B 18™\òóã @s‚ddlZddlZddlmZddlZddlZddlZddlZddlZddl Z ddl Z ddl Z ddl Z ddlZddlZddlZddlZddlZddlZddlZy ddlZWnek rÀdZYnXe d¡ZeejƒZejZej d¡Ze oöej dkZ!e oej dkZ"e #d¡Z$iZ%xPdD]H\Z&Z'ye(ee&ƒZ&e(ej)e'ƒZ'Wne*k rZwYnXe'e%e&<qWd d „Z+e+d ƒZ,e  -e,¡Z.e+d ƒZ/e+d ƒZ0e  -e/¡Z1e  -e0¡Z2e+dƒZ3e+dƒZ4dZ5e+dƒZ6e  -e6¡Z7e+ddƒZ8e+ddƒZ9ddddddddœZ:e+dƒZ;e+dƒZe+d&ƒZ?d'Z@e+d(ƒZAd)ZBe+dd*ƒZCe+d+ƒZDe+d,ƒZEd-ZFe+d.ƒZGe+d/ƒZHe+d0ƒZIe+d1ƒZJe+d2ƒZKe+d3ƒZLe+d4ƒZMe+d5ƒZNe  -eN¡ZOe(ed6dƒZPe(ed7dƒZQe(ed8dƒZRe(ed9dƒZSe(ed:dƒZTd;d<„ZUd=d>„ZVd?d@„ZWdAdB„ZXdCdD„ZYeYƒZZdEdF„Z[dGdH„Z\dIdJ„Z]e ^ej_dK¡Z`ejafejbdddddLœdMdN„Zce.f)ÚhasattrrÚ functoolsÚwraps)rgrhr)rgrÚskip_if_broken_ubuntu_sslÆs  rlz SNI support needed for this test)Ú cert_reqsÚca_certsÚciphersÚcertfileÚkeyfilec Ksvt |¡}|dk r(|tjkr"d|_||_|dk r:| |¡|dk sJ|dk rV| ||¡|dk rh| |¡|j|f|ŽS)NF) rrDÚ CERT_NONEÚcheck_hostnameÚ verify_modeÚload_verify_locationsÚload_cert_chainÚ set_ciphersÚ wrap_socket) ÚsockÚ ssl_versionrmrnrorprqrfÚcontextrrrÚtest_wrap_socketØs     r|cCsd|tkrt}n|tkrt}nt|ƒ‚t tj¡}| t ¡t tj ¡}|  |¡| t ¡|||fS)zUCreate context client_context, server_context, hostname = testing_context() ) ÚSIGNED_CERTFILEÚSIGNED_CERTFILE_HOSTNAMEÚSIGNED_CERTFILE2ÚSIGNED_CERTFILE2_HOSTNAMErGrrDÚPROTOCOL_TLS_CLIENTruÚ SIGNING_CArErv)Z server_certÚhostnameÚclient_contextÚserver_contextrrrÚtesting_contextês     r†c@s˜eZdZdd„Zdd„Zdd„Zdd„Ze e j d kd ¡d d „ƒZ d Z dd„Z dd„Zdd„Zdd„Zdd„Zdd„Zejdd„ƒZdd„Zdd„Zd d!„Zd"d#„Zd$d%„Zd&d'„Zd(d)„Zd*d+„Zd,d-„Zd.d/„Ze d0e j!kd1¡d2d3„ƒZ"d4d5„Z#d6d7„Z$e e%j&d8kd9¡d:d;„ƒZ'e e%j&d8kd9¡dd?„Z)d@dA„Z*dBdC„Z+dDdE„Z,dFdG„Z-e e.ƒdH¡dIdJ„ƒZ/dKdL„Z0e 1dMdN¡dOdP„ƒZ2dQdR„Z3d S)SÚBasicSocketTestscCs tjtjtjtjtjtjr*tjtjdkr:tj |  tj ddh¡|  tjddh¡tj tj tjtjtjdkrŒtjtj| tjtj¡dS)N)rrTF)rrr)rrrÚ CERT_OPTIONALÚ CERT_REQUIREDr,r*rCr+r?r)ÚassertInÚHAS_SNIÚ OP_NO_SSLv2Ú OP_NO_SSLv3Ú OP_NO_TLSv1Ú OP_NO_TLSv1_3Ú OP_NO_TLSv1_1Ú OP_NO_TLSv1_2Ú assertEqualÚ PROTOCOL_TLSr)ÚselfrrrÚtest_constantss&  zBasicSocketTests.test_constantsc Cs:| td¡$t ¡}t |¡WdQRXWdQRXdS)Nzpublic constructor)ÚassertRaisesRegexÚ TypeErrorÚsocketrÚ SSLSocket)r”ÚsrrrÚtest_private_inits z"BasicSocketTests.test_private_initcCs2tj}| t|ƒd¡t |¡}| |j|¡dS)Nz_SSLMethod.PROTOCOL_TLS)rr“r’ÚstrrDÚassertIsÚprotocol)r”ÚprotorHrrrÚtest_str_for_enumss z#BasicSocketTests.test_str_for_enumscCst ¡}tjr*tj d||r dp"df¡t d¡\}}| t |ƒd¡| ||dk¡|rxt  d¡}| t |ƒd¡n|  tj tj d¡|  t tj d¡|  t tjd¡ttdƒrÖ|  ttjd¡|  ttjdd¡t d d ¡t d d ¡t td ƒd ¡dS) Nz RAND_status is %d (%s) zsufficient randomnesszinsufficient randomnesséréûÿÿÿÚRAND_egdÚfoozthis is a random stringgÀR@sthis is a random bytes objects!this is a random bytearray object)rÚ RAND_statusrr3r1r4r5ÚRAND_pseudo_bytesr’ÚlenZ RAND_bytesÚ assertRaisesr`rGrir—r£ZRAND_addÚ bytearray)r”ÚvÚdataZis_cryptographicrrrÚ test_random$s(      zBasicSocketTests.test_randomÚposixzrequires posixcCst ¡}|s| d¡t ¡\}}t ¡}|dkr yBt |¡t d¡d}| t |ƒd¡t  ||¡t |¡Wnt k r’t  d¡Yn Xt  d¡nzt |¡|  tj|¡t |d¡\}}| |d¡t |d¡}| t |ƒd¡t d¡d}| t |ƒd¡| ||¡dS)Nz*OpenSSL's PRNG has insufficient randomnessrr¡r)rr¥Úfailr ÚpipeÚforkÚcloser¦r’r§r5Ú BaseExceptionÚ_exitÚ addCleanupÚwaitpidÚreadÚassertNotEqual)r”ÚstatusZrfdZwfdÚpidZ child_randomÚ_Z parent_randomrrrÚtest_random_fork?s0        z!BasicSocketTests.test_random_forkNcCs˜| tj t¡t¡| tj t¡t¡tj t¡}t j rTt j   dt |¡d¡| |dd¡| |dd¡| |dd¡| |dd ¡dS) NÚ r#))rzprojects.developer.nokia.com)rzprojects.forum.nokia.comr%)zhttp://ocsp.verisign.comr&)z0http://SVRIntl-G3-aia.verisign.com/SVRIntlG3.cerr')z0http://SVRIntl-G3-crl.verisign.com/SVRIntlG3.crl)r’rÚ_sslÚ_test_decode_certÚCERTFILEÚ CERTFILE_INFOr}ÚSIGNED_CERTFILE_INFOÚ NOKIACERTrr3r1r4r5ÚpprintÚpformat)r”ÚprrrÚtest_parse_certas       z BasicSocketTests.test_parse_certc CsLtj t¡}tjr,tj dt   |¡d¡|  |dddddddd œ¡dS) Nr¼)))rÚUK))rzcody-cazJun 14 18:00:58 2028 GMTzJun 18 18:00:58 2018 GMTZ02)))rrÇ))rz#codenomicon-vm-2.test.lal.cisco.com))rz#codenomicon-vm-2.test.lal.cisco.comr)rrr r!r"r#r$) rr½r¾ÚTALOS_INVALID_CRLDPrr3r1r4r5rÃrÄr’)r”rÅrrrÚtest_parse_cert_CVE_2019_5010~s z.BasicSocketTests.test_parse_cert_CVE_2019_5010cCsxtj t¡}tjr,tj dt   |¡d¡d}|  |d|¡|  |d|¡tj dkr`d}nd}|  |d|¡dS) Nr¼)))rÚUS))ÚstateOrProvinceNameZOregon))rZ Beaverton))rzPython Software Foundation))ÚorganizationalUnitNamezPython Core Development))rznull.python.orgexample.org))Ú emailAddresszpython-dev@python.orgr"r)rr8r9))rzaltnull.python.orgexample.com)Úemailz null@python.orguser@example.org)ÚURIz)http://null.python.orghttp://example.org)z IP Addressz 192.0.2.1)z IP Addressz2001:DB8:0:0:0:0:0:1 ))rzaltnull.python.orgexample.com)rÎz null@python.orguser@example.org)rÏz)http://null.python.orghttp://example.org)z IP Addressz 192.0.2.1)z IP Addressz r#) rr½r¾Ú NULLBYTECERTrr3r1r4r5rÃrÄr’r<)r”rÅr"ZsanrrrÚtest_parse_cert_CVE_2013_4238“s  z.BasicSocketTests.test_parse_cert_CVE_2013_4238cCs tj t¡}| |dd¡dS)Nr#) )rZallsans)Ú othernamez )rÒz )rÎzuser@example.org)rzwww.example.org)ZDirName)))rr))rzCastle Anthrax))rzPython Software Foundation))rzdirname example)rÏzhttps://www.python.org/)z IP Addressz 127.0.0.1)z IP Addressz0:0:0:0:0:0:0:1 )z Registered IDz 1.2.3.4.5)rr½r¾Ú ALLSANFILEr’)r”rÅrrrÚtest_parse_all_sans°s  z$BasicSocketTests.test_parse_all_sansc CsŒttdƒ}| ¡}WdQRXt |¡}t |¡}t |¡}| ||¡| tjd¡sf|  d|¡|  dtj d¡sˆ|  d|¡dS)NÚrr¼z-DER-to-PEM didn't include correct header: %r z-DER-to-PEM didn't include correct footer: %r ) ÚopenÚ CAFILE_CACERTr¶rÚPEM_cert_to_DER_certZDER_cert_to_PEM_certr’Ú startswithZ PEM_HEADERr®ÚendswithZ PEM_FOOTER)r”rhÚpemÚd1Zp2Úd2rrrÚtest_DER_to_PEMÅs     z BasicSocketTests.test_DER_to_PEMc Cs&tj}tj}tj}| |t¡| |t¡| |t¡| |d¡|  |d¡|\}}}}}| |d¡|  |d¡| |d¡|  |d¡| |d¡|  |d¡| |d¡|  |d¡| |d¡|  |d¡t rü|  |  d |¡¡||t|ƒf¡n&|  |  d  |||¡¡||t|ƒf¡dS) Nii0rréé?r;z LibreSSL {:d}zOpenSSL {:d}.{:d}.{:d})rZOPENSSL_VERSION_NUMBERr?ÚOPENSSL_VERSIONÚassertIsInstanceÚintÚtuplerœÚassertGreaterEqualÚ assertLessÚassertLessEqualÚ IS_LIBRESSLÚ assertTruerÙÚformatÚhex) r”ÚnÚtršÚmajorÚminorZfixÚpatchr¸rrrÚtest_openssl_versionÑs0               z%BasicSocketTests.test_openssl_versionc CsLt tj¡}t|ƒ}t |¡}t dtf¡~WdQRX| |ƒd¡dS)Nr_) r˜ÚAF_INETr|ÚweakrefÚrefrÚcheck_warningsÚResourceWarningr’)r”ršÚssÚwrrrrÚ test_refcycleðs    zBasicSocketTests.test_refcyclec CsÜt tj¡}t|ƒ¾}| t|jd¡| t|jtdƒ¡| t|jd¡| t|j tdƒd¡| t|j d¡| t|j dd¡| t |j ¡| t |jdgddd¡| t |jd¡| t |jtdƒg¡WdQRXdS)Nróx)z0.0.0.0rrréd)r˜ròr|r¨ÚOSErrorÚrecvÚ recv_intor©ÚrecvfromÚ recvfrom_intoÚsendÚsendtoÚNotImplementedErrorÚdupÚsendmsgÚrecvmsgÚ recvmsg_into)r”ršr÷rrrÚtest_wrapped_unconnectedûs    z)BasicSocketTests.test_wrapped_unconnectedc CsLxFdD]>}t tj¡}| |¡t|ƒ}| || ¡¡WdQRXqWdS)N)Ngg@)r˜ròÚ settimeoutr|r’Ú gettimeout)r”Útimeoutršr÷rrrÚ test_timeout s     zBasicSocketTests.test_timeoutc Csdt ¡}|jtdtj|td|jtdtj|dd|jtdtj|dddtj|dtd}| td|jtd f¡WdQRX| t ¡(}t ¡}tj|t d WdQRXWdQRX|  |j j t j¡| t ¡*}t ¡}tj|tt d WdQRXWdQRX|  |j j t j¡| t ¡*}t ¡}tj|t t d WdQRXWdQRX|  |j j t j¡dS) Nzcertfile must be specified)rqz5certfile must be specified for server-side operationsT)Ú server_sider_)r rpz!can't connect in server-side modei)rp)rprq)r˜r–rGrrxr¿ÚconnectÚHOSTr¨rüÚNONEXISTINGCERTr’Ú exceptionÚerrnoÚENOENT)r”ryršÚcmrrrÚtest_errors_sslwraps6  "    z$BasicSocketTests.test_errors_sslwrapc CsXtj tj t¡ptj|¡}t ¡}| |j¡|  t j ¡t ||dWdQRXdS)z;Check that trying to use the given client certificate fails)rpN) r r rrrÚcurdirr˜r´r±r¨rr`r|)r”rpryrrrÚ bad_cert_test3s zBasicSocketTests.bad_cert_testcCs| d¡dS)z Wrapping with an empty cert filez nullcert.pemN)r)r”rrrÚtest_empty_cert=sz BasicSocketTests.test_empty_certcCs| d¡dS)z:Wrapping with a badly formatted certificate (syntax error)z badcert.pemN)r)r”rrrÚtest_malformed_certAsz$BasicSocketTests.test_malformed_certcCs| d¡dS)z2Wrapping with a badly formatted key (syntax error)z badkey.pemN)r)r”rrrÚtest_malformed_keyEsz#BasicSocketTests.test_malformed_keyc s¤dd„}‡fdd„}ddi}||dƒ||dƒ||d ƒ||d ƒ||d ƒ||d ƒdd i}||dƒ||dƒ||dƒ||dƒ||dƒddi}||dƒ||dƒ||dƒ||dƒ||dƒddi}||dƒ||d ƒ||dƒddi}||dƒ||dƒ||dƒ||dƒddi}||dƒ||dƒ||dƒd d ¡ d!