Exemple #1
0
    def test_verified(self):
        https_pool = HTTPSConnectionPool(self.host, self.port,
                                         cert_reqs='CERT_REQUIRED')

        conn = https_pool._new_conn()
        self.assertEqual(conn.__class__, VerifiedHTTPSConnection)

        self.assertRaises(SSLError, https_pool.request, 'GET', '/')

        https_pool.ca_certs = DEFAULT_CA_BAD

        try:
            https_pool.request('GET', '/')
            self.fail("Didn't raise SSL error with wrong CA")
        except SSLError as e:
            self.assertTrue('certificate verify failed' in str(e),
                            "Expected 'certificate verify failed',"
                            "instead got: %r" % e)

        https_pool.ca_certs = DEFAULT_CA
        https_pool.request('GET', '/')  # Should succeed without exceptions.

        https_fail_pool = HTTPSConnectionPool('127.0.0.1', self.port,
                                              cert_reqs='CERT_REQUIRED')
        https_fail_pool.ca_certs = DEFAULT_CA

        try:
            https_fail_pool.request('GET', '/')
            self.fail("Didn't raise SSL invalid common name")
        except SSLError as e:
            self.assertTrue("doesn't match" in str(e))
Exemple #2
0
    def test_verified(self):
        https_pool = HTTPSConnectionPool(self.host,
                                         self.port,
                                         cert_reqs='CERT_REQUIRED')

        conn = https_pool._new_conn()
        self.assertEqual(conn.__class__, VerifiedHTTPSConnection)

        self.assertRaises(SSLError, https_pool.request, 'GET', '/')

        https_pool.ca_certs = DEFAULT_CA_BAD

        try:
            https_pool.request('GET', '/')
            self.fail("Didn't raise SSL error with wrong CA")
        except SSLError as e:
            self.assertTrue(
                'certificate verify failed' in str(e),
                "Expected 'certificate verify failed',"
                "instead got: %r" % e)

        https_pool.ca_certs = DEFAULT_CA
        https_pool.request('GET', '/')  # Should succeed without exceptions.

        https_fail_pool = HTTPSConnectionPool('127.0.0.1',
                                              self.port,
                                              cert_reqs='CERT_REQUIRED')
        https_fail_pool.ca_certs = DEFAULT_CA

        try:
            https_fail_pool.request('GET', '/')
            self.fail("Didn't raise SSL invalid common name")
        except SSLError as e:
            self.assertTrue("doesn't match" in str(e))
Exemple #3
0
    def test_assert_specific_hostname(self):
        https_pool = HTTPSConnectionPool('127.0.0.1', self.port,
                                         cert_reqs='CERT_REQUIRED')

        https_pool.ca_certs = DEFAULT_CA
        https_pool.assert_hostname = 'localhost'
        https_pool.request('GET', '/')
Exemple #4
0
    def test_cert_reqs_as_constant(self):
        https_pool = HTTPSConnectionPool(self.host, self.port,
                                         cert_reqs=ssl.CERT_REQUIRED)

        https_pool.ca_certs = DEFAULT_CA_BAD
        # if we pass in an invalid value it defaults to CERT_NONE
        self.assertRaises(SSLError, https_pool.request, 'GET', '/')
Exemple #5
0
    def test_https_timeout(self):
        timeout = Timeout(connect=0.001)
        https_pool = HTTPSConnectionPool(TARPIT_HOST,
                                         self.port,
                                         timeout=timeout,
                                         retries=False,
                                         cert_reqs='CERT_REQUIRED')

        timeout = Timeout(total=None, connect=0.001)
        https_pool = HTTPSConnectionPool(TARPIT_HOST,
                                         self.port,
                                         timeout=timeout,
                                         retries=False,
                                         cert_reqs='CERT_REQUIRED')
        self.assertRaises(ConnectTimeoutError, https_pool.request, 'GET', '/')

        timeout = Timeout(read=0.001)
        https_pool = HTTPSConnectionPool(self.host,
                                         self.port,
                                         timeout=timeout,
                                         retries=False,
                                         cert_reqs='CERT_REQUIRED')
        https_pool.ca_certs = DEFAULT_CA
        https_pool.assert_fingerprint = 'CC:45:6A:90:82:F7FF:C0:8218:8e:' \
                                        '7A:F2:8A:D7:1E:07:33:67:DE'
        url = '/sleep?seconds=0.005'
        self.assertRaises(ReadTimeoutError, https_pool.request, 'GET', url)

