summaryrefslogtreecommitdiffstats
path: root/Lib/test/test_ssl.py
Commit message (Collapse)AuthorAgeFilesLines
* Issue #23804: Merge SSL recv() fix from 3.5Martin Panter2016-07-111-8/+21
|\
| * Issue #23804: Fix SSL zero-length recv() calls to not block and raise EOFMartin Panter2016-07-111-8/+21
| |
* | Merge from 3.5.Larry Hastings2016-06-271-1/+2
|\ \ | |/
| * Issue #26867: Ubuntu's openssl OP_NO_SSLv3 is forced on by default; fix test.Matthias Klose2016-06-131-1/+2
| |
* | Issue #25951: Fix SSLSocket.sendall() to return None, by Aviv PalivodaMartin Panter2016-04-031-6/+10
| |
* | Issue #23804: Merge SSL zero read fix from 3.5Martin Panter2016-03-281-1/+8
|\ \ | |/
| * Issue #23804: Fix SSL recv/read(0) to not return 1024 bytesMartin Panter2016-03-281-1/+8
| |
* | Issue #26644: Merge SSL negative read fix from 3.5Martin Panter2016-03-271-0/+11
|\ \ | |/
| * Issue #26644: Raise ValueError for negative SSLSocket.recv() and read()Martin Panter2016-03-271-0/+11
| |
* | Issue #25940: Use internal local server more in test_sslMartin Panter2016-03-271-342/+335
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Move many tests from NetworkedTests and NetworkedBIOTests to a new Simple- BackgroundTests class, using the existing ThreadedEchoServer and SIGNED_ CERTFILE infrastructure. For tests that cause the server to crash by rejecting its certificate, separate them into independent test methods. Added custom root certificate to capath with the following commands: cp Lib/test/{pycacert.pem,capath/} # Edit copy to remove part before certificate c_rehash -v Lib/test/capath/ c_rehash -v -old Lib/test/capath/ # Note the generated file names cp Lib/test/capath/{pycacert.pem,b1930218.0} mv Lib/test/capath/{pycacert.pem,ceff1710.0} Change to pure PEM version of SIGNING_CA because PEM_cert_to_DER_cert() does not like the extra text at the start. Moved test_connect_ex_error() into BasicSocketTests and rewrote it to connect to a reserved localhost port. NetworkedTests.test_get_server_certificate_ipv6() split out because it needs to connect to an IPv6 DNS address. The only reference left to self-signed.pythontest.net is test_timeout_ connect_ex(), which needs a remote server to reliably time out the connection, but does not rely on the server running SSL. Made ThreadedEchoServer call unwrap() by default when it sees the client has shut the connection down, so that the client can cleanly call unwrap().
* | Fix test_ssl.test_refcycle()Victor Stinner2016-03-211-1/+1
|/ | | | | | Issue #26590: support.check_warnings() stores warnins, but ResourceWarning now comes with a reference to the socket object which indirectly keeps the socket alive.
* Issue #26173: Separate bad cert file tests and client rejection testMartin Panter2016-02-011-40/+54
| | | | | | | | | Test test_wrong_cert() runs a server that rejects the client's certificate, so ECONNRESET is reasonable in addition to SSLError. On the other hand, the other three tests don't even need to run a server because they are just testing the parsing of invalid certificate files. Also fix a ResourceWarning by closing the wrapped socket.
* Issue #26173: Fix test_ssl confusion with non-existing cert and wrongcert.pemMartin Panter2016-01-301-14/+11
| | | | | | Testing for a non-existing certificate file is already done in test_errors(). Copy wrongcert.pem from Python 2 and use it to test the behaviour with a mismatched certificate.
* Issue #25940: Merge ETIMEDOUT fix from 3.4 into 3.5Martin Panter2016-01-151-1/+1
|\
| * Issue #25940: Merge ETIMEDOUT fix from 3.3 into 3.4Martin Panter2016-01-151-1/+1
| |\
| | * Issue #25940: Merge ETIMEDOUT fix from 3.2 into 3.3Martin Panter2016-01-151-1/+1
| | |\
| | | * Issue #25940: On Windows, connecting to port 444 returns ETIMEDOUTMartin Panter2016-01-151-1/+3
| | | |
* | | | Issue #25940: Update new SSL tests for self-signed.pythontest.netMartin Panter2016-01-141-13/+14
| | | | | | | | | | | | | | | | | | | | Removed SSL_ERROR_SYSCALL checking from ssl_io_loop() so that the loop can terminate when unwrap() raises that error.
