

3031

Jean-Paul Calderone