def start_https_server(self, responses=None, **kwargs): if not hasattr(urllib.request, 'HTTPSHandler'): self.skipTest('ssl support required') from test.ssl_servers import make_https_server if responses is None: responses = [(200, [], b"we care a bit")] handler = GetRequestHandler(responses) server = make_https_server(self, handler_class=handler, **kwargs) handler.port = server.port return handler
def start_https_server(self, responses=None, certfile=CERT_localhost): if not hasattr(urllib.request, "HTTPSHandler"): self.skipTest("ssl support required") from test.ssl_servers import make_https_server if responses is None: responses = [(200, [], b"we care a bit")] handler = GetRequestHandler(responses) server = make_https_server(self, certfile=certfile, handler_class=handler) handler.port = server.port return handler
def test_local_good_hostname(self): # The (valid) cert validates the HTTP hostname import ssl from test.ssl_servers import make_https_server server = make_https_server(self, CERT_localhost) context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) context.verify_mode = ssl.CERT_REQUIRED context.load_verify_locations(CERT_localhost) h = client.HTTPSConnection('localhost', server.port, context=context) h.request('GET', '/nonexistent') resp = h.getresponse() self.assertEqual(resp.status, 404)
def test_local_bad_hostname(self): # The (valid) cert doesn't validate the HTTP hostname import ssl from test.ssl_servers import make_https_server server = make_https_server(self, CERT_fakehostname) context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) context.verify_mode = ssl.CERT_REQUIRED context.load_verify_locations(CERT_fakehostname) h = client.HTTPSConnection("localhost", server.port, context=context) with self.assertRaises(ssl.CertificateError): h.request("GET", "/") # Same with explicit check_hostname=True h = client.HTTPSConnection("localhost", server.port, context=context, check_hostname=True) with self.assertRaises(ssl.CertificateError): h.request("GET", "/") # With check_hostname=False, the mismatching is ignored h = client.HTTPSConnection("localhost", server.port, context=context, check_hostname=False) h.request("GET", "/nonexistent") resp = h.getresponse() self.assertEqual(resp.status, 404)
def test_local_bad_hostname(self): # The (valid) cert doesn't validate the HTTP hostname import ssl from test.ssl_servers import make_https_server server = make_https_server(self, CERT_fakehostname) context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) context.verify_mode = ssl.CERT_REQUIRED context.load_verify_locations(CERT_fakehostname) h = client.HTTPSConnection('localhost', server.port, context=context) with self.assertRaises(ssl.CertificateError): h.request('GET', '/') # Same with explicit check_hostname=True h = client.HTTPSConnection('localhost', server.port, context=context, check_hostname=True) with self.assertRaises(ssl.CertificateError): h.request('GET', '/') # With check_hostname=False, the mismatching is ignored h = client.HTTPSConnection('localhost', server.port, context=context, check_hostname=False) h.request('GET', '/nonexistent') resp = h.getresponse() self.assertEqual(resp.status, 404)
def make_server(self, certfile): from test.ssl_servers import make_https_server return make_https_server(self, certfile=certfile)