¡}dd"|fffi}|||ƒdd#i}|||ƒdd$i}|||ƒd% d ¡ d!¡}dd"|fffi}||d& d ¡ d!¡ƒ||d' d ¡ d!¡ƒ||d( d ¡ d!¡ƒ||d) d ¡ d!¡ƒd*d+d,d-œ}||d.ƒ||d/ƒ||d0ƒ||d1ƒd2d3d4œ}||d5ƒ||d6ƒ||d7ƒdd8d9œ}||d:ƒ||d;ƒ||d<ƒ||d=ƒttd>ƒrÚdd?d9œ}||d@ƒ||dAƒ||dBƒ||d=ƒd2dCd4œ}||d5ƒdDdEdFd-œ}||d5ƒdDdCdFd-œ}||dGƒˆ ttjdd¡ˆ ttjid¡ddHi}ˆ tj dI¡t |dJ¡WdQRXddKi}ˆ tj dL¡t |dM¡WdQRXddNi}ˆ tj dO¡t |dP¡WdQRXddQi}ˆ tj dR¡t |dS¡WdQRXddTi}ˆ tj dU¡t |dV¡WdQRXx.dWD]&}ˆ t¡t  |¡WdQRXq*WxdXD]}ˆ  t  |¡¡qZWttd>ƒr xdYD]}ˆ  t  |¡¡q†WdS)ZNcSst ||¡dS)N)rÚmatch_hostname)ÚcertrƒrrrÚokJsz0BasicSocketTests.test_match_hostname..okcsˆ tjtj||¡dS)N)r¨rÚCertificateErrorr)rrƒ)r”rrr®Lsz2BasicSocketTests.test_match_hostname..failr")))rz example.comz example.comz ExAmple.cOmzwww.example.comz .example.comz example.orgZ exampleXcom)))rz*.a.comz foo.a.comz bar.foo.a.comza.comzXa.comz.a.com)))rzf*.comzfoo.comzf.comzbar.comz bar.foo.com)))rznull.python.orgexample.orgznull.python.orgexample.orgznull.python.org)))rz *.*.a.com)))rza.*.comz a.foo.comza..comupüthon.python.orgÚidnaÚasciir)))rz x*.python.org)))rzxn--p*.python.orguwww*.pythön.orguwww.pythön.orguwww1.pythön.orguftp.pythön.orgu pythön.orgzJun 26 21:41:46 2011 GMT)))rz linuxfrz.org))rz linuxfr.org)rz linuxfr.com)rÒz )rr"r#z linuxfr.orgz linuxfr.comz z linuxfrz.orgzDec 18 23:59:59 2011 GMT)))rrÊ))rËÚ California))rz Mountain View))rz Google Inc))rzmail.google.com)rr"zmail.google.comz gmail.comr!))rz example.com)z IP Addressz 10.11.12.13)z IP Addressz 14.15.16.17)r"r#z 10.11.12.13z 14.15.16.17z 14.15.16.18z example.netÚAF_INET6))rz example.com)z IP Addressz2001:0:0:0:0:0:0:CAFE )z IP Addressz2003:0:0:0:0:0:0:BABA z 2001::cafez 2003::babaz 2003::bebe)))rrÊ))rËr!))rz Mountain View))rz Google InczDec 18 23:59:59 2099 GMT)))rrÊ))rËr!))rz Mountain View))rzmail.google.com))rÒZblablaz google.com)))rza*b.example.comz5partial wildcards in leftmost label are not supportedzaxxb.example.com)))rzwww.*.example.comz2wildcard can only be present in the leftmost labelzwww.sub.example.com)))rza*b*.example.comztoo many wildcardszaxxbxxc.example.com)))rÚ*z7sole wildcard without additional labels are not supportÚhost)))rz*.comz%hostname 'com' doesn't match '\*.com'Zcom)Ú1r_z1.2.3z 256.0.0.1z 127.0.0.1/24)z 127.0.0.1z 192.168.0.1)z::1z2001:db8:85a3::8a2e:370:7334) ÚencodeÚdecoderir˜r¨rGrrr–rZ _inet_patonré)r”rr®rrÚinvalidZipaddrr)r”rÚtest_match_hostnameIsì                                                      z$BasicSocketTests.test_match_hostnamec Cs:t tj¡}t ¡}|jt|j|dddWdQRXdS)NTz some.hostname)Úserver_hostname)rrDrEr˜r¨rGrx)r”rHryrrrÚtest_server_sides  z!BasicSocketTests.test_server_sidec Cs|t tj¡}| d¡| ¡t tj¡}| | ¡¡t|dd&}| t¡|  d¡WdQRXWdQRX|  ¡dS)N)z 127.0.0.1rF)Údo_handshake_on_connectz unknown-type) r˜ròÚbindÚlistenrÚ getsocknamer|r¨rGÚget_channel_bindingr±)r”ršÚcr÷rrrÚtest_unknown_channel_bindings    z-BasicSocketTests.test_unknown_channel_bindingz tls-uniquez*'tls-unique' channel binding not availablec Csjt tj¡}t|ƒ}| | d¡¡WdQRXt tj¡}t|dtd}| | d¡¡WdQRXdS)Nz tls-uniqueT)r rp)r˜ròr|Ú assertIsNoner0r¿)r”ršr÷rrrÚtest_tls_unique_channel_bindings    z0BasicSocketTests.test_tls_unique_channel_bindingc CsVtt tj¡ƒ}t|ƒ}| t¡}d}t ¡WdQRX| |t |j j dƒ¡dS)Nr) r|r˜ròÚreprÚ assertWarnsrörÚ gc_collectrŠrœÚwarningre)r”r÷rÕrrrrÚtest_dealloc_warn's  z"BasicSocketTests.test_dealloc_warnc Csrt ¡}| t|ƒd¡| |tj¡t ¡:}t|d<t |d<t ¡}| |j t ¡| |j t¡WdQRXdS)NéÚ SSL_CERT_DIRÚ SSL_CERT_FILE) rZget_default_verify_pathsr’r§râZDefaultVerifyPathsrÚEnvironmentVarGuardÚCAPATHr¿Úcafiler)r”ÚpathsÚenvrrrÚtest_get_default_verify_paths/s z.BasicSocketTests.test_get_default_verify_pathsÚwin32zWindows specificc Csð| t d¡¡| t d¡¡| ttj¡| ttjd¡tƒ}x–dD]Ž}t |¡}| |t¡xr|D]j}| |t ¡|  t |ƒd¡|\}}}| |t ¡|  |ddh¡| |ttf¡t|tƒrj| |¡qjWqJWd}|  ||¡dS) NÚCAÚROOTr_)rDrErÚx509_asnÚ pkcs_7_asnz1.3.6.1.5.5.7.3.1)rérZenum_certificatesr¨r—Ú WindowsErrorÚsetrâÚlisträr’r§ÚbytesrŠÚboolÚ isinstanceÚupdate) r”Z trust_oidsZ storenameÚstoreÚelementrÚencZtrustÚ serverAuthrrrÚtest_enum_certificates;s&        z'BasicSocketTests.test_enum_certificatescCs–| t d¡¡| ttj¡| ttjd¡t d¡}| |t¡xL|D]D}| |t¡|  t |ƒd¡| |dt ¡|  |dddh¡qJWdS)NrDr_érrrFrG) rérZ enum_crlsr¨r—rHrârJrär’r§rKrŠ)r”ZcrlsrPrrrÚtest_enum_crlsTs    zBasicSocketTests.test_enum_crlsc Csºd}t d¡}| ||¡| |jd¡| |jd¡| |jd¡| |jd¡| |tj¡| t tjd¡tj  d¡}| ||¡| |tj¡| t tjj d¡|  t d¡tj  d¡WdQRXxvt d ƒD]j}ytj  |¡}Wnt k rþYqÖX| |jt ¡| |jt¡| |jt¡| |jttdƒf¡qÖWtj d¡}| ||¡| |tj¡| tj d¡|¡| tj d¡|¡|  t d ¡tj d ¡WdQRXdS) N)érRzTLS Web Server Authenticationz1.3.6.1.5.5.7.3.1z1.3.6.1.5.5.7.3.1rVrRzTLS Web Server Authenticationéÿÿÿÿzunknown NID 100000i †ièzunknown object 'serverauth'Z serverauth)rÚ _ASN1Objectr’ÚnidÚ shortnameZlongnameÚoidrâr¨rGZfromnidr–ÚrangerãrœÚtypeZfromname)r”ÚexpectedÚvalÚiÚobjrrrÚtest_asn1objectcs@      z BasicSocketTests.test_asn1objectcCsÈt d¡}| tjjtj¡| tjj|¡| tjjjd¡| tjjjd¡| tjjjd¡t d¡}| tjj tj¡| tjj |¡| tjj jd¡| tjj jd¡| tjj jd¡dS)Nz1.3.6.1.5.5.7.3.1rVrRz1.3.6.1.5.5.7.3.2é‚Z clientAuth) rrXrâÚPurposeÚ SERVER_AUTHr’rYrZr[Ú CLIENT_AUTH)r”r_rrrÚtest_purpose_enumŠs    z"BasicSocketTests.test_purpose_enumc Cs”t tjtj¡}| |j¡| t¡}t|tj dWdQRX|  t |j ƒd¡t  tj¡}| t¡}| |¡WdQRX|  t |j ƒd¡dS)N)rmz!only stream sockets are supported)r˜ròÚ SOCK_DGRAMr´r±r¨rr|rrrr’rœrrDrrx)r”ršZcxrHrrrÚtest_unsupported_dtls›s    z&BasicSocketTests.test_unsupported_dtlscCs| t |¡|¡dS)N)r’rÚcert_time_to_seconds)r”Ú timestringÚ timestamprrrÚ cert_time_ok¦szBasicSocketTests.cert_time_okc Cs$| t¡t |¡WdQRXdS)N)r¨rGrrj)r”rkrrrÚcert_time_fail©s zBasicSocketTests.cert_time_failz)local time needs to be different from UTCcCs| dd¡| dd¡dS)NzMay 9 00:00:00 2007 GMTgÀCÑAzJan 5 09:34:43 2018 GMTgÀ¬Ñ“ÖA)rm)r”rrrÚ"test_cert_time_to_seconds_timezone­s z3BasicSocketTests.test_cert_time_to_seconds_timezonecCsàd}d}| ||¡| tj|d|¡| d|¡| d|¡| d¡| d¡| d¡| d ¡| d ¡| d ¡| d ¡d }| d|¡| d|¡| dd¡| dd¡| dd¡| d¡| dd¡dS)NzJan 5 09:34:43 2018 GMTgÀ¬Ñ“ÖA)rYzJan 05 09:34:43 2018 GMTzJaN 5 09:34:43 2018 GmTzJan 5 09:34 2018 GMTzJan 5 09:34:43 2018zJan 5 09:34:43 2018 UTCzJan 35 09:34:43 2018 GMTzJon 5 09:34:43 2018 GMTzJan 5 24:00:00 2018 GMTzJan 5 09:60:43 2018 GMTgàWÒAzDec 31 23:59:60 2008 GMTzJan 1 00:00:00 2009 GMTzJan 5 09:34:59 2018 GMTiÃFOZzJan 5 09:34:60 2018 GMTiÄFOZzJan 5 09:34:61 2018 GMTiÅFOZzJan 5 09:34:62 2018 GMTzDec 31 23:59:59 9999 GMTg€¿ úMB)rmr’rrjrn)r”rkÚtsZ newyear_tsrrrÚtest_cert_time_to_secondsµs*                z*BasicSocketTests.test_cert_time_to_secondsÚLC_ALLr_cCs@dd„}|ƒ ¡dkr | d¡| dd¡| |ƒd¡dS)NcSs t dd¡S)Nz%b) rrTrrRrTr:rrr)rJrXrrrrÚlocal_february_nameÜszNBasicSocketTests.test_cert_time_to_seconds_locale..local_february_nameZfebz>locale-specific month name needs to be different from C localezFeb 9 00:00:00 2007 GMTg`îrÑAz 9 00:00:00 2007 GMT)ÚlowerÚskipTestrmrn)r”rsrrrÚ test_cert_time_to_seconds_localeØs   z1BasicSocketTests.test_cert_time_to_seconds_localecCsvt tj¡}| |j¡t |¡}tt tj¡tjd}| |j¡|  t |f¡}t j t j t jt jf}| ||¡dS)N)rm)r˜ròr´r±rÚ bind_portr|rr‰Ú connect_exrrÚ ECONNREFUSEDÚ EHOSTUNREACHÚ ETIMEDOUTÚ EWOULDBLOCKrŠ)r”ÚserverÚportršÚrcÚerrorsrrrÚtest_connect_ex_errorçs       z&BasicSocketTests.test_connect_ex_error)4Ú__name__Ú __module__Ú __qualname__r•r›r r¬rcÚ skipUnlessr rr»ÚmaxDiffrÆrÉrÑrÔrÞrñrÚ cpython_onlyrùrr rrrrrr)r+r2rÚCHANNEL_BINDING_TYPESr4r9rBr1rarSrUrbrgrirmrnrProrqÚrun_with_localervrrrrrr‡sP     @   ' #r‡c@s¨eZdZedd„ƒZedd„ƒZdd„Ze e dkd¡d d „ƒZ e  e j d kd ¡d d„ƒZedd„ƒZdd„Zdd„Ze ee jdƒd¡dd„ƒZe eƒd¡dd„ƒZdd„Zdd„Zd d!