Blame - tests/test_ssl.py - platform/external/python/pyopenssl

2008-03-21 17:04:05 -0400

[diff] [blame]

4

"""

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

5

Unit tests for :mod:`OpenSSL.SSL`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

6

"""

7

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

8

import datetime

Maximilian Hils

2017-02-10 14:56:55 +0100

[diff] [blame]

9

import sys

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

10

import uuid

11

Jean-Paul Calderone

4c1aacd

2014-01-11 08:15:17 -0500

[diff] [blame]

12

from gc import collect, get_referrers

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

13

from errno import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

EAFNOSUPPORT,

ECONNREFUSED,

EINPROGRESS,

EWOULDBLOCK,

EPIPE,

ESHUTDOWN,

)

Jeremy Lainé

1ae7cb6

2018-03-21 14:49:42 +0100

[diff] [blame]

21

from sys import platform, getfilesystemencoding

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

22

from socket import AF_INET, AF_INET6, MSG_PEEK, SHUT_RDWR, error, socket

Jean-Paul Calderone

a65cf6c

2009-07-19 10:26:52 -0400

[diff] [blame]

23

from os import makedirs

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

24

from os.path import join

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

25

from weakref import ref

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

26

from warnings import simplefilter

Jean-Paul Calderone

460cc1f

2009-03-07 11:31:12 -0500

[diff] [blame]

27

Alex Gaynor

963ae03

2019-07-06 17:38:32 -0400

[diff] [blame]

28

import flaky

29

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

30

import pytest

31

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

32

from pretend import raiser

33

Hugo van Kemenade

60827f8

2019-08-30 00:39:35 +0300

[diff] [blame]

34

from six import PY2, text_type

Jean-Paul Calderone

c76c61c

2014-01-18 13:21:52 -0500

[diff] [blame]

35

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

36

from cryptography import x509

37

from cryptography.hazmat.backends import default_backend

38

from cryptography.hazmat.primitives import hashes

39

from cryptography.hazmat.primitives import serialization

40

from cryptography.hazmat.primitives.asymmetric import rsa

41

from cryptography.x509.oid import NameOID

42

43

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

44

from OpenSSL.crypto import TYPE_RSA, FILETYPE_PEM

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

45

from OpenSSL.crypto import PKey, X509, X509Extension, X509Store

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

46

from OpenSSL.crypto import dump_privatekey, load_privatekey

47

from OpenSSL.crypto import dump_certificate, load_certificate

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

48

from OpenSSL.crypto import get_elliptic_curves

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

49

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

50

from OpenSSL.SSL import OPENSSL_VERSION_NUMBER, SSLEAY_VERSION, SSLEAY_CFLAGS

51

from OpenSSL.SSL import SSLEAY_PLATFORM, SSLEAY_DIR, SSLEAY_BUILT_ON

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

52

from OpenSSL.SSL import SENT_SHUTDOWN, RECEIVED_SHUTDOWN

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

53

from OpenSSL.SSL import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

SSLv2_METHOD,

SSLv3_METHOD,

SSLv23_METHOD,

TLSv1_METHOD,

TLSv1_1_METHOD,

TLSv1_2_METHOD,

)

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

61

from OpenSSL.SSL import OP_SINGLE_DH_USE, OP_NO_SSLv2, OP_NO_SSLv3

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

62

from OpenSSL.SSL import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

63

VERIFY_PEER,

64

VERIFY_FAIL_IF_NO_PEER_CERT,

65

VERIFY_CLIENT_ONCE,

66

VERIFY_NONE,

67

)

Jean-Paul Calderone

0222a49

2011-09-08 18:26:03 -0400

[diff] [blame]

68

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

69

from OpenSSL import SSL

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

70

from OpenSSL.SSL import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

SESS_CACHE_OFF,

SESS_CACHE_CLIENT,

SESS_CACHE_SERVER,

SESS_CACHE_BOTH,

SESS_CACHE_NO_AUTO_CLEAR,

76

SESS_CACHE_NO_INTERNAL_LOOKUP,

77

SESS_CACHE_NO_INTERNAL_STORE,

78

SESS_CACHE_NO_INTERNAL,

79

)

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

80

81

from OpenSSL.SSL import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

Error,

SysCallError,

WantReadError,

WantWriteError,

ZeroReturnError,

)

from OpenSSL.SSL import Context, Session, Connection, SSLeay_version

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

89

from OpenSSL.SSL import _make_requires

Jean-Paul Calderone

7526d17

2010-09-09 17:55:31 -0400

[diff] [blame]

90

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

91

from OpenSSL._util import ffi as _ffi, lib as _lib

Cory Benfield

ba1820d

2015-04-13 17:39:12 -0400

[diff] [blame]

92

Alex Gaynor

d3b5d9b

2016-07-31 10:54:24 -0400

[diff] [blame]

93

from OpenSSL.SSL import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

OP_NO_QUERY_MTU,

OP_COOKIE_EXCHANGE,

OP_NO_TICKET,

OP_NO_COMPRESSION,

MODE_RELEASE_BUFFERS,

99

NO_OVERLAPPING_PROTOCOLS,

100

)

Jean-Paul Calderone

0222a49

2011-09-08 18:26:03 -0400

[diff] [blame]

101

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

102

from OpenSSL.SSL import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

SSL_ST_CONNECT,

SSL_ST_ACCEPT,

SSL_ST_MASK,

SSL_CB_LOOP,

SSL_CB_EXIT,

SSL_CB_READ,

SSL_CB_WRITE,

SSL_CB_ALERT,

SSL_CB_READ_ALERT,

SSL_CB_WRITE_ALERT,

SSL_CB_ACCEPT_LOOP,

SSL_CB_ACCEPT_EXIT,

SSL_CB_CONNECT_LOOP,

SSL_CB_CONNECT_EXIT,

SSL_CB_HANDSHAKE_START,

118

SSL_CB_HANDSHAKE_DONE,

119

)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

120

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

121

try:

122

from OpenSSL.SSL import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

SSL_ST_INIT,

SSL_ST_BEFORE,

SSL_ST_OK,

SSL_ST_RENEGOTIATE,

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

127

)

128

except ImportError:

129

SSL_ST_INIT = SSL_ST_BEFORE = SSL_ST_OK = SSL_ST_RENEGOTIATE = None

130

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

131

from .util import WARNING_TYPE_EXPECTED, NON_ASCII, is_consistent_type

Hynek Schlawack

f0e6685

2015-10-16 20:18:38 +0200

[diff] [blame]

132

from .test_crypto import (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

133

cleartextCertificatePEM,

134

cleartextPrivateKeyPEM,

client_cert_pem,

client_key_pem,

server_cert_pem,

server_key_pem,

root_cert_pem,

)

Hynek Schlawack

f0e6685

2015-10-16 20:18:38 +0200

[diff] [blame]

141

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

142

Alex Gaynor

d0bdd2d

2016-09-10 14:23:46 -0400

[diff] [blame]

143

# openssl dhparam 1024 -out dh-1024.pem (note that 1024 is a small number of

144

# bits to use)

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

145

dhparam = """\

146

-----BEGIN DH PARAMETERS-----

Alex Gaynor

d0bdd2d

2016-09-10 14:23:46 -0400

[diff] [blame]

147

MIGHAoGBALdUMvn+C9MM+y5BWZs11mSeH6HHoEq0UVbzVq7UojC1hbsZUuGukQ3a

148

Qh2/pwqb18BZFykrWB0zv/OkLa0kx4cuUgNrUVq1EFheBiX6YqryJ7t2sO09NQiO

149

V7H54LmltOT/hEh6QWsJqb6BQgH65bswvV/XkYGja8/T0GzvbaVzAgEC

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

150

-----END DH PARAMETERS-----

"""

Hugo van Kemenade

2019-08-30 00:39:35 +0300

[diff] [blame]

154

skip_if_py3 = pytest.mark.skipif(not PY2, reason="Python 2 only")

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

155

156

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

157

def socket_any_family():

158

try:

159

return socket(AF_INET)

160

except error as e:

161

if e.errno == EAFNOSUPPORT:

162

return socket(AF_INET6)

raise

def loopback_address(socket):

167

if socket.family == AF_INET:

168

return "127.0.0.1"

169

else:

170

assert socket.family == AF_INET6

return "::1"

Jean-Paul Calderone

2015-04-12 11:38:49 -0400

[diff] [blame]

174

def join_bytes_or_unicode(prefix, suffix):

175

"""

176

Join two path components of either ``bytes`` or ``unicode``.

177

178

The return type is the same as the type of ``prefix``.

179

"""

180

# If the types are the same, nothing special is necessary.

181

if type(prefix) == type(suffix):

182

return join(prefix, suffix)

183

184

# Otherwise, coerce suffix to the type of prefix.

185

if isinstance(prefix, text_type):

186

return join(prefix, suffix.decode(getfilesystemencoding()))

187

else:

188

return join(prefix, suffix.encode(getfilesystemencoding()))

189

190

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

191

def verify_cb(conn, cert, errnum, depth, ok):

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

192

return ok

193

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

194

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

195

def socket_pair():

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

196

"""

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

197

Establish and return a pair of network sockets connected to each other.

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

198

"""

199

# Connect a pair of sockets

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

200

port = socket_any_family()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

201

port.bind(("", 0))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

202

port.listen(1)

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

203

client = socket(port.family)

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

204

client.setblocking(False)

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

205

client.connect_ex((loopback_address(port), port.getsockname()[1]))

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

206

client.setblocking(True)

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

207

server = port.accept()[0]

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

208

Jean-Paul Calderone

1a9613b

2009-07-16 12:13:36 -0400

[diff] [blame]

209

# Let's pass some unencrypted data to make sure our socket connection is

210

# fine. Just one byte, so we don't have to worry about buffers getting

211

# filled up or fragmentation.

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

212

server.send(b"x")

213

assert client.recv(1024) == b"x"

214

client.send(b"y")

215

assert server.recv(1024) == b"y"

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

216

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

217

# Most of our callers want non-blocking sockets, make it easy for them.

Jean-Paul Calderone

94b24a8

2009-07-16 19:11:38 -0400

[diff] [blame]

218

server.setblocking(False)

219

client.setblocking(False)

Jim Shaver

46f2891

2015-05-29 19:32:16 -0400

[diff] [blame]

220

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

221

return (server, client)

222

223

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

224

def handshake(client, server):

225

conns = [client, server]

while conns:

for conn in conns:

try:

conn.do_handshake()

except WantReadError:

pass

else:

conns.remove(conn)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

236

def _create_certificate_chain():

237

"""

238

Construct and return a chain of certificates.

239

240

1. A new self-signed certificate authority certificate (cacert)

241

2. A new intermediate certificate signed by cacert (icert)

242

3. A new server certificate signed by icert (scert)

243

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

244

caext = X509Extension(b"basicConstraints", False, b"CA:true")

245

not_after_date = datetime.date.today() + datetime.timedelta(days=365)

Alex Gaynor

2020-01-12 11:59:49 -0600

[diff] [blame]

246

not_after = not_after_date.strftime("%Y%m%d%H%M%SZ").encode("ascii")

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

247

248

# Step 1

249

cakey = PKey()

Alex Gaynor

8cd336e

2020-08-03 10:36:32 -0400

[diff] [blame]

250

cakey.generate_key(TYPE_RSA, 2048)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

251

cacert = X509()

David Benjamin

6b79947

2020-06-24 17:14:16 -0400

[diff] [blame]

252

cacert.set_version(2)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

253

cacert.get_subject().commonName = "Authority Certificate"

254

cacert.set_issuer(cacert.get_subject())

255

cacert.set_pubkey(cakey)

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

256

cacert.set_notBefore(b"20000101000000Z")

Alex Gaynor

2020-01-12 11:59:49 -0600

[diff] [blame]

257

cacert.set_notAfter(not_after)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

258

cacert.add_extensions([caext])

259

cacert.set_serial_number(0)

260

cacert.sign(cakey, "sha1")

261

262

# Step 2

263

ikey = PKey()

Alex Gaynor

8cd336e

2020-08-03 10:36:32 -0400

[diff] [blame]

264

ikey.generate_key(TYPE_RSA, 2048)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

265

icert = X509()

David Benjamin

6b79947

2020-06-24 17:14:16 -0400

[diff] [blame]

266

icert.set_version(2)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

267

icert.get_subject().commonName = "Intermediate Certificate"

268

icert.set_issuer(cacert.get_subject())

269

icert.set_pubkey(ikey)

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

270

icert.set_notBefore(b"20000101000000Z")

Alex Gaynor

2020-01-12 11:59:49 -0600

[diff] [blame]

271

icert.set_notAfter(not_after)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

272

icert.add_extensions([caext])

273

icert.set_serial_number(0)

274

icert.sign(cakey, "sha1")

275

276

# Step 3

277

skey = PKey()

Alex Gaynor

8cd336e

2020-08-03 10:36:32 -0400

[diff] [blame]

278

skey.generate_key(TYPE_RSA, 2048)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

279

scert = X509()

David Benjamin

6b79947

2020-06-24 17:14:16 -0400

[diff] [blame]

280

scert.set_version(2)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

281

scert.get_subject().commonName = "Server Certificate"

282

scert.set_issuer(icert.get_subject())

283

scert.set_pubkey(skey)

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

284

scert.set_notBefore(b"20000101000000Z")

Alex Gaynor

2020-01-12 11:59:49 -0600

[diff] [blame]

285

scert.set_notAfter(not_after)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

286

scert.add_extensions(

287

[X509Extension(b"basicConstraints", True, b"CA:false")]

288

)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

289

scert.set_serial_number(0)

290

scert.sign(ikey, "sha1")

291

292

return [(cakey, cacert), (ikey, icert), (skey, scert)]

293

294

Paul Kehrer

2019-01-21 12:24:02 -0600

[diff] [blame]

295

def loopback_client_factory(socket, version=SSLv23_METHOD):

296

client = Connection(Context(version), socket)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

297

client.set_connect_state()

return client

Paul Kehrer

2019-01-21 12:24:02 -0600

[diff] [blame]

301

def loopback_server_factory(socket, version=SSLv23_METHOD):

302

ctx = Context(version)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

303

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

304

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

305

server = Connection(ctx, socket)

306

server.set_accept_state()

return server

def loopback(server_factory=None, client_factory=None):

311

"""

312

Create a connected socket pair and force two connected SSL sockets

313

to talk to each other via memory BIOs.

314

"""

315

if server_factory is None:

316

server_factory = loopback_server_factory

317

if client_factory is None:

318

client_factory = loopback_client_factory

319

320

(server, client) = socket_pair()

321

server = server_factory(server)

322

client = client_factory(client)

323

324

handshake(client, server)

325

326

server.setblocking(True)

327

client.setblocking(True)

328

return server, client

329

330

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

331

def interact_in_memory(client_conn, server_conn):

332

"""

333

Try to read application bytes from each of the two `Connection` objects.

334

Copy bytes back and forth between their send/receive buffers for as long

335

as there is anything to copy. When there is nothing more to copy,

336

return `None`. If one of them actually manages to deliver some application

337

bytes, return a two-tuple of the connection from which the bytes were read

338

and the bytes themselves.

"""

wrote = True

while wrote:

# Loop until neither side has anything to say

343

wrote = False

344

345

# Copy stuff from each side's send buffer to the other side's

346

# receive buffer.

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

347

for (read, write) in [

348

(client_conn, server_conn),

349

(server_conn, client_conn),

350

]:

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

351

352

# Give the side a chance to generate some more bytes, or succeed.

353

try:

354

data = read.recv(2 ** 16)

355

except WantReadError:

356

# It didn't succeed, so we'll hope it generated some output.

357

pass

358

else:

359

# It did succeed, so we'll stop now and let the caller deal

# with it.

return (read, data)

while True:

# Keep copying as long as there's more stuff there.

365

try:

366

dirty = read.bio_read(4096)

367

except WantReadError:

368

# Okay, nothing more waiting to be sent. Stop

369

# processing this send buffer.

370

break

371

else:

372

# Keep track of the fact that someone generated some

373

# output.

374

wrote = True

375

write.bio_write(dirty)

376

377

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

378

def handshake_in_memory(client_conn, server_conn):

379

"""

380

Perform the TLS handshake between two `Connection` instances connected to

381

each other via memory BIOs.

382

"""

383

client_conn.set_connect_state()

384

server_conn.set_accept_state()

385

386

for conn in [client_conn, server_conn]:

387

try:

388

conn.do_handshake()

389

except WantReadError:

390

pass

391

392

interact_in_memory(client_conn, server_conn)

393

394

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

395

class TestVersion(object):

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

396

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

397

Tests for version information exposed by `OpenSSL.SSL.SSLeay_version` and

398

`OpenSSL.SSL.OPENSSL_VERSION_NUMBER`.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

399

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

400

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

401

def test_OPENSSL_VERSION_NUMBER(self):

402

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

403

`OPENSSL_VERSION_NUMBER` is an integer with status in the low byte and

404

the patch, fix, minor, and major versions in the nibbles above that.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

405

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

406

assert isinstance(OPENSSL_VERSION_NUMBER, int)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

407

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

408

def test_SSLeay_version(self):

409

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

410

`SSLeay_version` takes a version type indicator and returns one of a

411

number of version strings based on that indicator.

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

412

"""

413

versions = {}

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

for t in [

SSLEAY_VERSION,

SSLEAY_CFLAGS,

SSLEAY_BUILT_ON,

SSLEAY_PLATFORM,

SSLEAY_DIR,

]:

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

421

version = SSLeay_version(t)

422

versions[version] = t

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

423

assert isinstance(version, bytes)

424

assert len(versions) == 5

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

425

426

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

427

@pytest.fixture

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

428

def ca_file(tmpdir):

429

"""

430

Create a valid PEM file with CA certificates and return the path.

431

"""

432

key = rsa.generate_private_key(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

433

public_exponent=65537, key_size=2048, backend=default_backend()

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

434

)

435

public_key = key.public_key()

436

437

builder = x509.CertificateBuilder()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

438

builder = builder.subject_name(

439

x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u"pyopenssl.org")])

440

)

441

builder = builder.issuer_name(

442

x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, u"pyopenssl.org")])

443

)

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

444

one_day = datetime.timedelta(1, 0, 0)

445

builder = builder.not_valid_before(datetime.datetime.today() - one_day)

446

builder = builder.not_valid_after(datetime.datetime.today() + one_day)

447

builder = builder.serial_number(int(uuid.uuid4()))

448

builder = builder.public_key(public_key)

449

builder = builder.add_extension(

450

x509.BasicConstraints(ca=True, path_length=None), critical=True,

451

)

452

453

certificate = builder.sign(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

454

private_key=key, algorithm=hashes.SHA256(), backend=default_backend()

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

455

)

456

457

ca_file = tmpdir.join("test.pem")

458

ca_file.write_binary(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

459

certificate.public_bytes(encoding=serialization.Encoding.PEM,)

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

460

)

461

462

return str(ca_file).encode("ascii")

463

464

465

@pytest.fixture

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

466

def context():

467

"""

468

A simple TLS 1.0 context.

469

"""

470

return Context(TLSv1_METHOD)

471

472

473

class TestContext(object):

Hynek Schlawack

aa86121

2016-03-13 13:53:48 +0100

[diff] [blame]

474

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

475

Unit tests for `OpenSSL.SSL.Context`.

Hynek Schlawack

aa86121

2016-03-13 13:53:48 +0100

[diff] [blame]

476

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

477

478

@pytest.mark.parametrize(

479

"cipher_string",

480

[b"hello world:AES128-SHA", u"hello world:AES128-SHA"],

481

)

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

482

def test_set_cipher_list(self, context, cipher_string):

483

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

484

`Context.set_cipher_list` accepts both byte and unicode strings

Hynek Schlawack

a7a63af

2016-03-11 12:05:26 +0100

[diff] [blame]

485

for naming the ciphers which connections created with the context

486

object will be able to choose from.

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

487

"""

488

context.set_cipher_list(cipher_string)

489

conn = Connection(context, None)

490

491

assert "AES128-SHA" in conn.get_cipher_list()

492

Mark Williams

2019-02-14 19:30:07 -0800

[diff] [blame]

493

def test_set_cipher_list_wrong_type(self, context):

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

494

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

495

`Context.set_cipher_list` raises `TypeError` when passed a non-string

Mark Williams

2019-02-14 19:30:07 -0800

[diff] [blame]

496

argument.

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

497

"""

Mark Williams

2019-02-14 19:30:07 -0800

[diff] [blame]

498

with pytest.raises(TypeError):

499

context.set_cipher_list(object())

500

Alex Gaynor

963ae03

2019-07-06 17:38:32 -0400

[diff] [blame]

501

@flaky.flaky

Mark Williams

2019-02-14 19:30:07 -0800

[diff] [blame]

502

def test_set_cipher_list_no_cipher_match(self, context):

503

"""

504

`Context.set_cipher_list` raises `OpenSSL.SSL.Error` with a

505

`"no cipher match"` reason string regardless of the TLS

506

version.

507

"""

508

with pytest.raises(Error) as excinfo:

509

context.set_cipher_list(b"imaginary-cipher")

510

assert excinfo.value.args == (

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

511

[("SSL routines", "SSL_CTX_set_cipher_list", "no cipher match",)],

512

)

Hynek Schlawack

2016-03-11 11:21:13 +0100

[diff] [blame]

513

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

514

def test_load_client_ca(self, context, ca_file):

515

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

516

`Context.load_client_ca` works as far as we can tell.

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

517

"""

518

context.load_client_ca(ca_file)

519

520

def test_load_client_ca_invalid(self, context, tmpdir):

521

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

522

`Context.load_client_ca` raises an Error if the ca file is invalid.

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

523

"""

524

ca_file = tmpdir.join("test.pem")

525

ca_file.write("")

526

527

with pytest.raises(Error) as e:

528

context.load_client_ca(str(ca_file).encode("ascii"))

529

530

assert "PEM routines" == e.value.args[0][0][0]

531

532

def test_load_client_ca_unicode(self, context, ca_file):

533

"""

534

Passing the path as unicode raises a warning but works.

535

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

536

pytest.deprecated_call(context.load_client_ca, ca_file.decode("ascii"))

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

537

538

def test_set_session_id(self, context):

539

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

540

`Context.set_session_id` works as far as we can tell.

