def test_verified(self):
https_pool = HTTPSConnectionPool(self.host, self.port,
cert_reqs='CERT_REQUIRED')
conn = https_pool._new_conn()
self.assertEqual(conn.__class__, VerifiedHTTPSConnection)
self.assertRaises(SSLError, https_pool.request, 'GET', '/')
https_pool.ca_certs = DEFAULT_CA_BAD
try:
https_pool.request('GET', '/')
self.fail("Didn't raise SSL error with wrong CA")
except SSLError as e:
self.assertTrue('certificate verify failed' in str(e),
"Expected 'certificate verify failed',"
"instead got: %r" % e)
https_pool.ca_certs = DEFAULT_CA
https_pool.request('GET', '/') # Should succeed without exceptions.
https_fail_pool = HTTPSConnectionPool('127.0.0.1', self.port,
cert_reqs='CERT_REQUIRED')
https_fail_pool.ca_certs = DEFAULT_CA
try:
https_fail_pool.request('GET', '/')
self.fail("Didn't raise SSL invalid common name")
except SSLError as e:
self.assertTrue("doesn't match" in str(e))
def test_verified(self):
https_pool = HTTPSConnectionPool(self.host,
self.port,
cert_reqs='CERT_REQUIRED')
conn = https_pool._new_conn()
self.assertEqual(conn.__class__, VerifiedHTTPSConnection)
self.assertRaises(SSLError, https_pool.request, 'GET', '/')
https_pool.ca_certs = DEFAULT_CA_BAD
try:
https_pool.request('GET', '/')
self.fail("Didn't raise SSL error with wrong CA")
except SSLError as e:
self.assertTrue(
'certificate verify failed' in str(e),
"Expected 'certificate verify failed',"
"instead got: %r" % e)
https_pool.ca_certs = DEFAULT_CA
https_pool.request('GET', '/') # Should succeed without exceptions.
https_fail_pool = HTTPSConnectionPool('127.0.0.1',
self.port,
cert_reqs='CERT_REQUIRED')
https_fail_pool.ca_certs = DEFAULT_CA
try:
https_fail_pool.request('GET', '/')
self.fail("Didn't raise SSL invalid common name")
except SSLError as e:
self.assertTrue("doesn't match" in str(e))
def test_assert_specific_hostname(self):
https_pool = HTTPSConnectionPool('127.0.0.1', self.port,
cert_reqs='CERT_REQUIRED')
https_pool.ca_certs = DEFAULT_CA
https_pool.assert_hostname = 'localhost'
https_pool.request('GET', '/')
def test_cert_reqs_as_constant(self):
https_pool = HTTPSConnectionPool(self.host, self.port,
cert_reqs=ssl.CERT_REQUIRED)
https_pool.ca_certs = DEFAULT_CA_BAD
# if we pass in an invalid value it defaults to CERT_NONE
self.assertRaises(SSLError, https_pool.request, 'GET', '/')
def test_https_timeout(self):
timeout = Timeout(connect=0.001)
https_pool = HTTPSConnectionPool(TARPIT_HOST,
self.port,
timeout=timeout,
retries=False,
cert_reqs='CERT_REQUIRED')
timeout = Timeout(total=None, connect=0.001)
https_pool = HTTPSConnectionPool(TARPIT_HOST,
self.port,
timeout=timeout,
retries=False,
cert_reqs='CERT_REQUIRED')
self.assertRaises(ConnectTimeoutError, https_pool.request, 'GET', '/')
timeout = Timeout(read=0.001)
https_pool = HTTPSConnectionPool(self.host,
self.port,
timeout=timeout,
retries=False,
cert_reqs='CERT_REQUIRED')
