183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh# Test the support for SSL and sockets 283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsiehimport sys 483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsiehimport unittest 583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsiehfrom test import test_support 683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsiehimport asyncore 783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsiehimport socket 883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsiehimport select 983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsiehimport time 1083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsiehimport gc 1183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsiehimport os 1283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsiehimport errno 1383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsiehimport pprint 1483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsiehimport urllib, urlparse 1583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsiehimport traceback 1683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsiehimport weakref 1783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsiehimport functools 1883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsiehimport platform 1983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 2083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsiehfrom BaseHTTPServer import HTTPServer 2183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsiehfrom SimpleHTTPServer import SimpleHTTPRequestHandler 2283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 2383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsiehssl = test_support.import_module("ssl") 2483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 2583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew HsiehHOST = test_support.HOST 2683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew HsiehCERTFILE = None 2783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew HsiehSVN_PYTHON_ORG_ROOT_CERT = None 2883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 2983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsiehdef handle_error(prefix): 3083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh exc_format = ' '.join(traceback.format_exception(*sys.exc_info())) 3183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 3283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write(prefix + exc_format) 3383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 3483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 3583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsiehclass BasicTests(unittest.TestCase): 3683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 3783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_sslwrap_simple(self): 3883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # A crude test for the legacy API 3983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 4083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl.sslwrap_simple(socket.socket(socket.AF_INET)) 4183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh except IOError, e: 4283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if e.errno == 32: # broken pipe when ssl_sock.do_handshake(), this test doesn't care about that 4383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh pass 4483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh else: 4583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh raise 4683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 4783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl.sslwrap_simple(socket.socket(socket.AF_INET)._sock) 4883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh except IOError, e: 4983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if e.errno == 32: # broken pipe when ssl_sock.do_handshake(), this test doesn't care about that 5083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh pass 5183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh else: 5283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh raise 5383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 5483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh# Issue #9415: Ubuntu hijacks their OpenSSL and forcefully disables SSLv2 5583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsiehdef skip_if_broken_ubuntu_ssl(func): 5683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if hasattr(ssl, 'PROTOCOL_SSLv2'): 5783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # We need to access the lower-level wrapper in order to create an 5883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # implicit SSL context without trying to connect or listen. 5983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 6083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh import _ssl 6183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh except ImportError: 6283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # The returned function won't get executed, just ignore the error 6383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh pass 6483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh @functools.wraps(func) 6583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def f(*args, **kwargs): 6683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 6783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s = socket.socket(socket.AF_INET) 6883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh _ssl.sslwrap(s._sock, 0, None, None, 6983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl.CERT_NONE, ssl.PROTOCOL_SSLv2, None, None) 7083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh except ssl.SSLError as e: 7183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if (ssl.OPENSSL_VERSION_INFO == (0, 9, 8, 15, 15) and 7283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh platform.linux_distribution() == ('debian', 'squeeze/sid', '') 7383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh and 'Invalid SSL protocol variant specified' in str(e)): 7483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh raise unittest.SkipTest("Patched Ubuntu OpenSSL breaks behaviour") 7583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh return func(*args, **kwargs) 7683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh return f 7783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh else: 7883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh return func 7983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 8083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 8183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsiehclass BasicSocketTests(unittest.TestCase): 8283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 8383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_constants(self): 8483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh #ssl.PROTOCOL_SSLv2 8583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl.PROTOCOL_SSLv23 8683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl.PROTOCOL_SSLv3 8783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl.PROTOCOL_TLSv1 8883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl.CERT_NONE 8983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl.CERT_OPTIONAL 9083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl.CERT_REQUIRED 9183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 9283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_random(self): 9383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh v = ssl.RAND_status() 9483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 9583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write("\n RAND_status is %d (%s)\n" 9683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh % (v, (v and "sufficient randomness") or 9783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh "insufficient randomness")) 9883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertRaises(TypeError, ssl.RAND_egd, 1) 9983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1) 10083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl.RAND_add("this is a random string", 75.0) 10183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 10283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_parse_cert(self): 10383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # note that this uses an 'unofficial' function in _ssl.c, 10483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # provided solely for this test, to exercise the certificate 10583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # parsing code 10683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh p = ssl._ssl._test_decode_cert(CERTFILE, False) 10783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 10883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write("\n" + pprint.pformat(p) + "\n") 10983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertEqual(p['subject'], 11083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ((('countryName', 'XY'),), 11183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh (('localityName', 'Castle Anthrax'),), 11283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh (('organizationName', 'Python Software Foundation'),), 11383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh (('commonName', 'localhost'),)) 11483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ) 11583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertEqual(p['subjectAltName'], (('DNS', 'localhost'),)) 11683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # Issue #13034: the subjectAltName in some certificates 11783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # (notably projects.developer.nokia.com:443) wasn't parsed 11883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh p = ssl._ssl._test_decode_cert(NOKIACERT) 11983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 12083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write("\n" + pprint.pformat(p) + "\n") 12183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertEqual(p['subjectAltName'], 12283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh (('DNS', 'projects.developer.nokia.com'), 12383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ('DNS', 'projects.forum.nokia.com')) 12483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ) 12583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 12683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_DER_to_PEM(self): 12783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh with open(SVN_PYTHON_ORG_ROOT_CERT, 'r') as f: 12883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh pem = f.read() 12983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh d1 = ssl.PEM_cert_to_DER_cert(pem) 13083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh p2 = ssl.DER_cert_to_PEM_cert(d1) 13183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh d2 = ssl.PEM_cert_to_DER_cert(p2) 13283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertEqual(d1, d2) 13383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if not p2.startswith(ssl.PEM_HEADER + '\n'): 13483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.fail("DER-to-PEM didn't include correct header:\n%r\n" % p2) 13583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if not p2.endswith('\n' + ssl.PEM_FOOTER + '\n'): 13683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.fail("DER-to-PEM didn't include correct footer:\n%r\n" % p2) 13783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 13883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_openssl_version(self): 13983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh n = ssl.OPENSSL_VERSION_NUMBER 14083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh t = ssl.OPENSSL_VERSION_INFO 14183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s = ssl.OPENSSL_VERSION 14283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertIsInstance(n, (int, long)) 14383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertIsInstance(t, tuple) 14483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertIsInstance(s, str) 14583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # Some sanity checks follow 14683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # >= 0.9 14783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertGreaterEqual(n, 0x900000) 14883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # < 2.0 14983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertLess(n, 0x20000000) 15083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh major, minor, fix, patch, status = t 15183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertGreaterEqual(major, 0) 15283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertLess(major, 2) 15383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertGreaterEqual(minor, 0) 15483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertLess(minor, 256) 15583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertGreaterEqual(fix, 0) 15683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertLess(fix, 256) 15783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertGreaterEqual(patch, 0) 15883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertLessEqual(patch, 26) 15983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertGreaterEqual(status, 0) 16083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertLessEqual(status, 15) 16183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # Version string as returned by OpenSSL, the format might change 16283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertTrue(s.startswith("OpenSSL {:d}.{:d}.{:d}".format(major, minor, fix)), 16383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh (s, t)) 16483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 16583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_ciphers(self): 16683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if not test_support.is_resource_enabled('network'): 16783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh return 16883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh remote = ("svn.python.org", 443) 16983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh with test_support.transient_internet(remote[0]): 17083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s = ssl.wrap_socket(socket.socket(socket.AF_INET), 17183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh cert_reqs=ssl.CERT_NONE, ciphers="ALL") 17283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.connect(remote) 17383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s = ssl.wrap_socket(socket.socket(socket.AF_INET), 17483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh cert_reqs=ssl.CERT_NONE, ciphers="DEFAULT") 17583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.connect(remote) 17683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # Error checking occurs when connecting, because the SSL context 17783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # isn't created before. 