diff options
| author | Victor Stinner <vstinner@python.org> | 2022-07-08 13:20:15 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-07-08 13:20:15 (GMT) |
| commit | 00464bbed66e5f64bdad7f930b315a88d5afccae (patch) | |
| tree | 4f16892435484a613cbe000ab774a1a8a8ae2b42 /Lib/test | |
| parent | 23ee4a8067506e6c9c47748185653617413f7a60 (diff) | |
| download | cpython-00464bbed66e5f64bdad7f930b315a88d5afccae.zip cpython-00464bbed66e5f64bdad7f930b315a88d5afccae.tar.gz cpython-00464bbed66e5f64bdad7f930b315a88d5afccae.tar.bz2 | |
gh-94199: Remove the ssl.wrap_socket() function (#94203)
Remove the ssl.wrap_socket() function, deprecated in Python 3.7:
instead, create a ssl.SSLContext object and call its
sl.SSLContext.wrap_socket() method. Any package that still uses
ssl.wrap_socket() is broken and insecure. The function neither sends
a SNI TLS extension nor validates server hostname. Code is subject to
CWE-295 : Improper Certificate Validation.
Diffstat (limited to 'Lib/test')
| -rw-r--r-- | Lib/test/test_ssl.py | 30 |
1 files changed, 0 insertions, 30 deletions
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 544adad..65f5d4a 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -629,36 +629,6 @@ class BasicSocketTests(unittest.TestCase): str(cm.warning) ) - @ignore_deprecation - def test_errors_sslwrap(self): - sock = socket.socket() - self.assertRaisesRegex(ValueError, - "certfile must be specified", - ssl.wrap_socket, sock, keyfile=CERTFILE) - self.assertRaisesRegex(ValueError, - "certfile must be specified for server-side operations", - ssl.wrap_socket, sock, server_side=True) - self.assertRaisesRegex(ValueError, - "certfile must be specified for server-side operations", - ssl.wrap_socket, sock, server_side=True, certfile="") - with ssl.wrap_socket(sock, server_side=True, certfile=CERTFILE) as s: - self.assertRaisesRegex(ValueError, "can't connect in server-side mode", - s.connect, (HOST, 8080)) - with self.assertRaises(OSError) as cm: - with socket.socket() as sock: - ssl.wrap_socket(sock, certfile=NONEXISTINGCERT) - self.assertEqual(cm.exception.errno, errno.ENOENT) - with self.assertRaises(OSError) as cm: - with socket.socket() as sock: - ssl.wrap_socket(sock, - certfile=CERTFILE, keyfile=NONEXISTINGCERT) - self.assertEqual(cm.exception.errno, errno.ENOENT) - with self.assertRaises(OSError) as cm: - with socket.socket() as sock: - ssl.wrap_socket(sock, - certfile=NONEXISTINGCERT, keyfile=NONEXISTINGCERT) - self.assertEqual(cm.exception.errno, errno.ENOENT) - def bad_cert_test(self, certfile): """Check that trying to use the given client certificate fails""" certfile = os.path.join(os.path.dirname(__file__) or os.curdir, |