        timeout = Timeout(total=None)
        https_pool = HTTPSConnectionPool(self.host,
                                         self.port,
                                         timeout=timeout,
                                         cert_reqs='CERT_NONE')
        https_pool.request('GET', '/')
Exemple #6
0
    def test_assert_specific_hostname(self):
        https_pool = HTTPSConnectionPool('127.0.0.1', self.port,
                                         cert_reqs='CERT_REQUIRED')

        https_pool.ca_certs = DEFAULT_CA
        https_pool.assert_hostname = 'localhost'
        https_pool.request('GET', '/')
Exemple #7
0
    def test_https_timeout(self):
        timeout = Timeout(connect=0.001)
        https_pool = HTTPSConnectionPool(TARPIT_HOST, self.port,
                                         timeout=timeout, retries=False,
                                         cert_reqs='CERT_REQUIRED')
        self.addCleanup(https_pool.close)

        timeout = Timeout(total=None, connect=0.001)
        https_pool = HTTPSConnectionPool(TARPIT_HOST, self.port,
                                         timeout=timeout, retries=False,
                                         cert_reqs='CERT_REQUIRED')
        self.addCleanup(https_pool.close)
        self.assertRaises(ConnectTimeoutError, https_pool.request, 'GET', '/')

        timeout = Timeout(read=0.001)
        https_pool = HTTPSConnectionPool(self.host, self.port,
                                         timeout=timeout, retries=False,
                                         cert_reqs='CERT_REQUIRED')
        self.addCleanup(https_pool.close)
        https_pool.ca_certs = DEFAULT_CA
        https_pool.assert_fingerprint = '92:81:FE:85:F7:0C:26:60:EC:D6:B3:' \
                                        'BF:93:CF:F9:71:CC:07:7D:0A'

        timeout = Timeout(total=None)
        https_pool = HTTPSConnectionPool(self.host, self.port, timeout=timeout,
                                         cert_reqs='CERT_NONE')
        self.addCleanup(https_pool.close)
        https_pool.request('GET', '/')
Exemple #8
0
    def test_https_timeout(self):
        timeout = Timeout(connect=0.001)
        https_pool = HTTPSConnectionPool(TARPIT_HOST, self.port,
                                         timeout=timeout, retries=False,
                                         cert_reqs='CERT_REQUIRED')
        self.addCleanup(https_pool.close)

        timeout = Timeout(total=None, connect=0.001)
        https_pool = HTTPSConnectionPool(TARPIT_HOST, self.port,
                                         timeout=timeout, retries=False,
                                         cert_reqs='CERT_REQUIRED')
        self.addCleanup(https_pool.close)
        self.assertRaises(ConnectTimeoutError, https_pool.request, 'GET', '/')

        timeout = Timeout(read=0.001)
        https_pool = HTTPSConnectionPool(self.host, self.port,
                                         timeout=timeout, retries=False,
                                         cert_reqs='CERT_REQUIRED')
        self.addCleanup(https_pool.close)
        https_pool.ca_certs = DEFAULT_CA
        https_pool.assert_fingerprint = '92:81:FE:85:F7:0C:26:60:EC:D6:B3:' \
                                        'BF:93:CF:F9:71:CC:07:7D:0A'

        timeout = Timeout(total=None)
        https_pool = HTTPSConnectionPool(self.host, self.port, timeout=timeout,
                                         cert_reqs='CERT_NONE')
        self.addCleanup(https_pool.close)
        https_pool.request('GET', '/')
Exemple #9
0
    def test_cert_reqs_as_constant(self):
        https_pool = HTTPSConnectionPool(self.host, self.port,
                                         cert_reqs=ssl.CERT_REQUIRED)

        https_pool.ca_certs = DEFAULT_CA_BAD
        # if we pass in an invalid value it defaults to CERT_NONE
        self.assertRaises(SSLError, https_pool.request, 'GET', '/')
Exemple #10
0
    def test_https_timeout(self):
        timeout = Timeout(connect=0.001)
        https_pool = HTTPSConnectionPool(TARPIT_HOST, self.port,
                                         timeout=timeout,
                                         cert_reqs='CERT_REQUIRED')