17883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s = ssl.wrap_socket(socket.socket(socket.AF_INET), 17983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh cert_reqs=ssl.CERT_NONE, ciphers="^$:,;?*'dorothyx") 18083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh with self.assertRaisesRegexp(ssl.SSLError, "No cipher can be selected"): 18183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.connect(remote) 18283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 18383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh @test_support.cpython_only 18483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_refcycle(self): 18583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # Issue #7943: an SSL object doesn't create reference cycles with 18683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # itself. 18783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s = socket.socket(socket.AF_INET) 18883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ss = ssl.wrap_socket(s) 18983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh wr = weakref.ref(ss) 19083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh del ss 19183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertEqual(wr(), None) 19283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 19383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_wrapped_unconnected(self): 19483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # The _delegate_methods in socket.py are correctly delegated to by an 19583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # unconnected SSLSocket, so they will raise a socket.error rather than 19683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # something unexpected like TypeError. 19783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s = socket.socket(socket.AF_INET) 19883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ss = ssl.wrap_socket(s) 19983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertRaises(socket.error, ss.recv, 1) 20083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertRaises(socket.error, ss.recv_into, bytearray(b'x')) 20183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertRaises(socket.error, ss.recvfrom, 1) 20283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertRaises(socket.error, ss.recvfrom_into, bytearray(b'x'), 1) 20383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertRaises(socket.error, ss.send, b'x') 20483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertRaises(socket.error, ss.sendto, b'x', ('0.0.0.0', 0)) 20583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 20683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 20783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsiehclass NetworkedTests(unittest.TestCase): 20883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 20983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_connect(self): 21083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh with test_support.transient_internet("svn.python.org"): 21183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s = ssl.wrap_socket(socket.socket(socket.AF_INET), 21283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh cert_reqs=ssl.CERT_NONE) 21383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.connect(("svn.python.org", 443)) 21483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh c = s.getpeercert() 21583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if c: 21683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.fail("Peer cert %s shouldn't be here!") 21783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.close() 21883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 21983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # this should fail because we have no verification certs 22083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s = ssl.wrap_socket(socket.socket(socket.AF_INET), 22183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh cert_reqs=ssl.CERT_REQUIRED) 22283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 22383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.connect(("svn.python.org", 443)) 22483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh except ssl.SSLError: 22583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh pass 22683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh finally: 22783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.close() 22883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 22983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # this should succeed because we specify the root cert 23083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s = ssl.wrap_socket(socket.socket(socket.AF_INET), 23183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh cert_reqs=ssl.CERT_REQUIRED, 23283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ca_certs=SVN_PYTHON_ORG_ROOT_CERT) 23383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 23483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.connect(("svn.python.org", 443)) 23583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh finally: 23683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.close() 23783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 23883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_connect_ex(self): 23983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # Issue #11326: check connect_ex() implementation 24083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh with test_support.transient_internet("svn.python.org"): 24183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s = ssl.wrap_socket(socket.socket(socket.AF_INET), 24283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh cert_reqs=ssl.CERT_REQUIRED, 24383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ca_certs=SVN_PYTHON_ORG_ROOT_CERT) 24483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 24583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertEqual(0, s.connect_ex(("svn.python.org", 443))) 24683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertTrue(s.getpeercert()) 24783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh finally: 24883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.close() 24983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 25083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_non_blocking_connect_ex(self): 25183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # Issue #11326: non-blocking connect_ex() should allow handshake 25283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # to proceed after the socket gets ready. 25383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh with test_support.transient_internet("svn.python.org"): 25483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s = ssl.wrap_socket(socket.socket(socket.AF_INET), 25583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh cert_reqs=ssl.CERT_REQUIRED, 25683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ca_certs=SVN_PYTHON_ORG_ROOT_CERT, 25783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh do_handshake_on_connect=False) 25883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 25983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.setblocking(False) 26083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh rc = s.connect_ex(('svn.python.org', 443)) 26183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # EWOULDBLOCK under Windows, EINPROGRESS elsewhere 26283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertIn(rc, (0, errno.EINPROGRESS, errno.EWOULDBLOCK)) 26383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # Wait for connect to finish 26483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh select.select([], [s], [], 5.0) 26583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # Non-blocking handshake 26683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh while True: 26783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 26883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.do_handshake() 26983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh break 27083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh except ssl.SSLError as err: 27183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if err.args[0] == ssl.SSL_ERROR_WANT_READ: 27283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh select.select([s], [], [], 5.0) 27383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh elif err.args[0] == ssl.SSL_ERROR_WANT_WRITE: 27483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh select.select([], [s], [], 5.0) 27583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh else: 27683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh raise 27783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # SSL established 27883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertTrue(s.getpeercert()) 27983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh finally: 28083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.close() 28183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 28283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_timeout_connect_ex(self): 28383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # Issue #12065: on a timeout, connect_ex() should return the original 28483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # errno (mimicking the behaviour of non-SSL sockets). 28583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh with test_support.transient_internet("svn.python.org"): 28683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s = ssl.wrap_socket(socket.socket(socket.AF_INET), 28783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh cert_reqs=ssl.CERT_REQUIRED, 28883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ca_certs=SVN_PYTHON_ORG_ROOT_CERT, 28983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh do_handshake_on_connect=False) 29083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 29183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.settimeout(0.0000001) 29283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh rc = s.connect_ex(('svn.python.org', 443)) 29383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if rc == 0: 29483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.skipTest("svn.python.org responded too quickly") 29583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertIn(rc, (errno.EAGAIN, errno.EWOULDBLOCK)) 29683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh finally: 29783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.close() 29883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 29983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_connect_ex_error(self): 30083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh with test_support.transient_internet("svn.python.org"): 30183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s = ssl.wrap_socket(socket.socket(socket.AF_INET), 30283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh cert_reqs=ssl.CERT_REQUIRED, 30383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ca_certs=SVN_PYTHON_ORG_ROOT_CERT) 30483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 30583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertEqual(errno.ECONNREFUSED, 30683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.connect_ex(("svn.python.org", 444))) 30783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh finally: 30883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.close() 30983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 31083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh @unittest.skipIf(os.name == "nt", "Can't use a socket as a file under Windows") 31183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_makefile_close(self): 31283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # Issue #5238: creating a file-like object with makefile() shouldn't 31383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # delay closing the underlying "real socket" (here tested with its 31483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # file descriptor, hence skipping the test under Windows). 31583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh with test_support.transient_internet("svn.python.org"): 31683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ss = ssl.wrap_socket(socket.socket(socket.AF_INET)) 31783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ss.connect(("svn.python.org", 443)) 31883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh fd = ss.fileno() 31983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh f = ss.makefile() 32083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh f.close() 32183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # The fd is still open 32283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh os.read(fd, 0) 32383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # Closing the SSL socket should close the fd too 32483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ss.close() 32583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh gc.collect() 32683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh with self.assertRaises(OSError) as e: 32783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh os.read(fd, 0) 32883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertEqual(e.exception.errno, errno.EBADF) 32983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 33083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_non_blocking_handshake(self): 33183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh with test_support.transient_internet("svn.python.org"): 33283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s = socket.socket(socket.AF_INET) 33383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.connect(("svn.python.org", 443)) 33483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.setblocking(False) 33583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s = ssl.wrap_socket(s, 33683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh cert_reqs=ssl.CERT_NONE, 33783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh do_handshake_on_connect=False) 33883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh count = 0 33983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh while True: 34083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 34183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh count += 1 34283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.do_handshake() 34383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh break 34483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh except ssl.SSLError, err: 34583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if err.args[0] == ssl.SSL_ERROR_WANT_READ: 34683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh select.select([s], [], []) 34783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh elif err.args[0] == ssl.SSL_ERROR_WANT_WRITE: 34883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh select.select([], [s], []) 34983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh else: 35083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh raise 35183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.close() 35283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 35383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write("\nNeeded %d calls to do_handshake() to establish session.