(self)
| 2054 | self.assertIn('text/html', content_type) |
| 2055 | |
| 2056 | def test_networked_good_cert(self): |
| 2057 | # We feed the server's cert as a validating cert |
| 2058 | import ssl |
| 2059 | support.requires('network') |
| 2060 | selfsigned_pythontestdotnet = 'self-signed.pythontest.net' |
| 2061 | with socket_helper.transient_internet(selfsigned_pythontestdotnet): |
| 2062 | context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) |
| 2063 | self.assertEqual(context.verify_mode, ssl.CERT_REQUIRED) |
| 2064 | self.assertEqual(context.check_hostname, True) |
| 2065 | context.load_verify_locations(CERT_selfsigned_pythontestdotnet) |
| 2066 | try: |
| 2067 | h = client.HTTPSConnection(selfsigned_pythontestdotnet, 443, |
| 2068 | context=context) |
| 2069 | h.request('GET', '/') |
| 2070 | resp = h.getresponse() |
| 2071 | except ssl.SSLError as ssl_err: |
| 2072 | ssl_err_str = str(ssl_err) |
| 2073 | # In the error message of [SSL: CERTIFICATE_VERIFY_FAILED] on |
| 2074 | # modern Linux distros (Debian Buster, etc) default OpenSSL |
| 2075 | # configurations it'll fail saying "key too weak" until we |
| 2076 | # address https://bugs.python.org/issue36816 to use a proper |
| 2077 | # key size on self-signed.pythontest.net. |
| 2078 | if re.search(r'(?i)key.too.weak', ssl_err_str): |
| 2079 | raise unittest.SkipTest( |
| 2080 | f'Got {ssl_err_str} trying to connect ' |
| 2081 | f'to {selfsigned_pythontestdotnet}. ' |
| 2082 | 'See https://bugs.python.org/issue36816.') |
| 2083 | raise |
| 2084 | server_string = resp.getheader('server') |
| 2085 | resp.close() |
| 2086 | h.close() |
| 2087 | self.assertIn('nginx', server_string) |
| 2088 | |
| 2089 | @support.requires_resource('walltime') |
| 2090 | def test_networked_bad_cert(self): |
nothing calls this directly
no test coverage detected