diff options
| author | Giampaolo RodolĂ <g.rodola@gmail.com> | 2010-08-29 19:25:49 (GMT) |
|---|---|---|
| committer | Giampaolo RodolĂ <g.rodola@gmail.com> | 2010-08-29 19:25:49 (GMT) |
| commit | 745ab3807e0c5f141376f6b9e1b6111e806c31d0 (patch) | |
| tree | b4ef66f6bb731df7a6e869896cdee0f859990707 /Lib | |
| parent | 374f835316251651ddfe7794c9db7afd94fb0ed4 (diff) | |
| download | cpython-745ab3807e0c5f141376f6b9e1b6111e806c31d0.zip cpython-745ab3807e0c5f141376f6b9e1b6111e806c31d0.tar.gz cpython-745ab3807e0c5f141376f6b9e1b6111e806c31d0.tar.bz2 | |
Fix issue issue9706: provides a better error handling for various SSL operations
Diffstat (limited to 'Lib')
| -rw-r--r-- | Lib/ssl.py | 8 | ||||
| -rw-r--r-- | Lib/test/test_ssl.py | 20 |
2 files changed, 24 insertions, 4 deletions
@@ -122,6 +122,9 @@ class SSLSocket(socket): if _context: self.context = _context else: + if server_side and not certfile: + raise ValueError("certfile must be specified for server-side " + "operations") if certfile and not keyfile: keyfile = certfile self.context = SSLContext(ssl_version) @@ -138,7 +141,7 @@ class SSLSocket(socket): self.ssl_version = ssl_version self.ca_certs = ca_certs self.ciphers = ciphers - + self.server_side = server_side self.do_handshake_on_connect = do_handshake_on_connect self.suppress_ragged_eofs = suppress_ragged_eofs connected = False @@ -358,7 +361,8 @@ class SSLSocket(socket): def connect(self, addr): """Connects to remote ADDR, and then wraps the connection in an SSL channel.""" - + if self.server_side: + raise ValueError("can't connect in server-side mode") # Here we assume that the socket is client-side, and not # connected at the time of the call. We connect it, then wrap it. if self._sslobj: diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 71ba9e1..b485605 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -172,6 +172,19 @@ class BasicSocketTests(unittest.TestCase): ss = ssl.wrap_socket(s) self.assertEqual(timeout, ss.gettimeout()) + def test_errors(self): + sock = socket.socket() + with self.assertRaisesRegexp(ValueError, "certfile must be specified"): + ssl.wrap_socket(sock, server_side=True) + ssl.wrap_socket(sock, server_side=True, certfile="") + s = ssl.wrap_socket(sock, server_side=True, certfile=CERTFILE) + self.assertRaisesRegexp(ValueError, "can't connect in server-side mode", + s.connect, (HOST, 8080)) + with self.assertRaisesRegexp(IOError, "No such file"): + ssl.wrap_socket(sock, certfile=WRONGCERT) + ssl.wrap_socket(sock, keyfile=WRONGCERT) + ssl.wrap_socket(sock, certfile=WRONGCERT, keyfile=WRONGCERT) + class ContextTests(unittest.TestCase): @@ -240,7 +253,7 @@ class ContextTests(unittest.TestCase): ctx.load_cert_chain(CERTFILE) ctx.load_cert_chain(CERTFILE, keyfile=CERTFILE) self.assertRaises(TypeError, ctx.load_cert_chain, keyfile=CERTFILE) - with self.assertRaisesRegexp(ssl.SSLError, "system lib"): + with self.assertRaisesRegexp(IOError, "No such file"): ctx.load_cert_chain(WRONGCERT) with self.assertRaisesRegexp(ssl.SSLError, "PEM lib"): ctx.load_cert_chain(BADCERT) @@ -270,7 +283,7 @@ class ContextTests(unittest.TestCase): ctx.load_verify_locations(cafile=BYTES_CERTFILE, capath=None) self.assertRaises(TypeError, ctx.load_verify_locations) self.assertRaises(TypeError, ctx.load_verify_locations, None, None) - with self.assertRaisesRegexp(ssl.SSLError, "system lib"): + with self.assertRaisesRegexp(IOError, "No such file"): ctx.load_verify_locations(WRONGCERT) with self.assertRaisesRegexp(ssl.SSLError, "PEM lib"): ctx.load_verify_locations(BADCERT) @@ -863,6 +876,9 @@ else: except socket.error as x: if support.verbose: sys.stdout.write("\nsocket.error is %s\n" % x[1]) + except IOError as x: + if support.verbose: + sys.stdout.write("\nsocket.error is %s\n" % str(x)) else: raise AssertionError("Use of invalid cert should have failed!") finally: |