(self)
| 1282 | self.assertRaises(TypeError, ctx.load_verify_locations, None, True) |
| 1283 | |
| 1284 | def test_load_verify_cadata(self): |
| 1285 | # test cadata |
| 1286 | with open(CAFILE_CACERT) as f: |
| 1287 | cacert_pem = f.read() |
| 1288 | cacert_der = ssl.PEM_cert_to_DER_cert(cacert_pem) |
| 1289 | with open(CAFILE_NEURONIO) as f: |
| 1290 | neuronio_pem = f.read() |
| 1291 | neuronio_der = ssl.PEM_cert_to_DER_cert(neuronio_pem) |
| 1292 | |
| 1293 | # test PEM |
| 1294 | ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) |
| 1295 | self.assertEqual(ctx.cert_store_stats()["x509_ca"], 0) |
| 1296 | ctx.load_verify_locations(cadata=cacert_pem) |
| 1297 | self.assertEqual(ctx.cert_store_stats()["x509_ca"], 1) |
| 1298 | ctx.load_verify_locations(cadata=neuronio_pem) |
| 1299 | self.assertEqual(ctx.cert_store_stats()["x509_ca"], 2) |
| 1300 | # cert already in hash table |
| 1301 | ctx.load_verify_locations(cadata=neuronio_pem) |
| 1302 | self.assertEqual(ctx.cert_store_stats()["x509_ca"], 2) |
| 1303 | |
| 1304 | # combined |
| 1305 | ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) |
| 1306 | combined = "\n".join((cacert_pem, neuronio_pem)) |
| 1307 | ctx.load_verify_locations(cadata=combined) |
| 1308 | self.assertEqual(ctx.cert_store_stats()["x509_ca"], 2) |
| 1309 | |
| 1310 | # with junk around the certs |
| 1311 | ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) |
| 1312 | combined = ["head", cacert_pem, "other", neuronio_pem, "again", |
| 1313 | neuronio_pem, "tail"] |
| 1314 | ctx.load_verify_locations(cadata="\n".join(combined)) |
| 1315 | self.assertEqual(ctx.cert_store_stats()["x509_ca"], 2) |
| 1316 | |
| 1317 | # test DER |
| 1318 | ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) |
| 1319 | ctx.load_verify_locations(cadata=cacert_der) |
| 1320 | ctx.load_verify_locations(cadata=neuronio_der) |
| 1321 | self.assertEqual(ctx.cert_store_stats()["x509_ca"], 2) |
| 1322 | # cert already in hash table |
| 1323 | ctx.load_verify_locations(cadata=cacert_der) |
| 1324 | self.assertEqual(ctx.cert_store_stats()["x509_ca"], 2) |
| 1325 | |
| 1326 | # combined |
| 1327 | ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) |
| 1328 | combined = b"".join((cacert_der, neuronio_der)) |
| 1329 | ctx.load_verify_locations(cadata=combined) |
| 1330 | self.assertEqual(ctx.cert_store_stats()["x509_ca"], 2) |
| 1331 | |
| 1332 | # error cases |
| 1333 | ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) |
| 1334 | self.assertRaises(TypeError, ctx.load_verify_locations, cadata=object) |
| 1335 | |
| 1336 | with self.assertRaisesRegex( |
| 1337 | ssl.SSLError, |
| 1338 | "no start line: cadata does not contain a certificate" |
| 1339 | ): |
| 1340 | ctx.load_verify_locations(cadata="broken") |
| 1341 | with self.assertRaisesRegex( |
nothing calls this directly
no test coverage detected