def request(self, method, url, body):
headers = dict(self.pulp_connection.headers) # copy so we don't affect the calling method
# Create a new connection each time since HTTPSConnection has problems
# reusing a connection for multiple calls (lame).
ssl_context = None
if self.pulp_connection.username and self.pulp_connection.password:
raw = ':'.join((self.pulp_connection.username, self.pulp_connection.password))
encoded = base64.encodestring(raw)[:-1]
headers['Authorization'] = 'Basic ' + encoded
elif self.pulp_connection.cert_filename:
ssl_context = SSL.Context('sslv3')
ssl_context.set_session_timeout(self.pulp_connection.timeout)
ssl_context.load_cert(self.pulp_connection.cert_filename)
# Can't pass in None, so need to decide between two signatures (also lame)
if ssl_context is not None:
connection = httpslib.HTTPSConnection(self.pulp_connection.host, self.pulp_connection.port, ssl_context=ssl_context)
else:
connection = httpslib.HTTPSConnection(self.pulp_connection.host, self.pulp_connection.port)
# Request against the server
connection.request(method, url, body=body, headers=headers)
try:
response = connection.getresponse()
except SSL.SSLError, err:
# Translate stale login certificate to an auth exception
if 'sslv3 alert certificate expired' == str(err):
raise exceptions.ClientSSLException(self.pulp_connection.cert_filename)
else:
raise exceptions.ConnectionException(None, str(err), None)
def test_HTTPSConnection_resume_session(self):
pid = self.start_server(self.args)
try:
from M2Crypto import httpslib
ctx = SSL.Context()
ctx.load_verify_locations(cafile='test/ca.pem')
ctx.load_cert('test/x509.pem')
ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 1)
ctx.set_session_cache_mode(m2.SSL_SESS_CACHE_CLIENT)
c = httpslib.HTTPSConnection(srv_host, srv_port, ssl_context=ctx)
c.request('GET', '/')
ses = c.get_session()
t = ses.as_text()
data = c.getresponse().read()
# Appearently closing connection here screws session; Ali Polatel?
# c.close()
ctx2 = SSL.Context()
ctx2.load_verify_locations(cafile='test/ca.pem')
ctx2.load_cert('test/x509.pem')
ctx2.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 1)
ctx2.set_session_cache_mode(m2.SSL_SESS_CACHE_CLIENT)
c2 = httpslib.HTTPSConnection(srv_host, srv_port, ssl_context=ctx2)
c2.set_session(ses)
c2.request('GET', '/')
ses2 = c2.get_session()
t2 = ses2.as_text()
data = c2.getresponse().read()
c.close()
c2.close()
assert t == t2, "Sessions did not match"
finally:
self.stop_server(pid)
self.failIf(string.find(data, 's_server -quiet -www') == -1)
def request(self, method, url, body):
headers = dict(self.pulp_connection.headers
) # copy so we don't affect the calling method
# Create a new connection each time since HTTPSConnection has problems
# reusing a connection for multiple calls (lame).
ssl_context = None
if self.pulp_connection.username and self.pulp_connection.password:
raw = ':'.join(
(self.pulp_connection.username, self.pulp_connection.password))
encoded = base64.encodestring(raw)[:-1]
headers['Authorization'] = 'Basic ' + encoded
elif self.pulp_connection.cert_filename:
ssl_context = SSL.Context('sslv3')
ssl_context.set_session_timeout(self.pulp_connection.timeout)
ssl_context.load_cert(self.pulp_connection.cert_filename)
# oauth configuration
if self.pulp_connection.oauth_key and self.pulp_connection.oauth_secret:
oauth_consumer = oauth.Consumer(self.pulp_connection.oauth_key,
self.pulp_connection.oauth_secret)
oauth_request = oauth.Request.from_consumer_and_token(
oauth_consumer,
http_method=method,
http_url='https://%s:%d%s' %
(self.pulp_connection.host, self.pulp_connection.port, url))
oauth_request.sign_request(oauth.SignatureMethod_HMAC_SHA1(),
oauth_consumer, None)
oauth_header = oauth_request.to_header()
