Blame - tests/test_ssl.py - platform/external/python/pyopenssl

2008-03-21 17:04:05 -0400

[diff] [blame]

4

"""

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

5

Unit tests for :mod:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

6

"""

7

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

8

import datetime

Maximilian Hils

2017-02-10 14:56:55 +0100

[diff] [blame]

9

import sys

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

10

import uuid

11

Jean-Paul Calderone

4c1aacd

2014-01-11 08:15:17 -0500

[diff] [blame]

12

from gc import collect, get_referrers

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

13

from errno import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

EAFNOSUPPORT,

ECONNREFUSED,

EINPROGRESS,

EWOULDBLOCK,

EPIPE,

ESHUTDOWN,

)

Jeremy Lainé

1ae7cb6

2018-03-21 14:49:42 +0100

[diff] [blame]

21

from sys import platform, getfilesystemencoding

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

22

from socket import AF_INET, AF_INET6, MSG_PEEK, SHUT_RDWR, error, socket

Jean-Paul Calderone

a65cf6c

2009-07-19 10:26:52 -0400

[diff] [blame]

23

from os import makedirs

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

24

from os.path import join

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

25

from weakref import ref

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

26

from warnings import simplefilter

Jean-Paul Calderone

460cc1f

2009-03-07 11:31:12 -0500

[diff] [blame]

27

Alex Gaynor

963ae03

2019-07-06 17:38:32 -0400

[diff] [blame]

28

import flaky

29

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

30

import pytest

31

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

32

from pretend import raiser

33

Hugo van Kemenade

60827f8

2019-08-30 00:39:35 +0300

[diff] [blame]

34

from six import PY2, text_type

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

35

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

36

from cryptography import x509

37

from cryptography.hazmat.backends import default_backend

38

from cryptography.hazmat.primitives import hashes

39

from cryptography.hazmat.primitives import serialization

40

from cryptography.hazmat.primitives.asymmetric import rsa

41

from cryptography.x509.oid import NameOID

42

43

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

44

from OpenSSL.crypto import TYPE_RSA, FILETYPE_PEM

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

45

from OpenSSL.crypto import PKey, X509, X509Extension, X509Store

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

46

from OpenSSL.crypto import dump_privatekey, load_privatekey

47

from OpenSSL.crypto import dump_certificate, load_certificate

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

48

from OpenSSL.crypto import get_elliptic_curves

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

49

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

50

from OpenSSL.SSL import OPENSSL_VERSION_NUMBER, SSLEAY_VERSION, SSLEAY_CFLAGS

51

from OpenSSL.SSL import SSLEAY_PLATFORM, SSLEAY_DIR, SSLEAY_BUILT_ON

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

52

from OpenSSL.SSL import SENT_SHUTDOWN, RECEIVED_SHUTDOWN

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

53

from OpenSSL.SSL import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

SSLv2_METHOD,

SSLv3_METHOD,

SSLv23_METHOD,

TLSv1_METHOD,

TLSv1_1_METHOD,

TLSv1_2_METHOD,

)

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

61

from OpenSSL.SSL import OP_SINGLE_DH_USE, OP_NO_SSLv2, OP_NO_SSLv3

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

62

from OpenSSL.SSL import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

63

VERIFY_PEER,

64

VERIFY_FAIL_IF_NO_PEER_CERT,

65

VERIFY_CLIENT_ONCE,

66

VERIFY_NONE,

67

)

Jean-Paul Calderone

0222a49

2011-09-08 18:26:03 -0400

[diff] [blame]

68

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

69

from OpenSSL import SSL

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

70

from OpenSSL.SSL import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

SESS_CACHE_OFF,

SESS_CACHE_CLIENT,

SESS_CACHE_SERVER,

SESS_CACHE_BOTH,

SESS_CACHE_NO_AUTO_CLEAR,

76

SESS_CACHE_NO_INTERNAL_LOOKUP,

77

SESS_CACHE_NO_INTERNAL_STORE,

78

SESS_CACHE_NO_INTERNAL,

79

)

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

80

81

from OpenSSL.SSL import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

Error,

SysCallError,

WantReadError,

WantWriteError,

ZeroReturnError,

)

from OpenSSL.SSL import Context, Session, Connection, SSLeay_version

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

89

from OpenSSL.SSL import _make_requires

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

90

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

91

from OpenSSL._util import ffi as _ffi, lib as _lib

Cory Benfield

ba1820d

2015-04-13 17:39:12 -0400

[diff] [blame]

92

Alex Gaynor

d3b5d9b

2016-07-31 10:54:24 -0400

[diff] [blame]

93

from OpenSSL.SSL import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

OP_NO_QUERY_MTU,

OP_COOKIE_EXCHANGE,

OP_NO_TICKET,

OP_NO_COMPRESSION,

MODE_RELEASE_BUFFERS,

99

NO_OVERLAPPING_PROTOCOLS,

100

)

Jean-Paul Calderone

0222a49

2011-09-08 18:26:03 -0400

[diff] [blame]

101

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

102

from OpenSSL.SSL import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

SSL_ST_CONNECT,

SSL_ST_ACCEPT,

SSL_ST_MASK,

SSL_CB_LOOP,

SSL_CB_EXIT,

SSL_CB_READ,

SSL_CB_WRITE,

SSL_CB_ALERT,

SSL_CB_READ_ALERT,

SSL_CB_WRITE_ALERT,

SSL_CB_ACCEPT_LOOP,

SSL_CB_ACCEPT_EXIT,

SSL_CB_CONNECT_LOOP,

SSL_CB_CONNECT_EXIT,

SSL_CB_HANDSHAKE_START,

118

SSL_CB_HANDSHAKE_DONE,

119

)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

120

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

121

try:

122

from OpenSSL.SSL import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

SSL_ST_INIT,

SSL_ST_BEFORE,

SSL_ST_OK,

SSL_ST_RENEGOTIATE,

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

127

)

128

except ImportError:

129

SSL_ST_INIT = SSL_ST_BEFORE = SSL_ST_OK = SSL_ST_RENEGOTIATE = None

130

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

131

from .util import WARNING_TYPE_EXPECTED, NON_ASCII, is_consistent_type

Hynek Schlawack

f0e6685

2015-10-16 20:18:38 +0200

[diff] [blame]

132

from .test_crypto import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

client_cert_pem,

client_key_pem,

server_cert_pem,

server_key_pem,

root_cert_pem,

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame^]

138

root_key_pem,

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

139

)

Hynek Schlawack

f0e6685

2015-10-16 20:18:38 +0200

[diff] [blame]

140

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

141

Alex Gaynor

d0bdd2d

2016-09-10 14:23:46 -0400

[diff] [blame]

142

# openssl dhparam 1024 -out dh-1024.pem (note that 1024 is a small number of

143

# bits to use)

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

144

dhparam = """\

145

-----BEGIN DH PARAMETERS-----

Alex Gaynor

d0bdd2d

2016-09-10 14:23:46 -0400

[diff] [blame]

146

MIGHAoGBALdUMvn+C9MM+y5BWZs11mSeH6HHoEq0UVbzVq7UojC1hbsZUuGukQ3a

147

Qh2/pwqb18BZFykrWB0zv/OkLa0kx4cuUgNrUVq1EFheBiX6YqryJ7t2sO09NQiO

148

V7H54LmltOT/hEh6QWsJqb6BQgH65bswvV/XkYGja8/T0GzvbaVzAgEC

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

149

-----END DH PARAMETERS-----

"""

Hugo van Kemenade

2019-08-30 00:39:35 +0300

[diff] [blame]

153

skip_if_py3 = pytest.mark.skipif(not PY2, reason="Python 2 only")

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

154

155

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

156

def socket_any_family():

157

try:

158

return socket(AF_INET)

159

except error as e:

160

if e.errno == EAFNOSUPPORT:

161

return socket(AF_INET6)

raise

def loopback_address(socket):

166

if socket.family == AF_INET:

167

return "127.0.0.1"

168

else:

169

assert socket.family == AF_INET6

return "::1"

Jean-Paul Calderone

2015-04-12 11:38:49 -0400

[diff] [blame]

173

def join_bytes_or_unicode(prefix, suffix):

174

"""

175

Join two path components of either ``bytes`` or ``unicode``.

176

177

The return type is the same as the type of ``prefix``.

178

"""

179

# If the types are the same, nothing special is necessary.

180

if type(prefix) == type(suffix):

181

return join(prefix, suffix)

182

183

# Otherwise, coerce suffix to the type of prefix.

184

if isinstance(prefix, text_type):

185

return join(prefix, suffix.decode(getfilesystemencoding()))

186

else:

187

return join(prefix, suffix.encode(getfilesystemencoding()))

188

189

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

190

def verify_cb(conn, cert, errnum, depth, ok):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

191

return ok

192

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

193

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

194

def socket_pair():

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

195

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

196

Establish and return a pair of network sockets connected to each other.

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

197

"""

198

# Connect a pair of sockets

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

199

port = socket_any_family()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

200

port.bind(("", 0))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

201

port.listen(1)

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

202

client = socket(port.family)

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

203

client.setblocking(False)

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

204

client.connect_ex((loopback_address(port), port.getsockname()[1]))

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

205

client.setblocking(True)

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

206

server = port.accept()[0]

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

207

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

208

# Let's pass some unencrypted data to make sure our socket connection is

209

# fine. Just one byte, so we don't have to worry about buffers getting

210

# filled up or fragmentation.

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

211

server.send(b"x")

212

assert client.recv(1024) == b"x"

213

client.send(b"y")

214

assert server.recv(1024) == b"y"

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

215

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

216

# Most of our callers want non-blocking sockets, make it easy for them.

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

217

server.setblocking(False)

218

client.setblocking(False)

Jim Shaver

46f2891

2015-05-29 19:32:16 -0400

[diff] [blame]

219

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

220

return (server, client)

221

222

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

223

def handshake(client, server):

224

conns = [client, server]

while conns:

for conn in conns:

try:

conn.do_handshake()

except WantReadError:

pass

else:

conns.remove(conn)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

235

def _create_certificate_chain():

236

"""

237

Construct and return a chain of certificates.

238

239

1. A new self-signed certificate authority certificate (cacert)

240

2. A new intermediate certificate signed by cacert (icert)

241

3. A new server certificate signed by icert (scert)

242

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

243

caext = X509Extension(b"basicConstraints", False, b"CA:true")

244

not_after_date = datetime.date.today() + datetime.timedelta(days=365)

Alex Gaynor

2020-01-12 11:59:49 -0600

[diff] [blame]

245

not_after = not_after_date.strftime("%Y%m%d%H%M%SZ").encode("ascii")

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

246

247

# Step 1

248

cakey = PKey()

Alex Gaynor

8cd336e

2020-08-03 10:36:32 -0400

[diff] [blame]

249

cakey.generate_key(TYPE_RSA, 2048)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

250

cacert = X509()

David Benjamin

6b79947

2020-06-24 17:14:16 -0400

[diff] [blame]

251

cacert.set_version(2)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

252

cacert.get_subject().commonName = "Authority Certificate"

253

cacert.set_issuer(cacert.get_subject())

254

cacert.set_pubkey(cakey)

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

255

cacert.set_notBefore(b"20000101000000Z")

Alex Gaynor

2020-01-12 11:59:49 -0600

[diff] [blame]

256

cacert.set_notAfter(not_after)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

257

cacert.add_extensions([caext])

258

cacert.set_serial_number(0)

259

cacert.sign(cakey, "sha1")

260

261

# Step 2

262

ikey = PKey()

Alex Gaynor

8cd336e

2020-08-03 10:36:32 -0400

[diff] [blame]

263

ikey.generate_key(TYPE_RSA, 2048)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

264

icert = X509()

David Benjamin

6b79947

2020-06-24 17:14:16 -0400

[diff] [blame]

265

icert.set_version(2)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

266

icert.get_subject().commonName = "Intermediate Certificate"

267

icert.set_issuer(cacert.get_subject())

268

icert.set_pubkey(ikey)

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

269

icert.set_notBefore(b"20000101000000Z")

Alex Gaynor

2020-01-12 11:59:49 -0600

[diff] [blame]

270

icert.set_notAfter(not_after)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

271

icert.add_extensions([caext])

272

icert.set_serial_number(0)

273

icert.sign(cakey, "sha1")

274

275

# Step 3

276

skey = PKey()

Alex Gaynor

8cd336e

2020-08-03 10:36:32 -0400

[diff] [blame]

277

skey.generate_key(TYPE_RSA, 2048)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

278

scert = X509()

David Benjamin

6b79947

2020-06-24 17:14:16 -0400

[diff] [blame]

279

scert.set_version(2)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

280

scert.get_subject().commonName = "Server Certificate"

281

scert.set_issuer(icert.get_subject())

282

scert.set_pubkey(skey)

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

283

scert.set_notBefore(b"20000101000000Z")

Alex Gaynor

2020-01-12 11:59:49 -0600

[diff] [blame]

284

scert.set_notAfter(not_after)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

285

scert.add_extensions(

286

[X509Extension(b"basicConstraints", True, b"CA:false")]

287

)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

288

scert.set_serial_number(0)

289

scert.sign(ikey, "sha1")

290

291

return [(cakey, cacert), (ikey, icert), (skey, scert)]

292

293

Paul Kehrer

2019-01-21 12:24:02 -0600

[diff] [blame]

294

def loopback_client_factory(socket, version=SSLv23_METHOD):

295

client = Connection(Context(version), socket)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

296

client.set_connect_state()

return client

Paul Kehrer

2019-01-21 12:24:02 -0600

[diff] [blame]

300

def loopback_server_factory(socket, version=SSLv23_METHOD):

301

ctx = Context(version)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

302

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

303

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

304

server = Connection(ctx, socket)

305

server.set_accept_state()

return server

def loopback(server_factory=None, client_factory=None):

310

"""

311

Create a connected socket pair and force two connected SSL sockets

312

to talk to each other via memory BIOs.

313

"""

314

if server_factory is None:

315

server_factory = loopback_server_factory

316

if client_factory is None:

317

client_factory = loopback_client_factory

318

319

(server, client) = socket_pair()

320

server = server_factory(server)

321

client = client_factory(client)

322

323

handshake(client, server)

324

325

server.setblocking(True)

326

client.setblocking(True)

327

return server, client

328

329

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

330

def interact_in_memory(client_conn, server_conn):

331

"""

332

Try to read application bytes from each of the two `Connection` objects.

333

Copy bytes back and forth between their send/receive buffers for as long

334

as there is anything to copy. When there is nothing more to copy,

335

return `None`. If one of them actually manages to deliver some application

336

bytes, return a two-tuple of the connection from which the bytes were read

337

and the bytes themselves.

"""

wrote = True

while wrote:

# Loop until neither side has anything to say

342

wrote = False

343

344

# Copy stuff from each side's send buffer to the other side's

345

# receive buffer.

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

346

for (read, write) in [

347

(client_conn, server_conn),

348

(server_conn, client_conn),

349

]:

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

350

351

# Give the side a chance to generate some more bytes, or succeed.

352

try:

353

data = read.recv(2 ** 16)

354

except WantReadError:

355

# It didn't succeed, so we'll hope it generated some output.

356

pass

357

else:

358

# It did succeed, so we'll stop now and let the caller deal

# with it.

return (read, data)

while True:

# Keep copying as long as there's more stuff there.

364

try:

365

dirty = read.bio_read(4096)

366

except WantReadError:

367

# Okay, nothing more waiting to be sent. Stop

368

# processing this send buffer.

369

break

370

else:

371

# Keep track of the fact that someone generated some

372

# output.

373

wrote = True

374

write.bio_write(dirty)

375

376

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

377

def handshake_in_memory(client_conn, server_conn):

378

"""

379

Perform the TLS handshake between two `Connection` instances connected to

380

each other via memory BIOs.

381

"""

382

client_conn.set_connect_state()

383

server_conn.set_accept_state()

384

385

for conn in [client_conn, server_conn]:

386

try:

387

conn.do_handshake()

388

except WantReadError:

389

pass

390

391

interact_in_memory(client_conn, server_conn)

392

393

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

394

class TestVersion(object):

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

395

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

396

Tests for version information exposed by `OpenSSL.SSL.SSLeay_version` and

397

`OpenSSL.SSL.OPENSSL_VERSION_NUMBER`.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

398

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

399

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

400

def test_OPENSSL_VERSION_NUMBER(self):

401

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

402

`OPENSSL_VERSION_NUMBER` is an integer with status in the low byte and

403

the patch, fix, minor, and major versions in the nibbles above that.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

404

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

405

assert isinstance(OPENSSL_VERSION_NUMBER, int)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

406

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

407

def test_SSLeay_version(self):

408

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

409

`SSLeay_version` takes a version type indicator and returns one of a

410

number of version strings based on that indicator.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

411

"""

412

versions = {}

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

for t in [

SSLEAY_VERSION,

SSLEAY_CFLAGS,

SSLEAY_BUILT_ON,

SSLEAY_PLATFORM,

SSLEAY_DIR,

]:

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

420

version = SSLeay_version(t)

421

versions[version] = t

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

422

assert isinstance(version, bytes)

423

assert len(versions) == 5

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

424

425

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

426

@pytest.fixture

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

427

def ca_file(tmpdir):

428

"""

429

Create a valid PEM file with CA certificates and return the path.

430

"""

431

key = rsa.generate_private_key(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

432

public_exponent=65537, key_size=2048, backend=default_backend()

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

433

)

434

public_key = key.public_key()

435

436

builder = x509.CertificateBuilder()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

437

builder = builder.subject_name(

438

x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u"pyopenssl.org")])

439

)

440

builder = builder.issuer_name(

441

x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u"pyopenssl.org")])

442

)

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

443

one_day = datetime.timedelta(1, 0, 0)

444

builder = builder.not_valid_before(datetime.datetime.today() - one_day)

445

builder = builder.not_valid_after(datetime.datetime.today() + one_day)

446

builder = builder.serial_number(int(uuid.uuid4()))

447

builder = builder.public_key(public_key)

448

builder = builder.add_extension(

449

x509.BasicConstraints(ca=True, path_length=None), critical=True,

450

)

451

452

certificate = builder.sign(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

453

private_key=key, algorithm=hashes.SHA256(), backend=default_backend()

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

454

)

455

456

ca_file = tmpdir.join("test.pem")

457

ca_file.write_binary(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

458

certificate.public_bytes(encoding=serialization.Encoding.PEM,)

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

459

)

460

461

return str(ca_file).encode("ascii")

462

463

464

@pytest.fixture

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

465

def context():

466

"""

467

A simple TLS 1.0 context.

468

"""

469

return Context(TLSv1_METHOD)

470

471

472

class TestContext(object):

Hynek Schlawack

aa86121

2016-03-13 13:53:48 +0100

[diff] [blame]

473

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

474

Unit tests for `OpenSSL.SSL.Context`.

Hynek Schlawack

aa86121

2016-03-13 13:53:48 +0100

[diff] [blame]

475

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

476

477

@pytest.mark.parametrize(

478

"cipher_string",

479

[b"hello world:AES128-SHA", u"hello world:AES128-SHA"],

480

)

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

481

def test_set_cipher_list(self, context, cipher_string):

482

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

483

`Context.set_cipher_list` accepts both byte and unicode strings

Hynek Schlawack

a7a63af

2016-03-11 12:05:26 +0100

[diff] [blame]

484

for naming the ciphers which connections created with the context

485

object will be able to choose from.

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

486

"""

487

context.set_cipher_list(cipher_string)

488

conn = Connection(context, None)

489

490

assert "AES128-SHA" in conn.get_cipher_list()

491

Mark Williams

2019-02-14 19:30:07 -0800

[diff] [blame]

492

def test_set_cipher_list_wrong_type(self, context):

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

493

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

494

`Context.set_cipher_list` raises `TypeError` when passed a non-string

Mark Williams

2019-02-14 19:30:07 -0800

[diff] [blame]

495

argument.

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

496

"""

Mark Williams

2019-02-14 19:30:07 -0800

[diff] [blame]

497

with pytest.raises(TypeError):

498

context.set_cipher_list(object())

499

Alex Gaynor

963ae03

2019-07-06 17:38:32 -0400

[diff] [blame]

500

@flaky.flaky

Mark Williams

2019-02-14 19:30:07 -0800

[diff] [blame]

501

def test_set_cipher_list_no_cipher_match(self, context):

502

"""

503

`Context.set_cipher_list` raises `OpenSSL.SSL.Error` with a

504

`"no cipher match"` reason string regardless of the TLS

505

version.