\n" % count) 35483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 35583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_get_server_certificate(self): 35683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh with test_support.transient_internet("svn.python.org"): 35783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh pem = ssl.get_server_certificate(("svn.python.org", 443)) 35883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if not pem: 35983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.fail("No server certificate on svn.python.org:443!") 36083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 36183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 36283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh pem = ssl.get_server_certificate(("svn.python.org", 443), ca_certs=CERTFILE) 36383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh except ssl.SSLError: 36483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh #should fail 36583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh pass 36683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh else: 36783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.fail("Got server certificate %s for svn.python.org!" % pem) 36883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 36983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh pem = ssl.get_server_certificate(("svn.python.org", 443), ca_certs=SVN_PYTHON_ORG_ROOT_CERT) 37083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if not pem: 37183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.fail("No server certificate on svn.python.org:443!") 37283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 37383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write("\nVerified certificate for svn.python.org:443 is\n%s\n" % pem) 37483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 37583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_algorithms(self): 37683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # Issue #8484: all algorithms should be available when verifying a 37783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # certificate. 37883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # SHA256 was added in OpenSSL 0.9.8 37983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if ssl.OPENSSL_VERSION_INFO < (0, 9, 8, 0, 15): 38083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.skipTest("SHA256 not available on %r" % ssl.OPENSSL_VERSION) 38183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.skipTest("remote host needs SNI, only available on Python 3.2+") 38283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # NOTE: https://sha2.hboeck.de is another possible test host 38383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh remote = ("sha256.tbs-internet.com", 443) 38483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sha256_cert = os.path.join(os.path.dirname(__file__), "sha256.pem") 38583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh with test_support.transient_internet("sha256.tbs-internet.com"): 38683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s = ssl.wrap_socket(socket.socket(socket.AF_INET), 38783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh cert_reqs=ssl.CERT_REQUIRED, 38883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ca_certs=sha256_cert,) 38983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 39083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.connect(remote) 39183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 39283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write("\nCipher with %r is %r\n" % 39383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh (remote, s.cipher())) 39483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write("Certificate is:\n%s\n" % 39583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh pprint.pformat(s.getpeercert())) 39683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh finally: 39783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.close() 39883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 39983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 40083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsiehtry: 40183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh import threading 40283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsiehexcept ImportError: 40383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh _have_threads = False 40483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsiehelse: 40583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh _have_threads = True 40683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 40783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh class ThreadedEchoServer(threading.Thread): 40883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 40983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh class ConnectionHandler(threading.Thread): 41083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 41183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh """A mildly complicated class, because we want it to work both 41283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh with and without the SSL wrapper around the socket connection, so 41383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh that we can test the STARTTLS functionality.""" 41483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 41583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def __init__(self, server, connsock): 41683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.server = server 41783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.running = False 41883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.sock = connsock 41983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.sock.setblocking(1) 42083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.sslconn = None 42183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh threading.Thread.__init__(self) 42283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.daemon = True 42383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 42483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def show_conn_details(self): 42583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if self.server.certreqs == ssl.CERT_REQUIRED: 42683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh cert = self.sslconn.getpeercert() 42783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose and self.server.chatty: 42883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write(" client cert is " + pprint.pformat(cert) + "\n") 42983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh cert_binary = self.sslconn.getpeercert(True) 43083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose and self.server.chatty: 43183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write(" cert binary is " + str(len(cert_binary)) + " bytes\n") 43283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh cipher = self.sslconn.cipher() 43383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose and self.server.chatty: 43483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write(" server: connection cipher is now " + str(cipher) + "\n") 43583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 43683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def wrap_conn(self): 43783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 43883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.sslconn = ssl.wrap_socket(self.sock, server_side=True, 43983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh certfile=self.server.certificate, 44083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl_version=self.server.protocol, 44183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ca_certs=self.server.cacerts, 44283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh cert_reqs=self.server.certreqs, 44383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ciphers=self.server.ciphers) 44483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh except ssl.SSLError as e: 44583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # XXX Various errors can have happened here, for example 44683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # a mismatching protocol version, an invalid certificate, 44783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # or a low-level bug. This should be made more discriminating. 44883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.server.conn_errors.append(e) 44983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if self.server.chatty: 45083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh handle_error("\n server: bad connection attempt from " + 45183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh str(self.sock.getpeername()) + ":\n") 45283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.close() 45383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.running = False 45483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.server.stop() 45583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh return False 45683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh else: 45783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh return True 45883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 45983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def read(self): 46083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if self.sslconn: 46183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh return self.sslconn.read() 46283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh else: 46383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh return self.sock.recv(1024) 46483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 46583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def write(self, bytes): 46683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if self.sslconn: 46783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh return self.sslconn.write(bytes) 46883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh else: 46983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh return self.sock.send(bytes) 47083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 47183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def close(self): 47283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if self.sslconn: 47383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.sslconn.close() 47483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh else: 47583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.sock._sock.close() 47683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 47783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def run(self): 47883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.running = True 47983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if not self.server.starttls_server: 48083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if isinstance(self.sock, ssl.SSLSocket): 48183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.sslconn = self.sock 48283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh elif not self.wrap_conn(): 48383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh return 48483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.show_conn_details() 48583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh while self.running: 48683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 48783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh msg = self.read() 48883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if not msg: 48983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # eof, so quit this handler 49083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.running = False 49183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.close() 49283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh elif msg.strip() == 'over': 49383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose and self.server.connectionchatty: 49483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write(" server: client closed connection\n") 49583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.close() 49683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh return 49783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh elif self.server.starttls_server and msg.strip() == 'STARTTLS': 49883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose and self.server.connectionchatty: 49983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write(" server: read STARTTLS from client, sending OK...\n") 50083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.write("OK\n") 50183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if not self.wrap_conn(): 50283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh return 50383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh elif self.server.starttls_server and self.sslconn and msg.strip() == 'ENDTLS': 50483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose and self.server.connectionchatty: 50583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write(" server: read ENDTLS from client, sending OK...\n") 50683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.write("OK\n") 50783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.sslconn.unwrap() 50883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.sslconn = None 50983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose and self.server.connectionchatty: 51083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write(" server: connection is now unencrypted...