~bzr-pqm/bzr/bzr.dev

« back to all changes in this revision

Viewing changes to bzrlib/tests/test_https_urllib.py

Committer: Patch Queue Manager
Date: 2016-01-31 13:36:59 UTC
mfrom: (6613.1.5 1538480-match-hostname)
Revision ID: pqm@pqm.ubuntu.com-20160131133659-ouy92ee2wlv9xz8m

(vila) Use ssl.match_hostname instead of our own. (Vincent Ladeuil)

files modified:
bzrlib/errors.py

bzrlib/tests/test_https_urllib.py

bzrlib/transport/http/_urllib2_wrappers.py

doc/en/release-notes/bzr-2.7.txt

Show diffs side-by-side

added added

removed removed

bzrlib/tests/test_https_urllib.py

# This program is free software; you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

"""

import os

import ssl

import sys

from bzrlib import (

config,

trace,

)

from bzrlib.errors import (

CertificateError,

ConfigOptionValueError,

)

from bzrlib.tests import (

TestCase,

TestCaseInTempDir,

)

from bzrlib import tests

from bzrlib.transport.http import _urllib2_wrappers

class CaCertsConfigTests(TestCaseInTempDir):

from bzrlib.transport.http._urllib2_wrappers import ssl

class CaCertsConfigTests(tests.TestCaseInTempDir):

def get_stack(self, content):

return config.MemoryStack(content.encode('utf-8'))

self.overrideAttr(_urllib2_wrappers.opt_ssl_ca_certs, 'default',

os.path.join(self.test_dir, u"nonexisting.pem"))

self.warnings = []

def warning(*args):

self.warnings.append(args[0] % args[1:])

self.overrideAttr(trace, 'warning', warning)

"is not valid for \"ssl.ca_certs\"")

class CertReqsConfigTests(TestCaseInTempDir):

class CertReqsConfigTests(tests.TestCaseInTempDir):

def test_default(self):

stack = config.MemoryStack("")

self.assertRaises(ConfigOptionValueError, stack.get, "ssl.cert_reqs")

class MatchHostnameTests(TestCase):

class MatchHostnameTests(tests.TestCase):

def setUp(self):

super(MatchHostnameTests, self).setUp()

if sys.version_info < (2, 7, 9):

raise tests.TestSkipped(

'python version too old to provide proper'

' https hostname verification')

def test_no_certificate(self):

self.assertRaises(ValueError,

_urllib2_wrappers.match_hostname, {}, "example.com")

ssl.match_hostname, {}, "example.com")

def test_wildcards_in_cert(self):

def ok(cert, hostname):

_urllib2_wrappers.match_hostname(cert, hostname)

ssl.match_hostname(cert, hostname)

100

def not_ok(cert, hostname):

101

self.assertRaises(

102

ssl.CertificateError,

103

ssl.match_hostname, cert, hostname)

104

105

# Python Issue #17980: avoid denials of service by refusing more than

106

# one wildcard per fragment.

cert = {'subject': ((('commonName', 'a*b.com'),),)}

ok(cert, 'axxb.com')

cert = {'subject': ((('commonName', 'a*b.co*'),),)}

100

ok(cert, 'axxb.com')

101

cert = {'subject': ((('commonName', 'a*b*.com'),),)}

102

try:

103

_urllib2_wrappers.match_hostname(cert, 'axxbxxc.com')

104

except ValueError as e:

105

self.assertIn("too many wildcards", str(e))

107

ok({'subject': ((('commonName', 'a*b.com'),),)}, 'axxb.com')

108

not_ok({'subject': ((('commonName', 'a*b.co*'),),)}, 'axxb.com')

109

not_ok({'subject': ((('commonName', 'a*b*.com'),),)}, 'axxbxxc.com')

106

110

107

111

def test_no_valid_attributes(self):

108

self.assertRaises(CertificateError, _urllib2_wrappers.match_hostname,

112

self.assertRaises(ssl.CertificateError, ssl.match_hostname,

109

113

{"Problem": "Solved"}, "example.com")

110

114

111

115

def test_common_name(self):

112

116

cert = {'subject': ((('commonName', 'example.com'),),)}

113

117

self.assertIs(None,

114

_urllib2_wrappers.match_hostname(cert, "example.com"))

115

self.assertRaises(CertificateError, _urllib2_wrappers.match_hostname,

118

ssl.match_hostname(cert, "example.com"))

119

self.assertRaises(ssl.CertificateError, ssl.match_hostname,

116

120

cert, "example.org")

Older »