def test_no_such_cipher(self):
self.args = self.args + ['-cipher', 'AES128-SHA']
pid = self.start_server(self.args)
try:
ctx = SSL.Context()
s = SSL.Connection(ctx)
s.set_cipher_list('EXP-RC2-MD5')
with six.assertRaisesRegex(self, SSL.SSLError, 'no ciphers available'):
s.connect(self.srv_addr)
s.close()
finally:
self.stop_server(pid)
def test_tls1_nok(self):
self.args.append('-no_tls1')
pid = self.start_server(self.args)
try:
ctx = SSL.Context('tlsv1')
s = SSL.Connection(ctx)
with six.assertRaisesRegex(self, SSL.SSLError,
r'wrong version number|unexpected eof'):
s.connect(self.srv_addr)
s.close()
finally:
self.stop_server(pid)
def test_tls1_nok(self):
self.args.append('-no_tls1')
pid = self.start_server(self.args)
try:
ctx = SSL.Context('tlsv1')
s = SSL.Connection(ctx)
with six.assertRaisesRegex(self, SSL.SSLError,
r'wrong version number|unexpected eof'):
s.connect(self.srv_addr)
s.close()
finally:
self.stop_server(pid)
def test_no_such_cipher(self):
self.args = self.args + ['-cipher', 'AES128-SHA']
pid = self.start_server(self.args)
try:
ctx = SSL.Context()
s = SSL.Connection(ctx)
s.set_cipher_list('EXP-RC2-MD5')
with six.assertRaisesRegex(self, SSL.SSLError,
'no ciphers available'):
s.connect(self.srv_addr)
s.close()
finally:
self.stop_server(pid)
def test_cipher_mismatch(self):
self.args = self.args + ['-cipher', 'AES256-SHA']
pid = self.start_server(self.args)
try:
ctx = SSL.Context()
s = SSL.Connection(ctx)
s.set_cipher_list('AES128-SHA')
with six.assertRaisesRegex(self, SSL.SSLError,
'sslv3 alert handshake failure'):
s.connect(self.srv_addr)
s.close()
finally:
self.stop_server(pid)
def test_cipher_mismatch(self):
self.args = self.args + ['-cipher', 'AES256-SHA']
pid = self.start_server(self.args)
try:
ctx = SSL.Context()
s = SSL.Connection(ctx)
s.set_cipher_list('AES128-SHA')
with six.assertRaisesRegex(self, SSL.SSLError,
'sslv3 alert handshake failure'):
s.connect(self.srv_addr)
s.close()
finally:
self.stop_server(pid)
def test_tls1_nok(self):
self.args.append('-no_tls1')
pid = self.start_server(self.args)
try:
with warnings.catch_warnings():
warnings.simplefilter('ignore', DeprecationWarning)
ctx = SSL.Context('tlsv1')
s = SSL.Connection(ctx)
with six.assertRaisesRegex(self, SSL.SSLError,
r'version|unexpected eof'):
s.connect(self.srv_addr)
s.close()
finally:
self.stop_server(pid)
def test_tls1_nok(self):
self.args.append('-no_tls1')
pid = self.start_server(self.args)
try:
with warnings.catch_warnings():
warnings.simplefilter('ignore', DeprecationWarning)
ctx = SSL.Context('tlsv1')
s = SSL.Connection(ctx)
with six.assertRaisesRegex(self, SSL.SSLError,
r'version|unexpected eof'):
s.connect(self.srv_addr)
s.close()
finally:
self.stop_server(pid)
def test_public_encrypt(self):
priv = RSA.load_key(self.privkey)
# pkcs1_padding, pkcs1_oaep_padding
for padding in self.e_padding_ok:
p = getattr(RSA, padding)
ctxt = priv.public_encrypt(self.data, p)
ptxt = priv.private_decrypt(ctxt, p)
self.assertEqual(ptxt, self.data)
# no_padding
with six.assertRaisesRegex(self, RSA.RSAError, 'data too small'):
priv.public_encrypt(self.data, RSA.no_padding)
# Type-check the data to be encrypted.
with self.assertRaises(TypeError):
priv.public_encrypt(self.gen_callback, RSA.pkcs1_padding)