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

541

"""

542

context.set_session_id(b"abc")

543

544

def test_set_session_id_fail(self, context):

545

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

546

`Context.set_session_id` errors are propagated.

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

547

"""

548

with pytest.raises(Error) as e:

549

context.set_session_id(b"abc" * 1000)

550

551

assert [

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

552

(

553

"SSL routines",

554

"SSL_CTX_set_session_id_context",

555

"ssl session id context too long",

556

)

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

557

] == e.value.args[0]

558

559

def test_set_session_id_unicode(self, context):

560

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

561

`Context.set_session_id` raises a warning if a unicode string is

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

562

passed.

563

"""

564

pytest.deprecated_call(context.set_session_id, u"abc")

565

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

566

def test_method(self):

567

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

568

`Context` can be instantiated with one of `SSLv2_METHOD`,

569

`SSLv3_METHOD`, `SSLv23_METHOD`, `TLSv1_METHOD`, `TLSv1_1_METHOD`,

570

or `TLSv1_2_METHOD`.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

571

"""

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

572

methods = [SSLv23_METHOD, TLSv1_METHOD]

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

573

for meth in methods:

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

574

Context(meth)

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

575

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

576

maybe = [SSLv2_METHOD, SSLv3_METHOD, TLSv1_1_METHOD, TLSv1_2_METHOD]

Jean-Paul Calderone

2013-10-03 16:05:00 -0400

[diff] [blame]

for meth in maybe:

try:

Context(meth)

except (Error, ValueError):

581

# Some versions of OpenSSL have SSLv2 / TLSv1.1 / TLSv1.2, some

582

# don't. Difficult to say in advance.

583

pass

Jean-Paul Calderone

2011-04-14 09:36:55 -0400

[diff] [blame]

584

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

585

with pytest.raises(TypeError):

586

Context("")

587

with pytest.raises(ValueError):

588

Context(10)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

589

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

590

def test_type(self):

591

"""

Alex Gaynor

01f90a1

2019-02-07 09:14:48 -0500

[diff] [blame]

592

`Context` can be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

593

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

594

assert is_consistent_type(Context, "Context", TLSv1_METHOD)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

595

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

596

def test_use_privatekey(self):

597

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

598

`Context.use_privatekey` takes an `OpenSSL.crypto.PKey` instance.

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

599

"""

600

key = PKey()

Paul Kehrer

2020-08-03 15:54:20 -0500

[diff] [blame^]

601

key.generate_key(TYPE_RSA, 1024)

Jean-Paul Calderone

2008-03-21 17:04:05 -0400

[diff] [blame]

602

ctx = Context(TLSv1_METHOD)

603

ctx.use_privatekey(key)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

604

with pytest.raises(TypeError):

605

ctx.use_privatekey("")

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

606

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

607

def test_use_privatekey_file_missing(self, tmpfile):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

608

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

609

`Context.use_privatekey_file` raises `OpenSSL.SSL.Error` when passed

610

the name of a file which does not exist.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

611

"""

612

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

613

with pytest.raises(Error):

614

ctx.use_privatekey_file(tmpfile)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

615

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

616

def _use_privatekey_file_test(self, pemfile, filetype):

617

"""

618

Verify that calling ``Context.use_privatekey_file`` with the given

619

arguments does not raise an exception.

620

"""

621

key = PKey()

Paul Kehrer

2020-08-03 15:54:20 -0500

[diff] [blame^]

622

key.generate_key(TYPE_RSA, 1024)

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

623

624

with open(pemfile, "wt") as pem:

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

625

pem.write(dump_privatekey(FILETYPE_PEM, key).decode("ascii"))

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

626

627

ctx = Context(TLSv1_METHOD)

628

ctx.use_privatekey_file(pemfile, filetype)

629

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

630

@pytest.mark.parametrize("filetype", [object(), "", None, 1.0])

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

631

def test_wrong_privatekey_file_wrong_args(self, tmpfile, filetype):

632

"""

633

`Context.use_privatekey_file` raises `TypeError` when called with

634

a `filetype` which is not a valid file encoding.

635

"""

636

ctx = Context(TLSv1_METHOD)

637

with pytest.raises(TypeError):

638

ctx.use_privatekey_file(tmpfile, filetype)

639

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

640

def test_use_privatekey_file_bytes(self, tmpfile):

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

641

"""

642

A private key can be specified from a file by passing a ``bytes``

643

instance giving the file name to ``Context.use_privatekey_file``.

644

"""

645

self._use_privatekey_file_test(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

646

tmpfile + NON_ASCII.encode(getfilesystemencoding()), FILETYPE_PEM,

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

647

)

648

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

649

def test_use_privatekey_file_unicode(self, tmpfile):

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

650

"""

651

A private key can be specified from a file by passing a ``unicode``

652

instance giving the file name to ``Context.use_privatekey_file``.

653

"""

654

self._use_privatekey_file_test(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

655

tmpfile.decode(getfilesystemencoding()) + NON_ASCII, FILETYPE_PEM,

Jean-Paul Calderone

2015-04-12 10:04:28 -0400

[diff] [blame]

656

)

657

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

658

def test_use_certificate_wrong_args(self):

659

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

660

`Context.use_certificate_wrong_args` raises `TypeError` when not passed

661

exactly one `OpenSSL.crypto.X509` instance as an argument.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

662

"""

663

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

664

with pytest.raises(TypeError):

665

ctx.use_certificate("hello, world")

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

666

667

def test_use_certificate_uninitialized(self):

668

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

669

`Context.use_certificate` raises `OpenSSL.SSL.Error` when passed a

670

`OpenSSL.crypto.X509` instance which has not been initialized

671

(ie, which does not actually have any certificate data).

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

672

"""

673

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

674

with pytest.raises(Error):

675

ctx.use_certificate(X509())

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

676

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

677

def test_use_certificate(self):

678

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

679

`Context.use_certificate` sets the certificate which will be

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

680

used to identify connections created using the context.

681

"""

682

# TODO

683

# Hard to assert anything. But we could set a privatekey then ask

684

# OpenSSL if the cert and key agree using check_privatekey. Then as

685

# long as check_privatekey works right we're good...

686

ctx = Context(TLSv1_METHOD)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

687

ctx.use_certificate(

688

load_certificate(FILETYPE_PEM, cleartextCertificatePEM)

689

)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

690

691

def test_use_certificate_file_wrong_args(self):

692

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

693

`Context.use_certificate_file` raises `TypeError` if the first

694

argument is not a byte string or the second argument is not an integer.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

695

"""

696

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

697

with pytest.raises(TypeError):

698

ctx.use_certificate_file(object(), FILETYPE_PEM)

699

with pytest.raises(TypeError):

700

ctx.use_certificate_file(b"somefile", object())

701

with pytest.raises(TypeError):

702

ctx.use_certificate_file(object(), FILETYPE_PEM)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

703

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

704

def test_use_certificate_file_missing(self, tmpfile):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

705

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

706

`Context.use_certificate_file` raises `OpenSSL.SSL.Error` if passed

707

the name of a file which does not exist.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

708

"""

709

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

710

with pytest.raises(Error):

711

ctx.use_certificate_file(tmpfile)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

712

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

713

def _use_certificate_file_test(self, certificate_file):

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

714

"""

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

715

Verify that calling ``Context.use_certificate_file`` with the given

716

filename doesn't raise an exception.

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

717

"""

718

# TODO

719

# Hard to assert anything. But we could set a privatekey then ask

720

# OpenSSL if the cert and key agree using check_privatekey. Then as

721

# long as check_privatekey works right we're good...

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

722

with open(certificate_file, "wb") as pem_file:

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

723

pem_file.write(cleartextCertificatePEM)

724

725

ctx = Context(TLSv1_METHOD)

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

726

ctx.use_certificate_file(certificate_file)

727

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

728

def test_use_certificate_file_bytes(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

729

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

730

`Context.use_certificate_file` sets the certificate (given as a

731

`bytes` filename) which will be used to identify connections created

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

732

using the context.

733

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

734

filename = tmpfile + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

735

self._use_certificate_file_test(filename)

736

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

737

def test_use_certificate_file_unicode(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

738

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

739

`Context.use_certificate_file` sets the certificate (given as a

740

`bytes` filename) which will be used to identify connections created

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

741

using the context.

742

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

743

filename = tmpfile.decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 09:57:36 -0400

[diff] [blame]

744

self._use_certificate_file_test(filename)

Jean-Paul Calderone

2013-03-06 10:29:21 -0800

[diff] [blame]

745

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

746

def test_check_privatekey_valid(self):

747

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

748

`Context.check_privatekey` returns `None` if the `Context` instance

749

has been configured to use a matched key and certificate pair.

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

750

"""

751

key = load_privatekey(FILETYPE_PEM, client_key_pem)

752

cert = load_certificate(FILETYPE_PEM, client_cert_pem)

753

context = Context(TLSv1_METHOD)

754

context.use_privatekey(key)

755

context.use_certificate(cert)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

756

assert None is context.check_privatekey()

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

757

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

758

def test_check_privatekey_invalid(self):

759

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

760

`Context.check_privatekey` raises `Error` if the `Context` instance

761

has been configured to use a key and certificate pair which don't

762

relate to each other.

Jean-Paul Calderone

2014-12-11 13:58:00 -0500

[diff] [blame]

763

"""

764

key = load_privatekey(FILETYPE_PEM, client_key_pem)

765

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

766

context = Context(TLSv1_METHOD)

767

context.use_privatekey(key)

768

context.use_certificate(cert)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

769

with pytest.raises(Error):

770

context.check_privatekey()

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

771

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

772

def test_app_data(self):

773

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

774

`Context.set_app_data` stores an object for later retrieval

775

using `Context.get_app_data`.

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

776

"""

777

app_data = object()

778

context = Context(TLSv1_METHOD)

779

context.set_app_data(app_data)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

780

assert context.get_app_data() is app_data

Jean-Paul Calderone

2010-07-30 18:03:25 -0400

[diff] [blame]

781

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

782

def test_set_options_wrong_args(self):

783

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

784

`Context.set_options` raises `TypeError` if called with

785

a non-`int` argument.

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

786

"""

787

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

788

with pytest.raises(TypeError):

789

context.set_options(None)

Jean-Paul Calderone

40569ca

2010-07-30 18:04:58 -0400

[diff] [blame]

790

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

791

def test_set_options(self):

792

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

793

`Context.set_options` returns the new options value.

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

794

"""

795

context = Context(TLSv1_METHOD)

796

options = context.set_options(OP_NO_SSLv2)

Alex Gaynor

2310f8b

2016-09-10 14:39:32 -0400

[diff] [blame]

797

assert options & OP_NO_SSLv2 == OP_NO_SSLv2

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

798

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

799

def test_set_mode_wrong_args(self):

800

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

801

`Context.set_mode` raises `TypeError` if called with

802

a non-`int` argument.

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

803

"""

804

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

805

with pytest.raises(TypeError):

806

context.set_mode(None)

Guillermo Gonzalez

74a2c29

2011-08-29 16:16:58 -0300

[diff] [blame]

807

Alex Gaynor

d3b5d9b

2016-07-31 10:54:24 -0400

[diff] [blame]

808

def test_set_mode(self):

809

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

810

`Context.set_mode` accepts a mode bitvector and returns the

Alex Gaynor

d3b5d9b

2016-07-31 10:54:24 -0400

[diff] [blame]

811

newly set mode.

812

"""

813

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

814

assert MODE_RELEASE_BUFFERS & context.set_mode(MODE_RELEASE_BUFFERS)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

815

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

816

def test_set_timeout_wrong_args(self):

817

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

818

`Context.set_timeout` raises `TypeError` if called with

819

a non-`int` argument.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

820

"""

821

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

822

with pytest.raises(TypeError):

823

context.set_timeout(None)

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

824

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

825

def test_timeout(self):

826

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

827

`Context.set_timeout` sets the session timeout for all connections

828

created using the context object. `Context.get_timeout` retrieves

829

this value.

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

830

"""

831

context = Context(TLSv1_METHOD)

832

context.set_timeout(1234)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

833

assert context.get_timeout() == 1234

Jean-Paul Calderone

2010-07-30 18:09:41 -0400

[diff] [blame]

834

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

835

def test_set_verify_depth_wrong_args(self):

836

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

837

`Context.set_verify_depth` raises `TypeError` if called with a

838

non-`int` argument.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

839

"""

840

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

841

with pytest.raises(TypeError):

842

context.set_verify_depth(None)

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

843

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

844

def test_verify_depth(self):

845

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

846

`Context.set_verify_depth` sets the number of certificates in

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

847

a chain to follow before giving up. The value can be retrieved with

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

848

`Context.get_verify_depth`.

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

849

"""

850

context = Context(TLSv1_METHOD)

851

context.set_verify_depth(11)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

852

assert context.get_verify_depth() == 11

Jean-Paul Calderone

2010-07-30 18:22:06 -0400

[diff] [blame]

853

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

854

def _write_encrypted_pem(self, passphrase, tmpfile):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

855

"""

856

Write a new private key out to a new file, encrypted using the given

857

passphrase. Return the path to the new file.

858

"""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

859

key = PKey()

Paul Kehrer

2020-08-03 15:54:20 -0500

[diff] [blame^]

860

key.generate_key(TYPE_RSA, 1024)

Jean-Paul Calderone

a986883

2010-08-22 21:38:34 -0400

[diff] [blame]

861

pem = dump_privatekey(FILETYPE_PEM, key, "blowfish", passphrase)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

862

with open(tmpfile, "w") as fObj:

863

fObj.write(pem.decode("ascii"))

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

864

return tmpfile

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

865

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

866

def test_set_passwd_cb_wrong_args(self):

867

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

868

`Context.set_passwd_cb` raises `TypeError` if called with a

869

non-callable first argument.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

870

"""

871

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

872

with pytest.raises(TypeError):

873

context.set_passwd_cb(None)

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

874

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

875

def test_set_passwd_cb(self, tmpfile):

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

876

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

877

`Context.set_passwd_cb` accepts a callable which will be invoked when

878

a private key is loaded from an encrypted PEM.

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

879

"""

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

880

passphrase = b"foobar"

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

881

pemFile = self._write_encrypted_pem(passphrase, tmpfile)

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

882

calledWith = []

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

883

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

884

def passphraseCallback(maxlen, verify, extra):

885

calledWith.append((maxlen, verify, extra))

886

return passphrase

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

887

Jean-Paul Calderone

2008-04-26 18:06:54 -0400

[diff] [blame]

888

context = Context(TLSv1_METHOD)

889

context.set_passwd_cb(passphraseCallback)

890

context.use_privatekey_file(pemFile)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

891

assert len(calledWith) == 1

892

assert isinstance(calledWith[0][0], int)

893

assert isinstance(calledWith[0][1], int)

894

assert calledWith[0][2] is None

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

895

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

896

def test_passwd_callback_exception(self, tmpfile):

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

897

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

898

`Context.use_privatekey_file` propagates any exception raised

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

899

by the passphrase callback.

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

900

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

901

pemFile = self._write_encrypted_pem(b"monkeys are nice", tmpfile)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

902

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

903

def passphraseCallback(maxlen, verify, extra):

904

raise RuntimeError("Sorry, I am a fail.")

905

906

context = Context(TLSv1_METHOD)

907

context.set_passwd_cb(passphraseCallback)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

908

with pytest.raises(RuntimeError):

909

context.use_privatekey_file(pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

910

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

911

def test_passwd_callback_false(self, tmpfile):

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

912

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

913

`Context.use_privatekey_file` raises `OpenSSL.SSL.Error` if the

914

passphrase callback returns a false value.

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

915

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

916

pemFile = self._write_encrypted_pem(b"monkeys are nice", tmpfile)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

917

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

918

def passphraseCallback(maxlen, verify, extra):

Jean-Paul Calderone

4f0467a

2014-01-11 11:58:41 -0500

[diff] [blame]

919

return b""

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

920

921

context = Context(TLSv1_METHOD)

922

context.set_passwd_cb(passphraseCallback)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

923

with pytest.raises(Error):

924

context.use_privatekey_file(pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

925

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

926

def test_passwd_callback_non_string(self, tmpfile):

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

927

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

928

`Context.use_privatekey_file` raises `OpenSSL.SSL.Error` if the

929

passphrase callback returns a true non-string value.

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

930

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

931

pemFile = self._write_encrypted_pem(b"monkeys are nice", tmpfile)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

932

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

933

def passphraseCallback(maxlen, verify, extra):

934

return 10

935

936

context = Context(TLSv1_METHOD)

937

context.set_passwd_cb(passphraseCallback)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

938

# TODO: Surely this is the wrong error?

939

with pytest.raises(ValueError):

940

context.use_privatekey_file(pemFile)

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

941

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

942

def test_passwd_callback_too_long(self, tmpfile):

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

943

"""

944

If the passphrase returned by the passphrase callback returns a string

945

longer than the indicated maximum length, it is truncated.

946

"""

947

# A priori knowledge!

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

948

passphrase = b"x" * 1024

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

949

pemFile = self._write_encrypted_pem(passphrase, tmpfile)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

950

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

951

def passphraseCallback(maxlen, verify, extra):

952

assert maxlen == 1024

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

953

return passphrase + b"y"

Jean-Paul Calderone

2010-07-30 17:57:53 -0400

[diff] [blame]

954

955

context = Context(TLSv1_METHOD)

956

context.set_passwd_cb(passphraseCallback)

957

# This shall succeed because the truncated result is the correct

958

# passphrase.

959

context.use_privatekey_file(pemFile)

960

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

961

def test_set_info_callback(self):

962

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

963

`Context.set_info_callback` accepts a callable which will be

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

964

invoked when certain information about an SSL connection is available.

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

965

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

966

(server, client) = socket_pair()

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

967

968

clientSSL = Connection(Context(TLSv1_METHOD), client)

969

clientSSL.set_connect_state()

970

971

called = []

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

972

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

973

def info(conn, where, ret):

974

called.append((conn, where, ret))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

975

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

976

context = Context(TLSv1_METHOD)

977

context.set_info_callback(info)

978

context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

979

load_certificate(FILETYPE_PEM, cleartextCertificatePEM)

980

)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

981

context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

982

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)

983

)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

984

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

985

serverSSL = Connection(context, server)

986

serverSSL.set_accept_state()

987

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

988

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-04-26 19:06:28 -0400

[diff] [blame]

989

Jean-Paul Calderone

3835e52

2014-02-02 11:12:30 -0500

[diff] [blame]

990

# The callback must always be called with a Connection instance as the

991

# first argument. It would probably be better to split this into

992

# separate tests for client and server side info callbacks so we could

993

# assert it is called with the right Connection instance. It would

994

# also be good to assert *something* about `where` and `ret`.

Jean-Paul Calderone

f2bbc9c

2014-02-02 10:59:14 -0500

[diff] [blame]

995

notConnections = [

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

996

conn

997

for (conn, where, ret) in called

998

if not isinstance(conn, Connection)

]

assert (

[] == notConnections

), "Some info callback arguments were not Connection instances."

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1003

Maximilian Hils

b2bca41

2020-07-28 16:31:22 +0200

[diff] [blame]

1004

@pytest.mark.skipif(

1005

not getattr(_lib, "Cryptography_HAS_KEYLOG", None),

1006

reason="SSL_CTX_set_keylog_callback unavailable",

1007

)

1008

def test_set_keylog_callback(self):

1009

"""

1010

`Context.set_keylog_callback` accepts a callable which will be

1011

invoked when key material is generated or received.

"""

called = []

def keylog(conn, line):

1016

called.append((conn, line))

1017

1018

server_context = Context(TLSv1_METHOD)

1019

server_context.set_keylog_callback(keylog)

1020

server_context.use_certificate(

1021

load_certificate(FILETYPE_PEM, cleartextCertificatePEM)

1022

)

1023

server_context.use_privatekey(

1024

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)

1025

)

1026

1027

client_context = Context(TLSv1_METHOD)

1028

1029

self._handshake_test(server_context, client_context)

1030

1031

assert called

1032

assert all(isinstance(conn, Connection) for conn, line in called)

1033

assert all(b"CLIENT_RANDOM" in line for conn, line in called)

1034

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1035

def _load_verify_locations_test(self, *args):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

1036

"""

1037

Create a client context which will verify the peer certificate and call

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1038

its `load_verify_locations` method with the given arguments.

Jean-Paul Calderone

64efa2c

2011-09-11 10:00:09 -0400

[diff] [blame]

1039

Then connect it to a server and ensure that the handshake succeeds.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

1040

"""

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

1041

(server, client) = socket_pair()

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1042

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1043

clientContext = Context(TLSv1_METHOD)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1044

clientContext.load_verify_locations(*args)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1045

# Require that the server certificate verify properly or the

1046

# connection will fail.

1047

clientContext.set_verify(

1048

VERIFY_PEER,

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1049

lambda conn, cert, errno, depth, preverify_ok: preverify_ok,

1050

)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1051

1052

clientSSL = Connection(clientContext, client)

1053

clientSSL.set_connect_state()

1054

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1055

serverContext = Context(TLSv1_METHOD)

1056

serverContext.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1057

load_certificate(FILETYPE_PEM, cleartextCertificatePEM)

1058

)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1059

serverContext.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1060

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)

1061

)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1062

1063

serverSSL = Connection(serverContext, server)

1064

serverSSL.set_accept_state()

1065

Jean-Paul Calderone

f874203

2010-09-25 00:00:32 -0400

[diff] [blame]

1066

# Without load_verify_locations above, the handshake

1067

# will fail:

1068

# Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',

1069

# 'certificate verify failed')]

1070

handshake(clientSSL, serverSSL)

Jean-Paul Calderone

2008-09-07 20:17:17 -0400

[diff] [blame]

1071

1072

cert = clientSSL.get_peer_certificate()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1073

assert cert.get_subject().CN == "Testing Root CA"

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

1074

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1075

def _load_verify_cafile(self, cafile):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1076

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1077

Verify that if path to a file containing a certificate is passed to

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1078

`Context.load_verify_locations` for the ``cafile`` parameter, that

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1079

certificate is used as a trust root for the purposes of verifying

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1080

connections created using that `Context`.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1081

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1082

with open(cafile, "w") as fObj:

1083

fObj.write(cleartextCertificatePEM.decode("ascii"))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1084

1085

self._load_verify_locations_test(cafile)

1086

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1087

def test_load_verify_bytes_cafile(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1088

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1089

`Context.load_verify_locations` accepts a file name as a `bytes`

1090

instance and uses the certificates within for verification purposes.

