Connecting when the server rejects the client's certificate Launch a server with CERT_REQUIRED, and check that trying to connect to it with a wrong client certificate fails.
(self)
| 3491 | ) |
| 3492 | |
| 3493 | def test_wrong_cert_tls12(self): |
| 3494 | """Connecting when the server rejects the client's certificate |
| 3495 | |
| 3496 | Launch a server with CERT_REQUIRED, and check that trying to |
| 3497 | connect to it with a wrong client certificate fails. |
| 3498 | """ |
| 3499 | client_context, server_context, hostname = testing_context() |
| 3500 | # load client cert that is not signed by trusted CA |
| 3501 | client_context.load_cert_chain(CERTFILE) |
| 3502 | # require TLS client authentication |
| 3503 | server_context.verify_mode = ssl.CERT_REQUIRED |
| 3504 | # TLS 1.3 has different handshake |
| 3505 | client_context.maximum_version = ssl.TLSVersion.TLSv1_2 |
| 3506 | |
| 3507 | server = ThreadedEchoServer( |
| 3508 | context=server_context, chatty=True, connectionchatty=True, |
| 3509 | ) |
| 3510 | |
| 3511 | with server, \ |
| 3512 | client_context.wrap_socket(socket.socket(), |
| 3513 | server_hostname=hostname) as s: |
| 3514 | try: |
| 3515 | # Expect either an SSL error about the server rejecting |
| 3516 | # the connection, or a low-level connection reset (which |
| 3517 | # sometimes happens on Windows) |
| 3518 | s.connect((HOST, server.port)) |
| 3519 | except ssl.SSLError as e: |
| 3520 | if support.verbose: |
| 3521 | sys.stdout.write("\nSSLError is %r\n" % e) |
| 3522 | except OSError as e: |
| 3523 | if e.errno != errno.ECONNRESET: |
| 3524 | raise |
| 3525 | if support.verbose: |
| 3526 | sys.stdout.write("\nsocket.error is %r\n" % e) |
| 3527 | else: |
| 3528 | self.fail("Use of invalid cert should have failed!") |
| 3529 | |
| 3530 | @requires_tls_version('TLSv1_3') |
| 3531 | def test_wrong_cert_tls13(self): |
nothing calls this directly
no test coverage detected