summaryrefslogtreecommitdiff
path: root/tests
Commit message (Collapse)AuthorAgeFilesLines
...
* Add SSL.Context.set_keylog_callback (#910)Maximilian Hils2020-07-281-0/+31
| | | | | | | | | * add SSL.Context.set_keylog_callback * don't fail on missing attribute * lint! * make it black
* Paint it Black by the Rolling Stones (#920)Alex Gaynor2020-07-237-605/+891
|
* Fix generated test X.509 certificates. (#917)David Benjamin2020-06-242-0/+6
| | | | | | | | | | | From RFC 5280, section 4.1.2.9: [Extensions] MUST only appear if the version is 3 (Section 4.1.2.1). If present, this field is a SEQUENCE of one or more certificate extensions. The format and content of certificate extensions in the Internet PKI are defined in Section 4.2. X509 objects default to v1, so the test certs need a set_version(2) call. (Note v3 is encoded as 2.)
* Remove deprecated tsafe module. (#913)Benjamin Peterson2020-05-221-23/+0
|
* Drop OpenSSL 1.0.1 (#908)Alex Gaynor2020-04-071-208/+187
|
* Fix PKey.check for some broken keys (#897)Mrmaxmeier2020-03-111-0/+14
| | | | | | | | | * fix PKey.check for some broken keys RSA_check_key is documented to return 1 for valid keys. It (currently) returns 0 or -1 for invalid ones. The previous code accepted invalid keys if RSA_check_key returns -1! * add test
* Make tests pass in the future (now the present) (#888)Alex Gaynor2020-01-121-3/+5
|
* Random cleanup around our usage of binary_type (#879)Alex Gaynor2019-11-181-5/+3
|
* ALPN: complete handshake without accepting a client's protocols. (#876)Mark Williams2019-11-181-1/+78
| | | | | | | | | | | | | | | | | | | | | | | | | * ALPN: complete handshake without accepting a client's protocols. The callback passed to `SSL_CTX_set_alpn_select_cb` can return `SSL_TLSEXT_ERR_NOACK` to allow the handshake to continue without accepting any of the client's offered protocols. This commit introduces `NO_OVERLAPPING_PROTOCOLS`, which the Python callback passed to `Context.set_alpn_select_callback` can return to achieve the same thing. It does not change the previous meaning of an empty string, which still terminates the handshake. * Update src/OpenSSL/SSL.py Co-Authored-By: Alex Gaynor <alex.gaynor@gmail.com> * Address @alex's review. * Use recorded value in test, fix lint error. * Cover TypeError branch in _ALPNHelper.callback
* use _ffi.from_buffer() to support bytearray (#852)Daniel Holth2019-11-181-2/+40
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * use _ffi.from_buffer(buf) in send, to support bytearray * add bytearray test * update CHANGELOG.rst * move from_buffer before 'buffer too long' check * context-managed from_buffer + black * don't shadow buf in send() * test return count for sendall * test sending an array * fix test * also use from_buffer in bio_write * de-format _util.py * formatting * add simple bio_write tests * wrap line
* Fix for Python 4 (#862)Hugo van Kemenade2019-08-292-7/+7
| | | | | | * Fix for Python 4 * Fix for Python 4
* Mark this test as flaky (#850)Alex Gaynor2019-07-061-0/+3
|
* Remove tests of long functionality (#832)Alex Gaynor2019-05-191-117/+0
| | | These don't actually cover any code.
* Make test_ssl pass in an IPv6-only environment (#827)David Benjamin2019-04-151-20/+38
| | | | | | | | | | | | * Make test_ssl pass in an IPv6-only environment * Review comments * Update tests/test_ssl.py Co-Authored-By: davidben <davidben@davidben.net> * Wrap long line with parens.
* skip NPN tests if NPN is not available (#822)Paul Kehrer2019-02-261-0/+3
| | | | | | * skip NPN tests if NPN is not available * use the right name
* Raise an Error with "no cipher match" even with TLS 1.3 (#818)Mark Williams2019-02-141-9/+22
| | | | | | | | | | | * Raise an Error with "no cipher match" even with TLS 1.3 This makes Twisted's OpenSSLAcceptableCiphers.fromOpenSSLCipherString and seamlessly work with TLS 1.3: https://github.com/twisted/twisted/pull/1100/files/a5df2fb373ac67b0e3032acc9291ae88dfd0b3b1#diff-df501bac724aab523150498f84749b88R1767 * Split TestContext.test_set_cipher_list_wrong_args into two tests.
