def test_set_private_key_password_null_byte(self):
# NULL byte embedded in the password
test_ssl_ctx = _nassl.SSL_CTX(OpenSslVersionEnum.SSLV23.value)
# It raises a TypeError on Python 2.7 and 3.4, and a ValueError on 3.5
self.assertRaisesRegexp(Exception, ' null',
test_ssl_ctx.set_private_key_password,
('AAA\x00AAAA'))
def test_load_verify_locations(self):
test_ssl_ctx = _nassl.SSL_CTX(SSLV23)
test_file = tempfile.NamedTemporaryFile(delete=False)
test_file.write("""-----BEGIN CERTIFICATE-----
MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
-----END CERTIFICATE-----
""")
test_file.close()
self.assertIsNone(test_ssl_ctx.load_verify_locations(test_file.name))
def test_use_certificate_file(self):
testSsl = _nassl.SSL(_nassl.SSL_CTX(SSLV23))
testFile = tempfile.NamedTemporaryFile(delete=False)
testFile.write("""-----BEGIN CERTIFICATE-----
MIIDCjCCAnOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBgDELMAkGA1UEBhMCRlIx
DjAMBgNVBAgMBVBhcmlzMQ4wDAYDVQQHDAVQYXJpczEWMBQGA1UECgwNRGFzdGFy
ZGx5IEluYzEMMAoGA1UECwwDMTIzMQ8wDQYDVQQDDAZBbCBCYW4xGjAYBgkqhkiG
9w0BCQEWC2xvbEBsb2wuY29tMB4XDTEzMDEyNzAwMDM1OFoXDTE0MDEyNzAwMDM1
OFowgZcxCzAJBgNVBAYTAkZSMQwwCgYDVQQIDAMxMjMxDTALBgNVBAcMBFRlc3Qx
IjAgBgNVBAoMGUludHJvc3B5IFRlc3QgQ2xpZW50IENlcnQxCzAJBgNVBAsMAjEy
MRUwEwYDVQQDDAxBbGJhbiBEaXF1ZXQxIzAhBgkqhkiG9w0BCQEWFG5hYmxhLWMw
ZDNAZ21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlnvP1ltVO
8JDNT3AA99QqtiqCi/7BeEcFDm2al46mv7looz6CmB84osrusNVFsS5ICLbrCmeo
w5sxW7VVveGueBQyWynngl2PmmufA5Mhwq0ZY8CvwV+O7m0hEXxzwbyGa23ai16O
zIiaNlBAb0mC2vwJbsc3MTMovE6dHUgmzQIDAQABo3sweTAJBgNVHRMEAjAAMCwG
CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
HQ4EFgQUYR45okpFsqTYB1wlQQblLH9cRdgwHwYDVR0jBBgwFoAUP0X2HQlaca7D
NBzVbsjsdhzOqUQwDQYJKoZIhvcNAQEFBQADgYEAWEOxpRjvKvTurDXK/sEUw2KY
gmbbGP3tF+fQ/6JS1VdCdtLxxJAHHTW62ugVTlmJZtpsEGlg49BXAEMblLY/K7nm
dWN8oZL+754GaBlJ+wK6/Nz4YcuByJAnN8OeTY4Acxjhks8PrAbZgcf0FdpJaAlk
Pd2eQ9+DkopOz3UGU7c=
-----END CERTIFICATE-----
""")
testFile.close()
self.assertIsNone(testSsl.use_certificate_file(testFile.name, SSL_FILETYPE_PEM))
def test_do_handshake_bad_eof(self):
# No BIO attached to the SSL object
test_ssl = _nassl.SSL(_nassl.SSL_CTX(SSLV23))
test_ssl.set_connect_state()
self.assertRaisesRegexp(
_nassl.SslError, 'An EOF was observed that violates the protocol',
test_ssl.do_handshake)
def test_set_ciphersuites(self):
# Given an SSL object for TLS 1.3
test_ssl = _nassl.SSL(_nassl.SSL_CTX(OpenSslVersionEnum.TLSV1_3.value))
# With the default list of cipher disabled
test_ssl.set_cipher_list('')
