diff options
author | Matěj Cepl <mcepl@cepl.eu> | 2017-11-10 14:03:45 +0100 |
---|---|---|
committer | Matěj Cepl <mcepl@cepl.eu> | 2017-12-18 18:13:22 +0100 |
commit | 2a6c918782307c3f1c92a4ce5dc6298b931f60d5 (patch) | |
tree | b5a1ca7f4578d5e72cb5fecde00a811379cae2da /tests/test_ssl.py | |
parent | 4857184453728b132170f67886bf37b317c5cf08 (diff) | |
download | m2crypto-2a6c918782307c3f1c92a4ce5dc6298b931f60d5.tar.gz |
Adding unit test for IP-based SNI connection.
We don’t want to deal with IPv6 right here (e.g., Debian doesn’t point
'localhost' to :::1), and besides it is not supported on some minor
platforms (some claim OpenBSD).
Diffstat (limited to 'tests/test_ssl.py')
-rw-r--r-- | tests/test_ssl.py | 83 |
1 files changed, 61 insertions, 22 deletions
diff --git a/tests/test_ssl.py b/tests/test_ssl.py index 6c9df90..dbc7379 100644 --- a/tests/test_ssl.py +++ b/tests/test_ssl.py @@ -157,6 +157,12 @@ class PassSSLClientTestCase(BaseSSLClientTestCase): class HttpslibSSLClientTestCase(BaseSSLClientTestCase): + def setUp(self): + super(HttpslibSSLClientTestCase, self).setUp() + self.ctx = SSL.Context() + + def tearDown(self): + self.ctx.close() def test_HTTPSConnection(self): pid = self.start_server(self.args) @@ -172,14 +178,13 @@ class HttpslibSSLClientTestCase(BaseSSLClientTestCase): def test_HTTPSConnection_resume_session(self): pid = self.start_server(self.args) try: - ctx = SSL.Context() - ctx.load_verify_locations(cafile='tests/ca.pem') - ctx.load_cert('tests/x509.pem') - ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, - 1) - ctx.set_session_cache_mode(m2.SSL_SESS_CACHE_CLIENT) + self.ctx.load_verify_locations(cafile='tests/ca.pem') + self.ctx.load_cert('tests/x509.pem') + self.ctx.set_verify( + SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 1) + self.ctx.set_session_cache_mode(m2.SSL_SESS_CACHE_CLIENT) c = httpslib.HTTPSConnection(srv_host, self.srv_port, - ssl_context=ctx) + ssl_context=self.ctx) c.request('GET', '/') ses = c.get_session() t = ses.as_text() @@ -190,8 +195,8 @@ class HttpslibSSLClientTestCase(BaseSSLClientTestCase): ctx2 = SSL.Context() ctx2.load_verify_locations(cafile='tests/ca.pem') ctx2.load_cert('tests/x509.pem') - ctx2.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, - 1) + ctx2.set_verify( + SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 1) ctx2.set_session_cache_mode(m2.SSL_SESS_CACHE_CLIENT) c2 = httpslib.HTTPSConnection(srv_host, self.srv_port, ssl_context=ctx2) @@ -210,12 +215,11 @@ class HttpslibSSLClientTestCase(BaseSSLClientTestCase): def test_HTTPSConnection_secure_context(self): pid = self.start_server(self.args) try: - ctx = SSL.Context() - ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, - 9) - ctx.load_verify_locations('tests/ca.pem') + self.ctx.set_verify( + SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 9) + self.ctx.load_verify_locations('tests/ca.pem') c = httpslib.HTTPSConnection(srv_host, self.srv_port, - ssl_context=ctx) + ssl_context=self.ctx) c.request('GET', '/') data = c.getresponse().read() c.close() @@ -226,12 +230,11 @@ class HttpslibSSLClientTestCase(BaseSSLClientTestCase): def test_HTTPSConnection_secure_context_fail(self): pid = self.start_server(self.args) try: - ctx = SSL.Context() - ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, - 9) - ctx.load_verify_locations('tests/server.pem') + self.ctx.set_verify( + SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 9) + self.ctx.load_verify_locations('tests/server.pem') c = httpslib.HTTPSConnection(srv_host, self.srv_port, - ssl_context=ctx) + ssl_context=self.ctx) with self.assertRaises(SSL.SSLError): c.request('GET', '/') c.close() @@ -250,13 +253,16 @@ class HttpslibSSLSNIClientTestCase(BaseSSLClientTestCase): '-cert', 'server.pem', '-key', 'server_key.pem', '-cert2', 'server.pem', '-key2', 'server_key.pem', '-accept', str(self.srv_port)] + self.ctx = SSL.Context() - def test_HTTPSConnection_SNI_support(self): + def tearDown(self): + self.ctx.close() + + def test_SNI_support(self): pid = self.start_server(self.args) try: - ctx = SSL.Context() c = httpslib.HTTPSConnection(self.srv_host, self.srv_port, - ssl_context=ctx) + ssl_context=self.ctx) c.request('GET', '/') c.close() finally: @@ -269,6 +275,39 @@ class HttpslibSSLSNIClientTestCase(BaseSSLClientTestCase): out, _ = self.stop_server(pid) self.assertIn('Hostname in TLS extension: "%s"' % srv_host, out) + def test_IP_call(self): + no_exception = True + runs_counter = 0 + pid = self.start_server(self.args) + + for entry in socket.getaddrinfo(self.srv_host, self.srv_port, + socket.AF_INET, + socket.SOCK_STREAM, + socket.IPPROTO_TCP): + ipfamily, socktype, _, _, sockaddr = entry + ip = sockaddr[0] + + sock = socket.socket(ipfamily, socktype) + conn = SSL.Connection(self.ctx, sock=sock) + conn.set_tlsext_host_name(self.srv_host) + conn.set1_host(self.srv_host) + + runs_counter += 1 + try: + conn.connect((ip, self.srv_port)) + except (SSL.SSLError, socket.error): + log.exception("Failed to connect to %s:%s", ip, self.srv_port) + no_exception = False + finally: + conn.close() + + out, _ = self.stop_server(pid) + self.assertEqual( + out.count('Hostname in TLS extension: "%s"' % self.srv_host), + runs_counter) + + self.assertTrue(no_exception) + class MiscSSLClientTestCase(BaseSSLClientTestCase): |