https_pool.ca_certs = DEFAULT_CA
https_pool.assert_fingerprint = 'CC:45:6A:90:82:F7FF:C0:8218:8e:' \
'7A:F2:8A:D7:1E:07:33:67:DE'
url = '/sleep?seconds=0.005'
self.assertRaises(ReadTimeoutError, https_pool.request, 'GET', url)
timeout = Timeout(total=None)
https_pool = HTTPSConnectionPool(self.host,
self.port,
timeout=timeout,
cert_reqs='CERT_NONE')
https_pool.request('GET', '/')
def test_assert_specific_hostname(self):
https_pool = HTTPSConnectionPool('127.0.0.1', self.port,
cert_reqs='CERT_REQUIRED')
https_pool.ca_certs = DEFAULT_CA
https_pool.assert_hostname = 'localhost'
https_pool.request('GET', '/')
def test_https_timeout(self):
timeout = Timeout(connect=0.001)
https_pool = HTTPSConnectionPool(TARPIT_HOST, self.port,
timeout=timeout, retries=False,
cert_reqs='CERT_REQUIRED')
self.addCleanup(https_pool.close)
timeout = Timeout(total=None, connect=0.001)
https_pool = HTTPSConnectionPool(TARPIT_HOST, self.port,
timeout=timeout, retries=False,
cert_reqs='CERT_REQUIRED')
self.addCleanup(https_pool.close)
self.assertRaises(ConnectTimeoutError, https_pool.request, 'GET', '/')
timeout = Timeout(read=0.001)
https_pool = HTTPSConnectionPool(self.host, self.port,
timeout=timeout, retries=False,
cert_reqs='CERT_REQUIRED')
self.addCleanup(https_pool.close)
https_pool.ca_certs = DEFAULT_CA
https_pool.assert_fingerprint = '92:81:FE:85:F7:0C:26:60:EC:D6:B3:' \
'BF:93:CF:F9:71:CC:07:7D:0A'
timeout = Timeout(total=None)
https_pool = HTTPSConnectionPool(self.host, self.port, timeout=timeout,
cert_reqs='CERT_NONE')
self.addCleanup(https_pool.close)
https_pool.request('GET', '/')
def test_https_timeout(self):
timeout = Timeout(connect=0.001)
https_pool = HTTPSConnectionPool(TARPIT_HOST, self.port,
timeout=timeout, retries=False,
cert_reqs='CERT_REQUIRED')
self.addCleanup(https_pool.close)
timeout = Timeout(total=None, connect=0.001)
https_pool = HTTPSConnectionPool(TARPIT_HOST, self.port,
timeout=timeout, retries=False,
cert_reqs='CERT_REQUIRED')
self.addCleanup(https_pool.close)
self.assertRaises(ConnectTimeoutError, https_pool.request, 'GET', '/')
timeout = Timeout(read=0.001)
https_pool = HTTPSConnectionPool(self.host, self.port,
timeout=timeout, retries=False,
cert_reqs='CERT_REQUIRED')
self.addCleanup(https_pool.close)
https_pool.ca_certs = DEFAULT_CA
https_pool.assert_fingerprint = '92:81:FE:85:F7:0C:26:60:EC:D6:B3:' \
'BF:93:CF:F9:71:CC:07:7D:0A'
timeout = Timeout(total=None)
https_pool = HTTPSConnectionPool(self.host, self.port, timeout=timeout,
cert_reqs='CERT_NONE')
self.addCleanup(https_pool.close)
https_pool.request('GET', '/')
def test_cert_reqs_as_constant(self):
https_pool = HTTPSConnectionPool(self.host, self.port,
cert_reqs=ssl.CERT_REQUIRED)
https_pool.ca_certs = DEFAULT_CA_BAD
# if we pass in an invalid value it defaults to CERT_NONE
self.assertRaises(SSLError, https_pool.request, 'GET', '/')