# When setting a specific TLS 1.3 cipher suite as the list of supported ciphers
test_ssl.set_ciphersuites('TLS_CHACHA20_POLY1305_SHA256')
# That one cipher suite is the only one enabled
ciphers = test_ssl.get_cipher_list()
assert ['TLS_CHACHA20_POLY1305_SHA256'] == ciphers
def test_check_private_key(self):
testSsl = _nassl.SSL(_nassl.SSL_CTX(SSLV23))
testFile = tempfile.NamedTemporaryFile(delete=False)
testFile.write("""-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAOWe8/WW1U7wkM1P
cAD31Cq2KoKL/sF4RwUObZqXjqa/uWijPoKYHziiyu6w1UWxLkgItusKZ6jDmzFb
tVW94a54FDJbKeeCXY+aa58DkyHCrRljwK/BX47ubSERfHPBvIZrbdqLXo7MiJo2
UEBvSYLa/AluxzcxMyi8Tp0dSCbNAgMBAAECgYAl0ZpItsEHMWQIDK9b2XWeW0aB
HeGlp9O6p3ex4IhkOmulKk3fYIKz50wZKBLYWahPwO+vopUUHLNw27PwHUgQDmOY
QKAZowO3X5RT5URNzeiI2KTE431uNFqeMR9+XrnjQIZPDDaltACTTZpFp1rFqM+C
/WbZ2VHS/52Vrrj7wQJBAPW64ts+UHNQn1Y+CyYQGVERICdPwC4nSu/+MYpvo0r+
XX1bali8kTdBs2ByoWQOaFr3B4qffd4vb8lIMxt6f3kCQQDvN7ZUsyM/HcSw/4go
pGakZx1OJKBCet6uNA6ymglhDzmFoiAR3QAIxYTVQlc87m0v4ExjVC/nlbdNa4MX
m2j1AkAHgagAbozimOnlJowMo51CXrWOvd7vCgA+CJPW2MYyOkb811gOUeRVvcoO
/jFz7wS9EqLGV0zvBp/xlCULh9hxAkEA2x+tZOiy4J3kDj4D+zaczvulXG8wXbUv
RWNqEzAGZ2IKzt4zgiluXpqPksmyH55HZhOP5Wy4dOovfjt9WaKCAQJAEzgPLx+6
iuiRanrS8dy8Q5UXavmPgBeHXZ4gxWbXD3vC5Qzorgp+P04GhofSCFklXokTPrKN
jsXbhxAIkrdmpg==
-----END PRIVATE KEY-----
""")
testFile.close()
testFile2 = tempfile.NamedTemporaryFile(delete=False)
testFile2.write("""-----BEGIN CERTIFICATE-----
MIIDCjCCAnOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBgDELMAkGA1UEBhMCRlIx
DjAMBgNVBAgMBVBhcmlzMQ4wDAYDVQQHDAVQYXJpczEWMBQGA1UECgwNRGFzdGFy
ZGx5IEluYzEMMAoGA1UECwwDMTIzMQ8wDQYDVQQDDAZBbCBCYW4xGjAYBgkqhkiG
9w0BCQEWC2xvbEBsb2wuY29tMB4XDTEzMDEyNzAwMDM1OFoXDTE0MDEyNzAwMDM1
OFowgZcxCzAJBgNVBAYTAkZSMQwwCgYDVQQIDAMxMjMxDTALBgNVBAcMBFRlc3Qx
IjAgBgNVBAoMGUludHJvc3B5IFRlc3QgQ2xpZW50IENlcnQxCzAJBgNVBAsMAjEy
MRUwEwYDVQQDDAxBbGJhbiBEaXF1ZXQxIzAhBgkqhkiG9w0BCQEWFG5hYmxhLWMw
ZDNAZ21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlnvP1ltVO
8JDNT3AA99QqtiqCi/7BeEcFDm2al46mv7looz6CmB84osrusNVFsS5ICLbrCmeo
w5sxW7VVveGueBQyWynngl2PmmufA5Mhwq0ZY8CvwV+O7m0hEXxzwbyGa23ai16O
zIiaNlBAb0mC2vwJbsc3MTMovE6dHUgmzQIDAQABo3sweTAJBgNVHRMEAjAAMCwG
CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
HQ4EFgQUYR45okpFsqTYB1wlQQblLH9cRdgwHwYDVR0jBBgwFoAUP0X2HQlaca7D
NBzVbsjsdhzOqUQwDQYJKoZIhvcNAQEFBQADgYEAWEOxpRjvKvTurDXK/sEUw2KY
gmbbGP3tF+fQ/6JS1VdCdtLxxJAHHTW62ugVTlmJZtpsEGlg49BXAEMblLY/K7nm
dWN8oZL+754GaBlJ+wK6/Nz4YcuByJAnN8OeTY4Acxjhks8PrAbZgcf0FdpJaAlk
Pd2eQ9+DkopOz3UGU7c=
-----END CERTIFICATE-----
""")
testFile2.close()
self.assertIsNone(
testSsl.use_certificate_file(testFile2.name, SSL_FILETYPE_PEM))