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1091

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1092

cafile = tmpfile + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1093

self._load_verify_cafile(cafile)

1094

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1095

def test_load_verify_unicode_cafile(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1096

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1097

`Context.load_verify_locations` accepts a file name as a `unicode`

1098

instance and uses the certificates within for verification purposes.

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1099

"""

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1100

self._load_verify_cafile(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1101

tmpfile.decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1102

)

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1103

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1104

def test_load_verify_invalid_file(self, tmpfile):

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

1105

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1106

`Context.load_verify_locations` raises `Error` when passed a

1107

non-existent cafile.

Jean-Paul Calderone

5075fce

2008-09-07 20:18:55 -0400

[diff] [blame]

1108

"""

1109

clientContext = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1110

with pytest.raises(Error):

1111

clientContext.load_verify_locations(tmpfile)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1112

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1113

def _load_verify_directory_locations_capath(self, capath):

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1114

"""

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1115

Verify that if path to a directory containing certificate files is

1116

passed to ``Context.load_verify_locations`` for the ``capath``

1117

parameter, those certificates are used as trust roots for the purposes

1118

of verifying connections created using that ``Context``.

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1119

"""

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1120

makedirs(capath)

Jean-Paul Calderone

24dfb33

2011-05-04 18:10:26 -0400

[diff] [blame]

1121

# Hash values computed manually with c_rehash to avoid depending on

1122

# c_rehash in the test suite. One is from OpenSSL 0.9.8, the other

1123

# from OpenSSL 1.0.0.

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1124

for name in [b"c7adac82.0", b"c3705638.0"]:

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

1125

cafile = join_bytes_or_unicode(capath, name)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1126

with open(cafile, "w") as fObj:

1127

fObj.write(cleartextCertificatePEM.decode("ascii"))

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1128

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1129

self._load_verify_locations_test(None, capath)

1130

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1131

def test_load_verify_directory_bytes_capath(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1132

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1133

`Context.load_verify_locations` accepts a directory name as a `bytes`

1134

instance and uses the certificates within for verification purposes.

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1135

"""

1136

self._load_verify_directory_locations_capath(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1137

tmpfile + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1138

)

1139

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1140

def test_load_verify_directory_unicode_capath(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1141

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1142

`Context.load_verify_locations` accepts a directory name as a `unicode`

1143

instance and uses the certificates within for verification purposes.

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1144

"""

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1145

self._load_verify_directory_locations_capath(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1146

tmpfile.decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 11:26:47 -0400

[diff] [blame]

1147

)

Jean-Paul Calderone

2015-04-12 09:20:31 -0400

[diff] [blame]

1148

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1149

def test_load_verify_locations_wrong_args(self):

1150

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1151

`Context.load_verify_locations` raises `TypeError` if with non-`str`

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

1152

arguments.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1153

"""

1154

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1155

with pytest.raises(TypeError):

1156

context.load_verify_locations(object())

1157

with pytest.raises(TypeError):

1158

context.load_verify_locations(object(), object())

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1159

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1160

@pytest.mark.skipif(

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1161

not platform.startswith("linux"),

1162

reason="Loading fallback paths is a linux-specific behavior to "

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1163

"accommodate pyca/cryptography manylinux1 wheels",

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1164

)

1165

def test_fallback_default_verify_paths(self, monkeypatch):

1166

"""

1167

Test that we load certificates successfully on linux from the fallback

1168

path. To do this we set the _CRYPTOGRAPHY_MANYLINUX1_CA_FILE and

1169

_CRYPTOGRAPHY_MANYLINUX1_CA_DIR vars to be equal to whatever the

1170

current OpenSSL default is and we disable

1171

SSL_CTX_SET_default_verify_paths so that it can't find certs unless

1172

it loads via fallback.

1173

"""

1174

context = Context(TLSv1_METHOD)

1175

monkeypatch.setattr(

1176

_lib, "SSL_CTX_set_default_verify_paths", lambda x: 1

)

monkeypatch.setattr(

SSL,

"_CRYPTOGRAPHY_MANYLINUX1_CA_FILE",

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1181

_ffi.string(_lib.X509_get_default_cert_file()),

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

)

monkeypatch.setattr(

SSL,

"_CRYPTOGRAPHY_MANYLINUX1_CA_DIR",

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1186

_ffi.string(_lib.X509_get_default_cert_dir()),

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1187

)

1188

context.set_default_verify_paths()

1189

store = context.get_cert_store()

1190

sk_obj = _lib.X509_STORE_get0_objects(store._store)

1191

assert sk_obj != _ffi.NULL

1192

num = _lib.sk_X509_OBJECT_num(sk_obj)

1193

assert num != 0

1194

1195

def test_check_env_vars(self, monkeypatch):

1196

"""

1197

Test that we return True/False appropriately if the env vars are set.

1198

"""

1199

context = Context(TLSv1_METHOD)

1200

dir_var = "CUSTOM_DIR_VAR"

1201

file_var = "CUSTOM_FILE_VAR"

1202

assert context._check_env_vars_set(dir_var, file_var) is False

1203

monkeypatch.setenv(dir_var, "value")

1204

monkeypatch.setenv(file_var, "value")

1205

assert context._check_env_vars_set(dir_var, file_var) is True

1206

assert context._check_env_vars_set(dir_var, file_var) is True

1207

1208

def test_verify_no_fallback_if_env_vars_set(self, monkeypatch):

1209

"""

1210

Test that we don't use the fallback path if env vars are set.

1211

"""

1212

context = Context(TLSv1_METHOD)

1213

monkeypatch.setattr(

1214

_lib, "SSL_CTX_set_default_verify_paths", lambda x: 1

1215

)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1216

dir_env_var = _ffi.string(_lib.X509_get_default_cert_dir_env()).decode(

1217

"ascii"

1218

)

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1219

file_env_var = _ffi.string(

1220

_lib.X509_get_default_cert_file_env()

1221

).decode("ascii")

1222

monkeypatch.setenv(dir_env_var, "value")

1223

monkeypatch.setenv(file_env_var, "value")

1224

context.set_default_verify_paths()

1225

1226

monkeypatch.setattr(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1227

context, "_fallback_default_verify_paths", raiser(SystemError)

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1228

)

1229

context.set_default_verify_paths()

1230

1231

@pytest.mark.skipif(

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1232

platform == "win32",

1233

reason="set_default_verify_paths appears not to work on Windows. "

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1234

"See LP#404343 and LP#404344.",

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1235

)

1236

def test_set_default_verify_paths(self):

1237

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1238

`Context.set_default_verify_paths` causes the platform-specific CA

1239

certificate locations to be used for verification purposes.

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1240

"""

1241

# Testing this requires a server with a certificate signed by one

1242

# of the CAs in the platform CA location. Getting one of those

1243

# costs money. Fortunately (or unfortunately, depending on your

1244

# perspective), it's easy to think of a public server on the

1245

# internet which has such a certificate. Connecting to the network

1246

# in a unit test is bad, but it's the only way I can think of to

1247

# really test this. -exarkun

Hynek Schlawack

bf88793

2015-10-21 17:13:47 +0200

[diff] [blame]

1248

context = Context(SSLv23_METHOD)

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1249

context.set_default_verify_paths()

1250

context.set_verify(

1251

VERIFY_PEER,

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1252

lambda conn, cert, errno, depth, preverify_ok: preverify_ok,

1253

)

Jean-Paul Calderone

2008-09-07 20:58:50 -0400

[diff] [blame]

1254

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

1255

client = socket_any_family()

Hynek Schlawack

bf88793

2015-10-21 17:13:47 +0200

[diff] [blame]

1256

client.connect(("encrypted.google.com", 443))

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1257

clientSSL = Connection(context, client)

1258

clientSSL.set_connect_state()

Alex Gaynor

373926c

2018-05-12 07:43:07 -0400

[diff] [blame]

1259

clientSSL.set_tlsext_host_name(b"encrypted.google.com")

Hynek Schlawack

2015-09-05 19:19:32 +0200

[diff] [blame]

1260

clientSSL.do_handshake()

1261

clientSSL.send(b"GET / HTTP/1.0\r\n\r\n")

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1262

assert clientSSL.recv(1024)

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

1263

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1264

def test_fallback_path_is_not_file_or_dir(self):

1265

"""

1266

Test that when passed empty arrays or paths that do not exist no

1267

errors are raised.

1268

"""

1269

context = Context(TLSv1_METHOD)

1270

context._fallback_default_verify_paths([], [])

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1271

context._fallback_default_verify_paths(["/not/a/file"], ["/not/a/dir"])

Paul Kehrer

2017-06-29 18:44:08 -0500

[diff] [blame]

1272

Jean-Paul Calderone

12608a8

2009-11-07 10:35:15 -0500

[diff] [blame]

1273

def test_add_extra_chain_cert_invalid_cert(self):

1274

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1275

`Context.add_extra_chain_cert` raises `TypeError` if called with an

1276

object which is not an instance of `X509`.

Jean-Paul Calderone

12608a8

2009-11-07 10:35:15 -0500

[diff] [blame]

1277

"""

1278

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1279

with pytest.raises(TypeError):

1280

context.add_extra_chain_cert(object())

Jean-Paul Calderone

12608a8

2009-11-07 10:35:15 -0500

[diff] [blame]

1281

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1282

def _handshake_test(self, serverContext, clientContext):

1283

"""

1284

Verify that a client and server created with the given contexts can

1285

successfully handshake and communicate.

1286

"""

1287

serverSocket, clientSocket = socket_pair()

1288

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1289

server = Connection(serverContext, serverSocket)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1290

server.set_accept_state()

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1291

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1292

client = Connection(clientContext, clientSocket)

1293

client.set_connect_state()

1294

1295

# Make them talk to each other.

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1296

# interact_in_memory(client, server)

1297

for _ in range(3):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1298

for s in [client, server]:

1299

try:

1300

s.do_handshake()

1301

except WantReadError:

1302

pass

1303

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1304

def test_set_verify_callback_connection_argument(self):

1305

"""

1306

The first argument passed to the verify callback is the

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1307

`Connection` instance for which verification is taking place.

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1308

"""

1309

serverContext = Context(TLSv1_METHOD)

1310

serverContext.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1311

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)

1312

)

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1313

serverContext.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1314

load_certificate(FILETYPE_PEM, cleartextCertificatePEM)

1315

)

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1316

serverConnection = Connection(serverContext, None)

1317

1318

class VerifyCallback(object):

1319

def callback(self, connection, *args):

1320

self.connection = connection

1321

return 1

1322

1323

verify = VerifyCallback()

1324

clientContext = Context(TLSv1_METHOD)

1325

clientContext.set_verify(VERIFY_PEER, verify.callback)

1326

clientConnection = Connection(clientContext, None)

1327

clientConnection.set_connect_state()

1328

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1329

handshake_in_memory(clientConnection, serverConnection)

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1330

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1331

assert verify.connection is clientConnection

Jean-Paul Calderone

2014-04-02 21:09:08 -0400

[diff] [blame]

1332

Paul Kehrer

e738186

2017-11-30 20:55:25 +0800

[diff] [blame]

1333

def test_x509_in_verify_works(self):

1334

"""

1335

We had a bug where the X509 cert instantiated in the callback wrapper

1336

didn't __init__ so it was missing objects needed when calling

1337

get_subject. This test sets up a handshake where we call get_subject

1338

on the cert provided to the verify callback.

1339

"""

1340

serverContext = Context(TLSv1_METHOD)

1341

serverContext.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1342

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)

1343

)

Paul Kehrer

e738186

2017-11-30 20:55:25 +0800

[diff] [blame]

1344

serverContext.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1345

load_certificate(FILETYPE_PEM, cleartextCertificatePEM)

1346

)

Paul Kehrer

e738186

2017-11-30 20:55:25 +0800

[diff] [blame]

1347

serverConnection = Connection(serverContext, None)

1348

1349

def verify_cb_get_subject(conn, cert, errnum, depth, ok):

1350

assert cert.get_subject()

1351

return 1

1352

1353

clientContext = Context(TLSv1_METHOD)

1354

clientContext.set_verify(VERIFY_PEER, verify_cb_get_subject)

1355

clientConnection = Connection(clientContext, None)

1356

clientConnection.set_connect_state()

1357

1358

handshake_in_memory(clientConnection, serverConnection)

1359

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1360

def test_set_verify_callback_exception(self):

1361

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1362

If the verify callback passed to `Context.set_verify` raises an

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1363

exception, verification fails and the exception is propagated to the

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1364

caller of `Connection.do_handshake`.

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1365

"""

Paul Kehrer

2019-01-21 12:24:02 -0600

[diff] [blame]

1366

serverContext = Context(TLSv1_2_METHOD)

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1367

serverContext.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1368

load_privatekey(FILETYPE_PEM, cleartextPrivateKeyPEM)

1369

)

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1370

serverContext.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1371

load_certificate(FILETYPE_PEM, cleartextCertificatePEM)

1372

)

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1373

Paul Kehrer

2019-01-21 12:24:02 -0600

[diff] [blame]

1374

clientContext = Context(TLSv1_2_METHOD)

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

1375

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1376

def verify_callback(*args):

1377

raise Exception("silly verify failure")

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1378

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1379

clientContext.set_verify(VERIFY_PEER, verify_callback)

1380

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

1381

with pytest.raises(Exception) as exc:

1382

self._handshake_test(serverContext, clientContext)

1383

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1384

assert "silly verify failure" == str(exc.value)

Jean-Paul Calderone

2013-03-06 20:54:38 -0800

[diff] [blame]

1385

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1386

def test_add_extra_chain_cert(self, tmpdir):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1387

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1388

`Context.add_extra_chain_cert` accepts an `X509`

Hynek Schlawack

4813c0e

2015-04-16 13:38:01 -0400

[diff] [blame]

1389

instance to add to the certificate chain.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1390

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1391

See `_create_certificate_chain` for the details of the

Hynek Schlawack

4813c0e

2015-04-16 13:38:01 -0400

[diff] [blame]

1392

certificate chain tested.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1393

1394

The chain is tested by starting a server with scert and connecting

1395

to it with a client which trusts cacert and requires verification to

1396

succeed.

1397

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1398

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1399

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1400

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1401

# Dump the CA certificate to a file because that's the only way to load

1402

# it as a trusted CA in the client context.

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

for cert, name in [

(cacert, "ca.pem"),

(icert, "i.pem"),

(scert, "s.pem"),

]:

with tmpdir.join(name).open("w") as f:

1409

f.write(dump_certificate(FILETYPE_PEM, cert).decode("ascii"))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1410

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1411

for key, name in [(cakey, "ca.key"), (ikey, "i.key"), (skey, "s.key")]:

1412

with tmpdir.join(name).open("w") as f:

1413

f.write(dump_privatekey(FILETYPE_PEM, key).decode("ascii"))

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1414

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1415

# Create the server context

1416

serverContext = Context(TLSv1_METHOD)

1417

serverContext.use_privatekey(skey)

1418

serverContext.use_certificate(scert)

Jean-Paul Calderone

16cf03d

2010-09-08 18:53:39 -0400

[diff] [blame]

1419

# The client already has cacert, we only need to give them icert.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1420

serverContext.add_extra_chain_cert(icert)

1421

Jean-Paul Calderone

2010-07-31 14:56:20 -0400

[diff] [blame]

1422

# Create the client

1423

clientContext = Context(TLSv1_METHOD)

1424

clientContext.set_verify(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1425

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb

1426

)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1427

clientContext.load_verify_locations(str(tmpdir.join("ca.pem")))

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

1428

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1429

# Try it out.

1430

self._handshake_test(serverContext, clientContext)

1431

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1432

def _use_certificate_chain_file_test(self, certdir):

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1433

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1434

Verify that `Context.use_certificate_chain_file` reads a

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1435

certificate chain from a specified file.

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1436

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1437

The chain is tested by starting a server with scert and connecting to

1438

it with a client which trusts cacert and requires verification to

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1439

succeed.

1440

"""

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

1441

chain = _create_certificate_chain()

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1442

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

1443

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1444

makedirs(certdir)

1445

Jean-Paul Calderone

0582673

2015-04-12 11:38:49 -0400

[diff] [blame]

1446

chainFile = join_bytes_or_unicode(certdir, "chain.pem")

1447

caFile = join_bytes_or_unicode(certdir, "ca.pem")

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1448

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1449

# Write out the chain file.

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1450

with open(chainFile, "wb") as fObj:

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1451

# Most specific to least general.

1452

fObj.write(dump_certificate(FILETYPE_PEM, scert))

1453

fObj.write(dump_certificate(FILETYPE_PEM, icert))

1454

fObj.write(dump_certificate(FILETYPE_PEM, cacert))

1455

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1456

with open(caFile, "w") as fObj:

1457

fObj.write(dump_certificate(FILETYPE_PEM, cacert).decode("ascii"))

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1458

1459

serverContext = Context(TLSv1_METHOD)

1460

serverContext.use_certificate_chain_file(chainFile)

1461

serverContext.use_privatekey(skey)

1462

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1463

clientContext = Context(TLSv1_METHOD)

1464

clientContext.set_verify(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1465

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb

1466

)

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1467

clientContext.load_verify_locations(caFile)

Jean-Paul Calderone

2010-08-02 18:25:03 -0400

[diff] [blame]

1468

1469

self._handshake_test(serverContext, clientContext)

1470

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1471

def test_use_certificate_chain_file_bytes(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1472

"""

1473

``Context.use_certificate_chain_file`` accepts the name of a file (as

1474

an instance of ``bytes``) to specify additional certificates to use to

1475

construct and verify a trust chain.

1476

"""

1477

self._use_certificate_chain_file_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1478

tmpfile + NON_ASCII.encode(getfilesystemencoding())

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1479

)

1480

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1481

def test_use_certificate_chain_file_unicode(self, tmpfile):

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1482

"""

1483

``Context.use_certificate_chain_file`` accepts the name of a file (as

1484

an instance of ``unicode``) to specify additional certificates to use

1485

to construct and verify a trust chain.

1486

"""

1487

self._use_certificate_chain_file_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1488

tmpfile.decode(getfilesystemencoding()) + NON_ASCII

Jean-Paul Calderone

2015-04-12 09:51:21 -0400

[diff] [blame]

1489

)

1490

Jean-Paul Calderone

131052e

2013-03-05 11:56:19 -0800

[diff] [blame]

1491

def test_use_certificate_chain_file_wrong_args(self):

1492

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1493

`Context.use_certificate_chain_file` raises `TypeError` if passed a

1494

non-byte string single argument.

Jean-Paul Calderone

131052e

2013-03-05 11:56:19 -0800

[diff] [blame]

1495

"""

1496

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1497

with pytest.raises(TypeError):

1498

context.use_certificate_chain_file(object())

Jean-Paul Calderone

131052e

2013-03-05 11:56:19 -0800

[diff] [blame]

1499

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1500

def test_use_certificate_chain_file_missing_file(self, tmpfile):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1501

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1502

`Context.use_certificate_chain_file` raises `OpenSSL.SSL.Error` when

1503

passed a bad chain file name (for example, the name of a file which

1504

does not exist).

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1505

"""

1506

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1507

with pytest.raises(Error):

1508

context.use_certificate_chain_file(tmpfile)

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1509

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1510

def test_set_verify_mode(self):

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1511

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1512

`Context.get_verify_mode` returns the verify mode flags previously

1513

passed to `Context.set_verify`.

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1514

"""

1515

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1516

assert context.get_verify_mode() == 0

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1517

context.set_verify(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1518

VERIFY_PEER | VERIFY_CLIENT_ONCE, lambda *args: None

1519

)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1520

assert context.get_verify_mode() == (VERIFY_PEER | VERIFY_CLIENT_ONCE)

Jean-Paul Calderone

2010-09-09 18:17:48 -0400

[diff] [blame]

1521

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1522

@pytest.mark.parametrize("mode", [None, 1.0, object(), "mode"])

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1523

def test_set_verify_wrong_mode_arg(self, mode):

1524

"""

1525

`Context.set_verify` raises `TypeError` if the first argument is

1526

not an integer.

1527

"""

1528

context = Context(TLSv1_METHOD)

1529

with pytest.raises(TypeError):

1530

context.set_verify(mode=mode, callback=lambda *args: None)

1531

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1532

@pytest.mark.parametrize("callback", [None, 1.0, "mode", ("foo", "bar")])

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1533

def test_set_verify_wrong_callable_arg(self, callback):

1534

"""

Alex Gaynor

40bc0f1

2018-05-14 14:06:16 -0400

[diff] [blame]

1535

`Context.set_verify` raises `TypeError` if the second argument

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1536

is not callable.

1537

"""

1538

context = Context(TLSv1_METHOD)

1539

with pytest.raises(TypeError):

1540

context.set_verify(mode=VERIFY_PEER, callback=callback)

1541

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1542

def test_load_tmp_dh_wrong_args(self):

1543

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1544

`Context.load_tmp_dh` raises `TypeError` if called with a

1545

non-`str` argument.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1546

"""

1547

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1548

with pytest.raises(TypeError):

1549

context.load_tmp_dh(object())

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1550

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1551

def test_load_tmp_dh_missing_file(self):

1552

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1553

`Context.load_tmp_dh` raises `OpenSSL.SSL.Error` if the

Hynek Schlawack

2015-09-05 19:09:26 +0200

[diff] [blame]

1554

specified file does not exist.

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1555

"""

1556

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1557

with pytest.raises(Error):

1558

context.load_tmp_dh(b"hello")

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1559

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1560

def _load_tmp_dh_test(self, dhfilename):

Jean-Paul Calderone

4e0c43f

2015-04-13 10:15:17 -0400

[diff] [blame]

1561

"""

1562

Verify that calling ``Context.load_tmp_dh`` with the given filename

1563

does not raise an exception.