        timeout = Timeout(total=None, connect=0.001)
        https_pool = HTTPSConnectionPool(TARPIT_HOST, self.port,
                                         timeout=timeout,
                                         cert_reqs='CERT_REQUIRED')
        self.assertRaises(ConnectTimeoutError, https_pool.request, 'GET', '/')

        timeout = Timeout(read=0.001)
        https_pool = HTTPSConnectionPool(self.host, self.port,
                                         timeout=timeout,
                                         cert_reqs='CERT_REQUIRED')
        https_pool.ca_certs = DEFAULT_CA
        https_pool.assert_fingerprint = 'CC:45:6A:90:82:F7FF:C0:8218:8e:' \
                                        '7A:F2:8A:D7:1E:07:33:67:DE'
        url = '/sleep?seconds=0.005'
        self.assertRaises(ReadTimeoutError, https_pool.request, 'GET', url)

        timeout = Timeout(total=None)
        https_pool = HTTPSConnectionPool(self.host, self.port, timeout=timeout,
                                         cert_reqs='CERT_NONE')
        https_pool.request('GET', '/')
Exemple #11
0
    def test_ssl_unverified_with_ca_certs(self):
        https_pool = HTTPSConnectionPool(self.host,
                                         self.port,
                                         cert_reqs='CERT_NONE')

        https_pool.ca_certs = DEFAULT_CA_BAD
        https_pool.request('GET', '/')
Exemple #12
0
    def test_invalid_ca_certs(self):
        https_pool = HTTPSConnectionPool(self.host, self.port, cert_reqs="CERT_REQUIRED")

        # Empty string won't throw on py2
        https_pool.ca_certs = "/no_valid_path_to_ca_certs"

        self.assertRaises(SSLError, https_pool.request, "GET", "/")
Exemple #13
0
 def test_source_address_error(self):
     for addr in INVALID_SOURCE_ADDRESSES:
         https_pool = HTTPSConnectionPool(
             self.host, self.port, cert_reqs='CERT_REQUIRED',
             source_address=addr)
         https_pool.ca_certs = DEFAULT_CA
         self.assertRaises(
             MaxRetryError, https_pool.request, 'GET', '/source_address')
Exemple #14
0
 def test_source_address(self):
     for addr in VALID_SOURCE_ADDRESSES:
         https_pool = HTTPSConnectionPool(
             self.host, self.port, cert_reqs='CERT_REQUIRED',
             source_address=addr)
         https_pool.ca_certs = DEFAULT_CA
         r = https_pool.request('GET', '/source_address')
         assert r.data == b(addr[0])
Exemple #15
0
    def test_assert_fingerprint_sha1(self):
        https_pool = HTTPSConnectionPool('127.0.0.1', self.port,
                                         cert_reqs='CERT_REQUIRED')

        https_pool.ca_certs = DEFAULT_CA
        https_pool.assert_fingerprint = 'CC:45:6A:90:82:F7FF:C0:8218:8e:' \
                                        '7A:F2:8A:D7:1E:07:33:67:DE'
        https_pool.request('GET', '/')
Exemple #16
0
    def test_assert_fingerprint_sha1(self):
        https_pool = HTTPSConnectionPool('127.0.0.1', self.port,
                                         cert_reqs='CERT_REQUIRED')

        https_pool.ca_certs = DEFAULT_CA
        https_pool.assert_fingerprint = 'CC:45:6A:90:82:F7FF:C0:8218:8e:' \
                                        '7A:F2:8A:D7:1E:07:33:67:DE'
        https_pool.request('GET', '/')
Exemple #17
0
    def test_assert_fingerprint_md5(self):
        https_pool = HTTPSConnectionPool('127.0.0.1', self.port,
                                         cert_reqs='CERT_REQUIRED')

        https_pool.ca_certs = DEFAULT_CA
        https_pool.assert_fingerprint = 'CA:84:E1:AD0E5a:ef:2f:C3:09' \
                                        ':E7:30:F8:CD:C8:5B'
        https_pool.request('GET', '/')
Exemple #18
0
    def test_invalid_ca_certs(self):
        https_pool = HTTPSConnectionPool(self.host, self.port,
                                         cert_reqs='CERT_REQUIRED')

