kWc@s3ddlZddlZddlmZddlZddlZddlZddlZddl Z ddl Z ddl Z ddl Z ddl Z ddlZddlZddlZddlZddlZddlZddlmZejdZeejZejZdZedZejejZ edZ!edZ"e!jejZ#e"jejZ$ed Z%ed Z&d Z'ed Z(e(jejZ)ed d Z*ed dZ+edZ,edZ-edZ.edZ/edZ0edZ1edZ2edZ3edZ4edZ5edZ6edZ7e7jejZ8dZ9dej:fdYZ;dZ<dZ=d Z>d!Z?d"Z@d#ZAejBejCd$ZDd%ej:fd&YZEd'ej:fd(YZFd)ej:fd*YZGd+ej:fd,YZHyddlIZIWneJk r{eKZLnXeMZLdd-lNmOZOd.eIjPfd/YZQd0eIjPfd1YZRd2ZSd3eMeKeTd4ZUeTd5d5d6ZVd7ej:fd8YZWeKd9ZXeYd:kr/eXndS(;iN(t test_support(tclosingtsslcGstjjtjjt|S(N(tostpathtjointdirnamet__file__(tname((s#/usr/lib/python2.7/test/test_ssl.pyt data_filess keycert.pems ssl_cert.pems ssl_key.pemskeycert.passwd.pemsssl_key.passwd.pemtsomepasstcapaths 4e1295a3.0s 5ed36f99.0srevocation.crls keycert3.pems keycert4.pems pycacert.pemshttps_svn_python_org_root.pems nullcert.pems badcert.pemsXXXnonexisting.pems badkey.pems nokia.pemsnullbytecert.pems dh512.pemcCsBdjtjtj}tjr>tjj||ndS(Nt ( Rt tracebacktformat_exceptiontsystexc_infotsupporttverbosetstdouttwrite(tprefixt exc_format((s#/usr/lib/python2.7/test/test_ssl.pyt handle_errorIs t BasicTestscBseZdZRS(cCsytjtjtjWn(tk rG}|jdkrAqHnXy tjtjtjjWn(tk r}|jdkrqnXdS(Ni (Rtsslwrap_simpletsockettAF_INETtIOErrorterrnot_sock(tselfte((s#/usr/lib/python2.7/test/test_ssl.pyttest_sslwrap_simpleQs (t__name__t __module__R!(((s#/usr/lib/python2.7/test/test_ssl.pyROscCs tjdkS(Nii ii i(ii ii i(Rt_OPENSSL_API_VERSION(((s#/usr/lib/python2.7/test/test_ssl.pytcan_clear_optionscscCs tjdkS(Nii iii(ii iii(RtOPENSSL_VERSION_INFO(((s#/usr/lib/python2.7/test/test_ssl.pytno_sslv2_implies_sslv3_hellogscCs tjdkS(Nii ii(ii iii(RR&(((s#/usr/lib/python2.7/test/test_ssl.pythave_verify_flagskscCs.tjr&tjjdkr&tj Stj S(Ni(ttimetdaylightt localtimettm_isdsttaltzonettimezone(((s#/usr/lib/python2.7/test/test_ssl.pyt utc_offsetoscCs{tjd krwd}tjj||}|jdd}|j|}|ddkrw|d d |d }qwn|S( Nii iis%b %d %H:%M:%S %Y GMTtsecondit0R i(ii ii i(RR$tdatetimetstrptimetreplacetstrftime(t cert_timetfmttdt((s#/usr/lib/python2.7/test/test_ssl.pytasn1timeuscs9ttdr1tjfd}|SSdS(NtPROTOCOL_SSLv2cskytjtjWnGtjk r]tjd kr^tjd kr^tjdq^nX||S( Nii iitdebians squeeze/sidts'Patched Ubuntu OpenSSL breaks behaviour(ii iii(R;s squeeze/sidR<( Rt SSLContextR:tSSLErrorR&tplatformtlinux_distributiontunittesttSkipTest(targstkwargs(tfunc(s#/usr/lib/python2.7/test/test_ssl.pytfs(thasattrRt functoolstwraps(RERF((REs#/usr/lib/python2.7/test/test_ssl.pytskip_if_broken_ubuntu_ssls s SNI support needed for this testtBasicSocketTestscBsjeZdZdZdZdZdZdZej dZ dZ dZ d Z d Zd Zd Zejd ejkddZdZejejdkddZejejdkddZdZdZdZdZdZeje ddZ!dZ"ej#dddZ$RS( cCstjtjtjtjtjtjr6tjntjdkrOtj n|j tj t t h|j tjt t hdS(Nii(ii(Rt CERT_NONEt CERT_OPTIONALt CERT_REQUIREDtOP_CIPHER_SERVER_PREFERENCEtOP_SINGLE_DH_USEtHAS_ECDHtOP_SINGLE_ECDH_USER&tOP_NO_COMPRESSIONtassertIntHAS_SNItTruetFalse(R((s#/usr/lib/python2.7/test/test_ssl.pyttest_constantss   cCstj}tjr>tjjd||r0dp3dfn|jttj d|jttj ddtj dddS(Ns RAND_status is %d (%s) ssufficient randomnesssinsufficient randomnessitfoosthis is a random stringgR@( Rt RAND_statusRRRRRt assertRaisest TypeErrortRAND_egdtRAND_add(Rtv((s#/usr/lib/python2.7/test/test_ssl.pyt test_randoms   cCsttjjt}tjr?tjjdt j |dn|j |dddd!d#f|j |d t d |j |d t d|j |dd|j |dd%d'd)d+f|j |dd-tjjt }tjrtjjdt j |dn|j |dd.d/f|j |dd0|j |dd1|j |dd2dS(3Ns tissuert countryNametXYt localityNamesCastle AnthraxtorganizationNamesPython Software Foundationt commonNamet localhosttnotAftersOct 5 23:01:56 2020 GMTt notBeforesOct 8 23:01:56 2010 GMTt serialNumbertD7C7381919AFC24EtsubjecttsubjectAltNametDNSsprojects.developer.nokia.comsprojects.forum.nokia.comtOCSPshttp://ocsp.verisign.comt caIssuerss0http://SVRIntl-G3-aia.verisign.com/SVRIntlG3.certcrlDistributionPointss0http://SVRIntl-G3-crl.verisign.com/SVRIntlG3.crl(RbRc((RbRc(RdsCastle Anthrax((RdsCastle Anthrax(ResPython Software Foundation((ResPython Software Foundation(RfRg((RfRg(RbRc((RbRc(RdsCastle Anthrax((RdsCastle Anthrax(ResPython Software Foundation((ResPython Software Foundation(RfRg((RfRg(RnRg((RnRg(Rnsprojects.developer.nokia.com(Rnsprojects.forum.nokia.com(shttp://ocsp.verisign.com(s0http://SVRIntl-G3-aia.verisign.com/SVRIntlG3.cer(s0http://SVRIntl-G3-crl.verisign.com/SVRIntlG3.crl(Rt_sslt_test_decode_certtCERTFILERRRRRtpprinttpformatt assertEqualR9t NOKIACERT(Rtp((s#/usr/lib/python2.7/test/test_ssl.pyttest_parse_certs8 $     $    cCstjjt}tjr?tjjdt j |dnd!d#d%d'd)d+d-f}|j |d||j |d|tj d.krd/d0d1d2d3f}nd4d5d6d7d8f}|j |d|dS(9Ns RbtUStstateOrProvinceNametOregonRdt BeavertonResPython Software FoundationtorganizationalUnitNamesPython Core DevelopmentRfsnull.python.orgexample.orgt emailAddressspython-dev@python.orgRlRaii iRnsaltnull.python.orgexample.comtemails null@python.orguser@example.orgtURIs)http://null.python.orghttp://example.orgs IP Addresss 192.0.2.1s2001:DB8:0:0:0:0:0:1 s Rm(s countryNameR{((s countryNameR{(R|R}((R|R}(s localityNameR~((s localityNameR~(sorganizationNamesPython Software Foundation((sorganizationNamesPython Software Foundation(RsPython Core Development((RsPython Core Development(s commonNamesnull.python.orgexample.org((s commonNamesnull.python.orgexample.org(Rspython-dev@python.org((Rspython-dev@python.org(ii i(sDNSsaltnull.python.orgexample.com(Rs null@python.orguser@example.org(Rs)http://null.python.orghttp://example.org(s IP Addresss 192.0.2.1(s IP Addresss2001:DB8:0:0:0:0:0:1 (sDNSsaltnull.python.orgexample.com(Rs null@python.orguser@example.org(Rs)http://null.python.orghttp://example.org(s IP Addresss 192.0.2.1(s IP Addresss ( RRrRst NULLBYTECERTRRRRRRuRvRwR$(RRyRltsan((s#/usr/lib/python2.7/test/test_ssl.pyttest_parse_cert_CVE_2013_4238s0 $   cCsttd}|j}WdQXtj|}tj|}tj|}|j|||jtjds|j d|n|j dtj ds|j d|ndS(Ntrs s-DER-to-PEM didn't include correct header: %r s-DER-to-PEM didn't include correct footer: %r ( topentSVN_PYTHON_ORG_ROOT_CERTtreadRtPEM_cert_to_DER_certtDER_cert_to_PEM_certRwt startswitht PEM_HEADERtfailtendswitht PEM_FOOTER(RRFtpemtd1tp2td2((s#/usr/lib/python2.7/test/test_ssl.pyttest_DER_to_PEMsc Cstj}tj}tj}|j|ttf|j|t|j|t|j |d|j |d|\}}}}}|j |d|j |d|j |d|j |d|j |d|j |d|j |d|j |d|j |d|j |dd|kr`|j |j d j||||fn.