summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorMaximilian Hils <git@maximilianhils.com>2021-03-10 22:35:24 +0100
committerGitHub <noreply@github.com>2021-03-10 15:35:24 -0600
commit5dc698861c91b4aa83b284b282c0e91cdcee49a3 (patch)
treed98c73d18f263a76f0b10c7c75d1ea26d4ac858c /tests
parentd290855aab9f12d7cf739c63aad9ca3699d936f7 (diff)
downloadpyopenssl-git-5dc698861c91b4aa83b284b282c0e91cdcee49a3.tar.gz
Add SSL_CTX_set_min_proto_version/SSL_CTX_set_max_proto_version bindings (#985)
* add Context.set_*_proto_version, fix #860 * docs: add new openssl tls methods * accept the fact that nothing can be taken for granted * bump minimum required cryptography version to 3.3 * drop support for Python 3.5 * use binary wheels for cryptography * Revert "use binary wheels for cryptography" This reverts commit 91a04c612ed1d0dd9fd541dfefe21cac7c25b1c1. * docker ci: compile cryptography with rust
Diffstat (limited to 'tests')
-rw-r--r--tests/test_ssl.py28
1 files changed, 27 insertions, 1 deletions
diff --git a/tests/test_ssl.py b/tests/test_ssl.py
index 27f2d43..e79d9fa 100644
--- a/tests/test_ssl.py
+++ b/tests/test_ssl.py
@@ -48,7 +48,14 @@ from OpenSSL.crypto import dump_privatekey, load_privatekey
from OpenSSL.crypto import dump_certificate, load_certificate
from OpenSSL.crypto import get_elliptic_curves
-from OpenSSL.SSL import OPENSSL_VERSION_NUMBER, SSLEAY_VERSION, SSLEAY_CFLAGS
+from OpenSSL.SSL import (
+ OPENSSL_VERSION_NUMBER,
+ SSLEAY_VERSION,
+ SSLEAY_CFLAGS,
+ TLS_METHOD,
+ TLS1_2_VERSION,
+ TLS1_1_VERSION,
+)
from OpenSSL.SSL import SSLEAY_PLATFORM, SSLEAY_DIR, SSLEAY_BUILT_ON
from OpenSSL.SSL import SENT_SHUTDOWN, RECEIVED_SHUTDOWN
from OpenSSL.SSL import (
@@ -1039,6 +1046,25 @@ class TestContext(object):
assert all(isinstance(conn, Connection) for conn, line in called)
assert all(b"CLIENT_RANDOM" in line for conn, line in called)
+ def test_set_proto_version(self):
+ server_context = Context(TLS_METHOD)
+ server_context.use_certificate(
+ load_certificate(FILETYPE_PEM, root_cert_pem)
+ )
+ server_context.use_privatekey(
+ load_privatekey(FILETYPE_PEM, root_key_pem)
+ )
+ server_context.set_min_proto_version(TLS1_2_VERSION)
+
+ client_context = Context(TLS_METHOD)
+ client_context.set_max_proto_version(TLS1_1_VERSION)
+
+ with pytest.raises(Error, match="unsupported protocol"):
+ self._handshake_test(server_context, client_context)
+
+ client_context.set_max_proto_version(0)
+ self._handshake_test(server_context, client_context)
+
def _load_verify_locations_test(self, *args):
"""
Create a client context which will verify the peer certificate and call