Stowage/cpython
2
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-11-04 07:31:38 +00:00
Code Issues Projects Releases Packages Wiki Activity

Issue #25940: Update new SSL tests for self-signed.pythontest.net

Browse source 
Removed SSL_ERROR_SYSCALL checking from ssl_io_loop() so that the loop can
terminate when unwrap() raises that error.
This commit is contained in:
Martin Panter 2016-01-14 13:05:46 +00:00
parent 17cbee49d6
commit 40b97ec57a
1 changed files with 14 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

25
Lib/test/test_ssl.py
View file

@ -1688,13 +1688,8 @@ def ssl_io_loop(self, sock, incoming, outgoing, func, *args, **kwargs):
try: try:
ret = func(*args) ret = func(*args)
except ssl.SSLError as e: except ssl.SSLError as e:
# Note that we get a spurious -1/SSL_ERROR_SYSCALL for
# non-blocking IO. The SSL_shutdown manpage hints at this.
# It *should* be safe to just ignore SYS_ERROR_SYSCALL because
# with a Memory BIO there's no syscalls (for IO at least).
if e.errno not in (ssl.SSL_ERROR_WANT_READ, if e.errno not in (ssl.SSL_ERROR_WANT_READ,
ssl.SSL_ERROR_WANT_WRITE, ssl.SSL_ERROR_WANT_WRITE):
ssl.SSL_ERROR_SYSCALL):
raise raise
errno = e.errno errno = e.errno
# Get any data from the outgoing BIO irrespective of any error, and # Get any data from the outgoing BIO irrespective of any error, and
@ -1717,16 +1712,16 @@ def ssl_io_loop(self, sock, incoming, outgoing, func, *args, **kwargs):
return ret return ret
def test_handshake(self): def test_handshake(self):
with support.transient_internet("svn.python.org"): with support.transient_internet(REMOTE_HOST):
sock = socket.socket(socket.AF_INET) sock = socket.socket(socket.AF_INET)
sock.connect(("svn.python.org", 443)) sock.connect((REMOTE_HOST, 443))
incoming = ssl.MemoryBIO() incoming = ssl.MemoryBIO()
outgoing = ssl.MemoryBIO() outgoing = ssl.MemoryBIO()
ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23) ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
ctx.verify_mode = ssl.CERT_REQUIRED ctx.verify_mode = ssl.CERT_REQUIRED
ctx.load_verify_locations(SVN_PYTHON_ORG_ROOT_CERT) ctx.load_verify_locations(REMOTE_ROOT_CERT)
ctx.check_hostname = True ctx.check_hostname = True
sslobj = ctx.wrap_bio(incoming, outgoing, False, 'svn.python.org') sslobj = ctx.wrap_bio(incoming, outgoing, False, REMOTE_HOST)
self.assertIs(sslobj._sslobj.owner, sslobj) self.assertIs(sslobj._sslobj.owner, sslobj)
self.assertIsNone(sslobj.cipher()) self.assertIsNone(sslobj.cipher())
self.assertIsNone(sslobj.shared_ciphers()) self.assertIsNone(sslobj.shared_ciphers())
@ -1739,14 +1734,20 @@ def test_handshake(self):
self.assertTrue(sslobj.getpeercert()) self.assertTrue(sslobj.getpeercert())
if 'tls-unique' in ssl.CHANNEL_BINDING_TYPES: if 'tls-unique' in ssl.CHANNEL_BINDING_TYPES:
self.assertTrue(sslobj.get_channel_binding('tls-unique')) self.assertTrue(sslobj.get_channel_binding('tls-unique'))
try:
self.ssl_io_loop(sock, incoming, outgoing, sslobj.unwrap) self.ssl_io_loop(sock, incoming, outgoing, sslobj.unwrap)
except ssl.SSLSyscallError:
# self-signed.pythontest.net probably shuts down the TCP
# connection without sending a secure shutdown message, and
# this is reported as SSL_ERROR_SYSCALL
pass
self.assertRaises(ssl.SSLError, sslobj.write, b'foo') self.assertRaises(ssl.SSLError, sslobj.write, b'foo')
sock.close() sock.close()
def test_read_write_data(self): def test_read_write_data(self):
with support.transient_internet("svn.python.org"): with support.transient_internet(REMOTE_HOST):
sock = socket.socket(socket.AF_INET) sock = socket.socket(socket.AF_INET)
sock.connect(("svn.python.org", 443)) sock.connect((REMOTE_HOST, 443))
incoming = ssl.MemoryBIO() incoming = ssl.MemoryBIO()
outgoing = ssl.MemoryBIO() outgoing = ssl.MemoryBIO()
ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23) ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)