506

"""

507

with pytest.raises(Error) as excinfo:

508

context.set_cipher_list(b"imaginary-cipher")

509

assert excinfo.value.args == (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

510

[("SSL routines", "SSL_CTX_set_cipher_list", "no cipher match",)],

511

)

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

512

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

513

def test_load_client_ca(self, context, ca_file):

514

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

515

`Context.load_client_ca` works as far as we can tell.

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

516

"""

517

context.load_client_ca(ca_file)

518

519

def test_load_client_ca_invalid(self, context, tmpdir):

520

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

521

`Context.load_client_ca` raises an Error if the ca file is invalid.

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

522

"""

523

ca_file = tmpdir.join("test.pem")

524

ca_file.write("")

525

526

with pytest.raises(Error) as e:

527

context.load_client_ca(str(ca_file).encode("ascii"))

528

529

assert "PEM routines" == e.value.args[0][0][0]

530

531

def test_load_client_ca_unicode(self, context, ca_file):

532

"""

533

Passing the path as unicode raises a warning but works.

534

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

535

pytest.deprecated_call(context.load_client_ca, ca_file.decode("ascii"))

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

536

537

def test_set_session_id(self, context):

538

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

539

`Context.set_session_id` works as far as we can tell.

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

540

"""

541

context.set_session_id(b"abc")

542

543

def test_set_session_id_fail(self, context):

544

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

545

`Context.set_session_id` errors are propagated.

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

546

"""

547

with pytest.raises(Error) as e:

548

context.set_session_id(b"abc" * 1000)

549

550

assert [

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

551

(

552

"SSL routines",

553

"SSL_CTX_set_session_id_context",

554

"ssl session id context too long",

555

)

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

556

] == e.value.args[0]

557

558

def test_set_session_id_unicode(self, context):

559

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

560

`Context.set_session_id` raises a warning if a unicode string is

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

561

passed.

562

"""

563

pytest.deprecated_call(context.set_session_id, u"abc")

564

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

565

def test_method(self):

566

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

567

`Context` can be instantiated with one of `SSLv2_METHOD`,

568

`SSLv3_METHOD`, `SSLv23_METHOD`, `TLSv1_METHOD`, `TLSv1_1_METHOD`,

569

or `TLSv1_2_METHOD`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

570

"""

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

571

methods = [SSLv23_METHOD, TLSv1_METHOD]

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

572

for meth in methods:

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

573

Context(meth)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

574

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

575

maybe = [SSLv2_METHOD, SSLv3_METHOD, TLSv1_1_METHOD, TLSv1_2_METHOD]

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

for meth in maybe:

try:

Context(meth)

except (Error, ValueError):

580

# Some versions of OpenSSL have SSLv2 / TLSv1.1 / TLSv1.2, some

581

# don't. Difficult to say in advance.

582

pass

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

583

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

584

with pytest.raises(TypeError):

585

Context("")

586

with pytest.raises(ValueError):

587

Context(10)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

588

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

589

def test_type(self):

590

"""

Alex Gaynor

01f90a1

2019-02-07 09:14:48 -0500

[diff] [blame]

591

`Context` can be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

592

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

593

assert is_consistent_type(Context, "Context", TLSv1_METHOD)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

594

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

595

def test_use_privatekey(self):

596

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

597

`Context.use_privatekey` takes an `OpenSSL.crypto.PKey` instance.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

598

"""

599

key = PKey()

Paul Kehrer

2020-08-03 15:54:20 -0500

[diff] [blame]

600

key.generate_key(TYPE_RSA, 1024)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

601

ctx = Context(TLSv1_METHOD)

602

ctx.use_privatekey(key)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

603

with pytest.raises(TypeError):

604

ctx.use_privatekey("")

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

605

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

606

def test_use_privatekey_file_missing(self, tmpfile):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

607

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

608

`Context.use_privatekey_file` raises `OpenSSL.SSL.Error` when passed

609

the name of a file which does not exist.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

610

"""

611

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

612

with pytest.raises(Error):

613

ctx.use_privatekey_file(tmpfile)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

614

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

615

def _use_privatekey_file_test(self, pemfile, filetype):

616

"""

617

Verify that calling ``Context.use_privatekey_file`` with the given

618

arguments does not raise an exception.

619

"""

620

key = PKey()

Paul Kehrer

2020-08-03 15:54:20 -0500

[diff] [blame]

621

key.generate_key(TYPE_RSA, 1024)

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

622

623

with open(pemfile, "wt") as pem:

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

624

pem.write(dump_privatekey(FILETYPE_PEM, key).decode("ascii"))

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

625

626

ctx = Context(TLSv1_METHOD)

627

ctx.use_privatekey_file(pemfile, filetype)

628

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

629

@pytest.mark.parametrize("filetype", [object(), "", None, 1.0])

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

630

def test_wrong_privatekey_file_wrong_args(self, tmpfile, filetype):

631

"""

632

`Context.use_privatekey_file` raises `TypeError` when called with

633

a `filetype` which is not a valid file encoding.

634

"""

635

ctx = Context(TLSv1_METHOD)

636

with pytest.raises(TypeError):

637

ctx.use_privatekey_file(tmpfile, filetype)

638

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

639

def test_use_privatekey_file_bytes(self, tmpfile):

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

640

"""

641

A private key can be specified from a file by passing a ``bytes``

642

instance giving the file name to ``Context.use_privatekey_file``.

643

"""

644

self._use_privatekey_file_test(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

645

tmpfile + NON_ASCII.encode(getfilesystemencoding()), FILETYPE_PEM,

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

646

)

647

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

648

def test_use_privatekey_file_unicode(self, tmpfile):

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

649

"""

650

A private key can be specified from a file by passing a ``unicode``

651

instance giving the file name to ``Context.use_privatekey_file``.

652

"""

653

self._use_privatekey_file_test(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

654

tmpfile.decode(getfilesystemencoding()) + NON_ASCII, FILETYPE_PEM,

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

655

)

656

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

657

def test_use_certificate_wrong_args(self):

658

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

659

`Context.use_certificate_wrong_args` raises `TypeError` when not passed

660

exactly one `OpenSSL.crypto.X509` instance as an argument.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

661

"""

662

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

663

with pytest.raises(TypeError):

664

ctx.use_certificate("hello, world")

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

665

666

def test_use_certificate_uninitialized(self):

667

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

668

`Context.use_certificate` raises `OpenSSL.SSL.Error` when passed a

669

`OpenSSL.crypto.X509` instance which has not been initialized

670

(ie, which does not actually have any certificate data).

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

671

"""

672

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

673

with pytest.raises(Error):

674

ctx.use_certificate(X509())

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

675

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

676

def test_use_certificate(self):

677

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

678

`Context.use_certificate` sets the certificate which will be

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

679

used to identify connections created using the context.

680

"""

681

# TODO

682

# Hard to assert anything. But we could set a privatekey then ask

683

# OpenSSL if the cert and key agree using check_privatekey. Then as

684

# long as check_privatekey works right we're good...

685

ctx = Context(TLSv1_METHOD)

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame^]

686

ctx.use_certificate(load_certificate(FILETYPE_PEM, root_cert_pem))

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

687

688

def test_use_certificate_file_wrong_args(self):

689

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

690

`Context.use_certificate_file` raises `TypeError` if the first

691

argument is not a byte string or the second argument is not an integer.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

692

"""

693

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

694

with pytest.raises(TypeError):

695

ctx.use_certificate_file(object(), FILETYPE_PEM)

696

with pytest.raises(TypeError):

697

ctx.use_certificate_file(b"somefile", object())

698

with pytest.raises(TypeError):

699

ctx.use_certificate_file(object(), FILETYPE_PEM)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

700

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

701

def test_use_certificate_file_missing(self, tmpfile):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

702

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

703

`Context.use_certificate_file` raises `OpenSSL.SSL.Error` if passed

704

the name of a file which does not exist.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

705

"""

706

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

707

with pytest.raises(Error):

708

ctx.use_certificate_file(tmpfile)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

709

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

710

def _use_certificate_file_test(self, certificate_file):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

711

"""

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

712

Verify that calling ``Context.use_certificate_file`` with the given

713

filename doesn't raise an exception.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

714

"""

715

# TODO

716

# Hard to assert anything. But we could set a privatekey then ask

717

# OpenSSL if the cert and key agree using check_privatekey. Then as

718

# long as check_privatekey works right we're good...

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

719

with open(certificate_file, "wb") as pem_file:

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame^]

720

pem_file.write(root_cert_pem)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

721

722

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

723

ctx.use_certificate_file(certificate_file)

724

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

725

def test_use_certificate_file_bytes(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

726

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

727

`Context.use_certificate_file` sets the certificate (given as a

728

`bytes` filename) which will be used to identify connections created

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

729

using the context.

730

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

731

filename = tmpfile + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

732

self._use_certificate_file_test(filename)

733

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

734

def test_use_certificate_file_unicode(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

735

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

736

`Context.use_certificate_file` sets the certificate (given as a

737

`bytes` filename) which will be used to identify connections created

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

738

using the context.

739

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

740

filename = tmpfile.decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

741

self._use_certificate_file_test(filename)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

742

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

743

def test_check_privatekey_valid(self):

744

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

745

`Context.check_privatekey` returns `None` if the `Context` instance

746

has been configured to use a matched key and certificate pair.

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

747

"""

748

key = load_privatekey(FILETYPE_PEM, client_key_pem)

749

cert = load_certificate(FILETYPE_PEM, client_cert_pem)

750

context = Context(TLSv1_METHOD)

751

context.use_privatekey(key)

752

context.use_certificate(cert)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

753

assert None is context.check_privatekey()

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

754

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

755

def test_check_privatekey_invalid(self):

756

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

757

`Context.check_privatekey` raises `Error` if the `Context` instance

758

has been configured to use a key and certificate pair which don't

759

relate to each other.

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

760

"""

761

key = load_privatekey(FILETYPE_PEM, client_key_pem)

762

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

763

context = Context(TLSv1_METHOD)

764

context.use_privatekey(key)

765

context.use_certificate(cert)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

766

with pytest.raises(Error):

767

context.check_privatekey()

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

768

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

769

def test_app_data(self):

770

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

771

`Context.set_app_data` stores an object for later retrieval

772

using `Context.get_app_data`.

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

773

"""

774

app_data = object()

775

context = Context(TLSv1_METHOD)

776

context.set_app_data(app_data)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

777

assert context.get_app_data() is app_data

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

778

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

779

def test_set_options_wrong_args(self):

780

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

781

`Context.set_options` raises `TypeError` if called with

782

a non-`int` argument.

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

783

"""

784

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

785

with pytest.raises(TypeError):

786

context.set_options(None)

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

787

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

788

def test_set_options(self):

789

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

790

`Context.set_options` returns the new options value.

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

791

"""

792

context = Context(TLSv1_METHOD)

793

options = context.set_options(OP_NO_SSLv2)

Alex Gaynor

2310f8b

2016-09-10 14:39:32 -0400

[diff] [blame]

794

assert options & OP_NO_SSLv2 == OP_NO_SSLv2

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

795

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

796

def test_set_mode_wrong_args(self):

797

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

798

`Context.set_mode` raises `TypeError` if called with

799

a non-`int` argument.

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

800

"""

801

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

802

with pytest.raises(TypeError):

803

context.set_mode(None)

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

804

Alex Gaynor

d3b5d9b

2016-07-31 10:54:24 -0400

[diff] [blame]

805

def test_set_mode(self):

806

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

807

`Context.set_mode` accepts a mode bitvector and returns the

Alex Gaynor

d3b5d9b

2016-07-31 10:54:24 -0400

[diff] [blame]

808

newly set mode.

809

"""

810

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

811

assert MODE_RELEASE_BUFFERS & context.set_mode(MODE_RELEASE_BUFFERS)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

812

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

813

def test_set_timeout_wrong_args(self):

814

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

815

`Context.set_timeout` raises `TypeError` if called with

816

a non-`int` argument.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

817

"""

818

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

819

with pytest.raises(TypeError):

820

context.set_timeout(None)

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

821

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

822

def test_timeout(self):

823

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

824

`Context.set_timeout` sets the session timeout for all connections

825

created using the context object. `Context.get_timeout` retrieves

826

this value.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

827

"""

828

context = Context(TLSv1_METHOD)

829

context.set_timeout(1234)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

830

assert context.get_timeout() == 1234

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

831

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

832

def test_set_verify_depth_wrong_args(self):

833

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

834

`Context.set_verify_depth` raises `TypeError` if called with a

835

non-`int` argument.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

836

"""

837

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

838

with pytest.raises(TypeError):

839

context.set_verify_depth(None)

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

840

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

841

def test_verify_depth(self):

842

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

843

`Context.set_verify_depth` sets the number of certificates in

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

844

a chain to follow before giving up. The value can be retrieved with

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

845

`Context.get_verify_depth`.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

846

"""

847

context = Context(TLSv1_METHOD)

848

context.set_verify_depth(11)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

849

assert context.get_verify_depth() == 11

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

850

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

851

def _write_encrypted_pem(self, passphrase, tmpfile):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

852

"""

853

Write a new private key out to a new file, encrypted using the given

854

passphrase. Return the path to the new file.

855

"""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

856

key = PKey()

Paul Kehrer

2020-08-03 15:54:20 -0500

[diff] [blame]

857

key.generate_key(TYPE_RSA, 1024)

Jean-Paul Calderone

a986883

2010-08-22 21:38:34 -0400

[diff] [blame]

858

pem = dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

859

with open(tmpfile, "w") as fObj:

860

fObj.write(pem.decode("ascii"))

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

861

return tmpfile

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

862

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

863

def test_set_passwd_cb_wrong_args(self):

864

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

865

`Context.set_passwd_cb` raises `TypeError` if called with a

866

non-callable first argument.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

867

"""

868

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

869

with pytest.raises(TypeError):

870

context.set_passwd_cb(None)

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

871

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

872

def test_set_passwd_cb(self, tmpfile):

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

873

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

874

`Context.set_passwd_cb` accepts a callable which will be invoked when

875

a private key is loaded from an encrypted PEM.

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

876

"""

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

877

passphrase = b"foobar"

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

878

pemFile = self._write_encrypted_pem(passphrase, tmpfile)

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

879

calledWith = []

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

880

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

881

def passphraseCallback(maxlen, verify, extra):

882

calledWith.append((maxlen, verify, extra))

883

return passphrase

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

884

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

885

context = Context(TLSv1_METHOD)

886

context.set_passwd_cb(passphraseCallback)

887

context.use_privatekey_file(pemFile)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

888

assert len(calledWith) == 1

889

assert isinstance(calledWith[0][0], int)

890

assert isinstance(calledWith[0][1], int)

891

assert calledWith[0][2] is None

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

892

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

893

def test_passwd_callback_exception(self, tmpfile):

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

894

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

895

`Context.use_privatekey_file` propagates any exception raised

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

896

by the passphrase callback.

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

897

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

898

pemFile = self._write_encrypted_pem(b"monkeys are nice", tmpfile)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

899

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

900

def passphraseCallback(maxlen, verify, extra):

901

raise RuntimeError("Sorry, I am a fail.")

902

903

context = Context(TLSv1_METHOD)

904

context.set_passwd_cb(passphraseCallback)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

905

with pytest.raises(RuntimeError):

906

context.use_privatekey_file(pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

907

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

908

def test_passwd_callback_false(self, tmpfile):

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

909

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

910

`Context.use_privatekey_file` raises `OpenSSL.SSL.Error` if the

911

passphrase callback returns a false value.

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

912

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

913

pemFile = self._write_encrypted_pem(b"monkeys are nice", tmpfile)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

914

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

915

def passphraseCallback(maxlen, verify, extra):

Jean-Paul Calderone

4f0467a

2014-01-11 11:58:41 -0500

[diff] [blame]

916

return b""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

917

918

context = Context(TLSv1_METHOD)

919

context.set_passwd_cb(passphraseCallback)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

920

with pytest.raises(Error):

921

context.use_privatekey_file(pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

922

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

923

def test_passwd_callback_non_string(self, tmpfile):

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

924

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

925

`Context.use_privatekey_file` raises `OpenSSL.SSL.Error` if the

926

passphrase callback returns a true non-string value.

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

927

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

928

pemFile = self._write_encrypted_pem(b"monkeys are nice", tmpfile)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

929

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

930

def passphraseCallback(maxlen, verify, extra):

931

return 10

932

933

context = Context(TLSv1_METHOD)

934

context.set_passwd_cb(passphraseCallback)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

935

# TODO: Surely this is the wrong error?

936

with pytest.raises(ValueError):

937

context.use_privatekey_file(pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

938

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

939

def test_passwd_callback_too_long(self, tmpfile):

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

940

"""

941

If the passphrase returned by the passphrase callback returns a string

942

longer than the indicated maximum length, it is truncated.

943

"""

944

# A priori knowledge!

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

945

passphrase = b"x" * 1024

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

946

pemFile = self._write_encrypted_pem(passphrase, tmpfile)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

947

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

948

def passphraseCallback(maxlen, verify, extra):

949

assert maxlen == 1024

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

950

return passphrase + b"y"

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

951

952

context = Context(TLSv1_METHOD)

953

context.set_passwd_cb(passphraseCallback)

954

# This shall succeed because the truncated result is the correct

955

# passphrase.

956

context.use_privatekey_file(pemFile)

957

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

958

def test_set_info_callback(self):

959

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

960

`Context.set_info_callback` accepts a callable which will be

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

961

invoked when certain information about an SSL connection is available.

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

962

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

963

(server, client) = socket_pair()

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

964

965

clientSSL = Connection(Context(TLSv1_METHOD), client)

966

clientSSL.set_connect_state()

967

968

called = []

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

969

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

970

def info(conn, where, ret):

971

called.append((conn, where, ret))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

972

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

973

context = Context(TLSv1_METHOD)

974

context.set_info_callback(info)

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame^]

975

context.use_certificate(load_certificate(FILETYPE_PEM, root_cert_pem))

976

context.use_privatekey(load_privatekey(FILETYPE_PEM, root_key_pem))

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

977

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

978

serverSSL = Connection(context, server)

979

serverSSL.set_accept_state()

980

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

981

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

982

Jean-Paul Calderone

3835e52

2014-02-02 11:12:30 -0500

[diff] [blame]

983

# The callback must always be called with a Connection instance as the

984

# first argument. It would probably be better to split this into

985

# separate tests for client and server side info callbacks so we could

986

# assert it is called with the right Connection instance. It would

987

# also be good to assert *something* about `where` and `ret`.

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

988

notConnections = [

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

989

conn

990

for (conn, where, ret) in called

991

if not isinstance(conn, Connection)

]

assert (

[] == notConnections

), "Some info callback arguments were not Connection instances."

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

996

Maximilian Hils

b2bca41

2020-07-28 16:31:22 +0200

[diff] [blame]

997

@pytest.mark.skipif(

998

not getattr(_lib, "Cryptography_HAS_KEYLOG", None),

999

reason="SSL_CTX_set_keylog_callback unavailable",

1000

)

1001

def test_set_keylog_callback(self):

1002

"""

1003

`Context.set_keylog_callback` accepts a callable which will be

1004

invoked when key material is generated or received.

"""

called = []

def keylog(conn, line):

1009

called.append((conn, line))

1010

1011

server_context = Context(TLSv1_METHOD)

1012

server_context.set_keylog_callback(keylog)

1013

server_context.use_certificate(

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame^]

1014

load_certificate(FILETYPE_PEM, root_cert_pem)

Maximilian Hils

b2bca41

2020-07-28 16:31:22 +0200

[diff] [blame]

1015

)

1016

server_context.use_privatekey(

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame^]

1017

load_privatekey(FILETYPE_PEM, root_key_pem)

Maximilian Hils

b2bca41

2020-07-28 16:31:22 +0200

[diff] [blame]

1018

)

1019

1020

client_context = Context(TLSv1_METHOD)

1021

1022

self._handshake_test(server_context, client_context)

1023

1024

assert called

1025

assert all(isinstance(conn, Connection) for conn, line in called)

1026

assert all(b"CLIENT_RANDOM" in line for conn, line in called)

1027

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1028

def _load_verify_locations_test(self, *args):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

1029

"""

1030

Create a client context which will verify the peer certificate and call

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1031

its `load_verify_locations` method with the given arguments.

