asda?‰PNG  IHDR ? f ??C1 sRGB ??é gAMA ±? üa pHYs ? ??o¨d GIDATx^íüL”÷e÷Y?a?("Bh?_ò???¢§?q5k?*:t0A-o??¥]VkJ¢M??f?±8\k2íll£1]q?ù???T a bYh_ @sddlZddlZddlZddlmZddlmZmZddlZddl Z ddl Z ddl Z ddl Z ddl Z ddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZz ddlZWneydZYn0edZ ddl m!Z!m"Z"m#Z#e$edZ%e%o&ejdkZ&e'e j(Z)ej*Z*e j+,dZ-e- oTe j.d kZ/e- ofe j.d kZ0e- oxe j.d kZ1e2d Z3iZ4d D]H\Z5Z6ze7e e5Z5e7e j!e6Z6Wne8yYqYn0e6e4e5<qddZ9e9dZ:e;e:Ze;e=Z?e;e>Z@e9dZAe9dZBdZCe9dZDe;eDZEe9ddZFe9ddZGddddddddZHe9d ZIe9d!ZJd"ZKd#d$d%d&d'd(d)dddd* ZLe9d+ZMd,ZNe9d-ZOd.ZPe9dd/ZQe9d0ZRe9d1ZSe9d2ZTd"ZUd3ZVe9d4ZWe9d5ZXe9d6ZYe9d7ZZe9d8Z[e9d9Z\e9d:Z]e9d;Z^e;e^Z_e7e ddZbe7e d?dZce7e d@dZde7e dAdZedBdCZfefr~dDdEZgndFdEZgdGdHZhejidIdJZjdKdLZkele$e jmdMdNZndOdPZodQdRZpdSdTZqdUdVZrdWdXZsesZtdYdZZud[d\Zvele jwd]Zxe jyfe jzddddd^d_d`Z{eJfdadbZ|Gdcddddej}Z~Gdedfdfej}ZGdgdhdhej}ZGdidjdjej}ZGdkdldlej}ZGdmdndnej}ZedoGdpdqdqej}ZddrdsZdtduZddvlmZGdwdxdxejZGdydzdzejZdd~dZdddZGdddej}ZelejddGdddej}Ze$e jmdZeledZGdddej}ZddZGdddej}ZddZedkredS)N)support) socket_helperwarnings_helperssl) TLSVersion_TLSContentType_TLSMessageTypegettotalrefcountwin32ZLibreSSL)r r)r r r )rrPY_SSL_DEFAULT_CIPHERS))PROTOCOL_SSLv23SSLv3)PROTOCOL_TLSv1TLSv1)PROTOCOL_TLSv1_1TLSv1_1cGstjjtjtg|RSN)ospathjoindirname__file__namer)/usr/local/lib/python3.9/test/test_ssl.py data_file<srz keycert.pemz ssl_cert.pemz ssl_key.pemzkeycert.passwd.pemzssl_key.passwd.pemZsomepasscapathz 4e1295a3.0z 5ed36f99.0)) countryNameZXY) localityNamezCastle Anthrax)organizationNamezPython Software Foundation)) commonName localhostzAug 26 14:23:15 2028 GMTzAug 29 14:23:15 2018 GMTZ98A7CF88C74A32ED))DNSr'r issuernotAfter notBefore serialNumbersubjectsubjectAltNameversionzrevocation.crlz keycert3.pemr')z)http://testca.pythontest.net/testca/ocsp/)z0http://testca.pythontest.net/testca/pycacert.cer)z2http://testca.pythontest.net/testca/revocation.crl)r ))r%Python Software Foundation CA))r&z our-ca-serverzOct 28 14:23:16 2037 GMTzAug 29 14:23:16 2018 GMTZCB2D80995A69525C) OCSP caIssuerscrlDistributionPointsr*r+r,r-r.r/r0z keycert4.pem fakehostnamezkeycertecc.pemz localhost-eccz ceff1710.0z allsans.pemz idnsans.pemz nosan.pemzself-signed.pythontest.net nullcert.pem badcert.pemzXXXnonexisting.pem badkey.pemz nokia.pemznullbytecert.pemztalos-2019-0758.pemz ffdh3072.pemOP_NO_COMPRESSIONOP_SINGLE_DH_USEOP_SINGLE_ECDH_USEOP_CIPHER_SERVER_PREFERENCEOP_ENABLE_MIDDLEBOX_COMPATOP_IGNORE_UNEXPECTED_EOFcCsXz>tddd}d|vWdWS1s20YWntyRYdS0dS)Nz/etc/os-releasezutf-8)encodingZubuntuF)openreadFileNotFoundError)frrr is_ubuntus 0 rDcGs0|D]&}t|dr|jtjjkr|dqdS)z@"Lower security level to '1' and allow all ciphers for TLS 1.0/1minimum_versionz@SECLEVEL=1:ALLN)hasattrrErrr set_ciphers)ctxsctxrrrseclevel_workarounds  rJcGsdSrr)rHrrrrJscCsTt|tr"tt|d}|dur"dS|tjtjtjhvr:dS|j}t|t ddS)zCheck if a TLS protocol is available and enabled :param protocol: enum ssl._SSLMethod member or name :return: bool NFTZ PROTOCOL_) isinstancestrgetattrr PROTOCOL_TLSPROTOCOL_TLS_SERVERPROTOCOL_TLS_CLIENTrhas_tls_versionlen)protocolrrrrhas_tls_protocols  rTcCs|dkr dSt|tr"tjj|}ttd|js8dStrL|tjjkrLdSt }t |drz|j tjj krz||j krzdSt |dr|j tjjkr||j krdSdS)z{Check if a TLS/SSL version is enabled :param version: TLS version name or ssl.TLSVersion member :return: bool SSLv2FZHAS_rEmaximum_versionT)rKrLrr __members__rMrIS_OPENSSL_3_0_0TLSv1_2 SSLContextrFrEMINIMUM_SUPPORTEDrVMAXIMUM_SUPPORTED)r0rIrrrrQs0    rQcsfdd}|S)zDecorator to skip tests when a required TLS version is not available :param version: TLS version name or ssl.TLSVersion member :return: cstfdd}|S)Ncs,tstdn|i|SdS)Nz is not available.)rQunittestZSkipTest)argskw)funcr0rrwrappersz8requires_tls_version..decorator..wrapper) functoolswraps)r`rar0)r`r decoratorsz'requires_tls_version..decoratorr)r0rerrdrrequires_tls_versions rfrEzrequired OpenSSL >= 1.1.0gcCs.dtjt}tjr*tj||dS)N ) r tracebackformat_exceptionsysexc_inforverbosestdoutwrite)prefixZ exc_formatrrr handle_error srpcCs tjdkS)N)r  )r_OPENSSL_API_VERSIONrrrrcan_clear_optionssrvcCs tjdkS)N)rrqrrrtrOPENSSL_VERSION_INFOrrrrno_sslv2_implies_sslv3_hellosrzcCs tjdkS)N)rrqrrrrtrxrrrrhave_verify_flagssr{cCsBtjs dSttj}z|dWnty8YdS0dSdS)NF secp384r1T)rHAS_ECDHrZrOset_ecdh_curve ValueError)rIrrr_have_secp_curvess  rcCs$tjrtjdkrtj Stj SNr)timedaylight localtimetm_isdstaltzonetimezonerrrr utc_offset+srcCs^tjdkrZd}tj||}|jdd}||}|ddkrZ|ddd|dd}|S) N)rrqrrrqrtz%b %d %H:%M:%S %Y GMTr)second0rg)rrudatetimestrptimereplacestrftime) cert_timefmtZdtrrrasn1time1s    rz SNI support needed for this test) cert_reqsca_certscipherscertfilekeyfilec Kszt|}|dur(|tjkr"d|_||_|dur:|||dusJ|durV||||durh|||j|fi|SNF) rrZ CERT_NONEcheck_hostname verify_modeload_verify_locationsload_cert_chainrG wrap_socket) sock ssl_versionrrrrrkwargscontextrrrtest_wrap_socketBs     rcCsr|tkrt}n$|tkrt}n|tkr*t}nt|ttj }| t ttj }| || t |||fS)zUCreate context client_context, server_context, hostname = testing_context() )SIGNED_CERTFILESIGNED_CERTFILE_HOSTNAMESIGNED_CERTFILE2SIGNED_CERTFILE2_HOSTNAME NOSANFILENOSAN_HOSTNAMErrrZrPr SIGNING_CArOr)Z server_certhostnameclient_contextserver_contextrrrtesting_contextTs     rc@seZdZddZddZddZddZee j d kd d d Z d Z ddZ ddZddZddZddZddZejddZddZddZd d!Zd"d#Zd$d%Zd&d'Zd(d)Zd*d+Zd,d-Zd.d/Zed0e j!vd1d2d3Z"d4d5Z#d6d7Z$ee%j&d8kd9d:d;Z'ee%j&d8kd9dd?Z)d@dAZ*dBdCZ+dDdEZ,dFdGZ-ee.dHdIdJZ/dKdLZ0e1dMdNdOdPZ2dQdRZ3d S)SBasicSocketTestscCstjtjtjtjtjtjr*tjtjdkr:tj | tj ddh| tjddhtj tj tjtjtjdkrtjtj|tjtjdS)N)r rTFr rr )rr CERT_OPTIONAL CERT_REQUIREDr<r:r}r;ryr9assertInHAS_SNI OP_NO_SSLv2 OP_NO_SSLv3 OP_NO_TLSv1 OP_NO_TLSv1_3 OP_NO_TLSv1_1 OP_NO_TLSv1_2 assertEqualrNrselfrrrtest_constantsns&  zBasicSocketTests.test_constantsc Csb|tdBt}t|Wdn1s60YWdn1sT0YdSNzpublic constructor)assertRaisesRegex TypeErrorsocketr SSLSocketrsrrrtest_private_inits z"BasicSocketTests.test_private_initcCs2tj}|t|dt|}||j|dS)Nz_SSLMethod.PROTOCOL_TLS)rrNrrLrZassertIsrSrprotorIrrrtest_str_for_enumss z#BasicSocketTests.test_str_for_enumscCst}tjr*tjd||r dp"dftd\}}|t |d|||dk|rxt d}|t |dn| tj tj d| t tj d| t tjdttdr| ttjd| ttjddtd d td d ttd d dS) Nz RAND_status is %d (%s) zsufficient randomnesszinsufficient randomnessr RAND_egdfoozthis is a random stringgR@sthis is a random bytes objects!this is a random bytearray object)r RAND_statusrrlrjrmrnRAND_pseudo_bytesrrRZ RAND_bytes assertRaisesSSLErrorrrFrrZRAND_add bytearray)rvdataZis_cryptographicrrr test_randoms,     zBasicSocketTests.test_randomposixzrequires posixcCst}|s|dt\}}t}|dkrzBt|tdd}|t |dt ||t|Wnt yt dYn 0t dnlt|| tj|tj|ddt|d}|t |dtdd}|t |d|||dS)Nz*OpenSSL's PRNG has insufficient randomnessrrr )exitcode)rrfailrpipeforkcloserrrRrn BaseException_exit addCleanuprZ wait_processrAassertNotEqual)rstatusZrfdZwfdpidZ child_randomZ parent_randomrrrtest_random_forks.        z!BasicSocketTests.test_random_forkNcCs|tjtt|tjtttjt}t j rTt j dt|d||dd||dd||dd||dd dS) N r/))r(zprojects.developer.nokia.com)r(zprojects.forum.nokia.comr2)zhttp://ocsp.verisign.comr3)z0http://SVRIntl-G3-aia.verisign.com/SVRIntlG3.cerr4)z0http://SVRIntl-G3-crl.verisign.com/SVRIntlG3.crl)rr_ssl_test_decode_certCERTFILE CERTFILE_INFOrSIGNED_CERTFILE_INFO NOKIACERTrrlrjrmrnpprintpformatrprrrtest_parse_certs*      z BasicSocketTests.test_parse_certc CsLtjt}tjr,tjdt |d| |dddddddd dS) Nr))r!ZUK))r&zcody-cazJun 14 18:00:58 2028 GMTzJun 18 18:00:58 2018 GMTZ02)r))r&#codenomicon-vm-2.test.lal.cisco.com))r(rr r)) rrrTALOS_INVALID_CRLDPrrlrjrmrnrrrrrrrtest_parse_cert_CVE_2019_5010s z.BasicSocketTests.test_parse_cert_CVE_2019_5010cCsxtjt}tjr,tjdt |dd}| |d|| |d|tj dkr`d}nd}| |d|dS) Nr))r!ZUS))stateOrProvinceNameZOregon))r#Z Beavertonr$))organizationalUnitNamezPython Core Development)r&null.python.orgexample.org)) emailAddresszpython-dev@python.orgr.r*)rrqrr)r(zaltnull.python.orgexample.comemailz null@python.orguser@example.orgURIz)http://null.python.orghttp://example.org IP Addressz 192.0.2.1)rz2001:DB8:0:0:0:0:0:1)rrrr)rz r/) rrr NULLBYTECERTrrlrjrmrnrrrru)rrr.Zsanrrrtest_parse_cert_CVE_2013_4238s  z.BasicSocketTests.test_parse_cert_CVE_2013_4238cCs tjt}||dddS)Nr/) )r(Zallsans othername