summaryrefslogtreecommitdiffstats
path: root/Lib/test
diff options
context:
space:
mode:
authorAntoine Pitrou <solipsis@pitrou.net>2011-12-19 16:16:51 (GMT)
committerAntoine Pitrou <solipsis@pitrou.net>2011-12-19 16:16:51 (GMT)
commit923df6f22a4a9ca0e2d5f15b29ec747ce00cd606 (patch)
treef6d96b4d24957014b3a410df4f70fa8ddee6ab5a /Lib/test
parentd1301953fe355bc6637f33a4985c950bcfc73adf (diff)
downloadcpython-923df6f22a4a9ca0e2d5f15b29ec747ce00cd606.zip
cpython-923df6f22a4a9ca0e2d5f15b29ec747ce00cd606.tar.gz
cpython-923df6f22a4a9ca0e2d5f15b29ec747ce00cd606.tar.bz2
Issue #13627: Add support for SSL Elliptic Curve-based Diffie-Hellman
key exchange, through the SSLContext.set_ecdh_curve() method and the ssl.OP_SINGLE_ECDH_USE option.
Diffstat (limited to 'Lib/test')
-rw-r--r--Lib/test/ssl_servers.py5
-rw-r--r--Lib/test/test_ssl.py10
2 files changed, 15 insertions, 0 deletions
diff --git a/Lib/test/ssl_servers.py b/Lib/test/ssl_servers.py
index 77be381..86bc950 100644
--- a/Lib/test/ssl_servers.py
+++ b/Lib/test/ssl_servers.py
@@ -176,6 +176,9 @@ if __name__ == "__main__":
action='store_false', help='be less verbose')
parser.add_argument('-s', '--stats', dest='use_stats_handler', default=False,
action='store_true', help='always return stats page')
+ parser.add_argument('--curve-name', dest='curve_name', type=str,
+ action='store',
+ help='curve name for EC-based Diffie-Hellman')
args = parser.parse_args()
support.verbose = args.verbose
@@ -186,6 +189,8 @@ if __name__ == "__main__":
handler_class.root = os.getcwd()
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
context.load_cert_chain(CERTFILE)
+ if args.curve_name:
+ context.set_ecdh_curve(args.curve_name)
server = HTTPSServer(("", args.port), handler_class, context)
if args.verbose:
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 288b714..505550f 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -99,6 +99,7 @@ class BasicSocketTests(unittest.TestCase):
ssl.CERT_OPTIONAL
ssl.CERT_REQUIRED
ssl.OP_CIPHER_SERVER_PREFERENCE
+ ssl.OP_SINGLE_ECDH_USE
self.assertIn(ssl.HAS_SNI, {True, False})
def test_random(self):
@@ -558,6 +559,15 @@ class ContextTests(unittest.TestCase):
ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
ctx.set_default_verify_paths()
+ def test_set_ecdh_curve(self):
+ ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
+ ctx.set_ecdh_curve("prime256v1")
+ ctx.set_ecdh_curve(b"prime256v1")
+ self.assertRaises(TypeError, ctx.set_ecdh_curve)
+ self.assertRaises(TypeError, ctx.set_ecdh_curve, None)
+ self.assertRaises(ValueError, ctx.set_ecdh_curve, "foo")
+ self.assertRaises(ValueError, ctx.set_ecdh_curve, b"foo")
+
class NetworkedTests(unittest.TestCase):