summaryrefslogtreecommitdiffstats
path: root/Lib
diff options
context:
space:
mode:
authorChristian Heimes <christian@python.org>2017-09-15 18:29:57 (GMT)
committerGitHub <noreply@github.com>2017-09-15 18:29:57 (GMT)
commite82c034496512139e9ea3f68ceda86c04bc7baab (patch)
tree1fab1d26c6edba33d400598e705dd7269cf77e12 /Lib
parenta170fa162dc03f0a014373349e548954fff2e567 (diff)
downloadcpython-e82c034496512139e9ea3f68ceda86c04bc7baab.zip
cpython-e82c034496512139e9ea3f68ceda86c04bc7baab.tar.gz
cpython-e82c034496512139e9ea3f68ceda86c04bc7baab.tar.bz2
bpo-31431: SSLContext.check_hostname auto-sets CERT_REQUIRED (#3531)
Signed-off-by: Christian Heimes <christian@python.org>
Diffstat (limited to 'Lib')
-rw-r--r--Lib/test/test_ssl.py27
1 files changed, 24 insertions, 3 deletions
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 2978b8b..aa2429a 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -1363,24 +1363,45 @@ class ContextTests(unittest.TestCase):
def test_check_hostname(self):
ctx = ssl.SSLContext(ssl.PROTOCOL_TLS)
self.assertFalse(ctx.check_hostname)
+ self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
- # Requires CERT_REQUIRED or CERT_OPTIONAL
- with self.assertRaises(ValueError):
- ctx.check_hostname = True
+ # Auto set CERT_REQUIRED
+ ctx.check_hostname = True
+ self.assertTrue(ctx.check_hostname)
+ self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
+ ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_REQUIRED
self.assertFalse(ctx.check_hostname)
+ self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
+
+ # Changing verify_mode does not affect check_hostname
+ ctx.check_hostname = False
+ ctx.verify_mode = ssl.CERT_NONE
+ ctx.check_hostname = False
+ self.assertFalse(ctx.check_hostname)
+ self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
+ # Auto set
ctx.check_hostname = True
self.assertTrue(ctx.check_hostname)
+ self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
+ ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_OPTIONAL
+ ctx.check_hostname = False
+ self.assertFalse(ctx.check_hostname)
+ self.assertEqual(ctx.verify_mode, ssl.CERT_OPTIONAL)
+ # keep CERT_OPTIONAL
ctx.check_hostname = True
self.assertTrue(ctx.check_hostname)
+ self.assertEqual(ctx.verify_mode, ssl.CERT_OPTIONAL)
# Cannot set CERT_NONE with check_hostname enabled
with self.assertRaises(ValueError):
ctx.verify_mode = ssl.CERT_NONE
ctx.check_hostname = False
self.assertFalse(ctx.check_hostname)
+ ctx.verify_mode = ssl.CERT_NONE
+ self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
def test_context_client_server(self):
# PROTOCOL_TLS_CLIENT has sane defaults