|j |j d j|||||fdS( Nii0iiiiitLibreSSLsLibreSSL {:d}.{:d}sOpenSSL {:d}.{:d}.{:d}(RtOPENSSL_VERSION_NUMBERR&tOPENSSL_VERSIONtassertIsInstancetinttlongttupletstrtassertGreaterEqualt assertLesstassertLessEqualt assertTrueRtformat( Rtntttstmajortminortfixtpatchtstatus((s#/usr/lib/python2.7/test/test_ssl.pyttest_openssl_versions0    !cCsJtjtj}tj|}tj|}~|j|ddS(N(RRRt wrap_sockettweakreftrefRwtNone(RRtsstwr((s#/usr/lib/python2.7/test/test_ssl.pyt test_refcycle s c Cstjtj}ttj|}|jtj|jd|jtj|jt d|jtj|j d|jtj|j t dd|jtj|j d|jtj|j ddWdQXdS(Nitxs0.0.0.0i(s0.0.0.0i(RRRRRR[terrortrecvt recv_intot bytearraytrecvfromt recvfrom_intotsendtsendto(RRR((s#/usr/lib/python2.7/test/test_ssl.pyttest_wrapped_unconnected*s"cCshxadD]Y}tjtj}|j|ttj|}|j||jWdQXqWdS(Ngg@(Ngg@( RRRt settimeoutRRRRwt gettimeout(RttimeoutRR((s#/usr/lib/python2.7/test/test_ssl.pyt test_timeout6s   cCstj}|jtdtj|dt|jtdtj|dt|jtdtj|dtddttj|dtdt&}|jtd|jt dfWdQX|j t 5}ttj}tj|dt WdQXWdQX|j |jjtj|j t ;}ttj }tj|dtdt WdQXWdQX|j |jjtj|j t ;}ttj }tj|dt dt WdQXWdQX|j |jjtjdS( Nscertfile must be specifiedtkeyfiles5certfile must be specified for server-side operationst server_sidetcertfileR<s!can't connect in server-side modei(RtassertRaisesRegexpt ValueErrorRRRtRVRtconnecttHOSTR[Rt WRONGCERTRwt exceptionRtENOENT(RtsockRtcm((s#/usr/lib/python2.7/test/test_ssl.pyt test_errors?s2    $ %%csd}fd}idEd6}||d||d||d||d||d ||d idHd6}||d ||d ||d||d||didKd6}||d||d||d||d ||didNd6}||d||d ||didQd6}||d ||d||d||didTd6}||d||d||ddjdjd}id|fffd6}|||idWd6}|||idZd6}|||d!jdjd}id|fffd6}||d"jdjd||d#jdjd||d$jdjd||d%jdjdid&d'6d]d6d^d_d`fd.6}||d*||d+||d-||d(id/d'6dbdddfdhdjfd6}||d8||d9||d3id/d'6dldndpdrfd6}||d8id:d'6dtdvdxdzfd6d|d.6}||d8id:d'6d~dddfd6dd.6}||d<jttjddjttjididd6}||d>idd6}||d>idd6}jtj}tj|dAWdQXjdBt |j dS(NcSstj||dS(N(Rtmatch_hostname(tcertthostname((s#/usr/lib/python2.7/test/test_ssl.pytok[scs jtjtj||dS(N(R[RtCertificateErrorR(RR(R(s#/usr/lib/python2.7/test/test_ssl.pyR]s Rfs example.comRls ExAmple.cOmswww.example.coms .example.coms example.orgt exampleXcoms*.a.coms foo.a.coms bar.foo.a.comsa.comsXa.coms.a.comsf*.comsfoo.comsf.comsbar.coms bar.foo.comsnull.python.orgexample.orgsnull.python.orgs *.*.a.comsa.*.coms a.foo.comsa..comupüthon.python.orgtidnatasciis x*.python.orgsxn--p*.python.orguwww*.pythön.orguwww.pythön.orguwww1.pythön.orguftp.pythön.orgu pythön.orgsJun 26 21:41:46 2011 GMTRhs linuxfrz.orgRns linuxfr.orgs linuxfr.comt othernames RmsDec 18 23:59:59 2011 GMTRbR{R|t CaliforniaRds Mountain ViewRes Google Incsmail.google.coms gmail.comsDec 18 23:59:59 2099 GMTtblablas google.comsa*b.comsaxxb.comsa*b.co*sa*b*.coms axxbxxc.comstoo many wildcards(s commonNames example.com((s commonNames example.com(((s commonNames example.com(s commonNames*.a.com((s commonNames*.a.com(((s commonNames*.a.com(s commonNamesf*.com((s commonNamesf*.com(((s commonNamesf*.com(s commonNamesnull.python.orgexample.org((s commonNamesnull.python.orgexample.org(((s commonNamesnull.python.orgexample.org(s commonNames *.*.a.com((s commonNames *.*.a.com(((s commonNames *.*.a.com(s commonNamesa.*.com((s commonNamesa.*.com(((s commonNamesa.*.com(s commonNames x*.python.org((s commonNames x*.python.org(((s commonNames x*.python.org(s commonNamesxn--p*.python.org((s commonNamesxn--p*.python.org(((s commonNamesxn--p*.python.org(s commonNames linuxfrz.org((s commonNames linuxfrz.org(((s commonNames linuxfrz.org(sDNSs linuxfr.org(sDNSs linuxfr.com(Rs (s countryNamesUS((s countryNamesUS(sstateOrProvinceNameR((sstateOrProvinceNameR(s localityNames Mountain View((s localityNames Mountain View(sorganizationNames Google Inc((sorganizationNames Google Inc(s commonNamesmail.google.com((s commonNamesmail.google.com(s countryNamesUS((s countryNamesUS(sstateOrProvinceNameR((sstateOrProvinceNameR(s localityNames Mountain View((s localityNames Mountain View(sorganizationNames Google Inc((sorganizationNames Google Inc(s countryNamesUS((s countryNamesUS(sstateOrProvinceNameR((sstateOrProvinceNameR(s localityNames Mountain View((s localityNames Mountain View(s commonNamesmail.google.com((s commonNamesmail.google.com(RR((RR(s countryNamesUS((s countryNamesUS(sstateOrProvinceNameR((sstateOrProvinceNameR(s localityNames Mountain View((s localityNames Mountain View(sorganizationNames Google Inc((sorganizationNames Google Inc(RR((RR(s commonNamesa*b.com((s commonNamesa*b.com(((s commonNamesa*b.com(s commonNamesa*b.co*((s commonNamesa*b.co*(((s commonNamesa*b.co*(s commonNamesa*b*.com((s commonNamesa*b*.com(((s commonNamesa*b*.com( tencodetdecodeR[RRRRRRTRR(RRRRRR((Rs#/usr/lib/python2.7/test/test_ssl.pyttest_match_hostnameZs                                                                 c CsPtjtj}ttj&}|jt|j|tddWdQXdS(Ntserver_hostnames some.hostname( RR=tPROTOCOL_SSLv23RRR[RRRV(RtctxR((s#/usr/lib/python2.7/test/test_ssl.pyttest_server_sidesc CsWtjtj}ttj|*}|jt|jdWdQXWdQXdS(Ns unknown-type(RRRRRR[Rtget_channel_binding(RRR((s#/usr/lib/python2.7/test/test_ssl.pyttest_unknown_channel_bindingss tls-uniques*'tls-unique' channel binding not availablecCstjtj}ttj|}|j|jdWdQXtjtj}ttj|dtdt}|j|jdWdQXdS(Ns tls-uniqueRR( RRRRRt