Issue #28085: Add PROTOCOL_TLS_CLIENT and PROTOCOL_TLS_SERVER for SSLContext

author: Christian Heimes <christian@python.org> 2016-09-12 00:01:11 +0200
committer: Christian Heimes <christian@python.org> 2016-09-12 00:01:11 +0200
commit: 99829a612c71c4fed8ac55e921f27a19a74bc634 (patch)
tree: 403dc7095f12978e746337232068a5bfbeb160ce /Lib/test/test_ssl.py
parent: 813f60a476f032bd16a11cfb2cfa422ef313fa3a (diff)
download: cpython-99829a612c71c4fed8ac55e921f27a19a74bc634.tar.gz
1 files changed, 32 insertions, 0 deletions
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 61744ae95a..557b6dec5b 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -1342,6 +1342,17 @@ class ContextTests(unittest.TestCase):
         ctx.check_hostname = False
         self.assertFalse(ctx.check_hostname)
 
+    def test_context_client_server(self):
+        # PROTOCOL_TLS_CLIENT has sane defaults
+        ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+        self.assertTrue(ctx.check_hostname)
+        self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
+
+        # PROTOCOL_TLS_SERVER has different but also sane defaults
+        ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
+        self.assertFalse(ctx.check_hostname)
+        self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
+
 
 class SSLErrorTests(unittest.TestCase):
 
@@ -2280,12 +2291,33 @@ if _have_threads:
             if support.verbose:
                 sys.stdout.write("\n")
             for protocol in PROTOCOLS:
+                if protocol in {ssl.PROTOCOL_TLS_CLIENT, ssl.PROTOCOL_TLS_SERVER}:
+                    continue
                 with self.subTest(protocol=ssl._PROTOCOL_NAMES[protocol]):
                     context = ssl.SSLContext(protocol)
                     context.load_cert_chain(CERTFILE)
                     server_params_test(context, context,
                                        chatty=True, connectionchatty=True)
 
+            client_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+            client_context.load_verify_locations(SIGNING_CA)
+            server_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
+            # server_context.load_verify_locations(SIGNING_CA)
+            server_context.load_cert_chain(SIGNED_CERTFILE2)
+
+            with self.subTest(client='PROTOCOL_TLS_CLIENT', server='PROTOCOL_TLS_SERVER'):
+                server_params_test(client_context=client_context,
+                                   server_context=server_context,
+                                   chatty=True, connectionchatty=True,
+                                   sni_name='fakehostname')
+
+            with self.subTest(client='PROTOCOL_TLS_SERVER', server='PROTOCOL_TLS_CLIENT'):
+                with self.assertRaises(ssl.SSLError):
+                    server_params_test(client_context=server_context,
+                                       server_context=client_context,
+                                       chatty=True, connectionchatty=True,
+                                       sni_name='fakehostname')
+
         def test_getpeercert(self):
             if support.verbose:
                 sys.stdout.write("\n")
author	Christian Heimes <christian@python.org>	2016-09-12 00:01:11 +0200
committer	Christian Heimes <christian@python.org>	2016-09-12 00:01:11 +0200
commit	99829a612c71c4fed8ac55e921f27a19a74bc634 (patch)
tree	403dc7095f12978e746337232068a5bfbeb160ce /Lib/test/test_ssl.py
parent	813f60a476f032bd16a11cfb2cfa422ef313fa3a (diff)
download	cpython-99829a612c71c4fed8ac55e921f27a19a74bc634.tar.gz