Jean-Paul Calderone

64efa2c

2011-09-11 10:00:09 -0400

[diff] [blame]

1032

Then connect it to a server and ensure that the handshake succeeds.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

1033

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

1034

(server, client) = socket_pair()

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1035

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1036

clientContext = Context(TLSv1_METHOD)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1037

clientContext.load_verify_locations(*args)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1038

# Require that the server certificate verify properly or the

1039

# connection will fail.

1040

clientContext.set_verify(

1041

VERIFY_PEER,

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1042

lambda conn, cert, errno, depth, preverify_ok: preverify_ok,

1043

)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1044

1045

clientSSL = Connection(clientContext, client)

1046

clientSSL.set_connect_state()

1047

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1048

serverContext = Context(TLSv1_METHOD)

1049

serverContext.use_certificate(

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame^]

1050

load_certificate(FILETYPE_PEM, root_cert_pem)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1051

)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1052

serverContext.use_privatekey(

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame^]

1053

load_privatekey(FILETYPE_PEM, root_key_pem)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1054

)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1055

1056

serverSSL = Connection(serverContext, server)

1057

serverSSL.set_accept_state()

1058

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

1059

# Without load_verify_locations above, the handshake

1060

# will fail:

1061

# Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',

1062

# 'certificate verify failed')]

1063

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1064

1065

cert = clientSSL.get_peer_certificate()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1066

assert cert.get_subject().CN == "Testing Root CA"

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

1067

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1068

def _load_verify_cafile(self, cafile):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1069

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1070

Verify that if path to a file containing a certificate is passed to

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1071

`Context.load_verify_locations` for the ``cafile`` parameter, that

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1072

certificate is used as a trust root for the purposes of verifying

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1073

connections created using that `Context`.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1074

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1075

with open(cafile, "w") as fObj:

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame^]

1076

fObj.write(root_cert_pem.decode("ascii"))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1077

1078

self._load_verify_locations_test(cafile)

1079

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1080

def test_load_verify_bytes_cafile(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1081

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1082

`Context.load_verify_locations` accepts a file name as a `bytes`

1083

instance and uses the certificates within for verification purposes.

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1084

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1085

cafile = tmpfile + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1086

self._load_verify_cafile(cafile)

1087

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1088

def test_load_verify_unicode_cafile(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1089

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1090

`Context.load_verify_locations` accepts a file name as a `unicode`

1091

instance and uses the certificates within for verification purposes.

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1092

"""

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1093

self._load_verify_cafile(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1094

tmpfile.decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1095

)

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1096

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1097

def test_load_verify_invalid_file(self, tmpfile):

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

1098

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1099

`Context.load_verify_locations` raises `Error` when passed a

1100

non-existent cafile.

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

1101

"""

1102

clientContext = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1103

with pytest.raises(Error):

1104

clientContext.load_verify_locations(tmpfile)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1105

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1106

def _load_verify_directory_locations_capath(self, capath):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1107

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1108

Verify that if path to a directory containing certificate files is

1109

passed to ``Context.load_verify_locations`` for the ``capath``

1110

parameter, those certificates are used as trust roots for the purposes

1111

of verifying connections created using that ``Context``.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1112

"""

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1113

makedirs(capath)

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

1114

# Hash values computed manually with c_rehash to avoid depending on

1115

# c_rehash in the test suite. One is from OpenSSL 0.9.8, the other

1116

# from OpenSSL 1.0.0.

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1117

for name in [b"c7adac82.0", b"c3705638.0"]:

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

1118

cafile = join_bytes_or_unicode(capath, name)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1119

with open(cafile, "w") as fObj:

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame^]

1120

fObj.write(root_cert_pem.decode("ascii"))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1121

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1122

self._load_verify_locations_test(None, capath)

1123

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1124

def test_load_verify_directory_bytes_capath(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1125

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1126

`Context.load_verify_locations` accepts a directory name as a `bytes`

1127

instance and uses the certificates within for verification purposes.

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1128

"""

1129

self._load_verify_directory_locations_capath(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1130

tmpfile + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1131

)

1132

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1133

def test_load_verify_directory_unicode_capath(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1134

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1135

`Context.load_verify_locations` accepts a directory name as a `unicode`

1136

instance and uses the certificates within for verification purposes.

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1137

"""

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1138

self._load_verify_directory_locations_capath(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1139

tmpfile.decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1140

)

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1141

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1142

def test_load_verify_locations_wrong_args(self):

1143

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1144

`Context.load_verify_locations` raises `TypeError` if with non-`str`

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

1145

arguments.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1146

"""

1147

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1148

with pytest.raises(TypeError):

1149

context.load_verify_locations(object())

1150

with pytest.raises(TypeError):

1151

context.load_verify_locations(object(), object())

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1152

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1153

@pytest.mark.skipif(

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1154

not platform.startswith("linux"),

1155

reason="Loading fallback paths is a linux-specific behavior to "

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1156

"accommodate pyca/cryptography manylinux1 wheels",

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1157

)

1158

def test_fallback_default_verify_paths(self, monkeypatch):

1159

"""

1160

Test that we load certificates successfully on linux from the fallback

1161

path. To do this we set the _CRYPTOGRAPHY_MANYLINUX1_CA_FILE and

1162

_CRYPTOGRAPHY_MANYLINUX1_CA_DIR vars to be equal to whatever the

1163

current OpenSSL default is and we disable

1164

SSL_CTX_SET_default_verify_paths so that it can't find certs unless

1165

it loads via fallback.

1166

"""

1167

context = Context(TLSv1_METHOD)

1168

monkeypatch.setattr(

1169

_lib, "SSL_CTX_set_default_verify_paths", lambda x: 1

)

monkeypatch.setattr(

SSL,

"_CRYPTOGRAPHY_MANYLINUX1_CA_FILE",

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1174

_ffi.string(_lib.X509_get_default_cert_file()),

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

)

monkeypatch.setattr(

SSL,

"_CRYPTOGRAPHY_MANYLINUX1_CA_DIR",

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1179

_ffi.string(_lib.X509_get_default_cert_dir()),

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1180

)

1181

context.set_default_verify_paths()

1182

store = context.get_cert_store()

1183

sk_obj = _lib.X509_STORE_get0_objects(store._store)

1184

assert sk_obj != _ffi.NULL

1185

num = _lib.sk_X509_OBJECT_num(sk_obj)

1186

assert num != 0

1187

1188

def test_check_env_vars(self, monkeypatch):

1189

"""

1190

Test that we return True/False appropriately if the env vars are set.

1191

"""

1192

context = Context(TLSv1_METHOD)

1193

dir_var = "CUSTOM_DIR_VAR"

1194

file_var = "CUSTOM_FILE_VAR"

1195

assert context._check_env_vars_set(dir_var, file_var) is False

1196

monkeypatch.setenv(dir_var, "value")

1197

monkeypatch.setenv(file_var, "value")

1198

assert context._check_env_vars_set(dir_var, file_var) is True

1199

assert context._check_env_vars_set(dir_var, file_var) is True

1200

1201

def test_verify_no_fallback_if_env_vars_set(self, monkeypatch):

1202

"""

1203

Test that we don't use the fallback path if env vars are set.

1204

"""

1205

context = Context(TLSv1_METHOD)

1206

monkeypatch.setattr(

1207

_lib, "SSL_CTX_set_default_verify_paths", lambda x: 1

1208

)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1209

dir_env_var = _ffi.string(_lib.X509_get_default_cert_dir_env()).decode(

1210

"ascii"

1211

)

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1212

file_env_var = _ffi.string(

1213

_lib.X509_get_default_cert_file_env()

1214

).decode("ascii")

1215

monkeypatch.setenv(dir_env_var, "value")

1216

monkeypatch.setenv(file_env_var, "value")

1217

context.set_default_verify_paths()

1218

1219

monkeypatch.setattr(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1220

context, "_fallback_default_verify_paths", raiser(SystemError)

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1221

)

1222

context.set_default_verify_paths()

1223

1224

@pytest.mark.skipif(

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1225

platform == "win32",

1226

reason="set_default_verify_paths appears not to work on Windows. "

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1227

"See LP#404343 and LP#404344.",

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1228

)

1229

def test_set_default_verify_paths(self):

1230

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1231

`Context.set_default_verify_paths` causes the platform-specific CA

1232

certificate locations to be used for verification purposes.

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1233

"""

1234

# Testing this requires a server with a certificate signed by one

1235

# of the CAs in the platform CA location. Getting one of those

1236

# costs money. Fortunately (or unfortunately, depending on your

1237

# perspective), it's easy to think of a public server on the

1238

# internet which has such a certificate. Connecting to the network

1239

# in a unit test is bad, but it's the only way I can think of to

1240

# really test this. -exarkun

Hynek Schlawack

bf88793

2015-10-21 17:13:47 +0200

[diff] [blame]

1241

context = Context(SSLv23_METHOD)

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1242

context.set_default_verify_paths()

1243

context.set_verify(

1244

VERIFY_PEER,

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1245

lambda conn, cert, errno, depth, preverify_ok: preverify_ok,

1246

)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1247

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

1248

client = socket_any_family()

Hynek Schlawack

bf88793

2015-10-21 17:13:47 +0200

[diff] [blame]

1249

client.connect(("encrypted.google.com", 443))

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1250

clientSSL = Connection(context, client)

1251

clientSSL.set_connect_state()

Alex Gaynor

373926c

2018-05-12 07:43:07 -0400

[diff] [blame]

1252

clientSSL.set_tlsext_host_name(b"encrypted.google.com")

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1253

clientSSL.do_handshake()

1254

clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1255

assert clientSSL.recv(1024)

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

1256

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1257

def test_fallback_path_is_not_file_or_dir(self):

1258

"""

1259

Test that when passed empty arrays or paths that do not exist no

1260

errors are raised.

1261

"""

1262

context = Context(TLSv1_METHOD)

1263

context._fallback_default_verify_paths([], [])

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1264

context._fallback_default_verify_paths(["/not/a/file"], ["/not/a/dir"])

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1265

Jean-Paul Calderone

12608a8

2009-11-07 10:35:15 -0500

[diff] [blame]

1266

def test_add_extra_chain_cert_invalid_cert(self):

1267

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1268

`Context.add_extra_chain_cert` raises `TypeError` if called with an

1269

object which is not an instance of `X509`.

Jean-Paul Calderone

12608a8

2009-11-07 10:35:15 -0500

[diff] [blame]

1270

"""

1271

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1272

with pytest.raises(TypeError):

1273

context.add_extra_chain_cert(object())

Jean-Paul Calderone

12608a8

2009-11-07 10:35:15 -0500

[diff] [blame]

1274

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1275

def _handshake_test(self, serverContext, clientContext):

1276

"""

1277

Verify that a client and server created with the given contexts can

1278

successfully handshake and communicate.

1279

"""

1280

serverSocket, clientSocket = socket_pair()

1281

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1282

server = Connection(serverContext, serverSocket)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1283

server.set_accept_state()

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1284

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1285

client = Connection(clientContext, clientSocket)

1286

client.set_connect_state()

1287

1288

# Make them talk to each other.

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1289

# interact_in_memory(client, server)

1290

for _ in range(3):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1291

for s in [client, server]:

1292

try:

1293

s.do_handshake()

1294

except WantReadError:

1295

pass

1296

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1297

def test_set_verify_callback_connection_argument(self):

1298

"""

1299

The first argument passed to the verify callback is the

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1300

`Connection` instance for which verification is taking place.

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1301

"""

1302

serverContext = Context(TLSv1_METHOD)

1303

serverContext.use_privatekey(

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame^]

1304

load_privatekey(FILETYPE_PEM, root_key_pem)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1305

)

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1306

serverContext.use_certificate(

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame^]

1307

load_certificate(FILETYPE_PEM, root_cert_pem)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1308

)

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1309

serverConnection = Connection(serverContext, None)

1310

1311

class VerifyCallback(object):

1312

def callback(self, connection, *args):

1313

self.connection = connection

1314

return 1

1315

1316

verify = VerifyCallback()

1317

clientContext = Context(TLSv1_METHOD)

1318

clientContext.set_verify(VERIFY_PEER, verify.callback)

1319

clientConnection = Connection(clientContext, None)

1320

clientConnection.set_connect_state()

1321

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1322

handshake_in_memory(clientConnection, serverConnection)

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1323

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1324

assert verify.connection is clientConnection

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1325

Paul Kehrer

e738186

2017-11-30 20:55:25 +0800

[diff] [blame]

1326

def test_x509_in_verify_works(self):

1327

"""

1328

We had a bug where the X509 cert instantiated in the callback wrapper

1329

didn't __init__ so it was missing objects needed when calling

1330

get_subject. This test sets up a handshake where we call get_subject

1331

on the cert provided to the verify callback.

1332

"""

1333

serverContext = Context(TLSv1_METHOD)

1334

serverContext.use_privatekey(

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame^]

1335

load_privatekey(FILETYPE_PEM, root_key_pem)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1336

)

Paul Kehrer

e738186

2017-11-30 20:55:25 +0800

[diff] [blame]

1337

serverContext.use_certificate(

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame^]

1338

load_certificate(FILETYPE_PEM, root_cert_pem)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1339

)

Paul Kehrer

e738186

2017-11-30 20:55:25 +0800

[diff] [blame]

1340

serverConnection = Connection(serverContext, None)

1341

1342

def verify_cb_get_subject(conn, cert, errnum, depth, ok):

1343

assert cert.get_subject()

1344

return 1

1345

1346

clientContext = Context(TLSv1_METHOD)

1347

clientContext.set_verify(VERIFY_PEER, verify_cb_get_subject)

1348

clientConnection = Connection(clientContext, None)

1349

clientConnection.set_connect_state()

1350

1351

handshake_in_memory(clientConnection, serverConnection)

1352

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1353

def test_set_verify_callback_exception(self):

1354

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1355

If the verify callback passed to `Context.set_verify` raises an

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1356

exception, verification fails and the exception is propagated to the

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1357

caller of `Connection.do_handshake`.

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1358

"""

Paul Kehrer

2019-01-21 12:24:02 -0600

[diff] [blame]

1359

serverContext = Context(TLSv1_2_METHOD)

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1360

serverContext.use_privatekey(

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame^]

1361

load_privatekey(FILETYPE_PEM, root_key_pem)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1362

)

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1363

serverContext.use_certificate(

Paul Kehrer

2020-08-03 17:50:31 -0500

[diff] [blame^]

1364

load_certificate(FILETYPE_PEM, root_cert_pem)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1365

)

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1366

Paul Kehrer

2019-01-21 12:24:02 -0600

[diff] [blame]

1367

clientContext = Context(TLSv1_2_METHOD)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

1368

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1369

def verify_callback(*args):

1370

raise Exception("silly verify failure")

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1371

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1372

clientContext.set_verify(VERIFY_PEER, verify_callback)

1373

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

1374

with pytest.raises(Exception) as exc:

1375

self._handshake_test(serverContext, clientContext)

1376

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1377

assert "silly verify failure" == str(exc.value)

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1378

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1379

def test_add_extra_chain_cert(self, tmpdir):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1380

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1381

`Context.add_extra_chain_cert` accepts an `X509`

Hynek Schlawack

4813c0e

2015-04-16 13:38:01 -0400

[diff] [blame]

1382

instance to add to the certificate chain.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1383

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1384

See `_create_certificate_chain` for the details of the

Hynek Schlawack

4813c0e

2015-04-16 13:38:01 -0400

[diff] [blame]

1385

certificate chain tested.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1386

1387

The chain is tested by starting a server with scert and connecting

1388

to it with a client which trusts cacert and requires verification to

1389

succeed.

1390

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1391

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1392

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1393

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1394

# Dump the CA certificate to a file because that's the only way to load

1395

# it as a trusted CA in the client context.

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

for cert, name in [

(cacert, "ca.pem"),

(icert, "i.pem"),

(scert, "s.pem"),

]:

with tmpdir.join(name).open("w") as f:

1402

f.write(dump_certificate(FILETYPE_PEM, cert).decode("ascii"))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1403

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1404

for key, name in [(cakey, "ca.key"), (ikey, "i.key"), (skey, "s.key")]:

1405

with tmpdir.join(name).open("w") as f:

1406

f.write(dump_privatekey(FILETYPE_PEM, key).decode("ascii"))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1407

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1408

# Create the server context

1409

serverContext = Context(TLSv1_METHOD)

1410

serverContext.use_privatekey(skey)

1411

serverContext.use_certificate(scert)

Jean-Paul Calderone

16cf03d

2010-09-08 18:53:39 -0400

[diff] [blame]

1412

# The client already has cacert, we only need to give them icert.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1413

serverContext.add_extra_chain_cert(icert)

1414

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1415

# Create the client

1416

clientContext = Context(TLSv1_METHOD)

1417

clientContext.set_verify(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1418

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb

1419

)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1420

clientContext.load_verify_locations(str(tmpdir.join("ca.pem")))

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1421

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1422

# Try it out.

1423

self._handshake_test(serverContext, clientContext)

1424

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1425

def _use_certificate_chain_file_test(self, certdir):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1426

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1427

Verify that `Context.use_certificate_chain_file` reads a

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1428

certificate chain from a specified file.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1429

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1430

The chain is tested by starting a server with scert and connecting to

1431

it with a client which trusts cacert and requires verification to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1432

succeed.

1433

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1434

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1435

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1436

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1437

makedirs(certdir)

1438

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

1439

chainFile = join_bytes_or_unicode(certdir, "chain.pem")

1440

caFile = join_bytes_or_unicode(certdir, "ca.pem")

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1441

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1442

# Write out the chain file.

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1443

with open(chainFile, "wb") as fObj:

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1444

# Most specific to least general.

1445

fObj.write(dump_certificate(FILETYPE_PEM, scert))

1446

fObj.write(dump_certificate(FILETYPE_PEM, icert))

1447

fObj.write(dump_certificate(FILETYPE_PEM, cacert))

1448

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1449

with open(caFile, "w") as fObj:

1450

fObj.write(dump_certificate(FILETYPE_PEM, cacert).decode("ascii"))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1451

1452

serverContext = Context(TLSv1_METHOD)

1453

serverContext.use_certificate_chain_file(chainFile)

1454

serverContext.use_privatekey(skey)

1455

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1456

clientContext = Context(TLSv1_METHOD)

1457

clientContext.set_verify(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1458

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb

1459

)

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1460

clientContext.load_verify_locations(caFile)

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1461

1462

self._handshake_test(serverContext, clientContext)

1463

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1464

def test_use_certificate_chain_file_bytes(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1465

"""

1466

``Context.use_certificate_chain_file`` accepts the name of a file (as

1467

an instance of ``bytes``) to specify additional certificates to use to

1468

construct and verify a trust chain.

1469

"""

1470

self._use_certificate_chain_file_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1471

tmpfile + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1472

)

1473

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1474

def test_use_certificate_chain_file_unicode(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1475

"""

1476

``Context.use_certificate_chain_file`` accepts the name of a file (as

1477

an instance of ``unicode``) to specify additional certificates to use

1478

to construct and verify a trust chain.

1479

"""

1480

self._use_certificate_chain_file_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1481

tmpfile.decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1482

)

1483

Jean-Paul Calderone

131052e

2013-03-05 11:56:19 -0800

[diff] [blame]

1484

def test_use_certificate_chain_file_wrong_args(self):

1485

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1486

`Context.use_certificate_chain_file` raises `TypeError` if passed a

1487

non-byte string single argument.

Jean-Paul Calderone

131052e

2013-03-05 11:56:19 -0800

[diff] [blame]

1488

"""

1489

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1490

with pytest.raises(TypeError):

1491

context.use_certificate_chain_file(object())

Jean-Paul Calderone

131052e

2013-03-05 11:56:19 -0800

[diff] [blame]

1492

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1493

def test_use_certificate_chain_file_missing_file(self, tmpfile):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1494

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1495

`Context.use_certificate_chain_file` raises `OpenSSL.SSL.Error` when

1496

passed a bad chain file name (for example, the name of a file which

1497

does not exist).

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1498

"""

1499

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1500

with pytest.raises(Error):

1501

context.use_certificate_chain_file(tmpfile)

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1502

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1503

def test_set_verify_mode(self):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1504

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1505

`Context.get_verify_mode` returns the verify mode flags previously

1506

passed to `Context.set_verify`.

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1507

"""

1508

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1509

assert context.get_verify_mode() == 0

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1510

context.set_verify(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1511

VERIFY_PEER | VERIFY_CLIENT_ONCE, lambda *args: None

1512

)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1513

assert context.get_verify_mode() == (VERIFY_PEER | VERIFY_CLIENT_ONCE)

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1514

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1515

@pytest.mark.parametrize("mode", [None, 1.0, object(), "mode"])

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1516

def test_set_verify_wrong_mode_arg(self, mode):

1517

"""

1518

`Context.set_verify` raises `TypeError` if the first argument is

1519

not an integer.

