(self)
| 3332 | s.connect((HOST, server.port)) |
| 3333 | |
| 3334 | def test_ecc_cert(self): |
| 3335 | client_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) |
| 3336 | client_context.load_verify_locations(SIGNING_CA) |
| 3337 | client_context.set_ciphers('ECDHE:ECDSA:!NULL:!aRSA') |
| 3338 | hostname = SIGNED_CERTFILE_ECC_HOSTNAME |
| 3339 | |
| 3340 | server_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) |
| 3341 | # load ECC cert |
| 3342 | server_context.load_cert_chain(SIGNED_CERTFILE_ECC) |
| 3343 | |
| 3344 | # correct hostname should verify |
| 3345 | server = ThreadedEchoServer(context=server_context, chatty=True) |
| 3346 | with server: |
| 3347 | with client_context.wrap_socket(socket.socket(), |
| 3348 | server_hostname=hostname) as s: |
| 3349 | s.connect((HOST, server.port)) |
| 3350 | cert = s.getpeercert() |
| 3351 | self.assertTrue(cert, "Can't get peer certificate.") |
| 3352 | cipher = s.cipher()[0].split('-') |
| 3353 | self.assertTrue(cipher[:2], ('ECDHE', 'ECDSA')) |
| 3354 | |
| 3355 | @unittest.skipUnless(IS_OPENSSL_3_0_0, |
| 3356 | "test requires RFC 5280 check added in OpenSSL 3.0+") |
nothing calls this directly
no test coverage detected