assertIsNoneRRVRt(RRR((s#/usr/lib/python2.7/test/test_ssl.pyttest_tls_unique_channel_bindings $cCstj}|jt|d|j|tjtjM}t|dlocale-specific month name needs to be different from C localesFeb 9 00:00:00 2007 GMTg`rAs 9 00:00:00 2007 GMT(tlowertskipTestR%R&(RR,((s#/usr/lib/python2.7/test/test_ssl.pyt test_cert_time_to_seconds_locales  (%R"R#RXR`RzRRRRt cpython_onlyRRRRRRRRAt skipUnlessRtCHANNEL_BINDING_TYPESRRRR?RRRRR!R%R&R/R'R*trun_with_localeR0(((s#/usr/lib/python2.7/test/test_ssl.pyRKs6  (      $$ '     #t ContextTestscBs[eZedZedZdZedZdZej e ddZ dZ dZ d Zd Zed Zd Zej ejd dZedZedZdZdZdZejejdkddZej ejdkddZdZ dZ!dZ"RS(cCsaxtD]}tj|qW|jttj|jttjd|jttjddS(Nii*(t PROTOCOLSRR=R[R\R(Rtprotocol((s#/usr/lib/python2.7/test/test_ssl.pyttest_constructors  cCs7x0tD](}tj|}|j|j|qWdS(N(R6RR=RwR7(RtprotoR((s#/usr/lib/python2.7/test/test_ssl.pyt test_protocols cCsYtjtj}|jd|jd|jtjd|jdWdQXdS(NtALLtDEFAULTsNo cipher can be selecteds^$:,;?*'dorothyx(RR=tPROTOCOL_TLSv1t set_ciphersRR>(RR((s#/usr/lib/python2.7/test/test_ssl.pyt test_cipherss   cCstjtj}|jtjtjBtjB|jtr|jtj@tj B|_|jtjtj BtjB|jd|_|jd|jn|j t d|_WdQXdS(Ni( RR=R=RwtOP_ALLt OP_NO_SSLv2t OP_NO_SSLv3toptionsR%t OP_NO_TLSv1R[R(RR((s#/usr/lib/python2.7/test/test_ssl.pyt test_optionss    cCstjtj}|j|jtjtj|_|j|jtjtj|_|j|jtjtj|_|j|jtj|jt d|_WdQX|jt d|_WdQXdS(Ni*( RR=R=Rwt verify_modeRLRMRNR[R\RR(RR((s#/usr/lib/python2.7/test/test_ssl.pyttest_verify_modes   s!verify_flags need OpenSSL > 0.9.8cCstjtj}|j|jtjtj|_|j|jtjtj|_|j|jtjtj|_|j|jtjtjtjB|_|j|jtjtjB|j t d|_WdQXdS(N( RR=R=Rwt verify_flagstVERIFY_DEFAULTtVERIFY_CRL_CHECK_LEAFtVERIFY_CRL_CHECK_CHAINtVERIFY_X509_STRICTR[R\R(RR((s#/usr/lib/python2.7/test/test_ssl.pyttest_verify_flagss    c Cstjtj}|jtdd|jtdt|jt|jdt|jt}|jt WdQX|j |j j t j |jtjd|jtWdQX|jtjd|jtWdQXtjtj}|jtt|jdtdt|jdtdt|jtjd|jtWdQX|jtjd|jtWdQX|jtjd|jdtdtWdQXtjtj}|jtjd|jttWdQX|jtdt|jtdtj|jtdttj|jttt|jtttj|jttttj|jtd|jtdtWdQX|jtj|jtddWdQX|jtd|jtdd d WdQXd }d }d }d}d}d}d} dddY} |jtd||jtd||jtd||jtd| |jtd| j|jtj|jtd|WdQX|jtd|jtd|WdQX|jtd|jtd|WdQX|jtd|jtd| WdQX|jtd| dS(NRsPEM libRskey values mismatchtpasswordsshould be a stringtbadpassscannot be longertaicSstS(N(t KEY_PASSWORD(((s#/usr/lib/python2.7/test/test_ssl.pytgetpass_unicode*scSs tjS(N(RQR(((s#/usr/lib/python2.7/test/test_ssl.pyt getpass_bytes,scSsttjS(N(RRQR(((s#/usr/lib/python2.7/test/test_ssl.pytgetpass_bytearray.scSsdS(NRO((((s#/usr/lib/python2.7/test/test_ssl.pytgetpass_badpass0scSsddS(NRPii((((s#/usr/lib/python2.7/test/test_ssl.pyt getpass_huge2scSsdS(Ni ((((s#/usr/lib/python2.7/test/test_ssl.pytgetpass_bad_type4scSstddS(Ns getpass error(t Exception(((s#/usr/lib/python2.7/test/test_ssl.pytgetpass_exception6stGetPassCallablecBseZdZdZRS(cSstS(N(RQ(R((s#/usr/lib/python2.7/test/test_ssl.pyt__call__9scSstS(N(RQ(R((s#/usr/lib/python2.7/test/test_ssl.pytgetpass;s(R"R#R[R\(((s#/usr/lib/python2.7/test/test_ssl.pyRZ8s smust return a strings getpass error(( RR=R=tload_cert_chainRtRR[R\RRRwRRRRR>tBADCERTt EMPTYCERTtONLYCERTtONLYKEYtBYTES_ONLYCERTt BYTES_ONLYKEYRtCERTFILE_PROTECTEDRQRRtONLYKEY_PROTECTEDRVRR\RX( RRRRRRSRTRURVRWRYRZ((s#/usr/lib/python2.7/test/test_ssl.pyttest_load_cert_chainsz           cCsjtjtj}|jt|jdtdd|jt|jdtdd|jdtjd|jt |j|jt |jddd|jt }|jt WdQX|j |j jtj|jt |jdWdQX|jtjd|jtWdQX|jtt|jtdt|jt |jdtdS(NRR sutf-8usPEM lib(RR=R=tload_verify_locationsRtRtBYTES_CERTFILERR[R\RRRwRRRRR>R^Rt BYTES_CAPATHRV(RRR((s#/usr/lib/python2.7/test/test_ssl.pyttest_load_verify_locationsNs$  c Cstt}|jjd}WdQXtj|}tt}|jjd}WdQXtj|}tjtj}|j |j dd|j d||j |j dd|j d||j |j dd|j d||j |j ddtjtj}dj ||f}|j d||j |j ddtjtj}d|d |d |d g}|j ddj ||j |j ddtjtj}|j d||j d||j |j dd|j d||j |j ddtjtj}d j ||f}|j d||j |j ddtjtj}|j t|j dt|jtjd |j ddWdQX|jtjd|j ddWdQXdS(NRtx509_caitcadataiis theadtothertagainttailR<s no start lineubrokensnot enough datatbroken(Rt CAFILE_CACERTRRRRtCAFILE_NEURONIOR=R=Rwtcert_store_statsRgRR[R\tobjectRR>(RRFt cacert_pemt cacert_dert neuronio_pemt neuronio_derRtcombined((s#/usr/lib/python2.7/test/test_ssl.pyttest_load_verify_cadatadsN cCstjtj}|jttjdkr>|jtn|jt |j|jt |jd|jt }|jt WdQX|j |jjtj|jtj}|jtWdQXdS(Ntnt(RR=R=tload_dh_paramstDHFILERRt BYTES_DHFILER[R\RRRRwRRRR>Rt(RRR((s#/usr/lib/python2.7/test/test_ssl.pyttest_load_dh_paramss cCsxtD]x}tj|}|j|ji dd6dd6dd6dd6dd6dd6dd6dd 6dd 6dd 6dd 6qWdS( NitnumberRt connect_goodtconnect_renegotiatetacceptt accept_goodtaccept_renegotiatethitstmissesttimeoutst cache_full(R6RR=Rwt session_stats(RR9R((s#/usr/lib/python2.7/test/test_ssl.pyttest_session_statss cCs tjtj}|jdS(N(RR=R=tset_default_verify_paths(RR((s#/usr/lib/python2.7/test/test_ssl.pyttest_set_default_verify_pathsss#ECDH disabled on this OpenSSL buildcCstjtj}|jd|jd|jt|j|jt|jd|jt|jd|jt|jddS(Nt prime256v1RY(RR=R=tset_ecdh_curveR[R\RR(RR((s#/usr/lib/python2.7/test/test_ssl.pyttest_set_ecdh_curves  cCstjtj}|jt|j|jt|jd|jt|jd|jt|j|d}|jd|j|dS(NiR<cSsdS(N((Rt servernameR((s#/usr/lib/python2.7/test/test_ssl.pyt dummycallbacks(RR=R=R[R\tset_servername_callbackR(RRR((s#/usr/lib/python2.7/test/test_ssl.pyttest_sni_callbacks  cCsatjtj}|d}|j|tj|}~~tj|j|ddS(NcSsdS(N((RRRtcycle((s#/usr/lib/python2.7/test/test_ssl.pyRs( RR=R=RRRtgctcollecttassertIsR(RRRR((s#/usr/lib/python2.7/test/test_ssl.pyttest_sni_callback_refcycles   cCstjtj}|j|jidd6dd6dd6|jt|j|jidd6dd6dd6|jt|j|jidd6dd6dd6|jt|j|jidd6dd6dd6dS(NiRktcrltx509ii( RR=R=RwRtR]RtRgR(RR((s#/usr/lib/python2.7/test/test_ssl.pyttest_cert_store_statss   cCstjtj}|j|jg|jt|j|jg|jt|j|jiddddfd 6td d 6td d 6dd6dd6dd!d#d%fd6dd6gt t}|j }WdQXtj |}|j|jt |gdS(&NResRoot CARshttp://www.cacert.orgRfsCA Cert Signing AuthorityRssupport@cacert.orgRasMar 29 12:29:49 2033 GMTRhsMar 30 12:29:49 2003 GMTRit00Rjs!https://www.cacert.org/revoke.crlRqRlitversion(sorganizationNamesRoot CA((sorganizationNamesRoot CA(sorganizationalUnitNameshttp://www.cacert.org((sorganizationalUnitNameshttp://www.cacert.org(s commonNamesCA Cert Signing Authority((s commonNamesCA Cert Signing Authority(s emailAddressssupport@cacert.org((s emailAddressssupport@cacert.org(s!https://www.cacert.org/revoke.crl(sorganizationNamesRoot CA((sorganizationNamesRoot CA(sorganizationalUnitNameshttp://www.cacert.org((sorganizationalUnitNameshttp://www.cacert.org(s commonNamesCA Cert Signing Authority((s commonNamesCA Cert Signing Authority(s emailAddressssupport@cacert.org((s emailAddressssupport@cacert.org( RR=R=Rwt get_ca_certsRgRtRR9RRRRV(RRRFRtder((s#/usr/lib/python2.7/test/test_ssl.pyttest_get_ca_certss.      