def test_https_timeout(self):
timeout = Timeout(connect=0.001)
https_pool = HTTPSConnectionPool(TARPIT_HOST, self.port,
timeout=timeout,
cert_reqs='CERT_REQUIRED')
timeout = Timeout(total=None, connect=0.001)
https_pool = HTTPSConnectionPool(TARPIT_HOST, self.port,
timeout=timeout,
cert_reqs='CERT_REQUIRED')
self.assertRaises(ConnectTimeoutError, https_pool.request, 'GET', '/')
timeout = Timeout(read=0.001)
https_pool = HTTPSConnectionPool(self.host, self.port,
timeout=timeout,
cert_reqs='CERT_REQUIRED')
https_pool.ca_certs = DEFAULT_CA
https_pool.assert_fingerprint = 'CC:45:6A:90:82:F7FF:C0:8218:8e:' \
'7A:F2:8A:D7:1E:07:33:67:DE'
url = '/sleep?seconds=0.005'
self.assertRaises(ReadTimeoutError, https_pool.request, 'GET', url)
timeout = Timeout(total=None)
https_pool = HTTPSConnectionPool(self.host, self.port, timeout=timeout,
cert_reqs='CERT_NONE')
https_pool.request('GET', '/')
def test_ssl_unverified_with_ca_certs(self):
https_pool = HTTPSConnectionPool(self.host,
self.port,
cert_reqs='CERT_NONE')
https_pool.ca_certs = DEFAULT_CA_BAD
https_pool.request('GET', '/')
def test_invalid_ca_certs(self):
https_pool = HTTPSConnectionPool(self.host, self.port, cert_reqs="CERT_REQUIRED")
# Empty string won't throw on py2
https_pool.ca_certs = "/no_valid_path_to_ca_certs"
self.assertRaises(SSLError, https_pool.request, "GET", "/")
def test_source_address_error(self):
for addr in INVALID_SOURCE_ADDRESSES:
https_pool = HTTPSConnectionPool(
self.host, self.port, cert_reqs='CERT_REQUIRED',
source_address=addr)
https_pool.ca_certs = DEFAULT_CA
self.assertRaises(
MaxRetryError, https_pool.request, 'GET', '/source_address')
def test_source_address(self):
for addr in VALID_SOURCE_ADDRESSES:
https_pool = HTTPSConnectionPool(
self.host, self.port, cert_reqs='CERT_REQUIRED',
source_address=addr)
https_pool.ca_certs = DEFAULT_CA
r = https_pool.request('GET', '/source_address')
assert r.data == b(addr[0])
def test_assert_fingerprint_sha1(self):
https_pool = HTTPSConnectionPool('127.0.0.1', self.port,
cert_reqs='CERT_REQUIRED')
https_pool.ca_certs = DEFAULT_CA
https_pool.assert_fingerprint = 'CC:45:6A:90:82:F7FF:C0:8218:8e:' \
'7A:F2:8A:D7:1E:07:33:67:DE'
https_pool.request('GET', '/')
def test_assert_fingerprint_sha1(self):
https_pool = HTTPSConnectionPool('127.0.0.1', self.port,
cert_reqs='CERT_REQUIRED')
https_pool.ca_certs = DEFAULT_CA
https_pool.assert_fingerprint = 'CC:45:6A:90:82:F7FF:C0:8218:8e:' \
'7A:F2:8A:D7:1E:07:33:67:DE'
https_pool.request('GET', '/')
def test_assert_fingerprint_md5(self):
https_pool = HTTPSConnectionPool('127.0.0.1', self.port,
cert_reqs='CERT_REQUIRED')
https_pool.ca_certs = DEFAULT_CA
https_pool.assert_fingerprint = 'CA:84:E1:AD0E5a:ef:2f:C3:09' \
':E7:30:F8:CD:C8:5B'
https_pool.request('GET', '/')
def test_invalid_ca_certs(self):
https_pool = HTTPSConnectionPool(self.host, self.port,
