MCPcopy Index your code
hub / github.com/RustPython/RustPython / try_protocol_combo

Function try_protocol_combo

Lib/test/test_ssl.py:2733–2808  ·  view source on GitHub ↗

Try to SSL-connect using *client_protocol* to *server_protocol*. If *expect_success* is true, assert that the connection succeeds, if it's false, assert that the connection fails. Also, if *expect_success* is a string, assert that it is the protocol version actually used by the

(server_protocol, client_protocol, expect_success,
                       certsreqs=None, server_options=0, client_options=0)

Source from the content-addressed store, hash-verified

2731 return stats
2732
2733def try_protocol_combo(server_protocol, client_protocol, expect_success,
2734 certsreqs=None, server_options=0, client_options=0):
2735 """
2736 Try to SSL-connect using *client_protocol* to *server_protocol*.
2737 If *expect_success* is true, assert that the connection succeeds,
2738 if it's false, assert that the connection fails.
2739 Also, if *expect_success* is a string, assert that it is the protocol
2740 version actually used by the connection.
2741 """
2742 if certsreqs is None:
2743 certsreqs = ssl.CERT_NONE
2744 certtype = {
2745 ssl.CERT_NONE: "CERT_NONE",
2746 ssl.CERT_OPTIONAL: "CERT_OPTIONAL",
2747 ssl.CERT_REQUIRED: "CERT_REQUIRED",
2748 }[certsreqs]
2749 if support.verbose:
2750 formatstr = (expect_success and " %s->%s %s\n") or " {%s->%s} %s\n"
2751 sys.stdout.write(formatstr %
2752 (ssl.get_protocol_name(client_protocol),
2753 ssl.get_protocol_name(server_protocol),
2754 certtype))
2755
2756 with warnings_helper.check_warnings():
2757 # ignore Deprecation warnings
2758 client_context = ssl.SSLContext(client_protocol)
2759 client_context.options |= client_options
2760 server_context = ssl.SSLContext(server_protocol)
2761 server_context.options |= server_options
2762
2763 min_version = PROTOCOL_TO_TLS_VERSION.get(client_protocol, None)
2764 if (min_version is not None
2765 # SSLContext.minimum_version is only available on recent OpenSSL
2766 # (setter added in OpenSSL 1.1.0, getter added in OpenSSL 1.1.1)
2767 and hasattr(server_context, 'minimum_version')
2768 and server_protocol == ssl.PROTOCOL_TLS
2769 and server_context.minimum_version > min_version
2770 ):
2771 # If OpenSSL configuration is strict and requires more recent TLS
2772 # version, we have to change the minimum to test old TLS versions.
2773 with warnings_helper.check_warnings():
2774 server_context.minimum_version = min_version
2775
2776 # NOTE: we must enable "ALL" ciphers on the client, otherwise an
2777 # SSLv23 client will send an SSLv3 hello (rather than SSLv2)
2778 # starting from OpenSSL 1.0.0 (see issue #8322).
2779 if client_context.protocol == ssl.PROTOCOL_TLS:
2780 client_context.set_ciphers("ALL")
2781
2782 seclevel_workaround(server_context, client_context)
2783
2784 for ctx in (client_context, server_context):
2785 ctx.verify_mode = certsreqs
2786 ctx.load_cert_chain(SIGNED_CERTFILE)
2787 ctx.load_verify_locations(SIGNING_CA)
2788 try:
2789 stats = server_params_test(client_context, server_context,
2790 chatty=False, connectionchatty=False)

Callers 5

test_PROTOCOL_TLSMethod · 0.85
test_protocol_sslv3Method · 0.85
test_protocol_tlsv1Method · 0.85
test_protocol_tlsv1_1Method · 0.85
test_protocol_tlsv1_2Method · 0.85

Calls 8

hasattrFunction · 0.85
seclevel_workaroundFunction · 0.85
server_params_testFunction · 0.85
writeMethod · 0.45
getMethod · 0.45
set_ciphersMethod · 0.45
load_cert_chainMethod · 0.45
load_verify_locationsMethod · 0.45

Tested by

no test coverage detected