diff options
author | Christian Heimes <christian@python.org> | 2017-09-15 18:29:57 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-09-15 18:29:57 (GMT) |
commit | e82c034496512139e9ea3f68ceda86c04bc7baab (patch) | |
tree | 1fab1d26c6edba33d400598e705dd7269cf77e12 /Lib | |
parent | a170fa162dc03f0a014373349e548954fff2e567 (diff) | |
download | cpython-e82c034496512139e9ea3f68ceda86c04bc7baab.zip cpython-e82c034496512139e9ea3f68ceda86c04bc7baab.tar.gz cpython-e82c034496512139e9ea3f68ceda86c04bc7baab.tar.bz2 |
bpo-31431: SSLContext.check_hostname auto-sets CERT_REQUIRED (#3531)
Signed-off-by: Christian Heimes <christian@python.org>
Diffstat (limited to 'Lib')
-rw-r--r-- | Lib/test/test_ssl.py | 27 |
1 files changed, 24 insertions, 3 deletions
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 2978b8b..aa2429a 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -1363,24 +1363,45 @@ class ContextTests(unittest.TestCase): def test_check_hostname(self): ctx = ssl.SSLContext(ssl.PROTOCOL_TLS) self.assertFalse(ctx.check_hostname) + self.assertEqual(ctx.verify_mode, ssl.CERT_NONE) - # Requires CERT_REQUIRED or CERT_OPTIONAL - with self.assertRaises(ValueError): - ctx.check_hostname = True + # Auto set CERT_REQUIRED + ctx.check_hostname = True + self.assertTrue(ctx.check_hostname) + self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED) + ctx.check_hostname = False ctx.verify_mode = ssl.CERT_REQUIRED self.assertFalse(ctx.check_hostname) + self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED) + + # Changing verify_mode does not affect check_hostname + ctx.check_hostname = False + ctx.verify_mode = ssl.CERT_NONE + ctx.check_hostname = False + self.assertFalse(ctx.check_hostname) + self.assertEqual(ctx.verify_mode, ssl.CERT_NONE) + # Auto set ctx.check_hostname = True self.assertTrue(ctx.check_hostname) + self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED) + ctx.check_hostname = False ctx.verify_mode = ssl.CERT_OPTIONAL + ctx.check_hostname = False + self.assertFalse(ctx.check_hostname) + self.assertEqual(ctx.verify_mode, ssl.CERT_OPTIONAL) + # keep CERT_OPTIONAL ctx.check_hostname = True self.assertTrue(ctx.check_hostname) + self.assertEqual(ctx.verify_mode, ssl.CERT_OPTIONAL) # Cannot set CERT_NONE with check_hostname enabled with self.assertRaises(ValueError): ctx.verify_mode = ssl.CERT_NONE ctx.check_hostname = False self.assertFalse(ctx.check_hostname) + ctx.verify_mode = ssl.CERT_NONE + self.assertEqual(ctx.verify_mode, ssl.CERT_NONE) def test_context_client_server(self): # PROTOCOL_TLS_CLIENT has sane defaults |