        # Empty string won't throw on py2
        https_pool.ca_certs = '/no_valid_path_to_ca_certs'

        self.assertRaises(SSLError, https_pool.request, 'GET', '/')
Exemple #19
0
    def test_assert_fingerprint_md5(self):
        https_pool = HTTPSConnectionPool('127.0.0.1', self.port,
                                         cert_reqs='CERT_REQUIRED')

        https_pool.ca_certs = DEFAULT_CA
        https_pool.assert_fingerprint = 'CA:84:E1:AD0E5a:ef:2f:C3:09' \
                                        ':E7:30:F8:CD:C8:5B'
        https_pool.request('GET', '/')
Exemple #20
0
 def test_enhanced_ssl_connection(self):
     conn = VerifiedHTTPSConnection(self.host, self.port)
     https_pool = HTTPSConnectionPool(
         self.host, self.port, timeout=Timeout(total=None, connect=5), cert_reqs="CERT_REQUIRED"
     )
     https_pool.ca_certs = DEFAULT_CA
     https_pool.assert_fingerprint = "CC:45:6A:90:82:F7FF:C0:8218:8e:" "7A:F2:8A:D7:1E:07:33:67:DE"
     https_pool._make_request(conn, "GET", "/")
Exemple #21
0
 def test_source_address(self):
     for addr in VALID_SOURCE_ADDRESSES:
         https_pool = HTTPSConnectionPool(self.host,
                                          self.port,
                                          cert_reqs='CERT_REQUIRED',
                                          source_address=addr)
         https_pool.ca_certs = DEFAULT_CA
         r = https_pool.request('GET', '/source_address')
         assert r.data == b(addr[0])
Exemple #22
0
 def test_source_address_error(self):
     for addr in INVALID_SOURCE_ADDRESSES:
         https_pool = HTTPSConnectionPool(self.host,
                                          self.port,
                                          cert_reqs='CERT_REQUIRED',
                                          source_address=addr)
         https_pool.ca_certs = DEFAULT_CA
         self.assertRaises(MaxRetryError, https_pool.request, 'GET',
                           '/source_address')
Exemple #23
0
 def test_source_address_ignored(self):
     # source_address is ignored in Python 2.6 and earlier.
     for addr in INVALID_SOURCE_ADDRESSES:
         https_pool = HTTPSConnectionPool(
             self.host, self.port, cert_reqs='CERT_REQUIRED',
             source_address=addr)
         https_pool.ca_certs = DEFAULT_CA
         r = https_pool.request('GET', '/source_address')
         assert r.status == 200
Exemple #24
0
 def test_enhanced_ssl_connection(self):
     conn = VerifiedHTTPSConnection(self.host, self.port)
     https_pool = HTTPSConnectionPool(self.host, self.port,
                                      timeout=Timeout(total=None, connect=5),
                                      cert_reqs='CERT_REQUIRED')
     https_pool.ca_certs = DEFAULT_CA
     https_pool.assert_fingerprint = 'CC:45:6A:90:82:F7FF:C0:8218:8e:' \
                                     '7A:F2:8A:D7:1E:07:33:67:DE'
     https_pool._make_request(conn, 'GET', '/')
Exemple #25
0
 def test_source_address_ignored(self):
     # source_address is ignored in Python 2.6 and earlier.
     for addr in INVALID_SOURCE_ADDRESSES:
         https_pool = HTTPSConnectionPool(self.host,
                                          self.port,
                                          cert_reqs='CERT_REQUIRED',
                                          source_address=addr)
         https_pool.ca_certs = DEFAULT_CA
         r = https_pool.request('GET', '/source_address')
         assert r.status == 200
Exemple #26
0
    def test_source_address_ignored(self):
        # No warning is issued if source_address is omitted.
        with warnings.catch_warnings(record=True) as w:
            https_pool = HTTPSConnectionPool(
                self.host, self.port, cert_reqs='CERT_REQUIRED')
            https_pool.ca_certs = DEFAULT_CA
            assert https_pool.request('GET', '/source_address').status == 200
            assert (
                not w or not issubclass(w[-1].category, PythonVersionWarning))