cCstjtj}|jtjtj}|jtjj|jtjtj}|jtjjtjtj}|jt|jd|jt|jddS(NR( RR=R=tload_default_certsRRRR[R\R(RR((s#/usr/lib/python2.7/test/test_ssl.pyttest_load_default_certss  Rsnot-Windows specificc Csttjtj}tjP}t|d  cCstj}|j|jtj|j|jtj|j|j|j|j tj @tj tjtj }|j|jtj |j|jtj|j|j tj @tj tjtj dtj dt }|j|jtj |j|jtj |j|j|j|j tj @tj tjdtjj}|j|jtj|j|jtj|j|j tj @tj dS(NRRtpurpose(Rt_create_stdlib_contextRwR7RRFRLt assertFalseRRCRAR=RNRVRRR(RR((s#/usr/lib/python2.7/test/test_ssl.pyttest__create_stdlib_contextas(   cCstjtj}|j|j|jtt|_WdQXtj|_ |j|jt|_|j |jtj |_ t|_|j |j|jttj |_ WdQXt |_|j|jdS(N(RR=R=RRR[RRVRNRFRRMRLRW(RR((s#/usr/lib/python2.7/test/test_ssl.pyttest_check_hostnamezs     (#R"R#RJR8R:R?RERGRAR2R(RMRfRjR{RRRRRQRt needs_sniRRRRRtskipIfRR?RRRRR(((s#/usr/lib/python2.7/test/test_ssl.pyR5s0    S  :      $ $ ( t SSLErrorTestscBs#eZdZdZdZRS(cCsztjdd}|jt|d|j|jdtjdd}|jt|d|j|jddS(NiRY(RR>RwRRtSSLZeroReturnError(RR ((s#/usr/lib/python2.7/test/test_ssl.pyttest_strs cCstjtj}|jtj}|jtWdQX|j|jj d|j|jj dt |j}|j |j d|dS(NtPEMt NO_START_LINEs"[PEM: NO_START_LINE] no start line(RR=R=R[R>R}RtRwRtlibrarytreasonRRR(RRRR((s#/usr/lib/python2.7/test/test_ssl.pyttest_lib_reasonsc Cstjtj}ttj}|jd|jdtj}|j|j|j t t|j |t dt m}|j tj }|jWdQXt|j}|j|jd||j|jjtjWdQXWdQXdS(Ns 127.0.0.1iitdo_handshake_on_connects%The operation did not complete (read)(s 127.0.0.1i(RR=R=RRtbindtlistenRt getsocknamet setblockingRWRR[tSSLWantReadErrort do_handshakeRRRRRwRtSSL_ERROR_WANT_READ(RRRtcR((s#/usr/lib/python2.7/test/test_ssl.pyt test_subclasss    !(R"R#RRR(((s#/usr/lib/python2.7/test/test_ssl.pyRs tNetworkedTestscBseZdZdZdZdZdZdZdZdZ e j e j dkd d Zd Zd Zd ZdZdZedZRS(c Cstjdtjtjtjdtj}z'|jd|ji|j Wd|j Xtjtjtjdtj }|j tj d|jd|j tjtjtjdtj dt}z$|jd|j|j Wd|j XWdQXdS( Nssvn.python.orgRiscertificate verify failedtca_certs(ssvn.python.orgi(ssvn.python.orgi(ssvn.python.orgi(Rttransient_internetRRRRRLRRwt getpeercertRRNRR>RR(RR((s#/usr/lib/python2.7/test/test_ssl.pyt test_connects&         c Cstjdmtjtjtjdtjdt}z0|jd|j d|j |j Wd|j XWdQXdS(Nssvn.python.orgRRii(ssvn.python.orgi( RRRRRRRNRRwt connect_exRRR(RR((s#/usr/lib/python2.7/test/test_ssl.pyttest_connect_exs  c Cs;tjd&tjtjtjdtjdtdt}z|j t|j d}|j |dt j t jftjg|ggdxutry|jPWqtjk rtj|gggdqtjk r tjg|ggdqXqW|j|jWd|jXWdQXdS( Nssvn.python.orgRRRiig@(ssvn.python.orgi(RRRRRRRNRRWRRRTRt EINPROGRESSt EWOULDBLOCKtselectRVRRtSSLWantWriteErrorRRR(RRtrc((s#/usr/lib/python2.7/test/test_ssl.pyttest_non_blocking_connect_exs(     !c Cstjdtjtjtjdtjdtdt}zX|j d|j d }|dkr{|j dn|j |t jt jfWd|jXWdQXdS( Nssvn.python.orgRRRgHz>iis$svn.python.org responded too quickly(ssvn.python.orgi(RRRRRRRNRRWRRR/RTRtEAGAINRR(RRR((s#/usr/lib/python2.7/test/test_ssl.pyttest_timeout_connect_exs     c Cstjdltjtjtjdtjdt}z/|jd}|j |t j t j fWd|j XWdQXdS(Nssvn.python.orgRRi(ssvn.python.orgi(RRRRRRRNRRRTRt ECONNREFUSEDRR(RRR((s#/usr/lib/python2.7/test/test_ssl.pyttest_connect_ex_errors   c CsatjdLtjtj}|jtjtj}|jdz|j i|j Wd|j X|jtjtjdd}|jd|j tj |_ |jtjtj}|jtjd|jd|j |jt|jtjtj}|jdz|j }|j|Wd|j XWdQXdS( Nssvn.python.orgiRscertificate verify failed(ssvn.python.orgi(ssvn.python.orgi(ssvn.python.orgi(ssvn.python.orgi(RRRR=RRRRRRwRRRNRFRR>RgRR(RRRR((s#/usr/lib/python2.7/test/test_ssl.pyttest_connect_with_contexts.           cCstjdtjtj}tj|_|jdt|j t j t j }|j dz|j }|j|Wd|jXtjtj}tj|_|jdt|j t j t j }|j dz|j }|j|Wd|jXWdQXdS(Nssvn.python.orgR i(ssvn.python.orgi(ssvn.python.orgi(RRRR=RRNRFRgRRRRRRRRRi(RRRR((s#/usr/lib/python2.7/test/test_ssl.pyttest_connect_capath=s&       c CsOtt}|jjd}WdQXtj|}tjdtjtj }tj |_ |j d|t |jtjtj-}|jd|j}|j|WdQXtjtj }tj |_ |j d|t |jtjtj-}|jd|j}|j|WdQXWdQXdS(NRssvn.python.orgRli(ssvn.python.orgi(ssvn.python.orgi(RRrRRRRRRR=RRNRFRgRRRRRRR(RRFRRRRR((s#/usr/lib/python2.7/test/test_ssl.pyttest_connect_cadataZs$ $   $  R|s*Can't use a socket as a file under Windowsc Cstjdtjtjtj}|jd|j}|j}|j t j |d|j t j |jt}t j |dWdQX|j|jjtjWdQXdS(Nssvn.python.orgii(ssvn.python.orgi(RRRRRRRtfilenotmakefileRRRRRR[tOSErrorRwRRtEBADF(RRtfdRFR ((s#/usr/lib/python2.7/test/test_ssl.pyttest_makefile_closeps      c Cstjdtjtj}|jd|jttj|dtj dt}d}xyt ry|d7}|j PWqctj k rt j |gggqctjk rt j g|ggqcXqcW|jtjrtjjd|nWdQXdS( Nssvn.python.orgiRRiis9 Needed %d calls to do_handshake() to establish session. (ssvn.python.orgi(RRRRRRRWRRRLRVRRRRRRRRR(RRtcount((s#/usr/lib/python2.7/test/test_ssl.pyttest_non_blocking_handshakes(          cs?dfd}|ddttjr;|ddndS(Nc s%tj|tj||f}|sEjd||fnytj||fdt}Wn6tjk r}tjrtj j d|qnXjd|||ftj||fd|}|sjd||fntjrtj j d|||fnWdQXdS(NsNo server certificate on %s:%s!Rs%s s$Got server certificate %s for %s:%s!s& Verified certificate for %s:%s is %s ( RRRtget_server_certificateRRtR>RRRR(thosttportRRR(R(s#/usr/lib/python2.7/test/test_ssl.pyt_test_get_server_certificates"    ssvn.python.orgisipv6.google.com(RRRt IPV6_ENABLED(RR((Rs#/usr/lib/python2.7/test/test_ssl.pyttest_get_server_certificates cCsd }tj|dttjtjtjdtjdd}|j|WdQXttjtjtjdtjdd}|j|WdQX|j tj dQttjtj2}tj|dtjdd }|j|WdQXWdQXWdQXdS( Nssvn.python.orgiiRtciphersR;R<sNo cipher can be selecteds^$:,;?