(self)
| 1155 | ctx.verify_flags = None |
| 1156 | |
| 1157 | def test_load_cert_chain(self): |
| 1158 | ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) |
| 1159 | # Combined key and cert in a single file |
| 1160 | ctx.load_cert_chain(CERTFILE, keyfile=None) |
| 1161 | ctx.load_cert_chain(CERTFILE, keyfile=CERTFILE) |
| 1162 | self.assertRaises(TypeError, ctx.load_cert_chain, keyfile=CERTFILE) |
| 1163 | with self.assertRaises(OSError) as cm: |
| 1164 | ctx.load_cert_chain(NONEXISTINGCERT) |
| 1165 | self.assertEqual(cm.exception.errno, errno.ENOENT) |
| 1166 | with self.assertRaisesRegex(ssl.SSLError, "PEM (lib|routines)"): |
| 1167 | ctx.load_cert_chain(BADCERT) |
| 1168 | with self.assertRaisesRegex(ssl.SSLError, "PEM (lib|routines)"): |
| 1169 | ctx.load_cert_chain(EMPTYCERT) |
| 1170 | # Separate key and cert |
| 1171 | ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) |
| 1172 | ctx.load_cert_chain(ONLYCERT, ONLYKEY) |
| 1173 | ctx.load_cert_chain(certfile=ONLYCERT, keyfile=ONLYKEY) |
| 1174 | ctx.load_cert_chain(certfile=BYTES_ONLYCERT, keyfile=BYTES_ONLYKEY) |
| 1175 | with self.assertRaisesRegex(ssl.SSLError, "PEM (lib|routines)"): |
| 1176 | ctx.load_cert_chain(ONLYCERT) |
| 1177 | with self.assertRaisesRegex(ssl.SSLError, "PEM (lib|routines)"): |
| 1178 | ctx.load_cert_chain(ONLYKEY) |
| 1179 | with self.assertRaisesRegex(ssl.SSLError, "PEM (lib|routines)"): |
| 1180 | ctx.load_cert_chain(certfile=ONLYKEY, keyfile=ONLYCERT) |
| 1181 | # Mismatching key and cert |
| 1182 | ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) |
| 1183 | # Allow for flexible libssl error messages. |
| 1184 | regex = re.compile(r"""( |
| 1185 | key values mismatch # OpenSSL |
| 1186 | | |
| 1187 | KEY_VALUES_MISMATCH # AWS-LC |
| 1188 | )""", re.X) |
| 1189 | with self.assertRaisesRegex(ssl.SSLError, regex): |
| 1190 | ctx.load_cert_chain(CAFILE_CACERT, ONLYKEY) |
| 1191 | # Password protected key and cert |
| 1192 | ctx.load_cert_chain(CERTFILE_PROTECTED, password=KEY_PASSWORD) |
| 1193 | ctx.load_cert_chain(CERTFILE_PROTECTED, password=KEY_PASSWORD.encode()) |
| 1194 | ctx.load_cert_chain(CERTFILE_PROTECTED, |
| 1195 | password=bytearray(KEY_PASSWORD.encode())) |
| 1196 | ctx.load_cert_chain(ONLYCERT, ONLYKEY_PROTECTED, KEY_PASSWORD) |
| 1197 | ctx.load_cert_chain(ONLYCERT, ONLYKEY_PROTECTED, KEY_PASSWORD.encode()) |
| 1198 | ctx.load_cert_chain(ONLYCERT, ONLYKEY_PROTECTED, |
| 1199 | bytearray(KEY_PASSWORD.encode())) |
| 1200 | with self.assertRaisesRegex(TypeError, "should be a string"): |
| 1201 | ctx.load_cert_chain(CERTFILE_PROTECTED, password=True) |
| 1202 | with self.assertRaises(ssl.SSLError): |
| 1203 | ctx.load_cert_chain(CERTFILE_PROTECTED, password="badpass") |
| 1204 | with self.assertRaisesRegex(ValueError, "cannot be longer"): |
| 1205 | # openssl has a fixed limit on the password buffer. |
| 1206 | # PEM_BUFSIZE is generally set to 1kb. |
| 1207 | # Return a string larger than this. |
| 1208 | ctx.load_cert_chain(CERTFILE_PROTECTED, password=b'a' * 102400) |
| 1209 | # Password callback |
| 1210 | def getpass_unicode(): |
| 1211 | return KEY_PASSWORD |
| 1212 | def getpass_bytes(): |
| 1213 | return KEY_PASSWORD.encode() |
| 1214 | def getpass_bytearray(): |
nothing calls this directly
no test coverage detected