„Zd"d#„Zed$d%„ƒZd&d'„Ze e jd(¡d)d*„ƒZed+d,„ƒZ ed-d.„ƒZ!d/d0„Z"d1d2„Z#d3d4„Z$e  e%j&d5kd6¡e  e'd7¡d8d9„ƒƒZ(e e%j&d5kd:¡e  ee%d;ƒd<¡d=d>„ƒƒZ)d?d@„Z*dAdB„Z+dCdD„Z,dEdF„Z-dGdH„Z.dIdJ„Z/dKS)LÚ ContextTestscCsTxtD]}t |¡qWt ¡}| |jtj¡| ttjd¡| ttjd¡dS)NrWé*)Ú PROTOCOLSrrDr’ržr“r¨rG)r”ržrHrrrÚtest_constructorús  zContextTests.test_constructorcCs*x$tD]}t |¡}| |j|¡qWdS)N)rŒrrDr’rž)r”rŸrHrrrÚ test_protocols  zContextTests.test_protocolc CsHt tj¡}| d¡| d¡| tjd¡| d¡WdQRXdS)NÚALLÚDEFAULTzNo cipher can be selectedz^$:,;?*'dorothyx)rrDrrwr–r`)r”rHrrrÚ test_ciphers s    zContextTests.test_ciphersrz+Test applies only to Python default cipherscCsjt tj¡}| ¡}xP|D]H}|d}| d|¡| d|¡| d|¡| d|¡| d|¡qWdS)NrZPSKZSRPÚMD5ZRC4Z3DES)rrDrÚ get_ciphersÚ assertNotIn)r”rHroÚsuiterrrrÚtest_python_cipherss      z ContextTests.test_python_ciphers)rrrTrrzOpenSSL too oldcCsHt tj¡}| d¡tdd„| ¡Dƒƒ}| d|¡| d|¡dS)NZAESGCMcss|]}|dVqdS)rNr)Ú.0Údrrrú !sz0ContextTests.test_get_ciphers..zAES256-GCM-SHA384zAES128-GCM-SHA256)rrDrrwrIr“rŠ)r”rHÚnamesrrrÚtest_get_cipherss    zContextTests.test_get_ciphersc CsÊt tj¡}tjtjBtjB}|ttBtBt Bt BO}|  ||j ¡|j tj O_ |  |tj B|j ¡tƒrª|j tj @|_ |  ||j ¡d|_ |  d|j tj@¡n| t¡ d|_ WdQRXdS)Nr)rrDrÚOP_ALLrŒrr)r,r*r+r-r’ÚoptionsrŽr=r¨rG)r”rHÚdefaultrrrÚ test_options%s  zContextTests.test_optionsc Csðt tj¡}| |jtj¡tj|_| |jtj¡tj|_| |jtj¡tj|_| |jtj¡| t ¡ d|_WdQRX| t ¡ d|_WdQRXt tj ¡}| |jtj¡|  |j ¡t tj¡}| |jtj¡| |j ¡dS)Nr‹)rrDr“r’rtrrrˆr‰r¨r—rGrEÚ assertFalsersrré)r”rHrrrÚtest_verify_mode_protocol;s$      z&ContextTests.test_verify_mode_protocolc Csvt tj¡}| |j¡tjrVd|_| |j¡d|_| |j¡d|_| |j¡n| t¡ d|_WdQRXdS)NTF) rrDrréZhostname_checks_common_nameZHAS_NEVER_CHECK_COMMON_NAMEr r¨ÚAttributeError)r”rHrrrÚ test_hostname_checks_common_nameRs     z-ContextTests.test_hostname_checks_common_nameÚminimum_versionzrequired OpenSSL 1.1.0gc Cs¢t tj¡}| |jtjjtjjtjjh¡|  |j tjj ¡tjj |_tjj|_ |  |jtjj ¡|  |j tjj¡tjj|_tjj|_ |  |jtjj¡|  |j tjj¡tjj |_ |  |j tjj ¡tjj|_ | |j tjjtjj h¡tjj |_| |jtjjtjjh¡| t¡ d|_WdQRXt tj¡}|  |jtjj¡|  |j tjj ¡| t¡tjj|_WdQRX| t¡tjj|_ WdQRXdS)Nr‹)rrDrErŠr¤Ú TLSVersionZMINIMUM_SUPPORTEDr ÚTLSv1_2r’Úmaximum_versionZMAXIMUM_SUPPORTEDr rÚTLSv1_3r¨rGr )r”rHrrrÚtest_min_max_version`sT             z!ContextTests.test_min_max_versionz!verify_flags need OpenSSL > 0.9.8c Cs¸t tj¡}ttddƒ}| |jtj|B¡tj|_| |jtj¡tj|_| |jtj¡tj|_| |jtj¡tjtj B|_| |jtjtj B¡|  t ¡ d|_WdQRXdS)NÚVERIFY_X509_TRUSTED_FIRSTr) rrDrEÚgetattrr’Ú verify_flagsÚVERIFY_DEFAULTÚVERIFY_CRL_CHECK_LEAFZVERIFY_CRL_CHECK_CHAINZVERIFY_X509_STRICTr¨r—)r”rHÚtfrrrÚtest_verify_flags¦s   zContextTests.test_verify_flagsc Cs¨t tj¡}|jtdd|jttd|jt|jtd| t¡}| t¡WdQRX|  |j j t j ¡|  tjd¡| t¡WdQRX|  tjd¡| t¡WdQRXt tj¡}| tt¡|jttd|jttd|  tjd¡| t¡WdQRX|  tjd¡| t¡WdQRX|  tjd¡|jttdWdQRXt tj¡}|  tjd¡| tt¡WdQRX|jttd|jtt ¡d|jttt ¡ƒd| ttt¡| ttt ¡¡| tttt ¡ƒ¡|  td¡|jtddWdQRX| tj¡|jtddWdQRX|  td ¡|jtd d dWdQRXd d „}dd„}dd„}dd„}dd„}dd„}dd„} Gdd„dƒ} |jt|d|jt|d|jt|d|jt| ƒd|jt| ƒjd| tj¡|jt|dWdQRX|  td ¡|jt|dWdQRX|  td¡|jt|dWdQRX|  td¡|jt| dWdQRX|jt| ddS)N)rqzPEM lib)rprqzkey values mismatch)Úpasswordzshould be a stringTÚbadpasszcannot be longeróaicSstS)N)Ú KEY_PASSWORDrrrrÚgetpass_unicodeész:ContextTests.test_load_cert_chain..getpass_unicodecSst ¡S)N)r´r&rrrrÚ getpass_bytesësz8ContextTests.test_load_cert_chain..getpass_bytescSs tt ¡ƒS)N)r©r´r&rrrrÚgetpass_bytearrayísz.getpass_bytearraycSsdS)Nr²rrrrrÚgetpass_badpassïsz:ContextTests.test_load_cert_chain..getpass_badpasscSsddS)Nr³irrrrrÚ getpass_hugeñsz7ContextTests.test_load_cert_chain..getpass_hugecSsdS)Nr8rrrrrÚgetpass_bad_typeósz;ContextTests.test_load_cert_chain..getpass_bad_typecSs tdƒ‚dS)Nz getpass error)Ú ExceptionrrrrÚgetpass_exceptionõsz.getpass_exceptionc@seZdZdd„Zdd„ZdS)z:ContextTests.test_load_cert_chain..GetPassCallablecSstS)N)r´)r”rrrÚ__call__øszCContextTests.test_load_cert_chain..GetPassCallable.__call__cSstS)N)r´)r”rrrÚgetpassúszBContextTests.test_load_cert_chain..GetPassCallable.getpassN)r‚rƒr„r½r¾rrrrÚGetPassCallable÷sr¿zmust return a stringz getpass error)rrDrErvr¿r¨r—rürr’rrrr–r`ÚBADCERTÚ EMPTYCERTÚONLYCERTÚONLYKEYÚBYTES_ONLYCERTÚ BYTES_ONLYKEYr×ÚCERTFILE_PROTECTEDr´r&r©ÚONLYKEY_PROTECTEDrGr¾r») r”rHrrµr¶r·r¸r¹rºr¼r¿rrrÚtest_load_cert_chainºsz      z!ContextTests.test_load_cert_chainc Csät tj¡}| t¡|jtdd| t¡|jtdd| t|j¡| t|jddd¡| t¡}| t ¡WdQRX|  |j j t j ¡| tjd¡| t¡WdQRX| tt¡|jttd| t|jdd¡dS)N)r?rzPEM lib)rT)rrDrErur¿ÚBYTES_CERTFILEr¨r—rürr’rrrr–r`rÀr>Ú BYTES_CAPATH)r”rHrrrrÚtest_load_verify_locations s     z'ContextTests.test_load_verify_locationsc CsJttƒ}| ¡}WdQRXt |¡}ttƒ}| ¡}WdQRXt |¡}t tj¡}| |  ¡dd¡|j |d| |  ¡dd¡|j |d| |  ¡dd¡|j |d| |  ¡dd¡t tj¡}d  ||f¡}|j |d| |  ¡dd¡t tj¡}d|d|d |d g}|j d  |¡d| |  ¡dd¡t tj¡}|j |d|j |d| |  ¡dd¡|j |d| |  ¡dd¡t tj¡}d   ||f¡}|j |d| |  ¡dd¡t tj¡}|j t |j td| tjd ¡|j d dWdQRX| tjd¡|j ddWdQRXdS)NÚx509_car)ÚcadatarrTr¼ÚheadÚotherZagainÚtailóz no start lineÚbrokenznot enough datasbroken)rÖr×r¶rrØÚCAFILE_NEURONIOrDrr’Úcert_store_statsrurr¨r—Úobjectr–r`)r”rhZ cacert_pemZ cacert_derZ neuronio_pemZ neuronio_derrHZcombinedrrrÚtest_load_verify_cadata sN                   z$ContextTests.test_load_verify_cadatac Cs t tj¡}| t¡tjdkr*| t¡| t |j¡| t |jd¡| t ¡}| t ¡WdQRX|  |j jtj¡| tj¡}| t¡WdQRXdS)NÚnt)rrDrEÚload_dh_paramsÚDHFILEr rÚ BYTES_DHFILEr¨r—ÚFileNotFoundErrorrr’rrrr`r¿)r”rHrrrrÚtest_load_dh_paramsZs     z ContextTests.test_load_dh_paramscCsDx>tD]6}t |¡}| | ¡ddddddddddddœ ¡qWdS)Nr) ÚnumberrZ connect_goodZconnect_renegotiateÚacceptZ accept_goodZaccept_renegotiateÚhitsÚmissesZtimeoutsZ cache_full)rŒrrDr’Ú session_stats)r”rŸrHrrrÚtest_session_statsgs   zContextTests.test_session_statscCst tj¡}| ¡dS)N)rrDrZset_default_verify_paths)r”rHrrrÚtest_set_default_verify_pathsys z*ContextTests.test_set_default_verify_pathsz#ECDH disabled on this OpenSSL buildcCsbt tj¡}| d¡| d¡| t|j¡| t|jd¡| t|jd¡| t|jd¡dS)NÚ prime256v1s prime256v1r¤sfoo)rrDrErFr¨r—rG)r”rHrrrÚtest_set_ecdh_curves   z ContextTests.test_set_ecdh_curvecCsjt tj¡}| t|j¡| t|jd¡| t|jd¡| t|j|¡dd„}| d¡| |¡dS)NrRr_cSsdS)Nr)ryÚ servernamerHrrrÚ dummycallback“sz5ContextTests.test_sni_callback..dummycallback)rrDrEr¨r—Úset_servername_callback)r”rHrçrrrÚtest_sni_callback‰s  zContextTests.test_sni_callbackcCsJt tj¡}|fdd„}| |¡t |¡}~~t ¡| |ƒd¡dS)NcSsdS)Nr)ryrærHÚcyclerrrrçsz>ContextTests.test_sni_callback_refcycle..dummycallback) rrDrErèrórôÚgcÚcollectr)r”rHrçrørrrÚtest_sni_callback_refcycle˜s    z'ContextTests.test_sni_callback_refcyclecCsŽt tj¡}| | ¡ddddœ¡| t¡| | ¡ddddœ¡| t¡| | ¡ddddœ¡| t¡| | ¡ddddœ¡dS)Nr)rÌÚcrlÚx509rrT) rrDrr’rÔrvr¿rur×)r”rHrrrÚtest_cert_store_stats¥s        z"ContextTests.test_cert_store_statsc Cs¨t tj¡}| | ¡g¡| t¡| | ¡g¡| t¡| | ¡dtdƒtdƒdddddœg¡t tƒ}|  ¡}WdQRXt  |¡}| | d¡|g¡dS) N)))rzRoot CA))rÌzhttp://www.cacert.org))rzCA Cert Signing Authority))rÍzsupport@cacert.orgzMar 29 12:29:49 2033 GMTzMar 30 12:29:49 2003 GMTZ00)z!https://www.cacert.org/revoke.crlr)rrr r!r'r"r$T) rrDrr’Ú get_ca_certsrur¿r×r\rÖr¶rØ)r”rHrhrÛÚderrrrÚtest_get_ca_certs³s"       zContextTests.test_get_ca_certscCs€t tj¡}| ¡t tj¡}| tjj¡| ¡t tj¡}| tjj¡t tj¡}| t|jd¡| t|jd¡dS)Nre) rrDrÚload_default_certsrdrerfr¨r—)r”rHrrrÚtest_load_default_certsÏs    z$ContextTests.test_load_default_certsrCznot-Windows specificz!LibreSSL doesn't support env varsc CsTt tj¡}t ¡6}t|d<t|d<| ¡| |  ¡ddddœ¡WdQRXdS)Nr;r<rr)rîrïrÌ) rrDrrr=r>r¿rôr’rÔ)r”rHrArrrÚtest_load_default_certs_envÞs   z(ContextTests.test_load_default_certs_envzWindows specificÚgettotalrefcountz3Debug build does not share environment between CRTsc Csxt tj¡}| ¡| ¡}t tj¡}t ¡>}t|d<t|d<| ¡|dd7<|  | ¡|¡WdQRXdS)Nr;r<rïr) rrDrrôrÔrr=r>r¿r’)r”rHÚstatsrArrrÚ#test_load_default_certs_env_windowsès   z0ContextTests.test_load_default_certs_env_windowscCs‚| |jtj@tj¡tdkr0| |jt@t¡tdkrJ| |jt@t¡tdkrd| |jt@t¡tdkr~| |jt@t¡dS)Nr)r’rrrŒr)r*r+r,)r”rHrrrÚ_assert_context_options÷s    z$ContextTests._assert_context_optionsc CsÐt ¡}| |jtj¡| |jtj¡| |j¡|  |¡t t ƒ}|  ¡}WdQRXtjt t |d}| |jtj¡| |jtj¡|  |¡t tjj¡}| |jtj¡| |jtj¡|  |¡dS)N)r?rrÍ)rÚcreate_default_contextr’ržr“rtr‰rérsrúrÖr‚r¶r>rdrfrr)r”rHrhrÍrrrÚtest_create_default_contexts     z(ContextTests.test_create_default_contextcCsüt ¡}| |jtj¡| |jtj¡| |j¡|  |¡t tj ¡}| |jtj ¡| |jtj¡|  |¡tjtj tj dd}| |jtj ¡| |jtj ¡|  |j¡|  |¡tjtj jd}| |jtj¡| |jtj¡|  |¡dS)NT)rmrs)Zpurpose)rZ_create_stdlib_contextr’ržr“rtrrr rsrúrr‰rérdrf)r”rHrrrÚtest__create_stdlib_contexts(      z(ContextTests.test__create_stdlib_contextc Csdt tj¡}| |j¡| |jtj¡d|_| |j¡| |jtj ¡d|_tj |_| |j¡| |jtj ¡d|_tj|_d|_| |j¡| |jtj¡d|_| |j¡| |jtj ¡d|_tj |_d|_| |j¡| |jtj ¡d|_| |j¡| |jtj ¡|  t ¡tj|_WdQRXd|_| |j¡tj|_| |jtj¡dS)NTF) rrDr“r rsr’rtrrrér‰rˆr¨rG)r”rHrrrÚtest_check_hostname4s@          z ContextTests.test_check_hostnamecCsTt tj¡}| |j¡| |jtj¡t tj¡}|  |j¡| |jtj ¡dS)N) rrDrrérsr’rtr‰rEr rr)r”rHrrrÚtest_context_client_server_s     z'ContextTests.test_context_client_serverc CsŠGdd„dtjƒ}Gdd„dtjƒ}t tj¡}||_||_|jt ¡dd}|  ||¡WdQRX|  t  ¡t  ¡¡}|  ||¡dS)Nc@s eZdZdS)z;ContextTests.test_context_custom_class..MySSLSocketN)r‚rƒr„rrrrÚ MySSLSocketksrc@s eZdZdS)z;ContextTests.test_context_custom_class..MySSLObjectN)r‚rƒr„rrrrÚ MySSLObjectnsrT)r ) rr™Ú SSLObjectrDrEZsslsocket_classZsslobject_classrxr˜râÚwrap_bioÚ MemoryBIO)r”rrrHryrarrrÚtest_context_custom_classjs z&ContextTests.test_context_custom_classN)0r‚rƒr„rlrrŽr‘rcr…rr–ÚskipIfrr?r›rŸr¡r£rirDr©rAr°rÈrËrÖrÜrârãrCråÚ needs_snirérírðrórõr1rarèrörùrúrürýrþrÿrrrrrrŠøsF    ES:    + rŠc@s,eZdZdd„Zdd„Zdd„Zdd„Zd S) Ú SSLErrorTestscCsXt dd¡}| t|ƒd¡| |jd¡t dd¡}| t|ƒd¡| |jd¡dS)Nrr¤)rr`r’rœrZSSLZeroReturnError)r”ÚerrrÚtest_str}s   zSSLErrorTests.test_strc Csnt tj¡}| tj¡}| t¡WdQRX| |jj d¡| |jj d¡t |jƒ}|  |  d¡|¡dS)NZPEMZ NO_START_LINEz"[PEM: NO_START_LINE] no start line)rrDrr¨r`rØr¿r’rZlibraryÚreasonrœrérÙ)r”rHrršrrrÚtest_lib_reason‡s  zSSLErrorTests.test_lib_reasonc CsÎt tj¡}d|_tj|_t ¡¢}| d¡| ¡t ¡}|  |  ¡¡|  d¡|j |dddT}|  tj¡}| ¡WdQRXt|jƒ}| | d¡|¡| |jjtj¡WdQRXWdQRXdS)NF)z 127.0.0.1r)r,z%The operation did not complete (read))rrDrrsrrrtr˜r-r.rr/Ú setblockingrxr¨ÚSSLWantReadErrorÚ do_handshakerœrrérÙr’rÚSSL_ERROR_WANT_READ)r”rHršr1rrrrÚ test_subclass‘s     zSSLErrorTests.test_subclassc Cs–t ¡}| t¡|jt ¡t ¡ddWdQRX| t¡|jt ¡t ¡ddWdQRX| t¡|jt ¡t ¡ddWdQRXdS)Nr_)r*z .example.orgzexample.orgevil.com)rrûr¨rGrrr—)r”rHrrrÚtest_bad_server_hostname¦s   z&SSLErrorTests.test_bad_server_hostnameN)r‚rƒr„r r rrrrrrr{s  rc@s4eZdZdd„Zdd„Zdd„Zdd„Zd d „Zd S) ÚMemoryBIOTestscCsªt ¡}| d¡| | ¡d¡| | ¡d¡| d¡| d¡| | ¡d¡| | ¡d¡| d¡| | d¡d¡| | d¡d ¡| | d¡d¡dS) NsfoorÑsbarsfoobarsbazrTsbaróz)rrr5r’r¶)r”ÚbiorrrÚtest_read_writeµs    zMemoryBIOTests.test_read_writecCs¶t ¡}| |j¡| | ¡d¡| |j¡| d¡| |j¡| ¡| |j¡| | d¡d¡| |j¡| | d¡d¡| |j¡| | ¡d¡| |j¡dS)NrÑsfoorTsforóo) rrr Úeofr’r¶r5Ú write_eofré)r”rrrrÚtest_eofÃs       zMemoryBIOTests.test_eofcCs¨t ¡}| |jd¡| d¡| |jd¡x0tdƒD]$}| d¡| |jd|d¡q8Wx,tdƒD] }| d¡| |j|d¡qjW| ¡| |jd¡dS)Nrsfoorrrú)rrr’Úpendingr5r\r¶)r”rr`rrrÚ test_pendingÓs   zMemoryBIOTests.test_pendingcCsbt ¡}| d¡| | ¡d¡| tdƒ¡| | ¡d¡| tdƒ¡| | ¡d¡dS)Nsfoosbarsbaz)rrr5r’r¶r©Ú memoryview)r”rrrrÚtest_buffer_typesás z MemoryBIOTests.test_buffer_typescCsLt ¡}| t|jd¡| t|jd¡| t|jd¡| t|jd¡dS)Nr¤Tr)rrr¨r—r5)r”rrrrÚtest_error_typesês zMemoryBIOTests.test_error_typesN)r‚rƒr„rrrrrrrrrr³s  rc@seZdZdd„Zdd„ZdS)ÚSSLObjectTestsc Cs0t ¡}| td¡t ||¡WdQRXdS)Nzpublic constructor)rrr–r—r)r”rrrrr›ósz SSLObjectTests.test_private_initc Cs.tƒ\}}}t ¡}t ¡}t ¡}t ¡}|j|||d}|j||dd} x€tdƒD]t} y | ¡Wntjk r|YnX|jr’| |  ¡¡y |  ¡Wntjk r´YnX|jrV| |  ¡¡qVW| ¡|  ¡|  tj¡|  ¡WdQRX| |  ¡¡|   ¡| |  ¡¡|  ¡dS)N)r*T)r rT) r†rrrr\rrrr5r¶r¨Úunwrap) r”Z client_ctxZ server_ctxrƒZc_inZc_outZs_inZs_outÚclientr}rºrrrÚ test_unwrapøs8   zSSLObjectTests.test_unwrapN)r‚rƒr„r›r#rrrrr òsr c@s¾eZdZdZdd„Zdd„Zdd„Zdd „Zd d „Zd d „Z dd„Z dd„Z dd„Z e  ejdkd¡dd„ƒZdd„Zdd„Zdd„Zdd„Zd d!„Zed"d#„ƒZd$d%„Zd&d'„Zd(d)„Zd*S)+ÚSimpleBackgroundTestsz?Tests that connect to a simple server running in the backgroundcCs2ttƒ}t|jf|_| ¡| |jddd¡dS)N)ÚThreadedEchoServerr}rr~Ú server_addrÚ __enter__r´Ú__exit__)r”r}rrrÚsetUp%s zSimpleBackgroundTests.setUpc Cs˜tt tj¡tjd.}| |j¡| i| ¡¡|  |j ¡WdQRXtt tj¡tj t d,}| |j¡|  | ¡¡|  |j ¡WdQRXdS)N)rm)rmrn)r|r˜ròrrrrr&r’Ú getpeercertr r r‰r‚ré)r”ršrrrÚ test_connect+s      z"SimpleBackgroundTests.test_connectcCs<tt tj¡tjd}| |j¡| tjd|j |j ¡dS)N)rmzcertificate verify failed) r|r˜ròrr‰r´r±r–r`rr&)r”ršrrrÚtest_connect_fail:s     z'SimpleBackgroundTests.test_connect_failcCsJtt tj¡tjtd}| |j¡| d|  |j ¡¡|  |  ¡¡dS)N)rmrnr) r|r˜ròrr‰r‚r´r±r’rxr&rér*)r”ršrrrÚtest_connect_exDs   z%SimpleBackgroundTests.test_connect_exc CsÚtt tj¡tjtdd}| |j¡| d¡|  |j ¡}|  |dt j t jf¡t g|ggd¡xby| ¡PWqftjk rœt |gggd¡Yqftjk rÂt g|ggd¡YqfXqfW| | ¡¡dS)NF)rmrnr,rg@)r|r˜ròrr‰r‚r´r±r rxr&rŠrZ EINPROGRESSr|ÚselectrrÚSSLWantWriteErrorrér*)r”ršrrrrÚtest_non_blocking_connect_exMs$    z2SimpleBackgroundTests.test_non_blocking_connect_exc CsÆt tj¡}| t tj¡¡"}| |j¡| i|  ¡¡WdQRX|jt tj¡dd}| |j¡WdQRXtj |_ |  t ¡| t tj¡¡$}| |j¡|  ¡}| |¡WdQRXdS)NÚdummy)r*)rrDr“rxr˜ròrr&r’r*r‰rtrur‚ré)r”rHršrrrrÚtest_connect_with_contextgs     z/SimpleBackgroundTests.test_connect_with_contextcCsLt tj¡}tj|_| t tj¡¡}| |j ¡|  tj d|j |j ¡dS)Nzcertificate verify failed)rrDr“r‰rtrxr˜ròr´r±r–r`rr&)r”rHršrrrÚtest_connect_with_context_failys    z4SimpleBackgroundTests.test_connect_with_context_failc Cs¼t tj¡}tj|_|jtd| t tj ¡¡$}|  |j ¡|  ¡}|  |¡WdQRXt tj¡}tj|_|jtd| t tj ¡¡$}|  |j ¡|  ¡}|  |¡WdQRXdS)N)r)rrDr“r‰rtrur>rxr˜ròrr&r*rérÊ)r”rHršrrrrÚtest_connect_capath„s      z)SimpleBackgroundTests.test_connect_capathc Csâttƒ}| ¡}WdQRXt |¡}t tj¡}tj|_|j |d|  t   t j ¡¡$}|  |j¡| ¡}| |¡WdQRXt tj¡}tj|_|j |d|  t   t j ¡¡$}|  |j¡| ¡}| |¡WdQRXdS)N)rÍ)rÖr‚r¶rrØrDr“r‰rtrurxr˜ròrr&r*ré)r”rhrÛròrHršrrrrÚtest_connect_cadata›s"        z)SimpleBackgroundTests.test_connect_cadatar×z*Can't use a socket as a file under Windowsc Csˆtt tj¡ƒ}| |j¡| ¡}| ¡}| ¡t  |d¡| ¡t   ¡|  t ¡}t  |d¡WdQRX| |jjtj¡dS)Nr)r|r˜ròrr&ÚfilenoÚmakefiler±r r¶rërìr¨rür’rrÚEBADF)r”r÷Úfdrhr rrrÚtest_makefile_close°s   z)SimpleBackgroundTests.test_makefile_closecCsÄt tj¡}| |j¡| d¡t|tjdd}| |j ¡d}xfy|d7}|  ¡PWqDtj k r€t   |ggg¡YqDtj k r¤t   g|gg¡YqDXqDWtjrÀtj d|¡dS)NF)rmr,rrz9 Needed %d calls to do_handshake() to establish session. )r˜ròrr&r r|rrrr´r±rrr.r/rr3r1r4r5)r”ršÚcountrrrÚtest_non_blocking_handshakeÃs&    z1SimpleBackgroundTests.test_non_blocking_handshakecCst|f|jždtiŽdS)Nr)Ú_test_get_server_certificater&r‚)r”rrrÚtest_get_server_certificateØsz1SimpleBackgroundTests.test_get_server_certificatecCst|f|jžŽdS)N)Ú!_test_get_server_certificate_failr&)r”rrrÚ test_get_server_certificate_failÛsz6SimpleBackgroundTests.test_get_server_certificate_failc Cs²tt tj¡tjdd}| |j¡WdQRXtt tj¡tjdd}| |j¡WdQRX| tjd¡:t tj¡"}t|tjdd}| |j¡WdQRXWdQRXdS)Nr)rmrorzNo cipher can be selectedz^$:,;?*'dorothyx) r|r˜ròrrrrr&r–r`)r”ršryrrrr‘às   z"SimpleBackgroundTests.test_ciphersc Cs€t tj¡}|jtd| | ¡g¡|jt tj ¡dd$}|  |j ¡|  ¡}|  |¡WdQRX| t| ¡ƒd¡dS)N)rr)r*r)rrDrrur>r’rñrxr˜ròrr&r*rér§)r”rHršrrrrÚtest_get_ca_certs_capathîs    z.SimpleBackgroundTests.test_get_ca_certs_capathc Cs¨t tj¡}|jtdt tj¡}|jtdt tj¡}|j|ddT}| |j ¡|  |j |¡|  |j j |¡||_ |  |j |¡|  |j j |¡WdQRXdS)N)rr)r*) rrDrrur>r˜ròrxrr&rr{Ú_sslobj)r”Zctx1Zctx2ršr÷rrrÚtest_context_setgetús      z)SimpleBackgroundTests.test_context_setgetc Osú| dd¡}t ¡|}d} x¼t ¡|kr4| d¡d} | d7} y ||Ž} Wn>tjk rŠ} z| jtjtjfkrt‚| j} Wdd} ~ XYnX|  ¡} |  | ¡| dkrªPq| tjkr|  d¡} | rÎ|  | ¡q|  ¡qWtjrötj  d| |jf¡| S)Nr é rri€z"Needed %d calls to complete %s(). )ÚgetrJÚ monotonicr®rr`rrZSSL_ERROR_WANT_WRITEr¶Úsendallrýr5rrr3r1r4r‚)r”ryÚincomingÚoutgoingrgrerfr Údeadliner;rÚretr ÚbufrrrÚ ssl_io_loop s8           z!SimpleBackgroundTests.ssl_io_loopcCs„t tj¡}| |j¡| |j¡t ¡}t ¡}t tj ¡}|  |j ¡|  |j tj¡| t¡| ||dt¡}| |jj|¡| | ¡¡| | ¡¡| | ¡¡| t|j¡dtjkrØ| | d¡¡|  ||||j!