* | | | Issue #25940: Merge self-signed.pythontest.net testing from 3.4 into 3.5Martin Panter2016-01-141-51/+56
|\ \ \ \ | |/ / /
| * | | Issue #25940: Update new SSL tests for self-signed.pythontest.netMartin Panter2016-01-141-12/+12
| | | |
| * | | Issue #25940: Merge self-signed.pythontest.net testing from 3.3 into 3.4Martin Panter2016-01-141-39/+44
| |\ \ \ | | |/ /
| | * | Issue #25940: Merge self-signed.pythontest.net testing from 3.2 into 3.3Martin Panter2016-01-141-41/+48
| | |\ \ | | | |/
| | | * Issue #25940: Use self-signed.pythontest.net in SSL testsMartin Panter2016-01-141-49/+52
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is instead of svn.python.org, whose certificate recently expired, and whose new certificate uses a different root certificate. The certificate used at the pythontest server was modifed to set the "basic constraints" CA flag. This flag seems to be required for test_get_ca_certs_ capath() to work (in Python 3.4+). Added the new self-signed certificate to capath with the following commands: cp Lib/test/{selfsigned_pythontestdotnet.pem,capath/} c_rehash -v Lib/test/capath/ c_rehash -v -old Lib/test/capath/ # Note the generated file names cp Lib/test/capath/{selfsigned_pythontestdotnet.pem,0e4015b9.0} mv Lib/test/capath/{selfsigned_pythontestdotnet.pem,ce7b8643.0} The new server responds with "No route to host" when connecting to port 444.
| | | * Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytesGeorg Brandl2014-09-301-0/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | inside subjectAltName correctly. Formerly the module has used OpenSSL's GENERAL_NAME_print() function to get the string represention of ASN.1 strings for ``rfc822Name`` (email), ``dNSName`` (DNS) and ``uniformResourceIdentifier`` (URI).
| | * | merge 3.2 (#20896)Benjamin Peterson2014-03-121-3/+8
| | |\ \ | | | |/
| | | * use ssl.PROTOCOL_SSLv23 for maximum compatibility (closes #20896)Benjamin Peterson2014-03-121-3/+8
| | | |
| | | * Issue #17980: Fix possible abuse of ssl.match_hostname() for denial of ↵Antoine Pitrou2013-05-181-0/+11
| | | | | | | | | | | | | | | | service using certificates with many wildcards (CVE-2013-2099).
* | | | merge 3.4 (#25530)Benjamin Peterson2015-11-121-9/+9
|\ \ \ \ | |/ / /
| * | | always set OP_NO_SSLv3 by default (closes #25530)Benjamin Peterson2015-11-121-9/+9
| | | |
* | | | Issue #24210: Silence more PendingDeprecationWarning warnings in tests.Berker Peksag2015-05-161-7/+15
| | | |
* | | | merge 3.4 (#23844)Benjamin Peterson2015-04-021-1/+1
|\ \ \ \ | |/ / /
| * | | replace 512 bit dh key with a 2014 bit one (closes #23844)Benjamin Peterson2015-04-021-1/+1
| | | | | | | | | | | | | | | | Patch by Cédric Krier.
* | | | Issue #23001: Few functions in modules mmap, ossaudiodev, socket, ssl, andSerhiy Storchaka2015-03-201-0/+2
| | | | | | | | | | | | | | | | | | | | codecs, that accepted only read-only bytes-like object now accept writable bytes-like object too.
* | | | Issue #20617: Remove unused import in test_ssl.Berker Peksag2015-03-121-1/+0
|\ \ \ \ | |/ / / | | | | | | | | Patch by Mark Lawrence.
| * | | Issue #20617: Remove unused import in test_ssl.Berker Peksag2015-03-121-1/+0
| | | | | | | | | | | | | | | | Patch by Mark Lawrence.
* | | | merge 3.4Benjamin Peterson2015-03-051-1/+2
|\ \ \ \ | |/ / /
| * | | adjust test_crl_check for trusted first being defaultBenjamin Peterson2015-03-051-1/+2
| | | |
* | | | merge 3.4Benjamin Peterson2015-03-051-2/+3
|\ \ \ \ | |/ / /
| * | | expose X509_V_FLAG_TRUSTED_FIRSTBenjamin Peterson2015-03-051-2/+3
| | | |
* | | | Issue #23239: ssl.match_hostname() now supports matching of IP addresses.Antoine Pitrou2015-02-151-0/+24
| | | |
* | | | Issue #23345: merge from 3.4Ned Deily2015-02-051-1/+1
|\ \ \ \ | |/ / /
| * | | Issue #23345: Prevent test_ssl failures with large OpenSSL patch levelNed Deily2015-02-051-1/+1
| | | | | | | | | | | | | | | | values (like 0.9.8zc).
| * | | Issue #21356: Make ssl.RAND_egd() optional to support LibreSSL. TheVictor Stinner2015-01-061-2/+3
| | | | | | | | | | | | | | | | | | | | availability of the function is checked during the compilation. Patch written by Bernard Spil.
| * | | Issue #22935: Fix test_ssl when the SSLv3 protocol is not supportedVictor Stinner2014-12-121-1/+2
| | | |
* | | | prefer server alpn ordering over the client'sBenjamin Peterson2015-01-231-2/+2
| | | |
* | | | add support for ALPN (closes #20188)Benjamin Peterson2015-01-231-4/+60
| | | |
* | | | enable cert validation in testBenjamin Peterson2015-01-081-1/+4
| | | |
* | | | trying againBenjamin Peterson2015-01-081-2/+2
| | | |
* | | | reorder cipher prefsBenjamin Peterson2015-01-081-1/+1
| | | |
* | | | drop 256Benjamin Peterson2015-01-081-2/+2
| | | |
generated by cgit v0.12 at 2025-02-04 08:41:01 (GMT)