Lines Matching +full:test +full:- +full:suite +full:- +full:vm
1 # Test the support for SSL and sockets
6 from test import support
7 from test.support import import_helper
8 from test.support import os_helper
9 from test.support import socket_helper
10 from test.support import threading_helper
11 from test.support import warnings_helper
69 # using Lib/test/make_ssl_certs.py.
116 (('commonName', 'our-ca-server'),)),
131 SIGNED_CERTFILE_ECC_HOSTNAME = 'localhost-ecc'
141 REMOTE_HOST = "self-signed.pythontest.net"
149 TALOS_INVALID_CRLDP = data_file("talos-2019-0758.pem")
165 # Assume that any references of "ubuntu" implies Ubuntu-like distro
167 with open("/etc/os-release", encoding="utf-8") as f:
201 # auto-negotiate protocols are always available
226 # bpo43791: 3.0.0-alpha14 fails with TLSV1_ALERT_INTERNAL_ERROR
274 return -time.altzone # seconds
275 return -time.timezone
373 # Make sure that the PROTOCOL_* constants have enum-like string
399 self.assertRaises(ValueError, ssl.RAND_bytes, -5)
401 self.assertRaises(ValueError, ssl.RAND_pseudo_bytes, -5)
409 # provided solely for this test, to exercise the certificate
432 ('http://SVRIntl-G3-aia.verisign.com/SVRIntlG3.cer',))
434 ('http://SVRIntl-G3-crl.verisign.com/SVRIntlG3.crl',))
444 (('countryName', 'UK'),), (('commonName', 'cody-ca'),)),
450 'codenomicon-vm-2.test.lal.cisco.com'),)),
452 ('DNS', 'codenomicon-vm-2.test.lal.cisco.com'),),
467 (('emailAddress', 'python-dev@python.org'),))
515 self.fail("DER-to-PEM didn't include correct header:\n%r\n" % p2)
517 self.fail("DER-to-PEM didn't include correct footer:\n%r\n" % p2)
652 "certfile must be specified for server-side operations",
655 "certfile must be specified for server-side operations",
658 self.assertRaisesRegex(ValueError, "can't connect in server-side mode",
705 # -- Hostname matching --
723 # in left-most segment
731 # NULL bytes are bad, CVE-2013-4073
750 # wildcard doesn't match IDNA prefix 'xn--'
756 cert = {'subject': ((('commonName', 'xn--p*.python.org'),),)}
759 # wildcard in first fragment and IDNA A-labels in sequent fragments
768 # Slightly fake real-world example
781 # A pristine real-world example
793 # -- IPv4 matching --
808 # -- IPv6 matching --
822 # -- Miscellaneous --
910 ss.get_channel_binding("unknown-type")
913 @unittest.skipUnless("tls-unique" in ssl.CHANNEL_BINDING_TYPES,
914 "'tls-unique' channel binding not available")
919 self.assertIsNone(ss.get_channel_binding("tls-unique"))
920 # the same for server-side
923 self.assertIsNone(ss.get_channel_binding("tls-unique"))
1001 self.assertRaises(ValueError, ssl._ASN1Object.fromnid, -1)
1075 # case-insensitive
1110 self.skipTest("locale-specific month name needs to be "
1113 # locale-independent
1134 # empty reads and writes now work, bpo-42854, bpo-31711
1156 self.assertRaises(ValueError, ssl.SSLContext, -1)
1167 "Test applies only to Python default ciphers")
1171 for suite in ciphers:
1172 name = suite['name']
1184 'AES128-GCM-SHA256',
1185 'ECDHE-ECDSA-AES128-GCM-SHA256',
1186 'ECDHE-RSA-AES128-GCM-SHA256',
1187 'DHE-RSA-AES128-GCM-SHA256',
1188 'AES256-GCM-SHA384',
1189 'ECDHE-ECDSA-AES256-GCM-SHA384',
1190 'ECDHE-RSA-AES256-GCM-SHA384',
1191 'DHE-RSA-AES256-GCM-SHA384',
1340 # The default security callback allows for levels between 0-5
1476 # test cadata
1484 # test PEM
1508 # test DER
1570 # There's not much we can do to test that it acts as expected,
1668 @unittest.skipIf(sys.platform == "win32", "not-Windows specific")
1837 ctx.num_tickets = -1
1861 # Test the library and reason attributes
1940 self.assertEqual(bio.pending, 3-i-1)
1997 # Now if we unwrap one side unilaterally, it should send close-notify
2003 # close-notify:
2007 # And now that the client gets the server's close-notify, it doesn't
2040 # test method.
2057 # Issue #11326: non-blocking connect_ex() should allow handshake
2070 # Non-blocking handshake
2105 # test method.
2120 # filename) for this test to be portable across OpenSSL releases.
2161 # Issue #5238: creating a file-like object with makefile() shouldn't
2163 # file descriptor, hence skipping the test under Windows).
2225 # independent test method
2332 if 'tls-unique' in ssl.CHANNEL_BINDING_TYPES:
2333 self.assertIsNone(sslobj.get_channel_binding('tls-unique'))
2339 if 'tls-unique' in ssl.CHANNEL_BINDING_TYPES:
2340 self.assertTrue(sslobj.get_channel_binding('tls-unique'))
2386 # errno (mimicking the behaviour of non-SSL sockets).
2407 def _test_get_server_certificate(test, host, port, cert=None): argument
2410 test.fail("No server certificate on %s:%s!" % (host, port))
2414 test.fail("No server certificate on %s:%s!" % (host, port))
2418 def _test_get_server_certificate_fail(test, host, port): argument
2426 test.fail("Got server certificate %s for %s:%s!" % (pem, host, port))
2429 from test.ssl_servers import make_https_server
2437 that we can test the STARTTLS functionality."""