# unicode header values causes m2crypto to do odd things.
for k, v in oauth_header.items():
oauth_header[k] = encode_unicode(v)
headers.update(oauth_header)
headers['pulp-user'] = self.pulp_connection.oauth_user
# Can't pass in None, so need to decide between two signatures (also lame)
if ssl_context is not None:
connection = httpslib.HTTPSConnection(self.pulp_connection.host,
self.pulp_connection.port,
ssl_context=ssl_context)
else:
connection = httpslib.HTTPSConnection(self.pulp_connection.host,
self.pulp_connection.port)
# Request against the server
connection.request(method, url, body=body, headers=headers)
try:
response = connection.getresponse()
except SSL.SSLError, err:
# Translate stale login certificate to an auth exception
if 'sslv3 alert certificate expired' == str(err):
raise exceptions.ClientSSLException(
self.pulp_connection.cert_filename)
else:
raise exceptions.ConnectionException(None, str(err), None)
def _request(self, request_type, handler, body=None):
context = SSL.Context("tlsv1")
self._load_ca_certificates(context)
if self.proxy_hostname and self.proxy_port:
log.debug("Using proxy: %s:%s" %
(self.proxy_hostname, self.proxy_port))
conn = RhsmProxyHTTPSConnection(self.proxy_hostname,
self.proxy_port,
username=self.proxy_user,
password=self.proxy_password,
ssl_context=context)
# this connection class wants the full url
handler = "https://%s:%s%s" % (self.host, self.ssl_port, handler)
else:
conn = httpslib.HTTPSConnection(self.host,
safe_int(self.ssl_port),
ssl_context=context)
conn.request("GET",
handler,
body="",
headers={
"Host": "%s:%s" % (self.host, self.ssl_port),
"Content-Length": "0"
})
response = conn.getresponse()
result = {"content": response.read(), "status": response.status}
return result
def _request(self, request_type, handler, body=None):
# See note in Restlib._request
context = SSL.Context("sslv23")
# Disable SSLv2 and SSLv3 support to avoid poodles.
context.set_options(m2.SSL_OP_NO_SSLv2 | m2.SSL_OP_NO_SSLv3)
self._load_ca_certificates(context)
if self.proxy_hostname and self.proxy_port:
log.debug("Using proxy: %s:%s" % (self.proxy_hostname, self.proxy_port))
conn = RhsmProxyHTTPSConnection(self.proxy_hostname, self.proxy_port,
username=self.proxy_user,
password=self.proxy_password,
ssl_context=context)
# this connection class wants the full url
handler = "https://%s:%s%s" % (self.host, self.ssl_port, handler)
else:
conn = httpslib.HTTPSConnection(self.host, safe_int(self.ssl_port), ssl_context=context)
set_default_socket_timeout_if_python_2_3()
conn.request("GET", handler,
body="",
headers={"Host": "%s:%s" % (self.host, self.ssl_port),
"Content-Length": "0",
"User-Agent": self.user_agent})
response = conn.getresponse()
result = {
"content": response.read(),
"status": response.status,
"headers": dict(response.getheaders())}
return result
def test_httpslib():
ctx = SSL.Context('sslv23')
ctx.load_cert_chain('client.pem')
ctx.load_verify_locations('ca.pem', '')
ctx.set_verify(SSL.verify_peer, 10)
ctx.set_info_callback()
h = httpslib.HTTPSConnection('localhost', 19443, ssl_context=ctx)
h.set_debuglevel(1)
h.putrequest('GET', '/')
h.putheader('Accept', 'text/html')
h.putheader('Accept', 'text/plain')
h.putheader('Connection', 'close')
h.endheaders()
resp = h.getresponse()
f = resp.fp
c = 0
while 1:
# Either of following two works.
#data = f.readline(4096)
data = resp.read(4096)
if not data: break
c = c + len(data)
#print data
sys.stdout.write(data)
sys.stdout.flush()
f.close()
h.close()
def OnSend(self, event):
self.frame.sendButton.Disable()
# Disabling the focused button disables keyboard navigation
# unless we set the focus to something else - let's put it
# on close button
self.frame.closeButton.SetFocus()
self.frame.sendButton.SetLabel(_(u'Sending...'))
