def client_context(ca: CA) -> SSLContext: client_context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH) if hasattr(ssl, "OP_IGNORE_UNEXPECTED_EOF"): client_context.options ^= ssl.OP_IGNORE_UNEXPECTED_EOF # type: ignore[attr-defined] ca.configure_trust(client_context) return client_context
def test_unrecognized_context_type(): ca = CA() server = ca.issue_cert(u"test-1.example.org") with pytest.raises(TypeError): ca.configure_trust(None) with pytest.raises(TypeError): server.configure_cert(None)
async def test_send_eof_not_implemented(self, server_context: ssl.SSLContext, ca: CA, force_tlsv12: bool) -> None: def serve_sync() -> None: conn, addr = server_sock.accept() conn.sendall(b"hello") conn.unwrap() conn.close() client_context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH) ca.configure_trust(client_context) if force_tlsv12: expected_pattern = r"send_eof\(\) requires at least TLSv1.3" if hasattr(ssl, "TLSVersion"): client_context.maximum_version = ssl.TLSVersion.TLSv1_2 else: # Python 3.6 client_context.options |= ssl.OP_NO_TLSv1_3 else: expected_pattern = ( r"send_eof\(\) has not yet been implemented for TLS streams") server_sock = server_context.wrap_socket(socket.socket(), server_side=True, suppress_ragged_eofs=False) server_sock.settimeout(1) server_sock.bind(("127.0.0.1", 0)) server_sock.listen() server_thread = Thread(target=serve_sync, daemon=True) server_thread.start() stream = await connect_tcp(*server_sock.getsockname()) async with await TLSStream.wrap(stream, hostname="localhost", ssl_context=client_context) as wrapper: assert await wrapper.receive() == b"hello" with pytest.raises(NotImplementedError) as exc: await wrapper.send_eof() exc.match(expected_pattern) server_thread.join() server_sock.close()
def client_ssl_ctx(tls_certificate_authority: trustme.CA) -> ssl.SSLContext: ssl_ctx = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH) tls_certificate_authority.configure_trust(ssl_ctx) return ssl_ctx
def ca_ssl_context(cert_authority: trustme.CA) -> ssl.SSLContext: ctx = ssl.create_default_context() cert_authority.configure_trust(ctx) return ctx