r)rzuser@example.org)r(zwww.example.org)ZDirName)r r"r$))r&zdirname example)rzhttps://www.python.org/r 127.0.0.1)rz0:0:0:0:0:0:0:1)z Registered IDz 1.2.3.4.5)rrr ALLSANFILErrrrrtest_parse_all_sanss  z$BasicSocketTests.test_parse_all_sanscCsttd}|}Wdn1s(0Yt|}t|}t|}||||tjdsz| d|| dtj ds| d|dS)Nrrz-DER-to-PEM didn't include correct header: %r z-DER-to-PEM didn't include correct footer: %r ) r@ CAFILE_CACERTrArPEM_cert_to_DER_certZDER_cert_to_PEM_certr startswithZ PEM_HEADERrendswithZ PEM_FOOTER)rrCpemd1Zp2d2rrrtest_DER_to_PEM0s &    z BasicSocketTests.test_DER_to_PEMc CsHtj}tj}tj}||t||t||t||d| |d|\}}}}}||d| |d||d| |d||d| |d||d| |d||d| |dd |d } |d krd |d d |d d |d } nd |d d |d d |d } | | | | f||t |fdS)Nii@r rr?rtz LibreSSL dr zOpenSSL .)rZOPENSSL_VERSION_NUMBERryOPENSSL_VERSIONassertIsInstanceinttuplerLassertGreaterEqual assertLessZassertLessEqual assertTruerhex) rntrmajorminorZfixpatchrZ libressl_verZ openssl_verrrrtest_openssl_version<s6                   z%BasicSocketTests.test_openssl_versioncCs`ttj}t|}t|}tdtf~Wdn1sD0Y||ddS)N) rAF_INETrweakrefrefrcheck_warningsResourceWarningr)rrsswrrrr test_refcycle^s    zBasicSocketTests.test_refcyclec Csttj}t|}|t|jd|t|jtd|t|jd|t|j tdd|t|j d|t|j dd|t |j |t |jdgddd|t |jd|t |jtdgWdn1s0YdS)Nr x)z0.0.0.0rrrd)rr'rrOSErrorrecv recv_intorrecvfrom recvfrom_intosendsendtoNotImplementedErrordupsendmsgrecvmsg recvmsg_intorrr,rrrtest_wrapped_unconnectedis      z)BasicSocketTests.test_wrapped_unconnectedc Cs\dD]R}ttj}||t| }|||Wdq1sL0YqdS)N)Ng@)rr' settimeoutrr gettimeout)rtimeoutrr,rrr test_timeout{s    zBasicSocketTests.test_timeoutc Cst}|jtdtj|td|jtdtj|dd|jtdtj|dddtj|dtd&}|td|jtd fWdn1s0Y|t F}t}tj|t d Wdn1s0YWdn1s0Y| |j j t j|t J}t }tj|tt d Wdn1s@0YWdn1s`0Y| |j j t j|t J}t }tj|t t d Wdn1s0YWdn1s0Y| |j j t jdS) Nzcertfile must be specifiedrz5certfile must be specified for server-side operationsT server_sider&rFrz!can't connect in server-side modeirrr)rrrrrrconnectHOSTrr1NONEXISTINGCERTr exceptionerrnoENOENT)rrrcmrrrtest_errors_sslwrapsB  "  J  F  Fz$BasicSocketTests.test_errors_sslwrapcCsltjtjtptj|}t}||j| t j t ||dWdn1s^0YdS)z;Check that trying to use the given client certificate failsrHN) rrrrrcurdirrrrrrrrrrrrrr bad_cert_tests zBasicSocketTests.bad_cert_testcCs|ddS)z Wrapping with an empty cert filer6NrTrrrrtest_empty_certsz BasicSocketTests.test_empty_certcCs|ddS)z:Wrapping with a badly formatted certificate (syntax error)r7NrUrrrrtest_malformed_certsz$BasicSocketTests.test_malformed_certcCs|ddS)z2Wrapping with a badly formatted key (syntax error)r8NrUrrrrtest_malformed_keysz#BasicSocketTests.test_malformed_keyc sFdd}fdd}ddi}||d||d||d ||d ||d ||d dd i}||d||d||d||d||dddi}||d||d||d||d||dddi}||d||d ||dddi}||d||d||d||dddi}||d||d||ddd d!}dd"|fffi}|||dd#i}|||dd$i}|||d%d d!}dd"|fffi}||d&d d!||d'd d!||d(d d!||d)d d!d*d+d,d-}||d.||d/||d0||d1d2d3d4}||d5||d6||d7dd8d9}||d:||d;||d<||d=||d>||d?||d@tjrddAd9}||dB||dC||dD||dE||dF||d@d2dGd4}||d5dHdIdJd-}||d5dHdGdJd-}||dKttjddttjidddLi}tj dMt|dNWdn1s0YddOi}tj dPt|dQWdn1s0YddRi}tj dSt|dTWdn1s.0YddUi}tj dVt|dWWdn1sr0YddXi}tj dYt|dZWdn1s0Yd[D]<}tt |Wdn1s0Yqd\D]} t |qtjrBd]D]} t |q*dS)^NcSst||dSr)rmatch_hostnamecertrrrroksz0BasicSocketTests.test_match_hostname..okcstjtj||dSr)rrCertificateErrorrYrZrrrrsz2BasicSocketTests.test_match_hostname..failr.)))r& example.comr^z ExAmple.cOmzwww.example.comz .example.comz example.orgZ exampleXcom)))r&z*.a.comz foo.a.comz bar.foo.a.comza.comzXa.comz.a.com)))r&zf*.comzfoo.comzf.comzbar.comz bar.foo.com)rrznull.python.org)))r&z *.*.a.com)))r&za.*.comz a.foo.comza..comupüthon.python.orgidnaasciir&)))r&z x*.python.org)))r&zxn--p*.python.orguwww*.pythön.orguwww.pythön.orguwww1.pythön.orguftp.pythön.orgu pythön.orgzJun 26 21:41:46 2011 GMT)))r& linuxfrz.org))r( linuxfr.org)r( linuxfr.comr)r+r.r/rbrcrrazDec 18 23:59:59 2011 GMT)r)r California)r#z Mountain View)r%z Google Inc)r&mail.google.com)r+r.riz gmail.comre)r(r^)r 10.11.12.13)r 14.15.16.17r)r.r/rkrlz127.1z 14.15.16.17 z14.15.16.17 extra dataz 14.15.16.18z example.net)rj)rz2001:0:0:0:0:0:0:CAFE )rz2003:0:0:0:0:0:0:BABA z 2001::cafez 2003::babaz 2003::baba z2003::baba extra dataz 2003::bebe)rrdrfrgzDec 18 23:59:59 2099 GMT)rrdrfrh))rZblablaz google.com)))r&za*b.example.comz5partial wildcards in leftmost label are not supportedzaxxb.example.com)))r&zwww.*.example.comz2wildcard can only be present in the leftmost labelzwww.sub.example.com)))r&za*b*.example.comztoo many wildcardszaxxbxxc.example.com)))r&*z7sole wildcard without additional labels are not supporthost)))r&z*.comz%hostname 'com' doesn't match '\*.com'Zcom)1r&z1.2.3z 256.0.0.1z 127.0.0.1/24)rz 192.168.0.1)z::1z2001:db8:85a3::8a2e:370:7334) encodedecoder IPV6_ENABLEDrrrrYrr]Z _inet_patonr)rr\rr[r_invalidZipaddrrrrtest_match_hostnames                                                     ,,,,, .z$BasicSocketTests.test_match_hostnamecCsNttj}t&}|jt|j|dddWdn1s@0YdS)NTz some.hostnameserver_hostname)rrZrOrrrr)rrIrrrrtest_server_side}s   z!BasicSocketTests.test_server_sidec Cstd}ttj}||t|ddD}|t|dWdn1s\0YWdn1sz0Y| dS)NrrFdo_handshake_on_connectz unknown-type) r create_serverr'rJ getsocknamerrrget_channel_bindingr)rrcr,rrrtest_unknown_channel_bindings   Fz-BasicSocketTests.test_unknown_channel_binding tls-unique*'tls-unique' channel binding not availablecCsttj}t| }||dWdn1s:0Yttj}t|dtd }||dWdn1s0YdS)NrTrG)rr'r assertIsNoner}rr=rrrtest_tls_unique_channel_bindings   . z0BasicSocketTests.test_tls_unique_channel_bindingcCsjtttj}t|}|t}d}tWdn1sD0Y||t |j j ddSr) rrr'reprZ assertWarnsr+r gc_collectrrLwarningr^)rr,r rPrrrtest_dealloc_warns  &z"BasicSocketTests.test_dealloc_warncCst}|t|d||tjtD}t|d<t |d<t}||j t ||j tWdn1sx0YdS)N SSL_CERT_DIR SSL_CERT_FILE) rZget_default_verify_pathsrrRrZDefaultVerifyPathsrEnvironmentVarGuardCAPATHrcafiler)rpathsenvrrrtest_get_default_verify_pathss z.BasicSocketTests.test_get_default_verify_pathsr Windows specificc Cs|td|td|ttj|ttjdt}dD]}t|}||t|D]p}||t | t |d|\}}}||t | |ddh||tttft|ttfrf||qfqHd}| ||dS) NCAROOTr&)rrr x509_asn pkcs_7_asn1.3.6.1.5.5.7.3.1)rrZenum_certificatesrr WindowsErrorsetrlistrrrRbytesr frozensetboolrKupdate) rZ trust_oidsZ storenamestoreelementr[encZtrust serverAuthrrrtest_enum_certificatess&     z'BasicSocketTests.test_enum_certificatescCs|td|ttj|ttjdtd}||t|D]D}||t| t |d||dt | |dddhqHdS)Nrr&rr rr) rrZ enum_crlsrrrrrrrrRrr)rZcrlsrrrrtest_enum_crlss   zBasicSocketTests.test_enum_crlsc Csd}td}|||||jd||jd||jd||jd||tj|t tjdtj d}|||||tj|t tjj d| t dtj dWdn1s0Yt d D]j}ztj |}Wnt yYq0||jt ||jt||jt||jttdfqtjd}|||||tj|tjd||tjd|| t d tjd Wdn1s0YdS) N)rTLS Web Server Authenticationrrrrrzunknown NID 100000iizunknown object 'serverauth'Z serverauth)r _ASN1Objectrnid shortnameZlongnameoidrrrZfromnidrrangerrLtypeZfromname)rexpectedvaliobjrrrtest_asn1objectsB    *   z BasicSocketTests.test_asn1objectcCstd}|tjjtj|tjj||tjjjd|tjjjd|tjjjdtd}|tjj tj|tjj ||tjj jd|tjj jd|tjj jddS)Nrrrz1.3.6.1.5.5.7.3.2Z clientAuth) rrrPurpose SERVER_AUTHrrrr CLIENT_AUTH)rrrrrtest_purpose_enums     z"BasicSocketTests.test_purpose_enumcCsttjtj}||j|t}t|tj dWdn1sJ0Y| t |j dt tj}|t}||Wdn1s0Y| t |j ddS)Nrz!only stream sockets are supported)rr' SOCK_DGRAMrrrr8rrrrrLrMrZrPr)rrZcxrIrrrtest_unsupported_dtlss  ,  (z&BasicSocketTests.test_unsupported_dtlscCs|t||dSr)rrcert_time_to_seconds)r timestringZ timestamprrr cert_time_okszBasicSocketTests.cert_time_okcCs8|tt|Wdn1s*0YdSr)rrrr)rrrrrcert_time_fails zBasicSocketTests.cert_time_failz)local time needs to be different from UTCcCs|dd|dddS)NzMay 9 00:00:00 2007 GMTgCAJan 5 09:34:43 2018 GMTѓA)rrrrr"test_cert_time_to_seconds_timezone s z3BasicSocketTests.test_cert_time_to_seconds_timezonecCsd}d}||||tj|d||d||d||d|d|d|d |d |d |d d }|d||d||dd|dd|dd|d|dddS)Nrr)rzJan 05 09:34:43 2018 GMTzJaN 5 09:34:43 2018 GmTzJan 5 09:34 2018 GMTzJan 5 09:34:43 2018zJan 5 09:34:43 2018 UTCzJan 35 09:34:43 2018 GMTzJon 5 09:34:43 2018 GMTzJan 5 24:00:00 2018 GMTzJan 5 09:60:43 2018 GMTgWAzDec 31 23:59:60 2008 GMTzJan 1 00:00:00 2009 GMTzJan 5 09:34:59 2018 GMTiFOZzJan 5 09:34:60 2018 GMTiFOZzJan 5 09:34:61 2018 GMTiFOZzJan 5 09:34:62 2018 GMTzDec 31 23:59:59 9999 GMTg MB)rrrrr)rrtsZ newyear_tsrrrtest_cert_time_to_seconds(s*                z*BasicSocketTests.test_cert_time_to_secondsLC_ALLr&cCs@dd}|dkr |d|dd||ddS)NcSs tddS)Nz%b) r rr rrrrrr)rrrrrrlocal_february_nameOszNBasicSocketTests.test_cert_time_to_seconds_locale..local_february_nameZfebz>locale-specific month name needs to be different from C localezFeb 9 00:00:00 2007 GMTg`rAz 9 00:00:00 2007 GMT)lowerskipTestrr)rrrrr test_cert_time_to_seconds_localeKs   z1BasicSocketTests.test_cert_time_to_seconds_localecCsvttj}||jt|}tttjtjd}||j| t |f}t j t j t jt jf}|||dS)Nr)rr'rrr bind_portrrr connect_exrKrNZ ECONNREFUSEDZ EHOSTUNREACHZ ETIMEDOUT EWOULDBLOCKr)rserverportrrcerrorsrrrtest_connect_ex_errorZs      z&BasicSocketTests.test_connect_ex_error)4__name__ __module__ __qualname__rrrrr] skipUnlessrrrZmaxDiffrrrr rr%rZ cpython_onlyr.r>rCrQrTrVrWrXrtrwrrCHANNEL_BINDING_TYPESrrrrjplatformrrrrrrrrrrZrun_with_localerrrrrrrlsb  "   G     '  #  rc@seZdZddZddZddZeedkdd d Z e e j d kd d dZ ddZddZddZee edddZeedddZddZddZdd Ze ed!d"d#Zd$d%Zd&d'Zee jd(d)d*Zed+d,Z ed-d.Z!d/d0Z"d1d2Z#d3d4Z$e e%j&d5kd6e ed7d8d9Z'ee%j&d5kd:e e(e%d;d<d=d>Z)d?d@Z*dAdBZ+dCdDZ,dEdFZ-dGdHZ.dIdJZ/ee0dKdLdMZ1dNS)O ContextTestsc CstD]L}t|rtt|}Wdn1s80Y||j|qtt}Wdn1sx0Y||jtj| t tjd| t tjddS)Nr*) PROTOCOLSrTrr*rrZrrSrNrr)rrSrIrrrtest_constructorms ( &zContextTests.test_constructorc CsVtD]L}t|rtt|}Wdn1s80Y||j|qdSr)rrTrr*rrZrrSrrrr test_protocolys  (zContextTests.test_protocolcCs\ttj}|d|d|tjd|dWdn1sN0YdS)NALLDEFAULTNo cipher can be selected^$:,;?*'dorothyx)rrZrPrGrrrrIrrr test_cipherss    zContextTests.test_ciphersr z+Test applies only to Python default cipherscCsfttj}|}|D]H}|d}|d||d||d||d||d|qdS)NrZPSKZSRPZMD5ZRC4Z3DES)rrZrP get_ciphersZ assertNotIn)rrIrZsuiterrrrtest_python_cipherss     z ContextTests.test_python_ciphers)r rrrrzOpenSSL too oldc Cshttj}|dtdd|D}hd}||}|t|ddt |dt |dS)NZAESGCMcss|]}|dVqdS)rNr).0rrrr z0ContextTests.test_get_ciphers..>zECDHE-ECDSA-AES128-GCM-SHA256zECDHE-RSA-AES256-GCM-SHA384zAES256-GCM-SHA384zECDHE-RSA-AES128-GCM-SHA256zAES128-GCM-SHA256zDHE-RSA-AES128-GCM-SHA256zDHE-RSA-AES256-GCM-SHA384zECDHE-ECDSA-AES256-GCM-SHA384rz got: z expected: ) rrZrPrGrr intersectionrrRsorted)rrInamesrrrrrtest_get_cipherss   zContextTests.test_get_cipherscCsttj}tjtjBtjB}|ttBtBt Bt Bt BO}| ||j |j tjO_ | |tjB|j tr|j tj@|_ | ||j d|_ | d|j tj@n0|td|_ Wdn1s0YdSr)rrZrPOP_ALLrrr9r<r:r;r=r>roptionsrrvrr)rrIdefaultrrr test_optionss*  zContextTests.test_optionscCsttj}||jtjtj|_||jtjtj|_||jtjtj|_||jtj|t d|_Wdn1s0Y|t d|_Wdn1s0Yttj }||jtj| |j ttj}||jtj||j dSNr)rrZrNrrrrrrrrrO assertFalserrPrrrrrtest_verify_mode_protocols$  $ $   z&ContextTests.test_verify_mode_protocolcCsttj}||jtjrVd|_||jd|_||jd|_||jn0|td|_Wdn1s|0YdSNTF) rrZrPrhostname_checks_common_nameHAS_NEVER_CHECK_COMMON_NAMErrAttributeErrorrrrr test_hostname_checks_common_names     z-ContextTests.test_hostname_checks_common_namez see bpo-34001cCsttj}tjjtjjtjjh}tjjtjjh}| |j || |j |tjj |_ tjj|_ | |j tjj | |j tjjtjj|_ tjj|_ | |j tjj| |j tjjtjj|_ | |j tjjtjj|_ | |j tjjtjj tjjhtjj|_ | |j tjjtjjh|td|_ Wdn1sP0Yttjrttj}| |j || |j tjj|ttjj|_ Wdn1s0Y|ttjj|_ Wdn1s0YdSr)rrZrOrr[rrYr\TLSv1_3rrErVrrrrrrTr)rrIZ minimum_rangeZ maximum_rangerrrtest_min_max_versionst               &    * z!ContextTests.test_min_max_version!verify_flags need OpenSSL > 0.9.8cCsttj}ttdd}||jtj|Btj|_||jtjtj|_||jtjtj|_||jtjtjtj B|_||jtjtj B| t d|_Wdn1s0YdS)NVERIFY_X509_TRUSTED_FIRSTr) rrZrOrMr verify_flagsVERIFY_DEFAULTVERIFY_CRL_CHECK_LEAFZVERIFY_CRL_CHECK_CHAINZVERIFY_X509_STRICTrr)rrItfrrrtest_verify_flags3s    zContextTests.test_verify_flagsc Csttj}|jtdd|jttd|jt|jtd|t}|tWdn1sd0Y| |j j t j | tjd|tWdn1s0Y| tjd|tWdn1s0Yttj}|tt|jttd|jttd| tjd|tWdn1sT0Y| tjd|tWdn1s0Y| tjd|jttdWdn1s0Yttj}| tjd|ttWdn1s0Y|jttd|jttd|jtttd|ttt|ttt|tttt| td|jtddWdn1s0Y|tj|jtddWdn1s0Y| td "|jtd d dWdn1s80Yd d }dd}dd}dd}dd}dd}dd} Gddd} |jt|d|jt|d|jt|d|jt| d|jt| jd|tj|jt|dWdn1s0Y| td |jt|dWdn1sB0Y| td|jt|dWdn1s~0Y| td|jt| dWdn1s0Y|jt| ddS)NrDPEM librIzkey values mismatch)passwordzshould be a stringTbadpasszcannot be longeraicSstSr KEY_PASSWORDrrrrgetpass_unicodevsz:ContextTests.test_load_cert_chain..getpass_unicodecSstSr)rrprrrr getpass_bytesxsz8ContextTests.test_load_cert_chain..getpass_bytescSs ttSr)rrrprrrrgetpass_bytearrayzsz.getpass_bytearraycSsdS)Nrrrrrrgetpass_badpass|sz:ContextTests.test_load_cert_chain..getpass_badpasscSsddS)Nrirrrrr getpass_huge~sz7ContextTests.test_load_cert_chain..getpass_hugecSsdS)Nrqrrrrrgetpass_bad_typesz;ContextTests.test_load_cert_chain..getpass_bad_typecSs tddS)N getpass error) Exceptionrrrrgetpass_exceptionsz.getpass_exceptionc@seZdZddZddZdS)z:ContextTests.test_load_cert_chain..GetPassCallablecSstSrrrrrr__call__szCContextTests.test_load_cert_chain..GetPassCallable.__call__cSstSrrrrrrgetpassszBContextTests.test_load_cert_chain..GetPassCallable.getpassN)rrrrrrrrrGetPassCallablesrzmust return a stringr )rrZrOrrrrr1rLrrMrNrOrrBADCERT EMPTYCERTONLYCERTONLYKEYBYTES_ONLYCERT BYTES_ONLYKEYr CERTFILE_PROTECTEDrrprONLYKEY_PROTECTEDrrr ) rrIrPrrrr r r rrrrrtest_load_cert_chainGs  (((  **. ,  ..2....z!ContextTests.test_load_cert_chaincCs ttj}|t|jtdd|t|jtdd|t|j|t|jddd|t}|t Wdn1s0Y| |j j t j |tjd|tWdn1s0Y|tt|jttd|t|jdddS)N)rrrrT)rrZrOrrBYTES_CERTFILErrr1rLrrMrNrOrrrr BYTES_CAPATHrrIrPrrrtest_load_verify_locationss    (( z'ContextTests.test_load_verify_locationscCstt}|}Wdn1s&0Yt|}tt}|}Wdn1s`0Yt|}ttj}|| dd|j |d|| dd|j |d|| dd|j |d|| ddttj}d ||f}|j |d|| ddttj}d|d|d |d g}|j d |d|| ddttj}|j |d|j |d|| dd|j |d|| ddttj}d ||f}|j |d|| ddttj}|j t |j td|tjd |j d dWdn1sT0Y|tjd|j ddWdn1s0YdS)Nx509_carcadatar rrheadotherZagaintailrz4no start line: cadata does not contain a certificatebrokenz6not enough data: cadata does not contain a certificatesbroken)r@r rArr CAFILE_NEURONIOrZrPrcert_store_statsrrrrobjectrr)rrCZ cacert_pemZ cacert_derZ neuronio_pemZ neuronio_derrIZcombinedrrrtest_load_verify_cadatas\ &  &                ,z$ContextTests.test_load_verify_cadata)Avoid mixing debug/release CRT on WindowscCsttj}|ttjdkr*|t|t |j|t |jd|t }|t Wdn1sr0Y| |j jtj|tj}|tWdn1s0YdS)Nnt)rrZrOload_dh_paramsDHFILErr BYTES_DHFILErrrBrLrrMrNrOrrrrrrtest_load_dh_paramss     (z ContextTests.test_load_dh_paramscCsrtD]h}t|sqtt|}Wdn1s:0Y||dddddddddddd qdS)Nr) ZnumberrJZ connect_goodZconnect_renegotiateacceptZ accept_goodZaccept_renegotiatehitsmissesZtimeoutsZ cache_full)rrTrr*rrZr session_statsrrrrtest_session_statss$ ( zContextTests.test_session_statscCsttj}|dSr)rrZrPZset_default_verify_pathsrrrrtest_set_default_verify_pathss z*ContextTests.test_set_default_verify_pathsz#ECDH disabled on this OpenSSL buildcCsbttj}|d|d|t|j|t|jd|t|jd|t|jddS)N prime256v1s prime256v1rfoo)rrZrOr~rrrrrrrtest_set_ecdh_curves   z ContextTests.test_set_ecdh_curvecCsjttj}|t|j|t|jd|t|jd|t|j|dd}|d||dS)Nrr&cSsdSrrr servernamerIrrr dummycallback(sz5ContextTests.test_sni_callback..dummycallback)rrZrOrrset_servername_callback)rrIr<rrrtest_sni_callbacks  zContextTests.test_sni_callbackcCsJttj}|fdd}||t|}~~t||ddS)NcSsdSrr)rr;rIcyclerrrr<2sz>ContextTests.test_sni_callback_refcycle..dummycallback) rrZrOr=r(r)gccollectr)rrIr<r-rrrtest_sni_callback_refcycle-s    z'ContextTests.test_sni_callback_refcyclecCsttj}||dddd|t||dddd|t||dddd|t||dddddS)Nr)r crlx509r r) rrZrPrr(rrrr rrrrtest_cert_store_stats:s             z"ContextTests.test_cert_store_statsc Csttj}||g|t||g|t||dtdtddddddgt t}| }Wdn1s0Yt |}||d|gdS) N)))r%zRoot CA))rzhttp://www.cacert.org))r&zCA Cert Signing Authority))rzsupport@cacert.orgzMar 29 12:29:49 2033 GMTzMar 30 12:29:49 2003 GMTZ00)z!https://www.cacert.org/revoke.crlr )r*r+r,r-r4r.r0T) rrZrPr get_ca_certsrrr rr@rAr )rrIrCrderrrrtest_get_ca_certsHs&     & zContextTests.test_get_ca_certscCsttj}|ttj}|tjj|ttj}|tjjttj}|t|jd|t|jddS)Nr) rrZrPload_default_certsrrrrrrrrrtest_load_default_certsds    z$ContextTests.test_load_default_certsr znot-Windows specificz!LibreSSL doesn't support env varscCshttj}t@}t|d<t|d<||| ddddWdn1sZ0YdS)Nrrrr )rCrDr ) rrZrPrrrrrIrr()rrIrrrrtest_load_default_certs_envss   z(ContextTests.test_load_default_certs_envrr z3Debug build does not share environment between