try:
from M2Crypto import httpslib, SSL
# Try to load the CA certificates for secure SSL.
# If we can't load them, the data is hidden from casual observation,
# but a man-in-the-middle attack is possible.
ctx = SSL.Context()
opts = {}
if ctx.load_verify_locations(
'parcels/osaf/framework/certstore/cacert.pem') == 1:
ctx.set_verify(
SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 9)
opts['ssl_context'] = ctx
c = httpslib.HTTPSConnection('feedback.osafoundation.org', 443,
opts)
body = buildXML(self.frame.comments, self.frame.email,
self.frame.sysInfo, self.frame.text)
c.request('POST', '/desktop/post/submit', body)
response = c.getresponse()
if response.status != 200:
raise Exception('response.status=' + response.status)
c.close()
except:
self.frame.sendButton.SetLabel(_(u'Failed to send'))
else:
self.frame.sendButton.SetLabel(_(u'Sent'))
self.logReport(body, response.read())
def _connect(self):
context = SSL.Context("sslv3")
connection = httpslib.HTTPSConnection(self.host,
self.port,
ssl_context=context)
connection.connect()
return connection
def test_httpslib():
ctx = SSL.Context()
if ctx.load_verify_locations('ca.pem') != 1:
raise Exception('CA certificates not loaded')
ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 9)
ctx.set_info_callback()
h = httpslib.HTTPSConnection('localhost', 9443, ssl_context=ctx)
h.set_debuglevel(1)
h.putrequest('GET', '/')
h.putheader('Accept', 'text/html')
h.putheader('Accept', 'text/plain')
h.putheader('Connection', 'close')
h.endheaders()
resp = h.getresponse()
f = resp.fp
c = 0
while 1:
# Either of following two works.
#data = f.readline()
data = resp.read()
if not data: break
c = c + len(data)
sys.stdout.write(data)
sys.stdout.flush()
f.close()
h.close()
def test_makefile_timeout_fires(self):
# This is convoluted because (openssl s_server -www) starts
# writing the response as soon as it receives the first line of
# the request, so it's possible for it to send the response
# before the request is sent and there would be no timeout. So,
# let the server spend time reading from an empty pipe
FIFO_NAME = 'test_makefile_timeout_fires_fifo' # noqa
os.mkfifo('tests/' + FIFO_NAME)
pipe_pid = os.fork()
try:
if pipe_pid == 0:
try:
with open('tests/' + FIFO_NAME, 'w') as f:
time.sleep(sleepTime + 1)
f.write('Content\n')
finally:
os._exit(0)
self.args[self.args.index('-www')] = '-WWW'
pid = self.start_server(self.args)
try:
c = httpslib.HTTPSConnection(srv_host, self.srv_port)
c.putrequest('GET', '/' + FIFO_NAME)
c.putheader('Accept', 'text/html')
c.putheader('Accept', 'text/plain')
c.endheaders()
c.sock.settimeout(0.0000000001)
with self.assertRaises(socket.timeout):
c.getresponse()
c.close()
finally:
self.stop_server(pid)
finally:
os.kill(pipe_pid, signal.SIGTERM)
os.waitpid(pipe_pid, 0)
os.unlink('tests/' + FIFO_NAME)
def _connection(cls, host, port, protocol, context=None):
if protocol == 'http':
return httplib.HTTPConnection(host, port)
elif protocol == 'https':
return httpslib.HTTPSConnection(host, port, ssl_context=context)
else:
raise Exception("Unknown protocol %s" % protocol)
def https_open(self, req):
"""Return an addinfourl object for the request, using http_class.
http_class must implement the HTTPConnection API from httplib.