1564

"""

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1565

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1566

with open(dhfilename, "w") as dhfile:

1567

dhfile.write(dhparam)

1568

Jean-Paul Calderone

2010-09-09 18:43:40 -0400

[diff] [blame]

1569

context.load_tmp_dh(dhfilename)

1570

# XXX What should I assert here? -exarkun

1571

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1572

def test_load_tmp_dh_bytes(self, tmpfile):

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1573

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1574

`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1575

specified file (given as ``bytes``).

1576

"""

1577

self._load_tmp_dh_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1578

tmpfile + NON_ASCII.encode(getfilesystemencoding()),

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1579

)

1580

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1581

def test_load_tmp_dh_unicode(self, tmpfile):

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1582

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1583

`Context.load_tmp_dh` loads Diffie-Hellman parameters from the

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1584

specified file (given as ``unicode``).

1585

"""

1586

self._load_tmp_dh_test(

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1587

tmpfile.decode(getfilesystemencoding()) + NON_ASCII,

Jean-Paul Calderone

2015-04-12 10:13:13 -0400

[diff] [blame]

1588

)

1589

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1590

def test_set_tmp_ecdh(self):

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1591

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1592

`Context.set_tmp_ecdh` sets the elliptic curve for Diffie-Hellman to

1593

the specified curve.

Andy Lutomirski

f05a273

2014-03-13 17:22:25 -0700

[diff] [blame]

1594

"""

1595

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1596

for curve in get_elliptic_curves():

Hynek Schlawack

a07fa8c

2015-10-17 10:15:28 +0200

[diff] [blame]

1597

if curve.name.startswith(u"Oakley-"):

Hynek Schlawack

7408aff

2015-10-17 09:51:16 +0200

[diff] [blame]

1598

# Setting Oakley-EC2N-4 and Oakley-EC2N-3 adds

1599

# ('bignum routines', 'BN_mod_inverse', 'no inverse') to the

1600

# error queue on OpenSSL 1.0.2.

1601

continue

Jean-Paul Calderone

c09fd58

2014-04-18 22:00:10 -0400

[diff] [blame]

1602

# The only easily "assertable" thing is that it does not raise an

1603

# exception.

Jean-Paul Calderone

3e4e335

2014-04-19 09:28:28 -0400

[diff] [blame]

1604

context.set_tmp_ecdh(curve)

Alex Gaynor

12dc084

2014-01-17 12:51:31 -0600

[diff] [blame]

1605

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1606

def test_set_session_cache_mode_wrong_args(self):

1607

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1608

`Context.set_session_cache_mode` raises `TypeError` if called with

1609

a non-integer argument.

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1610

called with other than one integer argument.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1611

"""

1612

context = Context(TLSv1_METHOD)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1613

with pytest.raises(TypeError):

1614

context.set_session_cache_mode(object())

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1615

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1616

def test_session_cache_mode(self):

1617

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1618

`Context.set_session_cache_mode` specifies how sessions are cached.

1619

The setting can be retrieved via `Context.get_session_cache_mode`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1620

"""

1621

context = Context(TLSv1_METHOD)

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

1622

context.set_session_cache_mode(SESS_CACHE_OFF)

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1623

off = context.set_session_cache_mode(SESS_CACHE_BOTH)

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1624

assert SESS_CACHE_OFF == off

1625

assert SESS_CACHE_BOTH == context.get_session_cache_mode()

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

1626

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1627

def test_get_cert_store(self):

1628

"""

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1629

`Context.get_cert_store` returns a `X509Store` instance.

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1630

"""

1631

context = Context(TLSv1_METHOD)

1632

store = context.get_cert_store()

Alex Chan

2017-01-24 15:14:52 +0000

[diff] [blame]

1633

assert isinstance(store, X509Store)

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1634

Jeremy Lainé

2018-05-16 18:33:25 +0200

[diff] [blame]

1635

def test_set_tlsext_use_srtp_not_bytes(self):

1636

"""

1637

`Context.set_tlsext_use_srtp' enables negotiating SRTP keying material.

1638

1639

It raises a TypeError if the list of profiles is not a byte string.

1640

"""

1641

context = Context(TLSv1_METHOD)

1642

with pytest.raises(TypeError):

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1643

context.set_tlsext_use_srtp(text_type("SRTP_AES128_CM_SHA1_80"))

Jeremy Lainé

2018-05-16 18:33:25 +0200

[diff] [blame]

1644

1645

def test_set_tlsext_use_srtp_invalid_profile(self):

1646

"""

1647

`Context.set_tlsext_use_srtp' enables negotiating SRTP keying material.

1648

1649

It raises an Error if the call to OpenSSL fails.

1650

"""

1651

context = Context(TLSv1_METHOD)

1652

with pytest.raises(Error):

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1653

context.set_tlsext_use_srtp(b"SRTP_BOGUS")

Jeremy Lainé

2018-05-16 18:33:25 +0200

[diff] [blame]

1654

1655

def test_set_tlsext_use_srtp_valid(self):

1656

"""

1657

`Context.set_tlsext_use_srtp' enables negotiating SRTP keying material.

1658

1659

It does not return anything.

1660

"""

1661

context = Context(TLSv1_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1662

assert context.set_tlsext_use_srtp(b"SRTP_AES128_CM_SHA1_80") is None

Jeremy Lainé

2018-05-16 18:33:25 +0200

[diff] [blame]

1663

Jean-Paul Calderone

2013-03-05 17:02:26 -0800

[diff] [blame]

1664

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1665

class TestServerNameCallback(object):

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1666

"""

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1667

Tests for `Context.set_tlsext_servername_callback` and its

1668

interaction with `Connection`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1669

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1670

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1671

def test_old_callback_forgotten(self):

1672

"""

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1673

If `Context.set_tlsext_servername_callback` is used to specify

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1674

a new callback, the one it replaces is dereferenced.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1675

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1676

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1677

def callback(connection): # pragma: no cover

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1678

pass

1679

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1680

def replacement(connection): # pragma: no cover

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1681

pass

1682

1683

context = Context(TLSv1_METHOD)

1684

context.set_tlsext_servername_callback(callback)

1685

1686

tracker = ref(callback)

1687

del callback

1688

1689

context.set_tlsext_servername_callback(replacement)

Jean-Paul Calderone

d4033eb

2014-01-11 08:21:46 -0500

[diff] [blame]

1690

1691

# One run of the garbage collector happens to work on CPython. PyPy

1692

# doesn't collect the underlying object until a second run for whatever

1693

# reason. That's fine, it still demonstrates our code has properly

1694

# dropped the reference.

1695

collect()

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1696

collect()

Jean-Paul Calderone

4c1aacd

2014-01-11 08:15:17 -0500

[diff] [blame]

1697

1698

callback = tracker()

1699

if callback is not None:

1700

referrers = get_referrers(callback)

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

1701

if len(referrers) > 1: # pragma: nocover

1702

pytest.fail("Some references remain: %r" % (referrers,))

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1703

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1704

def test_no_servername(self):

1705

"""

1706

When a client specifies no server name, the callback passed to

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1707

`Context.set_tlsext_servername_callback` is invoked and the

1708

result of `Connection.get_servername` is `None`.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1709

"""

1710

args = []

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1711

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1712

def servername(conn):

1713

args.append((conn, conn.get_servername()))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1714

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1715

context = Context(TLSv1_METHOD)

1716

context.set_tlsext_servername_callback(servername)

1717

1718

# Lose our reference to it. The Context is responsible for keeping it

# alive now.

del servername

collect()

# Necessary to actually accept the connection

1724

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1725

context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1726

load_certificate(FILETYPE_PEM, server_cert_pem)

1727

)

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1728

1729

# Do a little connection to trigger the logic

1730

server = Connection(context, None)

1731

server.set_accept_state()

1732

1733

client = Connection(Context(TLSv1_METHOD), None)

1734

client.set_connect_state()

1735

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1736

interact_in_memory(server, client)

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1737

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1738

assert args == [(server, None)]

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1739

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1740

def test_servername(self):

1741

"""

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1742

When a client specifies a server name in its hello message, the

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1743

callback passed to `Contexts.set_tlsext_servername_callback` is

1744

invoked and the result of `Connection.get_servername` is that

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1745

server name.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1746

"""

1747

args = []

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1748

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1749

def servername(conn):

1750

args.append((conn, conn.get_servername()))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1751

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1752

context = Context(TLSv1_METHOD)

1753

context.set_tlsext_servername_callback(servername)

1754

1755

# Necessary to actually accept the connection

1756

context.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

Hynek Schlawack

2015-09-05 20:08:16 +0200

[diff] [blame]

1757

context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1758

load_certificate(FILETYPE_PEM, server_cert_pem)

1759

)

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1760

1761

# Do a little connection to trigger the logic

1762

server = Connection(context, None)

1763

server.set_accept_state()

1764

1765

client = Connection(Context(TLSv1_METHOD), None)

1766

client.set_connect_state()

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

1767

client.set_tlsext_host_name(b"foo1.example.com")

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1768

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1769

interact_in_memory(server, client)

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1770

Alex Chan

2016-11-05 13:01:51 +0000

[diff] [blame]

1771

assert args == [(server, b"foo1.example.com")]

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

1772

1773

Paul Kehrer

4d57590

2019-02-26 21:42:12 +0800

[diff] [blame]

1774

@pytest.mark.skipif(

1775

not _lib.Cryptography_HAS_NEXTPROTONEG, reason="NPN is not available"

1776

)

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1777

class TestNextProtoNegotiation(object):

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1778

"""

1779

Test for Next Protocol Negotiation in PyOpenSSL.

1780

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1781

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1782

def test_npn_success(self):

1783

"""

1784

Tests that clients and servers that agree on the negotiated next

1785

protocol can correct establish a connection, and that the agreed

1786

protocol is reported by the connections.

"""

advertise_args = []

select_args = []

def advertise(conn):

advertise_args.append((conn,))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1793

return [b"http/1.1", b"spdy/2"]

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1794

1795

def select(conn, options):

1796

select_args.append((conn, options))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1797

return b"spdy/2"

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1798

1799

server_context = Context(TLSv1_METHOD)

1800

server_context.set_npn_advertise_callback(advertise)

1801

1802

client_context = Context(TLSv1_METHOD)

1803

client_context.set_npn_select_callback(select)

1804

1805

# Necessary to actually accept the connection

1806

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1807

load_privatekey(FILETYPE_PEM, server_key_pem)

1808

)

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1809

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1810

load_certificate(FILETYPE_PEM, server_cert_pem)

1811

)

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1812

1813

# Do a little connection to trigger the logic

1814

server = Connection(server_context, None)

1815

server.set_accept_state()

1816

1817

client = Connection(client_context, None)

1818

client.set_connect_state()

1819

1820

interact_in_memory(server, client)

1821

1822

assert advertise_args == [(server,)]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1823

assert select_args == [(client, [b"http/1.1", b"spdy/2"])]

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1824

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1825

assert server.get_next_proto_negotiated() == b"spdy/2"

1826

assert client.get_next_proto_negotiated() == b"spdy/2"

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1827

1828

def test_npn_client_fail(self):

1829

"""

1830

Tests that when clients and servers cannot agree on what protocol

1831

to use next that the TLS connection does not get established.

"""

advertise_args = []

select_args = []

def advertise(conn):

advertise_args.append((conn,))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1838

return [b"http/1.1", b"spdy/2"]

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1839

1840

def select(conn, options):

1841

select_args.append((conn, options))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1842

return b""

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1843

1844

server_context = Context(TLSv1_METHOD)

1845

server_context.set_npn_advertise_callback(advertise)

1846

1847

client_context = Context(TLSv1_METHOD)

1848

client_context.set_npn_select_callback(select)

1849

1850

# Necessary to actually accept the connection

1851

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1852

load_privatekey(FILETYPE_PEM, server_key_pem)

1853

)

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1854

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1855

load_certificate(FILETYPE_PEM, server_cert_pem)

1856

)

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1857

1858

# Do a little connection to trigger the logic

1859

server = Connection(server_context, None)

1860

server.set_accept_state()

1861

1862

client = Connection(client_context, None)

1863

client.set_connect_state()

1864

1865

# If the client doesn't return anything, the connection will fail.

1866

with pytest.raises(Error):

1867

interact_in_memory(server, client)

1868

1869

assert advertise_args == [(server,)]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1870

assert select_args == [(client, [b"http/1.1", b"spdy/2"])]

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1871

1872

def test_npn_select_error(self):

1873

"""

1874

Test that we can handle exceptions in the select callback. If

1875

select fails it should be fatal to the connection.

"""

advertise_args = []

def advertise(conn):

advertise_args.append((conn,))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1881

return [b"http/1.1", b"spdy/2"]

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1882

1883

def select(conn, options):

1884

raise TypeError

1885

1886

server_context = Context(TLSv1_METHOD)

1887

server_context.set_npn_advertise_callback(advertise)

1888

1889

client_context = Context(TLSv1_METHOD)

1890

client_context.set_npn_select_callback(select)

1891

1892

# Necessary to actually accept the connection

1893

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1894

load_privatekey(FILETYPE_PEM, server_key_pem)

1895

)

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1896

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1897

load_certificate(FILETYPE_PEM, server_cert_pem)

1898

)

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1899

1900

# Do a little connection to trigger the logic

1901

server = Connection(server_context, None)

1902

server.set_accept_state()

1903

1904

client = Connection(client_context, None)

1905

client.set_connect_state()

1906

1907

# If the callback throws an exception it should be raised here.

1908

with pytest.raises(TypeError):

1909

interact_in_memory(server, client)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1910

assert advertise_args == [

1911

(server,),

1912

]

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1913

1914

def test_npn_advertise_error(self):

1915

"""

1916

Test that we can handle exceptions in the advertise callback. If

1917

advertise fails no NPN is advertised to the client.

"""

select_args = []

def advertise(conn):

raise TypeError

def select(conn, options): # pragma: nocover

Cory Benfield

ba1820d

2015-04-13 17:39:12 -0400

[diff] [blame]

1925

"""

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1926

Assert later that no args are actually appended.

Cory Benfield

ba1820d

2015-04-13 17:39:12 -0400

[diff] [blame]

1927

"""

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1928

select_args.append((conn, options))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1929

return b""

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1930

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1931

server_context = Context(TLSv1_METHOD)

1932

server_context.set_npn_advertise_callback(advertise)

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1933

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1934

client_context = Context(TLSv1_METHOD)

1935

client_context.set_npn_select_callback(select)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1936

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1937

# Necessary to actually accept the connection

1938

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1939

load_privatekey(FILETYPE_PEM, server_key_pem)

1940

)

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1941

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1942

load_certificate(FILETYPE_PEM, server_cert_pem)

1943

)

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1944

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1945

# Do a little connection to trigger the logic

1946

server = Connection(server_context, None)

1947

server.set_accept_state()

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1948

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1949

client = Connection(client_context, None)

1950

client.set_connect_state()

Cory Benfield

2014-03-31 20:30:25 +0100

[diff] [blame]

1951

Alex Chan

2016-11-10 12:18:54 +0000

[diff] [blame]

1952

# If the client doesn't return anything, the connection will fail.

1953

with pytest.raises(TypeError):

1954

interact_in_memory(server, client)

1955

assert select_args == []

Cory Benfield

0ea76e7

2015-03-22 09:05:28 +0000

[diff] [blame]

1956

1957

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

1958

class TestApplicationLayerProtoNegotiation(object):

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1959

"""

1960

Tests for ALPN in PyOpenSSL.

1961

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1962

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1963

def test_alpn_success(self):

1964

"""

1965

Clients and servers that agree on the negotiated ALPN protocol can

1966

correct establish a connection, and the agreed protocol is reported

1967

by the connections.

1968

"""

1969

select_args = []

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1970

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1971

def select(conn, options):

1972

select_args.append((conn, options))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1973

return b"spdy/2"

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

1974

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1975

client_context = Context(TLSv1_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1976

client_context.set_alpn_protos([b"http/1.1", b"spdy/2"])

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1977

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1978

server_context = Context(TLSv1_METHOD)

1979

server_context.set_alpn_select_callback(select)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1980

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1981

# Necessary to actually accept the connection

1982

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1983

load_privatekey(FILETYPE_PEM, server_key_pem)

1984

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1985

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1986

load_certificate(FILETYPE_PEM, server_cert_pem)

1987

)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1988

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1989

# Do a little connection to trigger the logic

1990

server = Connection(server_context, None)

1991

server.set_accept_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1992

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1993

client = Connection(client_context, None)

1994

client.set_connect_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1995

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1996

interact_in_memory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

1997

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

1998

assert select_args == [(server, [b"http/1.1", b"spdy/2"])]

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

1999

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2000

assert server.get_alpn_proto_negotiated() == b"spdy/2"

2001

assert client.get_alpn_proto_negotiated() == b"spdy/2"

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2002

2003

def test_alpn_set_on_connection(self):

2004

"""

2005

The same as test_alpn_success, but setting the ALPN protocols on

2006

the connection rather than the context.

"""

select_args = []

def select(conn, options):

2011

select_args.append((conn, options))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2012

return b"spdy/2"

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2013

2014

# Setup the client context but don't set any ALPN protocols.

2015

client_context = Context(TLSv1_METHOD)

2016

2017

server_context = Context(TLSv1_METHOD)

2018

server_context.set_alpn_select_callback(select)

2019

2020

# Necessary to actually accept the connection

2021

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2022

load_privatekey(FILETYPE_PEM, server_key_pem)

2023

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2024

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2025

load_certificate(FILETYPE_PEM, server_cert_pem)

2026

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2027

2028

# Do a little connection to trigger the logic

2029

server = Connection(server_context, None)

2030

server.set_accept_state()

2031

2032

# Set the ALPN protocols on the client connection.

2033

client = Connection(client_context, None)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2034

client.set_alpn_protos([b"http/1.1", b"spdy/2"])

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2035

client.set_connect_state()

2036

2037

interact_in_memory(server, client)

2038

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2039

assert select_args == [(server, [b"http/1.1", b"spdy/2"])]

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2040

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2041

assert server.get_alpn_proto_negotiated() == b"spdy/2"

2042

assert client.get_alpn_proto_negotiated() == b"spdy/2"

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2043

2044

def test_alpn_server_fail(self):

2045

"""

2046

When clients and servers cannot agree on what protocol to use next

2047

the TLS connection does not get established.

"""

select_args = []

def select(conn, options):

2052

select_args.append((conn, options))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2053

return b""

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2054

2055

client_context = Context(TLSv1_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2056

client_context.set_alpn_protos([b"http/1.1", b"spdy/2"])

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2057

2058

server_context = Context(TLSv1_METHOD)

2059

server_context.set_alpn_select_callback(select)

2060

2061

# Necessary to actually accept the connection

2062

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2063

load_privatekey(FILETYPE_PEM, server_key_pem)

2064

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2065

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2066

load_certificate(FILETYPE_PEM, server_cert_pem)

2067

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2068

2069

# Do a little connection to trigger the logic

2070

server = Connection(server_context, None)

2071

server.set_accept_state()

2072

2073

client = Connection(client_context, None)

2074

client.set_connect_state()

2075

2076

# If the client doesn't return anything, the connection will fail.

2077

with pytest.raises(Error):

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

2078

interact_in_memory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2079

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2080

assert select_args == [(server, [b"http/1.1", b"spdy/2"])]

Cory Benfield

e46fa84

2015-04-13 16:50:49 -0400

[diff] [blame]

2081

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2082

def test_alpn_no_server_overlap(self):

2083

"""

2084

A server can allow a TLS handshake to complete without

2085

agreeing to an application protocol by returning

2086

``NO_OVERLAPPING_PROTOCOLS``.

2087

"""

2088

refusal_args = []

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2089

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2090

def refusal(conn, options):

2091

refusal_args.append((conn, options))

2092

return NO_OVERLAPPING_PROTOCOLS

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2093

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2094

client_context = Context(SSLv23_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2095

client_context.set_alpn_protos([b"http/1.1", b"spdy/2"])

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2096

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2097

server_context = Context(SSLv23_METHOD)

2098

server_context.set_alpn_select_callback(refusal)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2099

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2100

# Necessary to actually accept the connection

2101

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2102

load_privatekey(FILETYPE_PEM, server_key_pem)

2103

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2104

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2105

load_certificate(FILETYPE_PEM, server_cert_pem)

2106

)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2107

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2108

# Do a little connection to trigger the logic

2109

server = Connection(server_context, None)

2110

server.set_accept_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2111

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2112

client = Connection(client_context, None)

2113

client.set_connect_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2114

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2115

# Do the dance.

2116

interact_in_memory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2117

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2118

assert refusal_args == [(server, [b"http/1.1", b"spdy/2"])]

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2119

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2120

assert client.get_alpn_proto_negotiated() == b""

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2121

2122

def test_alpn_select_cb_returns_invalid_value(self):

2123

"""

2124

If the ALPN selection callback returns anything other than

2125

a bytestring or ``NO_OVERLAPPING_PROTOCOLS``, a

2126

:py:exc:`TypeError` is raised.

"""

invalid_cb_args = []

def invalid_cb(conn, options):

2131

invalid_cb_args.append((conn, options))

2132

return u"can't return unicode"

2133

2134

client_context = Context(SSLv23_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2135

client_context.set_alpn_protos([b"http/1.1", b"spdy/2"])

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2136

2137

server_context = Context(SSLv23_METHOD)

2138

server_context.set_alpn_select_callback(invalid_cb)

2139

2140

# Necessary to actually accept the connection

2141

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2142

load_privatekey(FILETYPE_PEM, server_key_pem)

2143

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2144

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2145

load_certificate(FILETYPE_PEM, server_cert_pem)

2146

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2147

2148

# Do a little connection to trigger the logic

2149

server = Connection(server_context, None)

2150

server.set_accept_state()

2151

2152

client = Connection(client_context, None)

2153

client.set_connect_state()

2154

2155

# Do the dance.

2156

with pytest.raises(TypeError):

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

2157

interact_in_memory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2158

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2159

assert invalid_cb_args == [(server, [b"http/1.1", b"spdy/2"])]

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2160

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2161

assert client.get_alpn_proto_negotiated() == b""

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2162

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2163

def test_alpn_no_server(self):

2164

"""

2165

When clients and servers cannot agree on what protocol to use next

2166

because the server doesn't offer ALPN, no protocol is negotiated.