CRTscCsttj}||}ttj}tH}t|d<t|d<||dd7<| ||Wdn1s~0YdS)NrrrDr ) rrZrPrIr(rrrrr)rrIstatsrrrr#test_load_default_certs_env_windows}s   z0ContextTests.test_load_default_certs_env_windowscCs||jtj@tjtdkr0||jt@ttdkrJ||jt@ttdkrd||jt@ttdkr~||jt@tdSr)rrrrr9r:r;r<rrrr_assert_context_optionss"    z$ContextTests._assert_context_optionscCst}||jtj||jtj||j| |t t }| }Wdn1sd0Ytjt t |d}||jtj||jtj| |ttjj}||jtj||jtj| |dS)N)rrr")rcreate_default_contextrrSrNrrrrrNr@rrArrrr)rrIrCr"rrrtest_create_default_contexts"   & z(ContextTests.test_create_default_contextcCsXt}||jtj||jtj||j| |t tj rt ttj }Wdn1st0Y||jtj ||jtj| |t $tjtj tjdd}Wdn1s0Y||jtj ||jtj||j| |tjtjjd}||jtj||jtj| |dS)NT)rr)Zpurpose)r_create_stdlib_contextrrSrNrrrrrNrTrrr*rrrrrrrrtest__create_stdlib_contexts0    *  $  z(ContextTests.test__create_stdlib_contextcCszttj}||j||jtjd|_||j||jtj d|_tj |_||j||jtj d|_tj|_d|_||j||jtjd|_||j||jtj d|_tj |_d|_||j||jtj d|_||j||jtj | t tj|_Wdn1sB0Yd|_||jtj|_||jtjdSr) rrZrNrrrrrrrrrrrrrrtest_check_hostnames@         ( z ContextTests.test_check_hostnamecCsTttj}||j||jtjttj}| |j||jtj dSr) rrZrPrrrrrrOrrrrrrtest_context_client_servers     z'ContextTests.test_context_client_servercCsGdddtj}Gdddtj}ttj}||_||_|jtdd}| ||Wdn1sp0Y| t t }| ||dS)Nc@s eZdZdS)z;ContextTests.test_context_custom_class..MySSLSocketNrrrrrrr MySSLSocketsrVc@s eZdZdS)z;ContextTests.test_context_custom_class..MySSLObjectNrUrrrr MySSLObjectsrWTrE) rr SSLObjectrZrOZsslsocket_classZsslobject_classrrrwrap_bio MemoryBIO)rrVrWrIrrrrrtest_context_custom_classs *z&ContextTests.test_context_custom_classzTest requires OpenSSL 1.1.1cCsttj}||jdd|_||jdd|_||jd|td|_Wdn1sh0Y|td|_Wdn1s0Yttj}||jd|td|_Wdn1s0YdS)Nrr rr) rrZrOrZ num_ticketsrrrrPrrrrtest_num_tickests  $ $  zContextTests.test_num_tickestN)2rrrrrrr]rr rskipIfrryrrrrrequires_minimum_version IS_LIBRESSLrr{rrrr*Py_DEBUG_WIN32r0r5r6r}r9 needs_snir>rBrErHrJrjrrKrFrMrNrPrRrSrTr[IS_OPENSSL_1_1_1r\rrrrrksb      N S?         +  rc@s8eZdZddZeedddZddZdd Z d S) SSLErrorTestscCsXtdd}|t|d||jdtdd}|t|d||jddS)Nr r)rrrrLrNZSSLZeroReturnError)rerrrtest_str's   zSSLErrorTests.test_strr+cCsttj}|tj}|tWdn1s80Y||jj d||jj dt |j}| | d|dS)NZPEMZ NO_START_LINEz"[PEM: NO_START_LINE] no start line)rrZrPrrr-rrrMlibraryreasonrLrr)rrIrPrrrrtest_lib_reason1s ( zSSLErrorTests.test_lib_reasonc Csttj}d|_tj|_td}t| }| d|j |dddr}| tj }|Wdn1sz0Yt|j}||d|||jjtjWdn1s0YWdn1s0YdS)NFrxryz%The operation did not complete (read))rrZrPrrrrr{create_connectionr| setblockingrrSSLWantReadError do_handshakerLrMrrrrNSSL_ERROR_WANT_READ)rrIrr~rPrrr test_subclass<s   & zSSLErrorTests.test_subclasscCst}|t(|jttddWdn1s@0Y|t(|jttddWdn1s0Y|t(|jttddWdn1s0YdS)Nr&ruz .example.orgzexample.orgevil.com)rrOrrrYrZrrrrrtest_bad_server_hostnameNs $ $ z&SSLErrorTests.test_bad_server_hostnameN) rrrrer]r]r`rhrnrorrrrrc%s   rcc@s4eZdZddZddZddZddZd d Zd S) MemoryBIOTestscCst}|d||d||d|d|d||d||d|d||dd||dd ||dddS) Nr8rbarsfoobarbazrsbar z)rrZrnrrArbiorrrtest_read_write]s    zMemoryBIOTests.test_read_writecCst}||j||d||j|d||j|||j||dd||j||dd||j||d||jdS)Nrr8rsfor o) rrZreofrrArn write_eofrrtrrrtest_eofks       zMemoryBIOTests.test_eofcCst}||jd|d||jdtdD]$}|d||jd|dq6tdD] }|d||j|dqd|||jddS)Nrr8r r r/)rrZrpendingrnrrA)rrurrrr test_pending{s     zMemoryBIOTests.test_pendingcCsbt}|d||d|td||d|td||ddS)Nr8rqrr)rrZrnrrAr memoryviewrtrrrtest_buffer_typess z MemoryBIOTests.test_buffer_typescCsLt}|t|jd|t|jd|t|jd|t|jddS)NrTr )rrZrrrnrtrrrtest_error_typess zMemoryBIOTests.test_error_typesN)rrrrvrzr|r~rrrrrrp[s  rpc@seZdZddZddZdS)SSLObjectTestscCsDt}|tdt||Wdn1s60YdSr)rrZrrrXrtrrrrsz SSLObjectTests.test_private_initc Cs<t\}}}t}t}t}t}|j|||d}|j||dd} tdD]p} z |WntjyxYn0|jr|| z | WntjyYn0|jrT|| qT|| | tj| Wdn1s0Y|| | || | dS)NruTrEr) rrrZrYrrlrkr{rnrArunwrap) rZ client_ctxZ server_ctxrZc_inZc_outZs_inZs_outclientr_rrr test_unwraps8    (zSSLObjectTests.test_unwrapN)rrrrrrrrrrsrc@seZdZdZddZddZddZdd Zd d Zd d Z ddZ ddZ ddZ e ejdkdddZddZddZddZddZd d!Zed"d#Zd$d%Zd&d'Zd(d)Zd*S)+SimpleBackgroundTestsz?Tests that connect to a simple server running in the backgroundcCs2tt}t|jf|_|||jddddSr)ThreadedEchoServerrrKr server_addr __enter__r__exit__)rrrrrsetUps zSimpleBackgroundTests.setUpcCstttjtjd8}||j|i|| |j Wdn1sT0Ytttjtj t d6}||j| || |j Wdn1s0YdS)Nrrr)rrr'rrrJrr getpeercertrrFrrrrrrr test_connects  *  z"SimpleBackgroundTests.test_connectcCs<tttjtjd}||j|tjd|j |j dS)Nrcertificate verify failed) rrr'rrrrrrrJrrrrrtest_connect_fails   z'SimpleBackgroundTests.test_connect_failcCsJtttjtjtd}||j|d| |j | | dS)Nrr) rrr'rrrrrrrrrrrrrrtest_connect_exs  z%SimpleBackgroundTests.test_connect_exc Cstttjtjtdd}||j|d| |j }| |dt j t jftg|ggdz|WqWqdtjyt|gggdYqdtjytg|ggdYqd0qd||dS)NF)rrrzrr?)rrr'rrrrrrjrrrrNZ EINPROGRESSrselectrlrkSSLWantWriteErrorrrrrrrrrtest_non_blocking_connect_exs$    z2SimpleBackgroundTests.test_non_blocking_connect_excCsttj}|ttj,}||j|i| Wdn1sP0Y|jttjdd}||jWdn1s0Ytj |_ | t |ttj.}||j| }||Wdn1s0YdS)Ndummyru)rrZrNrrr'rJrrrrrrrrrrIrr[rrrtest_connect_with_contexts  .*  z/SimpleBackgroundTests.test_connect_with_contextcCsLttj}tj|_|ttj}||j | tj d|j |j dS)Nr)rrZrNrrrrr'rrrrrJr)rrIrrrrtest_connect_with_context_fail!s   z4SimpleBackgroundTests.test_connect_with_context_failcCsttj}tj|_|jtd|ttj .}| |j | }| |Wdn1sf0Yttj}tj|_|jtd|ttj .}| |j | }| |Wdn1s0YdS)Nr)rrZrNrrrrrrr'rJrrrrrrrrtest_connect_capath,s   (   z)SimpleBackgroundTests.test_connect_capathcCs tt}|}Wdn1s&0Yt|}ttj}tj|_|j |d| t t j .}| |j|}||Wdn1s0Yttj}tj|_|j |d| t t j .}| |j|}||Wdn1s0YdS)Nr!)r@rrArr rZrNrrrrrr'rJrrr)rrCrrGrIrr[rrrtest_connect_cadataCs" &    (   z)SimpleBackgroundTests.test_connect_cadatar,z*Can't use a socket as a file under WindowscCstttj}||j|}|}|t |d|t | t }t |dWdn1s|0Y||jjtjdSr)rrr'rJrfilenomakefilerrrAr@rArr1rrMrNEBADF)rr,fdrCrdrrrtest_makefile_closeXs   *z)SimpleBackgroundTests.test_makefile_closecCsttj}||j|dt|tjdd}||j d}z|d7}| WqWqBtj y~t |gggYqBtj yt g|ggYqB0qBtjrtjd|dS)NFrrzrr z9 Needed %d calls to do_handshake() to establish session. )rr'rJrrjrrrrrrlrkrrrrlrjrmrn)rrcountrrrtest_non_blocking_handshakeks&    z1SimpleBackgroundTests.test_non_blocking_handshakecCst|g|jRdtidS)Nr[)_test_get_server_certificaterrrrrrtest_get_server_certificatesz1SimpleBackgroundTests.test_get_server_certificatecCst|g|jRdSr)!_test_get_server_certificate_failrrrrr test_get_server_certificate_failsz6SimpleBackgroundTests.test_get_server_certificate_failc Cstttjtjdd}||jWdn1s:0Ytttjtjdd}||jWdn1s~0Y|tjdXttj,}t|tjdd}||jWdn1s0YWdn1s0YdS)Nr)rrrrr) rrr'rrrJrrr)rrrrrrrs  * *z"SimpleBackgroundTests.test_cipherscCsttj}|jtd||g|jttj dd.}| |j | }| |Wdn1sr0Y|t|ddS)Nrr'rur )rrZrPrrrrFrrr'rJrrrrRrrrrtest_get_ca_certs_capaths   (z.SimpleBackgroundTests.test_get_ca_certs_capathcCsttj}|jtdttj}|jtdttj}|j|dd^}||j | |j || |j j |||_ | |j || |j j |Wdn1s0YdS)Nrr'ru) rrZrPrrrr'rrJrrr_sslobj)rZctx1Zctx2rr,rrrtest_context_setgets      z)SimpleBackgroundTests.test_context_setgetc Os|dtj}t|}d} t|kr4|dd} | d7} z ||} Wn@tjy} z&| jtj tj fvrr| j} WYd} ~ n d} ~ 00| } | | | durqq| tj kr| d} | r|| q|qtjrtjd| |jf| S)NrBrr iz"Needed %d calls to complete %s(). )getr SHORT_TIMEOUTr monotonicrrrrNrmZSSL_ERROR_WANT_WRITErAsendallr2rnryrlrjrmr)rrincomingoutgoingr`r^rrBdeadlinerrNretrdbufrrr ssl_io_loops:         z!SimpleBackgroundTests.ssl_io_loopcCsttj}||j||jt}t}ttj }| |j | |j tj|t|||dt}||jj||||||||t|jdtjvr||d| ||||j!