diff options
| author | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2024-08-19 15:39:28 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-19 15:39:28 (GMT) |
| commit | 21399a096302ea577efd9a12c2f08b4458d095bd (patch) | |
| tree | b0593057e3ddf375a34e48bee76d1fb82b42b9ee /Lib/test/test_ssl.py | |
| parent | 0a02026a084213cbd09c66534c55104ab460c686 (diff) | |
| download | cpython-21399a096302ea577efd9a12c2f08b4458d095bd.zip cpython-21399a096302ea577efd9a12c2f08b4458d095bd.tar.gz cpython-21399a096302ea577efd9a12c2f08b4458d095bd.tar.bz2 | |
[3.13] gh-118658: Return consistent types from `get_un/verified_chain` in `SSLObject` and `SSLSocket` (GH-118669) (#123082)
gh-118658: Return consistent types from `get_un/verified_chain` in `SSLObject` and `SSLSocket` (GH-118669)
(cherry picked from commit 8ef358dae1959e2aff8b04fb69b8a36d6da6847a)
Co-authored-by: Mateusz Nowak <nowak.mateusz@hotmail.com>
Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
Diffstat (limited to 'Lib/test/test_ssl.py')
| -rw-r--r-- | Lib/test/test_ssl.py | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 6ec010d..9c415bd 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -103,6 +103,7 @@ CRLFILE = data_file("revocation.crl") # Two keys and certs signed by the same CA (for SNI tests) SIGNED_CERTFILE = data_file("keycert3.pem") +SINGED_CERTFILE_ONLY = data_file("cert3.pem") SIGNED_CERTFILE_HOSTNAME = 'localhost' SIGNED_CERTFILE_INFO = { @@ -4720,6 +4721,40 @@ class TestPostHandshakeAuth(unittest.TestCase): ssl.PEM_cert_to_DER_cert(pem), der ) + def test_certificate_chain(self): + client_context, server_context, hostname = testing_context( + server_chain=False + ) + server = ThreadedEchoServer(context=server_context, chatty=False) + + with open(SIGNING_CA) as f: + expected_ca_cert = ssl.PEM_cert_to_DER_cert(f.read()) + + with open(SINGED_CERTFILE_ONLY) as f: + expected_ee_cert = ssl.PEM_cert_to_DER_cert(f.read()) + + with server: + with client_context.wrap_socket( + socket.socket(), + server_hostname=hostname + ) as s: + s.connect((HOST, server.port)) + vc = s.get_verified_chain() + self.assertEqual(len(vc), 2) + + ee, ca = vc + self.assertIsInstance(ee, bytes) + self.assertIsInstance(ca, bytes) + self.assertEqual(expected_ca_cert, ca) + self.assertEqual(expected_ee_cert, ee) + + uvc = s.get_unverified_chain() + self.assertEqual(len(uvc), 1) + self.assertIsInstance(uvc[0], bytes) + + self.assertEqual(ee, uvc[0]) + self.assertNotEqual(ee, ca) + def test_internal_chain_server(self): client_context, server_context, hostname = testing_context() client_context.load_cert_chain(SIGNED_CERTFILE) |