\n") 51183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh else: 51283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if (test_support.verbose and 51383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.server.connectionchatty): 51483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ctype = (self.sslconn and "encrypted") or "unencrypted" 51583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write(" server: read %s (%s), sending back %s (%s)...\n" 51683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh % (repr(msg), ctype, repr(msg.lower()), ctype)) 51783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.write(msg.lower()) 51883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh except ssl.SSLError: 51983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if self.server.chatty: 52083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh handle_error("Test server failure:\n") 52183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.close() 52283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.running = False 52383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # normally, we'd just stop here, but for the test 52483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # harness, we want to stop the server 52583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.server.stop() 52683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 52783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def __init__(self, certificate, ssl_version=None, 52883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh certreqs=None, cacerts=None, 52983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh chatty=True, connectionchatty=False, starttls_server=False, 53083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh wrap_accepting_socket=False, ciphers=None): 53183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 53283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if ssl_version is None: 53383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl_version = ssl.PROTOCOL_TLSv1 53483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if certreqs is None: 53583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh certreqs = ssl.CERT_NONE 53683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.certificate = certificate 53783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.protocol = ssl_version 53883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.certreqs = certreqs 53983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.cacerts = cacerts 54083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.ciphers = ciphers 54183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.chatty = chatty 54283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.connectionchatty = connectionchatty 54383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.starttls_server = starttls_server 54483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.sock = socket.socket() 54583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.flag = None 54683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if wrap_accepting_socket: 54783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.sock = ssl.wrap_socket(self.sock, server_side=True, 54883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh certfile=self.certificate, 54983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh cert_reqs = self.certreqs, 55083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ca_certs = self.cacerts, 55183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl_version = self.protocol, 55283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ciphers = self.ciphers) 55383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose and self.chatty: 55483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write(' server: wrapped server socket as %s\n' % str(self.sock)) 55583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.port = test_support.bind_port(self.sock) 55683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.active = False 55783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.conn_errors = [] 55883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh threading.Thread.__init__(self) 55983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.daemon = True 56083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 56183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def __enter__(self): 56283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.start(threading.Event()) 56383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.flag.wait() 56483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh return self 56583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 56683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def __exit__(self, *args): 56783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.stop() 56883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.join() 56983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 57083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def start(self, flag=None): 57183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.flag = flag 57283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh threading.Thread.start(self) 57383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 57483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def run(self): 57583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.sock.settimeout(0.05) 57683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.sock.listen(5) 57783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.active = True 57883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if self.flag: 57983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # signal an event 58083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.flag.set() 58183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh while self.active: 58283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 58383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh newconn, connaddr = self.sock.accept() 58483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose and self.chatty: 58583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write(' server: new connection from ' 58683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh + str(connaddr) + '\n') 58783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh handler = self.ConnectionHandler(self, newconn) 58883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh handler.start() 58983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh handler.join() 59083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh except socket.timeout: 59183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh pass 59283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh except KeyboardInterrupt: 59383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.stop() 59483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.sock.close() 59583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 59683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def stop(self): 59783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.active = False 59883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 59983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh class AsyncoreEchoServer(threading.Thread): 60083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 60183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh class EchoServer(asyncore.dispatcher): 60283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 60383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh class ConnectionHandler(asyncore.dispatcher_with_send): 60483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 60583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def __init__(self, conn, certfile): 60683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh asyncore.dispatcher_with_send.__init__(self, conn) 60783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.socket = ssl.wrap_socket(conn, server_side=True, 60883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh certfile=certfile, 60983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh do_handshake_on_connect=False) 61083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self._ssl_accepting = True 61183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 61283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def readable(self): 61383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if isinstance(self.socket, ssl.SSLSocket): 61483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh while self.socket.pending() > 0: 61583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.handle_read_event() 61683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh return True 61783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 61883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def _do_ssl_handshake(self): 61983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 62083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.socket.do_handshake() 62183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh except ssl.SSLError, err: 62283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if err.args[0] in (ssl.SSL_ERROR_WANT_READ, 62383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl.SSL_ERROR_WANT_WRITE): 62483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh return 62583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh elif err.args[0] == ssl.SSL_ERROR_EOF: 62683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh return self.handle_close() 62783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh raise 62883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh except socket.error, err: 62983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if err.args[0] == errno.ECONNABORTED: 63083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh return self.handle_close() 63183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh else: 63283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self._ssl_accepting = False 63383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 63483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def handle_read(self): 63583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if self._ssl_accepting: 63683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self._do_ssl_handshake() 63783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh else: 63883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh data = self.recv(1024) 63983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if data and data.strip() != 'over': 64083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.send(data.lower()) 64183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 64283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def handle_close(self): 64383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.close() 64483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 64583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write(" server: closed connection %s\n" % self.socket) 64683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 64783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def handle_error(self): 64883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh raise 64983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 65083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def __init__(self, certfile): 65183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.certfile = certfile 65283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh asyncore.dispatcher.__init__(self) 65383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.create_socket(socket.AF_INET, socket.SOCK_STREAM) 65483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.port = test_support.bind_port(self.socket) 65583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.listen(5) 65683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 65783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def handle_accept(self): 65883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sock_obj, addr = self.accept() 65983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 66083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write(" server: new connection from %s:%s\n" %addr) 66183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.ConnectionHandler(sock_obj, self.certfile) 66283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 66383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def handle_error(self): 66483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh raise 66583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 66683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def __init__(self, certfile): 66783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.flag = None 66883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.active = False 66983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.server = self.EchoServer(certfile) 67083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.port = self.server.port 67183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh threading.Thread.__init__(self) 67283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.daemon = True 67383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 67483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def __str__(self): 67583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh return "<%s %s>" % (self.__class__.__name__, self.server) 67683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 67783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def __enter__(self): 67883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.start(threading.Event()) 67983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.flag.wait() 68083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh return self 68183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 68283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def __exit__(self, *args): 68383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 68483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write(" cleanup: stopping server.\n") 68583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.stop() 68683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 68783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write(" cleanup: joining server thread.\n") 68883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.join() 68983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 69083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write(" cleanup: successfully joined.