*'dorothyx(ssvn.python.orgi( RRRRRRRRLRRR>(RtremoteRR((s#/usr/lib/python2.7/test/test_ssl.pyR?s cCs:tjd kr&|jdtjntjs?|jdnd}tjjtjjt d }t j dtj tj }tj|_|j||jtjtjd d}z`|j|t jr!tjjd ||jftjjd tj|jnWd|jXWdQXdS(Nii iisSHA256 not available on %rsSNI needed for this testssha256.tbs-internet.comis sha256.pemRs Cipher with %r is %r sCertificate is: %s (ii iii(ssha256.tbs-internet.comi(RR&R/RRURRRRRRRR=R=RNRFRgRRRRRRRRtcipherRuRvRR(RRt sha256_certRR((s#/usr/lib/python2.7/test/test_ssl.pyttest_algorithmss( !       cCstjdtjtj}tj|_|jdt|j |j g|j t j t j }|jdz|j}|j|Wd|jX|j t|j dWdQXdS(Nssvn.python.orgR ii(ssvn.python.orgi(RRRR=RRNRFRgRRwRRRRRRRRR(RRRR((s#/usr/lib/python2.7/test/test_ssl.pyttest_get_ca_certs_capaths    c Cstjdtjtj}tjtj}tjtj}t|j |o}|j d|j |j ||j |j j |||_ |j |j ||j |j j |WdQXWdQXdS(Nssvn.python.orgi(ssvn.python.orgi(RRRR=R=RRRRRRRtcontextt_sslobj(Rtctx1tctx2RR((s#/usr/lib/python2.7/test/test_ssl.pyttest_context_setgets  (R"R#RRRRRRRRRARRRRRRR?RRRR(((s#/usr/lib/python2.7/test/test_ssl.pyRs      $     (tmake_https_servertThreadedEchoServerc BsxeZdejfdYZddddeeedddd ZdZ dZ ddZ dZ dZ RS( tConnectionHandlercBsDeZdZdZdZdZdZdZdZRS(sA mildly complicated class, because we want it to work both with and without the SSL wrapper around the socket connection, so that we can test the STARTTLS functionality.cCsZ||_t|_||_||_|jjdd|_tj j |t |_ dS(Ni( tserverRWtrunningRtaddrRRtsslconnt threadingtThreadt__init__RVtdaemon(RRtconnsockR((s#/usr/lib/python2.7/test/test_ssl.pyRs     cCsyA|jjj|jdt|_|jjj|jjWnt j k r}t |t j  r|jtjkrn|jjj||jjrtdt|jdnt|_|jj|jtSX|jjjt jkr|jj}tjrC|jjrCtjj dt!j"|dn|jjt}tjr|jjrtjj dt#t$|dqn|jj%}tjr|jjrtjj dt#|dtjj d t#|jjdntSdS( NRs' server: bad connection attempt from s: s client cert is s s cert binary is s bytes s" server: connection cipher is now s" server: selected protocol is now (&RRRRRVRtselected_protocolstappendtselected_npn_protocolRRRRR>Rt ECONNRESETt conn_errorstchattyRtreprRRWRtstopRRFRNRRRRRRRuRvRRR(RR Rt cert_binaryR((s#/usr/lib/python2.7/test/test_ssl.pyt wrap_conns6  %    $* !cCs*|jr|jjS|jjdSdS(Ni(RRRR(R((s#/usr/lib/python2.7/test/test_ssl.pyRAs  cCs-|jr|jj|S|jj|SdS(N(RRRR(RR((s#/usr/lib/python2.7/test/test_ssl.pyRGs cCs*|jr|jjn |jjdS(N(RRR(R((s#/usr/lib/python2.7/test/test_ssl.pyRMs cCst|_|jjs(|js(dSnx|jryE|j}|j}|skt|_|jn |dkrt j r|jj rt j jdn|jdS|jjr |dkr t j r|jj rt j jdn|jd|jsxdSnk|jjr|jr|dkrt j rV|jj rVt j jdn|jd|jj|_d|_t j rx|jj rxt j jdqxn|d krt j r|jj rt j jd n|jjd }|jt|jd d nft j re|jj re|jr6dp9d}t j jd|||j|fn|j|jWq+tjk r|jjrtdn|jt|_|jjq+Xq+WdS(Ntovers" server: client closed connection tSTARTTLSs2 server: read STARTTLS from client, sending OK... sOK tENDTLSs0 server: read ENDTLS from client, sending OK... s* server: connection is now unencrypted... s CB tls-uniques@ server: read CB tls-unique from client, sending our CB data... s tls-uniquesus-asciis t encryptedt unencrypteds/ server: read %r (%s), sending back %r (%s)... sTest server failure: (RVRRtstarttls_serverRRtstripRWRRRtconnectionchattyRRRRtunwrapRRRRRR.RR>RRR(Rtmsgtstrippedtdatatctype((s#/usr/lib/python2.7/test/test_ssl.pytrunSsb                  #       ( R"R#t__doc__RRRRRR(((s#/usr/lib/python2.7/test/test_ssl.pyR s %   c Cs>| r| |_ntj|dk r*|ntj|_|dk rK|ntj|j_|rs|jj|n|r|jj|n|r|jj |n| r|jj | n||_ ||_ ||_ tj|_tj|j|_d|_t|_g|_g|_tjj|t|_dS(N(RRR=RR=RLRFRgR]tset_npn_protocolsR>RRRRRRt bind_portRtflagRWtactiveRRRRRRVR( Rt certificatet ssl_versiontcertreqstcacertsRRRt npn_protocolsRR((s#/usr/lib/python2.7/test/test_ssl.pyRs4        cCs$|jtj|jj|S(N(tstartRtEventRtwait(R((s#/usr/lib/python2.7/test/test_ssl.pyt __enter__s cGs|j|jdS(N(RR(RRC((s#/usr/lib/python2.7/test/test_ssl.pyt__exit__s cCs||_tjj|dS(N(RRRR!(RR((s#/usr/lib/python2.7/test/test_ssl.pyR!s cCs |jjd|jjdt|_|jrB|jjnx|jryu|jj\}}tj r|j rt j j dt|dn|j|||}|j|jWqEtjk rqEtk r|jqEXqEW|jjdS(Ng?is server: new connection from s (RRRRVRRRRRRRRRRRRR!RRRtKeyboardInterruptRR(Rtnewconntconnaddrthandler((s#/usr/lib/python2.7/test/test_ssl.pyRs&      cCs t|_dS(N(RWR(R((s#/usr/lib/python2.7/test/test_ssl.pyRsN(R"R#RRRRRVRWRR$R%R!RR(((s#/usr/lib/python2.7/test/test_ssl.pyR s~     tAsyncoreEchoServercBsceZdejfdYZdZdZdZdZd dZ dZ dZ RS( t EchoServercBs<eZdejfdYZdZdZdZRS(RcBs>eZdZdZdZdZdZdZRS(cCsQtj|dtd|dt|_tjj||jt|_|j dS(NRRR( RRRVRWRtasyncoretdispatcher_with_sendRt_ssl_acceptingt_do_ssl_handshake(RtconnR((s#/usr/lib/python2.7/test/test_ssl.pyRs   cCsBt|jtjr>x&|jjdkr:|jqWntS(Ni(RRRt SSLSockettpendingthandle_read_eventRV(R((s#/usr/lib/python2.7/test/test_ssl.pytreadablescCsy|jjWntjtjfk r1dStjk rK|jStjk ran?tjk r}|j dt j kr|jSn Xt |_ dS(Ni(RRRRRt SSLEOFErrort handle_closeR>RRCRt ECONNABORTEDRWR.(Rterr((s#/usr/lib/python2.7/test/test_ssl.pyR/s cCsu|jr|jn[|jd}tjrKtjjdt|n|s^|j n|j |j dS(Nis server: read %s from client ( R.R/RRRRRRRRRR.(RR((s#/usr/lib/python2.7/test/test_ssl.pyt handle_reads    cCs1|jtjr-tjjd|jndS(Ns server: closed connection %s (RRRRRRR(R((s#/usr/lib/python2.7/test/test_ssl.pyR6s  cCsdS(N((R((s#/usr/lib/python2.7/test/test_ssl.pyRs(R"R#RR4R/R9R6R(((s#/usr/lib/python2.7/test/test_ssl.pyRs     cCsZ||_tjtjtj}tj|d|_tjj |||j ddS(NR<i( RRRt SOCK_STREAMRRRR,t dispatcherRR(RRR((s#/usr/lib/python2.7/test/test_ssl.pyRs  cCsI|j\}}tjr2tjjd|n|j||jdS(Ns$ server: new connection from %s:%s (RRRRRRRR(Rtsock_objR((s#/usr/lib/python2.7/test/test_ssl.pyt handle_accepts cCsdS(N((R((s#/usr/lib/python2.7/test/test_ssl.pyRs(R"R#R,R-RRR=R(((s#/usr/lib/python2.7/test/test_ssl.pyR+s3  cCsPd|_t|_|j||_|jj|_tjj |t |_ dS(N( RRRWRR+RRRRRRVR(RR((s#/usr/lib/python2.7/test/test_ssl.pyRs   cCsd|jj|jfS(Ns<%s %s>(t __class__R"R(R((s#/usr/lib/python2.7/test/test_ssl.pyt__str__scCs$|jtj|jj|S(N(R!RR"RR#(R((s#/usr/lib/python2.7/test/test_ssl.pyR$"s cGsltjrtjjdn|jtjrBtjjdn|jtjrhtjjdndS(Ns cleanup: stopping server. s! cleanup: joining server thread. s cleanup: successfully joined. (RRRRRRR(RRC((s#/usr/lib/python2.7/test/test_ssl.pyR%'s     cCs||_tjj|dS(N(RRRR!