58
55
self.overrideAttr(_urllib2_wrappers.opt_ssl_ca_certs, 'default',
59
56
os.path.join(self.test_dir, u"nonexisting.pem"))
61
59
def warning(*args):
62
60
self.warnings.append(args[0] % args[1:])
63
61
self.overrideAttr(trace, 'warning', warning)
64
self.assertEquals(None, stack.get('ssl.ca_certs'))
62
self.assertEqual(None, stack.get('ssl.ca_certs'))
65
63
self.assertLength(1, self.warnings)
66
64
self.assertContainsRe(self.warnings[0],
67
65
"is not valid for \"ssl.ca_certs\"")
70
class CertReqsConfigTests(TestCaseInTempDir):
68
class CertReqsConfigTests(tests.TestCaseInTempDir):
72
70
def test_default(self):
73
71
stack = config.MemoryStack("")
74
self.assertEquals(ssl.CERT_REQUIRED, stack.get("ssl.cert_reqs"))
72
self.assertEqual(ssl.CERT_REQUIRED, stack.get("ssl.cert_reqs"))
76
74
def test_from_string(self):
77
75
stack = config.MemoryStack("ssl.cert_reqs = none\n")
78
self.assertEquals(ssl.CERT_NONE, stack.get("ssl.cert_reqs"))
76
self.assertEqual(ssl.CERT_NONE, stack.get("ssl.cert_reqs"))
79
77
stack = config.MemoryStack("ssl.cert_reqs = required\n")
80
self.assertEquals(ssl.CERT_REQUIRED, stack.get("ssl.cert_reqs"))
78
self.assertEqual(ssl.CERT_REQUIRED, stack.get("ssl.cert_reqs"))
81
79
stack = config.MemoryStack("ssl.cert_reqs = invalid\n")
82
80
self.assertRaises(ConfigOptionValueError, stack.get, "ssl.cert_reqs")
85
class MatchHostnameTests(TestCase):
83
class MatchHostnameTests(tests.TestCase):
86
super(MatchHostnameTests, self).setUp()
87
if sys.version_info < (2, 7, 9):
88
raise tests.TestSkipped(
89
'python version too old to provide proper'
90
' https hostname verification')
87
92
def test_no_certificate(self):
88
93
self.assertRaises(ValueError,
89
_urllib2_wrappers.match_hostname, {}, "example.com")
94
ssl.match_hostname, {}, "example.com")
91
96
def test_wildcards_in_cert(self):
92
97
def ok(cert, hostname):
93
_urllib2_wrappers.match_hostname(cert, hostname)
98
ssl.match_hostname(cert, hostname)
100
def not_ok(cert, hostname):
102
ssl.CertificateError,
103
ssl.match_hostname, cert, hostname)
95
105
# Python Issue #17980: avoid denials of service by refusing more than
96
106
# one wildcard per fragment.
97
cert = {'subject': ((('commonName', 'a*b.com'),),)}
99
cert = {'subject': ((('commonName', 'a*b.co*'),),)}
101
cert = {'subject': ((('commonName', 'a*b*.com'),),)}
103
_urllib2_wrappers.match_hostname(cert, 'axxbxxc.com')
104
except ValueError as e:
105
self.assertIn("too many wildcards", str(e))
107
ok({'subject': ((('commonName', 'a*b.com'),),)}, 'axxb.com')
108
not_ok({'subject': ((('commonName', 'a*b.co*'),),)}, 'axxb.com')
109
not_ok({'subject': ((('commonName', 'a*b*.com'),),)}, 'axxbxxc.com')
107
111
def test_no_valid_attributes(self):
108
self.assertRaises(CertificateError, _urllib2_wrappers.match_hostname,
112
self.assertRaises(ssl.CertificateError, ssl.match_hostname,
109
113
{"Problem": "Solved"}, "example.com")
111
115
def test_common_name(self):
112
116
cert = {'subject': ((('commonName', 'example.com'),),)}
113
117
self.assertIs(None,
114
_urllib2_wrappers.match_hostname(cert, "example.com"))
115
self.assertRaises(CertificateError, _urllib2_wrappers.match_hostname,
118
ssl.match_hostname(cert, "example.com"))
119
self.assertRaises(ssl.CertificateError, ssl.match_hostname,
116
120
cert, "example.org")