B u9a1ÿã @s‚ddlZddlZddlmZddlZddlZddlZddlZddlZddl Z ddl Z ddl Z ddl Z ddlZddlZddlZddlZddlZddlZddlZy ddlZWnek rÀdZYnXe d¡ZeejƒZejZej d¡Ze oöej dkZ!e oej dkZ"e #d¡Z$iZ%xPdD]H\Z&Z'ye(ee&ƒZ&e(ej)e'ƒZ'Wne*k rZwYnXe'e%e&<qWd d „Z+e+d ƒZ,e  -e,¡Z.e+d ƒZ/e+d ƒZ0e  -e/¡Z1e  -e0¡Z2e+dƒZ3e+dƒZ4dZ5e+dƒZ6e  -e6¡Z7e+ddƒZ8e+ddƒZ9ddddddddœZ:e+dƒZ;e+dƒZe+d&ƒZ?d'Z@e+d(ƒZAd)ZBe+dd*ƒZCe+d+ƒZDe+d,ƒZEd-ZFe+d.ƒZGe+d/ƒZHe+d0ƒZIe+d1ƒZJe+d2ƒZKe+d3ƒZLe+d4ƒZMe+d5ƒZNe  -eN¡ZOe(ed6dƒZPe(ed7dƒZQe(ed8dƒZRe(ed9dƒZSe(ed:dƒZTd;d<„ZUd=d>„ZVd?d@„ZWdAdB„ZXdCdD„ZYeYƒZZdEdF„Z[dGdH„Z\dIdJ„Z]e ^ej_dK¡Z`ejafejbdddddLœdMdN„Zce.f)ÚhasattrrÚ functoolsÚwraps)r]r^r)r]rÚskip_if_broken_ubuntu_sslÆs  rbz SNI support needed for this test)Ú cert_reqsÚca_certsÚciphersÚcertfileÚkeyfilec Ksvt |¡}|dk r(|tjkr"d|_||_|dk r:| |¡|dk sJ|dk rV| ||¡|dk rh| |¡|j|f|ŽS)NF) rrDÚ CERT_NONEÚcheck_hostnameÚ verify_modeÚload_verify_locationsÚload_cert_chainÚ set_ciphersÚ wrap_socket) ÚsockÚ ssl_versionrcrdrerfrgr\ÚcontextrrrÚtest_wrap_socketØs     rrcCsd|tkrt}n|tkrt}nt|ƒ‚t tj¡}| t ¡t tj ¡}|  |¡| t ¡|||fS)zUCreate context client_context, server_context, hostname = testing_context() ) ÚSIGNED_CERTFILEÚSIGNED_CERTFILE_HOSTNAMEÚSIGNED_CERTFILE2ÚSIGNED_CERTFILE2_HOSTNAMErGrrDÚPROTOCOL_TLS_CLIENTrkÚ SIGNING_CArErl)Z server_certÚhostnameÚclient_contextÚserver_contextrrrÚtesting_contextês     r|c@s˜eZdZdd„Zdd„Zdd„Zdd„Ze e j d kd ¡d d „ƒZ d Z dd„Z dd„Zdd„Zdd„Zdd„Zdd„Zejdd„ƒZdd„Zdd„Zd d!„Zd"d#„Zd$d%„Zd&d'„Zd(d)„Zd*d+„Zd,d-„Zd.d/„Ze d0e j!kd1¡d2d3„ƒZ"d4d5„Z#d6d7„Z$e e%j&d8kd9¡d:d;„ƒZ'e e%j&d8kd9¡dd?„Z)d@dA„Z*dBdC„Z+dDdE„Z,dFdG„Z-e e.ƒdH¡dIdJ„ƒZ/dKdL„Z0e 1dMdN¡dOdP„ƒZ2dQdR„Z3d S)SÚBasicSocketTestscCs tjtjtjtjtjtjr*tjtjdkr:tj |  tj ddh¡|  tjddh¡tj tj tjtjtjdkrŒtjtj| tjtj¡dS)N)rrTF)rrr)rrhÚ CERT_OPTIONALÚ CERT_REQUIREDr,r*rCr+r?r)ÚassertInÚHAS_SNIÚ OP_NO_SSLv2Ú OP_NO_SSLv3Ú OP_NO_TLSv1Ú OP_NO_TLSv1_3Ú OP_NO_TLSv1_1Ú OP_NO_TLSv1_2Ú assertEqualÚ PROTOCOL_TLSr)ÚselfrrrÚtest_constantss&  zBasicSocketTests.test_constantsc Cs:| td¡$t ¡}t |¡WdQRXWdQRXdS)Nzpublic constructor)ÚassertRaisesRegexÚ TypeErrorÚsocketrÚ SSLSocket)rŠÚsrrrÚtest_private_inits z"BasicSocketTests.test_private_initcCs2tj}| t|ƒd¡t |¡}| |j|¡dS)Nz_SSLMethod.PROTOCOL_TLS)rr‰rˆÚstrrDÚassertIsÚprotocol)rŠÚprotorHrrrÚtest_str_for_enumss z#BasicSocketTests.test_str_for_enumscCst ¡}tjr*tj d||r dp"df¡t d¡\}}| t |ƒd¡| ||dk¡|rxt  d¡}| t |ƒd¡n|  tj tj d¡|  t tj d¡|  t tjd¡ttdƒrÖ|  