MCPcopy Index your code
hub / github.com/python/cpython / test_wrong_cert_tls12

Method test_wrong_cert_tls12

Lib/test/test_ssl.py:3493–3528  ·  view source on GitHub ↗

Connecting when the server rejects the client's certificate Launch a server with CERT_REQUIRED, and check that trying to connect to it with a wrong client certificate fails.

(self)

Source from the content-addressed store, hash-verified

3491 )
3492
3493 def test_wrong_cert_tls12(self):
3494 """Connecting when the server rejects the client's certificate
3495
3496 Launch a server with CERT_REQUIRED, and check that trying to
3497 connect to it with a wrong client certificate fails.
3498 """
3499 client_context, server_context, hostname = testing_context()
3500 # load client cert that is not signed by trusted CA
3501 client_context.load_cert_chain(CERTFILE)
3502 # require TLS client authentication
3503 server_context.verify_mode = ssl.CERT_REQUIRED
3504 # TLS 1.3 has different handshake
3505 client_context.maximum_version = ssl.TLSVersion.TLSv1_2
3506
3507 server = ThreadedEchoServer(
3508 context=server_context, chatty=True, connectionchatty=True,
3509 )
3510
3511 with server, \
3512 client_context.wrap_socket(socket.socket(),
3513 server_hostname=hostname) as s:
3514 try:
3515 # Expect either an SSL error about the server rejecting
3516 # the connection, or a low-level connection reset (which
3517 # sometimes happens on Windows)
3518 s.connect((HOST, server.port))
3519 except ssl.SSLError as e:
3520 if support.verbose:
3521 sys.stdout.write("\nSSLError is %r\n" % e)
3522 except OSError as e:
3523 if e.errno != errno.ECONNRESET:
3524 raise
3525 if support.verbose:
3526 sys.stdout.write("\nsocket.error is %r\n" % e)
3527 else:
3528 self.fail("Use of invalid cert should have failed!")
3529
3530 @requires_tls_version('TLSv1_3')
3531 def test_wrong_cert_tls13(self):

Callers

nothing calls this directly

Calls 7

testing_contextFunction · 0.85
ThreadedEchoServerClass · 0.85
wrap_socketMethod · 0.80
socketMethod · 0.80
connectMethod · 0.45
writeMethod · 0.45
failMethod · 0.45

Tested by

no test coverage detected