(self)
| 3271 | self.assertTrue(cert, "Can't get peer certificate.") |
| 3272 | |
| 3273 | def test_check_hostname(self): |
| 3274 | if support.verbose: |
| 3275 | sys.stdout.write("\n") |
| 3276 | |
| 3277 | client_context, server_context, hostname = testing_context() |
| 3278 | |
| 3279 | # correct hostname should verify |
| 3280 | server = ThreadedEchoServer(context=server_context, chatty=True) |
| 3281 | with server: |
| 3282 | with client_context.wrap_socket(socket.socket(), |
| 3283 | server_hostname=hostname) as s: |
| 3284 | s.connect((HOST, server.port)) |
| 3285 | cert = s.getpeercert() |
| 3286 | self.assertTrue(cert, "Can't get peer certificate.") |
| 3287 | |
| 3288 | # incorrect hostname should raise an exception |
| 3289 | server = ThreadedEchoServer(context=server_context, chatty=True) |
| 3290 | # Allow for flexible libssl error messages. |
| 3291 | regex = re.compile(r"""( |
| 3292 | certificate verify failed # OpenSSL |
| 3293 | | |
| 3294 | CERTIFICATE_VERIFY_FAILED # AWS-LC |
| 3295 | )""", re.X) |
| 3296 | with server: |
| 3297 | with client_context.wrap_socket(socket.socket(), |
| 3298 | server_hostname="invalid") as s: |
| 3299 | with self.assertRaisesRegex(ssl.CertificateError, regex): |
| 3300 | s.connect((HOST, server.port)) |
| 3301 | |
| 3302 | # missing server_hostname arg should cause an exception, too |
| 3303 | server = ThreadedEchoServer(context=server_context, chatty=True) |
| 3304 | with server: |
| 3305 | with socket.socket() as s: |
| 3306 | with self.assertRaisesRegex(ValueError, |
| 3307 | "check_hostname requires server_hostname"): |
| 3308 | client_context.wrap_socket(s) |
| 3309 | |
| 3310 | @unittest.skipUnless( |
| 3311 | ssl.HAS_NEVER_CHECK_COMMON_NAME, "test requires hostname_checks_common_name" |
nothing calls this directly
no test coverage detected