← Back to branch summary

~bzr-pqm/bzr/bzr.dev

« back to all changes in this revision

Viewing changes to bzrlib/tests/test_https_urllib.py

  • Committer: Vincent Ladeuil
  • Date: 2016-01-27 13:36:17 UTC
  • mto: This revision was merged to the branch mainline in revision 6614.
  • Revision ID: v.ladeuil+lp@free.fr-20160127133617-gteit32e0nu3938n
https://launchpad.net/bugs/1538480
Use ssl module for the match_hostname function

Show diffs side-by-side

added added

removed removed

Lines of Context:
bzrlib/tests/test_https_urllib.py
1
 
# Copyright (C) 2011,2012 Canonical Ltd
 
1
# Copyright (C) 2011, 2012, 2013, 2016 Canonical Ltd
2
2
#
3
3
# This program is free software; you can redistribute it and/or modify
4
4
# it under the terms of the GNU General Public License as published by
24
24
from bzrlib import (
25
25
    config,
26
26
    trace,
27
 
    )
 
27
)
28
28
from bzrlib.errors import (
29
 
    CertificateError,
30
29
    ConfigOptionValueError,
31
 
    )
 
30
)
32
31
from bzrlib.tests import (
33
32
    TestCase,
34
33
    TestCaseInTempDir,
35
 
    )
 
34
)
36
35
from bzrlib.transport.http import _urllib2_wrappers
37
36
 
38
37
 
58
57
        self.overrideAttr(_urllib2_wrappers.opt_ssl_ca_certs, 'default',
59
58
                          os.path.join(self.test_dir, u"nonexisting.pem"))
60
59
        self.warnings = []
 
60
 
61
61
        def warning(*args):
62
62
            self.warnings.append(args[0] % args[1:])
63
63
        self.overrideAttr(trace, 'warning', warning)
86
86
 
87
87
    def test_no_certificate(self):
88
88
        self.assertRaises(ValueError,
89
 
                          _urllib2_wrappers.match_hostname, {}, "example.com")
 
89
                          ssl.match_hostname, {}, "example.com")
90
90
 
91
91
    def test_wildcards_in_cert(self):
92
92
        def ok(cert, hostname):
93
 
            _urllib2_wrappers.match_hostname(cert, hostname)
 
93
            ssl.match_hostname(cert, hostname)
 
94
 
 
95
        def not_ok(cert, hostname):
 
96
            self.assertRaises(
 
97
                ssl.CertificateError,
 
98
                ssl.match_hostname, cert, hostname)
94
99
 
95
100
        # Python Issue #17980: avoid denials of service by refusing more than
96
101
        # one wildcard per fragment.
97
 
        cert = {'subject': ((('commonName', 'a*b.com'),),)}
98
 
        ok(cert, 'axxb.com')
99
 
        cert = {'subject': ((('commonName', 'a*b.co*'),),)}
100
 
        ok(cert, 'axxb.com')
101
 
        cert = {'subject': ((('commonName', 'a*b*.com'),),)}
102
 
        try:
103
 
            _urllib2_wrappers.match_hostname(cert, 'axxbxxc.com')
104
 
        except ValueError as e:
105
 
            self.assertIn("too many wildcards", str(e))
 
102
        ok({'subject': ((('commonName', 'a*b.com'),),)}, 'axxb.com')
 
103
        not_ok({'subject': ((('commonName', 'a*b.co*'),),)}, 'axxb.com')
 
104
        not_ok({'subject': ((('commonName', 'a*b*.com'),),)}, 'axxbxxc.com')
106
105
 
107
106
    def test_no_valid_attributes(self):
108
 
        self.assertRaises(CertificateError, _urllib2_wrappers.match_hostname,
 
107
        self.assertRaises(ssl.CertificateError, ssl.match_hostname,
109
108
                          {"Problem": "Solved"}, "example.com")
110
109
 
111
110
    def test_common_name(self):
112
111
        cert = {'subject': ((('commonName', 'example.com'),),)}
113
112
        self.assertIs(None,
114
 
                      _urllib2_wrappers.match_hostname(cert, "example.com"))
115
 
        self.assertRaises(CertificateError, _urllib2_wrappers.match_hostname,
 
113
                      ssl.match_hostname(cert, "example.com"))
 
114
        self.assertRaises(ssl.CertificateError, ssl.match_hostname,
116
115
                          cert, "example.org")