merge 3.4 (#22417)

author: Benjamin Peterson <benjamin@python.org> 2014-11-03 19:36:48 (GMT)
committer: Benjamin Peterson <benjamin@python.org> 2014-11-03 19:36:48 (GMT)
commit: 1cca273669598978f6dfc1d1aad92e02a84bbe04 (patch)
tree: 1f691e61f1dcc13f14fee02fe0031dd865e74869 /Lib/test/test_httplib.py
parent: 2cb0e73a89589ce56ba17da39a06f8017cfc92e4 (diff)
parent: 4ffb0752710f0c0720d4f2af0c4b7ce1ebb9d2bd (diff)
download: cpython-1cca273669598978f6dfc1d1aad92e02a84bbe04.zip
cpython-1cca273669598978f6dfc1d1aad92e02a84bbe04.tar.gz
cpython-1cca273669598978f6dfc1d1aad92e02a84bbe04.tar.bz2
1 files changed, 40 insertions, 9 deletions
diff --git a/Lib/test/test_httplib.py b/Lib/test/test_httplib.py
index 00c272c..8142c0e 100644
--- a/Lib/test/test_httplib.py
+++ b/Lib/test/test_httplib.py
@@ -1012,13 +1012,36 @@ class HTTPSTest(TestCase):
         self.assertIn('Apache', server_string)
 
     def test_networked(self):
-        # Default settings: no cert verification is done
+        # Default settings: requires a valid cert from a trusted CA
+        import ssl
         support.requires('network')
-        with support.transient_internet('svn.python.org'):
-            h = client.HTTPSConnection('svn.python.org', 443)
+        with support.transient_internet('self-signed.pythontest.net'):
+            h = client.HTTPSConnection('self-signed.pythontest.net', 443)
+            with self.assertRaises(ssl.SSLError) as exc_info:
+                h.request('GET', '/')
+            self.assertEqual(exc_info.exception.reason, 'CERTIFICATE_VERIFY_FAILED')
+
+    def test_networked_noverification(self):
+        # Switch off cert verification
+        import ssl
+        support.requires('network')
+        with support.transient_internet('self-signed.pythontest.net'):
+            context = ssl._create_unverified_context()
+            h = client.HTTPSConnection('self-signed.pythontest.net', 443,
+                                       context=context)
             h.request('GET', '/')
             resp = h.getresponse()
-            self._check_svn_python_org(resp)
+            self.assertIn('nginx', resp.getheader('server'))
+
+    def test_networked_trusted_by_default_cert(self):
+        # Default settings: requires a valid cert from a trusted CA
+        support.requires('network')
+        with support.transient_internet('www.python.org'):
+            h = client.HTTPSConnection('www.python.org', 443)
+            h.request('GET', '/')
+            resp = h.getresponse()
+            content_type = resp.getheader('content-type')
+            self.assertIn('text/html', content_type)
 
     def test_networked_good_cert(self):
         # We feed a CA cert that validates the server's cert
@@ -1037,13 +1060,23 @@ class HTTPSTest(TestCase):
         # We feed a "CA" cert that is unrelated to the server's cert
         import ssl
         support.requires('network')
-        with support.transient_internet('svn.python.org'):
+        with support.transient_internet('self-signed.pythontest.net'):
             context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
             context.verify_mode = ssl.CERT_REQUIRED
             context.load_verify_locations(CERT_localhost)
-            h = client.HTTPSConnection('svn.python.org', 443, context=context)
-            with self.assertRaises(ssl.SSLError):
+            h = client.HTTPSConnection('self-signed.pythontest.net', 443, context=context)
+            with self.assertRaises(ssl.SSLError) as exc_info:
                 h.request('GET', '/')
+            self.assertEqual(exc_info.exception.reason, 'CERTIFICATE_VERIFY_FAILED')
+
+    def test_local_unknown_cert(self):
+        # The custom cert isn't known to the default trust bundle
+        import ssl
+        server = self.make_server(CERT_localhost)
+        h = client.HTTPSConnection('localhost', server.port)
+        with self.assertRaises(ssl.SSLError) as exc_info:
+            h.request('GET', '/')
+        self.assertEqual(exc_info.exception.reason, 'CERTIFICATE_VERIFY_FAILED')
 
     def test_local_good_hostname(self):
         # The (valid) cert validates the HTTP hostname
@@ -1056,7 +1089,6 @@ class HTTPSTest(TestCase):
         h.request('GET', '/nonexistent')
         resp = h.getresponse()
         self.assertEqual(resp.status, 404)
-        del server
 
     def test_local_bad_hostname(self):
         # The (valid) cert doesn't validate the HTTP hostname
@@ -1079,7 +1111,6 @@ class HTTPSTest(TestCase):
         h.request('GET', '/nonexistent')
         resp = h.getresponse()
         self.assertEqual(resp.status, 404)
-        del server
 
     @unittest.skipIf(not hasattr(client, 'HTTPSConnection'),
                      'http.client.HTTPSConnection not available')
author	Benjamin Peterson <benjamin@python.org>	2014-11-03 19:36:48 (GMT)
committer	Benjamin Peterson <benjamin@python.org>	2014-11-03 19:36:48 (GMT)
commit	1cca273669598978f6dfc1d1aad92e02a84bbe04 (patch)
tree	1f691e61f1dcc13f14fee02fe0031dd865e74869 /Lib/test/test_httplib.py
parent	2cb0e73a89589ce56ba17da39a06f8017cfc92e4 (diff)
parent	4ffb0752710f0c0720d4f2af0c4b7ce1ebb9d2bd (diff)
download	cpython-1cca273669598978f6dfc1d1aad92e02a84bbe04.zip cpython-1cca273669598978f6dfc1d1aad92e02a84bbe04.tar.gz cpython-1cca273669598978f6dfc1d1aad92e02a84bbe04.tar.bz2