1520

"""

1521

context = Context(TLSv1_METHOD)

1522

with pytest.raises(TypeError):

1523

context.set_verify(mode=mode, callback=lambda *args: None)

1524

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1525

@pytest.mark.parametrize("callback", [None, 1.0, "mode", ("foo", "bar")])

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1526

def test_set_verify_wrong_callable_arg(self, callback):

1527

"""

Alex Gaynor

40bc0f1

2018-05-14 14:06:16 -0400

[diff] [blame]

1528

`Context.set_verify` raises `TypeError` if the second argument

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1529

is not callable.

1530

"""

1531

context = Context(TLSv1_METHOD)

1532

with pytest.raises(TypeError):

1533

context.set_verify(mode=VERIFY_PEER, callback=callback)

1534

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1535

def test_load_tmp_dh_wrong_args(self):

1536

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1537

`Context.load_tmp_dh` raises `TypeError` if called with a

1538

non-`str` argument.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1539

"""

1540

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1541

with pytest.raises(TypeError):

1542

context.load_tmp_dh(object())

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1543

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1544

def test_load_tmp_dh_missing_file(self):

1545

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1546

`Context.load_tmp_dh` raises `OpenSSL.SSL.Error` if the

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

1547

specified file does not exist.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1548

"""

1549

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1550

with pytest.raises(Error):

1551

context.load_tmp_dh(b"hello")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1552

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1553

def _load_tmp_dh_test(self, dhfilename):

Jean-Paul Calderone

4e0c43f

2015-04-13 10:15:17 -0400

[diff] [blame]

1554

"""

1555

Verify that calling ``Context.load_tmp_dh`` with the given filename

1556

does not raise an exception.

1557

"""

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1558

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1559

with open(dhfilename, "w") as dhfile:

1560

dhfile.write(dhparam)

1561

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1562

context.load_tmp_dh(dhfilename)

1563

# XXX What should I assert here? -exarkun

1564

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1565

def test_load_tmp_dh_bytes(self, tmpfile):

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1566

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1567

`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1568

specified file (given as ``bytes``).

1569

"""

1570

self._load_tmp_dh_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1571

tmpfile + NON_ASCII.encode(getfilesystemencoding()),

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1572

)

1573

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1574

def test_load_tmp_dh_unicode(self, tmpfile):

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1575

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1576

`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1577

specified file (given as ``unicode``).

1578

"""

1579

self._load_tmp_dh_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1580

tmpfile.decode(getfilesystemencoding()) + NON_ASCII,

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1581

)

1582

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1583

def test_set_tmp_ecdh(self):

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1584

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1585

`Context.set_tmp_ecdh` sets the elliptic curve for Diffie-Hellman to

1586

the specified curve.

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1587

"""

1588

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1589

for curve in get_elliptic_curves():

Hynek Schlawack

a07fa8c

2015-10-17 10:15:28 +0200

[diff] [blame]

1590

if curve.name.startswith(u"Oakley-"):

Hynek Schlawack

7408aff

2015-10-17 09:51:16 +0200

[diff] [blame]

1591

# Setting Oakley-EC2N-4 and Oakley-EC2N-3 adds

1592

# ('bignum routines', 'BN_mod_inverse', 'no inverse') to the

1593

# error queue on OpenSSL 1.0.2.

1594

continue

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1595

# The only easily "assertable" thing is that it does not raise an

1596

# exception.

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1597

context.set_tmp_ecdh(curve)

Alex Gaynor

12dc084

2014-01-17 12:51:31 -0600

[diff] [blame]

1598

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1599

def test_set_session_cache_mode_wrong_args(self):

1600

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1601

`Context.set_session_cache_mode` raises `TypeError` if called with

1602

a non-integer argument.

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1603

called with other than one integer argument.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1604

"""

1605

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1606

with pytest.raises(TypeError):

1607

context.set_session_cache_mode(object())

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1608

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1609

def test_session_cache_mode(self):

1610

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1611

`Context.set_session_cache_mode` specifies how sessions are cached.

1612

The setting can be retrieved via `Context.get_session_cache_mode`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1613

"""

1614

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1615

context.set_session_cache_mode(SESS_CACHE_OFF)

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1616

off = context.set_session_cache_mode(SESS_CACHE_BOTH)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1617

assert SESS_CACHE_OFF == off

1618

assert SESS_CACHE_BOTH == context.get_session_cache_mode()

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1619

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1620

def test_get_cert_store(self):

1621

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1622

`Context.get_cert_store` returns a `X509Store` instance.

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1623

"""

1624

context = Context(TLSv1_METHOD)

1625

store = context.get_cert_store()

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1626

assert isinstance(store, X509Store)

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1627

Jeremy Lainé

2018-05-16 18:33:25 +0200

[diff] [blame]

1628

def test_set_tlsext_use_srtp_not_bytes(self):

1629

"""

1630

`Context.set_tlsext_use_srtp' enables negotiating SRTP keying material.

1631

1632

It raises a TypeError if the list of profiles is not a byte string.

1633

"""

1634

context = Context(TLSv1_METHOD)

1635

with pytest.raises(TypeError):

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1636

context.set_tlsext_use_srtp(text_type("SRTP_AES128_CM_SHA1_80"))

Jeremy Lainé

2018-05-16 18:33:25 +0200

[diff] [blame]

1637

1638

def test_set_tlsext_use_srtp_invalid_profile(self):

1639

"""

1640

`Context.set_tlsext_use_srtp' enables negotiating SRTP keying material.

1641

1642

It raises an Error if the call to OpenSSL fails.

1643

"""

1644

context = Context(TLSv1_METHOD)

1645

with pytest.raises(Error):

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1646

context.set_tlsext_use_srtp(b"SRTP_BOGUS")

Jeremy Lainé

2018-05-16 18:33:25 +0200

[diff] [blame]

1647

1648

def test_set_tlsext_use_srtp_valid(self):

1649

"""

1650

`Context.set_tlsext_use_srtp' enables negotiating SRTP keying material.

1651

1652

It does not return anything.

1653

"""

1654

context = Context(TLSv1_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1655

assert context.set_tlsext_use_srtp(b"SRTP_AES128_CM_SHA1_80") is None

Jeremy Lainé

2018-05-16 18:33:25 +0200

[diff] [blame]

1656

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1657

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1658

class TestServerNameCallback(object):

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1659

"""

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1660

Tests for `Context.set_tlsext_servername_callback` and its

1661

interaction with `Connection`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1662

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1663

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1664

def test_old_callback_forgotten(self):

1665

"""

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1666

If `Context.set_tlsext_servername_callback` is used to specify

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1667

a new callback, the one it replaces is dereferenced.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1668

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1669

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1670

def callback(connection): # pragma: no cover

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1671

pass

1672

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1673

def replacement(connection): # pragma: no cover

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1674

pass

1675

1676

context = Context(TLSv1_METHOD)

1677

context.set_tlsext_servername_callback(callback)

1678

1679

tracker = ref(callback)

1680

del callback

1681

1682

context.set_tlsext_servername_callback(replacement)

Jean-Paul Calderone

d4033eb

2014-01-11 08:21:46 -0500

[diff] [blame]

1683

1684

# One run of the garbage collector happens to work on CPython. PyPy

1685

# doesn't collect the underlying object until a second run for whatever

1686

# reason. That's fine, it still demonstrates our code has properly

1687

# dropped the reference.

1688

collect()

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1689

collect()

Jean-Paul Calderone

4c1aacd

2014-01-11 08:15:17 -0500

[diff] [blame]

1690

1691

callback = tracker()

1692

if callback is not None:

1693

referrers = get_referrers(callback)

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1694

if len(referrers) > 1: # pragma: nocover

1695

pytest.fail("Some references remain: %r" % (referrers,))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1696

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1697

def test_no_servername(self):

1698

"""

1699

When a client specifies no server name, the callback passed to

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1700

`Context.set_tlsext_servername_callback` is invoked and the

1701

result of `Connection.get_servername` is `None`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1702

"""

1703

args = []

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1704

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1705

def servername(conn):

1706

args.append((conn, conn.get_servername()))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1707

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1708

context = Context(TLSv1_METHOD)

1709

context.set_tlsext_servername_callback(servername)

1710

1711

# Lose our reference to it. The Context is responsible for keeping it

# alive now.

del servername

collect()

# Necessary to actually accept the connection

1717

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1718

context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1719

load_certificate(FILETYPE_PEM, server_cert_pem)

1720

)

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1721

1722

# Do a little connection to trigger the logic

1723

server = Connection(context, None)

1724

server.set_accept_state()

1725

1726

client = Connection(Context(TLSv1_METHOD), None)

1727

client.set_connect_state()

1728

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1729

interact_in_memory(server, client)

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1730

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1731

assert args == [(server, None)]

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1732

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1733

def test_servername(self):

1734

"""

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1735

When a client specifies a server name in its hello message, the

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1736

callback passed to `Contexts.set_tlsext_servername_callback` is

1737

invoked and the result of `Connection.get_servername` is that

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1738

server name.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1739

"""

1740

args = []

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1741

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1742

def servername(conn):

1743

args.append((conn, conn.get_servername()))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1744

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1745

context = Context(TLSv1_METHOD)

1746

context.set_tlsext_servername_callback(servername)

1747

1748

# Necessary to actually accept the connection

1749

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1750

context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1751

load_certificate(FILETYPE_PEM, server_cert_pem)

1752

)

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1753

1754

# Do a little connection to trigger the logic

1755

server = Connection(context, None)

1756

server.set_accept_state()

1757

1758

client = Connection(Context(TLSv1_METHOD), None)

1759

client.set_connect_state()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

1760

client.set_tlsext_host_name(b"foo1.example.com")

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1761

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1762

interact_in_memory(server, client)

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1763

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1764

assert args == [(server, b"foo1.example.com")]

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1765

1766

Paul Kehrer

4d57590

2019-02-26 21:42:12 +0800

[diff] [blame]

1767

@pytest.mark.skipif(

1768

not _lib.Cryptography_HAS_NEXTPROTONEG, reason="NPN is not available"

1769

)

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1770

class TestNextProtoNegotiation(object):

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1771

"""

1772

Test for Next Protocol Negotiation in PyOpenSSL.

1773

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1774

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1775

def test_npn_success(self):

1776

"""

1777

Tests that clients and servers that agree on the negotiated next

1778

protocol can correct establish a connection, and that the agreed

1779

protocol is reported by the connections.

"""

advertise_args = []

select_args = []

def advertise(conn):

advertise_args.append((conn,))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1786

return [b"http/1.1", b"spdy/2"]

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1787

1788

def select(conn, options):

1789

select_args.append((conn, options))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1790

return b"spdy/2"

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1791

1792

server_context = Context(TLSv1_METHOD)

1793

server_context.set_npn_advertise_callback(advertise)

1794

1795

client_context = Context(TLSv1_METHOD)

1796

client_context.set_npn_select_callback(select)

1797

1798

# Necessary to actually accept the connection

1799

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1800

load_privatekey(FILETYPE_PEM, server_key_pem)

1801

)

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1802

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1803

load_certificate(FILETYPE_PEM, server_cert_pem)

1804

)

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1805

1806

# Do a little connection to trigger the logic

1807

server = Connection(server_context, None)

1808

server.set_accept_state()

1809

1810

client = Connection(client_context, None)

1811

client.set_connect_state()

1812

1813

interact_in_memory(server, client)

1814

1815

assert advertise_args == [(server,)]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1816

assert select_args == [(client, [b"http/1.1", b"spdy/2"])]

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1817

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1818

assert server.get_next_proto_negotiated() == b"spdy/2"

1819

assert client.get_next_proto_negotiated() == b"spdy/2"

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1820

1821

def test_npn_client_fail(self):

1822

"""

1823

Tests that when clients and servers cannot agree on what protocol

1824

to use next that the TLS connection does not get established.

"""

advertise_args = []

select_args = []

def advertise(conn):

advertise_args.append((conn,))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1831

return [b"http/1.1", b"spdy/2"]

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1832

1833

def select(conn, options):

1834

select_args.append((conn, options))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1835

return b""

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1836

1837

server_context = Context(TLSv1_METHOD)

1838

server_context.set_npn_advertise_callback(advertise)

1839

1840

client_context = Context(TLSv1_METHOD)

1841

client_context.set_npn_select_callback(select)

1842

1843

# Necessary to actually accept the connection

1844

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1845

load_privatekey(FILETYPE_PEM, server_key_pem)

1846

)

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1847

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1848

load_certificate(FILETYPE_PEM, server_cert_pem)

1849

)

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1850

1851

# Do a little connection to trigger the logic

1852

server = Connection(server_context, None)

1853

server.set_accept_state()

1854

1855

client = Connection(client_context, None)

1856

client.set_connect_state()

1857

1858

# If the client doesn't return anything, the connection will fail.

1859

with pytest.raises(Error):

1860

interact_in_memory(server, client)

1861

1862

assert advertise_args == [(server,)]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1863

assert select_args == [(client, [b"http/1.1", b"spdy/2"])]

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1864

1865

def test_npn_select_error(self):

1866

"""

1867

Test that we can handle exceptions in the select callback. If

1868

select fails it should be fatal to the connection.

"""

advertise_args = []

def advertise(conn):

advertise_args.append((conn,))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1874

return [b"http/1.1", b"spdy/2"]

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1875

1876

def select(conn, options):

1877

raise TypeError

1878

1879

server_context = Context(TLSv1_METHOD)

1880

server_context.set_npn_advertise_callback(advertise)

1881

1882

client_context = Context(TLSv1_METHOD)

1883

client_context.set_npn_select_callback(select)

1884

1885

# Necessary to actually accept the connection

1886

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1887

load_privatekey(FILETYPE_PEM, server_key_pem)

1888

)

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1889

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1890

load_certificate(FILETYPE_PEM, server_cert_pem)

1891

)

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1892

1893

# Do a little connection to trigger the logic

1894

server = Connection(server_context, None)

1895

server.set_accept_state()

1896

1897

client = Connection(client_context, None)

1898

client.set_connect_state()

1899

1900

# If the callback throws an exception it should be raised here.

1901

with pytest.raises(TypeError):

1902

interact_in_memory(server, client)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1903

assert advertise_args == [

1904

(server,),

1905

]

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1906

1907

def test_npn_advertise_error(self):

1908

"""

1909

Test that we can handle exceptions in the advertise callback. If

1910

advertise fails no NPN is advertised to the client.

"""

select_args = []

def advertise(conn):

raise TypeError

def select(conn, options): # pragma: nocover

Cory Benfield

ba1820d

2015-04-13 17:39:12 -0400

[diff] [blame]

1918

"""

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1919

Assert later that no args are actually appended.

Cory Benfield

ba1820d

2015-04-13 17:39:12 -0400

[diff] [blame]

1920

"""

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1921

select_args.append((conn, options))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1922

return b""

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1923

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1924

server_context = Context(TLSv1_METHOD)

1925

server_context.set_npn_advertise_callback(advertise)

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1926

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1927

client_context = Context(TLSv1_METHOD)

1928

client_context.set_npn_select_callback(select)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1929

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1930

# Necessary to actually accept the connection

1931

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1932

load_privatekey(FILETYPE_PEM, server_key_pem)

1933

)

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1934

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1935

load_certificate(FILETYPE_PEM, server_cert_pem)

1936

)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1937

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1938

# Do a little connection to trigger the logic

1939

server = Connection(server_context, None)

1940

server.set_accept_state()

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1941

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1942

client = Connection(client_context, None)

1943

client.set_connect_state()

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1944

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1945

# If the client doesn't return anything, the connection will fail.

1946

with pytest.raises(TypeError):

1947

interact_in_memory(server, client)

1948

assert select_args == []

Cory Benfield

0ea76e7

2015-03-22 09:05:28 +0000

[diff] [blame]

1949

1950

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1951

class TestApplicationLayerProtoNegotiation(object):

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1952

"""

1953

Tests for ALPN in PyOpenSSL.

1954

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1955

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1956

def test_alpn_success(self):

1957

"""

1958

Clients and servers that agree on the negotiated ALPN protocol can

1959

correct establish a connection, and the agreed protocol is reported

1960

by the connections.

1961

"""

1962

select_args = []

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1963

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1964

def select(conn, options):

1965

select_args.append((conn, options))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1966

return b"spdy/2"

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1967

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1968

client_context = Context(TLSv1_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1969

client_context.set_alpn_protos([b"http/1.1", b"spdy/2"])

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1970

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1971

server_context = Context(TLSv1_METHOD)

1972

server_context.set_alpn_select_callback(select)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1973

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1974

# Necessary to actually accept the connection

1975

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1976

load_privatekey(FILETYPE_PEM, server_key_pem)

1977

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1978

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1979

load_certificate(FILETYPE_PEM, server_cert_pem)

1980

)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1981

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1982

# Do a little connection to trigger the logic

1983

server = Connection(server_context, None)

1984

server.set_accept_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1985

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1986

client = Connection(client_context, None)

1987

client.set_connect_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1988

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1989

interact_in_memory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1990

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1991

assert select_args == [(server, [b"http/1.1", b"spdy/2"])]

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1992

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1993

assert server.get_alpn_proto_negotiated() == b"spdy/2"

1994

assert client.get_alpn_proto_negotiated() == b"spdy/2"

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1995

1996

def test_alpn_set_on_connection(self):

1997

"""

1998

The same as test_alpn_success, but setting the ALPN protocols on

1999

the connection rather than the context.

"""

select_args = []

def select(conn, options):

2004

select_args.append((conn, options))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2005

return b"spdy/2"

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2006

2007

# Setup the client context but don't set any ALPN protocols.

2008

client_context = Context(TLSv1_METHOD)

2009

2010

server_context = Context(TLSv1_METHOD)

2011

server_context.set_alpn_select_callback(select)

2012

2013

# Necessary to actually accept the connection

2014

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2015

load_privatekey(FILETYPE_PEM, server_key_pem)

2016

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2017

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2018

load_certificate(FILETYPE_PEM, server_cert_pem)

2019

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2020

2021

# Do a little connection to trigger the logic

2022

server = Connection(server_context, None)

2023

server.set_accept_state()

2024

2025

# Set the ALPN protocols on the client connection.

2026

client = Connection(client_context, None)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2027

client.set_alpn_protos([b"http/1.1", b"spdy/2"])

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2028

client.set_connect_state()

2029

2030

interact_in_memory(server, client)

2031

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2032

assert select_args == [(server, [b"http/1.1", b"spdy/2"])]

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2033

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2034

assert server.get_alpn_proto_negotiated() == b"spdy/2"

2035

assert client.get_alpn_proto_negotiated() == b"spdy/2"

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2036

2037

def test_alpn_server_fail(self):

2038

"""

2039

When clients and servers cannot agree on what protocol to use next

2040

the TLS connection does not get established.

"""

select_args = []

def select(conn, options):

2045

select_args.append((conn, options))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2046

return b""

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2047

2048

client_context = Context(TLSv1_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2049

client_context.set_alpn_protos([b"http/1.1", b"spdy/2"])

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2050

2051

server_context = Context(TLSv1_METHOD)

2052

server_context.set_alpn_select_callback(select)

2053

2054

# Necessary to actually accept the connection

2055

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2056

load_privatekey(FILETYPE_PEM, server_key_pem)

2057

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2058

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2059

load_certificate(FILETYPE_PEM, server_cert_pem)

2060

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2061

2062

# Do a little connection to trigger the logic

2063

server = Connection(server_context, None)

2064

server.set_accept_state()

2065

2066

client = Connection(client_context, None)

2067

client.set_connect_state()

2068

2069

# If the client doesn't return anything, the connection will fail.

2070

with pytest.raises(Error):

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

2071

interact_in_memory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2072

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2073

assert select_args == [(server, [b"http/1.1", b"spdy/2"])]

Cory Benfield

e46fa84

2015-04-13 16:50:49 -0400

[diff] [blame]

2074

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2075

def test_alpn_no_server_overlap(self):

2076

"""

2077

A server can allow a TLS handshake to complete without

2078

agreeing to an application protocol by returning

2079

``NO_OVERLAPPING_PROTOCOLS``.