| |||||| |dtjvr>| |dz| ||||j"Wntj#yjYn0|tj$|j%ddS)NFrr8)&rr'rrrJrrrZrZrPrrrrrrrrYrrrownerrcipherr0assertIsNotNoneshared_ciphersrrrrr}rrlrZSSLSyscallErrorrrn)rrrrrIsslobjrrrtest_bio_handshakes>         z(SimpleBackgroundTests.test_bio_handshakecCsttj}||j||jt}t}ttj }tj |_ | ||d}| ||||jd}| ||||j|| ||||jd}||d| ||||jdS)NFFOO sfoo )rr'rrrJrrrZrZrNrrrYrrlrnrArr)rrrrrIrZreqrrrrtest_bio_read_write_datas     z.SimpleBackgroundTests.test_bio_read_write_dataN)rrr__doc__rrrrrrrrrr]r]rrrrrrrrrarrrrrrrrrs,      %"rZnetworkc@s*eZdZddZeejdddZdS)NetworkedTestscCstttttjtjdd}||j | d| tdf}|dkr\| dn|t jkrp| d||t jt jfWdn1s0YdS)NFrgHz>rz!REMOTE_HOST responded too quicklyzNetwork unreachable.)rtransient_internet REMOTE_HOSTrrr'rrrrr@rrrNZ ENETUNREACHrEAGAINrrrrrtest_timeout_connect_ex s       z&NetworkedTests.test_timeout_connect_exz Needs IPv6cCsFtd(t|ddt|ddWdn1s80YdS)Nzipv6.google.comr)rrrrrrrr test_get_server_certificate_ipv6 s  z/NetworkedTests.test_get_server_certificate_ipv6N) rrrrr]rrrrrrrrrr s rcCslt||f}|s$|d||ftj||f|d}|sL|d||ftjrhtjd|||fdS)NzNo server certificate on %s:%s!rz& Verified certificate for %s:%s is %s )rget_server_certificaterrrlrjrmrn)testrnrr[rrrrr$ src Cslztj||ftd}Wn<tjyR}z"tjr>tjd|WYd}~nd}~00| d|||fdS)Nrz%s z$Got server certificate %s for %s:%s!) rrrrrrlrjrmrnr)rrnrrxrrrr/ s &r)make_https_serverc @sReZdZGdddejZdddZdd Zd d Zdd d Z ddZ ddZ dS)rc@s@eZdZdZddZddZddZdd Zd d Zd d Z dS)z$ThreadedEchoServer.ConnectionHandlerzA mildly complicated class, because we want it to work both with and without the SSL wrapper around the socket connection, so that we can test the STARTTLS functionality.cCs@||_d|_||_||_|jdd|_tj|d|_ dSNFT) rrunningraddrrjsslconn threadingThread__init__daemon)rrZconnsockrrrrrD s  z-ThreadedEchoServer.ConnectionHandler.__init__c Cs0zD|jjj|jdd|_|jj|j|jj|j Wnt t t fy}zL|jj t||jjrtdt|jdd|_|WYd}~dSd}~0tjtfy>}zr|jj t||jjrtdt|jd|jtjkr(tjdkr(d|_|j|WYd}~dSd}~00|jj|j|jjjtjkr|j }t!j"r|jjrtj#$dt%&|d|j d}t!j"r|jjrtj#$d tt'|d |j(}t!j"r(|jjr(tj#$d t|dtj#$d t|jddSdS) NTrEz' server: bad connection attempt from z: Fdarwinz client cert is rz cert binary is z bytes z" server: connection cipher is now z" server: selected protocol is now ))rrrrrselected_npn_protocolsappendselected_npn_protocolselected_alpn_protocolsselected_alpn_protocolConnectionResetErrorBrokenPipeErrorConnectionAbortedError conn_errorsrLchattyrprrrrrrr1rNZ EPROTOTYPErjrstoprrrrrrlrmrnrrrRr)rrdr[Z cert_binaryrrrr wrap_connN sN        z.ThreadedEchoServer.ConnectionHandler.wrap_conncCs |jr|jS|jdSdS)Nr)rrArr2rrrrrA s z)ThreadedEchoServer.ConnectionHandler.readcCs"|jr|j|S|j|SdSr)rrnrr6)rrrrrrn s z*ThreadedEchoServer.ConnectionHandler.writecCs |jr|jn |jdSr)rrrrrrrr s z*ThreadedEchoServer.ConnectionHandler.closec Csd|_|jjs|sdS|jrԐz|}|}|svd|_z|j|_Wnt ybYn0d|_| np|dkrt j r|jj rtjd| WdS|jjr|dkrt j r|jj rtjd|d|sWdSn|jjrd|jrd|dkrdt j r&|jj r&tjd |d|j|_d|_t j r|jj rtjd n|d krt j r|jj rtjd |jd }|t|ddn2|dkr8t j r|jj rtjdz|jWn@tjy*}z$|t|ddWYd}~nd}~00|dn|dkrj|jdur^|dn |dn||dkr|j}|t|ddnNt j r|jj r|jrdpd}tjd||||f||Wqttfy4|jjr"t j r"tjd|j| d|_Yqtjy}zFd|jkr|jjrvt j rvtj|jdtdWYd}~qd}~0t y|jjrt d| d|_|j!Yq0qdS)NTFsoverz" server: client closed connection STARTTLSz2 server: read STARTTLS from client, sending OK... OK ENDTLSz0 server: read ENDTLS from client, sending OK... z* server: connection is now unencrypted... s CB tls-uniquez@ server: read CB tls-unique from client, sending our CB data... rus-ascii PHAz( server: initiating post handshake auth HASCERTTRUE FALSE GETCERTZ encryptedZ unencryptedz/ server: read %r (%s), sending back %r (%s)... z Connection reset by peer: {} Z!PEER_DID_NOT_RETURN_A_CERTIFICATEr !tlsv13 alert certificate requiredzTest server failure: )"rrstarttls_serverrrAstriprrrr1rrrlconnectionchattyrjrmrnr}rrpverify_client_post_handshakerrrrrrrformatrrgr^rpr)rmsgstrippedrrdr[Zctypeerrrrrrun s              .         z(ThreadedEchoServer.ConnectionHandler.runN) rrrrrrrArnrrrrrrConnectionHandler> s >rNTFc Cs| r | |_nt|dur|ntj|_|dur2|ntj|j_|rL|j||r\|j||rl|j|| r||j | | r|j | ||_ ||_ ||_ t|_t|j|_d|_d|_g|_g|_g|_g|_tj|d|_dSr)rrrZrOrrrrset_npn_protocolsset_alpn_protocolsrGrrrrrrrrflagactiverrrrrrrr) rZ certificatercertreqscacertsrrrZ npn_protocolsZalpn_protocolsrrrrrr sB        zThreadedEchoServer.__init__cCs|t|j|SrstartrEventrwaitrrrrr+ s zThreadedEchoServer.__enter__cGs||dSr)rrrr^rrrr0 szThreadedEchoServer.__exit__cCs||_tj|dSrrrrrrrrrrr4 szThreadedEchoServer.startc Cs |jd|jd|_|jr,|j|jrzT|j\}}tjrf|j rft j dt |d||||}||Wq,tjyYq,ty|Yq,ty}z0tjr|j rt j dt |dWYd}~q,d}~00q,|jdS)Ng?Tz server: new connection from rz connection handling failed: )rr@listenrrrr1rrlrrjrmrnrrrrrrBKeyboardInterruptrrr)rZnewconnZconnaddrhandlerrdrrrr8 s6        zThreadedEchoServer.runcCs d|_dSr)rrrrrrS szThreadedEchoServer.stop) NNNNTFFNNNN)N) rrrrrrrrrrrrrrrrr< sI % rc@sXeZdZGdddejZddZddZddZd d Z dd d Z ddZ ddZ d S)AsyncoreEchoServerc@s6eZdZGdddejZddZddZddZd S) zAsyncoreEchoServer.EchoServerc@s<eZdZddZddZddZddZd d Zd d Zd S)z/AsyncoreEchoServer.EchoServer.ConnectionHandlercCs4t|d|dd|_tj||jd|_|dS)NTF)rFrrz)rrasyncoredispatcher_with_sendr_ssl_accepting_do_ssl_handshake)rconnrrrrr^ sz8AsyncoreEchoServer.EchoServer.ConnectionHandler.__init__cCs*t|jtjr&|jdkr&|qdS)NrT)rKrrrr{Zhandle_read_eventrrrrreadablef s z8AsyncoreEchoServer.EchoServer.ConnectionHandler.readablec Csz|jWntjtjfy*YdStjyD|YStjyXYnNty}z0|j dt j kr|WYd}~SWYd}~nd}~00d|_ dS)NrF) rrlrrkrZ SSLEOFError handle_closerr1r^rNZ ECONNABORTEDrrrrrrrl s *zAAsyncoreEchoServer.EchoServer.ConnectionHandler._do_ssl_handshakecCsT|jr|n@|d}tjr4tjdt||sB| n| | dS)Nrz server: read %s from client ) rrr2rrlrjrmrnrrr6r)rrrrr handle_read{ s   z;AsyncoreEchoServer.EchoServer.ConnectionHandler.handle_readcCs$|tjr tjd|jdS)Nz server: closed connection %s )rrrlrjrmrnrrrrrr  sz) __class__rrrrrr__str__ szAsyncoreEchoServer.__str__cCs|t|j|Srrrrrrr s zAsyncoreEchoServer.__enter__cGsVtjrtjd|tjr,tjd|tjrFtjdtjdddS)Nz cleanup: stopping server. z! cleanup: joining server thread. z cleanup: successfully joined. T)Z ignore_all) rrlrjrmrnrrrZ close_allrrrrr s   zAsyncoreEchoServer.__exit__NcCs||_tj|dSrrrrrrr szAsyncoreEchoServer.startcCs>d|_|jr|j|jr:ztdWqYq0qdS)NTr )rrrrZlooprrrrr s zAsyncoreEchoServer.runcCsd|_|jdSr)rrrrrrrr szAsyncoreEchoServer.stop)N) rrrrrrrrrrrrrrrrrrV sD  rrTFc Csi}t||dd}|p|jt||d} | t|jf|t|t|fD]} |rrtj rrt j d|| | | } |rtj rt j d| | |krTtd| ddt| |ddt|fqT| d |rtj rt j d || | | | | | | j| jd | Wdn1sR0Y|j|d <|j|d <|j|d<Wdn1s0Y|S)zW Launch a server, connect a client to it and try various reads and writes. Frrr)rvsession client: sending %r...  client: read %r 4bad data <<%r>> (%d) received; expected <<%r>> (%d) Nover  client: closing connection. ) compressionrpeercertclient_alpn_protocolclient_npn_protocolr0session_reusedrserver_alpn_protocolsserver_npn_protocolsserver_shared_ciphers)rrrrJrKrrr}rrlrjrmrnrArAssertionErrorrRrrrrrrr0r rrrrr) rrindatarrsni_namerrLrrargoutdatarrrserver_params_test sb      (  *r)c Cs|durtj}tjdtjdtjdi|}tjr\|r6dp8d}tj|t |t ||ft |}|j |O_ t |} | j |O_ t |d} | durt| dr|tjkr| j| kr| | _|jtjkr|dt| ||| fD]} || _| t| tqzt|| d d d } WnXtjy>|r:Yntyx} z"|sb| jtjkrdWYd} ~ nZd} ~ 00|std t |t |fn,|d ur|| d krtd|| d fdS)a< Try to SSL-connect using *client_protocol* to *server_protocol*. If *expect_success* is true, assert that the connection succeeds, if it's false, assert that the connection fails. Also, if *expect_success* is a string, assert that it is the protocol version actually used by the connection. Nrrrz %s->%s %s z {%s->%s} %s rErFrrz5Client protocol %s succeeded with server protocol %s!Tr0z%version mismatch: expected %r, got %r)rrrrrrlrjrmrnZget_protocol_namerZrPROTOCOL_TO_TLS_VERSIONrrFrNrErSrGrJrrrrrr)rr1rN ECONNRESETr$)Zserver_protocolZclient_protocolexpect_successZ certsreqsserver_optionsclient_optionsZcerttypeZ formatstrrrZ min_versionrIrLrdrrrtry_protocol_combo sx               r0c@seZdZddZddZeedddZdd Z ee j d d d Z d dZ ddZddZddZedddZddZddZedddZdd Zed!d"d#Zed$d%d&Zed'd(d)Zed*d+d,Zd-d.Zd/d0Zd1d2Zd3d4Zd5d6Zd7d8Z d9d:Z!d;d<Z"d=d>Z#d?d@Z$dAdBZ%dCdDZ&eddEdFZ'e(ed*dGdHZ)e(ed'dIdJZ*e(ed*ed$dKdLZ+e(ed!dMdNZ,ee j-dOdPdQZ.edRe j/vdSdTdUZ0dVdWZ1ee2e dXdYdZd[Z3e4e5d\d]d^Z6ee7d_e4e8d`dadbZ9dcddZ:ee j;dedfdgZee j?dmdndoZ@dpdqZAdrdsZBeCdtduZDeCdvdwZEeCdxdyZFeCdzd{ZGd|d}ZHd~dZIddZJddZKddZLdS) ThreadedTestsc Cs~tjrtjdtD]~}|tjtjhvr,qt |s6q|j tj |d<t |}| tt|t||dddWdq1s0Yqt\}}}|j tjtjd"t||dd|dWdn1s0Yd|_|j tjtjdb|tj"}t||dd|dWdn1s60Y|d t|jWdn1sh0Y|j tjtjd`|tj }t||ddd Wdn1s0Y|d t|jWdn1s0Y|j tjtjd`|tj }t||ddd Wdn1s>0Y|d t|jWdn1sp0YdS) z2Basic test of an SSL client connecting to a serverr)rSTr*N)rr)rrrrr&Fz%called a function you should not call)rrrr)rrlrjrmrnrrrPrOrTZsubTest_PROTOCOL_NAMESrZrrrJr)rrrrrrLrM)rrSrrrrrdrrr test_echoI sd   & $&$&$&zThreadedTests.test_echoc Cstjrtjdt\}}}t|dd}|X|jtd|d }| t |j f| t |Wdn1s0Y||}||d|}tjrtjt|dtjdt|dd|vr|d t|d |dvr|d |d ||d |t|d }t|d } ||| Wdn1sp0YWdn1s0YdS)NrFrr)rzrvCan't get peer certificate.zConnection