summaryrefslogtreecommitdiffstats
path: root/Lib/test/test_ssl.py
Commit message (Collapse)AuthorAgeFilesLines
* Issue #26173: Separate bad cert file tests and client rejection testMartin Panter2016-02-011-40/+54
| | | | | | | | | Test test_wrong_cert() runs a server that rejects the client's certificate, so ECONNRESET is reasonable in addition to SSLError. On the other hand, the other three tests don't even need to run a server because they are just testing the parsing of invalid certificate files. Also fix a ResourceWarning by closing the wrapped socket.
* Issue #26173: Fix test_ssl confusion with non-existing cert and wrongcert.pemMartin Panter2016-01-301-14/+11
| | | | | | Testing for a non-existing certificate file is already done in test_errors(). Copy wrongcert.pem from Python 2 and use it to test the behaviour with a mismatched certificate.
* Issue #25940: Merge ETIMEDOUT fix from 3.4 into 3.5Martin Panter2016-01-151-1/+1
|\
| * Issue #25940: Merge ETIMEDOUT fix from 3.3 into 3.4Martin Panter2016-01-151-1/+1
| |\
| | * Issue #25940: Merge ETIMEDOUT fix from 3.2 into 3.3Martin Panter2016-01-151-1/+1
| | |\
| | | * Issue #25940: On Windows, connecting to port 444 returns ETIMEDOUTMartin Panter2016-01-151-1/+3
| | | |
* | | | Issue #25940: Update new SSL tests for self-signed.pythontest.netMartin Panter2016-01-141-13/+14
| | | | | | | | | | | | | | | | | | | | Removed SSL_ERROR_SYSCALL checking from ssl_io_loop() so that the loop can terminate when unwrap() raises that error.
* | | | Issue #25940: Merge self-signed.pythontest.net testing from 3.4 into 3.5Martin Panter2016-01-141-51/+56
|\ \ \ \ | |/ / /
| * | | Issue #25940: Update new SSL tests for self-signed.pythontest.netMartin Panter2016-01-141-12/+12
| | | |
| * | | Issue #25940: Merge self-signed.pythontest.net testing from 3.3 into 3.4Martin Panter2016-01-141-39/+44
| |\ \ \ | | |/ /
| | * | Issue #25940: Merge self-signed.pythontest.net testing from 3.2 into 3.3Martin Panter2016-01-141-41/+48
| | |\ \ | | | |/
| | | * Issue #25940: Use self-signed.pythontest.net in SSL testsMartin Panter2016-01-141-49/+52
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is instead of svn.python.org, whose certificate recently expired, and whose new certificate uses a different root certificate. The certificate used at the pythontest server was modifed to set the "basic constraints" CA flag. This flag seems to be required for test_get_ca_certs_ capath() to work (in Python 3.4+). Added the new self-signed certificate to capath with the following commands: cp Lib/test/{selfsigned_pythontestdotnet.pem,capath/} c_rehash -v Lib/test/capath/ c_rehash -v -old Lib/test/capath/ # Note the generated file names cp Lib/test/capath/{selfsigned_pythontestdotnet.pem,0e4015b9.0} mv Lib/test/capath/{selfsigned_pythontestdotnet.pem,ce7b8643.0} The new server responds with "No route to host" when connecting to port 444.
| | | * Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytesGeorg Brandl2014-09-301-0/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | inside subjectAltName correctly. Formerly the module has used OpenSSL's GENERAL_NAME_print() function to get the string represention of ASN.1 strings for ``rfc822Name`` (email), ``dNSName`` (DNS) and ``uniformResourceIdentifier`` (URI).
| | * | merge 3.2 (#20896)Benjamin Peterson2014-03-121-3/+8
| | |\ \ | | | |/
| | | * use ssl.PROTOCOL_SSLv23 for maximum compatibility (closes #20896)Benjamin Peterson2014-03-121-3/+8
| | | |
| | | * Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of ↵Antoine Pitrou2013-05-181-0/+11
| | | | | | | | | | | | | | | | service using certificates with many wildcards (CVE-2013-2099).
