# SSL ####################################################################### ssl = parser.add_argument_group(title='SSL') ssl.add_argument('--verify', default='yes', help=""" Set to "no" (or "false") to skip checking the host's SSL certificate. Defaults to "yes" ("true"). You can also pass the path to a CA_BUNDLE file for private certs. (Or you can set the REQUESTS_CA_BUNDLE environment variable instead.) """) ssl.add_argument( '--ssl', # TODO: Maybe something more general, such as --secure-protocol? dest='ssl_version', choices=list(sorted(SSL_VERSION_ARG_MAPPING.keys())), help=""" The desired protocol version to use. This will default to SSL v2.3 which will negotiate the highest protocol that both the server and your installation of OpenSSL support. Available protocols may vary depending on OpenSSL installation (only the supported ones are shown here). """) ssl.add_argument('--cert', default=None, type=readable_file_arg, help=""" You can specify a local cert to use as client side SSL certificate. This file may either contain both private key and certificate or you may specify --cert-key separately.
from utils import http, HTTP_OK, TESTS_ROOT CLIENT_CERT = os.path.join(TESTS_ROOT, 'client_certs', 'client.crt') CLIENT_KEY = os.path.join(TESTS_ROOT, 'client_certs', 'client.key') CLIENT_PEM = os.path.join(TESTS_ROOT, 'client_certs', 'client.pem') # We test against a local httpbin instance which uses a self-signed cert. # Requests without --verify=<CA_BUNDLE> will fail with a verification error. # See: https://github.com/kevin1024/pytest-httpbin#https-support CA_BUNDLE = pytest_httpbin.certs.where() @pytest.mark.parametrize( argnames='ssl_version', argvalues=SSL_VERSION_ARG_MAPPING.keys() ) def test_ssl_version(httpbin_secure, ssl_version): try: r = http( '--verify', CA_BUNDLE, '--ssl', ssl_version, httpbin_secure + '/get' ) assert HTTP_OK in r except SSLError as e: if ssl_version == 'ssl3': # pytest-httpbin doesn't support ssl3 assert 'SSLV3_ALERT_HANDSHAKE_FAILURE' in str(e) else: raise
ssl_errors = ( requests.exceptions.SSLError, ) CLIENT_CERT = os.path.join(TESTS_ROOT, 'client_certs', 'client.crt') CLIENT_KEY = os.path.join(TESTS_ROOT, 'client_certs', 'client.key') CLIENT_PEM = os.path.join(TESTS_ROOT, 'client_certs', 'client.pem') # FIXME: # We test against a local httpbin instance which uses a self-signed cert. # Requests without --verify=<CA_BUNDLE> will fail with a verification error. # See: https://github.com/kevin1024/pytest-httpbin#https-support CA_BUNDLE = pytest_httpbin.certs.where() @pytest.mark.parametrize('ssl_version', SSL_VERSION_ARG_MAPPING.keys()) def test_ssl_version(httpbin_secure, ssl_version): try: r = http( '--ssl', ssl_version, httpbin_secure + '/get' ) assert HTTP_OK in r except ssl_errors as e: if ssl_version == 'ssl3': # pytest-httpbin doesn't support ssl3 assert 'SSLV3_ALERT_HANDSHAKE_FAILURE' in str(e) else: raise
from httpie.input import SSL_VERSION_ARG_MAPPING from utils import http, HTTP_OK, TESTS_ROOT CLIENT_CERT = os.path.join(TESTS_ROOT, 'client_certs', 'client.crt') CLIENT_KEY = os.path.join(TESTS_ROOT, 'client_certs', 'client.key') CLIENT_PEM = os.path.join(TESTS_ROOT, 'client_certs', 'client.pem') # FIXME: # We test against a local httpbin instance which uses a self-signed cert. # Requests without --verify=<CA_BUNDLE> will fail with a verification error. # See: https://github.com/kevin1024/pytest-httpbin#https-support CA_BUNDLE = pytest_httpbin.certs.where() @pytest.mark.parametrize('ssl_version', SSL_VERSION_ARG_MAPPING.keys()) def test_ssl_version(httpbin_secure, ssl_version): try: r = http( '--ssl', ssl_version, httpbin_secure + '/get' ) assert HTTP_OK in r except SSLError as e: if ssl_version == 'ssl3': # pytest-httpbin doesn't support ssl3 assert 'SSLV3_ALERT_HANDSHAKE_FAILURE' in str(e) else: raise
ssl = parser.add_argument_group(title="SSL") ssl.add_argument( "--verify", default="yes", help=""" Set to "no" to skip checking the host's SSL certificate. You can also pass the path to a CA_BUNDLE file for private certs. You can also set the REQUESTS_CA_BUNDLE environment variable. Defaults to "yes". """, ) ssl.add_argument( "--ssl", # TODO: Maybe something more general, such as --secure-protocol? dest="ssl_version", choices=list(sorted(SSL_VERSION_ARG_MAPPING.keys())), help=""" The desired protocol version to use. This will default to SSL v2.3 which will negotiate the highest protocol that both the server and your installation of OpenSSL support. Available protocols may vary depending on OpenSSL installation (only the supported ones are shown here). """, ) ssl.add_argument( "--cert", default=None, type=readable_file_arg, help=""" You can specify a local cert to use as client side SSL certificate.