diff options
author | Antoine Pitrou <solipsis@pitrou.net> | 2010-04-21 19:46:23 (GMT) |
---|---|---|
committer | Antoine Pitrou <solipsis@pitrou.net> | 2010-04-21 19:46:23 (GMT) |
commit | fec12fff0f49275e0f7e2d52a689a709db41c0c1 (patch) | |
tree | f97d82923abc5ab82fae1a12a9608b786fe82243 /Lib/test/test_ssl.py | |
parent | e7ed1d7f6808fc325154bd5e07de30e2a6a5b1bf (diff) | |
download | cpython-fec12fff0f49275e0f7e2d52a689a709db41c0c1.zip cpython-fec12fff0f49275e0f7e2d52a689a709db41c0c1.tar.gz cpython-fec12fff0f49275e0f7e2d52a689a709db41c0c1.tar.bz2 |
Merged revisions 80314-80315 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r80314 | antoine.pitrou | 2010-04-21 21:28:03 +0200 (mer., 21 avril 2010) | 5 lines
Issue #8484: Load all ciphers and digest algorithms when initializing
the _ssl extension, such that verification of some SSL certificates
doesn't fail because of an "unknown algorithm".
........
r80315 | antoine.pitrou | 2010-04-21 21:36:23 +0200 (mer., 21 avril 2010) | 3 lines
Forgot to add the sample certificate (followup to r80314)
........
Diffstat (limited to 'Lib/test/test_ssl.py')
-rw-r--r-- | Lib/test/test_ssl.py | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index c1c59b5..77a5d6d 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -218,6 +218,26 @@ class NetworkedTests(unittest.TestCase): if support.verbose: sys.stdout.write("\nVerified certificate for svn.python.org:443 is\n%s\n" % pem) + def test_algorithms(self): + # Issue #8484: all algorithms should be available when verifying a + # certificate. + # NOTE: https://sha256.tbs-internet.com is another possible test host + remote = ("sha2.hboeck.de", 443) + sha256_cert = os.path.join(os.path.dirname(__file__), "sha256.pem") + s = ssl.wrap_socket(socket.socket(socket.AF_INET), + cert_reqs=ssl.CERT_REQUIRED, + ca_certs=sha256_cert,) + with support.transient_internet(): + try: + s.connect(remote) + if support.verbose: + sys.stdout.write("\nCipher with %r is %r\n" % + (remote, s.cipher())) + sys.stdout.write("Certificate is:\n%s\n" % + pprint.pformat(s.getpeercert())) + finally: + s.close() + try: import threading |