MCPcopy Index your code
hub / github.com/python/cpython / test_crl_check

Method test_crl_check

Lib/test/test_ssl.py:3228–3271  ·  view source on GitHub ↗
(self)

Source from the content-addressed store, hash-verified

3226 self.assertLess(before, after)
3227
3228 def test_crl_check(self):
3229 if support.verbose:
3230 sys.stdout.write("\n")
3231
3232 client_context, server_context, hostname = testing_context()
3233
3234 tf = getattr(ssl, "VERIFY_X509_TRUSTED_FIRST", 0)
3235 self.assertEqual(client_context.verify_flags, ssl.VERIFY_DEFAULT | tf)
3236
3237 # VERIFY_DEFAULT should pass
3238 server = ThreadedEchoServer(context=server_context, chatty=True)
3239 with server:
3240 with client_context.wrap_socket(socket.socket(),
3241 server_hostname=hostname) as s:
3242 s.connect((HOST, server.port))
3243 cert = s.getpeercert()
3244 self.assertTrue(cert, "Can't get peer certificate.")
3245
3246 # VERIFY_CRL_CHECK_LEAF without a loaded CRL file fails
3247 client_context.verify_flags |= ssl.VERIFY_CRL_CHECK_LEAF
3248
3249 server = ThreadedEchoServer(context=server_context, chatty=True)
3250 # Allow for flexible libssl error messages.
3251 regex = re.compile(r"""(
3252 certificate verify failed # OpenSSL
3253 |
3254 CERTIFICATE_VERIFY_FAILED # AWS-LC
3255 )""", re.X)
3256 with server:
3257 with client_context.wrap_socket(socket.socket(),
3258 server_hostname=hostname) as s:
3259 with self.assertRaisesRegex(ssl.SSLError, regex):
3260 s.connect((HOST, server.port))
3261
3262 # now load a CRL file. The CRL file is signed by the CA.
3263 client_context.load_verify_locations(CRLFILE)
3264
3265 server = ThreadedEchoServer(context=server_context, chatty=True)
3266 with server:
3267 with client_context.wrap_socket(socket.socket(),
3268 server_hostname=hostname) as s:
3269 s.connect((HOST, server.port))
3270 cert = s.getpeercert()
3271 self.assertTrue(cert, "Can't get peer certificate.")
3272
3273 def test_check_hostname(self):
3274 if support.verbose:

Callers

nothing calls this directly

Calls 11

testing_contextFunction · 0.85
ThreadedEchoServerClass · 0.85
wrap_socketMethod · 0.80
socketMethod · 0.80
assertTrueMethod · 0.80
assertRaisesRegexMethod · 0.80
writeMethod · 0.45
assertEqualMethod · 0.45
connectMethod · 0.45
getpeercertMethod · 0.45
compileMethod · 0.45

Tested by

no test coverage detected