diff options
| author | Benjamin Peterson <benjamin@python.org> | 2014-11-24 03:02:02 (GMT) |
|---|---|---|
| committer | Benjamin Peterson <benjamin@python.org> | 2014-11-24 03:02:02 (GMT) |
| commit | e3e7d40514e5dd0c3847682a719577efcfae1d8f (patch) | |
| tree | fa309a48cefeaaf043c182dcca5e7ab58ab8200f /Lib/test/test_urllib2_localnet.py | |
| parent | b206473ef8a7abe9abf5ab8776ea3bcb90adc747 (diff) | |
| download | cpython-e3e7d40514e5dd0c3847682a719577efcfae1d8f.zip cpython-e3e7d40514e5dd0c3847682a719577efcfae1d8f.tar.gz cpython-e3e7d40514e5dd0c3847682a719577efcfae1d8f.tar.bz2 | |
pep 476: verify certificates by default (#22417)
Diffstat (limited to 'Lib/test/test_urllib2_localnet.py')
| -rw-r--r-- | Lib/test/test_urllib2_localnet.py | 27 |
1 files changed, 25 insertions, 2 deletions
diff --git a/Lib/test/test_urllib2_localnet.py b/Lib/test/test_urllib2_localnet.py index 8fc90af..a24a077 100644 --- a/Lib/test/test_urllib2_localnet.py +++ b/Lib/test/test_urllib2_localnet.py @@ -5,6 +5,7 @@ import urllib2 import BaseHTTPServer import unittest import hashlib +import ssl from test import test_support @@ -562,15 +563,37 @@ class TestUrlopen(BaseTestCase): cafile=CERT_localhost) self.assertEqual(data, b"we care a bit") # Bad cert - with self.assertRaises(urllib2.URLError) as cm: + with self.assertRaises(urllib2.URLError): self.urlopen("https://localhost:%s/bizarre" % handler.port, cafile=CERT_fakehostname) # Good cert, but mismatching hostname handler = self.start_https_server(certfile=CERT_fakehostname) - with self.assertRaises(ssl.CertificateError) as cm: + with self.assertRaises(ssl.CertificateError): self.urlopen("https://localhost:%s/bizarre" % handler.port, cafile=CERT_fakehostname) + def test_https_with_cadefault(self): + handler = self.start_https_server(certfile=CERT_localhost) + # Self-signed cert should fail verification with system certificate store + with self.assertRaises(urllib2.URLError): + self.urlopen("https://localhost:%s/bizarre" % handler.port, + cadefault=True) + + def test_https_sni(self): + if ssl is None: + self.skipTest("ssl module required") + if not ssl.HAS_SNI: + self.skipTest("SNI support required in OpenSSL") + sni_name = [None] + def cb_sni(ssl_sock, server_name, initial_context): + sni_name[0] = server_name + context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) + context.set_servername_callback(cb_sni) + handler = self.start_https_server(context=context, certfile=CERT_localhost) + context = ssl.create_default_context(cafile=CERT_localhost) + self.urlopen("https://localhost:%s" % handler.port, context=context) + self.assertEqual(sni_name[0], "localhost") + def test_sending_headers(self): handler = self.start_server([(200, [], "we don't care")]) |