def init_protocols(self, user_specified_protocols_str):
"""
This method builds a list of protocols to cover and places into .protocols attribute of the factory.
It will be used during server profile generation and by unittests.
"""
if user_specified_protocols_str is None:
# by default we test all protocols supported by the OS.
# it is responsibility of sslproto.get_supported_protocols() to alert the users about missing OS features if any
self.protocols = sslproto.get_supported_protocols()
else:
supported_protos = sslproto.get_supported_protocols(quiet=True)
user_specified_protocols = []
# check if protocols requested by the users are supported by OS
# create a list of unsupported protocols
unsupported_protos = []
for proto in user_specified_protocols_str.split(','):
proto.strip()
if proto in supported_protos:
user_specified_protocols.append(proto)
else:
unsupported_protos.append(proto)
# if any protocols are not supported, raise an exception
if len(unsupported_protos) > 0:
raise ConfigError('Following SSL protocols are not supported by OS libraries: %s'
% ','.join(unsupported_protos))
self.protocols = user_specified_protocols
def init_protocols(self, user_specified_protocols_str):
"""
This method builds a list of protocols to cover and places into .protocols attribute of the factory.
It will be used during server profile generation and by unittests.
"""
if user_specified_protocols_str is None:
# by default we test all protocols supported by the OS.
# it is responsibility of sslproto.get_supported_protocols() to alert the users about missing OS features if any
self.protocols = sslproto.get_supported_protocols()
else:
supported_protos = sslproto.get_supported_protocols(quiet=True)
user_specified_protocols = []
# check if protocols requested by the users are supported by OS
# create a list of unsupported protocols
unsupported_protos = []
for proto in user_specified_protocols_str.split(','):
proto.strip()
if proto in supported_protos:
user_specified_protocols.append(proto)
else:
unsupported_protos.append(proto)
# if any protocols are not supported, raise an exception
if len(unsupported_protos) > 0:
raise ConfigError(
'Following SSL protocols are not supported by OS libraries: %s'
% ','.join(unsupported_protos))
self.protocols = user_specified_protocols
def create_per_proto_tests():
def _(self, proto):
self._test_openssl_accepts_default_ciphers_for_proto(proto)
for proto in sslproto.get_supported_protocols():
setattr(TestSSLProtoModule, "test_openssl_accepts_default_ciphers_for_proto_%s" % proto,
lambda self, proto=proto: _(self, proto))
def create_per_proto_tests():
def _(self, proto):
self._test_openssl_accepts_default_ciphers_for_proto(proto)
for proto in sslproto.get_supported_protocols():
setattr(TestSSLProtoModule,
"test_openssl_accepts_default_ciphers_for_proto_%s" % proto,
lambda self, proto=proto: _(self, proto))
def create_per_cipher_tests():
def _(self, proto, cipher):
self._test_openssl_accepts_selected_proto_cipher(proto, cipher)
for proto in sslproto.get_supported_protocols():
ciphers = sslproto.get_ciphers(proto)
for cipher in ciphers:
cipher_slug_name = re.sub('-', '_', cipher)
setattr(TestSSLProtoModule, "test_openssl_accepts_proto_%s_cipher_%s" % (proto, cipher_slug_name),
lambda self, proto=proto, cipher=cipher: _(self, proto, cipher))
def test_plain_tcp_client(self):
# Plain TCP client causes unexpected UNEXPECTED_EOF.
eccars = []
for proto in sslproto.get_supported_protocols():
for cipher in sslproto.DEFAULT_CIPHER_SUITES:
eccars.append(
ECCAR(SSLServerProtoSpec(proto, cipher), UNEXPECTED_EOF))
self._main_test(['-m', 'sslproto'], TCPConnectionHammer(len(eccars)),
eccars)
def test_plain_tcp_client(self):