2167

"""

2168

client_context = Context(TLSv1_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2169

client_context.set_alpn_protos([b"http/1.1", b"spdy/2"])

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2170

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2171

server_context = Context(TLSv1_METHOD)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2172

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2173

# Necessary to actually accept the connection

2174

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2175

load_privatekey(FILETYPE_PEM, server_key_pem)

2176

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2177

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2178

load_certificate(FILETYPE_PEM, server_cert_pem)

2179

)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2180

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2181

# Do a little connection to trigger the logic

2182

server = Connection(server_context, None)

2183

server.set_accept_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2184

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2185

client = Connection(client_context, None)

2186

client.set_connect_state()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2187

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2188

# Do the dance.

2189

interact_in_memory(server, client)

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2190

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2191

assert client.get_alpn_proto_negotiated() == b""

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2192

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2193

def test_alpn_callback_exception(self):

2194

"""

2195

We can handle exceptions in the ALPN select callback.

2196

"""

2197

select_args = []

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2198

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2199

def select(conn, options):

2200

select_args.append((conn, options))

2201

raise TypeError()

Cory Benfield

2014-06-07 15:42:56 +0100

[diff] [blame]

2202

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2203

client_context = Context(TLSv1_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2204

client_context.set_alpn_protos([b"http/1.1", b"spdy/2"])

Mark Williams

2019-11-17 19:56:26 -0800

[diff] [blame]

2205

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2206

server_context = Context(TLSv1_METHOD)

2207

server_context.set_alpn_select_callback(select)

Mark Williams

2019-11-17 19:56:26 -0800

[diff] [blame]

2208

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2209

# Necessary to actually accept the connection

2210

server_context.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2211

load_privatekey(FILETYPE_PEM, server_key_pem)

2212

)

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2213

server_context.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2214

load_certificate(FILETYPE_PEM, server_cert_pem)

2215

)

Mark Williams

2019-11-17 19:56:26 -0800

[diff] [blame]

2216

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2217

# Do a little connection to trigger the logic

2218

server = Connection(server_context, None)

2219

server.set_accept_state()

Mark Williams

2019-11-17 19:56:26 -0800

[diff] [blame]

2220

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2221

client = Connection(client_context, None)

2222

client.set_connect_state()

Mark Williams

2019-11-17 19:56:26 -0800

[diff] [blame]

2223

Alex Gaynor

2020-04-07 13:40:59 -0400

[diff] [blame]

2224

with pytest.raises(TypeError):

Mark Williams

2019-11-17 19:56:26 -0800

[diff] [blame]

2225

interact_in_memory(server, client)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2226

assert select_args == [(server, [b"http/1.1", b"spdy/2"])]

Cory Benfield

0f7b04c

2015-04-13 17:51:12 -0400

[diff] [blame]

2227

Cory Benfield

f1177e7

2015-04-12 09:11:49 -0400

[diff] [blame]

2228

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

2229

class TestSession(object):

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

2230

"""

2231

Unit tests for :py:obj:`OpenSSL.SSL.Session`.

2232

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2233

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

2234

def test_construction(self):

2235

"""

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2236

:py:class:`Session` can be constructed with no arguments, creating

2237

a new instance of that type.

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

2238

"""

2239

new_session = Session()

Alex Chan

2016-11-10 14:11:45 +0000

[diff] [blame]

2240

assert isinstance(new_session, Session)

Jean-Paul Calderone

2012-02-13 09:10:15 -0500

[diff] [blame]

2241

2242

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2243

class TestConnection(object):

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2244

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2245

Unit tests for `OpenSSL.SSL.Connection`.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2246

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2247

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

2248

# XXX get_peer_certificate -> None

2249

# XXX sock_shutdown

2250

# XXX master_key -> TypeError

2251

# XXX server_random -> TypeError

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

2252

# XXX connect -> TypeError

2253

# XXX connect_ex -> TypeError

2254

# XXX set_connect_state -> TypeError

2255

# XXX set_accept_state -> TypeError

Jean-Paul Calderone

541eaf2

2010-09-09 18:55:08 -0400

[diff] [blame]

2256

# XXX do_handshake -> TypeError

2257

# XXX bio_read -> TypeError

2258

# XXX recv -> TypeError

2259

# XXX send -> TypeError

2260

# XXX bio_write -> TypeError

2261

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2262

def test_type(self):

2263

"""

Alex Gaynor

01f90a1

2019-02-07 09:14:48 -0500

[diff] [blame]

2264

`Connection` can be used to create instances of that type.

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2265

"""

2266

ctx = Context(TLSv1_METHOD)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2267

assert is_consistent_type(Connection, "Connection", ctx, None)

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

2268

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2269

@pytest.mark.parametrize("bad_context", [object(), "context", None, 1])

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

2270

def test_wrong_args(self, bad_context):

2271

"""

2272

`Connection.__init__` raises `TypeError` if called with a non-`Context`

2273

instance argument.

2274

"""

2275

with pytest.raises(TypeError):

2276

Connection(bad_context)

2277

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2278

@pytest.mark.parametrize("bad_bio", [object(), None, 1, [1, 2, 3]])

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

2279

def test_bio_write_wrong_args(self, bad_bio):

2280

"""

2281

`Connection.bio_write` raises `TypeError` if called with a non-bytes

2282

(or text) argument.

2283

"""

2284

context = Context(TLSv1_METHOD)

2285

connection = Connection(context, None)

2286

with pytest.raises(TypeError):

2287

connection.bio_write(bad_bio)

2288

2289

def test_bio_write(self):

2290

"""

2291

`Connection.bio_write` does not raise if called with bytes or

2292

bytearray, warns if called with text.

2293

"""

2294

context = Context(TLSv1_METHOD)

2295

connection = Connection(context, None)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2296

connection.bio_write(b"xy")

2297

connection.bio_write(bytearray(b"za"))

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

2298

with pytest.warns(DeprecationWarning):

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2299

connection.bio_write(u"deprecated")

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

2300

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

2301

def test_get_context(self):

2302

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2303

`Connection.get_context` returns the `Context` instance used to

2304

construct the `Connection` instance.

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

2305

"""

2306

context = Context(TLSv1_METHOD)

2307

connection = Connection(context, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2308

assert connection.get_context() is context

Jean-Paul Calderone

4fd058a

2009-11-22 11:46:42 -0500

[diff] [blame]

2309

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2310

def test_set_context_wrong_args(self):

2311

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2312

`Connection.set_context` raises `TypeError` if called with a

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

2313

non-`Context` instance argument.

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2314

"""

2315

ctx = Context(TLSv1_METHOD)

2316

connection = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2317

with pytest.raises(TypeError):

2318

connection.set_context(object())

2319

with pytest.raises(TypeError):

2320

connection.set_context("hello")

2321

with pytest.raises(TypeError):

2322

connection.set_context(1)

2323

assert ctx is connection.get_context()

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2324

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2325

def test_set_context(self):

2326

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2327

`Connection.set_context` specifies a new `Context` instance to be

2328

used for the connection.

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2329

"""

2330

original = Context(SSLv23_METHOD)

2331

replacement = Context(TLSv1_METHOD)

2332

connection = Connection(original, None)

2333

connection.set_context(replacement)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2334

assert replacement is connection.get_context()

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2335

# Lose our references to the contexts, just in case the Connection

2336

# isn't properly managing its own contributions to their reference

2337

# counts.

Jean-Paul Calderone

2011-05-25 22:30:21 -0400

[diff] [blame]

2338

del original, replacement

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2339

collect()

2340

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2341

def test_set_tlsext_host_name_wrong_args(self):

2342

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2343

If `Connection.set_tlsext_host_name` is called with a non-byte string

2344

argument or a byte string with an embedded NUL, `TypeError` is raised.

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2345

"""

2346

conn = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2347

with pytest.raises(TypeError):

2348

conn.set_tlsext_host_name(object())

2349

with pytest.raises(TypeError):

2350

conn.set_tlsext_host_name(b"with\0null")

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2351

Hugo van Kemenade

60827f8

2019-08-30 00:39:35 +0300

[diff] [blame]

2352

if not PY2:

Jean-Paul Calderone

2011-05-26 18:47:00 -0400

[diff] [blame]

2353

# On Python 3.x, don't accidentally implicitly convert from text.

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2354

with pytest.raises(TypeError):

2355

conn.set_tlsext_host_name(b"example.com".decode("ascii"))

Jean-Paul Calderone

871a4d8

2011-05-26 19:24:02 -0400

[diff] [blame]

2356

Jean-Paul Calderone

1d69a72

2010-07-29 09:05:53 -0400

[diff] [blame]

2357

def test_pending(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2358

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2359

`Connection.pending` returns the number of bytes available for

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2360

immediate read.

2361

"""

Jean-Paul Calderone

1d69a72

2010-07-29 09:05:53 -0400

[diff] [blame]

2362

connection = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2363

assert connection.pending() == 0

Jean-Paul Calderone

1d69a72

2010-07-29 09:05:53 -0400

[diff] [blame]

2364

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

2365

def test_peek(self):

2366

"""

Hynek Schlawack

3bcf315

2017-02-18 08:25:34 +0100

[diff] [blame]

2367

`Connection.recv` peeks into the connection if `socket.MSG_PEEK` is

2368

passed.

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

2369

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2370

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2371

server.send(b"xy")

2372

assert client.recv(2, MSG_PEEK) == b"xy"

2373

assert client.recv(2, MSG_PEEK) == b"xy"

2374

assert client.recv(2) == b"xy"

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

2375

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2376

def test_connect_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2377

"""

Hynek Schlawack

3bcf315

2017-02-18 08:25:34 +0100

[diff] [blame]

2378

`Connection.connect` raises `TypeError` if called with a non-address

2379

argument.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2380

"""

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2381

connection = Connection(Context(TLSv1_METHOD), socket_any_family())

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2382

with pytest.raises(TypeError):

2383

connection.connect(None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2384

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2385

def test_connect_refused(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2386

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2387

`Connection.connect` raises `socket.error` if the underlying socket

2388

connect method raises it.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2389

"""

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2390

client = socket_any_family()

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2391

context = Context(TLSv1_METHOD)

2392

clientSSL = Connection(context, client)

Alex Gaynor

122717b

2015-09-05 14:14:18 -0400

[diff] [blame]

2393

# pytest.raises here doesn't work because of a bug in py.test on Python

2394

# 2.6: https://github.com/pytest-dev/pytest/issues/988

Alex Gaynor

e69c278

2015-09-05 14:07:48 -0400

[diff] [blame]

2395

try:

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2396

clientSSL.connect((loopback_address(client), 1))

Alex Gaynor

e69c278

2015-09-05 14:07:48 -0400

[diff] [blame]

2397

except error as e:

Alex Gaynor

20a4c08

2015-09-05 14:24:15 -0400

[diff] [blame]

2398

exc = e

2399

assert exc.args[0] == ECONNREFUSED

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2400

2401

def test_connect(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2402

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2403

`Connection.connect` establishes a connection to the specified address.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2404

"""

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2405

port = socket_any_family()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2406

port.bind(("", 0))

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2407

port.listen(3)

2408

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2409

clientSSL = Connection(Context(TLSv1_METHOD), socket(port.family))

2410

clientSSL.connect((loopback_address(port), port.getsockname()[1]))

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

2411

# XXX An assertion? Or something?

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2412

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2413

@pytest.mark.skipif(

2414

platform == "darwin",

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2415

reason="connect_ex sometimes causes a kernel panic on OS X 10.6.4",

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2416

)

2417

def test_connect_ex(self):

2418

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2419

If there is a connection error, `Connection.connect_ex` returns the

2420

errno instead of raising an exception.

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2421

"""

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2422

port = socket_any_family()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2423

port.bind(("", 0))

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2424

port.listen(3)

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2425

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2426

clientSSL = Connection(Context(TLSv1_METHOD), socket(port.family))

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2427

clientSSL.setblocking(False)

2428

result = clientSSL.connect_ex(port.getsockname())

2429

expected = (EINPROGRESS, EWOULDBLOCK)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2430

assert result in expected

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2431

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2432

def test_accept(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2433

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2434

`Connection.accept` accepts a pending connection attempt and returns a

2435

tuple of a new `Connection` (the accepted client) and the address the

2436

connection originated from.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2437

"""

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2438

ctx = Context(TLSv1_METHOD)

2439

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2440

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2441

port = socket_any_family()

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2442

portSSL = Connection(ctx, port)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2443

portSSL.bind(("", 0))

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2444

portSSL.listen(3)

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2445

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2446

clientSSL = Connection(Context(TLSv1_METHOD), socket(port.family))

Jean-Paul Calderone

b6e0fd9

2010-09-19 09:22:13 -0400

[diff] [blame]

2447

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2448

# Calling portSSL.getsockname() here to get the server IP address

2449

# sounds great, but frequently fails on Windows.

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2450

clientSSL.connect((loopback_address(port), portSSL.getsockname()[1]))

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2451

Jean-Paul Calderone

2010-07-29 09:49:59 -0400

[diff] [blame]

2452

serverSSL, address = portSSL.accept()

2453

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2454

assert isinstance(serverSSL, Connection)

2455

assert serverSSL.get_context() is ctx

2456

assert address == clientSSL.getsockname()

Jean-Paul Calderone

2010-07-29 09:45:07 -0400

[diff] [blame]

2457

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2458

def test_shutdown_wrong_args(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2459

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2460

`Connection.set_shutdown` raises `TypeError` if called with arguments

2461

other than integers.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2462

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2463

connection = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2464

with pytest.raises(TypeError):

2465

connection.set_shutdown(None)

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2466

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2467

def test_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2468

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2469

`Connection.shutdown` performs an SSL-level connection shutdown.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2470

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2471

server, client = loopback()

2472

assert not server.shutdown()

2473

assert server.get_shutdown() == SENT_SHUTDOWN

2474

with pytest.raises(ZeroReturnError):

2475

client.recv(1024)

2476

assert client.get_shutdown() == RECEIVED_SHUTDOWN

Jean-Paul Calderone

e4f6b47

2010-07-29 22:50:58 -0400

[diff] [blame]

2477

client.shutdown()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2478

assert client.get_shutdown() == (SENT_SHUTDOWN | RECEIVED_SHUTDOWN)

2479

with pytest.raises(ZeroReturnError):

2480

server.recv(1024)

2481

assert server.get_shutdown() == (SENT_SHUTDOWN | RECEIVED_SHUTDOWN)

Jean-Paul Calderone

2010-07-29 22:38:42 -0400

[diff] [blame]

2482

Paul Aurich

2015-01-08 08:34:33 -0800

[diff] [blame]

2483

def test_shutdown_closed(self):

2484

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2485

If the underlying socket is closed, `Connection.shutdown` propagates

2486

the write error from the low level write call.

Paul Aurich

2015-01-08 08:34:33 -0800

[diff] [blame]

2487

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2488

server, client = loopback()

Paul Aurich

2015-01-08 08:34:33 -0800

[diff] [blame]

2489

server.sock_shutdown(2)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2490

with pytest.raises(SysCallError) as exc:

2491

server.shutdown()

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

2492

if platform == "win32":

2493

assert exc.value.args[0] == ESHUTDOWN

2494

else:

2495

assert exc.value.args[0] == EPIPE

Paul Aurich

2015-01-08 08:34:33 -0800

[diff] [blame]

2496

Glyph

2015-04-14 17:29:26 -0400

[diff] [blame]

2497

def test_shutdown_truncated(self):

Glyph

6064ec3

2015-04-14 16:38:22 -0400

[diff] [blame]

2498

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2499

If the underlying connection is truncated, `Connection.shutdown`

2500

raises an `Error`.

Glyph

6064ec3

2015-04-14 16:38:22 -0400

[diff] [blame]

2501

"""

Glyph

2015-04-14 17:29:26 -0400

[diff] [blame]

2502

server_ctx = Context(TLSv1_METHOD)

2503

client_ctx = Context(TLSv1_METHOD)

2504

server_ctx.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2505

load_privatekey(FILETYPE_PEM, server_key_pem)

2506

)

Glyph

2015-04-14 17:29:26 -0400

[diff] [blame]

2507

server_ctx.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2508

load_certificate(FILETYPE_PEM, server_cert_pem)

2509

)

Glyph

2015-04-14 17:29:26 -0400

[diff] [blame]

2510

server = Connection(server_ctx, None)

2511

client = Connection(client_ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2512

handshake_in_memory(client, server)

2513

assert not server.shutdown()

2514

with pytest.raises(WantReadError):

2515

server.shutdown()

Glyph

2015-04-14 17:29:26 -0400

[diff] [blame]

2516

server.bio_shutdown()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2517

with pytest.raises(Error):

2518

server.shutdown()

Glyph

6064ec3

2015-04-14 16:38:22 -0400

[diff] [blame]

2519

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2520

def test_set_shutdown(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2521

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2522

`Connection.set_shutdown` sets the state of the SSL connection

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2523

shutdown process.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2524

"""

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

2525

connection = Connection(Context(TLSv1_METHOD), socket_any_family())

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2526

connection.set_shutdown(RECEIVED_SHUTDOWN)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2527

assert connection.get_shutdown() == RECEIVED_SHUTDOWN

Jean-Paul Calderone

c89eef2

2010-07-29 22:51:58 -0400

[diff] [blame]

2528

kjav

2015-09-07 12:14:01 +0100

[diff] [blame]

2529

def test_state_string(self):

2530

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2531

`Connection.state_string` verbosely describes the current state of

2532

the `Connection`.

kjav

2015-09-07 12:14:01 +0100

[diff] [blame]

2533

"""

Hynek Schlawack

b0274ce

2015-10-16 19:56:26 +0200

[diff] [blame]

2534

server, client = socket_pair()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2535

server = loopback_server_factory(server)

2536

client = loopback_client_factory(client)

kjav

2015-09-07 12:14:01 +0100

[diff] [blame]

2537

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2538

assert server.get_state_string() in [

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2539

b"before/accept initialization",

2540

b"before SSL initialization",

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2541

]

2542

assert client.get_state_string() in [

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2543

b"before/connect initialization",

2544

b"before SSL initialization",

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2545

]

kjav

2015-09-07 12:14:01 +0100

[diff] [blame]

2546

Jean-Paul Calderone

2010-07-29 09:51:06 -0400

[diff] [blame]

2547

def test_app_data(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2548

"""

2549

Any object can be set as app data by passing it to

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2550

`Connection.set_app_data` and later retrieved with

2551

`Connection.get_app_data`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2552

"""

Jean-Paul Calderone

2010-07-29 09:51:06 -0400

[diff] [blame]

2553

conn = Connection(Context(TLSv1_METHOD), None)

Todd Chapman

4f73e4f

2015-08-27 11:26:43 -0400

[diff] [blame]

2554

assert None is conn.get_app_data()

Jean-Paul Calderone

2010-07-29 09:51:06 -0400

[diff] [blame]

2555

app_data = object()

2556

conn.set_app_data(app_data)

Todd Chapman

4f73e4f

2015-08-27 11:26:43 -0400

[diff] [blame]

2557

assert conn.get_app_data() is app_data

Jean-Paul Calderone

2010-07-29 09:51:06 -0400

[diff] [blame]

2558

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2559

def test_makefile(self):

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2560

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2561

`Connection.makefile` is not implemented and calling that

2562

method raises `NotImplementedError`.

Jean-Paul Calderone

2010-09-08 22:59:37 -0400

[diff] [blame]

2563

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

2564

conn = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2565

with pytest.raises(NotImplementedError):

2566

conn.makefile()

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2567

Jeremy Lainé

460a19d

2018-05-16 19:44:19 +0200

[diff] [blame]

2568

def test_get_certificate(self):

2569

"""

2570

`Connection.get_certificate` returns the local certificate.

2571

"""

2572

chain = _create_certificate_chain()

2573

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

2574

2575

context = Context(TLSv1_METHOD)

2576

context.use_certificate(scert)

2577

client = Connection(context, None)

2578

cert = client.get_certificate()

2579

assert cert is not None

2580

assert "Server Certificate" == cert.get_subject().CN

2581

2582

def test_get_certificate_none(self):

2583

"""

2584

`Connection.get_certificate` returns the local certificate.

2585

2586

If there is no certificate, it returns None.

2587

"""

2588

context = Context(TLSv1_METHOD)

2589

client = Connection(context, None)

2590

cert = client.get_certificate()

2591

assert cert is None

2592

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2593

def test_get_peer_cert_chain(self):

2594

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2595

`Connection.get_peer_cert_chain` returns a list of certificates

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2596

which the connected server returned for the certification verification.

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2597

"""

2598

chain = _create_certificate_chain()

2599

[(cakey, cacert), (ikey, icert), (skey, scert)] = chain

2600

2601

serverContext = Context(TLSv1_METHOD)

2602

serverContext.use_privatekey(skey)

2603

serverContext.use_certificate(scert)

2604

serverContext.add_extra_chain_cert(icert)

2605

serverContext.add_extra_chain_cert(cacert)

2606

server = Connection(serverContext, None)

2607

server.set_accept_state()

2608

2609

# Create the client

2610

clientContext = Context(TLSv1_METHOD)

2611

clientContext.set_verify(VERIFY_NONE, verify_cb)

2612

client = Connection(clientContext, None)

2613

client.set_connect_state()

2614

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2615

interact_in_memory(client, server)

Jean-Paul Calderone

2011-05-19 21:43:46 -0400

[diff] [blame]

2616

2617

chain = client.get_peer_cert_chain()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2618

assert len(chain) == 3

2619

assert "Server Certificate" == chain[0].get_subject().CN

2620

assert "Intermediate Certificate" == chain[1].get_subject().CN

2621

assert "Authority Certificate" == chain[2].get_subject().CN

Jean-Paul Calderone

24a4243

2011-05-19 22:21:18 -0400

[diff] [blame]

2622

Jean-Paul Calderone

24a4243

2011-05-19 22:21:18 -0400

[diff] [blame]

2623

def test_get_peer_cert_chain_none(self):

2624

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2625

`Connection.get_peer_cert_chain` returns `None` if the peer sends

2626

no certificate chain.

