def test_load_ssl_config_cert_and_key_invalid_password( cert_pem_file, cert_encrypted_private_key_file): ssl_config = SSLConfig(cert=(cert_pem_file, cert_encrypted_private_key_file, "password1")) with pytest.raises(ssl.SSLError): ssl_config.load_ssl_context()
def test_load_ssl_config_cert_and_encrypted_key( cert_pem_file, cert_encrypted_private_key_file, password): ssl_config = SSLConfig(cert=(cert_pem_file, cert_encrypted_private_key_file, password)) context = ssl_config.load_ssl_context() assert context.verify_mode == ssl.VerifyMode.CERT_REQUIRED assert context.check_hostname is True
def test_load_ssl_config_verify_env_file(https_server, ca_cert_pem_file, config): os.environ[config] = (ca_cert_pem_file if config.endswith("_FILE") else str(Path(ca_cert_pem_file).parent)) ssl_config = SSLConfig(trust_env=True) context = ssl_config.load_ssl_context() assert context.verify_mode == ssl.VerifyMode.CERT_REQUIRED assert context.check_hostname is True assert ssl_config.verify == os.environ[config] # Skipping 'SSL_CERT_DIR' functional test for now because # we're unable to get the certificate within the directory to # load into the SSLContext. :( if config == "SSL_CERT_FILE": host = https_server.url.host port = https_server.url.port conn = socket.create_connection((host, port)) context.wrap_socket(conn, server_hostname=host) assert len(context.get_ca_certs()) == 1
def test_ssl_config_support_for_keylog_file(tmpdir, monkeypatch): # pragma: nocover with monkeypatch.context() as m: m.delenv("SSLKEYLOGFILE", raising=False) ssl_config = SSLConfig(trust_env=True) ssl_config.load_ssl_context() assert ssl_config.ssl_context.keylog_filename is None filename = str(tmpdir.join("test.log")) with monkeypatch.context() as m: m.setenv("SSLKEYLOGFILE", filename) ssl_config = SSLConfig(trust_env=True) ssl_config.load_ssl_context() assert ssl_config.ssl_context.keylog_filename == filename ssl_config = SSLConfig(trust_env=False) ssl_config.load_ssl_context() assert ssl_config.ssl_context.keylog_filename is None
def test_load_ssl_config_no_verify(): ssl_config = SSLConfig(verify=False) context = ssl_config.load_ssl_context() assert context.verify_mode == ssl.VerifyMode.CERT_NONE assert context.check_hostname is False
def test_load_ssl_config_cert_without_key_raises(cert_pem_file): ssl_config = SSLConfig(cert=cert_pem_file) with pytest.raises(ssl.SSLError): ssl_config.load_ssl_context()
def test_load_ssl_config_verify_directory(): path = Path(certifi.where()).parent ssl_config = SSLConfig(verify=path) context = ssl_config.load_ssl_context() assert context.verify_mode == ssl.VerifyMode.CERT_REQUIRED assert context.check_hostname is True
def test_load_ssl_config_verify_existing_file(): ssl_config = SSLConfig(verify=certifi.where()) context = ssl_config.load_ssl_context() assert context.verify_mode == ssl.VerifyMode.CERT_REQUIRED assert context.check_hostname is True
def test_load_ssl_config_verify_non_existing_path(): ssl_config = SSLConfig(verify="/path/to/nowhere") with pytest.raises(IOError): ssl_config.load_ssl_context()
def test_load_ssl_config(): ssl_config = SSLConfig() context = ssl_config.load_ssl_context() assert context.verify_mode == ssl.VerifyMode.CERT_REQUIRED assert context.check_hostname is True