55
58
self.overrideAttr(_urllib2_wrappers.opt_ssl_ca_certs, 'default',
56
59
os.path.join(self.test_dir, u"nonexisting.pem"))
59
61
def warning(*args):
60
62
self.warnings.append(args[0] % args[1:])
61
63
self.overrideAttr(trace, 'warning', warning)
62
self.assertEqual(None, stack.get('ssl.ca_certs'))
64
self.assertEquals(None, stack.get('ssl.ca_certs'))
63
65
self.assertLength(1, self.warnings)
64
66
self.assertContainsRe(self.warnings[0],
65
67
"is not valid for \"ssl.ca_certs\"")
68
class CertReqsConfigTests(tests.TestCaseInTempDir):
70
class CertReqsConfigTests(TestCaseInTempDir):
70
72
def test_default(self):
71
73
stack = config.MemoryStack("")
72
self.assertEqual(ssl.CERT_REQUIRED, stack.get("ssl.cert_reqs"))
74
self.assertEquals(ssl.CERT_REQUIRED, stack.get("ssl.cert_reqs"))
74
76
def test_from_string(self):
75
77
stack = config.MemoryStack("ssl.cert_reqs = none\n")
76
self.assertEqual(ssl.CERT_NONE, stack.get("ssl.cert_reqs"))
78
self.assertEquals(ssl.CERT_NONE, stack.get("ssl.cert_reqs"))
77
79
stack = config.MemoryStack("ssl.cert_reqs = required\n")
78
self.assertEqual(ssl.CERT_REQUIRED, stack.get("ssl.cert_reqs"))
80
self.assertEquals(ssl.CERT_REQUIRED, stack.get("ssl.cert_reqs"))
79
81
stack = config.MemoryStack("ssl.cert_reqs = invalid\n")
80
82
self.assertRaises(ConfigOptionValueError, stack.get, "ssl.cert_reqs")
83
class MatchHostnameTests(tests.TestCase):
86
super(MatchHostnameTests, self).setUp()
87
if sys.version_info < (2, 7, 9):
88
raise tests.TestSkipped(
89
'python version too old to provide proper'
90
' https hostname verification')
85
class MatchHostnameTests(TestCase):
92
87
def test_no_certificate(self):
93
88
self.assertRaises(ValueError,
94
ssl.match_hostname, {}, "example.com")
89
_urllib2_wrappers.match_hostname, {}, "example.com")
96
91
def test_wildcards_in_cert(self):
97
92
def ok(cert, hostname):
98
ssl.match_hostname(cert, hostname)
100
def not_ok(cert, hostname):
102
ssl.CertificateError,
103
ssl.match_hostname, cert, hostname)
93
_urllib2_wrappers.match_hostname(cert, hostname)
105
95
# Python Issue #17980: avoid denials of service by refusing more than
106
96
# one wildcard per fragment.
107
ok({'subject': ((('commonName', 'a*b.com'),),)}, 'axxb.com')
108
not_ok({'subject': ((('commonName', 'a*b.co*'),),)}, 'axxb.com')
109
not_ok({'subject': ((('commonName', 'a*b*.com'),),)}, 'axxbxxc.com')
97
cert = {'subject': ((('commonName', 'a*b.com'),),)}
99
cert = {'subject': ((('commonName', 'a*b.co*'),),)}
101
cert = {'subject': ((('commonName', 'a*b*.com'),),)}
103
_urllib2_wrappers.match_hostname(cert, 'axxbxxc.com')
104
except ValueError as e:
105
self.assertIn("too many wildcards", str(e))
111
107
def test_no_valid_attributes(self):
112
self.assertRaises(ssl.CertificateError, ssl.match_hostname,
108
self.assertRaises(CertificateError, _urllib2_wrappers.match_hostname,
113
109
{"Problem": "Solved"}, "example.com")
115
111
def test_common_name(self):
116
112
cert = {'subject': ((('commonName', 'example.com'),),)}
117
113
self.assertIs(None,
118
ssl.match_hostname(cert, "example.com"))
119
self.assertRaises(ssl.CertificateError, ssl.match_hostname,
114
_urllib2_wrappers.match_hostname(cert, "example.com"))
115
self.assertRaises(CertificateError, _urllib2_wrappers.match_hostname,
120
116
cert, "example.org")