summaryrefslogtreecommitdiffstats
path: root/Lib/test/test_ssl.py
Commit message (Collapse)AuthorAgeFilesLines
* [2.7] bpo-29136: Add TLS 1.3 cipher suites and OP_NO_TLSv1_3 (GH-1363) (#3446)Christian Heimes2017-09-081-0/+25
| | | | | | | | | | | | | | | | * bpo-29136: Add TLS 1.3 support TLS 1.3 introduces a new, distinct set of cipher suites. The TLS 1.3 cipher suites don't overlap with cipher suites from TLS 1.2 and earlier. Since Python sets its own set of permitted ciphers, TLS 1.3 handshake will fail as soon as OpenSSL 1.1.1 is released. Let's enable the common AES-GCM and ChaCha20 suites. Additionally the flag OP_NO_TLSv1_3 is added. It defaults to 0 (no op) with OpenSSL prior to 1.1.1. This allows applications to opt-out from TLS 1.3 now. Signed-off-by: Christian Heimes <christian@python.org>. (cherry picked from commit cb5b68abdeb1b1d56c581d5b4d647018703d61e3)
* [2.7] bpo-25674: remove sha256.tbs-internet.com ssl test (GH-3297) (#3301)Christian Heimes2017-09-041-28/+0
| | | | | | | | | | | | * bpo-25674: remove sha256.tbs-internet.com ssl test (#3297) Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit 002d64039b60c1a9289f981fe73a5cf91d082136) * [2.7] bpo-25674: remove sha256.tbs-internet.com ssl test (GH-3297) Signed-off-by: Christian Heimes <christian@python.org>. (cherry picked from commit 002d64039b60c1a9289f981fe73a5cf91d082136)
* [2.7] bpo-30714: ALPN changes for OpenSSL 1.1.0f (#3094)Christian Heimes2017-08-151-2/+3
| | | | | | | | | | | OpenSSL 1.1.0 to 1.1.0e aborted the handshake when server and client could not agree on a protocol using ALPN. OpenSSL 1.1.0f changed that. The most recent version now behaves like OpenSSL 1.0.2 again. The ALPN callback can pretend to not been set. See https://github.com/openssl/openssl/pull/3158 for more details Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit a5c1bab352671e043645163ca50c5211aa657acd)
* bpo-30199: test_ssl closes all asyncore channels (#1381) (#1408)Victor Stinner2017-05-031-0/+2
| | | | | | | | | | | | | AsyncoreEchoServer of test_ssl now calls asyncore.close_all(ignore_all=True) to ensure that asyncore.socket_map is cleared once the test completes, even if ConnectionHandler was not correctly unregistered. Fix the following warning: Warning -- asyncore.socket_map was modified by test_ssl Before: {} After: {6: <test.test_ssl.AsyncoreEchoServer.EchoServer.ConnectionHandler>} (cherry picked from commit 1dae7450c68bad498e57800387b24cb103c461fa)
* bpo-26867: Ubuntu's openssl OP_NO_SSLv3 is forced on by default; fix test. ↵Xiang Zhang2017-03-011-1/+2
| | | | (GH-374)
* Issue #28221: Remove unused assignment from test_asyncore_server()Martin Panter2016-09-231-2/+0
| | | | | The later value of FOO is fine. The test just needs to verify that the server converted it to lowercase.
* Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name ↵Christian Heimes2016-09-061-0/+23
| | | | fields in X.509 certs.
* Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0.Christian Heimes2016-09-051-26/+40
|
* Issue #23804: Fix SSL zero-length recv() calls to not block and raise EOFMartin Panter2016-07-111-8/+21
|
* Issue #23804: Fix SSL recv/read(0) to not return 1024 bytesMartin Panter2016-03-281-1/+8
|
* Issue #26644: Raise ValueError for negative SSLSocket.recv() and read()Martin Panter2016-03-271-0/+11
|
* Issue #23857: Implement PEP 493Nick Coghlan2016-03-201-0/+52
| | | | | | Adds a Python-2-only ssl module API and environment variable to configure the default handling of SSL/TLS certificates for HTTPS connections.
* Issue #26173: Separate bad cert file tests and client rejection testMartin Panter2016-02-011-40/+54
| | | | | | | | | | Test test_wrong_cert() runs a server that rejects the client's certificate, so ECONNRESET is reasonable in addition to SSLError. On the other hand, the other three tests don't even need to run a server because they are just testing the parsing of invalid certificate files. This should fix intermittent failures on Windows where ECONNRESET was not being caught.
* Issue #26173: Fix test_ssl confusion with non-existing cert and wrongcert.pemMartin Panter2016-01-301-14/+11
| | | | | | Testing for a non-existing certificate file is already done in test_errors(). The wrongcert.pem test was originally testing behaviour with a mismatched certificate.
* Issue #25940: Use self-signed.pythontest.net in SSL testsMartin Panter2016-01-151-51/+56
| | | | | | | | | | | | | | | | | | | | | This is instead of svn.python.org, whose certificate recently expired, and whose new certificate uses a different root certificate. The certificate used at the pythontest server was modifed to set the "basic constraints" CA flag. This flag seems to be required for test_get_ca_certs_ capath() to work. Added the new self-signed certificate to capath with the following commands: cp Lib/test/{selfsigned_pythontestdotnet.pem,capath/} c_rehash -v Lib/test/capath/ c_rehash -v -old Lib/test/capath/ # Note the generated file names cp Lib/test/capath/{selfsigned_pythontestdotnet.pem,0e4015b9.0} mv Lib/test/capath/{selfsigned_pythontestdotnet.pem,ce7b8643.0} When attempting to connect to port 444 on the new server, the resulting error code is EHOSTUNREACH on Linux, and ETIMEDOUT on Windows.