2456 # SSLError - OpenSSL on Ubuntu abruptly closes the
2477 # or a low-level bug. This should be made more discriminating.
2479 # bpo-31323: Store the exception as string to prevent
2480 # a reference leak: server -> conn_errors -> exception
2481 # -> traceback -> self (ConnectionHandler) -> server
2486 # bpo-44229, bpo-43855, bpo-44237, and bpo-33450:
2488 …ee also http://erickt.github.io/blog/2014/11/19/adventures-in-debugging-a-potential-osx-kernel-bug/
2572 elif stripped == b'CB tls-unique':
2574 … sys.stdout.write(" server: read CB tls-unique from client, sending our CB data...\n")
2575 data = self.sslconn.get_channel_binding("tls-unique")
2576 self.write(repr(data).encode("us-ascii") + b"\n")
2583 self.write(repr(e).encode("us-ascii") + b"\n")
2593 self.write(repr(cert).encode("us-ascii") + b"\n")
2618 handle_error("Test server failure:\n")
2626 # normally, we'd just stop here, but for the test
2882 Try to SSL-connect using *client_protocol* to *server_protocol*.
2896 formatstr = (expect_success and " %s->%s %s\n") or " {%s->%s} %s\n"
2918 # version, we have to change the minimum to test old TLS versions.
2960 """Basic test of an SSL client connecting to a server"""
3113 ssl.HAS_NEVER_CHECK_COMMON_NAME, "test requires hostname_checks_common_name"
3154 cipher = s.cipher()[0].split('-')
3180 cipher = s.cipher()[0].split('-')
3199 'xn--knig-5qa.idn.pythontest.net'),
3200 ('xn--knig-5qa.idn.pythontest.net',
3201 'xn--knig-5qa.idn.pythontest.net'),
3202 (b'xn--knig-5qa.idn.pythontest.net',
3203 'xn--knig-5qa.idn.pythontest.net'),
3206 'xn--knigsgsschen-lcb0w.idna2003.pythontest.net'),
3207 ('xn--knigsgsschen-lcb0w.idna2003.pythontest.net',
3208 'xn--knigsgsschen-lcb0w.idna2003.pythontest.net'),
3209 (b'xn--knigsgsschen-lcb0w.idna2003.pythontest.net',
3210 'xn--knigsgsschen-lcb0w.idna2003.pythontest.net'),
3213 # 'xn--knigsgchen-b4a3dun.idna2008.pythontest.net'),
3214 ('xn--knigsgchen-b4a3dun.idna2008.pythontest.net',
3215 'xn--knigsgchen-b4a3dun.idna2008.pythontest.net'),
3216 (b'xn--knigsgchen-b4a3dun.idna2008.pythontest.net',
3217 'xn--knigsgchen-b4a3dun.idna2008.pythontest.net'),
3262 # the connection, or a low-level connection reset (which
3396 " SSL2 client to SSL23 server test unexpectedly failed:\n %s\n"
3570 dlen = f.info().get("content-length")
3611 """Test recv(), send() and friends."""
3717 # read(-1, buffer) is supported, even though read(-1) is not
3721 self.assertEqual(s.read(-1, buffer), len(data))
3724 # sendall accepts bytes-like objects
3741 self.assertRaises(ValueError, s.recv, -1)
3742 self.assertRaises(ValueError, s.read, -1)
3901 # OpenSSL enables all TLS 1.3 ciphers, enforce TLS 1.2 for test
4016 # Issue #21015: elliptic curve-based Diffie Hellman key exchange
4024 # our default cipher list should prefer ECDH-based ciphers
4032 @unittest.skipUnless("tls-unique" in ssl.CHANNEL_BINDING_TYPES,
4033 "'tls-unique' channel binding not available")
4035 """Test tls-unique channel binding."""
4051 cb_data = s.get_channel_binding("tls-unique")
4064 s.write(b"CB tls-unique\n")
4067 repr(cb_data).encode("us-ascii"))
4074 new_cb_data = s.get_channel_binding("tls-unique")
4087 s.write(b"CB tls-unique\n")
4090 repr(new_cb_data).encode("us-ascii"))
4102 "ssl.OP_NO_COMPRESSION needed for this test")
4114 # Check we can get a connection with ephemeral Diffie-Hellman
4116 # test scenario needs TLS <= 1.2
4125 parts = cipher.split("-")
4127 self.fail("Non-DH cipher: " + cipher[0])
4206 server_result = stats['server_alpn_protocols'][-1] \
4322 "AES256", "AES-256",
4463 # cannot re-use session with a different SSLContext
4471 @unittest.skipUnless(has_tls_version('TLSv1_3'), "Test needs TLS 1.3")
4519 cert_text = s.recv(4096).decode('us-ascii')
4543 # test sometimes fails with EOF error. Test passes as long as
4715 self.assertIn("CN=our-ca-server", repr(ca))
4720 self.assertIn("-----BEGIN CERTIFICATE-----", pem)
4749 HAS_KEYLOG, 'test requires OpenSSL 1.1.1 with keylog callback')
4819 "test is not compatible with ignore_environment")
4962 return # Expect the full test setup to always work on Linux.
4971 # we're specifically trying to test. The way this test is written
4987 raise RuntimeError("wrap_socket event never set, test may fail.")
5025 b"Location: https://example.com/someone-elses-server\r\n"
5041 self.fail("test server took too long.")
5101 # test was added. Sending the request requires a successful TLS wrapped
5103 # to test this. It serves as an illustration of something that we never
5106 connection.request("HEAD", "/test", headers={"Host": "localhost"})