¡|  | ¡¡| | ¡¡| | ¡¡|  | ¡¡dtjkr>|  | d¡¡y|  ||||j"¡Wntj#k rlYnX| tj$|j%d¡dS)NFz tls-uniquesfoo)&r˜ròr´r±rr&rrrDrrérsr’rtr‰rur‚rr~rrBÚownerr3Úcipherr$ÚassertIsNotNoneÚshared_ciphersr¨rGr*rˆr0rMrr!ZSSLSyscallErrorr`r5)r”ryrHrIrHÚsslobjrrrÚtest_bio_handshake/s<         z(SimpleBackgroundTests.test_bio_handshakecCs¶t tj¡}| |j¡| |j¡t ¡}t ¡}t tj ¡}tj |_ |  ||d¡}|  ||||j¡d}|  ||||j|¡|  ||||jd¡}| |d¡|  ||||j¡dS)NFsFOO isfoo )r˜ròr´r±rr&rrrDr“rrrtrrMrr5r¶r’r!)r”ryrHrIrHrRÚreqrLrrrÚtest_bio_read_write_dataQs     z.SimpleBackgroundTests.test_bio_read_write_dataN)r‚rƒr„Ú__doc__r)r+r,r-r0r2r3r4r5rcrr rr:r<r>r@r‘rArrCrMrSrUrrrrr$"s(    %"r$c@s*eZdZdd„Ze ejd¡dd„ƒZdS)ÚNetworkedTestsc Cs|t t¡htt tj¡tjdd}| |j ¡|  d¡|  tdf¡}|dkrZ|  d¡|  |tjtjf¡WdQRXdS)NF)rmr,gH¯¼šò×z>i»rz!REMOTE_HOST responded too quickly)rÚtransient_internetÚ REMOTE_HOSTr|r˜ròrr‰r´r±r rxrurŠrÚEAGAINr|)r”ršrrrrÚtest_timeout_connect_exds     z&NetworkedTests.test_timeout_connect_exz Needs IPv6c Cs2t d¡t|ddƒt|ddƒWdQRXdS)Nzipv6.google.comi»)rrXr=r?)r”rrrÚ test_get_server_certificate_ipv6rs  z/NetworkedTests.test_get_server_certificate_ipv6N) r‚rƒr„r[rcr…rÚ IPV6_ENABLEDr\rrrrrWbsrWcCslt ||f¡}|s$| d||f¡tj||f|d}|sL| d||f¡tjrhtj d|||f¡dS)NzNo server certificate on %s:%s!)rnz& Verified certificate for %s:%s is %s )rÚget_server_certificater®rr3r1r4r5)Útestr$r~rrÛrrrr=ysr=c Csjytj||ftd}Wn:tjk rP}ztjr@tj d|¡Wdd}~XYnX|  d|||f¡dS)N)rnz%s z$Got server certificate %s for %s:%s!) rr^r¿r`rr3r1r4r5r®)r_r$r~rÛÚxrrrr?„s "r?)Úmake_https_serverc @sReZdZGdd„dejƒZddd„Zdd „Zd d „Zdd d „Z dd„Z dd„Z dS)r%c@s@eZdZdZdd„Zdd„Zdd„Zdd „Zd d „Zd d „Z dS)z$ThreadedEchoServer.ConnectionHandlerzºA mildly complicated class, because we want it to work both with and without the SSL wrapper around the socket connection, so that we can test the STARTTLS functionality.cCs@||_d|_||_||_|j d¡d|_tj |¡d|_ dS)NFrT) r}ÚrunningryÚaddrr ÚsslconnÚ threadingÚThreadÚ__init__Údaemon)r”r}Zconnsockrcrrrrg™s  z-ThreadedEchoServer.ConnectionHandler.__init__c Cs yB|jjj|jdd|_|jj |j ¡¡|jj |j  ¡¡WnÖt t fk r¨}zB|jj  t |ƒ¡|jjrˆtdt|jƒdƒd|_| ¡dSd}~XYn^tjtfk r}zL|jj  t |ƒ¡|jjrðtdt|jƒdƒd|_|j ¡| ¡dSd}~XYnîX|jj |j ¡¡|jjjtjkr°|j ¡}tjrv|jjrvtj  dt! "|¡d¡|j d¡}tjr°|jjr°tj  dt t#|ƒƒd ¡|j $¡}tjr|jjrtj  d t |ƒd¡tj  d t |j ¡ƒd¡dSdS) NT)r z' server: bad connection attempt from z: Fz client cert is r¼z cert binary is z bytes z" server: connection cipher is now z" server: selected protocol is now )%r}r{rxryrdÚselected_npn_protocolsÚappendÚselected_npn_protocolÚselected_alpn_protocolsÚselected_alpn_protocolÚConnectionResetErrorÚBrokenPipeErrorÚ conn_errorsrœÚchattyr7r5rcrbr±rr`rüÚstoprQrtr‰r*rr3r1r4r5rÃrÄr§rO)r”r rZ cert_binaryrOrrrÚ wrap_conn£sD     z.ThreadedEchoServer.ConnectionHandler.wrap_conncCs |jr|j ¡S|j d¡SdS)Ni)rdr¶ryrý)r”rrrr¶Ùs z)ThreadedEchoServer.ConnectionHandler.readcCs"|jr|j |¡S|j |¡SdS)N)rdr5ryr)r”rKrrrr5ßs z*ThreadedEchoServer.ConnectionHandler.writecCs |jr|j ¡n |j ¡dS)N)rdr±ry)r”rrrr±ås z*ThreadedEchoServer.ConnectionHandler.closec Cszd|_|jjs| ¡sdSxX|jrtyÀ| ¡}| ¡}|s|d|_y|j ¡|_Wnt k rhYnXd|_|  ¡nj|dkrªt j rž|jj ržtj d¡|  ¡dS|jjrî|dkrît j rÔ|jj rÔtj d¡| d¡| ¡sêdSnø|jjrf|jrf|dkrft j r(|jj r(tj d ¡| d¡|j ¡|_d|_t j ræ|jj rætj d ¡n€|d kr¶t j rŽ|jj rŽtj d ¡|j d ¡}| t|ƒ d¡d¡n0|dkr8t j rÞ|jj rÞtj d¡y|j ¡Wn>tjk r*}z| t|ƒ d¡d¡Wdd}~XYn X| d¡n®|dkrj|j ¡dk r^| d¡n | d¡n||dkr˜|j ¡}| t|ƒ d¡d¡nNt j rØ|jj rØ|jr¸dpºd}tj d||| ¡|f¡| | ¡¡Wqtk r2|jjr t j r tj d |j¡¡|  ¡d|_Yqt k rp|jjrTtdƒ|  ¡d|_|j ¡YqXqWdS)NTFsoverz" server: client closed connection sSTARTTLSz2 server: read STARTTLS from client, sending OK... sOK sENDTLSz0 server: read ENDTLS from client, sending OK... z* server: connection is now unencrypted... s CB tls-uniquez@ server: read CB tls-unique from client, sending our CB data... z tls-uniquezus-asciió sPHAz( server: initiating post handshake auth sHASCERTsTRUE sFALSE sGETCERTZ encryptedZ unencryptedz/ server: read %r (%s), sending back %r (%s)... z Connection reset by peer: {} zTest server failure: )rbr}Ústarttls_serverrsr¶Ústriprdr!ryrür±rr3Úconnectionchattyr1r4r5r0r5r&Úverify_client_post_handshakerr`r*rtrnrqrêrcr7rr)r”ÚmsgÚstrippedr«r rZctyperrrÚrunës˜              *          z(ThreadedEchoServer.ConnectionHandler.runN) r‚rƒr„rVrgrsr¶r5r±r{rrrrÚConnectionHandler“s 6r|NTFc Csð| r | |_n€t |dk r|ntj¡|_|dk r2|ntj|j_|rL|j |¡|r\|j |¡|rl|j |¡| r||j  | ¡| rŒ|j  | ¡||_ ||_ ||_ t ¡|_t |j¡|_d|_d|_g|_g|_g|_g|_tj |¡d|_dS)NFT)r{rrDrErrrtrurvÚset_npn_protocolsÚset_alpn_protocolsrwrqrwrur˜ryrrwr~ÚflagÚactiverirlrQrprerfrgrh) r”Z certificaterzÚcertreqsÚcacertsrqrwruZ npn_protocolsZalpn_protocolsror{rrrrgG s<           zThreadedEchoServer.__init__cCs| t ¡¡|j ¡|S)N)ÚstartreÚEventrÚwait)r”rrrr'l s zThreadedEchoServer.__enter__cGs| ¡| ¡dS)N)rrr)r”rerrrr(q szThreadedEchoServer.__exit__cCs||_tj |¡dS)N)rrerfrƒ)r”rrrrrƒu szThreadedEchoServer.startc Cs|j d¡|j ¡d|_|jr,|j ¡xÖ|jryT|j ¡\}}tjrj|j rjt j   dt |ƒd¡| |||¡}| ¡| ¡Wq.tjk r Yq.tk rº| ¡Yq.tk rþ}z(tjrî|j rît j   dt |ƒd¡Wdd}~XYq.Xq.W|j ¡dS)Ngš™™™™™©?Tz server: new connection from r¼z connection handling failed: )ryr r.r€rrIrÞrr3rqr1r4r5r5r|rƒrr˜r ÚKeyboardInterruptrrr²r±)r”ZnewconnZconnaddrÚhandlerr rrrr{y s.        (zThreadedEchoServer.runcCs d|_dS)NF)r€)r”rrrrr” szThreadedEchoServer.stop) NNNNTFFNNNN)N) r‚rƒr„rerfr|rgr'r(rƒr{rrrrrrr%‘s5 ! r%c@sXeZdZGdd„dejƒZdd„Zdd„Zdd„Zd d „Z dd d „Z dd„Z dd„Z d S)ÚAsyncoreEchoServerc@s6eZdZGdd„dejƒZdd„Zdd„Zdd„Zd S) zAsyncoreEchoServer.EchoServerc@s<eZdZdd„Zdd„Zdd„Zdd„Zd d „Zd d „Zd S)z/AsyncoreEchoServer.EchoServer.ConnectionHandlercCs4t|d|dd|_tj ||j¡d|_| ¡dS)NTF)r rpr,)r|r˜ÚasyncoreÚdispatcher_with_sendrgÚ_ssl_acceptingÚ_do_ssl_handshake)r”ÚconnrprrrrgŸ s  z8AsyncoreEchoServer.EchoServer.ConnectionHandler.__init__cCs.t|jtjƒr*x|j ¡dkr(| ¡qWdS)NrT)rMr˜rr™rZhandle_read_event)r”rrrÚreadable§ s z8AsyncoreEchoServer.EchoServer.ConnectionHandler.readablec Csœy|j ¡Wn‚tjtjfk r*dStjk rB| ¡Stjk rX‚Yn@tk r}z|j dt j kr€| ¡SWdd}~XYnXd|_ dS)NrF) r˜rrrr/Z SSLEOFErrorÚ handle_closer`rürerZ ECONNABORTEDr‹)r”ÚerrrrrrŒ­ szAAsyncoreEchoServer.EchoServer.ConnectionHandler._do_ssl_handshakecCsT|jr| ¡n@| d¡}tjr4tj dt|ƒ¡|sB|  ¡n|  |  ¡¡dS)Niz server: read %s from client ) r‹rŒrýrr3r1r4r5r5r±rrt)r”r«rrrÚ handle_read¼ s   z;AsyncoreEchoServer.EchoServer.ConnectionHandler.handle_readcCs$| ¡tjr tj d|j¡dS)Nz server: closed connection %s )r±rr3r1r4r5r˜)r”rrrrÈ sz)Ú __class__r‚r})r”rrrÚ__str__ç szAsyncoreEchoServer.__str__cCs| t ¡¡|j ¡|S)N)rƒrer„rr…)r”rrrr'ê s zAsyncoreEchoServer.__enter__cGsVtjrtj d¡| ¡tjr,tj d¡| ¡tjrFtj d¡tjdddS)Nz cleanup: stopping server. z! cleanup: joining server thread. z cleanup: successfully joined. T)Ú ignore_all) rr3r1r4r5rrrr‰Ú close_all)r”rerrrr(ï s   zAsyncoreEchoServer.