The addinfourl return value is a file-like object. It also
has methods and attributes including:
- info(): return a mimetools.Message object for the headers
- geturl(): return the original request URL
- code: HTTP status code
"""
host = req.get_host()
if not host:
raise URLError('no host given')
# Our change: Check to see if we're using a proxy.
# Then create an appropriate ssl-aware connection.
full_url = req.get_full_url()
target_host = urlparse.urlparse(full_url)[1]
if (target_host != host):
request_uri = urlparse.urldefrag(full_url)[0]
h = httpslib.ProxyHTTPSConnection(host=host, ssl_context=self.ctx)
else:
request_uri = req.get_selector()
h = httpslib.HTTPSConnection(host=host, ssl_context=self.ctx)
# End our change
h.set_debuglevel(self._debuglevel)
headers = dict(req.headers)
headers.update(req.unredirected_hdrs)
# We want to make an HTTP/1.1 request, but the addinfourl
# class isn't prepared to deal with a persistent connection.
# It will try to read all remaining data from the socket,
# which will block while the server waits for the next request.
# So make sure the connection gets closed after the (only)
# request.
headers["Connection"] = "close"
try:
h.request(req.get_method(), request_uri, req.data, headers)
r = h.getresponse()
except socket.error as err: # XXX what error?
raise URLError(err)
# Pick apart the HTTPResponse object to get the addinfourl
# object initialized properly.
# Wrap the HTTPResponse object in socket's file object adapter
# for Windows. That adapter calls recv(), so delegate recv()
# to read(). This weird wrapping allows the returned object to
# have readline() and readlines() methods.
r.recv = r.read
fp = socket._fileobject(r, close=True)
resp = addinfourl(fp, r.msg, req.get_full_url())
resp.code = r.status
resp.msg = r.reason
return resp
def test_HTTPSConnection(self):
pid = self.start_server(self.args)
try:
c = httpslib.HTTPSConnection(srv_host, self.srv_port)
c.request('GET', '/')
data = c.getresponse().read()
c.close()
finally:
self.stop_server(pid)
self.assertIn('s_server -quiet -www', six.ensure_text(data))
def https_connection_factory(host, port=None, strict=0, **ssl):
"""HTTPS connection factory that creates secure connections
using M2Crypto."""
ctx = SSL.Context('tlsv1')
ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, depth=9)
ctx.load_client_ca('cacert.pem')
return httpslib.HTTPSConnection(host,
port=port,
strict=strict,
ssl_context=ctx)
def test_HTTPSConnection_resume_session(self):
pid = self.start_server(self.args)
try:
self.ctx.load_verify_locations(cafile='tests/ca.pem')
self.ctx.load_cert('tests/x509.pem')
self.ctx.set_verify(
SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 1)
self.ctx.set_session_cache_mode(m2.SSL_SESS_CACHE_CLIENT)
c = httpslib.HTTPSConnection(srv_host,
self.srv_port,
ssl_context=self.ctx)
c.request('GET', '/')
ses = c.get_session()
t = ses.as_text()
data = c.getresponse().read()
