summaryrefslogtreecommitdiffstats
path: root/Lib/test/test_ssl.py
Commit message (Collapse)AuthorAgeFilesLines
...
* bpo-31346: Use PROTOCOL_TLS_CLIENT/SERVER (#3058)Christian Heimes2017-09-151-258/+270
| | | | | | Replaces PROTOCOL_TLSv* and PROTOCOL_SSLv23 with PROTOCOL_TLS_CLIENT and PROTOCOL_TLS_SERVER. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-31386: Custom wrap_bio and wrap_socket type (#3426)Christian Heimes2017-09-151-0/+16
| | | | | | | | | SSLSocket.wrap_bio() and SSLSocket.wrap_socket() hard-code SSLObject and SSLSocket as return types. In the light of future deprecation of ssl.wrap_socket() module function and direct instantiation of SSLSocket, it is desirable to make the return type of SSLSocket.wrap_bio() and SSLSocket.wrap_socket() customizable. Signed-off-by: Christian Heimes <christian@python.org>
* test_ssl: Implement timeout in ssl_io_loop() (#3500)Victor Stinner2017-09-111-0/+3
| | | The timeout parameter was not used.
* bpo-28182: Expose OpenSSL verification results (#3412)Christian Heimes2017-09-081-0/+23
| | | | | | | | | The SSL module now raises SSLCertVerificationError when OpenSSL fails to verify the peer's certificate. The exception contains more information about the error. Original patch by Chi Hsuan Yen Signed-off-by: Christian Heimes <christian@python.org>
* bpo-29136: Add TLS 1.3 cipher suites and OP_NO_TLSv1_3 (#1363)Christian Heimes2017-09-081-0/+32
| | | | | | | | | | | | | | | | * bpo-29136: Add TLS 1.3 support TLS 1.3 introduces a new, distinct set of cipher suites. The TLS 1.3 cipher suites don't overlap with cipher suites from TLS 1.2 and earlier. Since Python sets its own set of permitted ciphers, TLS 1.3 handshake will fail as soon as OpenSSL 1.1.1 is released. Let's enable the common AES-GCM and ChaCha20 suites. Additionally the flag OP_NO_TLSv1_3 is added. It defaults to 0 (no op) with OpenSSL prior to 1.1.1. This allows applications to opt-out from TLS 1.3 now. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-27340: Use memoryview in SSLSocket.sendall() (#3384)Christian Heimes2017-09-071-1/+11
| | | | | | | | | | | | | | * bpo-27340: Use memoryview in SSLSocket.sendall() SSLSocket.sendall() now uses memoryview to create slices of data. This fix support for all bytes-like object. It is also more efficient and avoids costly copies. Signed-off-by: Christian Heimes <christian@python.org> * Cast view to bytes, fix typo Signed-off-by: Christian Heimes <christian@python.org>
* bpo-31370: Remove support for threads-less builds (#3385)Antoine Pitrou2017-09-071-1617/+1605
| | | | | | * Remove Setup.config * Always define WITH_THREAD for compatibility.
* bpo-29781: Fix SSLObject.version before handshake (#3364)Christian Heimes2017-09-061-0/+2
| | | | | | SSLObject.version() now correctly returns None when handshake over BIO has not been performed yet. Signed-off-by: Christian Heimes <christian@python.org>
* bpo-31320: No traceback to sys.stderr in test_ssl (#3360)Christian Heimes2017-09-051-1/+4
| | | | | | | In case PROTOCOL_TLS_SERVER is used for both client context and server context, the test thread dies with OSError. Catch OSError to avoid traceback on sys.stderr Signed-off-by: Christian Heimes <christian@python.org>
* bpo-25674: remove sha256.tbs-internet.com ssl test (#3297)Christian Heimes2017-09-041-28/+0
| | | Signed-off-by: Christian Heimes <christian@python.org>
* bpo-31323: Fix reference leak in test_ssl (#3263)Victor Stinner2017-09-011-2/+6
| | | | Store exceptions as string rather than object to prevent reference cycles which cause leaking dangling threads.