__exit__NcCs||_tj |¡dS)N)rrerfrƒ)r”rrrrrƒû szAsyncoreEchoServer.startcCsBd|_|jr|j ¡x&|jr> (%d) received; expected <<%r>> (%d) Nésover z client: closing connection. )Ú compressionrOÚpeercertÚclient_alpn_protocolÚclient_npn_protocolr$Úsession_reusedr›Úserver_alpn_protocolsÚserver_npn_protocolsÚserver_shared_ciphers)r%rxr˜rrr~r©rrr3r1r4r5r¶rtÚAssertionErrorr§rNrrOr*rmrkr$r¡r›r±rlrirQ) r„r…ÚindatarqrwÚsni_namer›rør}ršÚargÚoutdatarrrÚserver_params_test sR          rªc CsÈ|dkrtj}tjdtjdtjdi|}tjr\|r6dp8d}tj |t  |¡t  |¡|f¡t  |¡}|j |O_ t  |¡} | j |O_ t   |d¡} | dk rÄt| dƒrÄ|tjkrÄ| j| krÄ| | _|jtjkrÚ| d¡x*|| fD]} || _|  t¡|  t¡qäWyt|| d d d } WnXtjk r:|r6‚YnŠtk rr} z|s`| jtjkrb‚Wdd} ~ XYnRX|s˜td t  |¡t  |¡fƒ‚n,|d k rÄ|| d krÄtd|| d fƒ‚dS)a< Try to SSL-connect using *client_protocol* to *server_protocol*. If *expect_success* is true, assert that the connection succeeds, if it's false, assert that the connection fails. Also, if *expect_success* is a string, assert that it is the protocol version actually used by the connection. Nrrrˆr‰z %s->%s %s z {%s->%s} %s r¤rF)rqrwz5Client protocol %s succeeded with server protocol %s!Tr$z%version mismatch: expected %r, got %r)rrrrˆr‰rr3r1r4r5Zget_protocol_namerDrÚPROTOCOL_TO_TLS_VERSIONrErir“r¤ržrwrtrvr}rur‚rªr`rürÚ ECONNRESETr¥)Zserver_protocolZclient_protocolÚexpect_successZ certsreqsÚserver_optionsÚclient_optionsZcerttypeZ formatstrr„r…Ú min_versionrHrør rrrÚtry_protocol_combo? s\             r±c@seZdZedd„ƒZdd„Ze eƒd¡dd„ƒZ dd „Z d d „Z d d „Z dd„Z dd„Ze ejd¡dd„ƒZdd„Zdd„Zee eedƒd¡dd„ƒƒZedd„ƒZee eedƒd ¡d!d"„ƒƒZed#d$„ƒZee eed%ƒd&¡d'd(„ƒƒZee eed)ƒd*¡d+d,„ƒƒZd-d.„Zd/d0„Zd1d2„Zd3d4„Zd5d6„Zd7d8„Z d9d:„Z!d;d<„Z"d=d>„Z#d?d@„Z$dAdB„Z%dCdD„Z&e ejdE¡dFdG„ƒZ'e eej(dHƒdI¡dJdK„ƒZ)e eej(dHƒdI¡e ej*dL¡dMdN„ƒƒZ+e ej,dO¡dPdQ„ƒZ-e dRej.kdS¡dTdU„ƒZ/dVdW„Z0e eedXƒdY¡dZd[„ƒZ1d\d]„Z2e e3d^¡e 4e5d_¡d`da„ƒƒZ6dbdc„Z7e ej8dd¡dedf„ƒZ9e ej8dg¡dhdi„ƒZ:djdk„Z;e ejdqdr„Z?e@dsdt„ƒZAe@dudv„ƒZBe@dwdx„ƒZCe@dydz„ƒZDd{d|„ZEd}d~„ZFdd€„ZGdd‚„ZHdƒd„„ZId…S)†Ú ThreadedTestsc CsÄtjrtj d¡x`tD]X}|tjtjhkr.q|j tj |d*t  |¡}|  t ¡t||dddWdQRXqWtƒ\}}}|j tjtjdt||dd|dWdQRXd|_|j tjtjdB| tj¡}t||dd|dWdQRX| d t|jƒ¡WdQRX|j tjtjd@| tj¡}t||ddd WdQRX| d t|jƒ¡WdQRX|j tjtjd@| tj¡}t||ddd WdQRX| d t|jƒ¡WdQRXdS) z2Basic test of an SSL client connecting to a serverr¼)ržT)rqrwN)r"r})r„r…rqrwr§Fz%called a function you should not call)r„r…rqrw)rr3r1r4r5rŒrrrEÚsubTestÚ_PROTOCOL_NAMESrDrvr¿rªr†rsr¨r`rŠrœr)r”ržr{r„r…rƒr rrrÚ test_echoˆ sN     zThreadedTests.test_echoc Cs\tjrtj d¡tƒ\}}}t|dd}|"|jt ¡d|d}|  t |j f¡|  t ¡| ¡WdQRX| ¡| ¡}| |d¡| ¡}tjrÐtj t |¡d¡tj dt|ƒd¡d|krì| d t |¡¡d |dkr| d ¡| d |¡| d |¡t |d ¡}t |d ¡} | || ¡WdQRXWdQRXdS)Nr¼F)r{rq)r,r*zCan't get peer certificate.zConnection cipher is z. r"z$No subject field in certificate: %s.))rzPython Software FoundationzkMissing or invalid 'organizationName' field in certificate subject; should be 'Python Software Foundation'.r r)rr3r1r4r5r†r%rxr˜rrr~r¨rGr*rrérOrÃrÄrœr®rŠrrjræ) r”r„r…rƒr}ršrrOÚbeforeÚafterrrrÚtest_getpeercert¸ s<          zThreadedTests.test_getpeercertz!verify_flags need OpenSSL > 0.9.8c Cs|tjrtj d¡tƒ\}}}ttddƒ}| |j tj |B¡t |dd}|H|j t   ¡|d*}| t|jf¡| ¡}| |d¡WdQRXWdQRX|j tjO_ t |dd}|N|j t   ¡|d0}| tjd¡| t|jf¡WdQRXWdQRXWdQRX| t¡t |dd}|H|j t   ¡|d*}| t|jf¡| ¡}| |d¡WdQRXWdQRXdS) Nr¼rªrT)r{rq)r*zCan't get peer certificate.zcertificate verify failed)rr3r1r4r5r†r«rr’r¬r­r%rxr˜rrr~r*rér®r–r`ruÚCRLFILE)r”r„r…rƒr¯r}ršrrrrÚtest_crl_checkÜ s8          .    zThreadedTests.test_crl_checkc Cs6tjrtj d¡tƒ\}}}t|dd}|H|jt ¡|d*}|  t |j f¡|  ¡}|  |d¡WdQRXWdQRXt|dd}|N|jt ¡dd0}| tjd¡|  t |j f¡WdQRXWdQRXWdQRXt|dd}|<t ¡(}| td¡| |¡WdQRXWdQRXWdQRXdS) Nr¼T)r{rq)r*zCan't get peer certificate.r(z:Hostname mismatch, certificate is not valid for 'invalid'.z'check_hostname requires server_hostname)rr3r1r4r5r†r%rxr˜rrr~r*rér–rrrG)r”r„r…rƒr}ršrrrrrþ s0         .  z!ThreadedTests.test_check_hostnamec CsÂt tj¡}| t¡| d¡t}t tj¡}| t ¡t |dd}|n|j t   ¡|dP}|  t|jf¡| ¡}| |d¡| ¡d d¡}| |dd…d ¡WdQRXWdQRXdS) NzECDHE:ECDSA:!NULL:!aRSAT)r{rq)r*zCan't get peer certificate.rú-rT)ÚECDHEÚECDSA)rrDrrur‚rwÚSIGNED_CERTFILE_ECC_HOSTNAMErErvÚSIGNED_CERTFILE_ECCr%rxr˜rrr~r*rérOÚsplit)r”r„rƒr…r}ršrrOrrrÚ test_ecc_cert' s         zThreadedTests.test_ecc_certc CsÜt tj¡}| t¡|jtjO_| d¡t}t tj ¡}|  t ¡|  t ¡t |dd}|n|jt ¡|dP}| t|jf¡| ¡}| |d¡| ¡d d¡}| |dd…d ¡WdQRXWdQRXdS) NzECDHE:ECDSA:!NULL:!aRSAT)r{rq)r*zCan't get peer certificate.rr»rT)r¼r½)rrDrrur‚rrrwr¾rErvr¿r}r%rxr˜rrr~r*rérOrÀ)r”r„rƒr…r}ršrrOrrrÚtest_dual_rsa_ecc< s"          zThreadedTests.test_dual_rsa_eccc CsRtjrtj d¡t tj¡}| t ¡t tj ¡}tj |_ d|_ | t¡ddddddd d g}xŠ|D]‚\}}t|dd }|d|jt ¡|d F}| |j|¡| t|jf¡| ¡}| |j|¡| |d ¡WdQRXWdQRXqfWt|dd }|L|jt ¡dd .}| tj¡| t|jf¡WdQRXWdQRXWdQRXdS)Nr¼T)ukönig.idn.pythontest.netzxn--knig-5qa.idn.pythontest.net)zxn--knig-5qa.idn.pythontest.netzxn--knig-5qa.idn.pythontest.net)sxn--knig-5qa.idn.pythontest.netzxn--knig-5qa.idn.pythontest.net)u(königsgäßchen.idna2003.pythontest.netz.xn--knigsgsschen-lcb0w.idna2003.pythontest.net)z.xn--knigsgsschen-lcb0w.idna2003.pythontest.netz.xn--knigsgsschen-lcb0w.idna2003.pythontest.net)s.xn--knigsgsschen-lcb0w.idna2003.pythontest.netz.xn--knigsgsschen-lcb0w.idna2003.pythontest.net)z.xn--knigsgchen-b4a3dun.idna2008.pythontest.netz.xn--knigsgchen-b4a3dun.idna2008.pythontest.net)s.xn--knigsgchen-b4a3dun.idna2008.pythontest.netz.xn--knigsgchen-b4a3dun.idna2008.pythontest.net)r{rq)r*zCan't get peer certificate.zpython.example.org)rr3r1r4r5rrDrErvÚ IDNSANSFILErr‰rtrsrur‚r%rxr˜r’r*rrr~r*rér¨r) r”r…r{Z idn_hostnamesr*Zexpected_hostnamer}ršrrrrÚtest_check_hostname_idnV s@        $   z%ThreadedTests.test_check_hostname_idnc Cstƒ\}}}| t¡tj|_tjj|_t |ddd}|Â|j t   ¡|d¤}y|  t |jf¡Wn~tjk rž}ztjrŽtj d|¡Wdd}~XYnPtk râ}z(|jtjkr¼‚tjrÒtj d|¡Wdd}~XYn X| d¡WdQRXWdQRXdS)zÇConnecting when the server rejects the client's certificate Launch a server with CERT_REQUIRED, and check that trying to connect to it with a wrong client certificate fails. T)r{rqrw)r*z SSLError is %r Nz socket.error is %r z'Use of invalid cert should have failed!)r†rvr¿rr‰rtr¥r¦r§r%rxr˜rrr~r`rr3r1r4r5rürr¬r®)r”r„r…rƒr}ršr rrrÚtest_wrong_cert_tls12Ž s(        "z#ThreadedTests.test_wrong_cert_tls12zTest needs TLS 1.3c Cs&tƒ\}}}| t¡tj|_tjj|_tjj|_t |ddd}|Ø|j t   ¡|dº}|  t |jf¡y| d¡| d¡Wn€tjk r¼}ztjr¬tj d|¡Wdd}~XYnRtk r}z(|jtjkrÜ‚tjròtj d|¡Wdd}~XYn X| d¡WdQRXWdQRXdS) NT)r{rqrw)r*sdatarRz SSLError is %r z socket.error is %r z'Use of invalid cert should have failed!)r†rvr¿rr‰rtr¥r¨r¤r%rxr˜rrr~r5r¶r`rr3r1r4rürr¬r®)r”r„r…rƒr}ršr rrrÚtest_wrong_cert_tls13³ s.          "z#ThreadedTests.test_wrong_cert_tls13cstt ¡‰t ¡‰t ¡‰t ˆt¡‰‡‡‡fdd„}‡‡‡‡fdd„}tj|d}| ¡z |ƒWd| ¡XdS)ztA brutal shutdown of an SSL server should raise an OSError in the client when attempting handshake. cs8ˆ ¡ˆ ¡ˆ ¡\}}| ¡ˆ ¡ˆ ¡dS)N)r.rIrÞr±)Znewsockrc)Ú listener_goneÚlistener_readyršrrÚlistenerà s  z2ThreadedTests.test_rude_shutdown..listenerc sbˆ ¡t ¡H}| tˆf¡ˆ ¡y t|ƒ}Wntk rHYn Xˆ d¡WdQRXdS)Nz2connecting to closed SSL socket should have failed)r…r˜rrr|rür®)r1Ússl_sock)rÇrÈr~r”rrÚ connectorè s  z3ThreadedTests.test_rude_shutdown..connector)ÚtargetN) rer„r˜rrwrrfrƒr)r”rÉrËrír)rÇrÈr~ršr”rÚtest_rude_shutdownÒ s   z ThreadedTests.test_rude_shutdownc Csútjrtj d¡t tj¡}| t ¡t tj ¡}t |dd}|¬|j t   ¡tdŽ}y| t|jf¡Wnrtjk rà}zRd}| |tj¡| |jd¡| |j|¡| |t|ƒ¡| dt|ƒ¡Wdd}~XYnXWdQRXWdQRXdS)Nr¼T)r{rq)r*z&unable to get local issuer certificaterœzcertificate verify failed)rr3r1r4r5rrDrErvr}rr%rxr˜r~rrr~r`râZSSLCertVerificationErrorr’Z verify_codeZverify_messagerŠr5)r”r…r{r}ršr ryrrrÚtest_ssl_cert_verify_errorû s$       z(ThreadedTests.test_ssl_cert_verify_errorr]z)OpenSSL is compiled without SSLv2 supportcCsÐtjrtj d¡ttjtjdƒttjtjdtjƒttjtjdtj ƒttjtj dƒt tdƒrtttjtj dƒttjtj dƒtƒr ttjtj dtjdttjtj dtjdttjtj dtjddS)z9Connecting to an SSLv2 server with various client optionsr¼TFÚPROTOCOL_SSLv3)r¯N)rr3r1r4r5r±rr]rˆr‰r“rirÏrr@rŒrrŽ)r”rrrÚtest_protocol_sslv2 s        z!ThreadedTests.test_protocol_sslv2c CsŽtjrtj d¡ttdƒrnyttjtj dƒWn<t k rl}ztjr\tj dt |ƒ¡Wdd}~XYnXttdƒrˆttjtj dƒttjtjdƒttjtj dƒttdƒrÆttjtj dtjƒttjtjdtjƒttjtj dtjƒttdƒrttjtj dtjƒttjtjdtjƒttjtj