(RR((s#/usr/lib/python2.7/test/test_ssl.pyR!1s cCsQt|_|jr"|jjnx(|jrLytjdWq%q%Xq%WdS(Ni(RVRRRR,tloop(R((s#/usr/lib/python2.7/test/test_ssl.pyR5s   cCst|_|jjdS(N(RWRRR(R((s#/usr/lib/python2.7/test/test_ssl.pyR?s N( R"R#R,R;R+RR?R$R%RR!RR(((s#/usr/lib/python2.7/test/test_ssl.pyR*sE     cCs`ttdtjdtdtdt}|-ySttj;}tj|d|dtj}|j t |j fWdQXWntj k r}t jrVtjjd|jd qVntk r}t jrVtjjd |jd qVn]tk rI}|jtjkr nt jrVtjjd t|qVn Xtd WdQXdS( s Launch a server with CERT_REQUIRED, and check that trying to connect to it with the given client certificate fails. RRRRRRNs SSLError is %s is OSError is %s s\OSError is %s s'Use of invalid cert should have failed!(RRtRRNRWRRRR=RRRR>RRRRRRCRRRRtAssertionError(RRRRR((s#/usr/lib/python2.7/test/test_ssl.pyt bad_cert_testCs.        ! ! !sFOO c Csi}td|d|dt}|t|jtjd|}|jt|jfx|t|t |gD]} |rt j rt j jd|qn|j| |j} |rt j rt j jd| qn| |jkr~td| d t| |d jt|fq~q~W|jd |rpt j rpt j jd qpn|ji|jd 6|jd 6|jd 6|jd6|jd6|jWdQX|j|d> (%d) received; expected <<%r>> (%d) isover s client: closing connection. t compressionRtpeercerttclient_npn_protocolRNtserver_npn_protocols(RRWRRRRRRRt memoryviewRRRRRRR.RARRRCRRRRRR( tclient_contexttserver_contexttindataRRtsni_nameRRRtargtoutdata((s#/usr/lib/python2.7/test/test_ssl.pytserver_params_testasH  "     '       ic Cs|d krtj}nidtj6dtj6dtj6|}tjr|rUdpXd}tjj |tj |tj ||fntj |}|j |O_ tj |} | j |O_ |j tjkr|jdnx7|| fD])} || _| jt| jtqWyt|| dtdt} WnStjk rf|rqntjk r} |s| jtjkrqnkX|std tj |tj |fn9|tk r|| d krtd || d fnd S( sT Try to SSL-connect using *client_protocol* to *server_protocol*. If *expect_success* is true, assert that the connection succeeds, if it's false, assert that the connection fails. Also, if *expect_success* is a string, assert that it is the protocol version actually used by the connection. RLRMRNs %s->%s %s s {%s->%s} %s R;RRs5Client protocol %s succeeded with server protocol %s!Rs%version mismatch: expected %r, got %rN(RRRLRMRNRRRRRtget_protocol_nameR=RCR7RR>RFR]RtRgRNRWR>RRRRRARV( tserver_protocoltclient_protocoltexpect_successt certsreqstserver_optionstclient_optionstcerttypet formatstrRHRIRRR ((s#/usr/lib/python2.7/test/test_ssl.pyttry_protocol_combosR                t ThreadedTestscBseZedZdZejeddZdZ dZ dZ dZ dZ d Zeejeed d d Zed ZeejeedddZedZeejeedddZeejeedddZdZdZdZdZdZdZdZdZd Zd!Z ejej!d"d#Z"ejd$ej#kd%d&Z$d'Z%ejeed(d)d*Z&d+Z'd,Z(ejej)d-d.Z*d/Z+d0Z,e-d1Z.e-d2Z/e-d3Z0e-d4Z1d5Z2RS(6cCsftjrtjjdnxCtD];}tj|}|jt t ||dt dt q#WdS(s2Basic test of an SSL client connecting to a servers RRN( RRRRRR6RR=R]RtRNRV(RR7R((s#/usr/lib/python2.7/test/test_ssl.pyt test_echos    c Cstjrtjjdntjtj}tj|_ |j t |j t t d|dt}|x|jtjdt}|jt|jf|jt|jWdQX|j|j}|j|d|j}tjr:tjjtj|dtjjdt|dnd|krc|jd tj|nd|dkr|jd n|jd ||jd|tj|d }tj|d}|j |||j!WdQXdS(Ns RRRsCan't get peer certificate.sConnection cipher is s. Rls$No subject field in certificate: %s.ResPython Software FoundationskMissing or invalid 'organizationName' field in certificate subject; should be 'Python Software Foundation'.RiRh(sorganizationNamesPython Software Foundation((sorganizationNamesPython Software Foundation("RRRRRRR=RRNRFRgRtR]RRWRRRRRR[RRRRRRuRvRRRTR"RR(RRRRRRtbeforetafter((s#/usr/lib/python2.7/test/test_ssl.pyttest_getpeercertsB         !    s!verify_flags need OpenSSL > 0.9.8cCstjrtjjdntjtj}|jt tjtj}tj |_ |j t |j|jtjtd|dt}|[t|jtj9}|jt|jf|j}|j|dWdQXWdQX|jtjO_td|dt}|[t|jtj9}|jtjd|jt|jfWdQXWdQXWdQX|j ttd|dt}|[t|jtj9}|jt|jf|j}|j|dWdQXWdQXdS(Ns RRsCan't get peer certificate.scertificate verify failed(RRRRRRR=R=R]tSIGNED_CERTFILERNRFRgRRwRHRIRRVRRRRRRRRRJRR>tCRLFILE(RRIRRRR((s#/usr/lib/python2.7/test/test_ssl.pyttest_crl_checks8       (  cCstjrtjjdntjtj}|jt tjtj}tj |_ t |_ |jttd|dt }|at|jtjdd9}|jt|jf|j}|j|dWdQXWdQXtd|dt }|at|jtjdd9}|jtjd|jt|jfWdQXWdQXWdQXtd|dt }|Fttj-}|jtd |j|WdQXWdQXWdQXdS( Ns RRRRgsCan't get peer certificate.tinvalids.hostname 'invalid' doesn't match u?'localhost's'check_hostname requires server_hostname(RRRRRRR=R=R]R^RNRFRVRRgRRRRRRRRRRRRR(RRIRRRR((s#/usr/lib/python2.7/test/test_ssl.pyR&s8        (  cCs2ttjjtjjtp$tjddS(s"Connecting with an empty cert files nullcert.pemN(RBRRRRRtcurdir(R((s#/usr/lib/python2.7/test/test_ssl.pyttest_empty_certLs$cCs2ttjjtjjtp$tjddS(s<Connecting with a badly formatted certificate (syntax error)s badcert.pemN(RBRRRRRRb(R((s#/usr/lib/python2.7/test/test_ssl.pyttest_malformed_certPs$cCs2ttjjtjjtp$tjddS(s(Connecting with a non-existing cert files wrongcert.pemN(RBRRRRRRb(R((s#/usr/lib/python2.7/test/test_ssl.pyttest_nonexisting_certTs$cCs2ttjjtjjtp$tjddS(s4Connecting with a badly formatted key (syntax error)s badkey.pemN(RBRRRRRRb(R((s#/usr/lib/python2.7/test/test_ssl.pyttest_malformed_keyXs$cstjtjtjtjtfd}fd}tjd|}|jz |Wd|jXdS(s|A brutal shutdown of an SSL server should raise an OSError in the client when attempting handshake. csKjdjj\}}|jjjdS(Ni(RRRR(tnewsockR(t listener_gonetlistener_readyR(s#/usr/lib/python2.7/test/test_ssl.pytlistenerks     c s}jttj[}|jtfjytj|}Wntjk renXjdWdQXdS(Ns2connecting to closed SSL socket should have failed( R#RRRRRRRR(Rtssl_sock(RhRiRR(s#/usr/lib/python2.7/test/test_ssl.pyt connectorss  