diff options
author | Antoine Pitrou <solipsis@pitrou.net> | 2010-10-22 18:19:07 (GMT) |
---|---|---|
committer | Antoine Pitrou <solipsis@pitrou.net> | 2010-10-22 18:19:07 (GMT) |
commit | d532321f7ba2e23e4110f05331fee8beca736826 (patch) | |
tree | 9383fb529fee0b92edc2a06e0435b7e8560cb1ec /Lib/test/test_ssl.py | |
parent | 4ebfdf01bb128005842be322fc89457d527ff000 (diff) | |
download | cpython-d532321f7ba2e23e4110f05331fee8beca736826.zip cpython-d532321f7ba2e23e4110f05331fee8beca736826.tar.gz cpython-d532321f7ba2e23e4110f05331fee8beca736826.tar.bz2 |
Issue #5639: Add a *server_hostname* argument to `SSLContext.wrap_socket`
in order to support the TLS SNI extension. `HTTPSConnection` and
`urlopen()` also use this argument, so that HTTPS virtual hosts are now
supported.
Diffstat (limited to 'Lib/test/test_ssl.py')
-rw-r--r-- | Lib/test/test_ssl.py | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 0c8a8e6..67bc01a 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -89,6 +89,7 @@ class BasicSocketTests(unittest.TestCase): ssl.CERT_NONE ssl.CERT_OPTIONAL ssl.CERT_REQUIRED + self.assertIn(ssl.HAS_SNI, {True, False}) def test_random(self): v = ssl.RAND_status() @@ -277,6 +278,12 @@ class BasicSocketTests(unittest.TestCase): self.assertRaises(ValueError, ssl.match_hostname, None, 'example.com') self.assertRaises(ValueError, ssl.match_hostname, {}, 'example.com') + def test_server_side(self): + # server_hostname doesn't work for server sockets + ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + sock = socket.socket() + self.assertRaises(ValueError, ctx.wrap_socket, sock, True, + server_hostname="some.hostname") class ContextTests(unittest.TestCase): @@ -441,6 +448,14 @@ class NetworkedTests(unittest.TestCase): self.assertEqual({}, s.getpeercert()) finally: s.close() + # Same with a server hostname + s = ctx.wrap_socket(socket.socket(socket.AF_INET), + server_hostname="svn.python.org") + if ssl.HAS_SNI: + s.connect(("svn.python.org", 443)) + s.close() + else: + self.assertRaises(ValueError, s.connect, ("svn.python.org", 443)) # This should fail because we have no verification certs ctx.verify_mode = ssl.CERT_REQUIRED s = ctx.wrap_socket(socket.socket(socket.AF_INET)) @@ -1500,6 +1515,7 @@ def test_main(verbose=False): print("test_ssl: testing with %r %r" % (ssl.OPENSSL_VERSION, ssl.OPENSSL_VERSION_INFO)) print(" under %s" % plat) + print(" HAS_SNI = %r" % ssl.HAS_SNI) for filename in [ CERTFILE, SVN_PYTHON_ORG_ROOT_CERT, BYTES_CERTFILE, |