\n") 69183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 69283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def start(self, flag=None): 69383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.flag = flag 69483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh threading.Thread.start(self) 69583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 69683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def run(self): 69783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.active = True 69883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if self.flag: 69983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.flag.set() 70083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh while self.active: 70183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh asyncore.loop(0.05) 70283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 70383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def stop(self): 70483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.active = False 70583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.server.close() 70683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 70783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh class SocketServerHTTPSServer(threading.Thread): 70883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 70983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh class HTTPSServer(HTTPServer): 71083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 71183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def __init__(self, server_address, RequestHandlerClass, certfile): 71283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh HTTPServer.__init__(self, server_address, RequestHandlerClass) 71383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # we assume the certfile contains both private key and certificate 71483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.certfile = certfile 71583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.allow_reuse_address = True 71683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 71783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def __str__(self): 71883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh return ('<%s %s:%s>' % 71983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh (self.__class__.__name__, 72083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.server_name, 72183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.server_port)) 72283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 72383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def get_request(self): 72483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # override this to wrap socket with SSL 72583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sock, addr = self.socket.accept() 72683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sslconn = ssl.wrap_socket(sock, server_side=True, 72783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh certfile=self.certfile) 72883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh return sslconn, addr 72983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 73083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh class RootedHTTPRequestHandler(SimpleHTTPRequestHandler): 73183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # need to override translate_path to get a known root, 73283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # instead of using os.curdir, since the test could be 73383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # run from anywhere 73483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 73583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh server_version = "TestHTTPS/1.0" 73683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 73783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh root = None 73883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 73983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def translate_path(self, path): 74083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh """Translate a /-separated PATH to the local filename syntax. 74183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 74283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh Components that mean special things to the local file system 74383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh (e.g. drive or directory names) are ignored. (XXX They should 74483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh probably be diagnosed.) 74583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 74683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh """ 74783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # abandon query parameters 74883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh path = urlparse.urlparse(path)[2] 74983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh path = os.path.normpath(urllib.unquote(path)) 75083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh words = path.split('/') 75183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh words = filter(None, words) 75283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh path = self.root 75383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh for word in words: 75483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh drive, word = os.path.splitdrive(word) 75583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh head, word = os.path.split(word) 75683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if word in self.root: continue 75783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh path = os.path.join(path, word) 75883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh return path 75983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 76083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def log_message(self, format, *args): 76183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 76283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # we override this to suppress logging unless "verbose" 76383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 76483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 76583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write(" server (%s:%d %s):\n [%s] %s\n" % 76683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh (self.server.server_address, 76783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.server.server_port, 76883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.request.cipher(), 76983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.log_date_time_string(), 77083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh format%args)) 77183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 77283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 77383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def __init__(self, certfile): 77483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.flag = None 77583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.RootedHTTPRequestHandler.root = os.path.split(CERTFILE)[0] 77683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.server = self.HTTPSServer( 77783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh (HOST, 0), self.RootedHTTPRequestHandler, certfile) 77883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.port = self.server.server_port 77983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh threading.Thread.__init__(self) 78083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.daemon = True 78183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 78283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def __str__(self): 78383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh return "<%s %s>" % (self.__class__.__name__, self.server) 78483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 78583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def start(self, flag=None): 78683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.flag = flag 78783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh threading.Thread.start(self) 78883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 78983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def run(self): 79083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if self.flag: 79183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.flag.set() 79283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.server.serve_forever(0.05) 79383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 79483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def stop(self): 79583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.server.shutdown() 79683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 79783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 79883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def bad_cert_test(certfile): 79983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh """ 80083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh Launch a server with CERT_REQUIRED, and check that trying to 80183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh connect to it with the given client certificate fails. 80283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh """ 80383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh server = ThreadedEchoServer(CERTFILE, 80483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh certreqs=ssl.CERT_REQUIRED, 80583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh cacerts=CERTFILE, chatty=False) 80683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh with server: 80783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 80883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s = ssl.wrap_socket(socket.socket(), 80983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh certfile=certfile, 81083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl_version=ssl.PROTOCOL_TLSv1) 81183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.connect((HOST, server.port)) 81283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh except ssl.SSLError, x: 81383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 81483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write("\nSSLError is %s\n" % x[1]) 81583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh except socket.error, x: 81683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 81783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write("\nsocket.error is %s\n" % x[1]) 81883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh else: 81983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh raise AssertionError("Use of invalid cert should have failed!") 82083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 82183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def server_params_test(certfile, protocol, certreqs, cacertsfile, 82283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh client_certfile, client_protocol=None, indata="FOO\n", 82383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ciphers=None, chatty=True, connectionchatty=False, 82483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh wrap_accepting_socket=False): 82583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh """ 82683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh Launch a server, connect a client to it and try various reads 82783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh and writes. 82883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh """ 82983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh server = ThreadedEchoServer(certfile, 83083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh certreqs=certreqs, 83183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl_version=protocol, 83283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh cacerts=cacertsfile, 83383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ciphers=ciphers, 83483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh chatty=chatty, 83583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh connectionchatty=connectionchatty, 83683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh wrap_accepting_socket=wrap_accepting_socket) 83783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh with server: 83883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # try to connect 83983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if client_protocol is None: 84083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh client_protocol = protocol 84183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s = ssl.wrap_socket(socket.socket(), 84283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh certfile=client_certfile, 84383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ca_certs=cacertsfile, 84483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ciphers=ciphers, 84583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh cert_reqs=certreqs, 84683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl_version=client_protocol) 84783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.connect((HOST, server.port)) 84883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh for arg in [indata, bytearray(indata), memoryview(indata)]: 84983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if connectionchatty: 85083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 85183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write( 85283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh " client: sending %s...\n" % (repr(arg))) 85383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.write(arg) 85483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh outdata = s.read() 85583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if connectionchatty: 85683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 85783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write(" client: read %s\n" % repr(outdata)) 85883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if outdata != indata.lower(): 85983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh raise AssertionError( 86083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh "bad data <<%s>> (%d) received; expected <<%s>> (%d)\n" 86183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh % (outdata[:min(len(outdata),20)], len(outdata), 86283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh indata[:min(len(indata),20)].lower(), len(indata))) 86383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.write("over\n") 86483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if connectionchatty: 86583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 86683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write(" client: closing connection.