diff options
| author | Antoine Pitrou <solipsis@pitrou.net> | 2014-10-15 14:58:21 (GMT) |
|---|---|---|
| committer | Antoine Pitrou <solipsis@pitrou.net> | 2014-10-15 14:58:21 (GMT) |
| commit | fd39a89e0e09de5460626a68e9e443fe0c103c14 (patch) | |
| tree | 69f3e067853b0f27e722b44ed3e05c79751dce5f /Lib/test | |
| parent | 7184bac5446aefcf576bc8a0a666cfd096b86293 (diff) | |
| download | cpython-fd39a89e0e09de5460626a68e9e443fe0c103c14.zip cpython-fd39a89e0e09de5460626a68e9e443fe0c103c14.tar.gz cpython-fd39a89e0e09de5460626a68e9e443fe0c103c14.tar.bz2 | |
Issue #22641: In asyncio, the default SSL context for client connections is now created using ssl.create_default_context(), for stronger security.
Diffstat (limited to 'Lib/test')
| -rw-r--r-- | Lib/test/test_asyncio/test_events.py | 48 |
1 files changed, 38 insertions, 10 deletions
diff --git a/Lib/test/test_asyncio/test_events.py b/Lib/test/test_asyncio/test_events.py index a305e66..fe1e3ad 100644 --- a/Lib/test/test_asyncio/test_events.py +++ b/Lib/test/test_asyncio/test_events.py @@ -606,15 +606,43 @@ class EventLoopTestsMixin: self.assertGreater(pr.nbytes, 0) tr.close() + def _dummy_ssl_create_context(self, purpose=ssl.Purpose.SERVER_AUTH, *, + cafile=None, capath=None, cadata=None): + """ + A ssl.create_default_context() replacement that doesn't enable + cert validation. + """ + self.assertEqual(purpose, ssl.Purpose.SERVER_AUTH) + return test_utils.dummy_ssl_context() + + def _test_create_ssl_connection(self, httpd, create_connection, + check_sockname=True): + conn_fut = create_connection(ssl=test_utils.dummy_ssl_context()) + self._basetest_create_ssl_connection(conn_fut, check_sockname) + + # With ssl=True, ssl.create_default_context() should be called + with mock.patch('ssl.create_default_context', + side_effect=self._dummy_ssl_create_context) as m: + conn_fut = create_connection(ssl=True) + self._basetest_create_ssl_connection(conn_fut, check_sockname) + self.assertEqual(m.call_count, 1) + + # With the real ssl.create_default_context(), certificate + # validation will fail + with self.assertRaises(ssl.SSLError) as cm: + conn_fut = create_connection(ssl=True) + self._basetest_create_ssl_connection(conn_fut, check_sockname) + + self.assertEqual(cm.exception.reason, 'CERTIFICATE_VERIFY_FAILED') + @unittest.skipIf(ssl is None, 'No ssl module') def test_create_ssl_connection(self): with test_utils.run_test_server(use_ssl=True) as httpd: - conn_fut = self.loop.create_connection( + create_connection = functools.partial( + self.loop.create_connection, lambda: MyProto(loop=self.loop), - *httpd.address, - ssl=test_utils.dummy_ssl_context()) - - self._basetest_create_ssl_connection(conn_fut) + *httpd.address) + self._test_create_ssl_connection(httpd, create_connection) @unittest.skipIf(ssl is None, 'No ssl module') @unittest.skipUnless(hasattr(socket, 'AF_UNIX'), 'No UNIX Sockets') @@ -624,13 +652,13 @@ class EventLoopTestsMixin: check_sockname = not osx_tiger() with test_utils.run_test_unix_server(use_ssl=True) as httpd: - conn_fut = self.loop.create_unix_connection( - lambda: MyProto(loop=self.loop), - httpd.address, - ssl=test_utils.dummy_ssl_context(), + create_connection = functools.partial( + self.loop.create_unix_connection, + lambda: MyProto(loop=self.loop), httpd.address, server_hostname='127.0.0.1') - self._basetest_create_ssl_connection(conn_fut, check_sockname) + self._test_create_ssl_connection(httpd, create_connection, + check_sockname) def test_create_connection_local_addr(self): with test_utils.run_test_server() as httpd: |