diff options
| author | Serhiy Storchaka <storchaka@gmail.com> | 2024-02-04 15:28:07 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-02-04 15:28:07 (GMT) |
| commit | 0ea366240b75380ed7568acbe95d72e481a734f7 (patch) | |
| tree | 191fc82a9a72e3bfc9c684b58a085fb0894644df /Lib/test | |
| parent | ecabff98c41453f15ecd26ac255d531b571b9bc1 (diff) | |
| download | cpython-0ea366240b75380ed7568acbe95d72e481a734f7.zip cpython-0ea366240b75380ed7568acbe95d72e481a734f7.tar.gz cpython-0ea366240b75380ed7568acbe95d72e481a734f7.tar.bz2 | |
gh-113280: Always close socket if SSLSocket creation failed (GH-114659)
Co-authored-by: Thomas Grainger <tagrain@gmail.com>
Diffstat (limited to 'Lib/test')
| -rw-r--r-- | Lib/test/test_ssl.py | 33 |
1 files changed, 23 insertions, 10 deletions
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 3fdfa29..1b18230 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -2206,14 +2206,15 @@ def _test_get_server_certificate(test, host, port, cert=None): sys.stdout.write("\nVerified certificate for %s:%s is\n%s\n" % (host, port ,pem)) def _test_get_server_certificate_fail(test, host, port): - try: - pem = ssl.get_server_certificate((host, port), ca_certs=CERTFILE) - except ssl.SSLError as x: - #should fail - if support.verbose: - sys.stdout.write("%s\n" % x) - else: - test.fail("Got server certificate %s for %s:%s!" % (pem, host, port)) + with warnings_helper.check_no_resource_warning(test): + try: + pem = ssl.get_server_certificate((host, port), ca_certs=CERTFILE) + except ssl.SSLError as x: + #should fail + if support.verbose: + sys.stdout.write("%s\n" % x) + else: + test.fail("Got server certificate %s for %s:%s!" % (pem, host, port)) from test.ssl_servers import make_https_server @@ -3026,6 +3027,16 @@ class ThreadedTests(unittest.TestCase): server_hostname="python.example.org") as s: with self.assertRaises(ssl.CertificateError): s.connect((HOST, server.port)) + with ThreadedEchoServer(context=server_context, chatty=True) as server: + with warnings_helper.check_no_resource_warning(self): + with self.assertRaises(UnicodeError): + context.wrap_socket(socket.socket(), + server_hostname='.pythontest.net') + with ThreadedEchoServer(context=server_context, chatty=True) as server: + with warnings_helper.check_no_resource_warning(self): + with self.assertRaises(UnicodeDecodeError): + context.wrap_socket(socket.socket(), + server_hostname=b'k\xf6nig.idn.pythontest.net') def test_wrong_cert_tls12(self): """Connecting when the server rejects the client's certificate @@ -4983,7 +4994,8 @@ class TestPreHandshakeClose(unittest.TestCase): self.assertIsNone(wrap_error.library, msg="attr must exist") finally: # gh-108342: Explicitly break the reference cycle - wrap_error = None + with warnings_helper.check_no_resource_warning(self): + wrap_error = None server = None def test_https_client_non_tls_response_ignored(self): @@ -5032,7 +5044,8 @@ class TestPreHandshakeClose(unittest.TestCase): # socket; that fails if the connection is broken. It may seem pointless # to test this. It serves as an illustration of something that we never # want to happen... properly not happening. - with self.assertRaises(OSError): + with warnings_helper.check_no_resource_warning(self), \ + self.assertRaises(OSError): connection.request("HEAD", "/test", headers={"Host": "localhost"}) response = connection.getresponse() |