(self)
| 3529 | |
| 3530 | @requires_tls_version('TLSv1_3') |
| 3531 | def test_wrong_cert_tls13(self): |
| 3532 | client_context, server_context, hostname = testing_context() |
| 3533 | # load client cert that is not signed by trusted CA |
| 3534 | client_context.load_cert_chain(CERTFILE) |
| 3535 | server_context.verify_mode = ssl.CERT_REQUIRED |
| 3536 | server_context.minimum_version = ssl.TLSVersion.TLSv1_3 |
| 3537 | client_context.minimum_version = ssl.TLSVersion.TLSv1_3 |
| 3538 | |
| 3539 | server = ThreadedEchoServer( |
| 3540 | context=server_context, chatty=True, connectionchatty=True, |
| 3541 | ) |
| 3542 | with server, \ |
| 3543 | client_context.wrap_socket(socket.socket(), |
| 3544 | server_hostname=hostname, |
| 3545 | suppress_ragged_eofs=False) as s: |
| 3546 | s.connect((HOST, server.port)) |
| 3547 | with self.assertRaisesRegex( |
| 3548 | OSError, |
| 3549 | 'alert unknown ca|EOF occurred|TLSV1_ALERT_UNKNOWN_CA|' |
| 3550 | 'closed by the remote host|Connection reset by peer|' |
| 3551 | 'Broken pipe' |
| 3552 | ): |
| 3553 | # TLS 1.3 perform client cert exchange after handshake |
| 3554 | s.write(b'data') |
| 3555 | s.read(1000) |
| 3556 | s.write(b'should have failed already') |
| 3557 | s.read(1000) |
| 3558 | |
| 3559 | def test_rude_shutdown(self): |
| 3560 | """A brutal shutdown of an SSL server should raise an OSError |
nothing calls this directly
no test coverage detected