Exemple #1
0
def test_load_ssl_config_cert_and_key_invalid_password(
        cert_pem_file, cert_encrypted_private_key_file):
    ssl_config = SSLConfig(cert=(cert_pem_file,
                                 cert_encrypted_private_key_file, "password1"))

    with pytest.raises(ssl.SSLError):
        ssl_config.load_ssl_context()
Exemple #2
0
def test_load_ssl_config_cert_and_encrypted_key(
        cert_pem_file, cert_encrypted_private_key_file, password):
    ssl_config = SSLConfig(cert=(cert_pem_file,
                                 cert_encrypted_private_key_file, password))
    context = ssl_config.load_ssl_context()
    assert context.verify_mode == ssl.VerifyMode.CERT_REQUIRED
    assert context.check_hostname is True
Exemple #3
0
async def test_start_tls_on_uds_socket_stream(https_uds_server):
    backend = lookup_backend()
    ctx = SSLConfig().load_ssl_context_no_verify()
    timeout = Timeout(5)

    stream = await backend.open_uds_stream(https_uds_server.config.uds,
                                           https_uds_server.url.host, None,
                                           timeout)

    try:
        assert stream.is_connection_dropped() is False
        assert get_cipher(stream) is None

        stream = await stream.start_tls(https_uds_server.url.host, ctx,
                                        timeout)
        assert stream.is_connection_dropped() is False
        assert get_cipher(stream) is not None

        await stream.write(b"GET / HTTP/1.1\r\n\r\n", timeout)

        response = await read_response(stream,
                                       timeout,
                                       should_contain=b"Hello, world")
        assert response.startswith(b"HTTP/1.1 200 OK\r\n")

    finally:
        await stream.close()
Exemple #4
0
def test_load_ssl_context():
    ssl_context = ssl.create_default_context()
    ssl_config = SSLConfig(verify=ssl_context)

    assert ssl_config.verify is True
    assert ssl_config.ssl_context is ssl_context
    assert repr(ssl_config) == "SSLConfig(cert=None, verify=True)"
Exemple #5
0
async def test_https_get_with_ssl(https_server, ca_cert_pem_file):
    """
    An HTTPS request, with SSL configuration set on the client.
    """
    ssl = SSLConfig(verify=ca_cert_pem_file)
    async with HTTPConnection(origin=https_server.url, ssl=ssl) as conn:
        response = await conn.request("GET", https_server.url)
        await response.aread()
        assert response.status_code == 200
        assert response.content == b"Hello, world!"
Exemple #6
0
def test_load_ssl_config_verify_env_file(https_server, ca_cert_pem_file,
                                         config):
    os.environ[config] = (ca_cert_pem_file if config.endswith("_FILE") else
                          str(Path(ca_cert_pem_file).parent))
    ssl_config = SSLConfig(trust_env=True)
    context = ssl_config.load_ssl_context()
    assert context.verify_mode == ssl.VerifyMode.CERT_REQUIRED
    assert context.check_hostname is True
    assert ssl_config.verify == os.environ[config]

    # Skipping 'SSL_CERT_DIR' functional test for now because
    # we're unable to get the certificate within the directory to
    # load into the SSLContext. :(
    if config == "SSL_CERT_FILE":
        host = https_server.url.host
        port = https_server.url.port
        conn = socket.create_connection((host, port))
        context.wrap_socket(conn, server_hostname=host)
        assert len(context.get_ca_certs()) == 1
Exemple #7
0
def test_ssl_config_support_for_keylog_file(tmpdir,
                                            monkeypatch):  # pragma: nocover
    with monkeypatch.context() as m:
        m.delenv("SSLKEYLOGFILE", raising=False)

        ssl_config = SSLConfig(trust_env=True)

        assert ssl_config.ssl_context.keylog_filename is None

    filename = str(tmpdir.join("test.log"))

    with monkeypatch.context() as m:
        m.setenv("SSLKEYLOGFILE", filename)

        ssl_config = SSLConfig(trust_env=True)

        assert ssl_config.ssl_context.keylog_filename == filename

        ssl_config = SSLConfig(trust_env=False)

        assert ssl_config.ssl_context.keylog_filename is None
Exemple #8
0
def test_load_ssl_context():
    ssl_context = ssl.create_default_context()
    ssl_config = SSLConfig(verify=ssl_context)

    assert ssl_config.ssl_context is ssl_context
Exemple #9
0
def test_load_ssl_config_no_verify():
    ssl_config = SSLConfig(verify=False)
    context = ssl_config.ssl_context
    assert context.verify_mode == ssl.VerifyMode.CERT_NONE
    assert context.check_hostname is False
Exemple #10
0
def test_load_ssl_config_cert_without_key_raises(cert_pem_file):
    with pytest.raises(ssl.SSLError):
        SSLConfig(cert=cert_pem_file)
Exemple #11
0
def test_load_ssl_config_verify_directory():
    path = Path(certifi.where()).parent
    ssl_config = SSLConfig(verify=path)
    context = ssl_config.ssl_context
    assert context.verify_mode == ssl.VerifyMode.CERT_REQUIRED
    assert context.check_hostname is True
Exemple #12
0
def test_load_ssl_config_verify_existing_file():
    ssl_config = SSLConfig(verify=certifi.where())
    context = ssl_config.ssl_context
    assert context.verify_mode == ssl.VerifyMode.CERT_REQUIRED
    assert context.check_hostname is True
Exemple #13
0
def test_load_ssl_config_verify_non_existing_path():
    with pytest.raises(IOError):
        SSLConfig(verify="/path/to/nowhere")
Exemple #14
0
def test_load_ssl_config():
    ssl_config = SSLConfig()
    context = ssl_config.ssl_context
    assert context.verify_mode == ssl.VerifyMode.CERT_REQUIRED
    assert context.check_hostname is True
Exemple #15
0
def test_ssl_eq():
    ssl = SSLConfig(verify=False)
    assert ssl == SSLConfig(verify=False)
Exemple #16
0
def test_ssl_repr():
    ssl = SSLConfig(verify=False)
    assert repr(ssl) == "SSLConfig(cert=None, verify=False)"