(self)
| 3102 | self.assertTrue(cert, "Can't get peer certificate.") |
| 3103 | |
| 3104 | def test_dual_rsa_ecc(self): |
| 3105 | client_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) |
| 3106 | client_context.load_verify_locations(SIGNING_CA) |
| 3107 | # TODO: fix TLSv1.3 once SSLContext can restrict signature |
| 3108 | # algorithms. |
| 3109 | client_context.maximum_version = ssl.TLSVersion.TLSv1_2 |
| 3110 | # only ECDSA certs |
| 3111 | client_context.set_ciphers('ECDHE:ECDSA:!NULL:!aRSA') |
| 3112 | hostname = SIGNED_CERTFILE_ECC_HOSTNAME |
| 3113 | |
| 3114 | server_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) |
| 3115 | # load ECC and RSA key/cert pairs |
| 3116 | server_context.load_cert_chain(SIGNED_CERTFILE_ECC) |
| 3117 | server_context.load_cert_chain(SIGNED_CERTFILE) |
| 3118 | |
| 3119 | # correct hostname should verify |
| 3120 | server = ThreadedEchoServer(context=server_context, chatty=True) |
| 3121 | with server: |
| 3122 | with client_context.wrap_socket(socket.socket(), |
| 3123 | server_hostname=hostname) as s: |
| 3124 | s.connect((HOST, server.port)) |
| 3125 | cert = s.getpeercert() |
| 3126 | self.assertTrue(cert, "Can't get peer certificate.") |
| 3127 | cipher = s.cipher()[0].split('-') |
| 3128 | self.assertTrue(cipher[:2], ('ECDHE', 'ECDSA')) |
| 3129 | |
| 3130 | def test_check_hostname_idn(self, warnings_filters=True): |
| 3131 | if support.verbose: |
nothing calls this directly
no test coverage detected