ttargetN( RR"RRRRRR!R(RRjRlR((RhRiRRRs#/usr/lib/python2.7/test/test_ssl.pyttest_rude_shutdown]s      R:s)OpenSSL is compiled without SSLv2 supportcCstjrtjjdnttjtjtttjtjttj ttjtjttj ttjtj t ttjtj t ttjtjt trttjtj t dtjnttjtj t dtjttjtj t dtjdS(s9Connecting to an SSLv2 server with various client optionss RUN(RRRRRRXRR:RVRMRNRRWtPROTOCOL_SSLv3R=R'RARBRD(R((s#/usr/lib/python2.7/test/test_ssl.pyttest_protocol_sslv2s    cCs!tjrtjjdnttdryttjtj t Wqt j k r}tjrtjjdt |qqXnttdrttjtjt nttjtjtttjtjdttdr ttjtjt tjnttjtjttjttjtjdtjttdrottjtjt tjnttjtjttjttjtjdtjttdrttjtjt dtjnttjtjtdtjtjBttjtjt dtjdS(s:Connecting to an SSLv23 server with various client optionss R:s; SSL2 client to SSL23 server test unexpectedly failed: %s RotTLSv1RTN(RRRRRRGRRXRR:RWRRRRoRVR=RMRNRBRARD(RR((s#/usr/lib/python2.7/test/test_ssl.pyttest_protocol_sslv23s:    Ros)OpenSSL is compiled without SSLv3 supportcCstjrtjjdnttjtjdttjtjdtjttjtjdtj t tdrttjtj t nttjtj t dtjttjtjt trttjtj t dtjndS(s9Connecting to an SSLv3 server with various client optionss tSSLv3R:RUN(RRRRRRXRRoRMRNRGR:RWRRBR=R'RA(R((s#/usr/lib/python2.7/test/test_ssl.pyttest_protocol_sslv3s   cCstjrtjjdnttjtjdttjtjdtjttjtjdtj t tdrttjtj t nt tdrttjtj t nttjtjt dtjdS(s8Connecting to a TLSv1 server with various client optionss RqR:RoRUN(RRRRRRXRR=RMRNRGR:RWRoRRD(R((s#/usr/lib/python2.7/test/test_ssl.pyttest_protocol_tlsv1s tPROTOCOL_TLSv1_1sTLS version 1.1 not supported.cCstjrtjjdnttjtjdttdrZttjtj t nttdrttjtj t nttjtj t dtj ttj tjdttjtjt ttjtjt dS(snConnecting to a TLSv1.1 server with various client options. Testing against older TLS versions.s sTLSv1.1R:RoRUN(RRRRRRXRRvRGR:RWRoRt OP_NO_TLSv1_1R=(R((s#/usr/lib/python2.7/test/test_ssl.pyttest_protocol_tlsv1_1s  tPROTOCOL_TLSv1_2sTLS version 1.2 not supported.c Cs3tjrtjjdnttjtjddtjtj Bdtjtj Bt tdrzttjtj t nt tdrttjtj t nttjtjt dtjttjtjdttjtjt ttjtjt ttjtjt ttjtjt dS(snConnecting to a TLSv1.2 server with various client options. Testing against older TLS versions.s sTLSv1.2RTRUR:RoN(RRRRRRXRRyRBRARGR:RWRoRt OP_NO_TLSv1_2R=Rv(R((s#/usr/lib/python2.7/test/test_ssl.pyttest_protocol_tlsv1_2s   c Cs8d}ttd tjd td td t}t}|tj}|jd |jt |j ft j rt jjdnxJ|D]B}t j rt jjd|n|r|j||j}n|j||jd}|jj}|dkr^|jdr^t j r=t jjd|ntj|d tj}t}q|dkr|jdrt j rt jjd|n|j}t}qt j rt jjd|qqWt j rt jjdn|r|jdn |jd|r$|jn |jWdQXdS(s6Switching from clear text to encrypted and back again.smsg 1sMSG 2R sMSG 3smsg 4R smsg 5smsg 6RRRRis s client: sending %r... iRs/ client: read %r from server, starting TLS... s- client: read %r from server, ending TLS... s client: read %r from server s client: closing connection. sover N(smsg 1sMSG 2sSTARTTLSsMSG 3smsg 4sENDTLSsmsg 5smsg 6(RRtRR=RVRWRRRRRRRRRRRRRRR.RRRR( RtmsgsRtwrappedRRJR0RMR((s#/usr/lib/python2.7/test/test_ssl.pyt test_starttls s`                         cCs9t|dt}tjr.tjjdnttd}|j}WdQXd}d|j t j j tdf}t jdt}tj|d |}zu|jjd }|rt|d kr|jt|}tjrtjjd t||fqnWd|jX|j||dS( s:Using a SocketServer to create and manage SSL connections.Rs trbNR<shttps://localhost:%d/%siRRscontent-lengthis/ client: read %d bytes from remote server '%s' (RRtRRRRRRRRRRtsplitRRturllib2turlopentinfot getheaderRRRRw(RRRFRRturlRtdlen((s#/usr/lib/python2.7/test/test_ssl.pyttest_socketserverP s(     c Csdd}tjr"tjjdnd}tt}|$tjt j }|j d|j ftjrtjjd|n|j||j }tjrtjjd|n||j kr |jd|d t||d j t|fn|jd tjr4tjjd n|jtjrZtjjd nWd QXd S( s'Check the example asyncore integration.sTEST MESSAGE of mixed case s sFOO s 127.0.0.1s client: sending %r... s client: read %r s4bad data <<%r>> (%d) received; expected <<%r>> (%d) isover s client: closing connection. s client: connection closed. N(RRRRRR*RtRRRRRRR.RRR(RRJRRRM((s#/usr/lib/python2.7/test/test_ssl.pyttest_asyncore_serverj s4       !    cstjrtjjdnttdtjdtj dtdt dt }|Otj t j dt dtd td tjdtj jt|jffd }fd }d jt gfdjt dgfdjt gfg}djt gfdjt dgfd|t gfd|t gfg}d}x|D] \}}} } ||jd} yw|| | j} | | jkr|jdjd|d| d dt| d| d dt| nWqWtk ra} | r'|jdjd|nt| j|sb|jdjd|d | qbqWXqWWx|D]\}}} } ||jd} ywj| || } | | jkr|jd!jd|d| d dt| d| d dt| nWqmtk r} | r=|jd"jd|nt| j|st|jdjd|d | njqmXqmWjd#jWd$QXd$S(%s Test recv(), send() and friends.s RRRRRRRRRcs'tdd}j|}|| S(Ntid(RR(tbR(R(s#/usr/lib/python2.7/test/test_ssl.pyt _recv_into scs-tdd}j|\}}|| S(NRid(RR(RRR(R(s#/usr/lib/python2.7/test/test_ssl.pyt_recvfrom_into sRRs some.addresstsendallRRRRuPREFIX_RspWhile sending with <<{name:s}>> bad data <<{outdata:r}>> ({nout:d}) received; expected <<{indata:r}>> ({nin:d}) RRMitnoutRJtnins>Failed to send with method <<{name:s}>>; expected to succeed. sFMethod <<{name:s}>> failed with unexpected exception message: {exp:s} texpsrWhile receiving with <<{name:s}>> bad data <<{outdata:r}>> ({nout:d}) received; expected <<{indata:r}>> ({nin:d}) sAFailed to receive with method <<{name:s}>>; expected to succeed. sover N( RRRRRRRtRRLR=RVRWRRRRRRRRRRRRR.RRRRRRR(RRRRt send_methodst recv_methodst data_prefixt meth_namet send_methRRRCRJRMR t recv_meth((Rs#/usr/lib/python2.7/test/test_ssl.pyttest_recv_send s           !       !    