summaryrefslogtreecommitdiffstats
path: root/Lib/test/test_ssl.py
diff options
context:
space:
mode:
Diffstat (limited to 'Lib/test/test_ssl.py')
-rw-r--r--Lib/test/test_ssl.py28
1 files changed, 26 insertions, 2 deletions
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index e3fa423..fdf727f 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -988,6 +988,19 @@ class ContextTests(unittest.TestCase):
self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
self.assertTrue(ctx.check_hostname)
+ def test_hostname_checks_common_name(self):
+ ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+ self.assertTrue(ctx.hostname_checks_common_name)
+ if ssl.HAS_NEVER_CHECK_COMMON_NAME:
+ ctx.hostname_checks_common_name = True
+ self.assertTrue(ctx.hostname_checks_common_name)
+ ctx.hostname_checks_common_name = False
+ self.assertFalse(ctx.hostname_checks_common_name)
+ ctx.hostname_checks_common_name = True
+ self.assertTrue(ctx.hostname_checks_common_name)
+ else:
+ with self.assertRaises(AttributeError):
+ ctx.hostname_checks_common_name = True
@unittest.skipUnless(have_verify_flags(),
"verify_flags need OpenSSL > 0.9.8")
@@ -1511,6 +1524,16 @@ class SSLErrorTests(unittest.TestCase):
ctx.wrap_bio(ssl.MemoryBIO(), ssl.MemoryBIO(),
server_hostname="xn--.com")
+ def test_bad_server_hostname(self):
+ ctx = ssl.create_default_context()
+ with self.assertRaises(ValueError):
+ ctx.wrap_bio(ssl.MemoryBIO(), ssl.MemoryBIO(),
+ server_hostname="")
+ with self.assertRaises(ValueError):
+ ctx.wrap_bio(ssl.MemoryBIO(), ssl.MemoryBIO(),
+ server_hostname=".example.org")
+
+
class MemoryBIOTests(unittest.TestCase):
def test_read_write(self):
@@ -2536,8 +2559,9 @@ class ThreadedTests(unittest.TestCase):
with server:
with client_context.wrap_socket(socket.socket(),
server_hostname="invalid") as s:
- with self.assertRaisesRegex(ssl.CertificateError,
- "hostname 'invalid' doesn't match 'localhost'"):
+ with self.assertRaisesRegex(
+ ssl.CertificateError,
+ "Hostname mismatch, certificate is not valid for 'invalid'."):
s.connect((HOST, server.port))
# missing server_hostname arg should cause an exception, too