2080

"""

2081

refusal_args = []

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2082

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2083

def refusal(conn, options):

2084

refusal_args.append((conn, options))

2085

return NO_OVERLAPPING_PROTOCOLS

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2086

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2087

client_context = Context(SSLv23_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2088

client_context.set_alpn_protos([b"http/1.1", b"spdy/2"])

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2089

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2090

server_context = Context(SSLv23_METHOD)

2091

server_context.set_alpn_select_callback(refusal)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2092

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2093

# Necessary to actually accept the connection

2094

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2095

load_privatekey(FILETYPE_PEM, server_key_pem)

2096

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2097

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2098

load_certificate(FILETYPE_PEM, server_cert_pem)

2099

)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2100

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2101

# Do a little connection to trigger the logic

2102

server = Connection(server_context, None)

2103

server.set_accept_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2104

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2105

client = Connection(client_context, None)

2106

client.set_connect_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2107

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2108

# Do the dance.

2109

interact_in_memory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2110

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2111

assert refusal_args == [(server, [b"http/1.1", b"spdy/2"])]

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2112

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2113

assert client.get_alpn_proto_negotiated() == b""

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2114

2115

def test_alpn_select_cb_returns_invalid_value(self):

2116

"""

2117

If the ALPN selection callback returns anything other than

2118

a bytestring or ``NO_OVERLAPPING_PROTOCOLS``, a

2119

:py:exc:`TypeError` is raised.

"""

invalid_cb_args = []

def invalid_cb(conn, options):

2124

invalid_cb_args.append((conn, options))

2125

return u"can't return unicode"

2126

2127

client_context = Context(SSLv23_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2128

client_context.set_alpn_protos([b"http/1.1", b"spdy/2"])

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2129

2130

server_context = Context(SSLv23_METHOD)

2131

server_context.set_alpn_select_callback(invalid_cb)

2132

2133

# Necessary to actually accept the connection

2134

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2135

load_privatekey(FILETYPE_PEM, server_key_pem)

2136

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2137

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2138

load_certificate(FILETYPE_PEM, server_cert_pem)

2139

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2140

2141

# Do a little connection to trigger the logic

2142

server = Connection(server_context, None)

2143

server.set_accept_state()

2144

2145

client = Connection(client_context, None)

2146

client.set_connect_state()

2147

2148

# Do the dance.

2149

with pytest.raises(TypeError):

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

2150

interact_in_memory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2151

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2152

assert invalid_cb_args == [(server, [b"http/1.1", b"spdy/2"])]

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2153

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2154

assert client.get_alpn_proto_negotiated() == b""

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2155

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2156

def test_alpn_no_server(self):

2157

"""

2158

When clients and servers cannot agree on what protocol to use next

2159

because the server doesn't offer ALPN, no protocol is negotiated.

2160

"""

2161

client_context = Context(TLSv1_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2162

client_context.set_alpn_protos([b"http/1.1", b"spdy/2"])

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2163

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2164

server_context = Context(TLSv1_METHOD)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2165

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2166

# Necessary to actually accept the connection

2167

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2168

load_privatekey(FILETYPE_PEM, server_key_pem)

2169

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2170

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2171

load_certificate(FILETYPE_PEM, server_cert_pem)

2172

)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2173

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2174

# Do a little connection to trigger the logic

2175

server = Connection(server_context, None)

2176

server.set_accept_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2177

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2178

client = Connection(client_context, None)

2179

client.set_connect_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2180

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2181

# Do the dance.

2182

interact_in_memory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2183

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2184

assert client.get_alpn_proto_negotiated() == b""

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2185

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2186

def test_alpn_callback_exception(self):

2187

"""

2188

We can handle exceptions in the ALPN select callback.

2189

"""

2190

select_args = []

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2191

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2192

def select(conn, options):

2193

select_args.append((conn, options))

2194

raise TypeError()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2195

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2196

client_context = Context(TLSv1_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2197

client_context.set_alpn_protos([b"http/1.1", b"spdy/2"])

Mark Williams

2019-11-17 19:56:26 -0800

[diff] [blame]

2198

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2199

server_context = Context(TLSv1_METHOD)

2200

server_context.set_alpn_select_callback(select)

Mark Williams

2019-11-17 19:56:26 -0800

[diff] [blame]

2201

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2202

# Necessary to actually accept the connection

2203

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2204

load_privatekey(FILETYPE_PEM, server_key_pem)

2205

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2206

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2207

load_certificate(FILETYPE_PEM, server_cert_pem)

2208

)

Mark Williams

2019-11-17 19:56:26 -0800

[diff] [blame]

2209

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2210

# Do a little connection to trigger the logic

2211

server = Connection(server_context, None)

2212

server.set_accept_state()

Mark Williams

2019-11-17 19:56:26 -0800

[diff] [blame]

2213

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2214

client = Connection(client_context, None)

2215

client.set_connect_state()

Mark Williams

2019-11-17 19:56:26 -0800

[diff] [blame]

2216

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2217

with pytest.raises(TypeError):

Mark Williams

2019-11-17 19:56:26 -0800

[diff] [blame]

2218

interact_in_memory(server, client)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2219

assert select_args == [(server, [b"http/1.1", b"spdy/2"])]

Cory Benfield

0f7b04c

2015-04-13 17:51:12 -0400

[diff] [blame]

2220

Cory Benfield

f1177e7

2015-04-12 09:11:49 -0400

[diff] [blame]

2221

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

2222

class TestSession(object):

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

2223

"""

2224

Unit tests for :py:obj:`OpenSSL.SSL.Session`.

2225

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2226

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

2227

def test_construction(self):

2228

"""

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2229

:py:class:`Session` can be constructed with no arguments, creating

2230

a new instance of that type.

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

2231

"""

2232

new_session = Session()

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

2233

assert isinstance(new_session, Session)

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

2234

2235

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2236

class TestConnection(object):

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2237

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2238

Unit tests for `OpenSSL.SSL.Connection`.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2239

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2240

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

2241

# XXX get_peer_certificate -> None

2242

# XXX sock_shutdown

2243

# XXX master_key -> TypeError

2244

# XXX server_random -> TypeError

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

2245

# XXX connect -> TypeError

2246

# XXX connect_ex -> TypeError

2247

# XXX set_connect_state -> TypeError

2248

# XXX set_accept_state -> TypeError

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

2249

# XXX do_handshake -> TypeError

2250

# XXX bio_read -> TypeError

2251

# XXX recv -> TypeError

2252

# XXX send -> TypeError

2253

# XXX bio_write -> TypeError

2254

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2255

def test_type(self):

2256

"""

Alex Gaynor

01f90a1

2019-02-07 09:14:48 -0500

[diff] [blame]

2257

`Connection` can be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2258

"""

2259

ctx = Context(TLSv1_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2260

assert is_consistent_type(Connection, "Connection", ctx, None)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2261

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2262

@pytest.mark.parametrize("bad_context", [object(), "context", None, 1])

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

2263

def test_wrong_args(self, bad_context):

2264

"""

2265

`Connection.__init__` raises `TypeError` if called with a non-`Context`

2266

instance argument.

2267

"""

2268

with pytest.raises(TypeError):

2269

Connection(bad_context)

2270

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2271

@pytest.mark.parametrize("bad_bio", [object(), None, 1, [1, 2, 3]])

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

2272

def test_bio_write_wrong_args(self, bad_bio):

2273

"""

2274

`Connection.bio_write` raises `TypeError` if called with a non-bytes

2275

(or text) argument.

2276

"""

2277

context = Context(TLSv1_METHOD)

2278

connection = Connection(context, None)

2279

with pytest.raises(TypeError):

2280

connection.bio_write(bad_bio)

2281

2282

def test_bio_write(self):

2283

"""

2284

`Connection.bio_write` does not raise if called with bytes or

2285

bytearray, warns if called with text.

2286

"""

2287

context = Context(TLSv1_METHOD)

2288

connection = Connection(context, None)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2289

connection.bio_write(b"xy")

2290

connection.bio_write(bytearray(b"za"))

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

2291

with pytest.warns(DeprecationWarning):

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2292

connection.bio_write(u"deprecated")

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

2293

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

2294

def test_get_context(self):

2295

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2296

`Connection.get_context` returns the `Context` instance used to

2297

construct the `Connection` instance.

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

2298

"""

2299

context = Context(TLSv1_METHOD)

2300

connection = Connection(context, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2301

assert connection.get_context() is context

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

2302

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2303

def test_set_context_wrong_args(self):

2304

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2305

`Connection.set_context` raises `TypeError` if called with a

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

2306

non-`Context` instance argument.

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2307

"""

2308

ctx = Context(TLSv1_METHOD)

2309

connection = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2310

with pytest.raises(TypeError):

2311

connection.set_context(object())

2312

with pytest.raises(TypeError):

2313

connection.set_context("hello")

2314

with pytest.raises(TypeError):

2315

connection.set_context(1)

2316

assert ctx is connection.get_context()

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2317

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2318

def test_set_context(self):

2319

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2320

`Connection.set_context` specifies a new `Context` instance to be

2321

used for the connection.

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2322

"""

2323

original = Context(SSLv23_METHOD)

2324

replacement = Context(TLSv1_METHOD)

2325

connection = Connection(original, None)

2326

connection.set_context(replacement)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2327

assert replacement is connection.get_context()

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2328

# Lose our references to the contexts, just in case the Connection

2329

# isn't properly managing its own contributions to their reference

2330

# counts.

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2331

del original, replacement

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2332

collect()

2333

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2334

def test_set_tlsext_host_name_wrong_args(self):

2335

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2336

If `Connection.set_tlsext_host_name` is called with a non-byte string

2337

argument or a byte string with an embedded NUL, `TypeError` is raised.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2338

"""

2339

conn = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2340

with pytest.raises(TypeError):

2341

conn.set_tlsext_host_name(object())

2342

with pytest.raises(TypeError):

2343

conn.set_tlsext_host_name(b"with\0null")

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2344

Hugo van Kemenade

60827f8

2019-08-30 00:39:35 +0300

[diff] [blame]

2345

if not PY2:

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2346

# On Python 3.x, don't accidentally implicitly convert from text.

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2347

with pytest.raises(TypeError):

2348

conn.set_tlsext_host_name(b"example.com".decode("ascii"))

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

2349

Jean-Paul Calderone

1d69a72

2010-07-29 09:05:53 -0400

[diff] [blame]

2350

def test_pending(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2351

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2352

`Connection.pending` returns the number of bytes available for

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2353

immediate read.

2354

"""

Jean-Paul Calderone

1d69a72

2010-07-29 09:05:53 -0400

[diff] [blame]

2355

connection = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2356

assert connection.pending() == 0

Jean-Paul Calderone

1d69a72

2010-07-29 09:05:53 -0400

[diff] [blame]

2357

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

2358

def test_peek(self):

2359

"""

Hynek Schlawack

3bcf315

2017-02-18 08:25:34 +0100

[diff] [blame]

2360

`Connection.recv` peeks into the connection if `socket.MSG_PEEK` is

2361

passed.

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

2362

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2363

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2364

server.send(b"xy")

2365

assert client.recv(2, MSG_PEEK) == b"xy"

2366

assert client.recv(2, MSG_PEEK) == b"xy"

2367

assert client.recv(2) == b"xy"

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

2368

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2369

def test_connect_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2370

"""

Hynek Schlawack

3bcf315

2017-02-18 08:25:34 +0100

[diff] [blame]

2371

`Connection.connect` raises `TypeError` if called with a non-address

2372

argument.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2373

"""

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2374

connection = Connection(Context(TLSv1_METHOD), socket_any_family())

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2375

with pytest.raises(TypeError):

2376

connection.connect(None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2377

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2378

def test_connect_refused(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2379

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2380

`Connection.connect` raises `socket.error` if the underlying socket

2381

connect method raises it.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2382

"""

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2383

client = socket_any_family()

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2384

context = Context(TLSv1_METHOD)

2385

clientSSL = Connection(context, client)

Alex Gaynor

122717b

2015-09-05 14:14:18 -0400

[diff] [blame]

2386

# pytest.raises here doesn't work because of a bug in py.test on Python

2387

# 2.6: https://github.com/pytest-dev/pytest/issues/988

Alex Gaynor

e69c278

2015-09-05 14:07:48 -0400

[diff] [blame]

2388

try:

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2389

clientSSL.connect((loopback_address(client), 1))

Alex Gaynor

e69c278

2015-09-05 14:07:48 -0400

[diff] [blame]

2390

except error as e:

Alex Gaynor

20a4c08

2015-09-05 14:24:15 -0400

[diff] [blame]

2391

exc = e

2392

assert exc.args[0] == ECONNREFUSED

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2393

2394

def test_connect(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2395

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2396

`Connection.connect` establishes a connection to the specified address.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2397

"""

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2398

port = socket_any_family()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2399

port.bind(("", 0))

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2400

port.listen(3)

2401

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2402

clientSSL = Connection(Context(TLSv1_METHOD), socket(port.family))

2403

clientSSL.connect((loopback_address(port), port.getsockname()[1]))

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

2404

# XXX An assertion? Or something?

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2405

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2406

@pytest.mark.skipif(

2407

platform == "darwin",

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2408

reason="connect_ex sometimes causes a kernel panic on OS X 10.6.4",

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2409

)

2410

def test_connect_ex(self):

2411

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2412

If there is a connection error, `Connection.connect_ex` returns the

2413

errno instead of raising an exception.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2414

"""

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2415

port = socket_any_family()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2416

port.bind(("", 0))

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2417

port.listen(3)

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2418

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2419

clientSSL = Connection(Context(TLSv1_METHOD), socket(port.family))

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2420

clientSSL.setblocking(False)

2421

result = clientSSL.connect_ex(port.getsockname())

2422

expected = (EINPROGRESS, EWOULDBLOCK)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2423

assert result in expected

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2424

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2425

def test_accept(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2426

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2427

`Connection.accept` accepts a pending connection attempt and returns a

2428

tuple of a new `Connection` (the accepted client) and the address the

2429

connection originated from.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2430

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2431

ctx = Context(TLSv1_METHOD)

2432

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2433

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2434

port = socket_any_family()

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2435

portSSL = Connection(ctx, port)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2436

portSSL.bind(("", 0))

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2437

portSSL.listen(3)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2438

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2439

clientSSL = Connection(Context(TLSv1_METHOD), socket(port.family))

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

2440

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2441

# Calling portSSL.getsockname() here to get the server IP address

2442

# sounds great, but frequently fails on Windows.

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2443

clientSSL.connect((loopback_address(port), portSSL.getsockname()[1]))

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2444

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2445

serverSSL, address = portSSL.accept()

2446

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2447

assert isinstance(serverSSL, Connection)

2448

assert serverSSL.get_context() is ctx

2449

assert address == clientSSL.getsockname()

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2450

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2451

def test_shutdown_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2452

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2453

`Connection.set_shutdown` raises `TypeError` if called with arguments

2454

other than integers.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2455

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2456

connection = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2457

with pytest.raises(TypeError):

2458

connection.set_shutdown(None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2459

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2460

def test_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2461

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2462

`Connection.shutdown` performs an SSL-level connection shutdown.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2463

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2464

server, client = loopback()

2465

assert not server.shutdown()

2466

assert server.get_shutdown() == SENT_SHUTDOWN

2467

with pytest.raises(ZeroReturnError):

2468

client.recv(1024)

2469

assert client.get_shutdown() == RECEIVED_SHUTDOWN

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

2470

client.shutdown()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2471

assert client.get_shutdown() == (SENT_SHUTDOWN | RECEIVED_SHUTDOWN)

2472

with pytest.raises(ZeroReturnError):

2473

server.recv(1024)

2474

assert server.get_shutdown() == (SENT_SHUTDOWN | RECEIVED_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2475

Paul Aurich

2015-01-08 08:34:33 -0800

[diff] [blame]

2476

def test_shutdown_closed(self):

2477

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2478

If the underlying socket is closed, `Connection.shutdown` propagates

2479

the write error from the low level write call.

Paul Aurich

2015-01-08 08:34:33 -0800

[diff] [blame]

2480

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2481

server, client = loopback()

Paul Aurich

2015-01-08 08:34:33 -0800

[diff] [blame]

2482

server.sock_shutdown(2)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2483

with pytest.raises(SysCallError) as exc:

2484

server.shutdown()

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

2485

if platform == "win32":

2486

assert exc.value.args[0] == ESHUTDOWN

2487

else:

2488

assert exc.value.args[0] == EPIPE

Paul Aurich

2015-01-08 08:34:33 -0800

[diff] [blame]

2489

Glyph

2015-04-14 17:29:26 -0400

[diff] [blame]

2490

def test_shutdown_truncated(self):

Glyph

6064ec3

2015-04-14 16:38:22 -0400

[diff] [blame]

2491

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2492

If the underlying connection is truncated, `Connection.shutdown`

2493

raises an `Error`.

Glyph

6064ec3

2015-04-14 16:38:22 -0400

[diff] [blame]

2494

"""

Glyph

2015-04-14 17:29:26 -0400

[diff] [blame]

2495

server_ctx = Context(TLSv1_METHOD)

2496

client_ctx = Context(TLSv1_METHOD)

2497

server_ctx.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2498

load_privatekey(FILETYPE_PEM, server_key_pem)

2499

)

Glyph

2015-04-14 17:29:26 -0400

[diff] [blame]

2500

server_ctx.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2501

load_certificate(FILETYPE_PEM, server_cert_pem)

2502

)

Glyph

2015-04-14 17:29:26 -0400

[diff] [blame]

2503

server = Connection(server_ctx, None)

2504

client = Connection(client_ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2505

handshake_in_memory(client, server)

2506

assert not server.shutdown()

2507

with pytest.raises(WantReadError):

2508

server.shutdown()

Glyph

2015-04-14 17:29:26 -0400

[diff] [blame]

2509

server.bio_shutdown()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2510

with pytest.raises(Error):

2511

server.shutdown()

Glyph

6064ec3

2015-04-14 16:38:22 -0400

[diff] [blame]

2512

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2513

def test_set_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2514

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2515

`Connection.set_shutdown` sets the state of the SSL connection

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2516

shutdown process.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2517

"""

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2518

connection = Connection(Context(TLSv1_METHOD), socket_any_family())

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2519

connection.set_shutdown(RECEIVED_SHUTDOWN)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2520

assert connection.get_shutdown() == RECEIVED_SHUTDOWN

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2521

kjav

2015-09-07 12:14:01 +0100

[diff] [blame]

2522

def test_state_string(self):

2523

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2524

`Connection.state_string` verbosely describes the current state of

2525

the `Connection`.

kjav

2015-09-07 12:14:01 +0100

[diff] [blame]

2526

"""

Hynek Schlawack

b0274ce

2015-10-16 19:56:26 +0200

[diff] [blame]

2527

server, client = socket_pair()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2528

server = loopback_server_factory(server)

2529

client = loopback_client_factory(client)

kjav

2015-09-07 12:14:01 +0100

[diff] [blame]

2530

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2531

assert server.get_state_string() in [

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2532

b"before/accept initialization",

2533

b"before SSL initialization",

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2534

]

2535

assert client.get_state_string() in [

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2536

b"before/connect initialization",

2537

b"before SSL initialization",

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2538

]

kjav

2015-09-07 12:14:01 +0100

[diff] [blame]

2539

Jean-Paul Calderone

2010-07-29 09:51:06 -0400

[diff] [blame]

2540

def test_app_data(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2541

"""

2542

Any object can be set as app data by passing it to

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2543

`Connection.set_app_data` and later retrieved with

2544

`Connection.get_app_data`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2545

"""

Jean-Paul Calderone

2010-07-29 09:51:06 -0400

[diff] [blame]

2546

conn = Connection(Context(TLSv1_METHOD), None)

Todd Chapman

4f73e4f

2015-08-27 11:26:43 -0400

[diff] [blame]

2547

assert None is conn.get_app_data()

Jean-Paul Calderone

2010-07-29 09:51:06 -0400

[diff] [blame]

2548

app_data = object()

2549

conn.set_app_data(app_data)

Todd Chapman

4f73e4f

2015-08-27 11:26:43 -0400

[diff] [blame]

2550

assert conn.get_app_data() is app_data

Jean-Paul Calderone

2010-07-29 09:51:06 -0400

[diff] [blame]

2551

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2552

def test_makefile(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2553

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2554

`Connection.makefile` is not implemented and calling that

2555

method raises `NotImplementedError`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2556

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2557

conn = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2558

with pytest.raises(NotImplementedError):

2559

conn.makefile()

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2560

Jeremy Lainé

460a19d

2018-05-16 19:44:19 +0200

[diff] [blame]

2561

def test_get_certificate(self):

2562

"""

2563

`Connection.get_certificate` returns the local certificate.

2564

"""

2565

chain = _create_certificate_chain()

2566

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

2567

2568

context = Context(TLSv1_METHOD)

2569

context.use_certificate(scert)

2570

client = Connection(context, None)

2571

cert = client.get_certificate()

2572

assert cert is not None

2573

assert "Server Certificate" == cert.get_subject().CN

2574

2575

def test_get_certificate_none(self):

2576

"""

2577

`Connection.get_certificate` returns the local certificate.