        # source_address is ignored in Python 2.6 and earlier. Warning issued.
        with warnings.catch_warnings(record=True) as w:
            for addr in INVALID_SOURCE_ADDRESSES:
                https_pool = HTTPSConnectionPool(
                    self.host, self.port, cert_reqs='CERT_REQUIRED',
                    source_address=addr)
                https_pool.ca_certs = DEFAULT_CA
                r = https_pool.request('GET', '/source_address')
                assert r.status == 200
            assert issubclass(w[-1].category, PythonVersionWarning)
Exemple #27
0
    def test_assert_invalid_fingerprint(self):
        https_pool = HTTPSConnectionPool("127.0.0.1", self.port, cert_reqs="CERT_REQUIRED")

        https_pool.ca_certs = DEFAULT_CA
        https_pool.assert_fingerprint = "AA:AA:AA:AA:AA:AAAA:AA:AAAA:AA:" "AA:AA:AA:AA:AA:AA:AA:AA:AA"

        self.assertRaises(SSLError, https_pool.request, "GET", "/")

        # invalid length
        https_pool.assert_fingerprint = "AA"

        self.assertRaises(SSLError, https_pool.request, "GET", "/")

        # uneven length
        https_pool.assert_fingerprint = "AA:A"

        self.assertRaises(SSLError, https_pool.request, "GET", "/")
Exemple #28
0
    def test_https_timeout(self):
        timeout = Timeout(connect=0.001)
        https_pool = HTTPSConnectionPool(TARPIT_HOST, self.port, timeout=timeout, cert_reqs="CERT_REQUIRED")

        timeout = Timeout(total=None, connect=0.001)
        https_pool = HTTPSConnectionPool(TARPIT_HOST, self.port, timeout=timeout, cert_reqs="CERT_REQUIRED")
        self.assertRaises(ConnectTimeoutError, https_pool.request, "GET", "/")

        timeout = Timeout(read=0.001)
        https_pool = HTTPSConnectionPool(self.host, self.port, timeout=timeout, cert_reqs="CERT_REQUIRED")
        https_pool.ca_certs = DEFAULT_CA
        https_pool.assert_fingerprint = "CC:45:6A:90:82:F7FF:C0:8218:8e:" "7A:F2:8A:D7:1E:07:33:67:DE"
        url = "/sleep?seconds=0.005"
        self.assertRaises(ReadTimeoutError, https_pool.request, "GET", url)

        timeout = Timeout(total=None)
        https_pool = HTTPSConnectionPool(self.host, self.port, timeout=timeout, cert_reqs="CERT_NONE")
        https_pool.request("GET", "/")
Exemple #29
0
    def test_assert_invalid_fingerprint(self):
        https_pool = HTTPSConnectionPool('127.0.0.1', self.port,
                                         cert_reqs='CERT_REQUIRED')

        https_pool.ca_certs = DEFAULT_CA
        https_pool.assert_fingerprint = 'AA:AA:AA:AA:AA:AAAA:AA:AAAA:AA:' \
                                        'AA:AA:AA:AA:AA:AA:AA:AA:AA'

        self.assertRaises(SSLError, https_pool.request, 'GET', '/')

        # invalid length
        https_pool.assert_fingerprint = 'AA'

        self.assertRaises(SSLError, https_pool.request, 'GET', '/')

        # uneven length
        https_pool.assert_fingerprint = 'AA:A'

        self.assertRaises(SSLError, https_pool.request, 'GET', '/')
Exemple #30
0
    def test_assert_invalid_fingerprint(self):
        https_pool = HTTPSConnectionPool('127.0.0.1', self.port,
                                         cert_reqs='CERT_REQUIRED')

        https_pool.ca_certs = DEFAULT_CA
        https_pool.assert_fingerprint = 'AA:AA:AA:AA:AA:AAAA:AA:AAAA:AA:' \
                                        'AA:AA:AA:AA:AA:AA:AA:AA:AA'

        self.assertRaises(SSLError, https_pool.request, 'GET', '/')

        # invalid length
        https_pool.assert_fingerprint = 'AA'

        self.assertRaises(SSLError, https_pool.request, 'GET', '/')

