Connecting when the server rejects the client's certificate Launch a server with CERT_REQUIRED, and check that trying to connect to it with a wrong client certificate fails.
(self)
| 3208 | ) |
| 3209 | |
| 3210 | def test_wrong_cert_tls12(self): |
| 3211 | """Connecting when the server rejects the client's certificate |
| 3212 | |
| 3213 | Launch a server with CERT_REQUIRED, and check that trying to |
| 3214 | connect to it with a wrong client certificate fails. |
| 3215 | """ |
| 3216 | client_context, server_context, hostname = testing_context() |
| 3217 | # load client cert that is not signed by trusted CA |
| 3218 | client_context.load_cert_chain(CERTFILE) |
| 3219 | # require TLS client authentication |
| 3220 | server_context.verify_mode = ssl.CERT_REQUIRED |
| 3221 | # TLS 1.3 has different handshake |
| 3222 | client_context.maximum_version = ssl.TLSVersion.TLSv1_2 |
| 3223 | |
| 3224 | server = ThreadedEchoServer( |
| 3225 | context=server_context, chatty=True, connectionchatty=True, |
| 3226 | ) |
| 3227 | |
| 3228 | with server, \ |
| 3229 | client_context.wrap_socket(socket.socket(), |
| 3230 | server_hostname=hostname) as s: |
| 3231 | try: |
| 3232 | # Expect either an SSL error about the server rejecting |
| 3233 | # the connection, or a low-level connection reset (which |
| 3234 | # sometimes happens on Windows) |
| 3235 | s.connect((HOST, server.port)) |
| 3236 | except ssl.SSLError as e: |
| 3237 | if support.verbose: |
| 3238 | sys.stdout.write("\nSSLError is %r\n" % e) |
| 3239 | except OSError as e: |
| 3240 | if e.errno != errno.ECONNRESET: |
| 3241 | raise |
| 3242 | if support.verbose: |
| 3243 | sys.stdout.write("\nsocket.error is %r\n" % e) |
| 3244 | else: |
| 3245 | self.fail("Use of invalid cert should have failed!") |
| 3246 | |
| 3247 | @requires_tls_version('TLSv1_3') |
| 3248 | def test_wrong_cert_tls13(self): |
nothing calls this directly
no test coverage detected