(self)
| 1423 | self.assertRaises(TypeError, ctx.load_verify_locations, None, True) |
| 1424 | |
| 1425 | def test_load_verify_cadata(self): |
| 1426 | # test cadata |
| 1427 | with open(CAFILE_CACERT) as f: |
| 1428 | cacert_pem = f.read() |
| 1429 | cacert_der = ssl.PEM_cert_to_DER_cert(cacert_pem) |
| 1430 | with open(CAFILE_NEURONIO) as f: |
| 1431 | neuronio_pem = f.read() |
| 1432 | neuronio_der = ssl.PEM_cert_to_DER_cert(neuronio_pem) |
| 1433 | |
| 1434 | # test PEM |
| 1435 | ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) |
| 1436 | self.assertEqual(ctx.cert_store_stats()["x509_ca"], 0) |
| 1437 | ctx.load_verify_locations(cadata=cacert_pem) |
| 1438 | self.assertEqual(ctx.cert_store_stats()["x509_ca"], 1) |
| 1439 | ctx.load_verify_locations(cadata=neuronio_pem) |
| 1440 | self.assertEqual(ctx.cert_store_stats()["x509_ca"], 2) |
| 1441 | # cert already in hash table |
| 1442 | ctx.load_verify_locations(cadata=neuronio_pem) |
| 1443 | self.assertEqual(ctx.cert_store_stats()["x509_ca"], 2) |
| 1444 | |
| 1445 | # combined |
| 1446 | ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) |
| 1447 | combined = "\n".join((cacert_pem, neuronio_pem)) |
| 1448 | ctx.load_verify_locations(cadata=combined) |
| 1449 | self.assertEqual(ctx.cert_store_stats()["x509_ca"], 2) |
| 1450 | |
| 1451 | # with junk around the certs |
| 1452 | ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) |
| 1453 | combined = ["head", cacert_pem, "other", neuronio_pem, "again", |
| 1454 | neuronio_pem, "tail"] |
| 1455 | ctx.load_verify_locations(cadata="\n".join(combined)) |
| 1456 | self.assertEqual(ctx.cert_store_stats()["x509_ca"], 2) |
| 1457 | |
| 1458 | # test DER |
| 1459 | ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) |
| 1460 | ctx.load_verify_locations(cadata=cacert_der) |
| 1461 | ctx.load_verify_locations(cadata=neuronio_der) |
| 1462 | self.assertEqual(ctx.cert_store_stats()["x509_ca"], 2) |
| 1463 | # cert already in hash table |
| 1464 | ctx.load_verify_locations(cadata=cacert_der) |
| 1465 | self.assertEqual(ctx.cert_store_stats()["x509_ca"], 2) |
| 1466 | |
| 1467 | # combined |
| 1468 | ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) |
| 1469 | combined = b"".join((cacert_der, neuronio_der)) |
| 1470 | ctx.load_verify_locations(cadata=combined) |
| 1471 | self.assertEqual(ctx.cert_store_stats()["x509_ca"], 2) |
| 1472 | |
| 1473 | # error cases |
| 1474 | ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) |
| 1475 | self.assertRaises(TypeError, ctx.load_verify_locations, cadata=object) |
| 1476 | |
| 1477 | with self.assertRaisesRegex( |
| 1478 | ssl.SSLError, |
| 1479 | "no start line: cadata does not contain a certificate" |
| 1480 | ): |
| 1481 | ctx.load_verify_locations(cadata="broken") |
| 1482 | with self.assertRaisesRegex( |
nothing calls this directly
no test coverage detected