def test_no_verify(self):
"""Test the no_verify option."""
certs = FakeCerts(self, "localhost")
server_context = ssl.DefaultOpenSSLContextFactory(
certs.server_key_path, certs.server_cert_path)
client_context = context.get_ssl_context(no_verify=True,
hostname="localhost")
yield self.verify_context(server_context, client_context)
def test_matches_all(self):
"""A valid certificate passes checks."""
certs = FakeCerts(self, "localhost")
server_context = ssl.DefaultOpenSSLContextFactory(
certs.server_key_path, certs.server_cert_path)
self.patch(context, "get_certificates", lambda: [certs.ca_cert])
client_context = context.get_ssl_context(no_verify=False,
hostname="localhost")
yield self.verify_context(server_context, client_context)
def test_fails_certificate(self):
"""A wrong certificate is rejected."""
certs = FakeCerts(self, "localhost")
server_context = ssl.DefaultOpenSSLContextFactory(
certs.server_key_path, certs.server_cert_path)
client_context = context.get_ssl_context(no_verify=False,
hostname="localhost")
d = self.verify_context(server_context, client_context)
e = yield self.assertFailure(d, SSL.Error)
self.assertEqual(e[0][0][1], "ssl3_get_server_certificate")
def test_use_all_certificates_and_fail(self):
"""Use system installed certificates and fail checking self-signed."""
certs = FakeCerts(self, "localhost")
server_context = ssl.DefaultOpenSSLContextFactory(
certs.server_key_path, certs.server_cert_path)
client_context = context.get_ssl_context(no_verify=False,
hostname="localhost")
site = server.Site(FakeResource())
port = reactor.listenSSL(0, site, server_context)
self.addCleanup(port.stopListening)
url = "https://localhost:%d" % port.getHost().port
try:
yield client.getPage(url, contextFactory=client_context)
except SSL.Error:
return
else:
self.fail("Should fail with SSL Error.")