MCPcopy Index your code
hub / github.com/RustPython/RustPython / test_verify_strict

Method test_verify_strict

Lib/test/test_ssl.py:3074–3102  ·  view source on GitHub ↗
(self)

Source from the content-addressed store, hash-verified

3072 @unittest.skipUnless(IS_OPENSSL_3_0_0,
3073 "test requires RFC 5280 check added in OpenSSL 3.0+")
3074 def test_verify_strict(self):
3075 # verification fails by default, since the server cert is non-conforming
3076 client_context = ssl.create_default_context()
3077 client_context.load_verify_locations(LEAF_MISSING_AKI_CA)
3078 hostname = LEAF_MISSING_AKI_CERTFILE_HOSTNAME
3079
3080 server_context = ssl.create_default_context(purpose=Purpose.CLIENT_AUTH)
3081 server_context.load_cert_chain(LEAF_MISSING_AKI_CERTFILE)
3082 server = ThreadedEchoServer(context=server_context, chatty=True)
3083 with server:
3084 with client_context.wrap_socket(socket.socket(),
3085 server_hostname=hostname) as s:
3086 with self.assertRaises(ssl.SSLError):
3087 s.connect((HOST, server.port))
3088
3089 # explicitly disabling VERIFY_X509_STRICT allows it to succeed
3090 client_context = ssl.create_default_context()
3091 client_context.load_verify_locations(LEAF_MISSING_AKI_CA)
3092 client_context.verify_flags &= ~ssl.VERIFY_X509_STRICT
3093
3094 server_context = ssl.create_default_context(purpose=Purpose.CLIENT_AUTH)
3095 server_context.load_cert_chain(LEAF_MISSING_AKI_CERTFILE)
3096 server = ThreadedEchoServer(context=server_context, chatty=True)
3097 with server:
3098 with client_context.wrap_socket(socket.socket(),
3099 server_hostname=hostname) as s:
3100 s.connect((HOST, server.port))
3101 cert = s.getpeercert()
3102 self.assertTrue(cert, "Can't get peer certificate.")
3103
3104 def test_dual_rsa_ecc(self):
3105 client_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)

Callers

nothing calls this directly

Calls 9

ThreadedEchoServerClass · 0.85
wrap_socketMethod · 0.80
socketMethod · 0.80
assertTrueMethod · 0.80
load_verify_locationsMethod · 0.45
load_cert_chainMethod · 0.45
assertRaisesMethod · 0.45
connectMethod · 0.45
getpeercertMethod · 0.45

Tested by

no test coverage detected