(self)
| 3385 | self.assertTrue(cert, "Can't get peer certificate.") |
| 3386 | |
| 3387 | def test_dual_rsa_ecc(self): |
| 3388 | client_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) |
| 3389 | client_context.load_verify_locations(SIGNING_CA) |
| 3390 | # TODO: fix TLSv1.3 once SSLContext can restrict signature |
| 3391 | # algorithms. |
| 3392 | client_context.maximum_version = ssl.TLSVersion.TLSv1_2 |
| 3393 | # only ECDSA certs |
| 3394 | client_context.set_ciphers('ECDHE:ECDSA:!NULL:!aRSA') |
| 3395 | hostname = SIGNED_CERTFILE_ECC_HOSTNAME |
| 3396 | |
| 3397 | server_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) |
| 3398 | # load ECC and RSA key/cert pairs |
| 3399 | server_context.load_cert_chain(SIGNED_CERTFILE_ECC) |
| 3400 | server_context.load_cert_chain(SIGNED_CERTFILE) |
| 3401 | |
| 3402 | # correct hostname should verify |
| 3403 | server = ThreadedEchoServer(context=server_context, chatty=True) |
| 3404 | with server: |
| 3405 | with client_context.wrap_socket(socket.socket(), |
| 3406 | server_hostname=hostname) as s: |
| 3407 | s.connect((HOST, server.port)) |
| 3408 | cert = s.getpeercert() |
| 3409 | self.assertTrue(cert, "Can't get peer certificate.") |
| 3410 | cipher = s.cipher()[0].split('-') |
| 3411 | self.assertTrue(cipher[:2], ('ECDHE', 'ECDSA')) |
| 3412 | |
| 3413 | def test_check_hostname_idn(self, warnings_filters=True): |
| 3414 | if support.verbose: |
nothing calls this directly
no test coverage detected