cipher is z. r.z$No subject field in certificate: %s.r$zkMissing or invalid 'organizationName' field in certificate subject; should be 'Python Software Foundation'.r,r+)rrlrjrmrnrrrrrJrKrrrrrlrrrrrLrrrrr) rrrrrrr[rbeforeZafterrrrtest_getpeercert{ sF     &    zThreadedTests.test_getpeercertrc Cstjrtjdt\}}}ttdd}||j tj |Bt |dd}|f|j t |d4}|t|jf|}||dWdn1s0YWdn1s0Y|j tjO_ t |dd}||j t |dP}|tjd |t|jfWdn1s00YWdn1sP0YWdn1sp0Y|tt |dd}|h|j t |d4}|t|jf|}||dWdn1s0YWdn1s0YdS) NrrrTr4rur5r)rrlrjrmrnrrMrrrrrrrrJrKrrrrrrrCRLFILE)rrrrrrrr[rrrtest_crl_check sF     H  p   zThreadedTests.test_crl_checkc Cstjrtjdt\}}}t|dd}|f|jt|d4}| t |j f| }| |dWdn1s|0YWdn1s0Yt|dd}||jtddN}|tjd | t |j fWdn1s0YWdn1s0YWdn1s>0Yt|dd}|rtH}|td||Wdn1s0YWdn1s0YWdn1s0YdS) NrTr4rur5rsz:Hostname mismatch, certificate is not valid for 'invalid'.z'check_hostname requires server_hostname)rrlrjrmrnrrrrrJrKrrrrrr]r)rrrrrrr[rrrrS s<    H  n  z!ThreadedTests.test_check_hostnamez)test requires hostname_checks_common_namec Cs>t\}}}d|_t|dd}|R|jt|d }|t|jfWdn1s\0YWdn1sz0Ytt\}}}d|_t|dd}||jt|dL}| t j  |t|jfWdn1s0YWdn1s0YWdn1s00YdS)NFTr4ru) rrrrrrJrKrrrrSSLCertVerificationErrorrrrrrrrrrr s&   L  z.ThreadedTests.test_hostname_checks_common_namec Csttj}|t|dt}ttj}|t t |dd}||j t |dZ}| t|jf|}||d|dd}||ddd Wdn1s0YWdn1s0YdS NzECDHE:ECDSA:!NULL:!aRSATr4rur5r-r)ZECDHEZECDSA)rrZrPrrrGSIGNED_CERTFILE_ECC_HOSTNAMErOrSIGNED_CERTFILE_ECCrrrrJrKrrrrsplitrrrrrrr[rrrr test_ecc_cert s"        zThreadedTests.test_ecc_certc Csttj}|t|jtjO_|dt}ttj }| t | t t |dd}||jt|dZ}|t|jf|}||d|dd}||ddd Wdn1s0YWdn1s0YdSr<)rrZrPrrrrrGr>rOrr?rrrrrJrKrrrrr@rArrrtest_dual_rsa_ecc s&         zThreadedTests.test_dual_rsa_eccc Cstjrtjdttj}|t ttj }tj |_ d|_ |tgd}|D]\}}t|dd}||jt|dP}||j||t|jf|}||j|||dWdn1s0YWdqX1s0YqXt|dd}||jtddN}|tj |t|jfWdn1s^0YWdn1s~0YWdn1s0YdS)NrT))ukönig.idn.pythontest.netxn--knig-5qa.idn.pythontest.net)rDrD)sxn--knig-5qa.idn.pythontest.netrD)u(königsgäßchen.idna2003.pythontest.net.xn--knigsgsschen-lcb0w.idna2003.pythontest.net)rErE)s.xn--knigsgsschen-lcb0w.idna2003.pythontest.netrE).xn--knigsgchen-b4a3dun.idna2008.pythontest.netrF)s.xn--knigsgchen-b4a3dun.idna2008.pythontest.netrFr4rur5zpython.example.org)rrlrjrmrnrrZrOr IDNSANSFILErPrrrrrrrrrrvrJrKrrrrr]) rrrZ idn_hostnamesrvZexpected_hostnamerrr[rrrtest_check_hostname_idn1 s:        J  z%ThreadedTests.test_check_hostname_idnc Cs6t\}}}|ttj|_tjj|_t |ddd}||j t |d}z| t |jfWntjy}z"tjrtjd|WYd}~nZd}~0ty}z0|jtjkrtjrtjd|WYd}~nd}~00|dWdn1s0YWdn1s(0YdS)zConnecting when the server rejects the client's certificate Launch a server with CERT_REQUIRED, and check that trying to connect to it with a wrong client certificate fails. Trru SSLError is %r N socket.error is %r 'Use of invalid cert should have failed!)rrrrrrrrYrVrrrrJrKrrrrlrjrmrnr1rNr,rrrrrrrrdrrrtest_wrong_cert_tls12i s0    $ &z#ThreadedTests.test_wrong_cert_tls12rc CsVt\}}}|ttj|_tjj|_tjj|_t |ddd}||j t |d}| t |jfz|d|dWntjy}z"tjrtjd|WYd}~n\d}~0ty}z0|jtjkr܂tjrtjd|WYd}~nd}~00|dWdn1s(0YWdn1sH0YdS) NTrrudatarrIrJrK)rrrrrrrrrErrrrJrKrrnrArrrlrjrmr1rNr,rrLrrrtest_wrong_cert_tls13 s6      $ &z#ThreadedTests.test_wrong_cert_tls13cs|tttttfdd}fdd}tj|d}|z|W|n |0dS)ztA brutal shutdown of an SSL server should raise an OSError in the client when attempting handshake. cs8\}}|dSr)rrr1r)Znewsockr) listener_gonelistener_readyrrrlistener s  z2ThreadedTests.test_rude_shutdown..listenerc sttP}|tfz t|}WntyFYn 0dWdn1sf0YdS)Nz2connecting to closed SSL socket should have failed)rrrJrKrr1r)r~ssl_sock)rPrQrrrr connector s   z3ThreadedTests.test_rude_shutdown..connectortargetN) rrrrrrKrrr)rrRrTr!r)rPrQrrrrtest_rude_shutdown s  z ThreadedTests.test_rude_shutdownc Cs&tjrtjdttj}|t ttj }t |dd}||j t td}z|t|jfWnttjy}zZd}||tj||jd||j|||t||dt|WYd}~n d}~00Wdn1s0YWdn1s0YdS)NrTr4ruz&unable to get local issuer certificaterr)rrlrjrmrnrrZrOrrrPrrrrrJrKrrrr:rZ verify_codeZverify_messagerr)rrrrrrdrrrrtest_ssl_cert_verify_error s(      z(ThreadedTests.test_ssl_cert_verify_errorrUcCstjrtjdttjtjdttjtjdtjttjtjdtj ttjtj dt drrttjtj dttjtj dtrttjtj dtjdttjtj dtjdttjtj dtjddS)z9Connecting to an SSLv2 server with various client optionsrTFrr/N)rrlrjrmrnr0rPROTOCOL_SSLv2rrrNrQPROTOCOL_SSLv3rrzrrrrrrrtest_protocol_sslv2 s&    z!ThreadedTests.test_protocol_sslv2c Cstjrtjdtdrnzttjtj dWn>t yl}z&tjrXtjdt |WYd}~n d}~00tdrttjtj dttjtjdtdrttjtj dtdrttjtj dtjttjtjdtjtdrttjtj dtjtdrttjtj dtjttjtjdtjtdrJttjtj dtjtdrjttjtj dtjd ttjtjdtjtjBd tdrttjtj dtjd dS) z:Connecting to an SSLv23 server with various client optionsrrUTz; SSL2 client to SSL23 server test unexpectedly failed: %s NrFr)r.)rrlrjrmrnrQr0rrNrZr1rLr[rrrrrr)rrrrrtest_PROTOCOL_TLS sL         zThreadedTests.test_PROTOCOL_TLSrcCstjrtjdttjtjdttjtjdtjttjtjdtj t drbttjtj dttjtj dtj dttjtjdtrttjtj dtjddS)z9Connecting to an SSLv3 server with various client optionsrrrUFrYN)rrlrjrmrnr0rr[rrrQrZrNrrrzrrrrrtest_protocol_sslv3- s   z!ThreadedTests.test_protocol_sslv3rcCstjrtjdttjtjdttjtjdtjttjtjdtj t drbttjtj dt drzttjtj dttjtj dtjddS)z8Connecting to a TLSv1 server with various client optionsrrrUFrrYN)rrlrjrmrnr0rrrrrQrZr[rNrrrrrtest_protocol_tlsv1? s  z!ThreadedTests.test_protocol_tlsv1rcCstjrtjdttjtjdtdr:ttjtj dtdrRttjtj dttjtj dtj dttj tjdttjtj dttj tjddS)zjConnecting to a TLSv1.1 server with various client options. Testing against older TLS versions.rTLSv1.1rUFrrYN)rrlrjrmrnr0rrrQrZr[rNrPROTOCOL_TLSv1_2rrrrtest_protocol_tlsv1_1N s  z#ThreadedTests.test_protocol_tlsv1_1rYcCstjrtjdttjtjdtjtj Btjtj Bdt drPttjtj dt drhttjtj dttjtj dtjdttj tjdttjrttjtjdttjtjdttjrttjtjdttjtjddS) zjConnecting to a TLSv1.2 server with various client options. Testing against older TLS versions.rTLSv1.2)r.r/rUFrrYN)rrlrjrmrnr0rrarrrQrZr[rNrrTrrrrrrtest_protocol_tlsv1_2` s(       z#ThreadedTests.test_protocol_tlsv1_2c Csd}ttdddd}d}|lt}|d|t|jftjrTt j d|D]}tjrrt j d||r| || }n| ||d}|}|dkr|d rtjrt j d |t|}d}qX|d kr|d rtjrt j d ||}d}qXtjrXt j d |qXtjrHt j d|rZ| dn | d|rt|n|Wdn1s0YdS)z6Switching from clear text to encrypted and back again.)smsg 1sMSG 2rsMSG 3smsg 4rsmsg 5smsg 6T)rrrFrrrrsokz/ client: read %r from server, starting TLS... rz- client: read %r from server, ending TLS... z client: read %r from server rrN)rrrrjrJrKrrrlrjrmrnrAr6r2rrrrrr) rZmsgsrwrappedrr%r r(rrrr test_starttlsx sl           zThreadedTests.test_starttlscCst|td}tjrtjdttd}| }Wdn1sF0Yd}d|j t j tdf}tjtd}tjj||d }zV|d }|rt|d kr| t|}tjrtjd t||fW|n |0|||dS) z8Using socketserver to create and manage SSL connections.rHrrbNr&zhttps://localhost:%d/%sr rrzcontent-lengthrz/ client: read %d bytes from remote server '%s' )rrrrlrjrmrnr@rrArrrr@rrOrurllibrequesturlopeninforrrRrr)rrrCrrurlrZdlenrrrtest_socketserver s.   &  zThreadedTests.test_socketserverc Cstjrtjdd}tt}|tt}| d|j ftjrVtjd|||| }tjr~tjd||| kr| d|ddt||dd t|f|d tjrtjd |tjrtjd Wdn1s0YdS) z'Check the example asyncore integration.rrrrrrNrrrz client: connection closed. )rrlrjrmrnrrrrrJrrArrrRr)rr%rrr(rrrtest_asyncore_server s:      z"ThreadedTests.test_asyncore_serverc stjrtjdtttjtj tddd}|t t dtttjtj d t|jffdd}fdd }d jdgtfd jdd gtfd jdgddfg}djdgfdjdd gfd|dgfd|dgfg}d}|D]\}}} } } ||d} zz|| g| R} d|}|j| | | |d}|| krx|dj||ddt|| ddt| dWqty}zH| r|dj|dt||s|dj||dWYd}~qd}~00q|D]\}}} } ||d} zV| || }|| krR|d j||ddt|| ddt| dWnjty}zP| r~|d!j|dt||s|dj||dWYd}~n d}~00qd"}|tt|}|d#|t||||t dur>t j!t|}|"|}||||#t$j%|#t$j&d"g|#t$j'd$|#t$j(td$gd%|#tjd#|#tjd#)Wdn1s0YdS)&z Test recv(), send() and friends.rTFrrrrrrFrrrrcstd}|}|d|SNsd)rr3)brrrr _recv_into s z0ThreadedTests.test_recv_send.._recv_intocs"td}|\}}|d|Srs)rr5)rtrrrurr_recvfrom_intosz4ThreadedTests.test_recv_send.._recvfrom_intor6r7z some.addressrcSsdSrr)rrrr rz.ThreadedTests.test_recv_send..r2r4r3r5ZPREFIX_r`zsending with {}rzpWhile sending with <<{name:s}>> bad data <<{outdata:r}>> ({nout:d}) received; expected <<{indata:r}>> ({nin:d}) Nr)rr(Znoutr%Zninz>Failed to send with method <<{name:s}>>; expected to succeed. rzFMethod <<{name:s}>> failed with unexpected exception message: {exp:s} )rexpzrWhile receiving with <<{name:s}>> bad data <<{outdata:r}>> ({nout:d}) received; expected <<{indata:r}>> ({nin:d}) zAFailed to receive with method <<{name:s}>>; expected