diff options
| author | Antoine Pitrou <solipsis@pitrou.net> | 2010-04-21 19:28:03 (GMT) |
|---|---|---|
| committer | Antoine Pitrou <solipsis@pitrou.net> | 2010-04-21 19:28:03 (GMT) |
| commit | c715a9ed08f5b4ed05effd10adf25cc79551eb02 (patch) | |
| tree | 129483b0867595fef6ed0b4c9e40c1dcb85e7a1c /Lib/test/test_ssl.py | |
| parent | 62e17ad2340f2c46aed45cf38ead786f5d5124d2 (diff) | |
| download | cpython-c715a9ed08f5b4ed05effd10adf25cc79551eb02.zip cpython-c715a9ed08f5b4ed05effd10adf25cc79551eb02.tar.gz cpython-c715a9ed08f5b4ed05effd10adf25cc79551eb02.tar.bz2 | |
Issue #8484: Load all ciphers and digest algorithms when initializing
the _ssl extension, such that verification of some SSL certificates
doesn't fail because of an "unknown algorithm".
Diffstat (limited to 'Lib/test/test_ssl.py')
| -rw-r--r-- | Lib/test/test_ssl.py | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 6199685..bab1452 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -232,6 +232,26 @@ class NetworkedTests(unittest.TestCase): if test_support.verbose: sys.stdout.write("\nVerified certificate for svn.python.org:443 is\n%s\n" % pem) + def test_algorithms(self): + # Issue #8484: all algorithms should be available when verifying a + # certificate. + # NOTE: https://sha256.tbs-internet.com is another possible test host + remote = ("sha2.hboeck.de", 443) + sha256_cert = os.path.join(os.path.dirname(__file__), "sha256.pem") + s = ssl.wrap_socket(socket.socket(socket.AF_INET), + cert_reqs=ssl.CERT_REQUIRED, + ca_certs=sha256_cert,) + with test_support.transient_internet(): + try: + s.connect(remote) + if test_support.verbose: + sys.stdout.write("\nCipher with %r is %r\n" % + (remote, s.cipher())) + sys.stdout.write("Certificate is:\n%s\n" % + pprint.pformat(s.getpeercert())) + finally: + s.close() + try: import threading |