dtjƒttdƒrXttjtj dtjd ttjtjdtjtjBd ttjtj dtjd dS) z:Connecting to an SSLv23 server with various client optionsr¼r]Tz; SSL2 client to SSL23 server test unexpectedly failed: %s NrÏFr )r®)rr3r1r4r5rirr±r“r]rürœrÏrrˆr‰rrŒrŽ)r”r`rrrÚtest_PROTOCOL_TLS* s:          zThreadedTests.test_PROTOCOL_TLSrÏz)OpenSSL is compiled without SSLv3 supportcCsªtjrtj d¡ttjtjdƒttjtjdtjƒttjtjdtj ƒt tdƒrdttjtj dƒttjtj dtj dttjtjdƒtƒr¦ttjtj dtjddS)z9Connecting to an SSLv3 server with various client optionsr¼rr]F)r¯N)rr3r1r4r5r±rrÏrˆr‰rir]r“rrr@rŒ)r”rrrÚtest_protocol_sslv3R s     z!ThreadedTests.test_protocol_sslv3cCs˜tjrtj d¡ttjtjdƒttjtjdtjƒttjtjdtj ƒt tdƒrdttjtj dƒt tdƒr~ttjtj dƒttjtj dtjddS)z8Connecting to a TLSv1 server with various client optionsr¼r r]FrÏ)r¯N)rr3r1r4r5r±rrrˆr‰rir]rÏr“rŽ)r”rrrÚtest_protocol_tlsv1f s    z!ThreadedTests.test_protocol_tlsv1r zTLS version 1.1 not supported.cCs tjrtj d¡ttjtjdƒttdƒr> (%d) received; expected <<%r>> (%d) Nrœsover z client: closing connection. z client: connection closed. )rr3r1r4r5rˆr¿r|r˜rr~r¶rtr®r§r±)r”r¦r}ršr©rrrÚtest_asyncore_serverô s2       z"ThreadedTests.test_asyncore_serverc sÆtjrtj d¡tttjtj tddd}|Œt t   ¡dtttjtj d‰ˆ  t|jf¡‡fdd„}‡fdd „}d ˆjdgtfd ˆjdd gtfd ˆjdgdd„fg}dˆjdgfdˆjdd gfd|dgfd|dgfg}d}xþ|D]ö\}}} } } || d¡} yx|| f| žŽ} d |¡}|j| | | ƒ|dˆ ¡}||  ¡krx| dj||dd…t|ƒ| dd…t| ƒd¡Wqætk rÚ}z@| r¦| dj|d¡t|ƒ |¡sÊ| dj||d¡Wdd}~XYqæXqæWxä|D]Ü\}}} } || d¡} yVˆ | ¡|| Ž}||  ¡krT| d j||dd…t|ƒ| dd…t| ƒd¡Wnhtk r¾}zH| r‚| d!j|d¡t|ƒ |¡s¦| dj||d¡ˆ ¡Wdd}~XYnXqæWd"}ˆ |¡tt|ƒƒ}| ˆ d#|¡t|ƒ¡| ||¡t dk r@t j!t|ƒ}| "|¡}ˆ |¡| ˆ ¡|¡| #t$ˆj%¡| #t$ˆj&d"g¡| #t$ˆj'd$¡| #t$ˆj(td$ƒg¡ˆ d%¡| #tˆjd#¡| #tˆjd#¡ˆ )¡WdQRXdS)&z Test recv(), send() and friends.r¼TF)rrzr‚rqrw)r rprnrmrzcstdƒ}ˆ |¡}|d|…S)Nsd)r©rþ)Úbr;)ršrrÚ _recv_into% s z0ThreadedTests.test_recv_send.._recv_intocs"tdƒ}ˆ |¡\}}|d|…S)Nsd)r©r)rár;rc)ršrrÚ_recvfrom_into* sz4ThreadedTests.test_recv_send.._recvfrom_intorrz some.addressrGcSsdS)Nr)r`rrrÚ3 rÑz.ThreadedTests.test_recv_send..rýrÿrþrZPREFIX_r zsending with {})ryzpWhile sending with <<{name:s}>> bad data <<{outdata:r}>> ({nout:d}) received; expected <<{indata:r}>> ({nin:d}) Nrœ)rr©Znoutr¦Zninz>Failed to send with method <<{name:s}>>; expected to succeed. )rzFMethod <<{name:s}>> failed with unexpected exception message: {exp:s} )rÚexpzrWhile receiving with <<{name:s}>> bad data <<{outdata:r}>> ({nout:d}) received; expected <<{indata:r}>> ({nin:d}) zAFailed to receive with method <<{name:s}>>; expected to succeed. sdatarWrûsover )*rr3r1r4r5r%r¿rrrrEr|r˜rrrr~rr§rrGrýrÿr&rêr’r¶rtr®rGrœrÙr©ÚctypesZc_ubyteZfrom_buffer_copyr¨rrrrrr±)r”r}rârãZ send_methodsZ recv_methodsZ data_prefixZ meth_nameZ send_methr­reZ ret_val_methr¦rKryr©r Z recv_methr«ÚbufferZubyteZ bytesliker)ršrÚtest_recv_send s²         "            zThreadedTests.test_recv_sendcCsÆttƒ}| ¡| |jdd¡t t|jf¡}| |j ¡t |dd}| |j ¡|  d¡|  |  d¡d¡|  | d¡d¡|  | ¡d¡| d¡|  |  d¡d¡|  | tƒ¡d¡dS)NF)Zsuppress_ragged_eofssdatarrÑ)r%r¿r'r´r(r˜Úcreate_connectionrr~r±r|rr’rýr¶r rþr©)r”r}ršrrrÚtest_recv_zeroš s     zThreadedTests.test_recv_zeroc sžtttjtjtddd}|xtt ¡dtttjtjd‰ˆ t |j f¡ˆ  d¡t dƒ‰‡‡fdd„}|  tjtjf|¡ˆ  d¡ˆ ¡WdQRXdS)NTF)rrzr‚rqrw)r rprnrmrzi csxˆ ˆ¡qWdS)N)rr)rLršrrÚ fill_buffer sz8ThreadedTests.test_nonblocking_send..fill_buffer)r%r¿rrrrEr|r˜rrrr~r r©r¨r/rr±)r”r}rër)rLršrÚtest_nonblocking_send® s*    z#ThreadedTests.test_nonblocking_sendcsþt tj¡‰d}t ˆ¡}t ¡‰d‰‡‡‡fdd„}tj|d}| ¡ˆ ¡zz:t tj¡}|  d¡|  ||f¡|  tj dt |¡Wd| ¡Xz:t tj¡}t |ƒ}|  d¡|  tj d|j ||f¡Wd| ¡XWdd‰| ¡ˆ ¡XdS) Nz 127.0.0.1Fcsjˆ ¡ˆ ¡g}x:ˆsNt ˆgggd¡\}}}ˆ|kr| ˆ ¡d¡qWx|D] }| ¡qVWdS)Ngš™™™™™¹?r)r.rIr.rjrÞr±)ZconnsrÕÚwr ry)Úfinishr}ÚstartedrrÚserveÔ s z3ThreadedTests.test_handshake_timeout..serve)rÌgš™™™™™É?z timed outT)r˜ròrrwrer„rfrƒr…r rr–r r|r±r)r”r$r~rðrír1r)rîr}rïrÚtest_handshake_timeoutÌ s6           z$ThreadedTests.test_handshake_timeoutcst tj¡}tj|_| t¡| t¡t   t j ¡‰d}t   ˆ¡}|j ˆdd‰| ˆj¡t ¡‰d‰d‰‡‡‡‡fdd„}tj|d}| ¡ˆ ¡|  t   ¡¡}| ||f¡| d¡| ¡| ¡}| ¡| ¡ˆ ¡ˆ ¡| ˆtj¡| ˆ|¡dS)Nz 127.0.0.1T)r cs0ˆ ¡ˆ ¡ˆ ¡\‰‰ˆ ˆ d¡¡dS)NrR)r.rIrÞrrýr)ÚevtÚpeerÚremoter}rrrð s z/ThreadedTests.test_server_accept..serve)rÌsdata)rrDr“r‰rtrur‚rvr}r˜ròrrwrxrér rer„rfrƒr…rrrýr/r±rrâr™r’)r”r{r$r~rðrír"Z client_addrr)ròrórôr}rÚtest_server_acceptý s6        z ThreadedTests.test_server_acceptc CsZt tj¡}| t ¡¡6}| t¡}| ¡WdQRX| |j j t j ¡WdQRXdS)N) rrDr“rxr˜r¨rür*r’rrÚENOTCONN)r”r{ryrrrrÚtest_getpeercert_enotconn&s   z'ThreadedTests.test_getpeercert_enotconnc CsZt tj¡}| t ¡¡6}| t¡}| ¡WdQRX| |j j t j ¡WdQRXdS)N) rrDr“rxr˜r¨rürr’rrrö)r”r{ryrrrrÚtest_do_handshake_enotconn-s   z(ThreadedTests.test_do_handshake_enotconnc Cs tƒ\}}}|jtjO_| d¡| d¡t|dJ}|jt ¡|d,}| t ¡|  t |j f¡WdQRXWdQRXWdQRX|  d|jd¡dS)NZAES128ÚAES256)r{)r*zno shared cipherr)r†rrrrwr%rxr˜r¨rürrr~rŠrp)r”r„r…rƒr}ršrrrÚtest_no_shared_ciphers4s       .z$ThreadedTests.test_no_shared_ciphersc Csèt tj¡}d|_tj|_tttjdd´}|  t   ¡¡|}|  |  ¡d¡|  |j d¡| t|jf¡tr†tjr†| |  ¡d¡n,tjdkr¢| |  ¡d¡n| |  ¡d¡WdQRX|  |j d¡|  |  ¡d¡WdQRXdS)zt Basic tests for SSLSocket.version(). More tests are done in the test_protocol_*() methods. F)rzrqNzTLSv1.3)rrrTzTLSv1.2)r zTLSv1.2)rrDrrsrrrtr%r¿rErxr˜rr$rBrrr~ÚIS_OPENSSL_1_1_1Ú HAS_TLSv1_3r’r?rŠ)r”r{r}ršrrrÚtest_version_basicBs"    z ThreadedTests.test_version_basicz%test requires TLSv1.3 enabled OpenSSLc Cs t tj¡}| t¡|jtjtjBtjBO_t |dZ}|  t   ¡¡@}|  t |jf¡| | ¡ddddh¡| | ¡d¡WdQRXWdQRXdS)N)r{rZTLS_AES_256_GCM_SHA384ZTLS_CHACHA20_POLY1305_SHA256ZTLS_AES_128_GCM_SHA256zTLSv1.3)rrDr“rvr¿rrŽrr‘r%rxr˜rrr~rŠrOr’r$)r”r{r}ršrrrÚ test_tls1_3Zs   zThreadedTests.test_tls1_3r¤zrequired OpenSSL 1.1.0gc CsŠtƒ\}}}tjj|_tjj|_tjj|_tjj|_t|dD}|jt   ¡|d&}|  t |j f¡|  | ¡d¡WdQRXWdQRXtjj|_tjj|_t|dD}|jt   ¡|d&}|  t |j f¡|  | ¡d¡WdQRXWdQRXtjj|_tjj|_tjj|_tjj|_t|d^}|jt   ¡|d@}| tj¡}|  t |j f¡WdQRX| dt|jƒ¡WdQRXWdQRXdS)N)r{)r*zTLSv1.2zTLSv1.1Úalert)r†rr¥r r¤r¦r§r%rxr˜rrr~r’r$r r¨r`rŠrœr)r”r„r…rƒr}ršr rrrr©ls6        $     $       z"ThreadedTests.test_min_max_versionzrequires SSLv3 supportc Cs‚tƒ\}}}tjj|_tjj|_tjj|_t|dD}|jt ¡|d&}|  t |j f¡|  |  ¡d¡WdQRXWdQRXdS)N)r{)r*r)r†rr¥rr¤r§r%rxr˜rrr~r’r$)r”r„r…rƒr}ršrrrÚtest_min_max_version_sslv3”s       z(ThreadedTests.test_min_max_version_sslv3z"test requires ECDH-enabled OpenSSLc Cs’t tj¡}| t¡|jtjO_tjdkr:| d¡t |dD}|  t   ¡¡*}|  t |jf¡| d| ¡d¡WdQRXWdQRXdS)N)rrrz ECCdraft:ECDH)r{ZECDHr)rrDr“rvr¿rrr?rwr%rxr˜rrr~rŠrO)r”r{r}ršrrrÚtest_default_ecdh_curve¢s     z%ThreadedTests.test_default_ecdh_curvez tls-uniquez*'tls-unique' channel binding not availablec Csºtjrtj d¡tƒ\}}}t|ddd}|~|jt ¡|dœ}|  t |j f¡|  d¡}tjrztj d  |¡¡| |¡| ¡dkr¢| t|ƒd ¡n| t|ƒd ¡| d ¡| ¡ ¡}| |t|ƒ d ¡¡Wd QRX|jt ¡|d¬}|  t |j f¡|  d¡}tjr0tj d  |¡¡| ||¡| |¡| ¡dkrf| t|ƒd ¡n| t|ƒd ¡| d ¡| ¡ ¡}| |t|ƒ d ¡¡Wd QRXWd QRXd S)z Test tls-unique channel binding.r¼TF)r{rqrw)r*z tls-uniquez! got channel binding data: {0!r} zTLSv1.3é0é sCB tls-unique zus-asciiNz(got another channel binding data: {0!r} )rr3r1r4r5r†r%rxr˜rrr~r0rêrPr$r’r§r¶rvr5r&r·) r”r„r…rƒr}ršZcb_dataZpeer_data_reprZ new_cb_datarrrr4¶sR               z-ThreadedTests.test_tls_unique_channel_bindingcCsTtƒ\}}}t||dd|d}tjr:tj d |d¡¡| |ddddh¡dS)NT)rqrwr§z got compression: {!r} rZZLIBZRLE) r†rªrr3r1r4r5rêrŠ)r”r„r…rƒrørrrÚtest_compressionòs zThreadedTests.test_compressionr)z*ssl.OP_NO_COMPRESSION needed for this testcCsRtƒ\}}}|jtjO_|jtjO_t||dd|d}| |dd¡dS)NT)rqrwr§r)r†rrr)rªr)r”r„r…rƒrørrrÚtest_compression_disabledûs z'ThreadedTests.test_compression_disabledcCs–tƒ\}}}|jtjO_| t¡| d¡|jtjO_t||dd|d}|dd}| d¡}d|kr’d|kr’d |kr’|  d |d¡dS) NZkEDHT)rqrwr§rOrr»ZADHZEDHZDHEzNon-DH cipher: ) r†rrrrØrÙrwrªrÀr®)r”r„r…rƒrørOÚpartsrrrÚtest_dh_paramss     zThreadedTests.test_dh_paramszneeds secp384r1 curve supportz