Lines Matching refs:ssl
1 # Test the support for SSL and sockets
23 ssl = test_support.import_module("ssl")
40 ssl.sslwrap_simple(socket.socket(socket.AF_INET))
47 ssl.sslwrap_simple(socket.socket(socket.AF_INET)._sock)
56 if hasattr(ssl, 'PROTOCOL_SSLv2'):
58 # implicit SSL context without trying to connect or listen.
69 ssl.CERT_NONE, ssl.PROTOCOL_SSLv2, None, None)
70 except ssl.SSLError as e:
71 if (ssl.OPENSSL_VERSION_INFO == (0, 9, 8, 15, 15) and
73 and 'Invalid SSL protocol variant specified' in str(e)):
84 #ssl.PROTOCOL_SSLv2
85 ssl.PROTOCOL_SSLv23
86 ssl.PROTOCOL_SSLv3
87 ssl.PROTOCOL_TLSv1
88 ssl.CERT_NONE
89 ssl.CERT_OPTIONAL
90 ssl.CERT_REQUIRED
93 v = ssl.RAND_status()
98 self.assertRaises(TypeError, ssl.RAND_egd, 1)
99 self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1)
100 ssl.RAND_add("this is a random string", 75.0)
106 p = ssl._ssl._test_decode_cert(CERTFILE, False)
118 p = ssl._ssl._test_decode_cert(NOKIACERT)
129 d1 = ssl.PEM_cert_to_DER_cert(pem)
130 p2 = ssl.DER_cert_to_PEM_cert(d1)
131 d2 = ssl.PEM_cert_to_DER_cert(p2)
133 if not p2.startswith(ssl.PEM_HEADER + '\n'):
135 if not p2.endswith('\n' + ssl.PEM_FOOTER + '\n'):
139 n = ssl.OPENSSL_VERSION_NUMBER
140 t = ssl.OPENSSL_VERSION_INFO
141 s = ssl.OPENSSL_VERSION
170 s = ssl.wrap_socket(socket.socket(socket.AF_INET),
171 cert_reqs=ssl.CERT_NONE, ciphers="ALL")
173 s = ssl.wrap_socket(socket.socket(socket.AF_INET),
174 cert_reqs=ssl.CERT_NONE, ciphers="DEFAULT")
176 # Error checking occurs when connecting, because the SSL context
178 s = ssl.wrap_socket(socket.socket(socket.AF_INET),
179 cert_reqs=ssl.CERT_NONE, ciphers="^$:,;?*'dorothyx")
180 with self.assertRaisesRegexp(ssl.SSLError, "No cipher can be selected"):
185 # Issue #7943: an SSL object doesn't create reference cycles with
188 ss = ssl.wrap_socket(s)
198 ss = ssl.wrap_socket(s)
211 s = ssl.wrap_socket(socket.socket(socket.AF_INET),
212 cert_reqs=ssl.CERT_NONE)
220 s = ssl.wrap_socket(socket.socket(socket.AF_INET),
221 cert_reqs=ssl.CERT_REQUIRED)
224 except ssl.SSLError:
230 s = ssl.wrap_socket(socket.socket(socket.AF_INET),
231 cert_reqs=ssl.CERT_REQUIRED,
241 s = ssl.wrap_socket(socket.socket(socket.AF_INET),
242 cert_reqs=ssl.CERT_REQUIRED,
254 s = ssl.wrap_socket(socket.socket(socket.AF_INET),
255 cert_reqs=ssl.CERT_REQUIRED,
270 except ssl.SSLError as err:
271 if err.args[0] == ssl.SSL_ERROR_WANT_READ:
273 elif err.args[0] == ssl.SSL_ERROR_WANT_WRITE:
277 # SSL established
284 # errno (mimicking the behaviour of non-SSL sockets).