2578

2579

If there is no certificate, it returns None.

2580

"""

2581

context = Context(TLSv1_METHOD)

2582

client = Connection(context, None)

2583

cert = client.get_certificate()

2584

assert cert is None

2585

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2586

def test_get_peer_cert_chain(self):

2587

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2588

`Connection.get_peer_cert_chain` returns a list of certificates

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2589

which the connected server returned for the certification verification.

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2590

"""

2591

chain = _create_certificate_chain()

2592

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

2593

2594

serverContext = Context(TLSv1_METHOD)

2595

serverContext.use_privatekey(skey)

2596

serverContext.use_certificate(scert)

2597

serverContext.add_extra_chain_cert(icert)

2598

serverContext.add_extra_chain_cert(cacert)

2599

server = Connection(serverContext, None)

2600

server.set_accept_state()

2601

2602

# Create the client

2603

clientContext = Context(TLSv1_METHOD)

2604

clientContext.set_verify(VERIFY_NONE, verify_cb)

2605

client = Connection(clientContext, None)

2606

client.set_connect_state()

2607

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2608

interact_in_memory(client, server)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2609

2610

chain = client.get_peer_cert_chain()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2611

assert len(chain) == 3

2612

assert "Server Certificate" == chain[0].get_subject().CN

2613

assert "Intermediate Certificate" == chain[1].get_subject().CN

2614

assert "Authority Certificate" == chain[2].get_subject().CN

Jean-Paul Calderone

24a4243

2011-05-19 22:21:18 -0400

[diff] [blame]

2615

Jean-Paul Calderone

24a4243

2011-05-19 22:21:18 -0400

[diff] [blame]

2616

def test_get_peer_cert_chain_none(self):

2617

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2618

`Connection.get_peer_cert_chain` returns `None` if the peer sends

2619

no certificate chain.

Jean-Paul Calderone

24a4243

2011-05-19 22:21:18 -0400

[diff] [blame]

2620

"""

2621

ctx = Context(TLSv1_METHOD)

2622

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2623

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

2624

server = Connection(ctx, None)

2625

server.set_accept_state()

2626

client = Connection(Context(TLSv1_METHOD), None)

2627

client.set_connect_state()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2628

interact_in_memory(client, server)

2629

assert None is server.get_peer_cert_chain()

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2630

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2631

def test_get_session_unconnected(self):

2632

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2633

`Connection.get_session` returns `None` when used with an object

2634

which has not been connected.

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2635

"""

2636

ctx = Context(TLSv1_METHOD)

2637

server = Connection(ctx, None)

2638

session = server.get_session()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2639

assert None is session

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2640

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2641

def test_server_get_session(self):

2642

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2643

On the server side of a connection, `Connection.get_session` returns a

2644

`Session` instance representing the SSL session for that connection.

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2645

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2646

server, client = loopback()

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2647

session = server.get_session()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2648

assert isinstance(session, Session)

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2649

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2650

def test_client_get_session(self):

2651

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2652

On the client side of a connection, `Connection.get_session`

2653

returns a `Session` instance representing the SSL session for

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2654

that connection.

2655

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2656

server, client = loopback()

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2657

session = client.get_session()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2658

assert isinstance(session, Session)

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2659

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2660

def test_set_session_wrong_args(self):

2661

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2662

`Connection.set_session` raises `TypeError` if called with an object

2663

that is not an instance of `Session`.

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2664

"""

2665

ctx = Context(TLSv1_METHOD)

2666

connection = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2667

with pytest.raises(TypeError):

2668

connection.set_session(123)

2669

with pytest.raises(TypeError):

2670

connection.set_session("hello")

2671

with pytest.raises(TypeError):

2672

connection.set_session(object())

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2673

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2674

def test_client_set_session(self):

2675

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2676

`Connection.set_session`, when used prior to a connection being

2677

established, accepts a `Session` instance and causes an attempt to

2678

re-use the session it represents when the SSL handshake is performed.

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2679

"""

2680

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2681

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

Paul Kehrer

2019-01-21 12:24:02 -0600

[diff] [blame]

2682

ctx = Context(TLSv1_2_METHOD)

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2683

ctx.use_privatekey(key)

2684

ctx.use_certificate(cert)

2685

ctx.set_session_id("unity-test")

2686

2687

def makeServer(socket):

2688

server = Connection(ctx, socket)

2689

server.set_accept_state()

2690

return server

2691

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2692

originalServer, originalClient = loopback(server_factory=makeServer)

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2693

originalSession = originalClient.get_session()

2694

2695

def makeClient(socket):

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2696

client = loopback_client_factory(socket)

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2697

client.set_session(originalSession)

2698

return client

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2699

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2700

resumedServer, resumedClient = loopback(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2701

server_factory=makeServer, client_factory=makeClient

2702

)

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2703

2704

# This is a proxy: in general, we have no access to any unique

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2705

# identifier for the session (new enough versions of OpenSSL expose

2706

# a hash which could be usable, but "new enough" is very, very new).

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2707

# Instead, exploit the fact that the master key is re-used if the

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2708

# session is re-used. As long as the master key for the two

2709

# connections is the same, the session was re-used!

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2710

assert originalServer.master_key() == resumedServer.master_key()

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2711

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2712

def test_set_session_wrong_method(self):

2713

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2714

If `Connection.set_session` is passed a `Session` instance associated

2715

with a context using a different SSL method than the `Connection`

2716

is using, a `OpenSSL.SSL.Error` is raised.

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2717

"""

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2718

# Make this work on both OpenSSL 1.0.0, which doesn't support TLSv1.2

2719

# and also on OpenSSL 1.1.0 which doesn't support SSLv3. (SSL_ST_INIT

2720

# is a way to check for 1.1.0)

Alex Gaynor

aa32e71

2017-06-29 20:56:12 -0700

[diff] [blame]

2721

if SSL_ST_INIT is None:

2722

v1 = TLSv1_2_METHOD

2723

v2 = TLSv1_METHOD

2724

elif hasattr(_lib, "SSLv3_method"):

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2725

v1 = TLSv1_METHOD

2726

v2 = SSLv3_METHOD

2727

else:

Alex Gaynor

aa32e71

2017-06-29 20:56:12 -0700

[diff] [blame]

2728

pytest.skip("Test requires either OpenSSL 1.1.0 or SSLv3")

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2729

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2730

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2731

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2732

ctx = Context(v1)

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2733

ctx.use_privatekey(key)

2734

ctx.use_certificate(cert)

Paul Kehrer

2020-08-03 15:54:20 -0500

[diff] [blame]

2735

ctx.set_session_id(b"unity-test")

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2736

2737

def makeServer(socket):

2738

server = Connection(ctx, socket)

2739

server.set_accept_state()

2740

return server

2741

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2742

def makeOriginalClient(socket):

2743

client = Connection(Context(v1), socket)

2744

client.set_connect_state()

2745

return client

2746

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2747

originalServer, originalClient = loopback(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2748

server_factory=makeServer, client_factory=makeOriginalClient

2749

)

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2750

originalSession = originalClient.get_session()

2751

2752

def makeClient(socket):

2753

# Intentionally use a different, incompatible method here.

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2754

client = Connection(Context(v2), socket)

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2755

client.set_connect_state()

2756

client.set_session(originalSession)

2757

return client

2758

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2759

with pytest.raises(Error):

2760

loopback(client_factory=makeClient, server_factory=makeServer)

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2761

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2762

def test_wantWriteError(self):

2763

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2764

`Connection` methods which generate output raise

2765

`OpenSSL.SSL.WantWriteError` if writing to the connection's BIO

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2766

fail indicating a should-write state.

2767

"""

2768

client_socket, server_socket = socket_pair()

2769

# Fill up the client's send buffer so Connection won't be able to write

Jean-Paul Calderone

bbff8b9

2014-03-22 14:20:30 -0400

[diff] [blame]

2770

# anything. Only write a single byte at a time so we can be sure we

2771

# completely fill the buffer. Even though the socket API is allowed to

2772

# signal a short write via its return value it seems this doesn't

2773

# always happen on all platforms (FreeBSD and OS X particular) for the

2774

# very last bit of available buffer space.

2775

msg = b"x"

catern

b2777a4

2018-08-09 15:38:13 -0400

[diff] [blame]

2776

for i in range(1024 * 1024 * 64):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2777

try:

2778

client_socket.send(msg)

2779

except error as e:

2780

if e.errno == EWOULDBLOCK:

2781

break

2782

raise

2783

else:

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2784

pytest.fail(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2785

"Failed to fill socket buffer, cannot test BIO want write"

2786

)

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2787

2788

ctx = Context(TLSv1_METHOD)

2789

conn = Connection(ctx, client_socket)

2790

# Client's speak first, so make it an SSL client

2791

conn.set_connect_state()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2792

with pytest.raises(WantWriteError):

2793

conn.do_handshake()

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

# XXX want_read

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2797

def test_get_finished_before_connect(self):

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2798

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2799

`Connection.get_finished` returns `None` before TLS handshake

2800

is completed.

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2801

"""

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2802

ctx = Context(TLSv1_METHOD)

2803

connection = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2804

assert connection.get_finished() is None

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2805

2806

def test_get_peer_finished_before_connect(self):

2807

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2808

`Connection.get_peer_finished` returns `None` before TLS handshake

2809

is completed.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2810

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2811

ctx = Context(TLSv1_METHOD)

2812

connection = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2813

assert connection.get_peer_finished() is None

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2814

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2815

def test_get_finished(self):

2816

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2817

`Connection.get_finished` method returns the TLS Finished message send

2818

from client, or server. Finished messages are send during

Jean-Paul Calderone

5b05b48

2014-03-30 11:28:54 -0400

[diff] [blame]

2819

TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2820

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2821

server, client = loopback()

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2822

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2823

assert server.get_finished() is not None

2824

assert len(server.get_finished()) > 0

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2825

2826

def test_get_peer_finished(self):

2827

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2828

`Connection.get_peer_finished` method returns the TLS Finished

Jean-Paul Calderone

5b05b48

2014-03-30 11:28:54 -0400

[diff] [blame]

2829

message received from client, or server. Finished messages are send

2830

during TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2831

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2832

server, client = loopback()

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2833

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2834

assert server.get_peer_finished() is not None

2835

assert len(server.get_peer_finished()) > 0

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2836

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2837

def test_tls_finished_message_symmetry(self):

2838

"""

Hynek Schlawack

dddd111

2015-09-05 21:12:30 +0200

[diff] [blame]

2839

The TLS Finished message send by server must be the TLS Finished

2840

message received by client.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2841

Hynek Schlawack

dddd111

2015-09-05 21:12:30 +0200

[diff] [blame]

2842

The TLS Finished message send by client must be the TLS Finished

2843

message received by server.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2844

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2845

server, client = loopback()

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2846

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2847

assert server.get_finished() == client.get_peer_finished()

2848

assert client.get_finished() == server.get_peer_finished()

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2849

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2850

def test_get_cipher_name_before_connect(self):

2851

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2852

`Connection.get_cipher_name` returns `None` if no connection

2853

has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2854

"""

2855

ctx = Context(TLSv1_METHOD)

2856

conn = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2857

assert conn.get_cipher_name() is None

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2858

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2859

def test_get_cipher_name(self):

2860

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2861

`Connection.get_cipher_name` returns a `unicode` string giving the

2862

name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2863

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2864

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2865

server_cipher_name, client_cipher_name = (

2866

server.get_cipher_name(),

2867

client.get_cipher_name(),

2868

)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2869

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2870

assert isinstance(server_cipher_name, text_type)

2871

assert isinstance(client_cipher_name, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2872

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2873

assert server_cipher_name == client_cipher_name

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2874

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2875

def test_get_cipher_version_before_connect(self):

2876

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2877

`Connection.get_cipher_version` returns `None` if no connection

2878

has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2879

"""

2880

ctx = Context(TLSv1_METHOD)

2881

conn = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2882

assert conn.get_cipher_version() is None

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2883

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2884

def test_get_cipher_version(self):

2885

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2886

`Connection.get_cipher_version` returns a `unicode` string giving

2887

the protocol name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2888

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2889

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2890

server_cipher_version, client_cipher_version = (

2891

server.get_cipher_version(),

2892

client.get_cipher_version(),

2893

)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2894

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2895

assert isinstance(server_cipher_version, text_type)

2896

assert isinstance(client_cipher_version, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2897

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2898

assert server_cipher_version == client_cipher_version

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2899

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2900

def test_get_cipher_bits_before_connect(self):

2901

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2902

`Connection.get_cipher_bits` returns `None` if no connection has

2903

been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2904

"""

2905

ctx = Context(TLSv1_METHOD)

2906

conn = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2907

assert conn.get_cipher_bits() is None

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2908

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2909

def test_get_cipher_bits(self):

2910

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2911

`Connection.get_cipher_bits` returns the number of secret bits

Jean-Paul Calderone

5b05b48

2014-03-30 11:28:54 -0400

[diff] [blame]

2912

of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2913

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2914

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2915

server_cipher_bits, client_cipher_bits = (

2916

server.get_cipher_bits(),

2917

client.get_cipher_bits(),

2918

)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2919

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2920

assert isinstance(server_cipher_bits, int)

2921

assert isinstance(client_cipher_bits, int)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2922

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2923

assert server_cipher_bits == client_cipher_bits

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2924

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2925

def test_get_protocol_version_name(self):

2926

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2927

`Connection.get_protocol_version_name()` returns a string giving the

2928

protocol version of the current connection.

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2929

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2930

server, client = loopback()

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2931

client_protocol_version_name = client.get_protocol_version_name()

2932

server_protocol_version_name = server.get_protocol_version_name()

2933

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2934

assert isinstance(server_protocol_version_name, text_type)

2935

assert isinstance(client_protocol_version_name, text_type)

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2936

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2937

assert server_protocol_version_name == client_protocol_version_name

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2938

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2939

def test_get_protocol_version(self):

2940

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2941

`Connection.get_protocol_version()` returns an integer

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2942

giving the protocol version of the current connection.

2943

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2944

server, client = loopback()

Jim Shaver

85a4dff

2015-04-27 17:42:46 -0400

[diff] [blame]

2945

client_protocol_version = client.get_protocol_version()

2946

server_protocol_version = server.get_protocol_version()

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2947

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2948

assert isinstance(server_protocol_version, int)

2949

assert isinstance(client_protocol_version, int)

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2950

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2951

assert server_protocol_version == client_protocol_version

2952

2953

def test_wantReadError(self):

2954

"""

2955

`Connection.bio_read` raises `OpenSSL.SSL.WantReadError` if there are

2956

no bytes available to be read from the BIO.

2957

"""

2958

ctx = Context(TLSv1_METHOD)

2959

conn = Connection(ctx, None)

2960

with pytest.raises(WantReadError):

2961

conn.bio_read(1024)

2962

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2963

@pytest.mark.parametrize("bufsize", [1.0, None, object(), "bufsize"])

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

2964

def test_bio_read_wrong_args(self, bufsize):

2965

"""

2966

`Connection.bio_read` raises `TypeError` if passed a non-integer

2967

argument.

2968

"""

2969

ctx = Context(TLSv1_METHOD)

2970

conn = Connection(ctx, None)

2971

with pytest.raises(TypeError):

2972

conn.bio_read(bufsize)

2973

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2974

def test_buffer_size(self):

2975

"""

2976

`Connection.bio_read` accepts an integer giving the maximum number

2977

of bytes to read and return.

2978

"""

2979

ctx = Context(TLSv1_METHOD)

2980

conn = Connection(ctx, None)

2981

conn.set_connect_state()

2982

try:

2983

conn.do_handshake()

2984

except WantReadError:

2985

pass

2986

data = conn.bio_read(2)

2987

assert 2 == len(data)

2988

Jean-Paul Calderone

dbd7627

2014-03-29 18:09:40 -0400

[diff] [blame]

2989

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2990

class TestConnectionGetCipherList(object):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2991

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2992

Tests for `Connection.get_cipher_list`.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2993

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2994

Jean-Paul Calderone

2010-07-28 19:14:16 -0400

[diff] [blame]

2995

def test_result(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2996

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2997

`Connection.get_cipher_list` returns a list of `bytes` giving the

2998

names of the ciphers which might be used.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2999

"""

Jean-Paul Calderone

2010-07-28 19:14:16 -0400

[diff] [blame]

3000

connection = Connection(Context(TLSv1_METHOD), None)

3001

ciphers = connection.get_cipher_list()

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3002

assert isinstance(ciphers, list)

Jean-Paul Calderone

2010-07-28 19:14:16 -0400

[diff] [blame]

3003

for cipher in ciphers:

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3004

assert isinstance(cipher, str)

Jean-Paul Calderone

2010-07-28 19:14:16 -0400

[diff] [blame]

3005

3006

Maximilian Hils

2017-02-10 14:56:55 +0100

[diff] [blame]

3007

class VeryLarge(bytes):

3008

"""

3009

Mock object so that we don't have to allocate 2**31 bytes

3010

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3011

Maximilian Hils

2017-02-10 14:56:55 +0100

[diff] [blame]

3012

def __len__(self):

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3013

return 2 ** 31

Maximilian Hils

2017-02-10 14:56:55 +0100

[diff] [blame]

3014

3015

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3016

class TestConnectionSend(object):

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

3017

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3018

Tests for `Connection.send`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

3019

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3020

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

3021

def test_wrong_args(self):

3022

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3023

When called with arguments other than string argument for its first

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3024

parameter, `Connection.send` raises `TypeError`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

3025

"""

3026

connection = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3027

with pytest.raises(TypeError):

3028

connection.send(object())

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

3029

with pytest.raises(TypeError):

3030

connection.send([1, 2, 3])

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

3031

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

3032

def test_short_bytes(self):

3033

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3034

When passed a short byte string, `Connection.send` transmits all of it

3035

and returns the number of bytes sent.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

3036

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3037

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3038

count = server.send(b"xy")

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3039

assert count == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3040

assert client.recv(2) == b"xy"

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

3041

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3042

def test_text(self):

3043

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3044

When passed a text, `Connection.send` transmits all of it and

Jean-Paul Calderone

6462b07

2015-03-29 07:03:11 -0400

[diff] [blame]

3045

returns the number of bytes sent. It also raises a DeprecationWarning.

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3046

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3047

server, client = loopback()

3048

with pytest.warns(DeprecationWarning) as w:

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3049

simplefilter("always")

Jean-Paul Calderone

13a0e65

2015-03-29 07:58:51 -0400

[diff] [blame]

3050

count = server.send(b"xy".decode("ascii"))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3051

assert "{0} for buf is no longer accepted, use bytes".format(

3052

WARNING_TYPE_EXPECTED

3053

) == str(w[-1].message)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3054

assert count == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3055

assert client.recv(2) == b"xy"

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3056

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3057

def test_short_memoryview(self):

3058

"""

3059

When passed a memoryview onto a small number of bytes,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3060

`Connection.send` transmits all of them and returns the number

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3061

of bytes sent.

3062

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3063

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3064

count = server.send(memoryview(b"xy"))

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3065

assert count == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3066

assert client.recv(2) == b"xy"

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

3067

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

3068

def test_short_bytearray(self):

3069

"""

3070

When passed a short bytearray, `Connection.send` transmits all of

3071

it and returns the number of bytes sent.

3072

"""

3073

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3074

count = server.send(bytearray(b"xy"))

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

3075

assert count == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3076

assert client.recv(2) == b"xy"

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

3077

Hynek Schlawack

8e94f1b

2015-09-05 21:31:00 +0200

[diff] [blame]

3078

@skip_if_py3

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3079

def test_short_buffer(self):

3080

"""

3081

When passed a buffer containing a small number of bytes,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3082

`Connection.send` transmits all of them and returns the number

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3083

of bytes sent.

3084

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3085

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3086

count = server.send(buffer(b"xy")) # noqa: F821

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3087

assert count == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3088

assert client.recv(2) == b"xy"

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

3089

Maximilian Hils

2017-02-10 14:56:55 +0100

[diff] [blame]

3090

@pytest.mark.skipif(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3091

sys.maxsize < 2 ** 31,

3092

reason="sys.maxsize < 2**31 - test requires 64 bit",

Maximilian Hils

2017-02-10 14:56:55 +0100

[diff] [blame]

3093

)

3094

def test_buf_too_large(self):

3095

"""

3096

When passed a buffer containing >= 2**31 bytes,

3097

`Connection.send` bails out as SSL_write only

3098

accepts an int for the buffer length.