cert_reqs='CERT_REQUIRED')
# Empty string won't throw on py2
https_pool.ca_certs = '/no_valid_path_to_ca_certs'
self.assertRaises(SSLError, https_pool.request, 'GET', '/')
def test_assert_fingerprint_md5(self):
https_pool = HTTPSConnectionPool('127.0.0.1', self.port,
cert_reqs='CERT_REQUIRED')
https_pool.ca_certs = DEFAULT_CA
https_pool.assert_fingerprint = 'CA:84:E1:AD0E5a:ef:2f:C3:09' \
':E7:30:F8:CD:C8:5B'
https_pool.request('GET', '/')
def test_enhanced_ssl_connection(self):
conn = VerifiedHTTPSConnection(self.host, self.port)
https_pool = HTTPSConnectionPool(
self.host, self.port, timeout=Timeout(total=None, connect=5), cert_reqs="CERT_REQUIRED"
)
https_pool.ca_certs = DEFAULT_CA
https_pool.assert_fingerprint = "CC:45:6A:90:82:F7FF:C0:8218:8e:" "7A:F2:8A:D7:1E:07:33:67:DE"
https_pool._make_request(conn, "GET", "/")
def test_source_address(self):
for addr in VALID_SOURCE_ADDRESSES:
https_pool = HTTPSConnectionPool(self.host,
self.port,
cert_reqs='CERT_REQUIRED',
source_address=addr)
https_pool.ca_certs = DEFAULT_CA
r = https_pool.request('GET', '/source_address')
assert r.data == b(addr[0])
def test_source_address_error(self):
for addr in INVALID_SOURCE_ADDRESSES:
https_pool = HTTPSConnectionPool(self.host,
self.port,
cert_reqs='CERT_REQUIRED',
source_address=addr)
https_pool.ca_certs = DEFAULT_CA
self.assertRaises(MaxRetryError, https_pool.request, 'GET',
'/source_address')
def test_source_address_ignored(self):
# source_address is ignored in Python 2.6 and earlier.
for addr in INVALID_SOURCE_ADDRESSES:
https_pool = HTTPSConnectionPool(
self.host, self.port, cert_reqs='CERT_REQUIRED',
source_address=addr)
https_pool.ca_certs = DEFAULT_CA
r = https_pool.request('GET', '/source_address')
assert r.status == 200
def test_enhanced_ssl_connection(self):
conn = VerifiedHTTPSConnection(self.host, self.port)
https_pool = HTTPSConnectionPool(self.host, self.port,
timeout=Timeout(total=None, connect=5),
cert_reqs='CERT_REQUIRED')
https_pool.ca_certs = DEFAULT_CA
https_pool.assert_fingerprint = 'CC:45:6A:90:82:F7FF:C0:8218:8e:' \
'7A:F2:8A:D7:1E:07:33:67:DE'
https_pool._make_request(conn, 'GET', '/')
def test_source_address_ignored(self):
# source_address is ignored in Python 2.6 and earlier.
for addr in INVALID_SOURCE_ADDRESSES:
https_pool = HTTPSConnectionPool(self.host,
self.port,
cert_reqs='CERT_REQUIRED',
source_address=addr)
https_pool.ca_certs = DEFAULT_CA
r = https_pool.request('GET', '/source_address')
assert r.status == 200
def test_source_address_ignored(self):
# No warning is issued if source_address is omitted.
with warnings.catch_warnings(record=True) as w:
https_pool = HTTPSConnectionPool(
self.host, self.port, cert_reqs='CERT_REQUIRED')
https_pool.ca_certs = DEFAULT_CA
assert https_pool.request('GET', '/source_address').status == 200
assert (
not w or not issubclass(w[-1].category, PythonVersionWarning))
