(self)
| 3049 | s.connect((HOST, server.port)) |
| 3050 | |
| 3051 | def test_ecc_cert(self): |
| 3052 | client_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) |
| 3053 | client_context.load_verify_locations(SIGNING_CA) |
| 3054 | client_context.set_ciphers('ECDHE:ECDSA:!NULL:!aRSA') |
| 3055 | hostname = SIGNED_CERTFILE_ECC_HOSTNAME |
| 3056 | |
| 3057 | server_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) |
| 3058 | # load ECC cert |
| 3059 | server_context.load_cert_chain(SIGNED_CERTFILE_ECC) |
| 3060 | |
| 3061 | # correct hostname should verify |
| 3062 | server = ThreadedEchoServer(context=server_context, chatty=True) |
| 3063 | with server: |
| 3064 | with client_context.wrap_socket(socket.socket(), |
| 3065 | server_hostname=hostname) as s: |
| 3066 | s.connect((HOST, server.port)) |
| 3067 | cert = s.getpeercert() |
| 3068 | self.assertTrue(cert, "Can't get peer certificate.") |
| 3069 | cipher = s.cipher()[0].split('-') |
| 3070 | self.assertTrue(cipher[:2], ('ECDHE', 'ECDSA')) |
| 3071 | |
| 3072 | @unittest.skipUnless(IS_OPENSSL_3_0_0, |
| 3073 | "test requires RFC 5280 check added in OpenSSL 3.0+") |
nothing calls this directly
no test coverage detected