Jean-Paul Calderone

24a4243

2011-05-19 22:21:18 -0400

[diff] [blame]

2627

"""

2628

ctx = Context(TLSv1_METHOD)

2629

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

2630

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

2631

server = Connection(ctx, None)

2632

server.set_accept_state()

2633

client = Connection(Context(TLSv1_METHOD), None)

2634

client.set_connect_state()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2635

interact_in_memory(client, server)

2636

assert None is server.get_peer_cert_chain()

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2637

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2638

def test_get_session_unconnected(self):

2639

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2640

`Connection.get_session` returns `None` when used with an object

2641

which has not been connected.

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2642

"""

2643

ctx = Context(TLSv1_METHOD)

2644

server = Connection(ctx, None)

2645

session = server.get_session()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2646

assert None is session

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2647

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2648

def test_server_get_session(self):

2649

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2650

On the server side of a connection, `Connection.get_session` returns a

2651

`Session` instance representing the SSL session for that connection.

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2652

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2653

server, client = loopback()

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2654

session = server.get_session()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2655

assert isinstance(session, Session)

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2656

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2657

def test_client_get_session(self):

2658

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2659

On the client side of a connection, `Connection.get_session`

2660

returns a `Session` instance representing the SSL session for

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2661

that connection.

2662

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2663

server, client = loopback()

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2664

session = client.get_session()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2665

assert isinstance(session, Session)

Jean-Paul Calderone

2012-02-13 11:53:49 -0500

[diff] [blame]

2666

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2667

def test_set_session_wrong_args(self):

2668

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2669

`Connection.set_session` raises `TypeError` if called with an object

2670

that is not an instance of `Session`.

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2671

"""

2672

ctx = Context(TLSv1_METHOD)

2673

connection = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2674

with pytest.raises(TypeError):

2675

connection.set_session(123)

2676

with pytest.raises(TypeError):

2677

connection.set_session("hello")

2678

with pytest.raises(TypeError):

2679

connection.set_session(object())

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2680

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2681

def test_client_set_session(self):

2682

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2683

`Connection.set_session`, when used prior to a connection being

2684

established, accepts a `Session` instance and causes an attempt to

2685

re-use the session it represents when the SSL handshake is performed.

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2686

"""

2687

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2688

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

Paul Kehrer

2019-01-21 12:24:02 -0600

[diff] [blame]

2689

ctx = Context(TLSv1_2_METHOD)

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2690

ctx.use_privatekey(key)

2691

ctx.use_certificate(cert)

2692

ctx.set_session_id("unity-test")

2693

2694

def makeServer(socket):

2695

server = Connection(ctx, socket)

2696

server.set_accept_state()

2697

return server

2698

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2699

originalServer, originalClient = loopback(server_factory=makeServer)

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2700

originalSession = originalClient.get_session()

2701

2702

def makeClient(socket):

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2703

client = loopback_client_factory(socket)

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2704

client.set_session(originalSession)

2705

return client

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2706

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2707

resumedServer, resumedClient = loopback(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2708

server_factory=makeServer, client_factory=makeClient

2709

)

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2710

2711

# This is a proxy: in general, we have no access to any unique

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2712

# identifier for the session (new enough versions of OpenSSL expose

2713

# a hash which could be usable, but "new enough" is very, very new).

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2714

# Instead, exploit the fact that the master key is re-used if the

Hynek Schlawack

2015-09-05 20:40:19 +0200

[diff] [blame]

2715

# session is re-used. As long as the master key for the two

2716

# connections is the same, the session was re-used!

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2717

assert originalServer.master_key() == resumedServer.master_key()

Jean-Paul Calderone

2012-02-14 16:31:52 -0500

[diff] [blame]

2718

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2719

def test_set_session_wrong_method(self):

2720

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2721

If `Connection.set_session` is passed a `Session` instance associated

2722

with a context using a different SSL method than the `Connection`

2723

is using, a `OpenSSL.SSL.Error` is raised.

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2724

"""

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2725

# Make this work on both OpenSSL 1.0.0, which doesn't support TLSv1.2

2726

# and also on OpenSSL 1.1.0 which doesn't support SSLv3. (SSL_ST_INIT

2727

# is a way to check for 1.1.0)

Alex Gaynor

aa32e71

2017-06-29 20:56:12 -0700

[diff] [blame]

2728

if SSL_ST_INIT is None:

2729

v1 = TLSv1_2_METHOD

2730

v2 = TLSv1_METHOD

2731

elif hasattr(_lib, "SSLv3_method"):

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2732

v1 = TLSv1_METHOD

2733

v2 = SSLv3_METHOD

2734

else:

Alex Gaynor

aa32e71

2017-06-29 20:56:12 -0700

[diff] [blame]

2735

pytest.skip("Test requires either OpenSSL 1.1.0 or SSLv3")

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2736

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2737

key = load_privatekey(FILETYPE_PEM, server_key_pem)

2738

cert = load_certificate(FILETYPE_PEM, server_cert_pem)

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2739

ctx = Context(v1)

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2740

ctx.use_privatekey(key)

2741

ctx.use_certificate(cert)

Paul Kehrer

2020-08-03 15:54:20 -0500

[diff] [blame^]

2742

ctx.set_session_id(b"unity-test")

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2743

2744

def makeServer(socket):

2745

server = Connection(ctx, socket)

2746

server.set_accept_state()

2747

return server

2748

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2749

def makeOriginalClient(socket):

2750

client = Connection(Context(v1), socket)

2751

client.set_connect_state()

2752

return client

2753

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2754

originalServer, originalClient = loopback(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2755

server_factory=makeServer, client_factory=makeOriginalClient

2756

)

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2757

originalSession = originalClient.get_session()

2758

2759

def makeClient(socket):

2760

# Intentionally use a different, incompatible method here.

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

2761

client = Connection(Context(v2), socket)

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2762

client.set_connect_state()

2763

client.set_session(originalSession)

2764

return client

2765

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2766

with pytest.raises(Error):

2767

loopback(client_factory=makeClient, server_factory=makeServer)

Jean-Paul Calderone

2012-02-14 16:51:35 -0500

[diff] [blame]

2768

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2769

def test_wantWriteError(self):

2770

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2771

`Connection` methods which generate output raise

2772

`OpenSSL.SSL.WantWriteError` if writing to the connection's BIO

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2773

fail indicating a should-write state.

2774

"""

2775

client_socket, server_socket = socket_pair()

2776

# Fill up the client's send buffer so Connection won't be able to write

Jean-Paul Calderone

bbff8b9

2014-03-22 14:20:30 -0400

[diff] [blame]

2777

# anything. Only write a single byte at a time so we can be sure we

2778

# completely fill the buffer. Even though the socket API is allowed to

2779

# signal a short write via its return value it seems this doesn't

2780

# always happen on all platforms (FreeBSD and OS X particular) for the

2781

# very last bit of available buffer space.

2782

msg = b"x"

catern

b2777a4

2018-08-09 15:38:13 -0400

[diff] [blame]

2783

for i in range(1024 * 1024 * 64):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2784

try:

2785

client_socket.send(msg)

2786

except error as e:

2787

if e.errno == EWOULDBLOCK:

2788

break

2789

raise

2790

else:

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2791

pytest.fail(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2792

"Failed to fill socket buffer, cannot test BIO want write"

2793

)

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

2794

2795

ctx = Context(TLSv1_METHOD)

2796

conn = Connection(ctx, client_socket)

2797

# Client's speak first, so make it an SSL client

2798

conn.set_connect_state()

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2799

with pytest.raises(WantWriteError):

2800

conn.do_handshake()

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

# XXX want_read

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2804

def test_get_finished_before_connect(self):

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2805

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2806

`Connection.get_finished` returns `None` before TLS handshake

2807

is completed.

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2808

"""

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2809

ctx = Context(TLSv1_METHOD)

2810

connection = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2811

assert connection.get_finished() is None

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2812

2813

def test_get_peer_finished_before_connect(self):

2814

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2815

`Connection.get_peer_finished` returns `None` before TLS handshake

2816

is completed.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2817

"""

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2818

ctx = Context(TLSv1_METHOD)

2819

connection = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2820

assert connection.get_peer_finished() is None

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2821

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2822

def test_get_finished(self):

2823

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2824

`Connection.get_finished` method returns the TLS Finished message send

2825

from client, or server. Finished messages are send during

Jean-Paul Calderone

5b05b48

2014-03-30 11:28:54 -0400

[diff] [blame]

2826

TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2827

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2828

server, client = loopback()

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2829

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2830

assert server.get_finished() is not None

2831

assert len(server.get_finished()) > 0

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2832

2833

def test_get_peer_finished(self):

2834

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2835

`Connection.get_peer_finished` method returns the TLS Finished

Jean-Paul Calderone

5b05b48

2014-03-30 11:28:54 -0400

[diff] [blame]

2836

message received from client, or server. Finished messages are send

2837

during TLS handshake.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2838

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2839

server, client = loopback()

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2840

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2841

assert server.get_peer_finished() is not None

2842

assert len(server.get_peer_finished()) > 0

Fedor Brunner

2014-03-05 14:22:34 +0100

[diff] [blame]

2843

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2844

def test_tls_finished_message_symmetry(self):

2845

"""

Hynek Schlawack

dddd111

2015-09-05 21:12:30 +0200

[diff] [blame]

2846

The TLS Finished message send by server must be the TLS Finished

2847

message received by client.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2848

Hynek Schlawack

dddd111

2015-09-05 21:12:30 +0200

[diff] [blame]

2849

The TLS Finished message send by client must be the TLS Finished

2850

message received by server.

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2851

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2852

server, client = loopback()

Fedor Brunner

2014-03-28 13:18:38 +0100

[diff] [blame]

2853

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2854

assert server.get_finished() == client.get_peer_finished()

2855

assert client.get_finished() == server.get_peer_finished()

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2856

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2857

def test_get_cipher_name_before_connect(self):

2858

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2859

`Connection.get_cipher_name` returns `None` if no connection

2860

has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2861

"""

2862

ctx = Context(TLSv1_METHOD)

2863

conn = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2864

assert conn.get_cipher_name() is None

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2865

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2866

def test_get_cipher_name(self):

2867

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2868

`Connection.get_cipher_name` returns a `unicode` string giving the

2869

name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2870

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2871

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2872

server_cipher_name, client_cipher_name = (

2873

server.get_cipher_name(),

2874

client.get_cipher_name(),

2875

)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2876

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2877

assert isinstance(server_cipher_name, text_type)

2878

assert isinstance(client_cipher_name, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2879

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2880

assert server_cipher_name == client_cipher_name

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2881

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2882

def test_get_cipher_version_before_connect(self):

2883

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2884

`Connection.get_cipher_version` returns `None` if no connection

2885

has been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2886

"""

2887

ctx = Context(TLSv1_METHOD)

2888

conn = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2889

assert conn.get_cipher_version() is None

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2890

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2891

def test_get_cipher_version(self):

2892

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2893

`Connection.get_cipher_version` returns a `unicode` string giving

2894

the protocol name of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2895

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2896

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2897

server_cipher_version, client_cipher_version = (

2898

server.get_cipher_version(),

2899

client.get_cipher_version(),

2900

)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2901

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2902

assert isinstance(server_cipher_version, text_type)

2903

assert isinstance(client_cipher_version, text_type)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2904

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2905

assert server_cipher_version == client_cipher_version

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2906

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2907

def test_get_cipher_bits_before_connect(self):

2908

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2909

`Connection.get_cipher_bits` returns `None` if no connection has

2910

been established.

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2911

"""

2912

ctx = Context(TLSv1_METHOD)

2913

conn = Connection(ctx, None)

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2914

assert conn.get_cipher_bits() is None

Fedor Brunner

2014-03-10 10:35:23 +0100

[diff] [blame]

2915

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2916

def test_get_cipher_bits(self):

2917

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2918

`Connection.get_cipher_bits` returns the number of secret bits

Jean-Paul Calderone

5b05b48

2014-03-30 11:28:54 -0400

[diff] [blame]

2919

of the currently used cipher.

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2920

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2921

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2922

server_cipher_bits, client_cipher_bits = (

2923

server.get_cipher_bits(),

2924

client.get_cipher_bits(),

2925

)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2926

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2927

assert isinstance(server_cipher_bits, int)

2928

assert isinstance(client_cipher_bits, int)

Fedor Brunner

2014-03-03 17:34:41 +0100

[diff] [blame]

2929

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2930

assert server_cipher_bits == client_cipher_bits

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

2931

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2932

def test_get_protocol_version_name(self):

2933

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2934

`Connection.get_protocol_version_name()` returns a string giving the

2935

protocol version of the current connection.

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2936

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2937

server, client = loopback()

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2938

client_protocol_version_name = client.get_protocol_version_name()

2939

server_protocol_version_name = server.get_protocol_version_name()

2940

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2941

assert isinstance(server_protocol_version_name, text_type)

2942

assert isinstance(client_protocol_version_name, text_type)

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2943

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2944

assert server_protocol_version_name == client_protocol_version_name

Jim Shaver

2015-05-27 09:15:55 -0400

[diff] [blame]

2945

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2946

def test_get_protocol_version(self):

2947

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2948

`Connection.get_protocol_version()` returns an integer

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2949

giving the protocol version of the current connection.

2950

"""

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2951

server, client = loopback()

Jim Shaver

85a4dff

2015-04-27 17:42:46 -0400

[diff] [blame]

2952

client_protocol_version = client.get_protocol_version()

2953

server_protocol_version = server.get_protocol_version()

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2954

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2955

assert isinstance(server_protocol_version, int)

2956

assert isinstance(client_protocol_version, int)

Richard J. Moore

2015-01-11 17:04:43 +0000

[diff] [blame]

2957

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2958

assert server_protocol_version == client_protocol_version

2959

2960

def test_wantReadError(self):

2961

"""

2962

`Connection.bio_read` raises `OpenSSL.SSL.WantReadError` if there are

2963

no bytes available to be read from the BIO.

2964

"""

2965

ctx = Context(TLSv1_METHOD)

2966

conn = Connection(ctx, None)

2967

with pytest.raises(WantReadError):

2968

conn.bio_read(1024)

2969

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

2970

@pytest.mark.parametrize("bufsize", [1.0, None, object(), "bufsize"])

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

2971

def test_bio_read_wrong_args(self, bufsize):

2972

"""

2973

`Connection.bio_read` raises `TypeError` if passed a non-integer

2974

argument.

2975

"""

2976

ctx = Context(TLSv1_METHOD)

2977

conn = Connection(ctx, None)

2978

with pytest.raises(TypeError):

2979

conn.bio_read(bufsize)

2980

Alex Chan

2017-01-30 07:13:30 +0000

[diff] [blame]

2981

def test_buffer_size(self):

2982

"""

2983

`Connection.bio_read` accepts an integer giving the maximum number

2984

of bytes to read and return.

2985

"""

2986

ctx = Context(TLSv1_METHOD)

2987

conn = Connection(ctx, None)

2988

conn.set_connect_state()

2989

try:

2990

conn.do_handshake()

2991

except WantReadError:

2992

pass

2993

data = conn.bio_read(2)

2994

assert 2 == len(data)

2995

Jean-Paul Calderone

dbd7627

2014-03-29 18:09:40 -0400

[diff] [blame]

2996

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2997

class TestConnectionGetCipherList(object):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

2998

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

2999

Tests for `Connection.get_cipher_list`.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3000

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3001

Jean-Paul Calderone

2010-07-28 19:14:16 -0400

[diff] [blame]

3002

def test_result(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3003

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3004

`Connection.get_cipher_list` returns a list of `bytes` giving the

3005

names of the ciphers which might be used.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3006

"""

Jean-Paul Calderone

2010-07-28 19:14:16 -0400

[diff] [blame]

3007

connection = Connection(Context(TLSv1_METHOD), None)

3008

ciphers = connection.get_cipher_list()

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3009

assert isinstance(ciphers, list)

Jean-Paul Calderone

2010-07-28 19:14:16 -0400

[diff] [blame]

3010

for cipher in ciphers:

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3011

assert isinstance(cipher, str)

Jean-Paul Calderone

2010-07-28 19:14:16 -0400

[diff] [blame]

3012

3013

Maximilian Hils

2017-02-10 14:56:55 +0100

[diff] [blame]

3014

class VeryLarge(bytes):

3015

"""

3016

Mock object so that we don't have to allocate 2**31 bytes

3017

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3018

Maximilian Hils

2017-02-10 14:56:55 +0100

[diff] [blame]

3019

def __len__(self):

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3020

return 2 ** 31

Maximilian Hils

2017-02-10 14:56:55 +0100

[diff] [blame]

3021

3022

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3023

class TestConnectionSend(object):

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

3024

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3025

Tests for `Connection.send`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

3026

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3027

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

3028

def test_wrong_args(self):

3029

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3030

When called with arguments other than string argument for its first

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3031

parameter, `Connection.send` raises `TypeError`.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

3032

"""

3033

connection = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3034

with pytest.raises(TypeError):

3035

connection.send(object())

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

3036

with pytest.raises(TypeError):

3037

connection.send([1, 2, 3])

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

3038

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

3039

def test_short_bytes(self):

3040

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3041

When passed a short byte string, `Connection.send` transmits all of it

3042

and returns the number of bytes sent.

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

3043

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3044

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3045

count = server.send(b"xy")

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3046

assert count == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3047

assert client.recv(2) == b"xy"

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

3048

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3049

def test_text(self):

3050

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3051

When passed a text, `Connection.send` transmits all of it and

Jean-Paul Calderone

6462b07

2015-03-29 07:03:11 -0400

[diff] [blame]

3052

returns the number of bytes sent. It also raises a DeprecationWarning.

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3053

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3054

server, client = loopback()

3055

with pytest.warns(DeprecationWarning) as w:

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3056

simplefilter("always")

Jean-Paul Calderone

13a0e65

2015-03-29 07:58:51 -0400

[diff] [blame]

3057

count = server.send(b"xy".decode("ascii"))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3058

assert "{0} for buf is no longer accepted, use bytes".format(

3059

WARNING_TYPE_EXPECTED

3060

) == str(w[-1].message)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3061

assert count == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3062

assert client.recv(2) == b"xy"

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3063

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3064

def test_short_memoryview(self):

3065

"""

3066

When passed a memoryview onto a small number of bytes,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3067

`Connection.send` transmits all of them and returns the number

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3068

of bytes sent.

3069

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3070

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3071

count = server.send(memoryview(b"xy"))

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3072

assert count == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3073

assert client.recv(2) == b"xy"

Jean-Paul Calderone

2011-01-05 14:53:43 -0500

[diff] [blame]

3074

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

3075

def test_short_bytearray(self):

3076

"""

3077

When passed a short bytearray, `Connection.send` transmits all of

3078

it and returns the number of bytes sent.

3079

"""

3080

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3081

count = server.send(bytearray(b"xy"))

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

3082

assert count == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3083

assert client.recv(2) == b"xy"

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

3084

Hynek Schlawack

8e94f1b

2015-09-05 21:31:00 +0200

[diff] [blame]

3085

@skip_if_py3

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3086

def test_short_buffer(self):

3087

"""

3088

When passed a buffer containing a small number of bytes,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3089

`Connection.send` transmits all of them and returns the number

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3090

of bytes sent.

3091

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3092

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3093

count = server.send(buffer(b"xy")) # noqa: F821

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3094

assert count == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3095

assert client.recv(2) == b"xy"

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

3096

Maximilian Hils

2017-02-10 14:56:55 +0100

[diff] [blame]

3097

@pytest.mark.skipif(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3098

sys.maxsize < 2 ** 31,

3099

reason="sys.maxsize < 2**31 - test requires 64 bit",

Maximilian Hils

2017-02-10 14:56:55 +0100

[diff] [blame]

3100

)

3101

def test_buf_too_large(self):

3102

"""

3103

When passed a buffer containing >= 2**31 bytes,

3104

`Connection.send` bails out as SSL_write only

3105

accepts an int for the buffer length.

3106

"""

3107

connection = Connection(Context(TLSv1_METHOD), None)

3108

with pytest.raises(ValueError) as exc_info:

3109

connection.send(VeryLarge())

3110

exc_info.match(r"Cannot send more than .+ bytes at once")

3111

Jean-Paul Calderone

691e6c9

2011-01-21 22:04:35 -0500

[diff] [blame]

3112

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3113

def _make_memoryview(size):

3114

"""

3115

Create a new ``memoryview`` wrapped around a ``bytearray`` of the given

3116

size.

3117

"""

3118

return memoryview(bytearray(size))

3119

3120

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3121

class TestConnectionRecvInto(object):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3122

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3123

Tests for `Connection.recv_into`.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3124

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3125

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3126

def _no_length_test(self, factory):

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

3127

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3128

Assert that when the given buffer is passed to `Connection.recv_into`,

3129

whatever bytes are available to be received that fit into that buffer

3130

are written into that buffer.

Jean-Paul Calderone

61559d8

2015-03-15 17:04:50 -0400

[diff] [blame]

3131

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3132

output_buffer = factory(5)

3133

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3134

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3135

server.send(b"xy")

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

3136

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3137

assert client.recv_into(output_buffer) == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3138

assert output_buffer == bytearray(b"xy\x00\x00\x00")

Jean-Paul Calderone

332a85e

2015-03-15 17:02:40 -0400

[diff] [blame]

3139

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

3140

def test_bytearray_no_length(self):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3141

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3142

`Connection.recv_into` can be passed a `bytearray` instance and data

3143

in the receive buffer is written to it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3144

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3145

self._no_length_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3146

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3147

def _respects_length_test(self, factory):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3148

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3149

Assert that when the given buffer is passed to `Connection.recv_into`

3150

along with a value for `nbytes` that is less than the size of that

3151

buffer, only `nbytes` bytes are written into the buffer.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3152

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3153

output_buffer = factory(10)

3154

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3155

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3156

server.send(b"abcdefghij")

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3157

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3158

assert client.recv_into(output_buffer, 5) == 5

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3159

assert output_buffer == bytearray(b"abcde\x00\x00\x00\x00\x00")

Jean-Paul Calderone

c295a2f

2015-03-15 17:11:18 -0400

[diff] [blame]

3160

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

3161

def test_bytearray_respects_length(self):

Jean-Paul Calderone

c295a2f

2015-03-15 17:11:18 -0400

[diff] [blame]

3162

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3163

When called with a `bytearray` instance, `Connection.recv_into`

3164

respects the `nbytes` parameter and doesn't copy in more than that

3165

number of bytes.