# Plain TCP client causes unexpected UNEXPECTED_EOF.
eccars = []
for proto in sslproto.get_supported_protocols():
for cipher in sslproto.DEFAULT_CIPHER_SUITES:
eccars.append(ECCAR(SSLServerProtoSpec(proto, cipher), UNEXPECTED_EOF))
self._main_test(
['-m', 'sslproto'],
TCPConnectionHammer(len(eccars)),
eccars
)
def create_per_cipher_tests():
def _(self, proto, cipher):
self._test_openssl_accepts_selected_proto_cipher(proto, cipher)
for proto in sslproto.get_supported_protocols():
ciphers = sslproto.get_ciphers(proto)
for cipher in ciphers:
cipher_slug_name = re.sub('-', '_', cipher)
setattr(TestSSLProtoModule,
"test_openssl_accepts_proto_%s_cipher_%s" %
(proto, cipher_slug_name),
lambda self, proto=proto, cipher=cipher: _(
self, proto, cipher))
def test_plain_tcp_client_timeout(self):
# Plain TCP client causes unexpected UNEXPECTED_EOF.
eccars = []
for proto in sslproto.get_supported_protocols():
for cipher in sslproto.DEFAULT_CIPHER_SUITES:
if proto == 'sslv2':
expected_error = 'SSL_ERROR_ZERO_RETURN'
else:
expected_error = 'SSL_ERROR_SYSCALL'
eccars.append(
ECCAR(SSLServerProtoSpec(proto, cipher), expected_error))
self._main_test(['-m', 'sslproto'],
TCPConnectionHammer(len(eccars),
delay_before_close=30), eccars)
def test_plain_tcp_client_timeout(self):
# Plain TCP client causes unexpected UNEXPECTED_EOF.
eccars = []
for proto in sslproto.get_supported_protocols():
for cipher in sslproto.DEFAULT_CIPHER_SUITES:
if proto == 'sslv2':
expected_error = 'SSL_ERROR_ZERO_RETURN'
else:
expected_error = 'SSL_ERROR_SYSCALL'
eccars.append(ECCAR(SSLServerProtoSpec(proto, cipher), expected_error))
self._main_test(
['-m', 'sslproto'],
TCPConnectionHammer(len(eccars), delay_before_close=30),
eccars
)
def test_curl_works_with_sslv2_and_export_ciphers(self):
# curl is expected to work with SSLv2 and weak ciphers
eccars = []
there_are_export_ciphers = False
protos = sslproto.get_supported_protocols()
for proto in protos:
for cipher in sslproto.DEFAULT_CIPHER_SUITES:
if cipher == sslproto.EXPORT_CIPHER:
there_are_export_ciphers = True
if proto == 'sslv2':
expected_res = ALERT_NON_SSLV2_INITIAL_PACKET
elif proto == 'sslv3':
expected_res = ALERT_SSLV3_BAD_CERTIFICATE
else:
expected_res = ALERT_UNKNOWN_CA
eccars.append(
ECCAR(SSLServerProtoSpec(proto, cipher),
expected_res=expected_res))
self.assertTrue(there_are_export_ciphers)
self._main_test(['-m', 'sslproto'], CurlHammer(len(eccars)), eccars)
def test_curl_works_with_sslv2_and_export_ciphers(self):
# curl is expected to work with SSLv2 and weak ciphers
eccars = []
there_are_export_ciphers = False
protos = sslproto.get_supported_protocols()
for proto in protos:
for cipher in sslproto.DEFAULT_CIPHER_SUITES:
if cipher == sslproto.EXPORT_CIPHER:
there_are_export_ciphers = True
if proto == 'sslv2':
expected_res = ALERT_NON_SSLV2_INITIAL_PACKET
elif proto == 'sslv3':
expected_res = ALERT_SSLV3_BAD_CERTIFICATE
else:
expected_res = ALERT_UNKNOWN_CA
eccars.append(ECCAR(SSLServerProtoSpec(proto, cipher), expected_res=expected_res))
self.assertTrue(there_are_export_ciphers)
self._main_test(
['-m', 'sslproto'],
CurlHammer(len(eccars)),
eccars
)
