async def test_start_tls_on_uds_socket_stream(https_uds_server):
backend = lookup_backend()
ctx = SSLConfig().load_ssl_context_no_verify()
timeout = Timeout(5)
stream = await backend.open_uds_stream(https_uds_server.config.uds,
https_uds_server.url.host, None,
timeout)
try:
assert stream.is_connection_dropped() is False
assert get_cipher(stream) is None
stream = await stream.start_tls(https_uds_server.url.host, ctx,
timeout)
assert stream.is_connection_dropped() is False
assert get_cipher(stream) is not None
await stream.write(b"GET / HTTP/1.1\r\n\r\n", timeout)
response = await read_response(stream,
timeout,
should_contain=b"Hello, world")
assert response.startswith(b"HTTP/1.1 200 OK\r\n")
finally:
await stream.close()
def test_load_ssl_config_cert_and_encrypted_key(
cert_pem_file, cert_encrypted_private_key_file, password):
ssl_config = SSLConfig(cert=(cert_pem_file,
cert_encrypted_private_key_file, password))
context = ssl_config.ssl_context
assert context.verify_mode == ssl.VerifyMode.CERT_REQUIRED
assert context.check_hostname is True
async def test_https_get_with_ssl(https_server, ca_cert_pem_file):
"""
An HTTPS request, with SSL configuration set on the client.
"""
ssl = SSLConfig(verify=ca_cert_pem_file)
async with HTTPConnection(origin=https_server.url, ssl=ssl) as conn:
response = await conn.request("GET", https_server.url)
await response.aread()
assert response.status_code == 200
assert response.content == b"Hello, world!"
def test_ssl_config_support_for_keylog_file(tmpdir, monkeypatch): # pragma: nocover
with monkeypatch.context() as m:
m.delenv("SSLKEYLOGFILE", raising=False)
ssl_config = SSLConfig(trust_env=True)
assert ssl_config.ssl_context.keylog_filename is None
filename = str(tmpdir.join("test.log"))
with monkeypatch.context() as m:
m.setenv("SSLKEYLOGFILE", filename)
ssl_config = SSLConfig(trust_env=True)
assert ssl_config.ssl_context.keylog_filename == filename
ssl_config = SSLConfig(trust_env=False)
assert ssl_config.ssl_context.keylog_filename is None
def test_load_ssl_config_verify_env_file(https_server, ca_cert_pem_file,
config):
os.environ[config] = (ca_cert_pem_file if config.endswith("_FILE") else
str(Path(ca_cert_pem_file).parent))
ssl_config = SSLConfig(trust_env=True)
context = ssl_config.ssl_context
assert context.verify_mode == ssl.VerifyMode.CERT_REQUIRED
assert context.check_hostname is True
assert ssl_config.verify == os.environ[config]
# Skipping 'SSL_CERT_DIR' functional test for now because
# we're unable to get the certificate within the directory to
# load into the SSLContext. :(
if config == "SSL_CERT_FILE":
host = https_server.url.host
port = https_server.url.port
conn = socket.create_connection((host, port))
context.wrap_socket(conn, server_hostname=host)
assert len(context.get_ca_certs()) == 1
def test_load_ssl_context():
ssl_context = ssl.create_default_context()
ssl_config = SSLConfig(verify=ssl_context)
assert ssl_config.ssl_context is ssl_context
def test_load_ssl_config_no_verify():
ssl_config = SSLConfig(verify=False)
context = ssl_config.ssl_context
assert context.verify_mode == ssl.VerifyMode.CERT_NONE
assert context.check_hostname is False
def test_load_ssl_config_cert_without_key_raises(cert_pem_file):
with pytest.raises(ssl.SSLError):
SSLConfig(cert=cert_pem_file)
def test_load_ssl_config_cert_and_key_invalid_password(
cert_pem_file, cert_encrypted_private_key_file):
with pytest.raises(ssl.SSLError):
SSLConfig(cert=(cert_pem_file, cert_encrypted_private_key_file,
"password1"))
def test_load_ssl_config_verify_directory():
path = Path(certifi.where()).parent
ssl_config = SSLConfig(verify=str(path))
context = ssl_config.ssl_context
assert context.verify_mode == ssl.VerifyMode.CERT_REQUIRED
assert context.check_hostname is True
def test_load_ssl_config_verify_existing_file():
ssl_config = SSLConfig(verify=certifi.where())
context = ssl_config.ssl_context
assert context.verify_mode == ssl.VerifyMode.CERT_REQUIRED
assert context.check_hostname is True
def test_load_ssl_config_verify_non_existing_path():
with pytest.raises(IOError):
SSLConfig(verify="/path/to/nowhere")
def test_load_ssl_config():
ssl_config = SSLConfig()
context = ssl_config.ssl_context
assert context.verify_mode == ssl.VerifyMode.CERT_REQUIRED
assert context.check_hostname is True
def test_ssl_eq():
ssl = SSLConfig(verify=False)
assert ssl == SSLConfig(verify=False)
def test_ssl_repr():
ssl = SSLConfig(verify=False)
assert repr(ssl) == "SSLConfig(cert=None, verify=False)"