Jean-Paul Calderone

c295a2f

2015-03-15 17:11:18 -0400

[diff] [blame]

3166

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3167

self._respects_length_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3168

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3169

def _doesnt_overfill_test(self, factory):

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3170

"""

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

3171

Assert that if there are more bytes available to be read from the

3172

receive buffer than would fit into the buffer passed to

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3173

`Connection.recv_into`, only as many as fit are written into it.

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3174

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3175

output_buffer = factory(5)

3176

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3177

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3178

server.send(b"abcdefghij")

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3179

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3180

assert client.recv_into(output_buffer) == 5

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3181

assert output_buffer == bytearray(b"abcde")

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

3182

rest = client.recv(5)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3183

assert b"fghij" == rest

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

3184

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

3185

def test_bytearray_doesnt_overfill(self):

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

3186

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3187

When called with a `bytearray` instance, `Connection.recv_into`

3188

respects the size of the array and doesn't write more bytes into it

3189

than will fit.

Jean-Paul Calderone

2015-03-15 17:19:39 -0400

[diff] [blame]

3190

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3191

self._doesnt_overfill_test(bytearray)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3192

Jean-Paul Calderone

2015-03-15 17:26:38 -0400

[diff] [blame]

3193

def test_bytearray_really_doesnt_overfill(self):

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

3194

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3195

When called with a `bytearray` instance and an `nbytes` value that is

3196

too large, `Connection.recv_into` respects the size of the array and

3197

not the `nbytes` value and doesn't write more bytes into the buffer

3198

than will fit.

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

3199

"""

Jean-Paul Calderone

2015-03-15 17:32:15 -0400

[diff] [blame]

3200

self._doesnt_overfill_test(bytearray)

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

3201

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

3202

def test_peek(self):

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3203

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3204

server.send(b"xy")

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

3205

3206

for _ in range(2):

3207

output_buffer = bytearray(5)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3208

assert client.recv_into(output_buffer, flags=MSG_PEEK) == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3209

assert output_buffer == bytearray(b"xy\x00\x00\x00")

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

3210

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3211

def test_memoryview_no_length(self):

3212

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3213

`Connection.recv_into` can be passed a `memoryview` instance and data

3214

in the receive buffer is written to it.

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3215

"""

3216

self._no_length_test(_make_memoryview)

Maximilian Hils

2015-08-17 19:27:20 +0200

[diff] [blame]

3217

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3218

def test_memoryview_respects_length(self):

3219

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3220

When called with a `memoryview` instance, `Connection.recv_into`

3221

respects the ``nbytes`` parameter and doesn't copy more than that

3222

number of bytes in.

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3223

"""

3224

self._respects_length_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3225

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3226

def test_memoryview_doesnt_overfill(self):

3227

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3228

When called with a `memoryview` instance, `Connection.recv_into`

3229

respects the size of the array and doesn't write more bytes into it

3230

than will fit.

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3231

"""

3232

self._doesnt_overfill_test(_make_memoryview)

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3233

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3234

def test_memoryview_really_doesnt_overfill(self):

3235

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3236

When called with a `memoryview` instance and an `nbytes` value that is

3237

too large, `Connection.recv_into` respects the size of the array and

3238

not the `nbytes` value and doesn't write more bytes into the buffer

3239

than will fit.

Hynek Schlawack

2015-09-05 21:25:25 +0200

[diff] [blame]

3240

"""

3241

self._doesnt_overfill_test(_make_memoryview)

Jean-Paul Calderone

2015-03-15 17:25:57 -0400

[diff] [blame]

3242

Cory Benfield

2014-06-15 10:03:41 +0100

[diff] [blame]

3243

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3244

class TestConnectionSendall(object):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3245

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3246

Tests for `Connection.sendall`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3247

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3248

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3249

def test_wrong_args(self):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3250

"""

Jean-Paul Calderone

2014-02-02 18:13:31 -0500

[diff] [blame]

3251

When called with arguments other than a string argument for its first

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3252

parameter, `Connection.sendall` raises `TypeError`.

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3253

"""

3254

connection = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3255

with pytest.raises(TypeError):

3256

connection.sendall(object())

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

3257

with pytest.raises(TypeError):

3258

connection.sendall([1, 2, 3])

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3259

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3260

def test_short(self):

3261

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3262

`Connection.sendall` transmits all of the bytes in the string

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

3263

passed to it.

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3264

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3265

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3266

server.sendall(b"x")

3267

assert client.recv(1) == b"x"

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3268

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3269

def test_text(self):

3270

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3271

`Connection.sendall` transmits all the content in the string passed

3272

to it, raising a DeprecationWarning in case of this being a text.

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3273

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3274

server, client = loopback()

3275

with pytest.warns(DeprecationWarning) as w:

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3276

simplefilter("always")

Jean-Paul Calderone

8dc37a1

2015-03-29 08:16:52 -0400

[diff] [blame]

3277

server.sendall(b"x".decode("ascii"))

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3278

assert "{0} for buf is no longer accepted, use bytes".format(

3279

WARNING_TYPE_EXPECTED

3280

) == str(w[-1].message)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3281

assert client.recv(1) == b"x"

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3282

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

3283

def test_short_memoryview(self):

3284

"""

3285

When passed a memoryview onto a small number of bytes,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3286

`Connection.sendall` transmits all of them.

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

3287

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3288

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3289

server.sendall(memoryview(b"x"))

3290

assert client.recv(1) == b"x"

Abraham Martin

2015-03-25 14:06:24 +0000

[diff] [blame]

3291

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

3292

@skip_if_py3

3293

def test_short_buffers(self):

3294

"""

3295

When passed a buffer containing a small number of bytes,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3296

`Connection.sendall` transmits all of them.

Hynek Schlawack

2015-09-05 21:39:50 +0200

[diff] [blame]

3297

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3298

server, client = loopback()

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3299

count = server.sendall(buffer(b"xy")) # noqa: F821

Daniel Holth

2019-11-17 22:45:52 -0500

[diff] [blame]

3300

assert count == 2

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3301

assert client.recv(2) == b"xy"

Markus Unterwaditzer

8e41d02

2014-04-19 12:27:11 +0200

[diff] [blame]

3302

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3303

def test_long(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3304

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3305

`Connection.sendall` transmits all the bytes in the string passed to it

3306

even if this requires multiple calls of an underlying write function.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3307

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3308

server, client = loopback()

Jean-Paul Calderone

6241c70

2010-09-16 19:59:24 -0400

[diff] [blame]

3309

# Should be enough, underlying SSL_write should only do 16k at a time.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3310

# On Windows, after 32k of bytes the write will block (forever

3311

# - because no one is yet reading).

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3312

message = b"x" * (1024 * 32 - 1) + b"y"

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3313

server.sendall(message)

3314

accum = []

3315

received = 0

3316

while received < len(message):

Jean-Paul Calderone

b1f7f5f

2010-08-22 21:40:52 -0400

[diff] [blame]

3317

data = client.recv(1024)

3318

accum.append(data)

3319

received += len(data)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3320

assert message == b"".join(accum)

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3321

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

3322

def test_closed(self):

3323

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3324

If the underlying socket is closed, `Connection.sendall` propagates the

3325

write error from the low level write call.

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

3326

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3327

server, client = loopback()

Jean-Paul Calderone

05d43e8

2010-09-24 18:01:36 -0400

[diff] [blame]

3328

server.sock_shutdown(2)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3329

with pytest.raises(SysCallError) as err:

3330

server.sendall(b"hello, world")

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

3331

if platform == "win32":

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3332

assert err.value.args[0] == ESHUTDOWN

Konstantinos Koukopoulos

541150d

2014-01-31 01:00:19 +0200

[diff] [blame]

3333

else:

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3334

assert err.value.args[0] == EPIPE

Jean-Paul Calderone

974bdc0

2010-07-28 19:06:10 -0400

[diff] [blame]

3335

Jean-Paul Calderone

2010-07-28 18:57:21 -0400

[diff] [blame]

3336

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3337

class TestConnectionRenegotiate(object):

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3338

"""

3339

Tests for SSL renegotiation APIs.

3340

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3341

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

3342

def test_total_renegotiations(self):

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3343

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3344

`Connection.total_renegotiations` returns `0` before any renegotiations

3345

have happened.

Jean-Paul Calderone

2010-09-09 18:04:56 -0400

[diff] [blame]

3346

"""

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

3347

connection = Connection(Context(TLSv1_METHOD), None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3348

assert connection.total_renegotiations() == 0

Jean-Paul Calderone

2010-07-29 22:47:06 -0400

[diff] [blame]

3349

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

3350

def test_renegotiate(self):

3351

"""

3352

Go through a complete renegotiation cycle.

3353

"""

Paul Kehrer

2019-01-21 12:24:02 -0600

[diff] [blame]

3354

server, client = loopback(

3355

lambda s: loopback_server_factory(s, TLSv1_2_METHOD),

3356

lambda s: loopback_client_factory(s, TLSv1_2_METHOD),

3357

)

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3358

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

3359

server.send(b"hello world")

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3360

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

3361

assert b"hello world" == client.recv(len(b"hello world"))

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3362

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

3363

assert 0 == server.total_renegotiations()

3364

assert False is server.renegotiate_pending()

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3365

Hynek Schlawack

2016-02-13 09:10:04 +0100

[diff] [blame]

3366

assert True is server.renegotiate()

3367

3368

assert True is server.renegotiate_pending()

3369

3370

server.setblocking(False)

3371

client.setblocking(False)

3372

3373

client.do_handshake()

3374

server.do_handshake()

3375

3376

assert 1 == server.total_renegotiations()

3377

while False is server.renegotiate_pending():

3378

pass

Jean-Paul Calderone

2010-07-29 09:39:39 -0400

[diff] [blame]

3379

3380

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3381

class TestError(object):

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3382

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3383

Unit tests for `OpenSSL.SSL.Error`.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3384

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3385

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3386

def test_type(self):

3387

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3388

`Error` is an exception type.

Jean-Paul Calderone

2009-07-17 21:14:27 -0400

[diff] [blame]

3389

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3390

assert issubclass(Error, Exception)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3391

assert Error.__name__ == "Error"

Rick Dean

2009-07-09 15:53:42 -0500

[diff] [blame]

3392

3393

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3394

class TestConstants(object):

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3395

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3396

Tests for the values of constants exposed in `OpenSSL.SSL`.

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3397

3398

These are values defined by OpenSSL intended only to be used as flags to

3399

OpenSSL APIs. The only assertions it seems can be made about them is

3400

their values.

3401

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3402

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3403

@pytest.mark.skipif(

3404

OP_NO_QUERY_MTU is None,

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3405

reason="OP_NO_QUERY_MTU unavailable - OpenSSL version may be too old",

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3406

)

3407

def test_op_no_query_mtu(self):

3408

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3409

The value of `OpenSSL.SSL.OP_NO_QUERY_MTU` is 0x1000, the value

3410

of `SSL_OP_NO_QUERY_MTU` defined by `openssl/ssl.h`.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3411

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3412

assert OP_NO_QUERY_MTU == 0x1000

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3413

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3414

@pytest.mark.skipif(

3415

OP_COOKIE_EXCHANGE is None,

3416

reason="OP_COOKIE_EXCHANGE unavailable - "

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3417

"OpenSSL version may be too old",

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3418

)

3419

def test_op_cookie_exchange(self):

3420

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3421

The value of `OpenSSL.SSL.OP_COOKIE_EXCHANGE` is 0x2000, the

3422

value of `SSL_OP_COOKIE_EXCHANGE` defined by `openssl/ssl.h`.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3423

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3424

assert OP_COOKIE_EXCHANGE == 0x2000

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3425

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3426

@pytest.mark.skipif(

3427

OP_NO_TICKET is None,

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3428

reason="OP_NO_TICKET unavailable - OpenSSL version may be too old",

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3429

)

3430

def test_op_no_ticket(self):

3431

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3432

The value of `OpenSSL.SSL.OP_NO_TICKET` is 0x4000, the value of

3433

`SSL_OP_NO_TICKET` defined by `openssl/ssl.h`.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3434

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3435

assert OP_NO_TICKET == 0x4000

Jean-Paul Calderone

2008-12-28 21:55:56 -0500

[diff] [blame]

3436

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3437

@pytest.mark.skipif(

3438

OP_NO_COMPRESSION is None,

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3439

reason=(

3440

"OP_NO_COMPRESSION unavailable - OpenSSL version may be too old"

3441

),

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3442

)

3443

def test_op_no_compression(self):

3444

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3445

The value of `OpenSSL.SSL.OP_NO_COMPRESSION` is 0x20000, the

3446

value of `SSL_OP_NO_COMPRESSION` defined by `openssl/ssl.h`.

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3447

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3448

assert OP_NO_COMPRESSION == 0x20000

Jean-Paul Calderone

c62d4c1

2011-09-08 18:29:32 -0400

[diff] [blame]

3449

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3450

def test_sess_cache_off(self):

3451

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3452

The value of `OpenSSL.SSL.SESS_CACHE_OFF` 0x0, the value of

3453

`SSL_SESS_CACHE_OFF` defined by `openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3454

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3455

assert 0x0 == SESS_CACHE_OFF

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3456

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3457

def test_sess_cache_client(self):

3458

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3459

The value of `OpenSSL.SSL.SESS_CACHE_CLIENT` 0x1, the value of

3460

`SSL_SESS_CACHE_CLIENT` defined by `openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3461

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3462

assert 0x1 == SESS_CACHE_CLIENT

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3463

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3464

def test_sess_cache_server(self):

3465

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3466

The value of `OpenSSL.SSL.SESS_CACHE_SERVER` 0x2, the value of

3467

`SSL_SESS_CACHE_SERVER` defined by `openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3468

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3469

assert 0x2 == SESS_CACHE_SERVER

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3470

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3471

def test_sess_cache_both(self):

3472

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3473

The value of `OpenSSL.SSL.SESS_CACHE_BOTH` 0x3, the value of

3474

`SSL_SESS_CACHE_BOTH` defined by `openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3475

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3476

assert 0x3 == SESS_CACHE_BOTH

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3477

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3478

def test_sess_cache_no_auto_clear(self):

3479

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3480

The value of `OpenSSL.SSL.SESS_CACHE_NO_AUTO_CLEAR` 0x80, the

3481

value of `SSL_SESS_CACHE_NO_AUTO_CLEAR` defined by

3482

`openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3483

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3484

assert 0x80 == SESS_CACHE_NO_AUTO_CLEAR

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3485

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3486

def test_sess_cache_no_internal_lookup(self):

3487

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3488

The value of `OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_LOOKUP` 0x100,

3489

the value of `SSL_SESS_CACHE_NO_INTERNAL_LOOKUP` defined by

3490

`openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3491

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3492

assert 0x100 == SESS_CACHE_NO_INTERNAL_LOOKUP

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3493

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3494

def test_sess_cache_no_internal_store(self):

3495

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3496

The value of `OpenSSL.SSL.SESS_CACHE_NO_INTERNAL_STORE` 0x200,

3497

the value of `SSL_SESS_CACHE_NO_INTERNAL_STORE` defined by

3498

`openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3499

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3500

assert 0x200 == SESS_CACHE_NO_INTERNAL_STORE

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3501

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3502

def test_sess_cache_no_internal(self):

3503

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3504

The value of `OpenSSL.SSL.SESS_CACHE_NO_INTERNAL` 0x300, the

3505

value of `SSL_SESS_CACHE_NO_INTERNAL` defined by

3506

`openssl/ssl.h`.

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3507

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3508

assert 0x300 == SESS_CACHE_NO_INTERNAL

Jean-Paul Calderone

2012-02-08 13:02:49 -0500

[diff] [blame]

3509

3510

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3511

class TestMemoryBIO(object):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3512

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3513

Tests for `OpenSSL.SSL.Connection` using a memory BIO.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3514

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3515

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3516

def _server(self, sock):

3517

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3518

Create a new server-side SSL `Connection` object wrapped around `sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3519

"""

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3520

# Create the server side Connection. This is mostly setup boilerplate

3521

# - use TLSv1, use a particular certificate, etc.

3522

server_ctx = Context(TLSv1_METHOD)

Alex Gaynor

4330778

2015-09-04 09:05:45 -0400

[diff] [blame]

3523

server_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE)

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3524

server_ctx.set_verify(

3525

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT | VERIFY_CLIENT_ONCE,

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3526

verify_cb,

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3527

)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3528

server_store = server_ctx.get_cert_store()

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3529

server_ctx.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3530

load_privatekey(FILETYPE_PEM, server_key_pem)

3531

)

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3532

server_ctx.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3533

load_certificate(FILETYPE_PEM, server_cert_pem)

3534

)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3535

server_ctx.check_privatekey()

3536

server_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3537

# Here the Connection is actually created. If None is passed as the

3538

# 2nd parameter, it indicates a memory BIO should be created.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3539

server_conn = Connection(server_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3540

server_conn.set_accept_state()

3541

return server_conn

3542

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3543

def _client(self, sock):

3544

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3545

Create a new client-side SSL `Connection` object wrapped around `sock`.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3546

"""

3547

# Now create the client side Connection. Similar boilerplate to the

3548

# above.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3549

client_ctx = Context(TLSv1_METHOD)

Alex Gaynor

4330778

2015-09-04 09:05:45 -0400

[diff] [blame]

3550

client_ctx.set_options(OP_NO_SSLv2 | OP_NO_SSLv3 | OP_SINGLE_DH_USE)

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3551

client_ctx.set_verify(

3552

VERIFY_PEER | VERIFY_FAIL_IF_NO_PEER_CERT | VERIFY_CLIENT_ONCE,

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3553

verify_cb,

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3554

)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3555

client_store = client_ctx.get_cert_store()

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3556

client_ctx.use_privatekey(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3557

load_privatekey(FILETYPE_PEM, client_key_pem)

3558

)

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3559

client_ctx.use_certificate(

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3560

load_certificate(FILETYPE_PEM, client_cert_pem)

3561

)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3562

client_ctx.check_privatekey()

3563

client_store.add_cert(load_certificate(FILETYPE_PEM, root_cert_pem))

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3564

client_conn = Connection(client_ctx, sock)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3565

client_conn.set_connect_state()

3566

return client_conn

3567

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3568

def test_memory_connect(self):

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3569

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3570

Two `Connection`s which use memory BIOs can be manually connected by

3571

reading from the output of each and writing those bytes to the input of

3572

the other and in this way establish a connection and exchange

3573

application-level bytes with each other.

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3574

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3575

server_conn = self._server(None)

3576

client_conn = self._client(None)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3577

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3578

# There should be no key or nonces yet.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3579

assert server_conn.master_key() is None

3580

assert server_conn.client_random() is None

3581

assert server_conn.server_random() is None

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3582

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3583

# First, the handshake needs to happen. We'll deliver bytes back and

3584

# forth between the client and server until neither of them feels like

3585

# speaking any more.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3586

assert interact_in_memory(client_conn, server_conn) is None

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3587

3588

# Now that the handshake is done, there should be a key and nonces.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3589

assert server_conn.master_key() is not None

3590

assert server_conn.client_random() is not None

3591

assert server_conn.server_random() is not None

3592

assert server_conn.client_random() == client_conn.client_random()

3593

assert server_conn.server_random() == client_conn.server_random()

3594

assert server_conn.client_random() != server_conn.server_random()

3595

assert client_conn.client_random() != client_conn.server_random()

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3596

Paul Kehrer

2017-12-01 04:54:32 +0800

[diff] [blame]

3597

# Export key material for other uses.

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3598

cekm = client_conn.export_keying_material(b"LABEL", 32)

3599

sekm = server_conn.export_keying_material(b"LABEL", 32)

Paul Kehrer

2017-12-01 04:54:32 +0800

[diff] [blame]

3600

assert cekm is not None

3601

assert sekm is not None

3602

assert cekm == sekm

3603

assert len(sekm) == 32

3604

3605

# Export key material for other uses with additional context.

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3606

cekmc = client_conn.export_keying_material(b"LABEL", 32, b"CONTEXT")

3607

sekmc = server_conn.export_keying_material(b"LABEL", 32, b"CONTEXT")

Paul Kehrer

2017-12-01 04:54:32 +0800

[diff] [blame]

3608

assert cekmc is not None

3609

assert sekmc is not None

3610

assert cekmc == sekmc

3611

assert cekmc != cekm

3612

assert sekmc != sekm

3613

# Export with alternate label

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3614

cekmt = client_conn.export_keying_material(b"test", 32, b"CONTEXT")

3615

sekmt = server_conn.export_keying_material(b"test", 32, b"CONTEXT")

Paul Kehrer

2017-12-01 04:54:32 +0800

[diff] [blame]

3616

assert cekmc != cekmt

3617

assert sekmc != sekmt

3618

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3619

# Here are the bytes we'll try to send.

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3620

important_message = b"One if by land, two if by sea."

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3621

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3622

server_conn.write(important_message)

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3623

assert interact_in_memory(client_conn, server_conn) == (

3624

client_conn,

3625

important_message,

3626

)

Jean-Paul Calderone

2009-04-27 12:59:12 -0400

[diff] [blame]

3627

3628

client_conn.write(important_message[::-1])

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3629

assert interact_in_memory(client_conn, server_conn) == (

3630

server_conn,

3631

important_message[::-1],

3632

)

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3633

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3634

def test_socket_connect(self):

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3635

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3636

Just like `test_memory_connect` but with an actual socket.

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3637

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3638

This is primarily to rule out the memory BIO code as the source of any

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3639

problems encountered while passing data over a `Connection` (if

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3640

this test fails, there must be a problem outside the memory BIO code,

3641

as no memory BIO is involved here). Even though this isn't a memory

3642

BIO test, it's convenient to have it here.

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3643

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3644

server_conn, client_conn = loopback()

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3645

Alex Gaynor

2016-09-11 11:48:14 -0400

[diff] [blame]

3646

important_message = b"Help me Obi Wan Kenobi, you're my only hope."