* | | | merge 3.4 (#25530)Benjamin Peterson2015-11-121-9/+9
|\ \ \ \ | |/ / /
| * | | always set OP_NO_SSLv3 by default (closes #25530)Benjamin Peterson2015-11-121-9/+9
| | | |
* | | | Issue #24210: Silence more PendingDeprecationWarning warnings in tests.Berker Peksag2015-05-161-7/+15
| | | |
* | | | merge 3.4 (#23844)Benjamin Peterson2015-04-021-1/+1
|\ \ \ \ | |/ / /
| * | | replace 512 bit dh key with a 2014 bit one (closes #23844)Benjamin Peterson2015-04-021-1/+1
| | | | | | | | | | | | | | | | Patch by Cédric Krier.
* | | | Issue #23001: Few functions in modules mmap, ossaudiodev, socket, ssl, andSerhiy Storchaka2015-03-201-0/+2
| | | | | | | | | | | | | | | | | | | | codecs, that accepted only read-only bytes-like object now accept writable bytes-like object too.
* | | | Issue #20617: Remove unused import in test_ssl.Berker Peksag2015-03-121-1/+0
|\ \ \ \ | |/ / / | | | | | | | | Patch by Mark Lawrence.
| * | | Issue #20617: Remove unused import in test_ssl.Berker Peksag2015-03-121-1/+0
| | | | | | | | | | | | | | | | Patch by Mark Lawrence.
* | | | merge 3.4Benjamin Peterson2015-03-051-1/+2
|\ \ \ \ | |/ / /
| * | | adjust test_crl_check for trusted first being defaultBenjamin Peterson2015-03-051-1/+2
| | | |
* | | | merge 3.4Benjamin Peterson2015-03-051-2/+3
|\ \ \ \ | |/ / /
| * | | expose X509_V_FLAG_TRUSTED_FIRSTBenjamin Peterson2015-03-051-2/+3
| | | |
* | | | Issue #23239: ssl.match_hostname() now supports matching of IP addresses.Antoine Pitrou2015-02-151-0/+24
| | | |
* | | | Issue #23345: merge from 3.4Ned Deily2015-02-051-1/+1
|\ \ \ \ | |/ / /
| * | | Issue #23345: Prevent test_ssl failures with large OpenSSL patch levelNed Deily2015-02-051-1/+1
| | | | | | | | | | | | | | | | values (like 0.9.8zc).
| * | | Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. TheVictor Stinner2015-01-061-2/+3
| | | | | | | | | | | | | | | | | | | | availability of the function is checked during the compilation. Patch written by Bernard Spil.
| * | | Issue #22935: Fix test_ssl when the SSLv3 protocol is not supportedVictor Stinner2014-12-121-1/+2
| | | |
* | | | prefer server alpn ordering over the client'sBenjamin Peterson2015-01-231-2/+2
| | | |
* | | | add support for ALPN (closes #20188)Benjamin Peterson2015-01-231-4/+60
| | | |
* | | | enable cert validation in testBenjamin Peterson2015-01-081-1/+4
| | | |
* | | | trying againBenjamin Peterson2015-01-081-2/+2
| | | |
* | | | reorder cipher prefsBenjamin Peterson2015-01-081-1/+1
| | | |
* | | | drop 256Benjamin Peterson2015-01-081-2/+2
| | | |
* | | | try using AES256Benjamin Peterson2015-01-081-3/+3
| | | |
* | | | fix assertions after ciphers were changedBenjamin Peterson2015-01-071-2/+1
| | | |
* | | | rc4 is a long time favoriteBenjamin Peterson2015-01-071-2/+2
| | | |
* | | | everyone should support AES ciphersBenjamin Peterson2015-01-071-3/+4
| | | |
* | | | include some more ciphersBenjamin Peterson2015-01-071-3/+3
| | | |
* | | | force test server to speak tlsv1Benjamin Peterson2015-01-071-1/+1
| | | |
* | | | remove apparently wrong assertion about des bit sizeBenjamin Peterson2015-01-071-1/+0
| | | |
* | | | expose the client's cipher suites from the handshake (closes #23186)Benjamin Peterson2015-01-071-0/+17
| | | |
* | | | test_ssl: add more debug to investigate test_openssl_version() failure onVictor Stinner2015-01-061-2/+2
| | | | | | | | | | | | | | | | OpenBSD with LibreSSL.
* | | | Issue #22935: Fix test_ssl when the SSLv3 protocol is not supportedVictor Stinner2014-12-121-3/+4
| | | |
* | | | merge 3.4 (#22935)Benjamin Peterson2014-12-061-7/+16
|\ \ \ \ | |/ / /
generated by cgit v0.12 at 2025-01-07 16:55:09 (GMT)