diff options
| author | Christian Heimes <christian@cheimes.de> | 2013-12-02 19:01:29 (GMT) |
|---|---|---|
| committer | Christian Heimes <christian@cheimes.de> | 2013-12-02 19:01:29 (GMT) |
| commit | 48aae57996c89a5601534320fdd078da978fb7bb (patch) | |
| tree | 77c04c61c848c35eceeaa0962e5d185fbc8a8833 /Lib/test | |
| parent | 0c924b83eefead8c111f66452b0681a5c7485a5c (diff) | |
| download | cpython-48aae57996c89a5601534320fdd078da978fb7bb.zip cpython-48aae57996c89a5601534320fdd078da978fb7bb.tar.gz cpython-48aae57996c89a5601534320fdd078da978fb7bb.tar.bz2 | |
Issue #19782: imaplib now supports SSLContext.check_hostname and server name
indication for TLS/SSL connections.
Diffstat (limited to 'Lib/test')
| -rw-r--r-- | Lib/test/test_imaplib.py | 28 |
1 files changed, 26 insertions, 2 deletions
diff --git a/Lib/test/test_imaplib.py b/Lib/test/test_imaplib.py index 81bfd1f..bafd62b 100644 --- a/Lib/test/test_imaplib.py +++ b/Lib/test/test_imaplib.py @@ -20,6 +20,7 @@ except ImportError: ssl = None CERTFILE = None +CAFILE = None class TestImaplib(unittest.TestCase): @@ -348,6 +349,25 @@ class ThreadedNetworkedTestsSSL(BaseThreadedNetworkedTests): server_class = SecureTCPServer imap_class = IMAP4_SSL + @reap_threads + def test_ssl_verified(self): + ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + ssl_context.verify_mode = ssl.CERT_REQUIRED + ssl_context.check_hostname = True + ssl_context.load_verify_locations(CAFILE) + + with self.assertRaisesRegex(ssl.CertificateError, + "hostname '127.0.0.1' doesn't match 'localhost'"): + with self.reaped_server(SimpleIMAPHandler) as server: + client = self.imap_class(*server.server_address, + ssl_context=ssl_context) + client.shutdown() + + with self.reaped_server(SimpleIMAPHandler) as server: + client = self.imap_class("localhost", server.server_address[1], + ssl_context=ssl_context) + client.shutdown() + class RemoteIMAPTest(unittest.TestCase): host = 'cyrus.andrew.cmu.edu' @@ -460,11 +480,15 @@ def load_tests(*args): if support.is_resource_enabled('network'): if ssl: - global CERTFILE + global CERTFILE, CAFILE CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, - "keycert.pem") + "keycert3.pem") if not os.path.exists(CERTFILE): raise support.TestFailed("Can't read certificate files!") + CAFILE = os.path.join(os.path.dirname(__file__) or os.curdir, + "pycacert.pem") + if not os.path.exists(CAFILE): + raise support.TestFailed("Can't read CA file!") tests.extend([ ThreadedNetworkedTests, ThreadedNetworkedTestsSSL, RemoteIMAPTest, RemoteIMAP_SSLTest, RemoteIMAP_STARTTLSTest, |