self.assertIsNone(
testSsl.use_PrivateKey_file(testFile.name, SSL_FILETYPE_PEM))
self.assertIsNone(testSsl.check_private_key())
def test_use_PrivateKey_file(self):
testSsl = _nassl.SSL(_nassl.SSL_CTX(SSLV23))
testFile = tempfile.NamedTemporaryFile(delete=False)
testFile.write("""-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAOWe8/WW1U7wkM1P
cAD31Cq2KoKL/sF4RwUObZqXjqa/uWijPoKYHziiyu6w1UWxLkgItusKZ6jDmzFb
tVW94a54FDJbKeeCXY+aa58DkyHCrRljwK/BX47ubSERfHPBvIZrbdqLXo7MiJo2
UEBvSYLa/AluxzcxMyi8Tp0dSCbNAgMBAAECgYAl0ZpItsEHMWQIDK9b2XWeW0aB
HeGlp9O6p3ex4IhkOmulKk3fYIKz50wZKBLYWahPwO+vopUUHLNw27PwHUgQDmOY
QKAZowO3X5RT5URNzeiI2KTE431uNFqeMR9+XrnjQIZPDDaltACTTZpFp1rFqM+C
/WbZ2VHS/52Vrrj7wQJBAPW64ts+UHNQn1Y+CyYQGVERICdPwC4nSu/+MYpvo0r+
XX1bali8kTdBs2ByoWQOaFr3B4qffd4vb8lIMxt6f3kCQQDvN7ZUsyM/HcSw/4go
pGakZx1OJKBCet6uNA6ymglhDzmFoiAR3QAIxYTVQlc87m0v4ExjVC/nlbdNa4MX
m2j1AkAHgagAbozimOnlJowMo51CXrWOvd7vCgA+CJPW2MYyOkb811gOUeRVvcoO
/jFz7wS9EqLGV0zvBp/xlCULh9hxAkEA2x+tZOiy4J3kDj4D+zaczvulXG8wXbUv
RWNqEzAGZ2IKzt4zgiluXpqPksmyH55HZhOP5Wy4dOovfjt9WaKCAQJAEzgPLx+6
iuiRanrS8dy8Q5UXavmPgBeHXZ4gxWbXD3vC5Qzorgp+P04GhofSCFklXokTPrKN
jsXbhxAIkrdmpg==
-----END PRIVATE KEY-----
""")
testFile.close()
self.assertIsNone(testSsl.use_PrivateKey_file(testFile.name, SSL_FILETYPE_PEM))
def test_get_peer_certificate_bad(self):
testSsl = _nassl.SSL(_nassl.SSL_CTX(SSLV23))
self.assertIsNone(testSsl.get_peer_certificate())
def test_load_verify_locations_bad(self):
# Certificate file doesn't exist
test_ssl_ctx = _nassl.SSL_CTX(OpenSslVersionEnum.SSLV23.value)
self.assertRaises(_nassl.OpenSSLError,
test_ssl_ctx.load_verify_locations, 'tests')
def test_set_verify_bad(self):
# Invalid verify constant
test_ssl_ctx = _nassl.SSL_CTX(OpenSslVersionEnum.SSLV23.value)
self.assertRaises(ValueError, test_ssl_ctx.set_verify, (1235))
def test_set_private_key_password_null_byte(self):
# NULL byte embedded in the password
test_ssl_ctx = _nassl.SSL_CTX(SSLV23)
self.assertRaisesRegexp(TypeError, 'must be string without null bytes',
test_ssl_ctx.set_private_key_password,
("AAA\x00AAAA"))
def test_set_verify_bad(self):
# Invalid verify constant
test_ssl_ctx = _nassl.SSL_CTX(SSLV23)
self.assertRaises(ValueError, test_ssl_ctx.set_verify, (1235))
def test_pending(self):
# No BIO attached to the SSL object
testSsl = _nassl.SSL(_nassl.SSL_CTX(SSLV23))
self.assertGreaterEqual(testSsl.pending(), 0)
def test_set_ciphersuites_bad_string(self):
# Invalid cipher string
test_ssl = _nassl.SSL(_nassl.SSL_CTX(OpenSslVersionEnum.TLSV1_2.value))