3099

"""

3100

connection = Connection(Context(TLSv1_METHOD), None)

3101

with pytest.raises(ValueError) as exc_info:

3102

connection.send(VeryLarge())

3103

exc_info.match(r"Cannot send more than .+ bytes at once")

3104

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

3105

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3106

def _make_memoryview(size):

3107

"""

3108

Create a new ``memoryview`` wrapped around a ``bytearray`` of the given

3109

size.

3110

"""

3111

return memoryview(bytearray(size))

3112

3113

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3114

class TestConnectionRecvInto(object):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3115

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3116

Tests for `Connection.recv_into`.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3117

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3118

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3119

def _no_length_test(self, factory):

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

3120

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3121

Assert that when the given buffer is passed to `Connection.recv_into`,

3122

whatever bytes are available to be received that fit into that buffer

3123

are written into that buffer.

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

3124

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3125

output_buffer = factory(5)

3126

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3127

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3128

server.send(b"xy")

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

3129

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3130

assert client.recv_into(output_buffer) == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3131

assert output_buffer == bytearray(b"xy\x00\x00\x00")

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

3132

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

3133

def test_bytearray_no_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3134

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3135

`Connection.recv_into` can be passed a `bytearray` instance and data

3136

in the receive buffer is written to it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3137

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3138

self._no_length_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3139

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3140

def _respects_length_test(self, factory):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3141

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3142

Assert that when the given buffer is passed to `Connection.recv_into`

3143

along with a value for `nbytes` that is less than the size of that

3144

buffer, only `nbytes` bytes are written into the buffer.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3145

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3146

output_buffer = factory(10)

3147

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3148

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3149

server.send(b"abcdefghij")

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3150

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3151

assert client.recv_into(output_buffer, 5) == 5

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3152

assert output_buffer == bytearray(b"abcde\x00\x00\x00\x00\x00")

Jean-Paul Calderone

c295a2f

2015-03-15 17:11:18 -0400

[diff] [blame]

3153

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

3154

def test_bytearray_respects_length(self):

Jean-Paul Calderone

c295a2f

2015-03-15 17:11:18 -0400

[diff] [blame]

3155

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3156

When called with a `bytearray` instance, `Connection.recv_into`

3157

respects the `nbytes` parameter and doesn't copy in more than that

3158

number of bytes.

Jean-Paul Calderone

c295a2f

2015-03-15 17:11:18 -0400

[diff] [blame]

3159

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3160

self._respects_length_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3161

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3162

def _doesnt_overfill_test(self, factory):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3163

"""

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

3164

Assert that if there are more bytes available to be read from the

3165

receive buffer than would fit into the buffer passed to

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3166

`Connection.recv_into`, only as many as fit are written into it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3167

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3168

output_buffer = factory(5)

3169

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3170

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3171

server.send(b"abcdefghij")

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3172

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3173

assert client.recv_into(output_buffer) == 5

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3174

assert output_buffer == bytearray(b"abcde")

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

3175

rest = client.recv(5)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3176

assert b"fghij" == rest

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

3177

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

3178

def test_bytearray_doesnt_overfill(self):

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

3179

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3180

When called with a `bytearray` instance, `Connection.recv_into`

3181

respects the size of the array and doesn't write more bytes into it

3182

than will fit.

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

3183

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3184

self._doesnt_overfill_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3185

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

3186

def test_bytearray_really_doesnt_overfill(self):

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

3187

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3188

When called with a `bytearray` instance and an `nbytes` value that is

3189

too large, `Connection.recv_into` respects the size of the array and

3190

not the `nbytes` value and doesn't write more bytes into the buffer

3191

than will fit.

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

3192

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3193

self._doesnt_overfill_test(bytearray)

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

3194

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

3195

def test_peek(self):

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3196

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3197

server.send(b"xy")

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

3198

3199

for _ in range(2):

3200

output_buffer = bytearray(5)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3201

assert client.recv_into(output_buffer, flags=MSG_PEEK) == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3202

assert output_buffer == bytearray(b"xy\x00\x00\x00")

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

3203

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3204

def test_memoryview_no_length(self):

3205

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3206

`Connection.recv_into` can be passed a `memoryview` instance and data

3207

in the receive buffer is written to it.

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3208

"""

3209

self._no_length_test(_make_memoryview)

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

3210

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3211

def test_memoryview_respects_length(self):

3212

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3213

When called with a `memoryview` instance, `Connection.recv_into`

3214

respects the ``nbytes`` parameter and doesn't copy more than that

3215

number of bytes in.

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3216

"""

3217

self._respects_length_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3218

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3219

def test_memoryview_doesnt_overfill(self):

3220

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3221

When called with a `memoryview` instance, `Connection.recv_into`

3222

respects the size of the array and doesn't write more bytes into it

3223

than will fit.

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3224

"""

3225

self._doesnt_overfill_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3226

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3227

def test_memoryview_really_doesnt_overfill(self):

3228

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3229

When called with a `memoryview` instance and an `nbytes` value that is

3230

too large, `Connection.recv_into` respects the size of the array and

3231

not the `nbytes` value and doesn't write more bytes into the buffer

3232

than will fit.

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3233

"""

3234

self._doesnt_overfill_test(_make_memoryview)

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

3235

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3236

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3237

class TestConnectionSendall(object):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3238

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3239

Tests for `Connection.sendall`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3240

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3241

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3242

def test_wrong_args(self):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3243

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3244

When called with arguments other than a string argument for its first

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3245

parameter, `Connection.sendall` raises `TypeError`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3246

"""

3247

connection = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3248

with pytest.raises(TypeError):

3249

connection.sendall(object())

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

3250

with pytest.raises(TypeError):

3251

connection.sendall([1, 2, 3])

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3252

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3253

def test_short(self):

3254

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3255

`Connection.sendall` transmits all of the bytes in the string

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

3256

passed to it.

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3257

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3258

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3259

server.sendall(b"x")

3260

assert client.recv(1) == b"x"

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3261

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3262

def test_text(self):

3263

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3264

`Connection.sendall` transmits all the content in the string passed

3265

to it, raising a DeprecationWarning in case of this being a text.

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3266

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3267

server, client = loopback()

3268

with pytest.warns(DeprecationWarning) as w:

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3269

simplefilter("always")

Jean-Paul Calderone

8dc37a1

2015-03-29 08:16:52 -0400

[diff] [blame]

3270

server.sendall(b"x".decode("ascii"))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3271

assert "{0} for buf is no longer accepted, use bytes".format(

3272

WARNING_TYPE_EXPECTED

3273

) == str(w[-1].message)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3274

assert client.recv(1) == b"x"

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3275

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

3276

def test_short_memoryview(self):

3277

"""

3278

When passed a memoryview onto a small number of bytes,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3279

`Connection.sendall` transmits all of them.

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

3280

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3281

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3282

server.sendall(memoryview(b"x"))

3283

assert client.recv(1) == b"x"

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3284

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

3285

@skip_if_py3

3286

def test_short_buffers(self):

3287

"""

3288

When passed a buffer containing a small number of bytes,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3289

`Connection.sendall` transmits all of them.

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

3290

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3291

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3292

count = server.sendall(buffer(b"xy")) # noqa: F821

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

3293

assert count == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3294

assert client.recv(2) == b"xy"

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

3295

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3296

def test_long(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3297

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3298

`Connection.sendall` transmits all the bytes in the string passed to it

3299

even if this requires multiple calls of an underlying write function.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3300

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3301

server, client = loopback()

Jean-Paul Calderone

6241c70

2010-09-16 19:59:24 -0400

[diff] [blame]

3302

# Should be enough, underlying SSL_write should only do 16k at a time.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3303

# On Windows, after 32k of bytes the write will block (forever

3304

# - because no one is yet reading).

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3305

message = b"x" * (1024 * 32 - 1) + b"y"

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3306

server.sendall(message)

3307

accum = []

3308

received = 0

3309

while received < len(message):

Jean-Paul Calderone

b1f7f5f

2010-08-22 21:40:52 -0400

[diff] [blame]

3310

data = client.recv(1024)

3311

accum.append(data)

3312

received += len(data)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3313

assert message == b"".join(accum)

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3314

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

3315

def test_closed(self):

3316

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3317

If the underlying socket is closed, `Connection.sendall` propagates the

3318

write error from the low level write call.

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

3319

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3320

server, client = loopback()

Jean-Paul Calderone

05d43e8

2010-09-24 18:01:36 -0400

[diff] [blame]

3321

server.sock_shutdown(2)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3322

with pytest.raises(SysCallError) as err:

3323

server.sendall(b"hello, world")

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

3324

if platform == "win32":

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3325

assert err.value.args[0] == ESHUTDOWN

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

3326

else:

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3327

assert err.value.args[0] == EPIPE

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

3328

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3329

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3330

class TestConnectionRenegotiate(object):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3331

"""

3332

Tests for SSL renegotiation APIs.

3333

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3334

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

3335

def test_total_renegotiations(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3336

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3337

`Connection.total_renegotiations` returns `0` before any renegotiations

3338

have happened.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3339

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

3340

connection = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3341

assert connection.total_renegotiations() == 0

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

3342

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

3343

def test_renegotiate(self):

3344

"""

3345

Go through a complete renegotiation cycle.

3346

"""

Paul Kehrer

2019-01-21 12:24:02 -0600

[diff] [blame]

3347

server, client = loopback(

3348

lambda s: loopback_server_factory(s, TLSv1_2_METHOD),

3349

lambda s: loopback_client_factory(s, TLSv1_2_METHOD),

3350

)

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3351

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

3352

server.send(b"hello world")

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3353

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

3354

assert b"hello world" == client.recv(len(b"hello world"))

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3355

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

3356

assert 0 == server.total_renegotiations()

3357

assert False is server.renegotiate_pending()

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3358

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

3359

assert True is server.renegotiate()

3360

3361

assert True is server.renegotiate_pending()

3362

3363

server.setblocking(False)

3364

client.setblocking(False)

3365

3366

client.do_handshake()

3367

server.do_handshake()

3368

3369

assert 1 == server.total_renegotiations()

3370

while False is server.renegotiate_pending():

3371

pass

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3372

3373

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3374

class TestError(object):

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3375

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3376

Unit tests for `OpenSSL.SSL.Error`.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3377

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3378

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3379

def test_type(self):

3380

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3381

`Error` is an exception type.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3382

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3383

assert issubclass(Error, Exception)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3384

assert Error.__name__ == "Error"

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

3385

3386

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3387

class TestConstants(object):

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3388

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3389

Tests for the values of constants exposed in `OpenSSL.SSL`.

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3390

3391

These are values defined by OpenSSL intended only to be used as flags to

3392

OpenSSL APIs. The only assertions it seems can be made about them is

3393

their values.

3394

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3395

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3396

@pytest.mark.skipif(

3397

OP_NO_QUERY_MTU is None,

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3398

reason="OP_NO_QUERY_MTU unavailable - OpenSSL version may be too old",

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3399

)

3400

def test_op_no_query_mtu(self):

3401

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3402

The value of `OpenSSL.SSL.OP_NO_QUERY_MTU` is 0x1000, the value

3403

of `SSL_OP_NO_QUERY_MTU` defined by `openssl/ssl.h`.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3404

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3405

assert OP_NO_QUERY_MTU == 0x1000

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3406

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3407

@pytest.mark.skipif(

3408

OP_COOKIE_EXCHANGE is None,

3409

reason="OP_COOKIE_EXCHANGE unavailable - "

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3410

"OpenSSL version may be too old",

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3411

)

3412

def test_op_cookie_exchange(self):

3413

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3414

The value of `OpenSSL.SSL.OP_COOKIE_EXCHANGE` is 0x2000, the

3415

value of `SSL_OP_COOKIE_EXCHANGE` defined by `openssl/ssl.h`.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3416

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3417

assert OP_COOKIE_EXCHANGE == 0x2000

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3418

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3419

@pytest.mark.skipif(

3420

OP_NO_TICKET is None,

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3421

reason="OP_NO_TICKET unavailable - OpenSSL version may be too old",

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3422

)

3423

def test_op_no_ticket(self):

3424

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3425

The value of `OpenSSL.SSL.OP_NO_TICKET` is 0x4000, the value of

3426

`SSL_OP_NO_TICKET` defined by `openssl/ssl.h`.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3427

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3428

assert OP_NO_TICKET == 0x4000

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3429

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3430

@pytest.mark.skipif(

3431

OP_NO_COMPRESSION is None,

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3432

reason=(

3433

"OP_NO_COMPRESSION unavailable - OpenSSL version may be too old"

3434

),

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3435

)

3436

def test_op_no_compression(self):

3437

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3438

The value of `OpenSSL.SSL.OP_NO_COMPRESSION` is 0x20000, the

3439

value of `SSL_OP_NO_COMPRESSION` defined by `openssl/ssl.h`.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3440

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3441

assert OP_NO_COMPRESSION == 0x20000

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

3442

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3443

def test_sess_cache_off(self):

3444

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3445

The value of `OpenSSL.SSL.SESS_CACHE_OFF` 0x0, the value of

3446

`SSL_SESS_CACHE_OFF` defined by `openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3447

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3448

assert 0x0 == SESS_CACHE_OFF

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3449

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3450

def test_sess_cache_client(self):

3451

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3452

The value of `OpenSSL.SSL.SESS_CACHE_CLIENT` 0x1, the value of

3453

`SSL_SESS_CACHE_CLIENT` defined by `openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3454

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3455

assert 0x1 == SESS_CACHE_CLIENT

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3456

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3457

def test_sess_cache_server(self):

3458

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3459

The value of `OpenSSL.SSL.SESS_CACHE_SERVER` 0x2, the value of

3460

`SSL_SESS_CACHE_SERVER` defined by `openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3461

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3462

assert 0x2 == SESS_CACHE_SERVER

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3463

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3464

def test_sess_cache_both(self):

3465

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3466

The value of `OpenSSL.SSL.SESS_CACHE_BOTH` 0x3, the value of

3467

`SSL_SESS_CACHE_BOTH` defined by `openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3468

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3469

assert 0x3 == SESS_CACHE_BOTH

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3470

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3471

def test_sess_cache_no_auto_clear(self):

3472

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3473

The value of `OpenSSL.SSL.SESS_CACHE_NO_AUTO_CLEAR` 0x80, the

3474

value of `SSL_SESS_CACHE_NO_AUTO_CLEAR` defined by

3475

`openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3476

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3477

assert 0x80 == SESS_CACHE_NO_AUTO_CLEAR

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3478

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3479

def test_sess_cache_no_internal_lookup(self):

3480

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3481

The value of `OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_LOOKUP` 0x100,

3482

the value of `SSL_SESS_CACHE_NO_INTERNAL_LOOKUP` defined by

3483

`openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3484

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3485

assert 0x100 == SESS_CACHE_NO_INTERNAL_LOOKUP

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3486

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3487

def test_sess_cache_no_internal_store(self):

3488

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3489

The value of `OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_STORE` 0x200,

3490

the value of `SSL_SESS_CACHE_NO_INTERNAL_STORE` defined by

3491

`openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3492

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3493

assert 0x200 == SESS_CACHE_NO_INTERNAL_STORE

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3494

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3495

def test_sess_cache_no_internal(self):

3496

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3497

The value of `OpenSSL.SSL.SESS_CACHE_NO_INTERNAL` 0x300, the

3498

value of `SSL_SESS_CACHE_NO_INTERNAL` defined by

3499

`openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3500

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3501

assert 0x300 == SESS_CACHE_NO_INTERNAL

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3502

3503

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3504

class TestMemoryBIO(object):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3505

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3506

Tests for `OpenSSL.SSL.Connection` using a memory BIO.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3507

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3508

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3509

def _server(self, sock):

3510

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3511

Create a new server-side SSL `Connection` object wrapped around `sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3512

"""

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3513

# Create the server side Connection. This is mostly setup boilerplate

3514

# - use TLSv1, use a particular certificate, etc.

3515

server_ctx = Context(TLSv1_METHOD)

Alex Gaynor

4330778

2015-09-04 09:05:45 -0400

[diff] [blame]

3516

server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE)

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3517

server_ctx.set_verify(

3518

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT | VERIFY_CLIENT_ONCE,

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3519

verify_cb,

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3520

)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3521

server_store = server_ctx.get_cert_store()

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3522

server_ctx.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3523

load_privatekey(FILETYPE_PEM, server_key_pem)

3524

)

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3525

server_ctx.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3526

load_certificate(FILETYPE_PEM, server_cert_pem)

3527

)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3528

server_ctx.check_privatekey()

3529

server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3530

# Here the Connection is actually created. If None is passed as the

3531

# 2nd parameter, it indicates a memory BIO should be created.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3532

server_conn = Connection(server_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3533

server_conn.set_accept_state()

3534

return server_conn

3535

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3536

def _client(self, sock):

3537

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3538

Create a new client-side SSL `Connection` object wrapped around `sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3539

"""

3540

# Now create the client side Connection. Similar boilerplate to the

3541

# above.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3542

client_ctx = Context(TLSv1_METHOD)

Alex Gaynor

4330778

2015-09-04 09:05:45 -0400

[diff] [blame]

3543

client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE)

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3544

client_ctx.set_verify(

3545

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT | VERIFY_CLIENT_ONCE,

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3546

verify_cb,

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3547

)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3548

client_store = client_ctx.get_cert_store()

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3549

client_ctx.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3550

load_privatekey(FILETYPE_PEM, client_key_pem)

3551

)

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3552

client_ctx.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3553

load_certificate(FILETYPE_PEM, client_cert_pem)

3554

)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3555

client_ctx.check_privatekey()

3556

client_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3557

client_conn = Connection(client_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3558

client_conn.set_connect_state()

3559

return client_conn

3560

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3561

def test_memory_connect(self):

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3562

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3563

Two `Connection`s which use memory BIOs can be manually connected by

3564

reading from the output of each and writing those bytes to the input of

3565

the other and in this way establish a connection and exchange

3566

application-level bytes with each other.

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3567

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3568

server_conn = self._server(None)

3569

client_conn = self._client(None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3570

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3571

# There should be no key or nonces yet.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3572

assert server_conn.master_key() is None

3573

assert server_conn.client_random() is None

3574

assert server_conn.server_random() is None

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3575

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3576

# First, the handshake needs to happen. We'll deliver bytes back and

3577

# forth between the client and server until neither of them feels like

3578

# speaking any more.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3579

assert interact_in_memory(client_conn, server_conn) is None

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3580

3581

# Now that the handshake is done, there should be a key and nonces.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3582

assert server_conn.master_key() is not None

3583

assert server_conn.client_random() is not None

3584

assert server_conn.server_random() is not None

3585

assert server_conn.client_random() == client_conn.client_random()

3586

assert server_conn.server_random() == client_conn.server_random()

3587

assert server_conn.client_random() != server_conn.server_random()

3588

assert client_conn.client_random() != client_conn.server_random()

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3589

Paul Kehrer

2017-12-01 04:54:32 +0800

[diff] [blame]

3590

# Export key material for other uses.

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3591

cekm = client_conn.export_keying_material(b"LABEL", 32)

3592

sekm = server_conn.export_keying_material(b"LABEL", 32)

Paul Kehrer

2017-12-01 04:54:32 +0800

[diff] [blame]

3593

assert cekm is not None

3594

assert sekm is not None

3595

assert cekm == sekm

3596

assert len(sekm) == 32

3597

3598

# Export key material for other uses with additional context.

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3599

cekmc = client_conn.export_keying_material(b"LABEL", 32, b"CONTEXT")

3600

sekmc = server_conn.export_keying_material(b"LABEL", 32, b"CONTEXT")

Paul Kehrer

2017-12-01 04:54:32 +0800

[diff] [blame]

3601

assert cekmc is not None

3602

assert sekmc is not None

3603

assert cekmc == sekmc

3604

assert cekmc != cekm

3605

assert sekmc != sekm

3606

# Export with alternate label

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3607

cekmt = client_conn.export_keying_material(b"test", 32, b"CONTEXT")

3608

sekmt = server_conn.export_keying_material(b"test", 32, b"CONTEXT")

Paul Kehrer

2017-12-01 04:54:32 +0800

[diff] [blame]

3609

assert cekmc != cekmt

3610

assert sekmc != sekmt

3611

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3612

# Here are the bytes we'll try to send.

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3613

important_message = b"One if by land, two if by sea."

