def test_get_verified_chain_but_validation_failed(self):
# Given an SslClient connecting to Google
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(5)
sock.connect(("www.google.com", 443))
ssl_client = SslClient(
ssl_version=OpenSslVersionEnum.TLSV1_2,
underlying_socket=sock,
# That is configured to silently fail validation
ssl_verify=OpenSslVerifyEnum.NONE,
)
# When doing a TLS handshake, it succeeds
try:
ssl_client.do_handshake()
# And when requesting the verified certificate chain
with pytest.raises(CertificateChainVerificationFailed):
# It fails because certificate validation failed
ssl_client.get_verified_chain()
finally:
ssl_client.shutdown()
def test_get_verified_chain_but_validation_failed(self):
# Given an SslClient connecting to Google
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(5)
sock.connect(('www.google.com', 443))
ssl_client = SslClient(
ssl_version=OpenSslVersionEnum.TLSV1_2,
underlying_socket=sock,
# That is configured to silently fail validation
ssl_verify=OpenSslVerifyEnum.NONE
)
# When doing a TLS handshake, it succeeds
try:
ssl_client.do_handshake()
# And when requesting the verified certificate chain
with pytest.raises(CouldNotBuildVerifiedChain):
# It fails because certificate validation failed
ssl_client.get_verified_chain()
finally:
ssl_client.shutdown()
def test_get_verified_chain(self):
# Given an SslClient connecting to Google
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(5)
sock.connect(("www.yahoo.com", 443))
print(str(Path(__file__).absolute().parent / "google_roots.pem"))
ssl_client = SslClient(
ssl_version=OpenSslVersionEnum.TLSV1_2,
underlying_socket=sock,
# That is configured to properly validate certificates
ssl_verify=OpenSslVerifyEnum.PEER,
ssl_verify_locations=Path(__file__).absolute().parent /
"mozilla.pem",
)
# When doing a TLS handshake, it succeeds
try:
ssl_client.do_handshake()
# And when requesting the verified certificate chain, it returns it
assert ssl_client.get_verified_chain()
finally:
ssl_client.shutdown()
def test_get_verified_chain(self):
# Given an SslClient connecting to Google
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(5)
sock.connect(('www.yahoo.com', 443))
print(str(Path(__file__).absolute().parent / 'google_roots.pem'))
ssl_client = SslClient(
ssl_version=OpenSslVersionEnum.TLSV1_2,
underlying_socket=sock,
# That is configured to properly validate certificates
ssl_verify=OpenSslVerifyEnum.PEER,
ssl_verify_locations=str(Path(__file__).absolute().parent / 'mozilla.pem')
)
# When doing a TLS handshake, it succeeds
try:
ssl_client.do_handshake()
# And when requesting the verified certificate chain, it returns it
assert ssl_client.get_verified_chain()
finally:
ssl_client.shutdown()
ssl_client = SslClient(
ssl_version=OpenSslVersionEnum.TLSV1_2,
underlying_socket=sock,
ssl_verify=OpenSslVerifyEnum.PEER,
ssl_verify_locations=mozilla_store,
)
ssl_client.set_tlsext_status_ocsp()
ssl_client.do_handshake()
print("Received certificate chain")
for pem_cert in ssl_client.get_received_chain():
print(pem_cert)
print("Verified certificate chain")
for pem_cert in ssl_client.get_verified_chain():
print(pem_cert)
print("OCSP Stapling")
ocsp_resp = ssl_client.get_tlsext_status_ocsp_resp()
if ocsp_resp:
ocsp_resp.verify(Path(mozilla_store))
print(ocsp_resp.status)
print("\nCipher suite")
print(ssl_client.get_current_cipher_name())
print("\nHTTP response")
ssl_client.write(
b"GET / HTTP/1.0\r\nUser-Agent: Test\r\nHost: www.google.com\r\n\r\n")
print(ssl_client.read(2048))
ssl_client = SslClient(
ssl_version=OpenSslVersionEnum.TLSV1_2,
underlying_socket=sock,
ssl_verify=OpenSslVerifyEnum.PEER,
ssl_verify_locations=mozilla_store,
)
ssl_client.set_tlsext_status_ocsp()
ssl_client.do_handshake()
print('Received certificate chain')
for pem_cert in ssl_client.get_received_chain():
print(pem_cert)
print('Verified certificate chain')
for pem_cert in ssl_client.get_verified_chain():
print(pem_cert)
print('OCSP Stapling')
ocsp_resp = ssl_client.get_tlsext_status_ocsp_resp()
if ocsp_resp:
ocsp_resp.verify(mozilla_store)
print(ocsp_resp.as_dict())
print('\nCipher suite')
print(ssl_client.get_current_cipher_name())
print('\nHTTP response')
ssl_client.write(b'GET / HTTP/1.0\r\nUser-Agent: Test\r\nHost: www.google.com\r\n\r\n')
print(ssl_client.read(2048))