* Removed deprecated Type aliases (#814)Alex Gaynor2019-02-072-63/+32
| | | | | | | | | | | | * Removed deprecated Type aliases * typo * typo * missed this somehow * Line wrap
* Update test for us not supporting 0.9.8 (#812)Alex Gaynor2019-02-021-4/+2
|
* Handle NULL bytes in get_components() values (#804)Romuald Brunet2019-01-211-0/+11
| | | | | | | | | | | * Handle NULL bytes in get_components() values Some old software may generate "bogus" CN with each character preceded by a NULL. This is already handled in commonName, but wasn't in get_components() * review fixes (fix py3 test & avoid unpack/cast)
* Hypothetically fixes pyOpenSSL tests (#805)Paul Kehrer2019-01-212-30/+36
| | | | | | | | | | | | | | | * fix openssl CLI testing for 1.1.1 * various 1.1.1 related fixes some of which are just admitting TLS 1.3 is fundamentally different and pinning the tests to TLS 1.2 * flake8 fixes * allow travis_infra env var through * fix twisted
* X509Store.add_cert no longer raises an error on duplicate cert (#787)Paul Kehrer2018-08-231-5/+4
| | | | | | * X509Store.add_cert no longer raises an error on duplicate cert * move changelog entry
* fix wantWriteError to error even with big socket buffers (#782)catern2018-08-091-1/+1
| | | | | | | My system apparently has larger socket buffers than this test assumes, so it fails. (Debian 9, Linux 4.16, Python 3.7) So let's increase the size of the buffers such that it works for me. This was the smallest power of 2 that worked.
* Add Connection.get_certificate method (#733)Jeremy Lainé2018-05-161-0/+25
| | | | | | | | This makes it possible to retrieve the local certificate (if any) for a Connection. An example where this is useful is when negotiating a DTLS-SRTP connection, the fingerprint of the local certificate needs to be communicated to the remote party out-of-band via SDP.
* Add Context.set_tlsext_use_srtp (#734)Jeremy Lainé2018-05-161-0/+29
| | | | This allows negotiating SRTP keying material, which is useful when using DTLS-SRTP, as WebRTC does for example.
* Fixed a handful of typos (#755)Alex Gaynor2018-05-141-1/+1
|
* Increase the size of RSA key used in tests for OpenSSL 1.1.1 (#750)Alex Gaynor2018-05-122-5/+5
| | | | | | | | * Increase the size of RSA key used in tests for OpenSSL 1.1.1 * here too * In test_ssl.py as well
* fixed tests that want SNI (#751)Alex Gaynor2018-05-121-0/+1
|
* Raise minimum cryptography version to 2.2.1, drop python 2.6 (#742)Jeremy Lainé2018-03-211-11/+1
|
* Export keying material support (#725)Paul Kehrer2017-11-301-0/+22
| | | | | | | | | | | | | | * added method to export keying material from an ssl connection * updated tests to use bytestrings to avoid breaking python3 tests * added additional comments to test * simplify export_keying_material * add changelog * address review feedback
* fix a memory leak and a potential UAF and also #722 (#723)Paul Kehrer2017-11-301-0/+25
| | | | | | | | * fix a memory leak and a potential UAF and also #722 * sanity check * bump cryptography minimum version, add changelog
* restore a subset of the rand module (#708)Paul Kehrer2017-11-201-0/+38
| | | | | | | | | | * restore a subset of the rand module * flake * remove cleanup, go ahead and assume status will always be 1 * lighten and add power
* fix errors with latest flake8 (#710)Alex Gaynor2017-11-201-4/+4
| | | | | | | | | | * fix errors with latest flake8 * Also fix the macOS builds * fix? * allow urllib3 to fail for now
* Fix another test to not hardcode TLSv1 (#683)Alex Gaynor2017-08-071-1/+1
|
* Don't use "TLSv1" as a default for loopback clients/servers (#682)Alex Gaynor2017-08-071-2/+2
| | | | | | * Don't use "TLSv1" as a default for loopback clients/servers * We're sticklers for spelling
* Delete rand.py (#675)Alex Gaynor2017-07-251-172/+0
|
* Simplify test code (#679)Alex Gaynor2017-07-251-50/+1
| | | | | | * Simplify test code * fix
* Mark this test as flaky (#678)Alex Gaynor2017-07-241-0/+1
