(self)
| 233 | @client_context.require_no_auth |
| 234 | @ignore_deprecations |
| 235 | def test_cert_ssl_validation(self): |
| 236 | # Expects the server to be running with server.pem and ca.pem |
| 237 | # |
| 238 | # --sslPEMKeyFile=/path/to/pymongo/test/certificates/server.pem |
| 239 | # --sslCAFile=/path/to/pymongo/test/certificates/ca.pem |
| 240 | # |
| 241 | client = self.simple_client( |
| 242 | "localhost", |
| 243 | ssl=True, |
| 244 | tlsCertificateKeyFile=CLIENT_PEM, |
| 245 | tlsAllowInvalidCertificates=False, |
| 246 | tlsCAFile=CA_PEM, |
| 247 | ) |
| 248 | response = client.admin.command(HelloCompat.LEGACY_CMD) |
| 249 | if "setName" in response: |
| 250 | if response["primary"].split(":")[0] != "localhost": |
| 251 | raise SkipTest( |
| 252 | "No hosts in the replicaset for 'localhost'. " |
| 253 | "Cannot validate hostname in the certificate" |
| 254 | ) |
| 255 | |
| 256 | client = self.simple_client( |
| 257 | "localhost", |
| 258 | replicaSet=response["setName"], |
| 259 | w=len(response["hosts"]), |
| 260 | ssl=True, |
| 261 | tlsCertificateKeyFile=CLIENT_PEM, |
| 262 | tlsAllowInvalidCertificates=False, |
| 263 | tlsCAFile=CA_PEM, |
| 264 | ) |
| 265 | |
| 266 | self.assertClientWorks(client) |
| 267 | |
| 268 | if HAVE_IPADDRESS: |
| 269 | client = self.simple_client( |
| 270 | "127.0.0.1", |
| 271 | ssl=True, |
| 272 | tlsCertificateKeyFile=CLIENT_PEM, |
| 273 | tlsAllowInvalidCertificates=False, |
| 274 | tlsCAFile=CA_PEM, |
| 275 | ) |
| 276 | self.assertClientWorks(client) |
| 277 | |
| 278 | @client_context.require_tlsCertificateKeyFile |
| 279 | @client_context.require_no_auth |
nothing calls this directly
no test coverage detected