to succeed. rNrr0r)*rrlrjrmrnrrrrrOrrrPrJrKrr6rRr7rr2r4rprrrArrrrLrrctypesZc_ubyteZfrom_buffer_copyrr8r9r:r;r<r)rrrvrwZ send_methodsZ recv_methodsZ data_prefixZ meth_nameZ send_methr-r^Z ret_val_methr%rrr(rdZ recv_methrbufferZubyteZ byteslikerrurtest_recv_send s            "        zThreadedTests.test_recv_sendcCstt}|||jddtt|jf}||j t |dd}||j | d| | dd| |dd| |d|d| | dd| |tddS)NF)Zsuppress_ragged_eofsrNrr)rrrrrrrirKrrrr6rr2rArjr3r)rrrrrrtest_recv_zeroqs     zThreadedTests.test_recv_zeroc stttjtjtddd}|ttdtttjtjdt |j f dt dfdd}| tjtjf| dWdn1s0YdS)NTFrqrri csqdSr)r6rrrrr fill_buffersz8ThreadedTests.test_nonblocking_send..fill_buffer)rrrrrOrrrPrJrKrrjrrrrkr)rrrrrrtest_nonblocking_sends4  z#ThreadedTests.test_nonblocking_sendcs"ttjd}t}tdfdd}tj|d}|zzBttj}| d| ||f| tj dt |W|n |0zBttj}t |}| d| tj d|j ||fW|n |0Wd|nd|0dS) NrFcsbg}sLtgggd\}}}|vr|dq|D] }|qPdS)Ng?r)rrrrr1r)Zconnsr wrdrZfinishrstartedrrservesz3ThreadedTests.test_handshake_timeout..serverUg?z timed outT)rr'rrrrrrrr@rJrrBrrr)rrnrrr!r~rrrtest_handshake_timeouts@           z$ThreadedTests.test_handshake_timeoutcsttj}tj|_|t|tt t j d}t }|j dd|jtddfdd}tj|d}|| t }|||f|d||}|||tj||dS)NrTrEcs0\ddS)Nr)rrr1r6r2rZevtZpeerZremoterrrrs z/ThreadedTests.test_server_accept..serverUrN)rrZrNrrrrrrrr'rrrrrFrrrrrrJr6r2r|rrrrr)rrrnrrr!rZ client_addrrrrtest_server_accepts6        z ThreadedTests.test_server_acceptc Csttj}|tT}|t}|Wdn1sD0Y||j j t j Wdn1st0YdSr) rrZrNrrrr1rrrMrNENOTCONNrrrrPrrrtest_getpeercert_enotconns   &z'ThreadedTests.test_getpeercert_enotconnc Csttj}|tT}|t}|Wdn1sD0Y||j j t j Wdn1st0YdSr) rrZrNrrrr1rlrrMrNrrrrrtest_do_handshake_enotconns   &z(ThreadedTests.test_do_handshake_enotconnc Cst\}}}|jtjO_|d|dt|d|}|jt|dJ}|t  | t |j fWdn1s0YWdn1s0YWdn1s0Y| d|jddS)NZAES128AES256riruzno shared cipherr)rrrrrGrrrrr1rJrKrrrr;rrrtest_no_shared_ciphers s      jz$ThreadedTests.test_no_shared_ciphersc Csttj}d|_tj|_tttjdd}| t }| | d| |j d|t|jftrtdr|| dn,tjdkr|| dn|| dWdn1s0Y| |j d| | dWdn1s0YdS) zt Basic tests for SSLSocket.version(). More tests are done in the test_protocol_*() methods. F)rrNrTLSv1.3)r rrrc)rrc)rrZrPrrrrrrOrrrr0rrJrKrrbrQrryrrrrrrrrtest_version_basics&   .z ThreadedTests.test_version_basicc Csttj}|t|jtjtjBtjBO_t |dv}| t H}| t |jf||dhd||dWdn1s0YWdn1s0YdS)Nrir>ZTLS_AES_256_GCM_SHA384ZTLS_CHACHA20_POLY1305_SHA256ZTLS_AES_128_GCM_SHA256r)rrZrNrrrrrrrrrrJrKrrrrr0rrrr test_tls1_31s   zThreadedTests.test_tls1_3c Cst\}}}tjj|_tjj|_tjj|_tjj|_t|db}|jt |d0}| t |j f| |dWdn1s0YWdn1s0YdS)Nrirurc)rrrrrErYrVrrrrJrKrrr0r;rrrtest_min_max_version_tlsv1_2Bs       z*ThreadedTests.test_min_max_version_tlsv1_2c Cst\}}}tjj|_tjj|_tjj|_tjj|_t||t |db}|j t |d0}| t |jf||dWdn1s0YWdn1s0YdS)Nrirur`)rrrrrErYrVrrJrrrrJrKrrr0r;rrrtest_min_max_version_tlsv1_1Ss        z*ThreadedTests.test_min_max_version_tlsv1_1c Cst\}}}tjj|_tjj|_tjj|_tjj|_t||t|d}|j t |d^}| tj  }| t|jfWdn1s0Y|dt|jWdn1s0YWdn1s0YdS)NriruZalert)rrrrYrVrErrJrrrrrrJrKrrrLrMrLrrrtest_min_max_version_mismatchds        .z+ThreadedTests.test_min_max_version_mismatchc Cst\}}}tjj|_tjj|_tjj|_t||t|db}|jt |d0}| t |j f| |dWdn1s0YWdn1s0YdS)Nrirur)rrrrrErVrJrrrrJrKrrr0r;rrrtest_min_max_version_sslv3ws       z(ThreadedTests.test_min_max_version_sslv3z"test requires ECDH-enabled OpenSSLc Csttj}|t|jtjO_tjdkr:|dt |db}| t 4}| t |jf|d|dWdn1s0YWdn1s0YdS)N)r rrz ECCdraft:ECDHriZECDHr)rrZrNrrrrryrGrrrrJrKrrrrrrrtest_default_ecdh_curves     z%ThreadedTests.test_default_ecdh_curverrc Cstjrtjdt\}}}t|ddd}||jt|d}| t |j f| d}tjrztjd ||||dkr|t|d n|t|d |d |}||t|d Wd n1s0Y|jt|d}| t |j f| d}tjrDtjd |||||||dkrz|t|d n|t|d |d |}||t|d Wd n1s0YWd n1s0Yd S)z Test tls-unique channel binding.rTFrrurz! got channel binding data: {0!r} r0 sCB tls-unique rNz(got another channel binding data: {0!r} )rrlrjrmrnrrrrrJrKrr}rrr0rrRrArrrpr) rrrrrrZcb_dataZpeer_data_reprZ new_cb_datarrrrsf        "      z-ThreadedTests.test_tls_unique_channel_bindingcCsRt\}}}t||dd|d}tjr:tjd|d||dhddS)NTrrr&z got compression: {!r} r>NZZLIBZRLE) rr)rrlrjrmrnrrrrrrrLrrrtest_compressions zThreadedTests.test_compressionr9z*ssl.OP_NO_COMPRESSION needed for this testcCsRt\}}}|jtjO_|jtjO_t||dd|d}||dddS)NTrr)rrrr9r)rrrrrtest_compression_disableds z'ThreadedTests.test_compression_disabledr+cCst\}}}|jtjO_|t|d|jtjO_t||dd|d}|dd}|d}d|vrd|vrd |vr| d |ddS) NZkEDHTrrrr=ZADHZEDHZDHEzNon-DH cipher: ) rrrrr-r.rGr)r@r)rrrrrLrpartsrrrtest_dh_paramss     zThreadedTests.test_dh_paramszneeds secp384r1 curve supportz TODO: Test doesn't work on 1.1.1cCst\}}}|d|d|jtjtjBO_t||dd|d}t\}}}|d|d|jtjtjBO_t||dd|d}t\}}}|d|d|d|jtjtjBO_zt||dd|d}WntjyYn0t r | ddS)Nr|zECDHE:!eNULL:!aNULLTrr7zmismatch curve did not fail) rr~rGrrrrr)rIS_OPENSSL_1_1_0rrrrrtest_ecdh_curves<           zThreadedTests.test_ecdh_curvecCs2t\}}}t||dd|d}||dddS)NTrrrr)rrrrrtest_selected_alpn_protocol"s  z)ThreadedTests.test_selected_alpn_protocolzALPN support requiredcCs@t\}}}|ddgt||dd|d}||dddS)NrbarTrr)rrr)rrrrr/test_selected_alpn_protocol_if_server_uses_alpn*s z=ThreadedTests.test_selected_alpn_protocol_if_server_uses_alpnz!ALPN support needed for this testc Cs8gd}ddgdfddgdfdgdfddgdfg}|D]\}}t\}}}||||zt||dd|d}Wn*tjy} z| }WYd} ~ n d} ~ 00|durtrtjd kr||tjq6d t|t|t|f} |d } | | || | d ft |d r|d dnd} | | || | dfq6dS)N)rr milkshakerrrzhttp/3.0zhttp/4.0Tr)r r rrKfailed trying %s (s) and %s (c). was expecting %s, but got %%s from the %%srrr!rnothingr) rrr)rrrryrrLrrR) rserver_protocolsprotocol_testsclient_protocolsrrrrrLrdr client_result server_resultrrrtest_alpn_protocols4sN             z!ThreadedTests.test_alpn_protocolscCs2t\}}}t||dd|d}||dddS)NTrrrrrrrtest_selected_npn_protocol\s  z(ThreadedTests.test_selected_npn_protocolz NPN support needed for this testc Csddg}ddgdfddgdfddgdfddgdfg}|D]\}}t\}}}||||t||dd|d}dt|t|t|f} |d } || || | d ft|d r|d d nd } || || | dfq8dS)Nzhttp/1.1zspdy/2rabcdefTrrrrr"rrr)rrr)rLrrR) rrrrrrrrrLrrrrrrtest_npn_protocolsds4          z ThreadedTests.test_npn_protocolscCsLttj}|tttj}|tttj}|t|||fSr) rrZrOrrrrPrr)rr other_contextrrrr sni_contexts~s      zThreadedTests.sni_contextscCs"|d}|d|ff|ddS)Nrr&r.)r)rrLrr[rrrcheck_common_nameszThreadedTests.check_common_namecsg|\}}d|_fdd}||t||ddd}|d|fg||dgt||ddd}|d|fg||tg|dt||ddd}||t|gdS) NFcs ||f|dur|_dSr)rrrSZ server_nameZinitial_contextZcallsrrr servername_cbsz6ThreadedTests.test_sni_callback..servername_cbT supermessagerr&r5Znotfunny)rrr=r)rrr)rrrrrLrrrr>s4     zThreadedTests.test_sni_callbackcCsp|\}}}dd}|||tj }t||ddd}Wdn1sR0Y||jjddS)NcSstjSr)rZALERT_DESCRIPTION_ACCESS_DENIEDrrrrcb_returning_alertszAThreadedTests.test_sni_callback_alert..cb_returning_alertFrrZTLSV1_ALERT_ACCESS_DENIED) rr=rrrr)rrMrg)rrrrrrPrLrrrtest_sni_callback_alerts $z%ThreadedTests.test_sni_callback_alertc Cs|\}}}dd}||tl}|tj }t||ddd}Wdn1s\0Y||j j d||j j t Wdn1s0YdS)NcSs dddS)Nr rrrrrr cb_raisingsz;ThreadedTests.test_sni_callback_raising..cb_raisingFrrZSSLV3_ALERT_HANDSHAKE_FAILURE)rr=rcatch_unraisable_exceptionrrrr)rrMrg unraisableexc_typeZeroDivisionError)rrrrrcatchrPrLrrrtest_sni_callback_raisings  $ z'ThreadedTests.test_sni_callback_raisingc Cs|\}}}dd}||tl}|tj }t||ddd}Wdn1s\0Y||j j d||j j t Wdn1s0YdS)NcSsdS)Nrrrrrrcb_wrong_return_typeszOThreadedTests.test_sni_callback_wrong_return_type..cb_wrong_return_typeFrrZTLSV1_ALERT_INTERNAL_ERROR)rr=rrrrrr)rrMrgrrr)rrrrrrrPrLrrr#test_sni_callback_wrong_return_types  $z1ThreadedTests.test_sni_callback_wrong_return_typec st\}}}|d|dgd}t|||d}|dd}|t|d|D]*\}}tfdd|DsV|qVdS) Nz AES128:AES256r)rzAES-256Z TLS_CHACHA20ZTLS_AESr&r#rc3s|]}|vVqdSrr)rZalgrrrrrz4ThreadedTests.test_shared_ciphers..)rrGr) assertGreaterrRanyr) rrrrZ expected_algsrLrZ tls_versionbitsrrrtest_shared_cipherss    z!ThreadedTests.test_shared_cipherscCst\}}}t|dd}|Z|jt|d}|t|jf||t |j d|t |j dWdn1s|0YdS)NFr4rurshello) rrrrrJrKrrrrrArnr;rrr,test_read_write_after_close_raises_valuerrors   z:ThreadedTests.test_read_write_after_close_raises_valuerrorc Cs0d}ttjd}||Wdn1s00Y|tjtjttj}tj |_ | t | tt|dd}||th}|t|jfttjd,}||||d|Wdn1s0YWdn1s0YWdn1s"0YdS)NsxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxwbFr4rgr)r@rTESTFNrnrunlinkrrZrNrrrrrrrrrrJrKrsendfilerr2)rZ TEST_DATArCrrrfilerrr test_sendfiles(     zThreadedTests.test_sendfilec Cs@t\}}}|jtjO_t|||d}|d}||j||jd||j d||j tj dkr~||j d| |d|}||dd||ddt||||d }|}||dd ||dd||d|d}||j|j||||||||j|j||j |j t|||d}| |d|d}||j|j||||}||dd ||ddt||||d }||d|d} || j|j|| ||| j|j|| j |j |}||dd ||dd dS) Nrrrrr r1r r2)rr&rr r)rrrrr)ridrrrBZ has_ticketryZticket_lifetime_hintrr4rZ assertIsNotrr) rrrrrLrZ sess_statZsession2Zsession3Zsession4rrr test_sessionsf        zThreadedTests.test_sessionc Cst\}}}t\}}}|jtjO_|jtjO_t|dd}|H|jt|d}||jd||j d| t |j f|j}| ||t} t|_Wdn1s0Y|t| jdWdn1s0Y|jt|dd}| t |j f|t} ||_Wdn1sH0Y|t| jdWdn1sz0Y|jt|dT}||_| t |j f||jj|j||j|||j dWdn1s0Y|jt|dd}|t&} ||_| t |j fWdn1sH0Y|t| jdWdn1sz0YWdn1s0YdS)NFr4ruzValue is not a SSLSession.z#Cannot set session after handshake.Tz)Session refers to a different SSLContext.)rrrrrrrrrr rJrKrrrrr)rLrMrr) rrrrZclient_context2rrrrrdrrrtest_session_handlingSs^      $0  & $ .  