cs\tjtjd}tj}tjtfd}tjd|}|jj zzRtjtj}|j d|j ||f|j t jdt j|Wd|jXzTtjtj}t j|}|j d|j t jd|j ||fWd|jXWdt|jjXdS(Ns 127.0.0.1csjdjg}xTsstjgggd\}}}|kr |jjdq q Wx|D]}|jq{WdS(Nig?i(RRRRRR(tconnsRtwR R(tfinishRtstarted(s#/usr/lib/python2.7/test/test_ssl.pytserve s   $  Rmg?s timed out(RRRRRR"RWRR!R#RRRRR>RRRVR(RRRRRR((RRRs#/usr/lib/python2.7/test/test_ssl.pyttest_handshake_timeout s6        cs_tjtj}tj|_|jt|jttjtj d}t j }|j dt tjdgdgfd}tjd|}|jj|j tj}|j||f|j}|j|jdjj|jdtj|jd|dS(Ns 127.0.0.1RcsFjdjj\d<d<djddS(Niii(RRRR((tevttpeerRR(s#/usr/lib/python2.7/test/test_ssl.pyR4 s  Rmi(RR=RRNRFRgRtR]RRRRRRVRR"RRR!R#RRRRRR1Rw(RRRRRRtclientt client_addr((RRRRs#/usr/lib/python2.7/test/test_ssl.pyttest_server_accept% s0            c Csxtjtj}t|jtjE}|jtj}|jWdQX|j |j j t j WdQXdS(N( RR=RRRRR[RRRwRRtENOTCONN(RRRR((s#/usr/lib/python2.7/test/test_ssl.pyttest_getpeercert_enotconnJ s c Csxtjtj}t|jtjE}|jtj}|jWdQX|j |j j t j WdQXdS(N( RR=RRRRR[RRRwRRR(RRRR((s#/usr/lib/python2.7/test/test_ssl.pyttest_do_handshake_enotconnQ s cCstjtj}y|jdWn!tjk rF|jdnXttdtjdtZ}t |j t j 6}|j tj|j t|jfWdQXWdQXWdQX|jdt|jddS(NtDESsno DES cipher availableRRsno shared cipheri(RR=RR>R>R/RRtRWRRRR[RRRRTRR(RRRR((s#/usr/lib/python2.7/test/test_ssl.pyttest_default_ciphersX s   (c Cstjtj}ttdtjdt}t|jtjI}|j |j d|j t |jf|j|j dWdQX|j |j dWdQXdS(s Basic tests for SSLSocket.version(). More tests are done in the test_protocol_*() methods. RRRqN(RR=R=RRtRWRRRRRRRRRRw(RRRR((s#/usr/lib/python2.7/test/test_ssl.pyttest_version_basicg s   s"test requires ECDH-enabled OpenSSLc Cstjtj}|jttjdkr>|jdntd|[}t|j t j 7}|j t |j f|jd|jdWdQXWdQXdS(Niis ECCdraft:ECDHRtECDH(iii(RR=RR]RtR&R>RRRRRRRRTR(RRRR((s#/usr/lib/python2.7/test/test_ssl.pyttest_default_ecdh_curvev s s tls-uniques*'tls-unique' channel binding not availablecCsItjrtjjdnttdtjdtj dtdt dt }|tj t j dt dtd td tjdtj }|jt|jf|jd }tjrtjjd j|n|j||jt|d |jd|jj}|j|t|jd|jtj t j dt dtd td tjdtj }|jt|jf|jd }tjrtjjdj|n|j|||j||jt|d |jd|jj}|j|t|jd|jWdQXdS(s Test tls-unique channel binding.s RRRRRRRRRs tls-uniques! got channel binding data: {0!r} i sCB tls-unique sus-asciis) got another channel binding data: {0!r} N(RRRRRRRtRRLR=RVRWRRRRRRRtassertIsNotNoneRwRRRRRRtassertNotEqual(RRRtcb_datatpeer_data_reprt new_cb_data((s#/usr/lib/python2.7/test/test_ssl.pyR s\                    cCstjtj}|jtt||dtdt}tjrct j j dj |dn|j |ddddhdS(NRRs got compression: {!r} RCtZLIBtRLE(RR=R=R]RtRNRVRRRRRRRTR(RRR((s#/usr/lib/python2.7/test/test_ssl.pyttest_compression s    RSs*ssl.OP_NO_COMPRESSION needed for this testcCsdtjtj}|jt|jtjO_t||dtdt}|j |dddS(NRRRC( RR=R=R]RtRCRSRNRVRR(RRR((s#/usr/lib/python2.7/test/test_ssl.pyttest_compression_disabled s   cCstjtj}|jt|jt|jdt||dt dt }|dd}|j d}d|krd|krd |kr|j d |dndS( NtkEDHRRRit-tADHtEDHtDHEsNon-DH cipher: ( RR=R=R]RtR}R~R>RNRVRR(RRRRtparts((s#/usr/lib/python2.7/test/test_ssl.pyttest_dh_params s    $cCsRtjtj}|jtt||dtdt}|j|dddS(NRRRE( RR=R=R]RtRNRVRR(RRR((s#/usr/lib/python2.7/test/test_ssl.pyttest_selected_npn_protocol s   s NPN support needed for this testc Csiddg}ddgdfddgdfddgdfddgdfg}x|D] \}}tjtj}|jt|j|tjtj}|jt|j|t||dtdt}dt|t|t|f}|d } |j | ||| d ft |d r>|d d nd } |j | ||| dfqUWdS(Nshttp/1.1sspdy/2ttesttabctdefRRsKfailed trying %s (s) and %s (c). was expecting %s, but got %%s from the %%sRERRFitnothingR( RR=R=R]RtRRNRVRRwR( Rtserver_protocolstprotocol_teststclient_protocolsRRIRHRRt client_resultt server_result((s#/usr/lib/python2.7/test/test_ssl.pyttest_npn_protocols s*       $cCsvtjtj}|jttjtj}|jttjtj}tj|_|jt |||fS(N( RR=R=R]R^tSIGNED_CERTFILE2RNRFRgR(RRIt other_contextRH((s#/usr/lib/python2.7/test/test_ssl.pyt sni_contexts s    cCs+|d}|jd|ff|ddS(NRDRfRl(RT(RRRR((s#/usr/lib/python2.7/test/test_ssl.pytcheck_common_name s csg|j\}}fd}|j|t||dtdd}|jd|fg|j|dgt||dtdd}|jd|fg|j|dg|jdt||dtdd}|j|d|jgdS(Ncs/j||f|dk r+|_ndS(N(RRR(Rkt server_nametinitial_context(tcallsR(s#/usr/lib/python2.7/test/test_ssl.pyt servername_cb s RRKt supermessaget fakehostnameRgtnotfunny(RRRNRVRwRR(RRIRHRR((RRs#/usr/lib/python2.7/test/test_ssl.pyR s,        c Cs{|j\}}}d}|j||jtj"}t||dtdd}WdQX|j|jj ddS(NcSstjS(N(RtALERT_DESCRIPTION_ACCESS_DENIED(RkRR((s#/usr/lib/python2.7/test/test_ssl.pytcb_returning_alertB sRRKRtTLSV1_ALERT_ACCESS_DENIED( RRR[RR>RNRWRwRR(RRIRRHRRR((s#/usr/lib/python2.7/test/test_ssl.pyttest_sni_callback_alert= s   cCs|j\}}}d}|j||jtj7}tj"}t||dtdd}WdQXWdQX|j |j j d|j d|j dS(NcSs dddS(Nii((RkRR((s#/usr/lib/python2.7/test/test_ssl.pyt cb_raisingQ sRRKRtSSLV3_ALERT_HANDSHAKE_FAILUREtZeroDivisionError(RRR[RR>Rtcaptured_stderrRNRWRwRRRTtgetvalue(RRIRRHRRtstderrR((s#/usr/lib/python2.7/test/test_ssl.pyttest_sni_callback_raisingL s   cCs|j\}}}d}|j||jtj7}tj"}t||dtdd}WdQXWdQX|j |j j d|j d|j dS(NcSsdS(NRY((RkRR((s#/usr/lib/python2.7/test/test_ssl.pytcb_wrong_return_typec sRRKRtTLSV1_ALERT_INTERNAL_ERRORR\(RRR[RR>RRRNRWRwRRRTR(RRIRRHRRRR((s#/usr/lib/python2.7/test/test_ssl.pyt#test_sni_callback_wrong_return_type] s   cCstjtj}tj|_|jt|jttd|dt }|f|j t j }|j t |jf|j|jt|jd|jt|jdWdQXdS(NRRithello(RR=RRNRFRgRtR]RRWRRRRRRR[RRR(RRRR((s#/usr/lib/python2.7/test/test_ssl.pyt,test_read_write_after_close_raises_valuerroro s    (3R"R#RJRZR]RAR2R(R`RRcRdReRfRnRGRRpRrRtRuRxR{R~RRRRRRRRRRQRR3RRRRRtHAS_NPNRRRRRRRRR(((s#/usr/lib/python2.7/test/test_ssl.pyRYsd & ) &     )( :   k 1 %    ;   'c Cstjritjd6tjd6tjd6}xY|jD]9\}}|}|r:|dr:d||f}Pq:q:Wttj}dtj tj fGHd|GHdtj GHd tj GHyd tj GHWqtk rqXnx]tttttttttttttg D].}tjj|stjd |qqWt t!t"t#g}tj$d rw|j%t&nt'rtj(}|r|j%t)qnztj*|Wdt'rtj+|nXdS( NtLinuxtMactWindowsis%s %rstest_ssl: testing with %r %rs under %ss HAS_SNI = %rs OP_ALL = 0x%8xs OP_NO_TLSv1_1 = 0x%8xsCan't read certificate file %rtnetwork(,RRR?R@tmac_vert win32_vertitemsRRRR&RUR@RwtAttributeErrorRtRRhR`RaRbRcR^RRR^tBADKEYR_RRtexistst TestFailedR5RRKRtis_resource_enabledRRt _have_threadstthreading_setupRYt run_unittesttthreading_cleanup(RtplatsRREtplattfilenamettestst thread_info((s#/usr/lib/python2.7/test/test_ssl.pyt test_main sL             t__main__(ZRRARRRR,RRR)R2RRRRuttempfileRR RR?RHt contextlibRt import_moduleRtsortedt_PROTOCOL_NAMESR6RR RtRtgetfilesystemencodingRhR`RaRbRcRdReRQRRiRsRrR_R^RRRR_R^RRRxRR~RRtTestCaseRR%R'R(R/R9RJR2RURRKR5RRRt ImportErrorRWRRVttest.ssl_serversRRRR*RBRRNRXRYRR"(((s#/usr/lib/python2.7/test/test_ssl.pyts                                            )H  s ,; 0