# Appearently closing connection here screws session; Ali Polatel?
# c.close()
ctx2 = SSL.Context()
ctx2.load_verify_locations(cafile='tests/ca.pem')
ctx2.load_cert('tests/x509.pem')
ctx2.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert,
1)
ctx2.set_session_cache_mode(m2.SSL_SESS_CACHE_CLIENT)
c2 = httpslib.HTTPSConnection(srv_host,
self.srv_port,
ssl_context=ctx2)
c2.set_session(ses)
c2.request('GET', '/')
ses2 = c2.get_session()
t2 = ses2.as_text()
data = six.ensure_text(c2.getresponse().read())
c.close()
c2.close()
self.assertEqual(
t, t2, "Sessions did not match: t = %s, t2 = %s" % (
t,
t2,
))
finally:
self.stop_server(pid)
self.assertIn('s_server -quiet -www', data)
def test_HTTPSConnection(self):
pid = self.start_server(self.args)
try:
from M2Crypto import httpslib
c = httpslib.HTTPSConnection(srv_host, self.srv_port)
c.request('GET', '/')
data = c.getresponse().read()
c.close()
finally:
self.stop_server(pid)
self.assertIn('s_server -quiet -www', util.py3str(data))
def open_https(self, url, data=None, ssl_context=None):
if ssl_context is not None and isinstance(ssl_context, SSL.Context):
self.ctx = ssl_context
else:
self.ctx = SSL.Context(DEFAULT_PROTOCOL)
user_passwd = None
if isinstance(url, basestring):
host, selector = urllib.splithost(url)
if host:
user_passwd, host = urllib.splituser(host)
host = urllib.unquote(host)
realhost = host
else:
host, selector = url
urltype, rest = urllib.splittype(selector)
url = rest
user_passwd = None
if urltype.lower() != 'http':
realhost = None
else:
realhost, rest = urllib.splithost(rest)
if realhost:
user_passwd, realhost = urllib.splituser(realhost)
if user_passwd:
selector = "%s://%s%s" % (urltype, realhost, rest)
# print("proxy via http:", host, selector)
if not host:
raise IOError('http error', 'no host given')
if user_passwd:
import base64
auth = base64.encodestring(user_passwd).strip()
else:
auth = None
# Start here!
h = httpslib.HTTPSConnection(host=host, ssl_context=self.ctx)
# h.set_debuglevel(1)
# Stop here!
if data is not None:
h.putrequest('POST', selector)
h.putheader('Content-type', 'application/x-www-form-urlencoded')
h.putheader('Content-length', '%d' % len(data))
else:
h.putrequest('GET', selector)
if auth:
h.putheader('Authorization', 'Basic %s' % auth)
for args in self.addheaders:
apply(h.putheader, args)
h.endheaders()
if data is not None:
h.send(data + '\r\n')
# Here again!
resp = h.getresponse()
fp = resp.fp
return urllib.addinfourl(fp, resp.msg, "https:" + url)
def test_HTTPSConnection(self):
pid = self.start_server(self.args)
try:
from M2Crypto import httpslib
c = httpslib.HTTPSConnection(srv_host, srv_port)
c.request('GET', '/')
data = c.getresponse().read()
c.close()
finally:
self.stop_server(pid)
self.failIf(string.find(data, 's_server -quiet -www') == -1)
def test_HTTPSConnection_secure_context_fail(self):
pid = self.start_server(self.args)
try:
from M2Crypto import httpslib
ctx = SSL.Context()
ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 9)
ctx.load_verify_locations('test/server.pem')
c = httpslib.HTTPSConnection(srv_host, srv_port, ssl_context=ctx)
self.assertRaises(SSL.SSLError, c.request, 'GET', '/')
c.close()
finally:
self.stop_server(pid)
def test_HTTPSConnection_secure_context_fail(self):
pid = self.start_server(self.args)
try:
self.ctx.set_verify(
SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 9)
self.ctx.load_verify_locations('tests/server.pem')
c = httpslib.HTTPSConnection(srv_host, self.srv_port,
ssl_context=self.ctx)
with self.assertRaises(SSL.SSLError):
c.request('GET', '/')
c.close()
finally:
self.stop_server(pid)
def _request(self, request_type, method, info=None):
handler = self.apihandler + method
context = SSL.Context("tlsv1")
if self.insecure: # allow clients to work insecure mode if required..