\n") 86783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.close() 86883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 86983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def try_protocol_combo(server_protocol, 87083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh client_protocol, 87183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh expect_success, 87283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh certsreqs=None): 87383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if certsreqs is None: 87483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh certsreqs = ssl.CERT_NONE 87583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh certtype = { 87683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl.CERT_NONE: "CERT_NONE", 87783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl.CERT_OPTIONAL: "CERT_OPTIONAL", 87883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl.CERT_REQUIRED: "CERT_REQUIRED", 87983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh }[certsreqs] 88083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 88183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh formatstr = (expect_success and " %s->%s %s\n") or " {%s->%s} %s\n" 88283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write(formatstr % 88383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh (ssl.get_protocol_name(client_protocol), 88483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl.get_protocol_name(server_protocol), 88583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh certtype)) 88683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 88783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # NOTE: we must enable "ALL" ciphers, otherwise an SSLv23 client 88883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # will send an SSLv3 hello (rather than SSLv2) starting from 88983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # OpenSSL 1.0.0 (see issue #8322). 89083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh server_params_test(CERTFILE, server_protocol, certsreqs, 89183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh CERTFILE, CERTFILE, client_protocol, 89283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ciphers="ALL", chatty=False) 89383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # Protocol mismatch can result in either an SSLError, or a 89483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # "Connection reset by peer" error. 89583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh except ssl.SSLError: 89683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if expect_success: 89783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh raise 89883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh except socket.error as e: 89983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if expect_success or e.errno != errno.ECONNRESET: 90083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh raise 90183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh else: 90283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if not expect_success: 90383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh raise AssertionError( 90483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh "Client protocol %s succeeded with server protocol %s!" 90583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh % (ssl.get_protocol_name(client_protocol), 90683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl.get_protocol_name(server_protocol))) 90783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 90883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 90983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh class ThreadedTests(unittest.TestCase): 91083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 91183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_rude_shutdown(self): 91283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh """A brutal shutdown of an SSL server should raise an IOError 91383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh in the client when attempting handshake. 91483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh """ 91583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh listener_ready = threading.Event() 91683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh listener_gone = threading.Event() 91783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 91883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s = socket.socket() 91983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh port = test_support.bind_port(s, HOST) 92083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 92183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # `listener` runs in a thread. It sits in an accept() until 92283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # the main thread connects. Then it rudely closes the socket, 92383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # and sets Event `listener_gone` to let the main thread know 92483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # the socket is gone. 92583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def listener(): 92683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.listen(5) 92783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh listener_ready.set() 92883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.accept() 92983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.close() 93083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh listener_gone.set() 93183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 93283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def connector(): 93383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh listener_ready.wait() 93483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh c = socket.socket() 93583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh c.connect((HOST, port)) 93683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh listener_gone.wait() 93783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 93883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl_sock = ssl.wrap_socket(c) 93983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh except IOError: 94083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh pass 94183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh else: 94283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.fail('connecting to closed SSL socket should have failed') 94383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 94483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh t = threading.Thread(target=listener) 94583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh t.start() 94683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 94783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh connector() 94883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh finally: 94983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh t.join() 95083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 95183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh @skip_if_broken_ubuntu_ssl 95283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_echo(self): 95383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh """Basic test of an SSL client connecting to a server""" 95483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 95583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write("\n") 95683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh server_params_test(CERTFILE, ssl.PROTOCOL_TLSv1, ssl.CERT_NONE, 95783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh CERTFILE, CERTFILE, ssl.PROTOCOL_TLSv1, 95883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh chatty=True, connectionchatty=True) 95983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 96083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_getpeercert(self): 96183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 96283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write("\n") 96383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s2 = socket.socket() 96483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh server = ThreadedEchoServer(CERTFILE, 96583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh certreqs=ssl.CERT_NONE, 96683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl_version=ssl.PROTOCOL_SSLv23, 96783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh cacerts=CERTFILE, 96883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh chatty=False) 96983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh with server: 97083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s = ssl.wrap_socket(socket.socket(), 97183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh certfile=CERTFILE, 97283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ca_certs=CERTFILE, 97383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh cert_reqs=ssl.CERT_REQUIRED, 97483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl_version=ssl.PROTOCOL_SSLv23) 97583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.connect((HOST, server.port)) 97683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh cert = s.getpeercert() 97783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertTrue(cert, "Can't get peer certificate.") 97883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh cipher = s.cipher() 97983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 98083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write(pprint.pformat(cert) + '\n') 98183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write("Connection cipher is " + str(cipher) + '.\n') 98283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if 'subject' not in cert: 98383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.fail("No subject field in certificate: %s." % 98483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh pprint.pformat(cert)) 98583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if ((('organizationName', 'Python Software Foundation'),) 98683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh not in cert['subject']): 98783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.fail( 98883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh "Missing or invalid 'organizationName' field in certificate subject; " 98983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh "should be 'Python Software Foundation'.") 99083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.close() 99183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 99283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_empty_cert(self): 99383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh """Connecting with an empty cert file""" 99483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh bad_cert_test(os.path.join(os.path.dirname(__file__) or os.curdir, 99583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh "nullcert.pem")) 99683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_malformed_cert(self): 99783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh """Connecting with a badly formatted certificate (syntax error)""" 99883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh bad_cert_test(os.path.join(os.path.dirname(__file__) or os.curdir, 99983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh "badcert.pem")) 100083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_nonexisting_cert(self): 100183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh """Connecting with a non-existing cert file""" 100283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh bad_cert_test(os.path.join(os.path.dirname(__file__) or os.curdir, 100383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh "wrongcert.pem")) 100483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_malformed_key(self): 100583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh """Connecting with a badly formatted key (syntax error)""" 100683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh bad_cert_test(os.path.join(os.path.dirname(__file__) or os.curdir, 100783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh "badkey.pem")) 100883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 100983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh @skip_if_broken_ubuntu_ssl 101083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_protocol_sslv2(self): 101183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh """Connecting to an SSLv2 server with various client options""" 101283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 101383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write("\n") 101483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if not hasattr(ssl, 'PROTOCOL_SSLv2'): 101583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.skipTest("PROTOCOL_SSLv2 needed") 101683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True) 101783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_OPTIONAL) 101883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_REQUIRED) 101983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv23, True) 102083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv3, False) 102183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLSv1, False) 102283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 102383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh @skip_if_broken_ubuntu_ssl 102483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_protocol_sslv23(self): 102583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh """Connecting to an SSLv23 server with various client options""" 102683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 102783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write("\n") 102883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True) 102983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True) 103083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True) 103183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 103283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True, ssl.CERT_OPTIONAL) 103383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True, ssl.CERT_OPTIONAL) 103483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True, ssl.CERT_OPTIONAL) 103583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 103683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True, ssl.CERT_REQUIRED) 103783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True, ssl.CERT_REQUIRED) 103883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True, ssl.CERT_REQUIRED) 103983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 104083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh @skip_if_broken_ubuntu_ssl 104183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_protocol_sslv3(self): 104283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh """Connecting to an SSLv3 server with various client options""" 104383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 104483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write("\n") 104583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, True) 104683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, True, ssl.CERT_OPTIONAL) 104783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, True, ssl.CERT_REQUIRED) 104883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if hasattr(ssl, 'PROTOCOL_SSLv2'): 104983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv2, False) 105083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_TLSv1, False) 105183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 105283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh @skip_if_broken_ubuntu_ssl 105383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_protocol_tlsv1(self): 105483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh """Connecting to a TLSv1 server with various client options""" 105583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 105683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write("\n") 105783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, True) 105883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, True, ssl.CERT_OPTIONAL) 105983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, True, ssl.CERT_REQUIRED) 106083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if hasattr(ssl, 'PROTOCOL_SSLv2'): 106183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv2, False) 106283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv3, False) 106383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 106483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_starttls(self): 106583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh """Switching from clear text to encrypted and back again.""" 