def testCertificateCache(self):
pemRoot = '''-----BEGIN CERTIFICATE-----
MIIDpzCCAxCgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBmjELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRowGAYDVQQKExFv
c2Fmb3VuZGF0aW9uLm9yZzELMAkGA1UECxMCQ0ExEDAOBgNVBAMTB09TQUYgQ0Ex
KzApBgkqhkiG9w0BCQEWHGhvc3RtYXN0ZXJAb3NhZm91bmRhdGlvbi5vcmcwHhcN
MDQwNjAyMjEzNTIzWhcNMjkwNTI3MjEzNTIzWjCBmjELMAkGA1UEBhMCVVMxCzAJ
BgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRowGAYDVQQKExFvc2Fm
b3VuZGF0aW9uLm9yZzELMAkGA1UECxMCQ0ExEDAOBgNVBAMTB09TQUYgQ0ExKzAp
BgkqhkiG9w0BCQEWHGhvc3RtYXN0ZXJAb3NhZm91bmRhdGlvbi5vcmcwgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBAMvKQY9ElPz4UOhYwKPhbHpSzxxGXxQHiOGu
QDV9HuTaTD53cs4xhTau5nLrbqR6qkOpaxgq4+xGZGXwwdrl6vABXGamBAIS8U+C
IoxMZmdi1zNCHpALjrUOr5zG+l5lbxKMzzfbBgz0EvnxdyUW3JzWlFA7gtKwNeq9
8BbIVNIRAgMBAAGjgfowgfcwHQYDVR0OBBYEFFAUmTv7d1YAmmssTPTcaE3FWgdL
MIHHBgNVHSMEgb8wgbyAFFAUmTv7d1YAmmssTPTcaE3FWgdLoYGgpIGdMIGaMQsw
CQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28x
GjAYBgNVBAoTEW9zYWZvdW5kYXRpb24ub3JnMQswCQYDVQQLEwJDQTEQMA4GA1UE
AxMHT1NBRiBDQTErMCkGCSqGSIb3DQEJARYcaG9zdG1hc3RlckBvc2Fmb3VuZGF0
aW9uLm9yZ4IBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GBAAdPk2l4
bQBw41mQvTLGFVUx89oEqmlW8fMh06/PhNyKPvA+Ip/HL4fl71A8aGYINA2KGQeE
Mi6jbcmKpkTked0C7KzayFkggv/SZtmeibzOjQJbO5WQCRgYuF9t7Rijk7oiAt3U
3rOIG1GsNPeKaSKyc+Bpqd9phY+fPNsZf8b4
-----END CERTIFICATE-----'''
self.assert_(ssl.certificateCache == [], 'cache should start empty')
ssl.getContext(self.view) # set cache
self.assert_(ssl.certificateCache != [], 'cache should have an entry after getting a context')
x509 = X509.load_cert_string(pemRoot)
fingerprint = utils.fingerprint(x509)
cert = certificate.importCertificate(x509,
fingerprint,
constants.TRUST_AUTHENTICITY | constants.TRUST_SERVER,
self.view)
self.assert_(ssl.certificateCache == [], 'cache should have been cleared after adding a cert')
ssl.getContext(self.view) # set cache
cert.trust = 0
self.assert_(ssl.certificateCache == [], 'cache should have been cleared after changing cert.trust attribute')
ssl.getContext(self.view) # set cache
del cert.trust
self.assert_(ssl.certificateCache == [], 'cache should have been cleared after deleting cert.trust attribute')
ssl.getContext(self.view) # set cache
cert.delete()
self.assert_(ssl.certificateCache == [], 'cache should have been cleared after removing a cert')
def testCertificateVerification(self):
ctx = ssl.getContext(self.view)
conn1 = SSL.Connection(ctx)
#conn2 = SSL.Connection(ctx)#XXX Why can't I reuse the connection?
if socket.getdefaulttimeout() is not None:
# A workaround for M2Crypto bug 2341. If Chandler
# unit tests are run with run_tests.py, the feedparser
# calls socket.setdefaulttimeout() which will break
# this test case. But since we are just testing to make
# sure that:
# 1) SSL certificate verification works and
# 2) post connection check works
# we can safely force this test to run in blocking mode.
#
# Also, the SSL.Connection code is not used in Chandler.
# In Chandler we use TwistedProtocolWrapper, which
# works even when socket.setdefaulttimeout() has been
# called.
# XXX We should really test it here, but we first need
# XXX to figure out how to run these kinds of twisted tests
# XXX because reactor.run()/stop() can be called only once
# XXX in a program.
conn1.setblocking(1)
#conn2.setblocking(1)
if not self.isOnline():
return
# We wrap the connect() in try/except and filter some common
# network errors that are not SSL-related.
try:
self.assert_(conn1.connect(('www.thawte.com', 443)) >= 0)
conn1.clear()
#self.assertRaises(SSL.SSLError, conn2.connect, ('bugzilla.osafoundation.org', 443))
#conn2.clear()
except socket.gaierror, e:
if e.args[0] == 7: #'No address associated with nodename'
return
if e.args[0] == -3: #'Temporary failure in name resolution'
return
raise