context.post_connection_check = NoOpChecker()
else:
context.set_verify(SSL.verify_fail_if_no_peer_cert,
self.ssl_verify_depth)
if self.ca_dir != None:
log.debug('Loading CA PEM certificates from: %s', self.ca_dir)
self._load_ca_certificates(context)
if self.cert_file:
context.load_cert(self.cert_file, keyfile=self.key_file)
if self.proxy_hostname and self.proxy_port:
log.debug("Using proxy: %s:%s" %
(self.proxy_hostname, self.proxy_port))
conn = RhsmProxyHTTPSConnection(self.proxy_hostname,
self.proxy_port,
username=self.proxy_user,
password=self.proxy_password,
ssl_context=context)
# this connection class wants the full url
handler = "https://%s:%s%s" % (self.host, self.ssl_port, handler)
else:
conn = httpslib.HTTPSConnection(self.host,
self.ssl_port,
ssl_context=context)
if info:
body = json.dumps(info)
else:
body = None
log.debug("Making request: %s %s" % (request_type, handler))
headers = self.headers
if body is None:
headers = dict(self.headers.items() + \
{"Content-Length": "0"}.items())
conn.request(request_type, handler, body=body, headers=headers)
response = conn.getresponse()
result = {"content": response.read(), "status": response.status}
log.debug('Response status: ' + str(result['status']))
self.validateResponse(result)
if not len(result['content']):
return None
return json.loads(result['content'])
def test_HTTPSConnection_secure_context(self):
pid = self.start_server(self.args)
try:
from M2Crypto import httpslib
ctx = SSL.Context()
ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 9)
ctx.load_verify_locations('test/ca.pem')
c = httpslib.HTTPSConnection(srv_host, srv_port, ssl_context=ctx)
c.request('GET', '/')
data = c.getresponse().read()
c.close()
finally:
self.stop_server(pid)
self.failIf(string.find(data, 's_server -quiet -www') == -1)
def test_HTTPSConnection_secure_context(self):
pid = self.start_server(self.args)
try:
self.ctx.set_verify(
SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 9)
self.ctx.load_verify_locations('tests/ca.pem')
c = httpslib.HTTPSConnection(srv_host, self.srv_port,
ssl_context=self.ctx)
c.request('GET', '/')
data = six.ensure_text(c.getresponse().read())
c.close()
finally:
self.stop_server(pid)
self.assertIn('s_server -quiet -www', data)
def _make_connection(self, p_uri):
if ':' in p_uri.netloc:
host, port = p_uri.netloc.split(':')
port = int(port)
else:
host = p_uri.netloc
port = socket.getservbyname(p_uri.scheme)
if p_uri.scheme == "http":
return httplib.HTTPConnection(host, port)
else:
return httpslib.HTTPSConnection(host,
port,
ssl_context=self.ssl_context)
def _request(self, request_type, method, info=None):
handler = self.apihandler + method
context = SSL.Context("tlsv1")
if self.insecure: # allow clients to work insecure mode if required..