0 z#ThreadedTests.test_session_handlingN)Mrrrr3r7r]rr{r9rSrrrrBrCrHrMrfrOrWrXr\r]r^r_rbrdrfrorpr}r~rrrrrrrrr^rrrrr}rrrrrFrr]r`rHAVE_SECP_CURVESrbrrZHAS_ALPNrrrZHAS_NPNrrrrar>rrrrrrrrrrrrr1G s2$ (! 8% ) *    9 1)       :      %   '    (    :r1rzTest needs TLS 1.3c@sTeZdZddZddZddZddZd d Zd d Zd dZ ddZ ddZ dS)TestPostHandshakeAuthcCstjtjtjg}|D]}t|}||jdd|_||jdtj|_||jtj||jdd|_||jtj||jdtj |_d|_||jtj ||jdqdSr) rrNrOrPrZrpost_handshake_authrrr)rZ protocolsrSrIrrrtest_pha_setters"  z%TestPostHandshakeAuth.test_pha_setterc Cs:t\}}}d|_tj|_d|_|tt|dd}||jt |d}| t |j f| d||dd| d||dd | d||dd | d||dd | d |d d }|d|Wdn1s 0YWdn1s,0YdS)NTFr4rurrrrrrrirr1)rrrrrrrrrrrJrKrrnrr2rqr)rrrrrrZ cert_textrrrtest_pha_requireds.         z'TestPostHandshakeAuth.test_pha_requiredc Cst\}}}d|_tj|_d|_t}t|dd}||jt |d~}| t |j f| d||dd| d|tjd |dWdn1s0YWdn1s0YWdn1s0YWdn1s0YdS) NTFr4rurrrrr)rrrrrrZcatch_threading_exceptionrrrrJrKrrnrr2rr)rrrrrPrrrrrtest_pha_required_nocerts(      z.TestPostHandshakeAuth.test_pha_required_nocertc Cstjrtjdt\}}}d|_tj|_ d|_| t tj |_ t |dd}||jt|dt}|t|jf|d||dd|d ||dd |d||dd Wdn1s0YWdn1s0YdS) NrTFr4rurrrrrr)rrlrjrmrnrrrrrrrrrrrrJrKrrr2r;rrrtest_pha_optionals*        z'TestPostHandshakeAuth.test_pha_optionalc Cstjrtjdt\}}}d|_tj|_ d|_t |dd}||j t |dt}| t|jf|d||dd|d ||dd |d||ddWdn1s0YWdn1s0YdS) NrTFr4rurrrrr)rrlrjrmrnrrrrrrrrrJrKrrr2r;rrrtest_pha_optional_nocerts&       z.TestPostHandshakeAuth.test_pha_optional_nocertc Cst\}}}d|_tj|_|tt|dd}||jt |dr}| t |j f| tjd|Wdn1s0Y|d|d|dWdn1s0YWdn1s0YdS) NTFr4ruz not serverrsextension not receivedr)rrrrrrrrrrrJrKrrrrrnrr2r;rrrtest_pha_no_pha_clients    & z,TestPostHandshakeAuth.test_pha_no_pha_clientc Cst\}}}tj|_d|_|tt|dd}||jt |dt}| t |j f| d||dd| d||dd | d||ddWdn1s0YWdn1s0YdS) NTFr4rurrrrr)rrrrrrrrrrrJrKrrnrr2r;rrrtest_pha_no_pha_servers"       z,TestPostHandshakeAuth.test_pha_no_pha_serverc Cst\}}}tj|_tjj|_d|_|t t |dd}|n|j t |d<}| t|jf|d|d|dWdn1s0YWdn1s0YdS)NTFr4rursWRONG_SSL_VERSIONr)rrrrrrYrVrrrrrrrJrKrrnrr2r;rrrtest_pha_not_tls13$s      z(TestPostHandshakeAuth.test_pha_not_tls13c Cs:t}ttj}d|_|td|_tj|_ ttj }|t| t d|_tj |_ t|dd}||jt|d}|t|jf|d||dd|d||dd |d||dd ||iWdn1s 0YWdn1s,0YdS) NTFr4rurrrrrr)rrrZrPrrrrrrrOrrrrrrrJrKrrnrr2r)rrrrrrrrrtest_bpo37428_pha_cert_none5s2          z1TestPostHandshakeAuth.test_bpo37428_pha_cert_noneN) rrrrrrrrrrrrrrrrrsrkeylog_filenamez0test requires OpenSSL 1.1.1 with keylog callbackc@seZdZejfddZeee dddZ eee dddZ eee j jdee dd d Zd d Zd dZddZdS) TestSSLDebugcCs8t|}tt|WdS1s*0YdSr)r@rRr)rZfnamerCrrr keylog_lines[s zTestSSLDebug.keylog_linesr+cCs|tjtjttj}||jd| t j tjtj|_||jtj| t j tj||dd|_||jd|ttf(t j t j tj|_Wdn1s0Y|td|_Wdn1s0YdS)Nr )rrrrrrZrPrrrrrisfilerrrIsADirectoryErrorPermissionErrorrabspathrrrrrtest_keylog_defaults_s   $ z!TestSSLDebug.test_keylog_defaultsc Cs|tjtjt\}}}tj|_t|dd}|R|jt|d }| t |j fWdn1sn0YWdn1s0Y| | dd|_tj|_t|dd}|R|jt|d }| t |j fWdn1s0YWdn1s0Y|| dtj|_tj|_t|dd}|T|jt|d }| t |j fWdn1s0YWdn1s0Y|| dd|_d|_dS)NFr4rur )rrrrrrrrrrJrKrrrrr;rrrtest_keylog_filenamewsB   L  N  Pz!TestSSLDebug.test_keylog_filenamez.test is not compatible with ignore_environmentcCs|tjtjtjjtj ztjtj d<| tj dtjt t j }| |jdt }| |jtjt }| |jtjWdn1s0YdS)NZ SSLKEYLOGFILE)rrrrr]Zmockr$dictrenvironrrrZrPrrOrQrrrrtest_keylog_envs  zTestSSLDebug.test_keylog_envcCslt\}}}dd}||jd||_||j||tt|_Wdn1s^0YdS)NcSsdSrrr  directionr0Z content_typeZmsg_typerrrrmsg_cbsz.TestSSLDebug.test_msg_callback..msg_cb)rr _msg_callbackrrr))rrrrrrrrtest_msg_callbacks  zTestSSLDebug.test_msg_callbackc st\}}}|jtjO_gfdd}||_t|dd}|R|jt|d }|t |j fWdn1s~0YWdn1s0Y dt j tjtjf dt j tjtjfdS)Ncs@|tj|t|ddh||||fdS)NrArn)rrrrrrrrrrrrs z4TestSSLDebug.test_msg_callback_tls12..msg_cbFr4rurArn)rrrrrrrrrJrKrrrrYrZ HANDSHAKErZSERVER_KEY_EXCHANGEZCHANGE_CIPHER_SPEC)rrrrrrrrrrtest_msg_callback_tls12s0   L  z$TestSSLDebug.test_msg_callback_tls12c st\}}}tddd}fdd}||_||_t|dd}||jt|d }|t|jfWdn1s0Y|jt|d }|t|jfWdn1s0YWdn1s0YdS) Nr cSsdSrrrrrrrsz@TestSSLDebug.test_msg_callback_deadlock_bpo43577..msg_cbcs |_dSrrir:Zserver_context2rrsni_cbsz@TestSSLDebug.test_msg_callback_deadlock_bpo43577..sni_cbFr4ru) rrZ sni_callbackrrrrJrKr)rrrrrrrrrrr#test_msg_callback_deadlock_bpo43577s$     . z0TestSSLDebug.test_msg_callback_deadlock_bpo43577N)rrrrrrrequires_keylogr]r]r`rrrjflagsignore_environmentrrrrrrrrrYs     "   rc Cs |tjtjtddddS)Niir r) setsockoptr SOL_SOCKET SO_LINGERstructpack)rrrr)set_socket_so_linger_on_with_zero_timeoutsrc@sBeZdZdZGdddejZddZddZdd Z d d Z d S) TestPreHandshakeClosezQVerify behavior of close sockets with received data before to the handshake. csFeZdZddfdd ZddZddZfd d Zd d ZZS) z6TestPreHandshakeClose.SingleConnectionTestServerThreadN)rBcsH||_d|_d|_d|_d|_|dur0tj|_n||_tj |ddS)Nrr) call_after_accept received_data wrap_errorrRrrrrBsuperr)rrrrBrrrrs z?TestPreHandshakeClose.SingleConnectionTestServerThread.__init__cCs ||Sr)rrrrrrsz@TestPreHandshakeClose.SingleConnectionTestServerThread.__enter__cGs:z|jr|jWnty&Yn0|d|_dSr)rRrr1rrrrrrr s z?TestPreHandshakeClose.SingleConnectionTestServerThread.__exit__csxttjj|_tj|j_|jjtd|jj tt dt |_ t |j |_|j |j|j dtdS)NrhrIr )rrOrrssl_ctxrrrrrrrrRrrrr@rBrrrrrrrrs   z.call_after_acceptZpreauth_data_to_tls_serverrrFsDELETE /data HTTP/1.0 rbefore TLS handshake with datar rattr must existry)rrrrrrrrJrRr|rrjrr6rrrrrrrr1rrrrr^rgrrrf)rrrrrrrrtest_preauth_data_to_tls_serverMsB    &  z5TestPreHandshakeClose.test_preauth_data_to_tls_serverc sttfdd}|j|dd}|||jt|jt}| |j   t js|dt}z|j|dd}Wn,ty}z|}d}WYd}~n d}~00d}|d }|Wdn1s0Y|z~|d|||t||||tj|d |jd |d |j|d |jd |j|j d dWd}d}n d}d}0dS)Ncs:tjstdt||d|dS)Nz ERROR: test client took too longsWHTTP/1.0 307 Temporary Redirect Location: https://example.com/someone-elses-server T)rrrprintrr6rrZconn_to_clientZ$client_can_continue_with_wrap_socketZ$server_can_continue_with_wrap_socketrrr~s zPTestPreHandshakeClose.test_preauth_data_to_tls_client..call_after_acceptZpreauth_data_to_tls_clientrztest server took too longr'rurr rr rrry)!rrrrrrrrRrrJr|rrrrrrrOrr1r2rrrrrrrr^rgrrrf) rrrrr Z tls_clientrrrrrrtest_preauth_data_to_tls_clientzsP       &   z5TestPreHandshakeClose.test_preauth_data_to_tls_clientcstGfdddtjj}fdd}d}|j|d|d}|||jt |j ||j d|j t |d }|t,|jd d d d id|}Wdn1s0Y|dS)NcseZdZfddZdS)zeTestPreHandshakeClose.test_https_client_non_tls_response_ignored..SynchronizedHTTPSConnectioncsFtjj|tjs,tjr,tj d|j j |j |jd|_ dS)Nz"server_responding event never set.ru)httprZHTTPConnectionrJrrrrlrjrmrnZ_contextrrrnrZserver_respondingrrrJs  zmTestPreHandshakeClose.test_https_client_non_tls_response_ignored..SynchronizedHTTPSConnection.connectN)rrrrJrr rrSynchronizedHTTPSConnectionsr!cs&t||d|dS)Ns!HTTP/1.0 402 Payment Required T)rr6rrrr rrrsz[TestPreHandshakeClose.test_https_client_non_tls_response_ignored..call_after_acceptg@Znon_tls_http_RST_responder)rrrBr)rrrBZHEADz/testZHostr')Zheaders)rrrrZHTTPSConnectionrrrrrrRr|rrrOrr1rkZ getresponser)rr!rrBr connectionresponserr r*test_https_client_non_tls_response_ignoreds,     &z@TestPreHandshakeClose.test_https_client_non_tls_response_ignoredN) rrrrrrrrrrr$rrrrrs <-rr rGrrrrrrLr&rrrr.r/r9r:r;r<r=r>rDrJrT lru_cacherQrfrrZr^rprvrzr{rrrrrrarNrrrZTestCaserrrcrprrZrequires_resourcerrrZtest.ssl_serversrrrrr)r0r1rZ HAS_KEYLOGrrrrr*rmainrrrrs                              (    ?6?0B  v 3 IKO y#