* bpo-30714: ALPN changes for OpenSSL 1.1.0f (#2305)Christian Heimes2017-08-151-2/+3
| | | | | | | | | | OpenSSL 1.1.0 to 1.1.0e aborted the handshake when server and client could not agree on a protocol using ALPN. OpenSSL 1.1.0f changed that. The most recent version now behaves like OpenSSL 1.0.2 again. The ALPN callback can pretend to not been set. See https://github.com/openssl/openssl/pull/3158 for more details Signed-off-by: Christian Heimes <christian@python.org>
* [bpo-30916] Pre-build OpenSSL and Tcl/Tk for Windows (#2688)Steve Dower2017-07-171-0/+1
| | | Updates ssl and tkinter projects to use pre-built externals
* Add a test for bad IDNA in ssl server_hostname (#1997)Nathaniel J. Smith2017-06-091-0/+10
| | | | See discussion: https://github.com/python/cpython/pull/1992#issuecomment-307024778
* bpo-30199: test_ssl closes all asyncore channels (#1381)Victor Stinner2017-05-021-1/+3
| | | | | | | | | | | | AsyncoreEchoServer of test_ssl now calls asyncore.close_all(ignore_all=True) to ensure that asyncore.socket_map is cleared once the test completes, even if ConnectionHandler was not correctly unregistered. Fix the following warning: Warning -- asyncore.socket_map was modified by test_ssl Before: {} After: {6: <test.test_ssl.AsyncoreEchoServer.EchoServer.ConnectionHandler>}
* Remove unused imports.Serhiy Storchaka2016-12-161-1/+0
|
* Issue #28394: More typo fixes for 3.6+Martin Panter2016-10-101-1/+1
|
* Finish GC code for SSLSession and increase test coverageChristian Heimes2016-09-241-0/+3
|
* Issue #28221: Merge SSL test cleanup from 3.5 into 3.6Martin Panter2016-09-241-2/+0
|\
| * Issue #28221: Remove unused assignment from test_asyncore_server()Martin Panter2016-09-231-2/+0
| | | | | | | | | | The later value of FOO is fine. The test just needs to verify that the server converted it to lowercase.
* | Merge socketserver fixes from 3.5 into 3.6Martin Panter2016-09-221-1/+1
|\ \ | |/
| * Fix references to Python 3’s socketserver (lowercase) moduleMartin Panter2016-09-221-1/+1
| |
* | Issue #28093: Check more invalid combinations of PROTOCOL_TLS_CLIENT / ↵Christian Heimes2016-09-121-3/+23
| | | | | | | | PROTOCOL_TLS_SERVER
* | Issue #28085: Add PROTOCOL_TLS_CLIENT and PROTOCOL_TLS_SERVER for SSLContextChristian Heimes2016-09-111-0/+32
| |
* | Issue #19500: Add client-side SSL session resumption to the ssl module.Christian Heimes2016-09-101-2/+110
| |
* | Issue #28022: Deprecate ssl-related arguments in favor of SSLContext.Christian Heimes2016-09-101-36/+51
| | | | | | | | | | | | | | The deprecation include manual creation of SSLSocket and certfile/keyfile (or similar) in ftplib, httplib, imaplib, smtplib, poplib and urllib. ssl.wrap_socket() is not marked as deprecated yet.
* | Issue 28043: SSLContext has improved default settingsChristian Heimes2016-09-101-29/+33
| | | | | | | | The options OP_NO_COMPRESSION, OP_CIPHER_SERVER_PREFERENCE, OP_SINGLE_DH_USE, OP_SINGLE_ECDH_USE, OP_NO_SSLv2 (except for PROTOCOL_SSLv2), and OP_NO_SSLv3 (except for PROTOCOL_SSLv3) are set by default. The initial cipher suite list contains only HIGH ciphers, no NULL ciphers and MD5 ciphers (except for PROTOCOL_SSLv2).
* | #27364: fix "incorrect" uses of escape character in the stdlib.R David Murray2016-09-081-1/+1
| | | | | | | | | | | | | | And most of the tools. Patch by Emanual Barry, reviewed by me, Serhiy Storchaka, and Martin Panter.
* | Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name ↵Christian Heimes2016-09-061-0/+23
|\ \ | |/ | | | | fields in X.509 certs.
| * Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name ↵Christian Heimes2016-09-061-0/+23
| | | | | | | | fields in X.509 certs.