context.post_connection_check = NoOpChecker()
else:
context.set_verify(SSL.verify_fail_if_no_peer_cert,
self.ssl_verify_depth)
if self.ca_dir is not None:
log.debug('Loading CA PEM certificates from: %s', self.ca_dir)
self._load_ca_certificates(context)
if self.cert_file and os.path.exists(self.cert_file):
context.load_cert(self.cert_file, keyfile=self.key_file)
if self.proxy_hostname and self.proxy_port:
log.debug("Using proxy: %s:%s" %
(self.proxy_hostname, self.proxy_port))
conn = RhsmProxyHTTPSConnection(self.proxy_hostname,
self.proxy_port,
username=self.proxy_user,
password=self.proxy_password,
ssl_context=context)
# this connection class wants the full url
handler = "https://%s:%s%s" % (self.host, self.ssl_port, handler)
else:
conn = httpslib.HTTPSConnection(self.host,
self.ssl_port,
ssl_context=context)
if info is not None:
body = json.dumps(info)
else:
body = None
log.debug("Making request: %s %s" % (request_type, handler))
headers = self.headers
if body is None:
headers = dict(self.headers.items() +
{"Content-Length": "0"}.items())
try:
conn.request(request_type, handler, body=body, headers=headers)
except SSLError, e:
if self.cert_file:
id_cert = certificate.create_from_file(self.cert_file)
if not id_cert.is_valid():
raise ExpiredIdentityCertException()
raise e
def get_https():
ctx = SSL.Context()
if ctx.load_verify_locations('ca.pem') != 1:
raise Exception('CA certificates not loaded')
ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, 9)
h = httpslib.HTTPSConnection('localhost', 9443, ssl_context=ctx)
h.set_debuglevel(1)
h.putrequest('GET', '/')
h.endheaders()
resp = h.getresponse()
while 1:
data = resp.read()
if not data:
break
print data
h.close()
def test_SNI_support(self):
pid = self.start_server(self.args)
try:
c = httpslib.HTTPSConnection(self.srv_host, self.srv_port,
ssl_context=self.ctx)
c.request('GET', '/')
c.close()
finally:
# (openssl s_server) buffers its log output, and ends the TLS session
# with the client (allowing the client to terminate) before flushing
# the log; so, the client may get here and terminate the server
# before it manages to log the output.
# So, give the server hopefully enough time to flush the logs.
time.sleep(sleepTime)
out, _ = self.stop_server(pid)
self.assertIn('Hostname in TLS extension: "%s"' % srv_host, out)
def test_makefile_timeout(self):
# httpslib uses makefile to read the response
pid = self.start_server(self.args)
try:
c = httpslib.HTTPSConnection(srv_host, self.srv_port)
c.putrequest('GET', '/')
c.putheader('Accept', 'text/html')
c.putheader('Accept', 'text/plain')
c.endheaders()
c.sock.settimeout(100)
resp = c.getresponse()
self.assertEqual(resp.status, 200, resp.reason)
data = resp.read()
c.close()
finally:
self.stop_server(pid)
self.assertIn(b's_server -quiet -www', data)
def test_HTTPSConnection_SNI_support(self):
args = [
's_server', '-servername', srv_host, '-debug', '-www', '-cert',
'server.pem', '-key', 'server_key.pem', '-cert2', 'server.pem',
'-key2', 'server_key.pem', '-accept',
str(self.srv_port)
]
pid = self.start_server(args)
try:
ctx = SSL.Context()
c = httpslib.HTTPSConnection(srv_host,
self.srv_port,
ssl_context=ctx)
c.request('GET', '/')
c.close()
finally:
out, err = self.stop_server(pid)
self.assertIn('Hostname in TLS extension: "%s"' % srv_host, out)
def request(self, host, handler, request_body, verbose=0):
# type: (AnyStr, Callable, bytes, int) -> object
# Handle username and password.
user_passwd, host_port = m2urllib.splituser(host)
_host, _port = m2urllib.splitport(host_port)
h = httpslib.HTTPSConnection(_host,
int(_port),
ssl_context=self.ssl_ctx)
if verbose:
h.set_debuglevel(1)
# What follows is as in xmlrpclib.Transport. (Except the authz bit.)
h.putrequest("POST", handler)
# required by HTTP/1.1
h.putheader("Host", _host)
# required by XML-RPC
h.putheader("User-Agent", self.user_agent)
h.putheader("Content-Type", "text/xml")
h.putheader("Content-Length", str(len(request_body)))
# Authorisation.
if user_passwd is not None:
auth = base64.encodestring(user_passwd).strip()
h.putheader('Authorization', 'Basic %s' % auth)
h.endheaders()
if request_body:
h.send(request_body)
response = h.getresponse()
if response.status != 200:
raise ProtocolError(host + handler, response.status,
response.reason, response.getheaders())
self.verbose = verbose
return self.parse_response(response)