106683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh msgs = ("msg 1", "MSG 2", "STARTTLS", "MSG 3", "msg 4", "ENDTLS", "msg 5", "msg 6") 106783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 106883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh server = ThreadedEchoServer(CERTFILE, 106983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl_version=ssl.PROTOCOL_TLSv1, 107083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh starttls_server=True, 107183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh chatty=True, 107283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh connectionchatty=True) 107383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh wrapped = False 107483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh with server: 107583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s = socket.socket() 107683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.setblocking(1) 107783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.connect((HOST, server.port)) 107883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 107983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write("\n") 108083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh for indata in msgs: 108183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 108283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write( 108383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh " client: sending %s...\n" % repr(indata)) 108483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if wrapped: 108583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh conn.write(indata) 108683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh outdata = conn.read() 108783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh else: 108883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.send(indata) 108983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh outdata = s.recv(1024) 109083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if (indata == "STARTTLS" and 109183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh outdata.strip().lower().startswith("ok")): 109283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # STARTTLS ok, switch to secure mode 109383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 109483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write( 109583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh " client: read %s from server, starting TLS...\n" 109683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh % repr(outdata)) 109783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh conn = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_TLSv1) 109883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh wrapped = True 109983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh elif (indata == "ENDTLS" and 110083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh outdata.strip().lower().startswith("ok")): 110183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # ENDTLS ok, switch back to clear text 110283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 110383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write( 110483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh " client: read %s from server, ending TLS...\n" 110583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh % repr(outdata)) 110683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s = conn.unwrap() 110783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh wrapped = False 110883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh else: 110983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 111083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write( 111183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh " client: read %s from server\n" % repr(outdata)) 111283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 111383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write(" client: closing connection.\n") 111483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if wrapped: 111583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh conn.write("over\n") 111683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh else: 111783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.send("over\n") 111883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.close() 111983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 112083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_socketserver(self): 112183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh """Using a SocketServer to create and manage SSL connections.""" 112283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh server = SocketServerHTTPSServer(CERTFILE) 112383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh flag = threading.Event() 112483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh server.start(flag) 112583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # wait for it to start 112683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh flag.wait() 112783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # try to connect 112883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 112983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 113083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write('\n') 113183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh with open(CERTFILE, 'rb') as f: 113283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh d1 = f.read() 113383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh d2 = '' 113483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # now fetch the same data from the HTTPS server 113583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh url = 'https://127.0.0.1:%d/%s' % ( 113683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh server.port, os.path.split(CERTFILE)[1]) 113783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh with test_support.check_py3k_warnings(): 113883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh f = urllib.urlopen(url) 113983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh dlen = f.info().getheader("content-length") 114083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if dlen and (int(dlen) > 0): 114183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh d2 = f.read(int(dlen)) 114283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 114383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write( 114483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh " client: read %d bytes from remote server '%s'\n" 114583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh % (len(d2), server)) 114683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh f.close() 114783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertEqual(d1, d2) 114883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh finally: 114983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh server.stop() 115083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh server.join() 115183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 115283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_wrapped_accept(self): 115383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh """Check the accept() method on SSL sockets.""" 115483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 115583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write("\n") 115683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh server_params_test(CERTFILE, ssl.PROTOCOL_SSLv23, ssl.CERT_REQUIRED, 115783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh CERTFILE, CERTFILE, ssl.PROTOCOL_SSLv23, 115883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh chatty=True, connectionchatty=True, 115983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh wrap_accepting_socket=True) 116083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 116183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_asyncore_server(self): 116283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh """Check the example asyncore integration.""" 116383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh indata = "TEST MESSAGE of mixed case\n" 116483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 116583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 116683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write("\n") 116783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh server = AsyncoreEchoServer(CERTFILE) 116883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh with server: 116983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s = ssl.wrap_socket(socket.socket()) 117083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.connect(('127.0.0.1', server.port)) 117183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 117283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write( 117383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh " client: sending %s...\n" % (repr(indata))) 117483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.write(indata) 117583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh outdata = s.read() 117683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 117783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write(" client: read %s\n" % repr(outdata)) 117883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if outdata != indata.lower(): 117983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.fail( 118083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh "bad data <<%s>> (%d) received; expected <<%s>> (%d)\n" 118183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh % (outdata[:min(len(outdata),20)], len(outdata), 118283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh indata[:min(len(indata),20)].lower(), len(indata))) 118383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.write("over\n") 118483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 118583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write(" client: closing connection.\n") 118683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.close() 118783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 118883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_recv_send(self): 118983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh """Test recv(), send() and friends.""" 119083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.verbose: 119183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sys.stdout.write("\n") 119283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 119383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh server = ThreadedEchoServer(CERTFILE, 119483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh certreqs=ssl.CERT_NONE, 119583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl_version=ssl.PROTOCOL_TLSv1, 119683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh cacerts=CERTFILE, 119783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh chatty=True, 119883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh connectionchatty=False) 119983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh with server: 120083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s = ssl.wrap_socket(socket.socket(), 120183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh server_side=False, 120283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh certfile=CERTFILE, 120383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ca_certs=CERTFILE, 120483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh cert_reqs=ssl.CERT_NONE, 120583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl_version=ssl.PROTOCOL_TLSv1) 120683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.connect((HOST, server.port)) 120783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # helper methods for standardising recv* method signatures 120883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def _recv_into(): 120983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh b = bytearray("\0"*100) 121083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh count = s.recv_into(b) 121183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh return b[:count] 121283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 121383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def _recvfrom_into(): 121483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh b = bytearray("\0"*100) 121583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh count, addr = s.recvfrom_into(b) 121683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh return b[:count] 121783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 121883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # (name, method, whether to expect success, *args) 121983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh send_methods = [ 