* always set OP_NO_SSLv3 by default (closes #25530)Benjamin Peterson2015-11-121-9/+9
|
* replace 512 bit dh key with a 2014 bit one (closes #23844)Benjamin Peterson2015-04-021-1/+1
| | | | Patch by Cédric Krier.
* adjust test_crl_check for trusted first being defaultBenjamin Peterson2015-03-051-1/+2
|
* expose X509_V_FLAG_TRUSTED_FIRSTBenjamin Peterson2015-03-051-2/+3
|
* Issue #23345: Prevent test_ssl failures with large OpenSSL patch levelNed Deily2015-02-051-1/+1
| | | | values (like 0.9.8zc).
* Avoid deprecation warnings.Serhiy Storchaka2015-01-311-1/+1
|
* prefer server alpn ordering over the client'sBenjamin Peterson2015-01-231-2/+2
|
* pep 466 backport of alpn (#20188)Benjamin Peterson2015-01-231-4/+60
|
* Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. TheVictor Stinner2015-01-061-2/+3
| | | | | availability of the function is checked during the compilation. Patch written by Bernard Spil.
* allow ssl module to compile if openssl doesn't support SSL 3 (closes #22935)Benjamin Peterson2014-12-061-7/+16
| | | | Patch by Kurt Roeckx.
* allow hostname to be passed to SSLContext even if OpenSSL doesn't support ↵Benjamin Peterson2014-11-241-6/+2
| | | | | | SNI (closes #22921) Patch from Donald Stufft.
* remove py3k warning guardBenjamin Peterson2014-11-231-2/+1
|
* allow passing cert/ssl information to urllib2.urlopen and ↵Benjamin Peterson2014-11-231-4/+5
| | | | | | httplib.HTTPSConnection This is basically a backport of issues #9003 and #22366.
* test that keyfile can be NoneBenjamin Peterson2014-11-041-1/+1
|
* separate cert loading tests into Windows and non-Windows casesBenjamin Peterson2014-10-031-0/+15
|
* also use openssl envvars to find certs on windows (closes #22449)Benjamin Peterson2014-10-031-0/+8
| | | | Patch by Christian Heimes and Alex Gaynor.
* fix sslwrap_simple (closes #22523)Benjamin Peterson2014-10-021-1/+3
| | | | Thanks Alex Gaynor.
* Issue #22340: Fix Python 3 warnings in Python 2 testsVictor Stinner2014-09-051-1/+2
|
* Issue #20421: Add a .version() method to SSL sockets exposing the actual ↵Alex Gaynor2014-09-041-20/+47
| | | | | | protocol version in use. Backport from default.
* fix load_verify_locations on unicode paths (closes #22244)Benjamin Peterson2014-08-281-0/+3
|
* allow any socket error for rude shutdown testBenjamin Peterson2014-08-201-1/+1
|
* backport many ssl features from Python 3 (closes #21308)Benjamin Peterson2014-08-201-552/+2043
| | | | | A contribution of Alex Gaynor and David Reid with the generous support of Rackspace. May God have mercy on their souls.
* Issue #21976: Fix test_ssl to accept LibreSSL version strings.Antoine Pitrou2014-07-211-6/+10
| | | | Thanks to William Orr.
* use ssl.PROTOCOL_SSLv23 for maximum compatibility (closes #20896)Benjamin Peterson2014-03-121-3/+8
|
* Issue #20207: Always disable SSLv2 except when PROTOCOL_SSLv2 is explicitly ↵Antoine Pitrou2014-01-091-1/+1
| | | | asked for.
* Issue #19422: Explicitly disallow non-SOCK_STREAM sockets in the ssl module, ↵Antoine Pitrou2013-12-281-0/+7
| | | | rather than silently let them emit clear text data.
* Issue #19572: More silently skipped tests explicitly skipped.Zachary Ware2013-12-101-2/+1
|
* Fix testChristian Heimes2013-08-251-1/+1
|
* Issue #18709: Fix issue with IPv6 address in subjectAltName on Mac OS X TigerChristian Heimes2013-08-251-7/+15
|
* Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytesChristian Heimes2013-08-161-2/+27
| | | | | | | inside subjectAltName correctly. Formerly the module has used OpenSSL's GENERAL_NAME_print() function to get the string represention of ASN.1 strings for rfc822Name (email), dNSName (DNS) and uniformResourceIdentifier (URI).
* Fix test_ssl by replacing expired X509 certificateAntoine Pitrou2013-02-161-6/+5
|
* Backport Python 3.2 fix for issue #12065, and add another test for ↵Antoine Pitrou2012-12-281-0/+28
| | | | SSLSocket.connect_ex().
* Closes #15793: Stack corruption in ssl.RAND_egd(). Python 2.7 hasn't any ↵Jesus Cea2012-09-101-6/+2
| | | | issue about this, but add a test just to be sure
* Skip test_algorithms (known remote hosts need SNI, which is only available ↵Antoine Pitrou2012-05-041-1/+2
| | | | on 3.2+)
* Fix intermittent test_ssl failure.Antoine Pitrou2012-01-271-0/+1
|
generated by cgit v0.12 at 2025-08-29 03:21:18 (GMT)