* | Issue 27866: relax get_cipher() test even more. Gentoo buildbot has no ECDHEChristian Heimes2016-09-061-2/+2
| |
* | Issue 27866: relax test case for set_cipher() and allow more cipher suitesChristian Heimes2016-09-061-4/+3
| |
* | Issue #27866: Add SSLContext.get_ciphers() method to get a list of all ↵Christian Heimes2016-09-051-0/+9
| | | | | | | | enabled ciphers.
* | Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0.Christian Heimes2016-09-051-31/+58
|\ \ | |/
| * Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0.Christian Heimes2016-09-051-31/+58
| |
* | Issue #23804: Merge SSL recv() fix from 3.5Martin Panter2016-07-111-8/+21
|\ \ | |/
| * Issue #23804: Fix SSL zero-length recv() calls to not block and raise EOFMartin Panter2016-07-111-8/+21
| |
* | Merge from 3.5.Larry Hastings2016-06-271-1/+2
|\ \ | |/
| * Issue #26867: Ubuntu's openssl OP_NO_SSLv3 is forced on by default; fix test.Matthias Klose2016-06-131-1/+2
| |
* | Issue #25951: Fix SSLSocket.sendall() to return None, by Aviv PalivodaMartin Panter2016-04-031-6/+10
| |
* | Issue #23804: Merge SSL zero read fix from 3.5Martin Panter2016-03-281-1/+8
|\ \ | |/
| * Issue #23804: Fix SSL recv/read(0) to not return 1024 bytesMartin Panter2016-03-281-1/+8
| |
* | Issue #26644: Merge SSL negative read fix from 3.5Martin Panter2016-03-271-0/+11
|\ \ | |/
| * Issue #26644: Raise ValueError for negative SSLSocket.recv() and read()Martin Panter2016-03-271-0/+11
| |
* | Issue #25940: Use internal local server more in test_sslMartin Panter2016-03-271-342/+335
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Move many tests from NetworkedTests and NetworkedBIOTests to a new Simple- BackgroundTests class, using the existing ThreadedEchoServer and SIGNED_ CERTFILE infrastructure. For tests that cause the server to crash by rejecting its certificate, separate them into independent test methods. Added custom root certificate to capath with the following commands: cp Lib/test/{pycacert.pem,capath/} # Edit copy to remove part before certificate c_rehash -v Lib/test/capath/ c_rehash -v -old Lib/test/capath/ # Note the generated file names cp Lib/test/capath/{pycacert.pem,b1930218.0} mv Lib/test/capath/{pycacert.pem,ceff1710.0} Change to pure PEM version of SIGNING_CA because PEM_cert_to_DER_cert() does not like the extra text at the start. Moved test_connect_ex_error() into BasicSocketTests and rewrote it to connect to a reserved localhost port. NetworkedTests.test_get_server_certificate_ipv6() split out because it needs to connect to an IPv6 DNS address. The only reference left to self-signed.pythontest.net is test_timeout_ connect_ex(), which needs a remote server to reliably time out the connection, but does not rely on the server running SSL. Made ThreadedEchoServer call unwrap() by default when it sees the client has shut the connection down, so that the client can cleanly call unwrap().
* | Fix test_ssl.test_refcycle()Victor Stinner2016-03-211-1/+1
|/ | | | | | Issue #26590: support.check_warnings() stores warnins, but ResourceWarning now comes with a reference to the socket object which indirectly keeps the socket alive.
* Issue #26173: Separate bad cert file tests and client rejection testMartin Panter2016-02-011-40/+54
| | | | | | | | | Test test_wrong_cert() runs a server that rejects the client's certificate, so ECONNRESET is reasonable in addition to SSLError. On the other hand, the other three tests don't even need to run a server because they are just testing the parsing of invalid certificate files. Also fix a ResourceWarning by closing the wrapped socket.
* Issue #26173: Fix test_ssl confusion with non-existing cert and wrongcert.pemMartin Panter2016-01-301-14/+11
| | | | | | Testing for a non-existing certificate file is already done in test_errors(). Copy wrongcert.pem from Python 2 and use it to test the behaviour with a mismatched certificate.
* Issue #25940: Merge ETIMEDOUT fix from 3.4 into 3.5Martin Panter2016-01-151-1/+1
|\
| * Issue #25940: Merge ETIMEDOUT fix from 3.3 into 3.4Martin Panter2016-01-151-1/+1
| |\
generated by cgit v0.12 at 2025-04-01 20:50:43 (GMT)