122083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ('send', s.send, True, []), 122183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ('sendto', s.sendto, False, ["some.address"]), 122283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ('sendall', s.sendall, True, []), 122383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ] 122483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh recv_methods = [ 122583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ('recv', s.recv, True, []), 122683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ('recvfrom', s.recvfrom, False, ["some.address"]), 122783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ('recv_into', _recv_into, True, []), 122883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ('recvfrom_into', _recvfrom_into, False, []), 122983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ] 123083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh data_prefix = u"PREFIX_" 123183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 123283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh for meth_name, send_meth, expect_success, args in send_methods: 123383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh indata = data_prefix + meth_name 123483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 123583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh send_meth(indata.encode('ASCII', 'strict'), *args) 123683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh outdata = s.read() 123783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh outdata = outdata.decode('ASCII', 'strict') 123883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if outdata != indata.lower(): 123983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.fail( 124083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh "While sending with <<%s>> bad data " 124183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh "<<%r>> (%d) received; " 124283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh "expected <<%r>> (%d)\n" % ( 124383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh meth_name, outdata[:20], len(outdata), 124483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh indata[:20], len(indata) 124583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ) 124683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ) 124783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh except ValueError as e: 124883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if expect_success: 124983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.fail( 125083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh "Failed to send with method <<%s>>; " 125183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh "expected to succeed.\n" % (meth_name,) 125283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ) 125383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if not str(e).startswith(meth_name): 125483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.fail( 125583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh "Method <<%s>> failed with unexpected " 125683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh "exception message: %s\n" % ( 125783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh meth_name, e 125883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ) 125983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ) 126083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 126183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh for meth_name, recv_meth, expect_success, args in recv_methods: 126283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh indata = data_prefix + meth_name 126383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 126483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.send(indata.encode('ASCII', 'strict')) 126583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh outdata = recv_meth(*args) 126683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh outdata = outdata.decode('ASCII', 'strict') 126783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if outdata != indata.lower(): 126883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.fail( 126983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh "While receiving with <<%s>> bad data " 127083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh "<<%r>> (%d) received; " 127183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh "expected <<%r>> (%d)\n" % ( 127283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh meth_name, outdata[:20], len(outdata), 127383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh indata[:20], len(indata) 127483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ) 127583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ) 127683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh except ValueError as e: 127783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if expect_success: 127883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.fail( 127983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh "Failed to receive with method <<%s>>; " 128083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh "expected to succeed.\n" % (meth_name,) 128183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ) 128283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if not str(e).startswith(meth_name): 128383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.fail( 128483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh "Method <<%s>> failed with unexpected " 128583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh "exception message: %s\n" % ( 128683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh meth_name, e 128783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ) 128883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ) 128983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # consume data 129083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.read() 129183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 129283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.write("over\n".encode("ASCII", "strict")) 129383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.close() 129483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 129583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_handshake_timeout(self): 129683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # Issue #5103: SSL handshake must respect the socket timeout 129783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh server = socket.socket(socket.AF_INET) 129883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh host = "127.0.0.1" 129983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh port = test_support.bind_port(server) 130083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh started = threading.Event() 130183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh finish = False 130283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 130383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def serve(): 130483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh server.listen(5) 130583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh started.set() 130683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh conns = [] 130783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh while not finish: 130883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh r, w, e = select.select([server], [], [], 0.1) 130983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if server in r: 131083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # Let the socket hang around rather than having 131183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # it closed by garbage collection. 131283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh conns.append(server.accept()[0]) 131383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 131483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh t = threading.Thread(target=serve) 131583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh t.start() 131683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh started.wait() 131783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 131883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 131983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 132083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh c = socket.socket(socket.AF_INET) 132183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh c.settimeout(0.2) 132283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh c.connect((host, port)) 132383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # Will attempt handshake and time out 132483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertRaisesRegexp(ssl.SSLError, "timed out", 132583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl.wrap_socket, c) 132683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh finally: 132783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh c.close() 132883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 132983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh c = socket.socket(socket.AF_INET) 133083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh c.settimeout(0.2) 133183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh c = ssl.wrap_socket(c) 133283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # Will attempt handshake and time out 133383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertRaisesRegexp(ssl.SSLError, "timed out", 133483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh c.connect, (host, port)) 133583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh finally: 133683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh c.close() 133783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh finally: 133883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh finish = True 133983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh t.join() 134083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh server.close() 134183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 134283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh def test_default_ciphers(self): 134383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh with ThreadedEchoServer(CERTFILE, 134483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl_version=ssl.PROTOCOL_SSLv23, 134583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh chatty=False) as server: 134683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sock = socket.socket() 134783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 134883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh # Force a set of weak ciphers on our client socket 134983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 135083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s = ssl.wrap_socket(sock, 135183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ssl_version=ssl.PROTOCOL_SSLv23, 135283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh ciphers="DES") 135383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh except ssl.SSLError: 135483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.skipTest("no DES cipher available") 135583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh with self.assertRaises((OSError, ssl.SSLError)): 135683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh s.connect((HOST, server.port)) 135783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh finally: 135883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh sock.close() 135983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh self.assertIn("no shared cipher", str(server.conn_errors[0])) 136083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 136183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 136283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsiehdef test_main(verbose=False): 136383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh global CERTFILE, SVN_PYTHON_ORG_ROOT_CERT, NOKIACERT 136483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir, 136583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh "keycert.pem") 136683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh SVN_PYTHON_ORG_ROOT_CERT = os.path.join( 136783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh os.path.dirname(__file__) or os.curdir, 136883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh "https_svn_python_org_root.pem") 136983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh NOKIACERT = os.path.join(os.path.dirname(__file__) or os.curdir, 137083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh "nokia.pem") 137183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 137283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if (not os.path.exists(CERTFILE) or 137383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh not os.path.exists(SVN_PYTHON_ORG_ROOT_CERT) or 137483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh not os.path.exists(NOKIACERT)): 137583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh raise test_support.TestFailed("Can't read certificate files!") 137683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 137783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh tests = [BasicTests, BasicSocketTests] 137883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 137983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if test_support.is_resource_enabled('network'): 138083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh tests.append(NetworkedTests) 138183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 138283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if _have_threads: 138383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh thread_info = test_support.threading_setup() 138483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if thread_info and test_support.is_resource_enabled('network'): 138583760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh tests.append(ThreadedTests) 138683760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 138783760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh try: 138883760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh test_support.run_unittest(*tests) 138983760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh finally: 139083760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh if _have_threads: 139183760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh test_support.threading_cleanup(*thread_info) 139283760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh 139383760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsiehif __name__ == "__main__": 139483760d213fb3bec7b4117d266fcfbf6fe2ba14abAndrew Hsieh test_main() 1395