# source_address is ignored in Python 2.6 and earlier. Warning issued.
with warnings.catch_warnings(record=True) as w:
for addr in INVALID_SOURCE_ADDRESSES:
https_pool = HTTPSConnectionPool(
self.host, self.port, cert_reqs='CERT_REQUIRED',
source_address=addr)
https_pool.ca_certs = DEFAULT_CA
r = https_pool.request('GET', '/source_address')
assert r.status == 200
assert issubclass(w[-1].category, PythonVersionWarning)
def test_assert_invalid_fingerprint(self):
https_pool = HTTPSConnectionPool("127.0.0.1", self.port, cert_reqs="CERT_REQUIRED")
https_pool.ca_certs = DEFAULT_CA
https_pool.assert_fingerprint = "AA:AA:AA:AA:AA:AAAA:AA:AAAA:AA:" "AA:AA:AA:AA:AA:AA:AA:AA:AA"
self.assertRaises(SSLError, https_pool.request, "GET", "/")
# invalid length
https_pool.assert_fingerprint = "AA"
self.assertRaises(SSLError, https_pool.request, "GET", "/")
# uneven length
https_pool.assert_fingerprint = "AA:A"
self.assertRaises(SSLError, https_pool.request, "GET", "/")
def test_https_timeout(self):
timeout = Timeout(connect=0.001)
https_pool = HTTPSConnectionPool(TARPIT_HOST, self.port, timeout=timeout, cert_reqs="CERT_REQUIRED")
timeout = Timeout(total=None, connect=0.001)
https_pool = HTTPSConnectionPool(TARPIT_HOST, self.port, timeout=timeout, cert_reqs="CERT_REQUIRED")
self.assertRaises(ConnectTimeoutError, https_pool.request, "GET", "/")
timeout = Timeout(read=0.001)
https_pool = HTTPSConnectionPool(self.host, self.port, timeout=timeout, cert_reqs="CERT_REQUIRED")
https_pool.ca_certs = DEFAULT_CA
https_pool.assert_fingerprint = "CC:45:6A:90:82:F7FF:C0:8218:8e:" "7A:F2:8A:D7:1E:07:33:67:DE"
url = "/sleep?seconds=0.005"
self.assertRaises(ReadTimeoutError, https_pool.request, "GET", url)
timeout = Timeout(total=None)
https_pool = HTTPSConnectionPool(self.host, self.port, timeout=timeout, cert_reqs="CERT_NONE")
https_pool.request("GET", "/")
def test_assert_invalid_fingerprint(self):
https_pool = HTTPSConnectionPool('127.0.0.1', self.port,
cert_reqs='CERT_REQUIRED')
https_pool.ca_certs = DEFAULT_CA
https_pool.assert_fingerprint = 'AA:AA:AA:AA:AA:AAAA:AA:AAAA:AA:' \
'AA:AA:AA:AA:AA:AA:AA:AA:AA'
self.assertRaises(SSLError, https_pool.request, 'GET', '/')
# invalid length
https_pool.assert_fingerprint = 'AA'
self.assertRaises(SSLError, https_pool.request, 'GET', '/')
# uneven length
https_pool.assert_fingerprint = 'AA:A'
self.assertRaises(SSLError, https_pool.request, 'GET', '/')
def test_assert_invalid_fingerprint(self):
https_pool = HTTPSConnectionPool('127.0.0.1', self.port,
cert_reqs='CERT_REQUIRED')
https_pool.ca_certs = DEFAULT_CA
https_pool.assert_fingerprint = 'AA:AA:AA:AA:AA:AAAA:AA:AAAA:AA:' \
'AA:AA:AA:AA:AA:AA:AA:AA:AA'
self.assertRaises(SSLError, https_pool.request, 'GET', '/')
# invalid length
https_pool.assert_fingerprint = 'AA'
self.assertRaises(SSLError, https_pool.request, 'GET', '/')
# uneven length
https_pool.assert_fingerprint = 'AA:A'
self.assertRaises(SSLError, https_pool.request, 'GET', '/')
def test_https_timeout(self):