TODO: Test doesn't work on 1.1.1cCstƒ\}}}| d¡| d¡|jtjtjBO_t||dd|d}tƒ\}}}| d¡| d¡|jtjtjBO_t||dd|d}tƒ\}}}| d¡| d¡| d¡|jtjtjBO_yt||dd|d}Wntjk rüYnXt r|  d¡dS)NrBzECDHE:!eNULL:!aNULLT)rqrwr§räzmismatch curve did not fail) r†rFrwrrrŽrrªr`ÚIS_OPENSSL_1_1_0r®)r”r„r…rƒrørrrÚtest_ecdh_curves6           zThreadedTests.test_ecdh_curvecCs2tƒ\}}}t||dd|d}| |dd¡dS)NT)rqrwr§rŸ)r†rªr)r”r„r…rƒrørrrÚtest_selected_alpn_protocol=s  z)ThreadedTests.test_selected_alpn_protocolzALPN support requiredcCs@tƒ\}}}| ddg¡t||dd|d}| |dd¡dS)Nr¤ÚbarT)rqrwr§rŸ)r†r~rªr)r”r„r…rƒrørrrÚ/test_selected_alpn_protocol_if_server_uses_alpnEs  z=ThreadedTests.test_selected_alpn_protocol_if_server_uses_alpnz!ALPN support needed for this testc Cs>dddg}ddgdfddgdfdgdfddgdfg}x|D]ú\}}tƒ\}}}| |¡| |¡yt||dd|d}Wn(tjk r¢} z| }Wdd} ~ XYnX|dkrÊtrÊtjdkrÊ| |tj¡q.servername_cbTÚ supermessage)rqr§r(Znotfunny)rrsrèrªr’rr~)r”r…r„rrør)rrrré¦s.     zThreadedTests.test_sni_callbackc Cs\| ¡\}}}dd„}| |¡| tj¡}t||ddd}WdQRX| |jjd¡dS)NcSstjS)N)rZALERT_DESCRIPTION_ACCESS_DENIED)rÊrrrrrÚcb_returning_alertÔszAThreadedTests.test_sni_callback_alert..cb_returning_alertFr)rqr§ZTLSV1_ALERT_ACCESS_DENIED) rrèr¨rr`rªr’rr )r”r…rr„r rrørrrÚtest_sni_callback_alertÏs z%ThreadedTests.test_sni_callback_alertc Cs€| ¡\}}}dd„}| |¡| tj¡*}t ¡}t||ddd}WdQRXWdQRX| |j j d¡|  d|  ¡¡dS)NcSs dddS)Nrrr)rÊrrrrrÚ cb_raisingâsz;ThreadedTests.test_sni_callback_raising..cb_raisingFr)rqr§ZSSLV3_ALERT_HANDSHAKE_FAILUREÚZeroDivisionError) rrèr¨rr`rÚcaptured_stderrrªr’rr rŠÚgetvalue)r”r…rr„r"rÚstderrrørrrÚtest_sni_callback_raisingÝs  z'ThreadedTests.test_sni_callback_raisingc Cs€| ¡\}}}dd„}| |¡| tj¡*}t ¡}t||ddd}WdQRXWdQRX| |j j d¡|  d|  ¡¡dS)NcSsdS)Nr¤r)rÊrrrrrÚcb_wrong_return_typeôszOThreadedTests.test_sni_callback_wrong_return_type..cb_wrong_return_typeFr)rqr§ZTLSV1_ALERT_INTERNAL_ERRORr—) rrèr¨rr`rr$rªr’rr rŠr%)r”r…rr„r(rr&rørrrÚ#test_sni_callback_wrong_return_typeîs  z1ThreadedTests.test_sni_callback_wrong_return_typec sŽtƒ\}}}| d¡| d¡ddddg}t|||d}|dd}| t|ƒd¡x2|D]*\‰}}t‡fd d „|Dƒƒs\| ˆ¡q\WdS) Nz AES128:AES256rùzAES-256Z TLS_CHACHA20ZTLS_AES)r§r¤rc3s|]}|ˆkVqdS)Nr)r—Zalg)rrrr™sz4ThreadedTests.test_shared_ciphers..)r†rwrªÚ assertGreaterr§Úanyr®) r”r„r…rƒZ expected_algsrøroZ tls_versionÚbitsr)rrÚtest_shared_cipherss    z!ThreadedTests.test_shared_ciphersc Csvtƒ\}}}t|dd}|P|jt ¡|d}| t|jf¡| ¡| t |j d¡| t |j d¡WdQRXdS)NF)r{rq)r*ishello) r†r%rxr˜rrr~r±r¨rGr¶r5)r”r„r…rƒr}ršrrrÚ,test_read_write_after_close_raises_valuerrors   z:ThreadedTests.test_read_write_after_close_raises_valuerrorc CsÜd}ttjdƒ}| |¡WdQRX| tjtj¡t tj¡}tj |_ |  t ¡|  t¡t|dd}|d| t ¡¡J}| t|jf¡ttjdƒ"}| |¡| | d¡|¡WdQRXWdQRXWdQRXdS)NsxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxÚwbF)r{rqrÙi)rÖrÚTESTFNr5r´ÚunlinkrrDr“r‰rtrur‚rvr}r%rxr˜rrr~Úsendfiler’rý)r”Z TEST_DATArhr{r}ršÚfilerrrÚ test_sendfiles     zThreadedTests.test_sendfilec Cs@tƒ\}}}|jtjO_t|||d}|d}| |j¡| |jd¡| |j d¡| |j ¡tj dkr~| |j d¡|  |d¡| ¡}| |dd¡| |dd¡t||||d }| ¡}| |dd ¡| |dd¡| |d¡|d}| |j|j¡| ||¡| ||¡| |j|j¡| |j |j ¡t|||d}|  |d¡|d}| |j|j¡| ||¡| ¡}| |dd ¡| |dd¡t||||d }| |d¡|d} | | j|j¡| | |¡| | j|j¡| | j |j ¡| ¡}| |dd ¡| |dd ¡dS) N)r§r›r)rrrr¡rÞrrß)r›r§rTrrR)r†rrrrªréÚidr*rJr Z has_ticketr?Zticket_lifetime_hintr rár’Ú assertIsNotrår·) r”r„r…rƒrør›Z sess_statZsession2Zsession3Zsession4rrrÚ test_session0s^          zThreadedTests.test_sessionc Csütƒ\}}}tƒ\}}}|jtjO_|jtjO_t|dd}|¨|jt ¡|dp}| |jd¡| |j d¡|  t |j f¡|j}|  |¡| t¡ } t|_WdQRX| t| jƒd¡WdQRX|jt ¡|dD}|  t |j f¡| t¡ } ||_WdQRX| t| jƒd¡WdQRX|jt ¡|dJ}||_|  t |j f¡| |jj|j¡| |j|¡| |j d¡WdQRX|jt ¡|dD}| t¡} ||_|  t |j f¡WdQRX| t| jƒd¡WdQRXWdQRXdS)NF)r{rq)r*zValue is not a SSLSession.z#Cannot set session after handshake.Tz)Session refers to a different SSLContext.)r†rrrr%rxr˜r’r›r¡rrr~rér¨r—rÕrœrrGr5) r”r„r…rƒZclient_context2rºr}ršr›r rrrÚtest_session_handlingjsJ                 z#ThreadedTests.test_session_handlingN)Jr‚rƒr„rlrµr¸rcr…rArºrþrÁrÂrÄrÅrrürÆrÍrÎrirÐrÑrÒrÓrÔrÖrØrßràrèrêrìrñrõr÷rørúrýrþrDr©Z HAS_SSLv3rrCrrˆr4rrrÚHAVE_SECP_CURVESrrûr r ZHAS_ALPNr rrZHAS_NPNrrrrrér!r'r)r-r.r4r7r8rrrrr²† sŽ 0$)!8%)  (    9 1)'  ;   & (  )    :r²zTest needs TLS 1.3c@sLeZdZdd„Zdd„Zdd„Zdd„Zd d „Zd d „Zd d„Z dd„Z dS)ÚTestPostHandshakeAuthcCsÄtjtjtjg}x®|D]¦}t |¡}| |jd¡d|_| |jd¡tj|_| |jtj¡| |jd¡d|_| |jtj¡| |jd¡tj |_d|_| |jtj ¡| |jd¡qWdS)NFT) rr“rErrDr’Úpost_handshake_authr‰rtrˆ)r”Z protocolsržrHrrrÚtest_pha_setterŸs   z%TestPostHandshakeAuth.test_pha_setterc Cstƒ\}}}d|_tj|_d|_| t¡t|dd}|Ê|jt   ¡|d¬}|  t |j f¡|  d¡| | d¡d¡|  d¡| | d¡d ¡|  d¡| | d¡d ¡|  d¡| | d¡d ¡|  d ¡| d ¡ d ¡}| d|¡WdQRXWdQRXdS)NTF)r{rq)r*sHASCERTisFALSE sPHAsOK sTRUE sGETCERTizus-asciizPython Software Foundation CA)r†r;rr‰rtrvr}r%rxr˜rrr~r5r’rýr'rŠ)r”r„r…rƒr}ršZ cert_textrrrÚtest_pha_required·s*          z'TestPostHandshakeAuth.test_pha_requiredc Cs¸tƒ\}}}d|_tj|_d|_t|dd}|~|jt ¡|d`}| t |j f¡|  d¡|  |  d¡d¡|  d¡| tjd ¡|  d¡WdQRXWdQRXWdQRXdS) NTF)r{rq)r*sPHAisOK sHASCERTz!tlsv13 alert certificate required)r†r;rr‰rtr%rxr˜rrr~r5r’rýr–r`)r”r„r…rƒr}ršrrrÚtest_pha_required_nocertÐs       z.TestPostHandshakeAuth.test_pha_required_nocertc Csætjrtj d¡tƒ\}}}d|_tj|_ d|_|  t ¡tj |_ t |dd}|ˆ|jt ¡|dj}| t|jf¡| d¡| | d¡d¡| d ¡| | d¡d ¡| d¡| | d¡d ¡WdQRXWdQRXdS) Nr¼TF)r{rq)r*sHASCERTisFALSE sPHAsOK sTRUE )rr3r1r4r5r†r;rr‰rtrvr}rˆr%rxr˜rrr~r’rý)r”r„r…rƒr}ršrrrÚtest_pha_optionalæs&         z'TestPostHandshakeAuth.test_pha_optionalc CsÔtjrtj d¡tƒ\}}}d|_tj|_ d|_t |dd}|ˆ|j t   ¡|dj}|  t|jf¡| d¡| | d¡d¡| d ¡| | d¡d ¡| d¡| | d¡d¡WdQRXWdQRXdS) Nr¼TF)r{rq)r*sHASCERTisFALSE sPHAsOK )rr3r1r4r5r†r;rrˆrtr%rxr˜rrr~r’rý)r”r„r…rƒr}ršrrrÚtest_pha_optional_nocertþs"        z.TestPostHandshakeAuth.test_pha_optional_nocertc Cs°tƒ\}}}d|_tj|_| t¡t|dd}|r|jt   ¡|dT}|  t |j f¡|  tjd¡| ¡WdQRX| d¡| d| d¡¡WdQRXWdQRXdS) NTF)r{rq)r*z not serversPHAsextension not receivedi)r†r;rr‰rtrvr}r%rxr˜rrr~r–r`rxr5rŠrý)r”r„r…rƒr}ršrrrÚtest_pha_no_pha_clients      z,TestPostHandshakeAuth.test_pha_no_pha_clientc CsÆtƒ\}}}tj|_d|_| t¡t|dd}|ˆ|jt   ¡|dj}|  t |j f¡|  d¡| | d¡d¡|  d¡| | d¡d ¡|  d¡| | d¡d¡WdQRXWdQRXdS) NTF)r{rq)r*sHASCERTisTRUE sPHAsOK )r†rr‰rtr;rvr}r%rxr˜rrr~r5r’rý)r”r„r…rƒr}ršrrrÚtest_pha_no_pha_server$s        z,TestPostHandshakeAuth.test_pha_no_pha_serverc Cs˜tƒ\}}}tj|_tjj|_d|_| t ¡t |dd}|P|j t   ¡|d2}|  t|jf¡| d¡| d| d¡¡WdQRXWdQRXdS)NTF)r{rq)r*sPHAsWRONG_SSL_VERSIONi)r†rr‰rtr¥r¦r§r;rvr}r%rxr˜rrr~r5rŠrý)r”r„r…rƒr}ršrrrÚtest_pha_not_tls138s       z(TestPostHandshakeAuth.test_pha_not_tls13N) r‚rƒr„r<r=r>r?r@rArBrCrrrrr:sr:c Cs~tjrèddl}tjtjtjdœ}| ¡V| ddt ¡x@|  ¡D](\}}|ƒ}|rB|drBd||f}PqBWt t ¡ƒ}WdQRXt dt jt jfƒt d|ƒt dt jƒt d t jƒyt d t jƒWntk ræYnXxBttttttttttttg D]"}t j! "|¡st #d |¡‚qWt$t%t&t't(t)t*t+g}t ,d ¡rV| -t.¡t /¡}ztj0|ŽWdtj1|ŽXdS) Nr)ÚLinuxZMacÚWindowsÚignorez?dist\(\) and linux_distribution\(\) functions are deprecated .*z%s %rztest_ssl: testing with %r %rz under %sz HAS_SNI = %rz OP_ALL = 0x%8xz OP_NO_TLSv1_1 = 0x%8xzCan't read certificate file %rÚnetwork)2rr3ÚwarningsrarbÚmac_verÚ win32_verÚcatch_warningsÚfilterwarningsÚDeprecationWarningÚitemsr5Úprintrrár?r‹rœrr¢r¿rÉrÂrÃrÄrÅr}rr‚rÀÚBADKEYrÁr r ÚexistsÚ TestFailedrŠr‡rrr r$r²r:Úis_resource_enabledrjrWÚthreading_setupÚ run_unittestÚthreading_cleanup) r3rHZplatsrrgZplatÚfilenameÚtestsÚ thread_inforrrÚ test_mainJsR       rZÚ__main__)N)ršTFNN)Nrr)F){r1rcr_rr˜r.rJrUrër rrÃÚurllib.requestrÚrer/r‰rórarjÚ sysconfigræÚ ImportErrorÚ import_modulerÚsortedr´rŒrrárÙrèr?rrûÚget_config_varrr«rŸÚverr«r¥r¢rr¿ÚfsencoderÉrÂrÃrÄrÅrÆrÇr´r>rÊrÓr×rÀr¹r}r~rÁrr€r¿r¾r‚rÓrÃrYrÁrÀrrPrÂrÐrÈrÙrÚr)r*r+r,r-r7r=r@rArIr9rPr\rlr…r‹rr“rrr|r†ÚTestCaser‡rŠrrr r$rWr=r?Ztest.ssl_serversrarfr%rˆrªr±r²rür:rZr‚rrrrÚs:                         }8?0B  v 1 F# - 7