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3614

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3615

server_conn.write(important_message)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3616

assert interact_in_memory(client_conn, server_conn) == (

3617

client_conn,

3618

important_message,

3619

)

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3620

3621

client_conn.write(important_message[::-1])

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3622

assert interact_in_memory(client_conn, server_conn) == (

3623

server_conn,

3624

important_message[::-1],

3625

)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3626

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3627

def test_socket_connect(self):

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3628

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3629

Just like `test_memory_connect` but with an actual socket.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3630

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3631

This is primarily to rule out the memory BIO code as the source of any

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3632

problems encountered while passing data over a `Connection` (if

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3633

this test fails, there must be a problem outside the memory BIO code,

3634

as no memory BIO is involved here). Even though this isn't a memory

3635

BIO test, it's convenient to have it here.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3636

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3637

server_conn, client_conn = loopback()

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3638

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

3639

important_message = b"Help me Obi Wan Kenobi, you're my only hope."

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3640

client_conn.send(important_message)

3641

msg = server_conn.recv(1024)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3642

assert msg == important_message

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3643

3644

# Again in the other direction, just for fun.

3645

important_message = important_message[::-1]

3646

server_conn.send(important_message)

3647

msg = client_conn.recv(1024)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3648

assert msg == important_message

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3649

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3650

def test_socket_overrides_memory(self):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3651

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3652

Test that `OpenSSL.SSL.bio_read` and `OpenSSL.SSL.bio_write` don't

3653

work on `OpenSSL.SSL.Connection`() that use sockets.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3654

"""

Alex Gaynor

51d424c

2016-09-10 14:50:11 -0400

[diff] [blame]

3655

context = Context(TLSv1_METHOD)

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

3656

client = socket_any_family()

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3657

clientSSL = Connection(context, client)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3658

with pytest.raises(TypeError):

3659

clientSSL.bio_read(100)

3660

with pytest.raises(TypeError):

Paul Kehrer

2020-08-03 15:54:20 -0500

[diff] [blame]

3661

clientSSL.bio_write(b"foo")

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3662

with pytest.raises(TypeError):

3663

clientSSL.bio_shutdown()

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3664

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3665

def test_outgoing_overflow(self):

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3666

"""

3667

If more bytes than can be written to the memory BIO are passed to

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3668

`Connection.send` at once, the number of bytes which were written is

3669

returned and that many bytes from the beginning of the input can be

3670

read from the other end of the connection.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3671

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3672

server = self._server(None)

3673

client = self._client(None)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3674

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3675

interact_in_memory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3676

3677

size = 2 ** 15

Jean-Paul Calderone

4f0467a

2014-01-11 11:58:41 -0500

[diff] [blame]

3678

sent = client.send(b"x" * size)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3679

# Sanity check. We're trying to test what happens when the entire

3680

# input can't be sent. If the entire input was sent, this test is

3681

# meaningless.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3682

assert sent < size

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3683

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3684

receiver, received = interact_in_memory(client, server)

3685

assert receiver is server

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3686

3687

# We can rely on all of these bytes being received at once because

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3688

# loopback passes 2 ** 16 to recv - more than 2 ** 15.

3689

assert len(received) == sent

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3690

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3691

def test_shutdown(self):

3692

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3693

`Connection.bio_shutdown` signals the end of the data stream

3694

from which the `Connection` reads.

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3695

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3696

server = self._server(None)

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3697

server.bio_shutdown()

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3698

with pytest.raises(Error) as err:

3699

server.recv(1024)

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3700

# We don't want WantReadError or ZeroReturnError or anything - it's a

3701

# handshake failure.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3702

assert type(err.value) in [Error, SysCallError]

Jean-Paul Calderone

0b88b6a

2009-07-05 12:44:41 -0400

[diff] [blame]

3703

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3704

def test_unexpected_EOF(self):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3705

"""

3706

If the connection is lost before an orderly SSL shutdown occurs,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3707

`OpenSSL.SSL.SysCallError` is raised with a message of

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3708

"Unexpected EOF".

3709

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3710

server_conn, client_conn = loopback()

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3711

client_conn.sock_shutdown(SHUT_RDWR)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3712

with pytest.raises(SysCallError) as err:

3713

server_conn.recv(1024)

3714

assert err.value.args == (-1, "Unexpected EOF")

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3715

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3716

def _check_client_ca_list(self, func):

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3717

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3718

Verify the return value of the `get_client_ca_list` method for

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3719

server and client connections.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3720

Jonathan Ballet

78b92a2

2011-07-16 08:07:26 +0900

[diff] [blame]

3721

:param func: A function which will be called with the server context

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3722

before the client and server are connected to each other. This

3723

function should specify a list of CAs for the server to send to the

3724

client and return that same list. The list will be used to verify

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3725

that `get_client_ca_list` returns the proper value at

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3726

various times.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3727

"""

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3728

server = self._server(None)

3729

client = self._client(None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3730

assert client.get_client_ca_list() == []

3731

assert server.get_client_ca_list() == []

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3732

ctx = server.get_context()

3733

expected = func(ctx)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3734

assert client.get_client_ca_list() == []

3735

assert server.get_client_ca_list() == expected

3736

interact_in_memory(client, server)

3737

assert client.get_client_ca_list() == expected

3738

assert server.get_client_ca_list() == expected

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3739

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3740

def test_set_client_ca_list_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3741

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3742

`Context.set_client_ca_list` raises a `TypeError` if called with a

3743

non-list or a list that contains objects other than X509Names.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3744

"""

3745

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3746

with pytest.raises(TypeError):

3747

ctx.set_client_ca_list("spam")

3748

with pytest.raises(TypeError):

3749

ctx.set_client_ca_list(["spam"])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3750

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3751

def test_set_empty_ca_list(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3752

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3753

If passed an empty list, `Context.set_client_ca_list` configures the

3754

context to send no CA names to the client and, on both the server and

3755

client sides, `Connection.get_client_ca_list` returns an empty list

3756

after the connection is set up.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3757

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3758

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3759

def no_ca(ctx):

3760

ctx.set_client_ca_list([])

3761

return []

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3762

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3763

self._check_client_ca_list(no_ca)

3764

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3765

def test_set_one_ca_list(self):

3766

"""

3767

If passed a list containing a single X509Name,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3768

`Context.set_client_ca_list` configures the context to send

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3769

that CA name to the client and, on both the server and client sides,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3770

`Connection.get_client_ca_list` returns a list containing that

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3771

X509Name after the connection is set up.

3772

"""

3773

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3774

cadesc = cacert.get_subject()

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3775

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3776

def single_ca(ctx):

3777

ctx.set_client_ca_list([cadesc])

3778

return [cadesc]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3779

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3780

self._check_client_ca_list(single_ca)

3781

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3782

def test_set_multiple_ca_list(self):

3783

"""

3784

If passed a list containing multiple X509Name objects,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3785

`Context.set_client_ca_list` configures the context to send

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3786

those CA names to the client and, on both the server and client sides,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3787

`Connection.get_client_ca_list` returns a list containing those

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3788

X509Names after the connection is set up.

3789

"""

3790

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3791

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3792

3793

sedesc = secert.get_subject()

3794

cldesc = clcert.get_subject()

3795

3796

def multiple_ca(ctx):

3797

L = [sedesc, cldesc]

3798

ctx.set_client_ca_list(L)

3799

return L

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3800

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3801

self._check_client_ca_list(multiple_ca)

3802

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3803

def test_reset_ca_list(self):

3804

"""

3805

If called multiple times, only the X509Names passed to the final call

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3806

of `Context.set_client_ca_list` are used to configure the CA

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3807

names sent to the client.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3808

"""

3809

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3810

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3811

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3812

3813

cadesc = cacert.get_subject()

3814

sedesc = secert.get_subject()

3815

cldesc = clcert.get_subject()

3816

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3817

def changed_ca(ctx):

3818

ctx.set_client_ca_list([sedesc, cldesc])

3819

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3820

return [cadesc]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3821

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3822

self._check_client_ca_list(changed_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3823

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3824

def test_mutated_ca_list(self):

3825

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3826

If the list passed to `Context.set_client_ca_list` is mutated

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3827

afterwards, this does not affect the list of CA names sent to the

3828

client.

3829

"""

3830

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3831

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3832

3833

cadesc = cacert.get_subject()

3834

sedesc = secert.get_subject()

3835

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3836

def mutated_ca(ctx):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3837

L = [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3838

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3839

L.append(sedesc)

3840

return [cadesc]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3841

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3842

self._check_client_ca_list(mutated_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3843

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3844

def test_add_client_ca_wrong_args(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3845

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3846

`Context.add_client_ca` raises `TypeError` if called with

3847

a non-X509 object.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3848

"""

3849

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3850

with pytest.raises(TypeError):

3851

ctx.add_client_ca("spam")

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3852

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3853

def test_one_add_client_ca(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3854

"""

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3855

A certificate's subject can be added as a CA to be sent to the client

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3856

with `Context.add_client_ca`.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3857

"""

3858

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3859

cadesc = cacert.get_subject()

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3860

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3861

def single_ca(ctx):

3862

ctx.add_client_ca(cacert)

3863

return [cadesc]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3864

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3865

self._check_client_ca_list(single_ca)

3866

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3867

def test_multiple_add_client_ca(self):

3868

"""

3869

Multiple CA names can be sent to the client by calling

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3870

`Context.add_client_ca` with multiple X509 objects.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3871

"""

3872

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3873

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3874

3875

cadesc = cacert.get_subject()

3876

sedesc = secert.get_subject()

3877

3878

def multiple_ca(ctx):

3879

ctx.add_client_ca(cacert)

3880

ctx.add_client_ca(secert)

3881

return [cadesc, sedesc]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3882

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3883

self._check_client_ca_list(multiple_ca)

3884

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3885

def test_set_and_add_client_ca(self):

3886

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3887

A call to `Context.set_client_ca_list` followed by a call to

3888

`Context.add_client_ca` results in using the CA names from the

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3889

first call and the CA name from the second call.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3890

"""

3891

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3892

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3893

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3894

3895

cadesc = cacert.get_subject()

3896

sedesc = secert.get_subject()

3897

cldesc = clcert.get_subject()

3898

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3899

def mixed_set_add_ca(ctx):

3900

ctx.set_client_ca_list([cadesc, sedesc])

3901

ctx.add_client_ca(clcert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3902

return [cadesc, sedesc, cldesc]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3903

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3904

self._check_client_ca_list(mixed_set_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3905

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3906

def test_set_after_add_client_ca(self):

3907

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3908

A call to `Context.set_client_ca_list` after a call to

3909

`Context.add_client_ca` replaces the CA name specified by the

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3910

former call with the names specified by the latter call.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3911

"""

3912

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3913

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3914

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3915

3916

cadesc = cacert.get_subject()

3917

sedesc = secert.get_subject()

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3918

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3919

def set_replaces_add_ca(ctx):

3920

ctx.add_client_ca(clcert)

3921

ctx.set_client_ca_list([cadesc])

3922

ctx.add_client_ca(secert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3923

return [cadesc, sedesc]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3924

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3925

self._check_client_ca_list(set_replaces_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3926

Jean-Paul Calderone

0b88b6a

2009-07-05 12:44:41 -0400

[diff] [blame]

3927

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3928

class TestInfoConstants(object):

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

3929

"""

3930

Tests for assorted constants exposed for use in info callbacks.

3931

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3932

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

3933

def test_integers(self):

3934

"""

3935

All of the info constants are integers.

3936

3937

This is a very weak test. It would be nice to have one that actually

3938

verifies that as certain info events happen, the value passed to the

3939

info callback matches up with the constant exposed by OpenSSL.SSL.

3940

"""

3941

for const in [

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

SSL_ST_CONNECT,

SSL_ST_ACCEPT,

SSL_ST_MASK,

SSL_CB_LOOP,

SSL_CB_EXIT,

SSL_CB_READ,

SSL_CB_WRITE,

SSL_CB_ALERT,

SSL_CB_READ_ALERT,

SSL_CB_WRITE_ALERT,

SSL_CB_ACCEPT_LOOP,

SSL_CB_ACCEPT_EXIT,

SSL_CB_CONNECT_LOOP,

SSL_CB_CONNECT_EXIT,

SSL_CB_HANDSHAKE_START,

3957

SSL_CB_HANDSHAKE_DONE,

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3958

]:

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

3959

assert isinstance(const, int)

3960

3961

# These constants don't exist on OpenSSL 1.1.0

3962

for const in [

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

SSL_ST_INIT,

SSL_ST_BEFORE,

SSL_ST_OK,

SSL_ST_RENEGOTIATE,

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

3967

]:

3968

assert const is None or isinstance(const, int)

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

3969

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

3970

Cory Benfield

1d14214

2016-03-30 11:51:45 +0100

[diff] [blame]

3971

class TestRequires(object):

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3972

"""

3973

Tests for the decorator factory used to conditionally raise

Cory Benfield

1d14214

2016-03-30 11:51:45 +0100

[diff] [blame]

3974

NotImplementedError when older OpenSSLs are used.

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3975

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3976

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3977

def test_available(self):

3978

"""

3979

When the OpenSSL functionality is available the decorated functions

3980

work appropriately.

3981

"""

3982

feature_guard = _make_requires(True, "Error text")

results = []

@feature_guard

def inner():

results.append(True)

return True

Cory Benfield

2016-03-30 14:24:16 +0100

[diff] [blame]

3990

assert inner() is True

3991

assert [True] == results

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3992

3993

def test_unavailable(self):

3994

"""

3995

When the OpenSSL functionality is not available the decorated function

3996

does not execute and NotImplementedError is raised.

3997

"""

3998

feature_guard = _make_requires(False, "Error text")

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3999

4000

@feature_guard

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

4001

def inner(): # pragma: nocover

4002

pytest.fail("Should not be called")

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

4003

Cory Benfield

1d14214

2016-03-30 11:51:45 +0100

[diff] [blame]

4004

with pytest.raises(NotImplementedError) as e:

4005

inner()

4006

4007

assert "Error text" in str(e.value)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4008

4009

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4010

class TestOCSP(object):

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4011

"""

4012

Tests for PyOpenSSL's OCSP stapling support.

4013

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

4014

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4015

sample_ocsp_data = b"this is totally ocsp data"

4016

4017

def _client_connection(self, callback, data, request_ocsp=True):

4018

"""

4019

Builds a client connection suitable for using OCSP.

4020

4021

:param callback: The callback to register for OCSP.

4022

:param data: The opaque data object that will be handed to the

4023

OCSP callback.

4024

:param request_ocsp: Whether the client will actually ask for OCSP

4025

stapling. Useful for testing only.

4026

"""

4027

ctx = Context(SSLv23_METHOD)

4028

ctx.set_ocsp_client_callback(callback, data)

4029

client = Connection(ctx)

4030

4031

if request_ocsp:

4032

client.request_ocsp()

4033

4034

client.set_connect_state()

4035

return client

4036

4037

def _server_connection(self, callback, data):

4038

"""

4039

Builds a server connection suitable for using OCSP.

4040

4041

:param callback: The callback to register for OCSP.

4042

:param data: The opaque data object that will be handed to the

4043

OCSP callback.

4044

"""

4045

ctx = Context(SSLv23_METHOD)

4046

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

4047

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

4048

ctx.set_ocsp_server_callback(callback, data)

4049

server = Connection(ctx)

4050

server.set_accept_state()

4051

return server

4052

4053

def test_callbacks_arent_called_by_default(self):

4054

"""

4055

If both the client and the server have registered OCSP callbacks, but

4056

the client does not send the OCSP request, neither callback gets

4057

called.

4058

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

4059

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

4060

def ocsp_callback(*args, **kwargs): # pragma: nocover

4061

pytest.fail("Should not be called")

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4062

4063

client = self._client_connection(

4064

callback=ocsp_callback, data=None, request_ocsp=False

4065

)

4066

server = self._server_connection(callback=ocsp_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4067

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4068

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4069

def test_client_negotiates_without_server(self):

4070

"""

4071

If the client wants to do OCSP but the server does not, the handshake

4072

succeeds, and the client callback fires with an empty byte string.

"""

called = []

def ocsp_callback(conn, ocsp_data, ignored):

4077

called.append(ocsp_data)

4078

return True

4079

4080

client = self._client_connection(callback=ocsp_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4081

server = loopback_server_factory(socket=None)

4082

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4083

4084

assert len(called) == 1

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

4085

assert called[0] == b""

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4086

4087

def test_client_receives_servers_data(self):

4088

"""

4089

The data the server sends in its callback is received by the client.

"""

calls = []

def server_callback(*args, **kwargs):

4094

return self.sample_ocsp_data

4095

4096

def client_callback(conn, ocsp_data, ignored):

4097

calls.append(ocsp_data)

4098

return True

4099

4100

client = self._client_connection(callback=client_callback, data=None)

4101

server = self._server_connection(callback=server_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4102

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4103

4104

assert len(calls) == 1

4105

assert calls[0] == self.sample_ocsp_data

4106

4107

def test_callbacks_are_invoked_with_connections(self):

4108

"""

4109

The first arguments to both callbacks are their respective connections.

"""

client_calls = []

server_calls = []

def client_callback(conn, *args, **kwargs):

4115

client_calls.append(conn)

4116

return True

4117

4118

def server_callback(conn, *args, **kwargs):

4119

server_calls.append(conn)

4120

return self.sample_ocsp_data

4121

4122

client = self._client_connection(callback=client_callback, data=None)

4123

server = self._server_connection(callback=server_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4124

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4125

4126

assert len(client_calls) == 1

4127

assert len(server_calls) == 1

4128

assert client_calls[0] is client

4129

assert server_calls[0] is server

4130

4131

def test_opaque_data_is_passed_through(self):

4132

"""

4133

Both callbacks receive an opaque, user-provided piece of data in their

4134

callbacks as the final argument.

"""

calls = []

def server_callback(*args):

4139

calls.append(args)

4140

return self.sample_ocsp_data

4141

4142

def client_callback(*args):

calls.append(args)

return True

sentinel = object()

client = self._client_connection(

4149

callback=client_callback, data=sentinel

4150

)

4151

server = self._server_connection(

4152

callback=server_callback, data=sentinel

4153

)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4154

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4155

4156

assert len(calls) == 2

4157

assert calls[0][-1] is sentinel

4158

assert calls[1][-1] is sentinel

4159

4160

def test_server_returns_empty_string(self):

4161

"""

4162

If the server returns an empty bytestring from its callback, the

4163

client callback is called with the empty bytestring.

"""

client_calls = []

def server_callback(*args):

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

4168

return b""

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4169

4170

def client_callback(conn, ocsp_data, ignored):

4171

client_calls.append(ocsp_data)

4172

return True

4173

4174

client = self._client_connection(callback=client_callback, data=None)

4175

server = self._server_connection(callback=server_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4176

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4177

4178

assert len(client_calls) == 1

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

4179

assert client_calls[0] == b""

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4180

4181

def test_client_returns_false_terminates_handshake(self):

4182

"""

4183

If the client returns False from its callback, the handshake fails.

4184

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

4185

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4186

def server_callback(*args):

4187

return self.sample_ocsp_data

4188

4189

def client_callback(*args):

4190

return False

4191

4192

client = self._client_connection(callback=client_callback, data=None)

4193

server = self._server_connection(callback=server_callback, data=None)

4194

4195

with pytest.raises(Error):

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4196

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4197

4198

def test_exceptions_in_client_bubble_up(self):

4199

"""

4200

The callbacks thrown in the client callback bubble up to the caller.

4201

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

4202

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4203

class SentinelException(Exception):

4204

pass

4205

4206

def server_callback(*args):

4207

return self.sample_ocsp_data

4208

4209

def client_callback(*args):

4210

raise SentinelException()

4211

4212

client = self._client_connection(callback=client_callback, data=None)

4213

server = self._server_connection(callback=server_callback, data=None)

4214

4215

with pytest.raises(SentinelException):

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4216

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4217

4218

def test_exceptions_in_server_bubble_up(self):

4219

"""

4220

The callbacks thrown in the server callback bubble up to the caller.

4221

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

4222

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4223

class SentinelException(Exception):

4224

pass

4225

4226

def server_callback(*args):

4227

raise SentinelException()

4228

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

4229

def client_callback(*args): # pragma: nocover

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4230

pytest.fail("Should not be called")

4231

4232

client = self._client_connection(callback=client_callback, data=None)

4233

server = self._server_connection(callback=server_callback, data=None)

4234

4235

with pytest.raises(SentinelException):

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4236

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4237

4238

def test_server_must_return_bytes(self):

4239

"""

4240

The server callback must return a bytestring, or a TypeError is thrown.

4241

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

4242

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4243

def server_callback(*args):

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

4244

return self.sample_ocsp_data.decode("ascii")

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4245

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

4246

def client_callback(*args): # pragma: nocover

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4247

pytest.fail("Should not be called")

4248

4249

client = self._client_connection(callback=client_callback, data=None)

4250

server = self._server_connection(callback=server_callback, data=None)

4251

4252

with pytest.raises(TypeError):

Alex Chan