timeout = Timeout(connect=0.001)
https_pool = HTTPSConnectionPool(
TARPIT_HOST,
self.port,
timeout=timeout,
retries=False,
cert_reqs="CERT_REQUIRED",
)
self.addCleanup(https_pool.close)
timeout = Timeout(total=None, connect=0.001)
https_pool = HTTPSConnectionPool(
TARPIT_HOST,
self.port,
timeout=timeout,
retries=False,
cert_reqs="CERT_REQUIRED",
)
self.addCleanup(https_pool.close)
with pytest.raises(ConnectTimeoutError):
https_pool.request("GET", "/")
timeout = Timeout(read=0.01)
https_pool = HTTPSConnectionPool(
self.host,
self.port,
timeout=timeout,
retries=False,
cert_reqs="CERT_REQUIRED",
)
self.addCleanup(https_pool.close)
https_pool.ca_certs = DEFAULT_CA
https_pool.assert_fingerprint = ("92:81:FE:85:F7:0C:26:60:EC:D6:B3:"
"BF:93:CF:F9:71:CC:07:7D:0A")
timeout = Timeout(total=None)
https_pool = HTTPSConnectionPool(self.host,
self.port,
timeout=timeout,
cert_reqs="CERT_NONE")
self.addCleanup(https_pool.close)
https_pool.request("GET", "/")
def test_assert_specific_hostname(self):
https_pool = HTTPSConnectionPool("127.0.0.1", self.port, cert_reqs="CERT_REQUIRED")
https_pool.ca_certs = DEFAULT_CA
https_pool.assert_hostname = "localhost"
https_pool.request("GET", "/")
try:
https_pool.request('GET', '/')
self.fail("Didn't raise SSL error with no CA")
except SSLError, e:
self.assertTrue('No root certificates' in str(e))
https_pool.ca_certs = DEFAULT_CA_BAD
try:
https_pool.request('GET', '/')
self.fail("Didn't raise SSL error with wrong CA")
except SSLError, e:
self.assertTrue('certificate verify failed' in str(e))
https_pool.ca_certs = DEFAULT_CA
https_pool.request('GET', '/') # Should succeed without exceptions.
https_fail_pool = HTTPSConnectionPool('127.0.0.1', self.port,
cert_reqs='CERT_REQUIRED')
https_fail_pool.ca_certs = DEFAULT_CA
try:
https_fail_pool.request('GET', '/')
self.fail("Didn't raise SSL invalid common name")
except SSLError, e:
self.assertTrue("doesn't match" in str(e))
if __name__ == '__main__':
unittest.main()
def test_ssl_unverified_with_ca_certs(self):
https_pool = HTTPSConnectionPool(self.host, self.port,
cert_reqs='CERT_NONE')
https_pool.ca_certs = DEFAULT_CA_BAD
https_pool.request('GET', '/')
def test_cert_reqs_as_short_string(self):
https_pool = HTTPSConnectionPool(self.host, self.port, cert_reqs="REQUIRED")
https_pool.ca_certs = DEFAULT_CA_BAD
# if we pass in an invalid value it defaults to CERT_NONE
self.assertRaises(SSLError, https_pool.request, "GET", "/")
def test_assert_fingerprint_sha1(self):
https_pool = HTTPSConnectionPool("127.0.0.1", self.port, cert_reqs="CERT_REQUIRED")
https_pool.ca_certs = DEFAULT_CA
https_pool.assert_fingerprint = "CC:45:6A:90:82:F7FF:C0:8218:8e:" "7A:F2:8A:D7:1E:07:33:67:DE"
https_pool.request("GET", "/")
def test_assert_fingerprint_md5(self):
https_pool = HTTPSConnectionPool("127.0.0.1", self.port, cert_reqs="CERT_REQUIRED")
https_pool.ca_certs = DEFAULT_CA
https_pool.assert_fingerprint = "CA:84:E1:AD0E5a:ef:2f:C3:09" ":E7:30:F8:CD:C8:5B"
https_pool.request("GET", "/")