with pytest.raises(_nassl.OpenSSLError, match='no cipher match'):
test_ssl.set_ciphersuites('lol')
def test_use_PrivateKey_file_bad(self):
# Bad filename
test_ssl_ctx = _nassl.SSL_CTX(SSLV23)
self.assertRaisesRegexp(_nassl.OpenSSLError, 'No such file',
test_ssl_ctx.use_PrivateKey_file,
'invalidPath', SSL_FILETYPE_PEM)
def test_set_tlsext_host_name_bad(self):
testSsl = _nassl.SSL(_nassl.SSL_CTX(SSLV23))
self.assertRaises(TypeError, testSsl.set_tlsext_host_name, (None))
def test_set_tlsext_host_name(self):
testSsl = _nassl.SSL(_nassl.SSL_CTX(SSLV23))
self.assertIsNone(testSsl.set_tlsext_host_name('test'))
def test_get_available_compression_methods_has_zlib(self):
testSsl = _nassl.SSL(_nassl.SSL_CTX(SSLV23))
self.assertEqual(['zlib compression'],testSsl.get_available_compression_methods())
def test_get_current_compression_method(self):
testSsl = _nassl.SSL(_nassl.SSL_CTX(SSLV23))
self.assertIsNone(testSsl.get_current_compression_method())
def test_get_secure_renegotiation_support(self):
testSsl = _nassl.SSL(_nassl.SSL_CTX(SSLV23))
self.assertFalse(testSsl.get_secure_renegotiation_support())
def test_use_certificate_file_bad(self):
# Bad filename
test_ssl_ctx = _nassl.SSL_CTX(SSLV23)
self.assertRaisesRegexp(_nassl.OpenSSLError, 'system lib',
test_ssl_ctx.use_certificate_chain_file,
'invalidPath')
def test_set_cipher_list(self):
testSsl = _nassl.SSL(_nassl.SSL_CTX(SSLV23))
self.assertIsNone(testSsl.set_cipher_list("LOW"))
def test_set_verify(self):
test_ssl_ctx = _nassl.SSL_CTX(SSLV23)
self.assertIsNone(test_ssl_ctx.set_verify(SSL_VERIFY_PEER))
def test_tlsv1_3(self):
ssl_ctx = _nassl.SSL_CTX(OpenSslVersionEnum.TLSV1_3)
assert ssl_ctx
def test_check_private_key_bad(self):
test_ssl_ctx = _nassl.SSL_CTX(SSLV23)
self.assertRaisesRegexp(_nassl.OpenSSLError, 'no certificate assigned',
test_ssl_ctx.check_private_key)
def test_new(self):
self.assertTrue(_nassl.SSL_CTX(OpenSslVersionEnum.SSLV23.value))
def test_load_verify_locations_bad(self):
# Certificate file doesn't exist
test_ssl_ctx = _nassl.SSL_CTX(SSLV23)
self.assertRaises(_nassl.OpenSSLError,
test_ssl_ctx.load_verify_locations, ("tests"))
def test_use_PrivateKey_file_bad(self):
# Bad filename
test_ssl_ctx = _nassl.SSL_CTX(OpenSslVersionEnum.SSLV23.value)
self.assertRaisesRegexp(_nassl.OpenSSLError, 'No such file',
test_ssl_ctx.use_PrivateKey_file,
'invalidPath', OpenSslFileTypeEnum.PEM.value)
def test_new(self):
self.assertTrue(_nassl.SSL_CTX(SSLV23))
def test_set_verify(self):
test_ssl_ctx = _nassl.SSL_CTX(OpenSslVersionEnum.SSLV23.value)
self.assertIsNone(test_ssl_ctx.set_verify(
OpenSslVerifyEnum.PEER.value))
