Issue #19292: Add SSLContext.load_default_certs() to load default root CA

certificates from default stores or system stores. By default the method loads CA certs for authentication of server certs.
author: Christian Heimes <christian@cheimes.de> 2013-11-23 12:56:58 (GMT)
committer: Christian Heimes <christian@cheimes.de> 2013-11-23 12:56:58 (GMT)
commit: 72d28500b3c5e6f4051826432b2a801ce4e556f4 (patch)
tree: a9dea78f3f5f280297c4f419f5fd049c8e96f0bc /Lib/test
parent: a30d82f597927f0a7184d1b1018416d1739f4b11 (diff)
download: cpython-72d28500b3c5e6f4051826432b2a801ce4e556f4.zip
cpython-72d28500b3c5e6f4051826432b2a801ce4e556f4.tar.gz
cpython-72d28500b3c5e6f4051826432b2a801ce4e556f4.tar.bz2
1 files changed, 32 insertions, 0 deletions
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index d6a7443..722d331 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -611,6 +611,23 @@ class BasicSocketTests(unittest.TestCase):
         with self.assertRaisesRegex(ValueError, "unknown object 'serverauth'"):
             ssl._ASN1Object.fromname('serverauth')
 
+    def test_purpose_enum(self):
+        val = ssl._ASN1Object('1.3.6.1.5.5.7.3.1')
+        self.assertIsInstance(ssl.Purpose.SERVER_AUTH, ssl._ASN1Object)
+        self.assertEqual(ssl.Purpose.SERVER_AUTH, val)
+        self.assertEqual(ssl.Purpose.SERVER_AUTH.nid, 129)
+        self.assertEqual(ssl.Purpose.SERVER_AUTH.shortname, 'serverAuth')
+        self.assertEqual(ssl.Purpose.SERVER_AUTH.oid,
+                              '1.3.6.1.5.5.7.3.1')
+
+        val = ssl._ASN1Object('1.3.6.1.5.5.7.3.2')
+        self.assertIsInstance(ssl.Purpose.CLIENT_AUTH, ssl._ASN1Object)
+        self.assertEqual(ssl.Purpose.CLIENT_AUTH, val)
+        self.assertEqual(ssl.Purpose.CLIENT_AUTH.nid, 130)
+        self.assertEqual(ssl.Purpose.CLIENT_AUTH.shortname, 'clientAuth')
+        self.assertEqual(ssl.Purpose.CLIENT_AUTH.oid,
+                              '1.3.6.1.5.5.7.3.2')
+
 
 class ContextTests(unittest.TestCase):
 
@@ -967,6 +984,21 @@ class ContextTests(unittest.TestCase):
         der = ssl.PEM_cert_to_DER_cert(pem)
         self.assertEqual(ctx.get_ca_certs(True), [der])
 
+    def test_load_default_certs(self):
+        ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
+        ctx.load_default_certs()
+
+        ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
+        ctx.load_default_certs(ssl.Purpose.SERVER_AUTH)
+        ctx.load_default_certs()
+
+        ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
+        ctx.load_default_certs(ssl.Purpose.CLIENT_AUTH)
+
+        ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
+        self.assertRaises(TypeError, ctx.load_default_certs, None)
+        self.assertRaises(TypeError, ctx.load_default_certs, 'SERVER_AUTH')
+
 
 class SSLErrorTests(unittest.TestCase):
author	Christian Heimes <christian@cheimes.de>	2013-11-23 12:56:58 (GMT)
committer	Christian Heimes <christian@cheimes.de>	2013-11-23 12:56:58 (GMT)
commit	72d28500b3c5e6f4051826432b2a801ce4e556f4 (patch)
tree	a9dea78f3f5f280297c4f419f5fd049c8e96f0bc /Lib/test
parent	a30d82f597927f0a7184d1b1018416d1739f4b11 (diff)
download	cpython-72d28500b3c5e6f4051826432b2a801ce4e556f4.zip cpython-72d28500b3c5e6f4051826432b2a801ce4e556f4.tar.gz cpython-72d28500b3c5e6f4051826432b2a801ce4e556f4.tar.bz2