summaryrefslogtreecommitdiffstats
path: root/Lib
diff options
context:
space:
mode:
Diffstat (limited to 'Lib')
-rw-r--r--Lib/ssl.py12
-rw-r--r--Lib/test/test_ssl.py19
2 files changed, 25 insertions, 6 deletions
diff --git a/Lib/ssl.py b/Lib/ssl.py
index e45e16b..c9ee71a 100644
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -234,15 +234,19 @@ class SSLSocket (socket):
else:
return 0
+ def unwrap (self):
+ if self._sslobj:
+ s = self._sslobj.shutdown()
+ self._sslobj = None
+ return s
+ else:
+ raise ValueError("No SSL wrapper around " + str(self))
+
def shutdown (self, how):
self._sslobj = None
socket.shutdown(self, how)
def close (self):
- self._sslobj = None
- socket.close(self)
-
- def close (self):
if self._makefile_refs < 1:
self._sslobj = None
socket.close(self)
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 79dad64..fca8a57 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -282,6 +282,14 @@ else:
self.write("OK\n")
if not self.wrap_conn():
return
+ elif self.server.starttls_server and self.sslconn and msg.strip() == 'ENDTLS':
+ if test_support.verbose and self.server.connectionchatty:
+ sys.stdout.write(" server: read ENDTLS from client, sending OK...\n")
+ self.write("OK\n")
+ self.sslconn.unwrap()
+ self.sslconn = None
+ if test_support.verbose and self.server.connectionchatty:
+ sys.stdout.write(" server: connection is now unencrypted...\n")
else:
if (test_support.verbose and
self.server.connectionchatty):
@@ -867,7 +875,7 @@ else:
def testSTARTTLS (self):
- msgs = ("msg 1", "MSG 2", "STARTTLS", "MSG 3", "msg 4")
+ msgs = ("msg 1", "MSG 2", "STARTTLS", "MSG 3", "msg 4", "ENDTLS", "msg 5", "msg 6")
server = ThreadedEchoServer(CERTFILE,
ssl_version=ssl.PROTOCOL_TLSv1,
@@ -907,8 +915,15 @@ else:
" client: read %s from server, starting TLS...\n"
% repr(outdata))
conn = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_TLSv1)
-
wrapped = True
+ elif (indata == "ENDTLS" and
+ outdata.strip().lower().startswith("ok")):
+ if test_support.verbose:
+ sys.stdout.write(
+ " client: read %s from server, ending TLS...\n"
+ % repr(outdata))
+ s = conn.unwrap()
+ wrapped = False
else:
if test_support.verbose:
sys.stdout.write(