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3647

client_conn.send(important_message)

3648

msg = server_conn.recv(1024)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3649

assert msg == important_message

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3650

3651

# Again in the other direction, just for fun.

3652

important_message = important_message[::-1]

3653

server_conn.send(important_message)

3654

msg = client_conn.recv(1024)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3655

assert msg == important_message

Rick Dean

2009-07-09 23:52:39 -0500

[diff] [blame]

3656

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3657

def test_socket_overrides_memory(self):

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3658

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3659

Test that `OpenSSL.SSL.bio_read` and `OpenSSL.SSL.bio_write` don't

3660

work on `OpenSSL.SSL.Connection`() that use sockets.

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3661

"""

Alex Gaynor

51d424c

2016-09-10 14:50:11 -0400

[diff] [blame]

3662

context = Context(TLSv1_METHOD)

David Benjamin

2019-04-15 17:05:13 -0500

[diff] [blame]

3663

client = socket_any_family()

Rick Dean

2009-04-01 14:09:23 -0500

[diff] [blame]

3664

clientSSL = Connection(context, client)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3665

with pytest.raises(TypeError):

3666

clientSSL.bio_read(100)

3667

with pytest.raises(TypeError):

Paul Kehrer

2020-08-03 15:54:20 -0500

[diff] [blame^]

3668

clientSSL.bio_write(b"foo")

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3669

with pytest.raises(TypeError):

3670

clientSSL.bio_shutdown()

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3671

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3672

def test_outgoing_overflow(self):

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3673

"""

3674

If more bytes than can be written to the memory BIO are passed to

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3675

`Connection.send` at once, the number of bytes which were written is

3676

returned and that many bytes from the beginning of the input can be

3677

read from the other end of the connection.

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3678

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3679

server = self._server(None)

3680

client = self._client(None)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3681

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3682

interact_in_memory(client, server)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3683

3684

size = 2 ** 15

Jean-Paul Calderone

4f0467a

2014-01-11 11:58:41 -0500

[diff] [blame]

3685

sent = client.send(b"x" * size)

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3686

# Sanity check. We're trying to test what happens when the entire

3687

# input can't be sent. If the entire input was sent, this test is

3688

# meaningless.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3689

assert sent < size

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3690

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3691

receiver, received = interact_in_memory(client, server)

3692

assert receiver is server

Jean-Paul Calderone

2009-04-27 17:13:34 -0400

[diff] [blame]

3693

3694

# We can rely on all of these bytes being received at once because

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3695

# loopback passes 2 ** 16 to recv - more than 2 ** 15.

3696

assert len(received) == sent

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3697

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3698

def test_shutdown(self):

3699

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3700

`Connection.bio_shutdown` signals the end of the data stream

3701

from which the `Connection` reads.

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3702

"""

Jean-Paul Calderone

2009-07-16 12:22:52 -0400

[diff] [blame]

3703

server = self._server(None)

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3704

server.bio_shutdown()

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3705

with pytest.raises(Error) as err:

3706

server.recv(1024)

Jean-Paul Calderone

2009-04-30 20:24:35 -0400

[diff] [blame]

3707

# We don't want WantReadError or ZeroReturnError or anything - it's a

3708

# handshake failure.

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3709

assert type(err.value) in [Error, SysCallError]

Jean-Paul Calderone

0b88b6a

2009-07-05 12:44:41 -0400

[diff] [blame]

3710

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3711

def test_unexpected_EOF(self):

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3712

"""

3713

If the connection is lost before an orderly SSL shutdown occurs,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3714

`OpenSSL.SSL.SysCallError` is raised with a message of

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3715

"Unexpected EOF".

3716

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3717

server_conn, client_conn = loopback()

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3718

client_conn.sock_shutdown(SHUT_RDWR)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3719

with pytest.raises(SysCallError) as err:

3720

server_conn.recv(1024)

3721

assert err.value.args == (-1, "Unexpected EOF")

Jean-Paul Calderone

2013-03-19 22:10:37 -0700

[diff] [blame]

3722

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3723

def _check_client_ca_list(self, func):

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3724

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3725

Verify the return value of the `get_client_ca_list` method for

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3726

server and client connections.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3727

Jonathan Ballet

78b92a2

2011-07-16 08:07:26 +0900

[diff] [blame]

3728

:param func: A function which will be called with the server context

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3729

before the client and server are connected to each other. This

3730

function should specify a list of CAs for the server to send to the

3731

client and return that same list. The list will be used to verify

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3732

that `get_client_ca_list` returns the proper value at

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3733

various times.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3734

"""

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3735

server = self._server(None)

3736

client = self._client(None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3737

assert client.get_client_ca_list() == []

3738

assert server.get_client_ca_list() == []

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3739

ctx = server.get_context()

3740

expected = func(ctx)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3741

assert client.get_client_ca_list() == []

3742

assert server.get_client_ca_list() == expected

3743

interact_in_memory(client, server)

3744

assert client.get_client_ca_list() == expected

3745

assert server.get_client_ca_list() == expected

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3746

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3747

def test_set_client_ca_list_errors(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3748

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3749

`Context.set_client_ca_list` raises a `TypeError` if called with a

3750

non-list or a list that contains objects other than X509Names.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3751

"""

3752

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3753

with pytest.raises(TypeError):

3754

ctx.set_client_ca_list("spam")

3755

with pytest.raises(TypeError):

3756

ctx.set_client_ca_list(["spam"])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3757

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3758

def test_set_empty_ca_list(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3759

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3760

If passed an empty list, `Context.set_client_ca_list` configures the

3761

context to send no CA names to the client and, on both the server and

3762

client sides, `Connection.get_client_ca_list` returns an empty list

3763

after the connection is set up.

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3764

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3765

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3766

def no_ca(ctx):

3767

ctx.set_client_ca_list([])

3768

return []

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3769

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3770

self._check_client_ca_list(no_ca)

3771

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3772

def test_set_one_ca_list(self):

3773

"""

3774

If passed a list containing a single X509Name,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3775

`Context.set_client_ca_list` configures the context to send

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3776

that CA name to the client and, on both the server and client sides,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3777

`Connection.get_client_ca_list` returns a list containing that

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3778

X509Name after the connection is set up.

3779

"""

3780

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3781

cadesc = cacert.get_subject()

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3782

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3783

def single_ca(ctx):

3784

ctx.set_client_ca_list([cadesc])

3785

return [cadesc]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3786

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3787

self._check_client_ca_list(single_ca)

3788

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3789

def test_set_multiple_ca_list(self):

3790

"""

3791

If passed a list containing multiple X509Name objects,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3792

`Context.set_client_ca_list` configures the context to send

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3793

those CA names to the client and, on both the server and client sides,

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3794

`Connection.get_client_ca_list` returns a list containing those

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3795

X509Names after the connection is set up.

3796

"""

3797

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3798

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3799

3800

sedesc = secert.get_subject()

3801

cldesc = clcert.get_subject()

3802

3803

def multiple_ca(ctx):

3804

L = [sedesc, cldesc]

3805

ctx.set_client_ca_list(L)

3806

return L

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3807

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3808

self._check_client_ca_list(multiple_ca)

3809

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3810

def test_reset_ca_list(self):

3811

"""

3812

If called multiple times, only the X509Names passed to the final call

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3813

of `Context.set_client_ca_list` are used to configure the CA

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3814

names sent to the client.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3815

"""

3816

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3817

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3818

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3819

3820

cadesc = cacert.get_subject()

3821

sedesc = secert.get_subject()

3822

cldesc = clcert.get_subject()

3823

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3824

def changed_ca(ctx):

3825

ctx.set_client_ca_list([sedesc, cldesc])

3826

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3827

return [cadesc]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3828

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3829

self._check_client_ca_list(changed_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3830

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3831

def test_mutated_ca_list(self):

3832

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3833

If the list passed to `Context.set_client_ca_list` is mutated

Jean-Paul Calderone

2009-10-24 11:12:00 -0400

[diff] [blame]

3834

afterwards, this does not affect the list of CA names sent to the

3835

client.

3836

"""

3837

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3838

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3839

3840

cadesc = cacert.get_subject()

3841

sedesc = secert.get_subject()

3842

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3843

def mutated_ca(ctx):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3844

L = [cadesc]

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3845

ctx.set_client_ca_list([cadesc])

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3846

L.append(sedesc)

3847

return [cadesc]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3848

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3849

self._check_client_ca_list(mutated_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3850

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3851

def test_add_client_ca_wrong_args(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3852

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3853

`Context.add_client_ca` raises `TypeError` if called with

3854

a non-X509 object.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3855

"""

3856

ctx = Context(TLSv1_METHOD)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3857

with pytest.raises(TypeError):

3858

ctx.add_client_ca("spam")

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3859

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3860

def test_one_add_client_ca(self):

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3861

"""

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3862

A certificate's subject can be added as a CA to be sent to the client

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3863

with `Context.add_client_ca`.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3864

"""

3865

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3866

cadesc = cacert.get_subject()

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3867

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3868

def single_ca(ctx):

3869

ctx.add_client_ca(cacert)

3870

return [cadesc]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3871

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3872

self._check_client_ca_list(single_ca)

3873

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3874

def test_multiple_add_client_ca(self):

3875

"""

3876

Multiple CA names can be sent to the client by calling

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3877

`Context.add_client_ca` with multiple X509 objects.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3878

"""

3879

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3880

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3881

3882

cadesc = cacert.get_subject()

3883

sedesc = secert.get_subject()

3884

3885

def multiple_ca(ctx):

3886

ctx.add_client_ca(cacert)

3887

ctx.add_client_ca(secert)

3888

return [cadesc, sedesc]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3889

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3890

self._check_client_ca_list(multiple_ca)

3891

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3892

def test_set_and_add_client_ca(self):

3893

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3894

A call to `Context.set_client_ca_list` followed by a call to

3895

`Context.add_client_ca` results in using the CA names from the

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3896

first call and the CA name from the second call.

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3897

"""

3898

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3899

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3900

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3901

3902

cadesc = cacert.get_subject()

3903

sedesc = secert.get_subject()

3904

cldesc = clcert.get_subject()

3905

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3906

def mixed_set_add_ca(ctx):

3907

ctx.set_client_ca_list([cadesc, sedesc])

3908

ctx.add_client_ca(clcert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3909

return [cadesc, sedesc, cldesc]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3910

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3911

self._check_client_ca_list(mixed_set_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3912

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3913

def test_set_after_add_client_ca(self):

3914

"""

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3915

A call to `Context.set_client_ca_list` after a call to

3916

`Context.add_client_ca` replaces the CA name specified by the

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3917

former call with the names specified by the latter call.

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3918

"""

3919

cacert = load_certificate(FILETYPE_PEM, root_cert_pem)

3920

secert = load_certificate(FILETYPE_PEM, server_cert_pem)

3921

clcert = load_certificate(FILETYPE_PEM, server_cert_pem)

3922

3923

cadesc = cacert.get_subject()

3924

sedesc = secert.get_subject()

Jean-Paul Calderone

2009-10-24 13:45:11 -0400

[diff] [blame]

3925

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3926

def set_replaces_add_ca(ctx):

3927

ctx.add_client_ca(clcert)

3928

ctx.set_client_ca_list([cadesc])

3929

ctx.add_client_ca(secert)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3930

return [cadesc, sedesc]

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3931

Ziga Seilnacht

2009-10-23 09:51:07 +0200

[diff] [blame]

3932

self._check_client_ca_list(set_replaces_add_ca)

Ziga Seilnacht

2009-09-01 01:32:29 +0200

[diff] [blame]

3933

Jean-Paul Calderone

0b88b6a

2009-07-05 12:44:41 -0400

[diff] [blame]

3934

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

3935

class TestInfoConstants(object):

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

3936

"""

3937

Tests for assorted constants exposed for use in info callbacks.

3938

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3939

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

3940

def test_integers(self):

3941

"""

3942

All of the info constants are integers.

3943

3944

This is a very weak test. It would be nice to have one that actually

3945

verifies that as certain info events happen, the value passed to the

3946

info callback matches up with the constant exposed by OpenSSL.SSL.

3947

"""

3948

for const in [

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

SSL_ST_CONNECT,

SSL_ST_ACCEPT,

SSL_ST_MASK,

SSL_CB_LOOP,

SSL_CB_EXIT,

SSL_CB_READ,

SSL_CB_WRITE,

SSL_CB_ALERT,

SSL_CB_READ_ALERT,

SSL_CB_WRITE_ALERT,

SSL_CB_ACCEPT_LOOP,

SSL_CB_ACCEPT_EXIT,

SSL_CB_CONNECT_LOOP,

SSL_CB_CONNECT_EXIT,

SSL_CB_HANDSHAKE_START,

3964

SSL_CB_HANDSHAKE_DONE,

Hynek Schlawack

2015-09-05 21:54:25 +0200

[diff] [blame]

3965

]:

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

3966

assert isinstance(const, int)

3967

3968

# These constants don't exist on OpenSSL 1.1.0

3969

for const in [

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

SSL_ST_INIT,

SSL_ST_BEFORE,

SSL_ST_OK,

SSL_ST_RENEGOTIATE,

Alex Gaynor

2016-09-24 01:52:21 -0400

[diff] [blame]

3974

]:

3975

assert const is None or isinstance(const, int)

Jean-Paul Calderone

2011-03-21 19:13:35 -0400

[diff] [blame]

3976

Ziga Seilnacht

44611bf

2009-08-31 20:49:30 +0200

[diff] [blame]

3977

Cory Benfield

1d14214

2016-03-30 11:51:45 +0100

[diff] [blame]

3978

class TestRequires(object):

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3979

"""

3980

Tests for the decorator factory used to conditionally raise

Cory Benfield

1d14214

2016-03-30 11:51:45 +0100

[diff] [blame]

3981

NotImplementedError when older OpenSSLs are used.

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3982

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

3983

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3984

def test_available(self):

3985

"""

3986

When the OpenSSL functionality is available the decorated functions

3987

work appropriately.

3988

"""

3989

feature_guard = _make_requires(True, "Error text")

results = []

@feature_guard

def inner():

results.append(True)

return True

Cory Benfield

2016-03-30 14:24:16 +0100

[diff] [blame]

3997

assert inner() is True

3998

assert [True] == results

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

3999

4000

def test_unavailable(self):

4001

"""

4002

When the OpenSSL functionality is not available the decorated function

4003

does not execute and NotImplementedError is raised.

4004

"""

4005

feature_guard = _make_requires(False, "Error text")

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

4006

4007

@feature_guard

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

4008

def inner(): # pragma: nocover

4009

pytest.fail("Should not be called")

Cory Benfield

2016-03-30 09:35:05 +0100

[diff] [blame]

4010

Cory Benfield

1d14214

2016-03-30 11:51:45 +0100

[diff] [blame]

4011

with pytest.raises(NotImplementedError) as e:

4012

inner()

4013

4014

assert "Error text" in str(e.value)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4015

4016

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4017

class TestOCSP(object):

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4018

"""

4019

Tests for PyOpenSSL's OCSP stapling support.

4020

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

4021

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4022

sample_ocsp_data = b"this is totally ocsp data"

4023

4024

def _client_connection(self, callback, data, request_ocsp=True):

4025

"""

4026

Builds a client connection suitable for using OCSP.

4027

4028

:param callback: The callback to register for OCSP.

4029

:param data: The opaque data object that will be handed to the

4030

OCSP callback.

4031

:param request_ocsp: Whether the client will actually ask for OCSP

4032

stapling. Useful for testing only.

4033

"""

4034

ctx = Context(SSLv23_METHOD)

4035

ctx.set_ocsp_client_callback(callback, data)

4036

client = Connection(ctx)

4037

4038

if request_ocsp:

4039

client.request_ocsp()

4040

4041

client.set_connect_state()

4042

return client

4043

4044

def _server_connection(self, callback, data):

4045

"""

4046

Builds a server connection suitable for using OCSP.

4047

4048

:param callback: The callback to register for OCSP.

4049

:param data: The opaque data object that will be handed to the

4050

OCSP callback.

4051

"""

4052

ctx = Context(SSLv23_METHOD)

4053

ctx.use_privatekey(load_privatekey(FILETYPE_PEM, server_key_pem))

4054

ctx.use_certificate(load_certificate(FILETYPE_PEM, server_cert_pem))

4055

ctx.set_ocsp_server_callback(callback, data)

4056

server = Connection(ctx)

4057

server.set_accept_state()

4058

return server

4059

4060

def test_callbacks_arent_called_by_default(self):

4061

"""

4062

If both the client and the server have registered OCSP callbacks, but

4063

the client does not send the OCSP request, neither callback gets

4064

called.

4065

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

4066

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

4067

def ocsp_callback(*args, **kwargs): # pragma: nocover

4068

pytest.fail("Should not be called")

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4069

4070

client = self._client_connection(

4071

callback=ocsp_callback, data=None, request_ocsp=False

4072

)

4073

server = self._server_connection(callback=ocsp_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4074

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4075

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4076

def test_client_negotiates_without_server(self):

4077

"""

4078

If the client wants to do OCSP but the server does not, the handshake

4079

succeeds, and the client callback fires with an empty byte string.

"""

called = []

def ocsp_callback(conn, ocsp_data, ignored):

4084

called.append(ocsp_data)

4085

return True

4086

4087

client = self._client_connection(callback=ocsp_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4088

server = loopback_server_factory(socket=None)

4089

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4090

4091

assert len(called) == 1

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

4092

assert called[0] == b""

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4093

4094

def test_client_receives_servers_data(self):

4095

"""

4096

The data the server sends in its callback is received by the client.

"""

calls = []

def server_callback(*args, **kwargs):

4101

return self.sample_ocsp_data

4102

4103

def client_callback(conn, ocsp_data, ignored):

4104

calls.append(ocsp_data)

4105

return True

4106

4107

client = self._client_connection(callback=client_callback, data=None)

4108

server = self._server_connection(callback=server_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4109

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4110

4111

assert len(calls) == 1

4112

assert calls[0] == self.sample_ocsp_data

4113

4114

def test_callbacks_are_invoked_with_connections(self):

4115

"""

4116

The first arguments to both callbacks are their respective connections.

"""

client_calls = []

server_calls = []

def client_callback(conn, *args, **kwargs):

4122

client_calls.append(conn)

4123

return True

4124

4125

def server_callback(conn, *args, **kwargs):

4126

server_calls.append(conn)

4127

return self.sample_ocsp_data

4128

4129

client = self._client_connection(callback=client_callback, data=None)

4130

server = self._server_connection(callback=server_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4131

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4132

4133

assert len(client_calls) == 1

4134

assert len(server_calls) == 1

4135

assert client_calls[0] is client

4136

assert server_calls[0] is server

4137

4138

def test_opaque_data_is_passed_through(self):

4139

"""

4140

Both callbacks receive an opaque, user-provided piece of data in their

4141

callbacks as the final argument.

"""

calls = []

def server_callback(*args):

4146

calls.append(args)

4147

return self.sample_ocsp_data

4148

4149

def client_callback(*args):

calls.append(args)

return True

sentinel = object()

client = self._client_connection(

4156

callback=client_callback, data=sentinel

4157

)

4158

server = self._server_connection(

4159

callback=server_callback, data=sentinel

4160

)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4161

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4162

4163

assert len(calls) == 2

4164

assert calls[0][-1] is sentinel

4165

assert calls[1][-1] is sentinel

4166

4167

def test_server_returns_empty_string(self):

4168

"""

4169

If the server returns an empty bytestring from its callback, the

4170

client callback is called with the empty bytestring.

"""

client_calls = []

def server_callback(*args):

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

4175

return b""

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4176

4177

def client_callback(conn, ocsp_data, ignored):

4178

client_calls.append(ocsp_data)

4179

return True

4180

4181

client = self._client_connection(callback=client_callback, data=None)

4182

server = self._server_connection(callback=server_callback, data=None)

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4183

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4184

4185

assert len(client_calls) == 1

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

4186

assert client_calls[0] == b""

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4187

4188

def test_client_returns_false_terminates_handshake(self):

4189

"""

4190

If the client returns False from its callback, the handshake fails.

4191

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

4192

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4193

def server_callback(*args):

4194

return self.sample_ocsp_data

4195

4196

def client_callback(*args):

4197

return False

4198

4199

client = self._client_connection(callback=client_callback, data=None)

4200

server = self._server_connection(callback=server_callback, data=None)

4201

4202

with pytest.raises(Error):

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4203

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4204

4205

def test_exceptions_in_client_bubble_up(self):

4206

"""

4207

The callbacks thrown in the client callback bubble up to the caller.

4208

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

4209

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4210

class SentinelException(Exception):

4211

pass

4212

4213

def server_callback(*args):

4214

return self.sample_ocsp_data

4215

4216

def client_callback(*args):

4217

raise SentinelException()

4218

4219

client = self._client_connection(callback=client_callback, data=None)

4220

server = self._server_connection(callback=server_callback, data=None)

4221

4222

with pytest.raises(SentinelException):

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4223

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4224

4225

def test_exceptions_in_server_bubble_up(self):

4226

"""

4227

The callbacks thrown in the server callback bubble up to the caller.

4228

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

4229

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4230

class SentinelException(Exception):

4231

pass

4232

4233

def server_callback(*args):

4234

raise SentinelException()

4235

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

4236

def client_callback(*args): # pragma: nocover

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4237

pytest.fail("Should not be called")

4238

4239

client = self._client_connection(callback=client_callback, data=None)

4240

server = self._server_connection(callback=server_callback, data=None)

4241

4242

with pytest.raises(SentinelException):

Alex Chan

2017-01-30 14:04:47 +0000

[diff] [blame]

4243

handshake_in_memory(client, server)

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4244

4245

def test_server_must_return_bytes(self):

4246

"""

4247

The server callback must return a bytestring, or a TypeError is thrown.

4248

"""

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

4249

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4250

def server_callback(*args):

Alex Gaynor

2020-07-23 20:40:46 -0400

[diff] [blame]

4251

return self.sample_ocsp_data.decode("ascii")

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4252

Alex Chan

2017-04-20 11:16:15 +0100

[diff] [blame]

4253

def client_callback(*args): # pragma: nocover

Cory Benfield

2017-01-24 11:42:56 +0000

[diff] [blame]

4254

pytest.fail("Should not be called")

4255

4256

client = self._client_connection(callback=client_callback, data=None)

4257

server = self._server_connection(callback=server_callback, data=None)

4258

4259

with pytest.raises(TypeError):

Alex Chan