        # uneven length
        https_pool.assert_fingerprint = 'AA:A'

        self.assertRaises(SSLError, https_pool.request, 'GET', '/')
Exemple #31
0
    def test_https_timeout(self):
        timeout = Timeout(connect=0.001)
        https_pool = HTTPSConnectionPool(
            TARPIT_HOST,
            self.port,
            timeout=timeout,
            retries=False,
            cert_reqs="CERT_REQUIRED",
        )
        self.addCleanup(https_pool.close)

        timeout = Timeout(total=None, connect=0.001)
        https_pool = HTTPSConnectionPool(
            TARPIT_HOST,
            self.port,
            timeout=timeout,
            retries=False,
            cert_reqs="CERT_REQUIRED",
        )
        self.addCleanup(https_pool.close)
        with pytest.raises(ConnectTimeoutError):
            https_pool.request("GET", "/")

        timeout = Timeout(read=0.01)
        https_pool = HTTPSConnectionPool(
            self.host,
            self.port,
            timeout=timeout,
            retries=False,
            cert_reqs="CERT_REQUIRED",
        )
        self.addCleanup(https_pool.close)
        https_pool.ca_certs = DEFAULT_CA
        https_pool.assert_fingerprint = ("92:81:FE:85:F7:0C:26:60:EC:D6:B3:"
                                         "BF:93:CF:F9:71:CC:07:7D:0A")

        timeout = Timeout(total=None)
        https_pool = HTTPSConnectionPool(self.host,
                                         self.port,
                                         timeout=timeout,
                                         cert_reqs="CERT_NONE")
        self.addCleanup(https_pool.close)
        https_pool.request("GET", "/")
Exemple #32
0
    def test_assert_specific_hostname(self):
        https_pool = HTTPSConnectionPool("127.0.0.1", self.port, cert_reqs="CERT_REQUIRED")

        https_pool.ca_certs = DEFAULT_CA
        https_pool.assert_hostname = "localhost"
        https_pool.request("GET", "/")
Exemple #33
0
        try:
            https_pool.request('GET', '/')
            self.fail("Didn't raise SSL error with no CA")
        except SSLError, e:
            self.assertTrue('No root certificates' in str(e))

        https_pool.ca_certs = DEFAULT_CA_BAD

        try:
            https_pool.request('GET', '/')
            self.fail("Didn't raise SSL error with wrong CA")
        except SSLError, e:
            self.assertTrue('certificate verify failed' in str(e))

        https_pool.ca_certs = DEFAULT_CA
        https_pool.request('GET', '/') # Should succeed without exceptions.

        https_fail_pool = HTTPSConnectionPool('127.0.0.1', self.port,
                                              cert_reqs='CERT_REQUIRED')
        https_fail_pool.ca_certs = DEFAULT_CA

        try:
            https_fail_pool.request('GET', '/')
            self.fail("Didn't raise SSL invalid common name")
        except SSLError, e:
            self.assertTrue("doesn't match" in str(e))


if __name__ == '__main__':
    unittest.main()
Exemple #34
0
    def test_ssl_unverified_with_ca_certs(self):
        https_pool = HTTPSConnectionPool(self.host, self.port,
                                         cert_reqs='CERT_NONE')

        https_pool.ca_certs = DEFAULT_CA_BAD
        https_pool.request('GET', '/')
Exemple #35
0
    def test_cert_reqs_as_short_string(self):
        https_pool = HTTPSConnectionPool(self.host, self.port, cert_reqs="REQUIRED")

        https_pool.ca_certs = DEFAULT_CA_BAD
        # if we pass in an invalid value it defaults to CERT_NONE
        self.assertRaises(SSLError, https_pool.request, "GET", "/")
Exemple #36
0
    def test_assert_fingerprint_sha1(self):
        https_pool = HTTPSConnectionPool("127.0.0.1", self.port, cert_reqs="CERT_REQUIRED")

        https_pool.ca_certs = DEFAULT_CA
        https_pool.assert_fingerprint = "CC:45:6A:90:82:F7FF:C0:8218:8e:" "7A:F2:8A:D7:1E:07:33:67:DE"
        https_pool.request("GET", "/")
Exemple #37
0
    def test_assert_fingerprint_md5(self):
        https_pool = HTTPSConnectionPool("127.0.0.1", self.port, cert_reqs="CERT_REQUIRED")

        https_pool.ca_certs = DEFAULT_CA
        https_pool.assert_fingerprint = "CA:84:E1:AD0E5a:ef:2f:C3:09" ":E7:30:F8:CD:C8:5B"
        https_pool.request("GET", "/")