MCPcopy Index your code
hub / github.com/python/cpython / try_protocol_combo

Function try_protocol_combo

Lib/test/test_ssl.py:3017–3092  ·  view source on GitHub ↗

Try to SSL-connect using *client_protocol* to *server_protocol*. If *expect_success* is true, assert that the connection succeeds, if it's false, assert that the connection fails. Also, if *expect_success* is a string, assert that it is the protocol version actually used by the

(server_protocol, client_protocol, expect_success,
                       certsreqs=None, server_options=0, client_options=0)

Source from the content-addressed store, hash-verified

3015 return stats
3016
3017def try_protocol_combo(server_protocol, client_protocol, expect_success,
3018 certsreqs=None, server_options=0, client_options=0):
3019 """
3020 Try to SSL-connect using *client_protocol* to *server_protocol*.
3021 If *expect_success* is true, assert that the connection succeeds,
3022 if it's false, assert that the connection fails.
3023 Also, if *expect_success* is a string, assert that it is the protocol
3024 version actually used by the connection.
3025 """
3026 if certsreqs is None:
3027 certsreqs = ssl.CERT_NONE
3028 certtype = {
3029 ssl.CERT_NONE: "CERT_NONE",
3030 ssl.CERT_OPTIONAL: "CERT_OPTIONAL",
3031 ssl.CERT_REQUIRED: "CERT_REQUIRED",
3032 }[certsreqs]
3033 if support.verbose:
3034 formatstr = (expect_success and " %s->%s %s\n") or " {%s->%s} %s\n"
3035 sys.stdout.write(formatstr %
3036 (ssl.get_protocol_name(client_protocol),
3037 ssl.get_protocol_name(server_protocol),
3038 certtype))
3039
3040 with warnings_helper.check_warnings():
3041 # ignore Deprecation warnings
3042 client_context = ssl.SSLContext(client_protocol)
3043 client_context.options |= client_options
3044 server_context = ssl.SSLContext(server_protocol)
3045 server_context.options |= server_options
3046
3047 min_version = PROTOCOL_TO_TLS_VERSION.get(client_protocol, None)
3048 if (min_version is not None
3049 # SSLContext.minimum_version is only available on recent OpenSSL
3050 # (setter added in OpenSSL 1.1.0, getter added in OpenSSL 1.1.1)
3051 and hasattr(server_context, 'minimum_version')
3052 and server_protocol == ssl.PROTOCOL_TLS
3053 and server_context.minimum_version > min_version
3054 ):
3055 # If OpenSSL configuration is strict and requires more recent TLS
3056 # version, we have to change the minimum to test old TLS versions.
3057 with warnings_helper.check_warnings():
3058 server_context.minimum_version = min_version
3059
3060 # NOTE: we must enable "ALL" ciphers on the client, otherwise an
3061 # SSLv23 client will send an SSLv3 hello (rather than SSLv2)
3062 # starting from OpenSSL 1.0.0 (see issue #8322).
3063 if client_context.protocol == ssl.PROTOCOL_TLS:
3064 client_context.set_ciphers("ALL")
3065
3066 seclevel_workaround(server_context, client_context)
3067
3068 for ctx in (client_context, server_context):
3069 ctx.verify_mode = certsreqs
3070 ctx.load_cert_chain(SIGNED_CERTFILE)
3071 ctx.load_verify_locations(SIGNING_CA)
3072 try:
3073 stats = server_params_test(client_context, server_context,
3074 chatty=False, connectionchatty=False)

Callers 5

test_PROTOCOL_TLSMethod · 0.85
test_protocol_sslv3Method · 0.85
test_protocol_tlsv1Method · 0.85
test_protocol_tlsv1_1Method · 0.85
test_protocol_tlsv1_2Method · 0.85

Calls 4

seclevel_workaroundFunction · 0.85
server_params_testFunction · 0.85
writeMethod · 0.45
getMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…