|
* (EC)DSA signature fix (#670)Paul Kehrer2017-07-201-0/+41
| | | | | | | | | | | | | * Write a test - signatures with EC keys (#609) * Ask for signature length before allocating a buffer. This fixes a potential heap buffer overflow that may happen when a signature is longer than the private key, as with X9.62 ECDSA (#609). * change approach to EVP_PKEY_size and add changelog * add a small assert
* 101 doesn't work, just mark it flaky (#662)Alex Gaynor2017-07-061-1/+2
|
* FIxed #266 -- attempt to deflake our tests (#660)Alex Gaynor2017-07-061-1/+6
| | | | | | * FIxed #266 -- attempt to deflake our tests * typo
* Fixed #657 -- handle OverflowErrors on large allocation requests (#659)Alex Gaynor2017-07-061-4/+4
| | | | | | * Fixed #657 -- handle OverflowErrors on large allocation requests * always be overflowing
* Removed the deprecated md5 default on CRL.export() (#652)Alex Gaynor2017-06-301-18/+18
| | | | | | | | | | | | | | * Removed the deprecated md5 default on CRL.export() * Doh * unused import * fixed tests * last one * py3k!!!!!
* remove gibberish comment (#648)Alex Gaynor2017-06-301-2/+0
|
* Kill dead code (#647)Alex Gaynor2017-06-291-5/+0
| | | | | | | | | | * Simplify code * dead code * unused... * write imports normally
* Fixed #461 -- make the tests pass when SSLv3 isn't supported (#644)Alex Gaynor2017-06-291-3/+5
| | | | | | | | | | | | | | * Fixed #461 -- make the tests pass when SSLv3 isn't supported We no longer support OpenSSL 1.0.0, so TLSv1.2 should always be available and this code can be simplified. * Try the opposite direction? * Another shot at getting this passing * uhhh * grump
* try loading trusted certs from a list of fallbacks (#633)Paul Kehrer2017-06-291-1/+88
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * try loading trusted certs from a list of fallbacks pyca/cryptography will shortly begin shipping a wheel. Since SSL_CTX_set_default_verify_paths uses a hardcoded path compiled into the library, this will start failing to load the proper certificates for users on many linux distributions. To avoid this we can use the Go solution of iterating over a list of potential candidates and loading it when found. * capath is lazy loaded so we need to do a lot more checks This now checks to see if env vars are set as well as seeing if the dir exists and has valid certs in it. If either of those are true (or the number of certs is > 0) it won't load the fallback. If it does do the fallback it will also attempt to load certs from a dir as a final fallback * remove an early return * this shouldn't be commented out * oops * very limited testing * sigh, can't use these py3 exceptions of course * expand the tests a bit * coverage! * don't need this now * change the approach to use a pyca/cryptography guard value * test fix * older python sometimes calls itself linux2 * flake8 * add changelog * coverage * slash opt
* dump_privatekey with FILETYPE_TEXT only supports RSA keys (#646)Paul Kehrer2017-06-291-0/+14
| | | | | | | | * dump_privatekey with FILETYPE_TEXT only supports RSA keys FILETYPE_TEXT is terrible but everyone hold their nose * also verify it's a pkey
* add to_cryptography/from_cryptography on CRL and X509Req (#645)Paul Kehrer2017-06-291-0/+32
| | | | | | * add to_cryptography/from_cryptography on CRL and X509Req * add changelog entry
* Added an API for converting X509 to/from cryptography (#640)Alex Gaynor2017-06-251-0/+21
| | | | | | * Added an API for converting X509 to/from cryptography * changelog
* the root cert expired, make a new one (using the same values) (#637)Paul Kehrer2017-06-111-43/+63
| | | | | | | | | | | | | * the root cert expired, make a new one (using the same values) The new one lasts 20 years. If this project is still in use in 20 years we have failed. * this is the same cert. wtf * replace the other certs we need to replace... * this too
View Lorry Controller Status