286 s = ssl.wrap_socket(socket.socket(socket.AF_INET),
287 cert_reqs=ssl.CERT_REQUIRED,
301 s = ssl.wrap_socket(socket.socket(socket.AF_INET),
302 cert_reqs=ssl.CERT_REQUIRED,
316 ss = ssl.wrap_socket(socket.socket(socket.AF_INET))
323 # Closing the SSL socket should close the fd too
335 s = ssl.wrap_socket(s,
336 cert_reqs=ssl.CERT_NONE,
344 except ssl.SSLError, err:
345 if err.args[0] == ssl.SSL_ERROR_WANT_READ:
347 elif err.args[0] == ssl.SSL_ERROR_WANT_WRITE:
357 pem = ssl.get_server_certificate(("svn.python.org", 443))
362 pem = ssl.get_server_certificate(("svn.python.org", 443), ca_certs=CERTFILE)
363 except ssl.SSLError:
369 pem = ssl.get_server_certificate(("svn.python.org", 443), ca_certs=SVN_PYTHON_ORG_ROOT_CERT)
379 if ssl.OPENSSL_VERSION_INFO < (0, 9, 8, 0, 15):
380 self.skipTest("SHA256 not available on %r" % ssl.OPENSSL_VERSION)
386 s = ssl.wrap_socket(socket.socket(socket.AF_INET),
387 cert_reqs=ssl.CERT_REQUIRED,
412 with and without the SSL wrapper around the socket connection, so
425 if self.server.certreqs == ssl.CERT_REQUIRED:
438 self.sslconn = ssl.wrap_socket(self.sock, server_side=True,
444 except ssl.SSLError as e:
480 if isinstance(self.sock, ssl.SSLSocket):
518 except ssl.SSLError:
533 ssl_version = ssl.PROTOCOL_TLSv1
535 certreqs = ssl.CERT_NONE
547 self.sock = ssl.wrap_socket(self.sock, server_side=True,
607 self.socket = ssl.wrap_socket(conn, server_side=True,
613 if isinstance(self.socket, ssl.SSLSocket):
621 except ssl.SSLError, err:
622 if err.args[0] in (ssl.SSL_ERROR_WANT_READ,
623 ssl.SSL_ERROR_WANT_WRITE):
625 elif err.args[0] == ssl.SSL_ERROR_EOF:
724 # override this to wrap socket with SSL
726 sslconn = ssl.wrap_socket(sock, server_side=True,
804 certreqs=ssl.CERT_REQUIRED,
808 s = ssl.wrap_socket(socket.socket(),
810 ssl_version=ssl.PROTOCOL_TLSv1)
812 except ssl.SSLError, x:
841 s = ssl.wrap_socket(socket.socket(),
874 certsreqs = ssl.CERT_NONE
876 ssl.CERT_NONE: "CERT_NONE",
877 ssl.CERT_OPTIONAL: "CERT_OPTIONAL",
878 ssl.CERT_REQUIRED: "CERT_REQUIRED",
883 (ssl.get_protocol_name(client_protocol),
884 ssl.get_protocol_name(server_protocol),
895 except ssl.SSLError:
905 % (ssl.get_protocol_name(client_protocol),
906 ssl.get_protocol_name(server_protocol)))
912 """A brutal shutdown of an SSL server should raise an IOError
938 ssl_sock = ssl.wrap_socket(c)
942 self.fail('connecting to closed SSL socket should have failed')
953 """Basic test of an SSL client connecting to a server"""
956 server_params_test(CERTFILE, ssl.PROTOCOL_TLSv1, ssl.CERT_NONE,
957 CERTFILE, CERTFILE, ssl.PROTOCOL_TLSv1,
965 certreqs=ssl.CERT_NONE,
966 ssl_version=ssl.PROTOCOL_SSLv23,
970 s = ssl.wrap_socket(socket.socket(),
973 cert_reqs=ssl.CERT_REQUIRED,
974 ssl_version=ssl.PROTOCOL_SSLv23)
1014 if not hasattr(ssl, 'PROTOCOL_SSLv2'):
1016 try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True)
1017 try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_OPTIONAL)
1018 try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_REQUIRED)
1019 try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv23, True)
1020 try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv3, False)
1021 try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLSv1, False)
1028 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True)
1029 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True)
1030 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True)
1032 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True, ssl.CERT_OPTIONAL)
1033 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True, ssl.CERT_OPTIONAL)
1034 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True, ssl.CERT_OPTIONAL)
1036 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv3, True, ssl.CERT_REQUIRED)
1037 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_SSLv23, True, ssl.CERT_REQUIRED)
1038 try_protocol_combo(ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1, True, ssl.CERT_REQUIRED)
1045 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, True)
1046 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, True, ssl.CERT_OPTIONAL)
1047 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, True, ssl.CERT_REQUIRED)
1048 if hasattr(ssl, 'PROTOCOL_SSLv2'):
1049 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv2, False)
1050 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_TLSv1, False)
1057 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, True)
1058 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, True, ssl.CERT_OPTIONAL)
1059 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, True, ssl.CERT_REQUIRED)
1060 if hasattr(ssl, 'PROTOCOL_SSLv2'):
1061 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv2, False)
1062 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv3, False)
1069 ssl_version=ssl.PROTOCOL_TLSv1,
1097 conn = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_TLSv1)
1121 """Using a SocketServer to create and manage SSL connections."""
1153 """Check the accept() method on SSL sockets."""
1156 server_params_test(CERTFILE, ssl.PROTOCOL_SSLv23, ssl.CERT_REQUIRED,
1157 CERTFILE, CERTFILE, ssl.PROTOCOL_SSLv23,
1169 s = ssl.wrap_socket(socket.socket())
1194 certreqs=ssl.CERT_NONE,
1195 ssl_version=ssl.PROTOCOL_TLSv1,
1200 s = ssl.wrap_socket(socket.socket(),
1204 cert_reqs=ssl.CERT_NONE,
1205 ssl_version=ssl.PROTOCOL_TLSv1)
1296 # Issue #5103: SSL handshake must respect the socket timeout
1324 self.assertRaisesRegexp(ssl.SSLError, "timed out",
1325 ssl.wrap_socket, c)
1331 c = ssl.wrap_socket(c)
1333 self.assertRaisesRegexp(ssl.SSLError, "timed out",
1344 ssl_version=ssl.PROTOCOL_SSLv23,
1350 s = ssl.wrap_socket(sock,
1351 ssl_version=ssl.PROTOCOL_SSLv23,
1353 except ssl.SSLError:
1355 with self.assertRaises((OSError, ssl.SSLError)):