ttjd¡|  ttjdd¡t d d ¡t d d ¡t td ƒd ¡dS) Nz RAND_status is %d (%s) zsufficient randomnesszinsufficient randomnesséréûÿÿÿÚRAND_egdÚfoozthis is a random stringgÀR@sthis is a random bytes objects!this is a random bytearray object)rÚ RAND_statusrr3r1r4r5ÚRAND_pseudo_bytesrˆÚlenZ RAND_bytesÚ assertRaisesrWrGr_rr™ZRAND_addÚ bytearray)rŠÚvÚdataZis_cryptographicrrrÚ test_random$s(      zBasicSocketTests.test_randomÚposixzrequires posixcCst ¡}|s| d¡t ¡\}}t ¡}|dkr yBt |¡t d¡d}| t |ƒd¡t  ||¡t |¡Wnt k r’t  d¡Yn Xt  d¡nzt |¡|  tj|¡t |d¡\}}| |d¡t |d¡}| t |ƒd¡t d¡d}| t |ƒd¡| ||¡dS)Nz*OpenSSL's PRNG has insufficient randomnessrr—r)rr›Úfailr ÚpipeÚforkÚcloserœrˆrr5Ú BaseExceptionÚ_exitÚ addCleanupÚwaitpidÚreadÚassertNotEqual)rŠÚstatusZrfdZwfdÚpidZ child_randomÚ_Z parent_randomrrrÚtest_random_fork?s0        z!BasicSocketTests.test_random_forkNcCs˜| tj t¡t¡| tj t¡t¡tj t¡}t j rTt j   dt |¡d¡| |dd¡| |dd¡| |dd¡| |dd ¡dS) NÚ r#))rzprojects.developer.nokia.com)rzprojects.forum.nokia.comr%)zhttp://ocsp.verisign.comr&)z0http://SVRIntl-G3-aia.verisign.com/SVRIntlG3.cerr')z0http://SVRIntl-G3-crl.verisign.com/SVRIntlG3.crl)rˆrÚ_sslÚ_test_decode_certÚCERTFILEÚ CERTFILE_INFOrsÚSIGNED_CERTFILE_INFOÚ NOKIACERTrr3r1r4r5ÚpprintÚpformat)rŠÚprrrÚtest_parse_certas       z BasicSocketTests.test_parse_certc CsLtj t¡}tjr,tj dt   |¡d¡|  |dddddddd œ¡dS) Nr²)))rÚUK))rzcody-cazJun 14 18:00:58 2028 GMTzJun 18 18:00:58 2018 GMTZ02)))rr½))rz#codenomicon-vm-2.test.lal.cisco.com))rz#codenomicon-vm-2.test.lal.cisco.comr)rrr r!r"r#r$) rr³r´ÚTALOS_INVALID_CRLDPrr3r1r4r5r¹rºrˆ)rŠr»rrrÚtest_parse_cert_CVE_2019_5010~s z.BasicSocketTests.test_parse_cert_CVE_2019_5010cCsxtj t¡}tjr,tj dt   |¡d¡d}|  |d|¡|  |d|¡tj dkr`d}nd}|  |d|¡dS) Nr²)))rÚUS))ÚstateOrProvinceNameZOregon))rZ Beaverton))rzPython Software Foundation))ÚorganizationalUnitNamezPython Core Development))rznull.python.orgexample.org))Ú emailAddresszpython-dev@python.orgr"r)rr8r9))rzaltnull.python.orgexample.com)Úemailz null@python.orguser@example.org)ÚURIz)http://null.python.orghttp://example.org)z IP Addressz 192.0.2.1)z IP Addressz2001:DB8:0:0:0:0:0:1 ))rzaltnull.python.orgexample.com)rÄz null@python.orguser@example.org)rÅz)http://null.python.orghttp://example.org)z IP Addressz 192.0.2.1)z IP Addressz r#) rr³r´Ú NULLBYTECERTrr3r1r4r5r¹rºrˆr<)rŠr»r"ZsanrrrÚtest_parse_cert_CVE_2013_4238“s  z.BasicSocketTests.test_parse_cert_CVE_2013_4238cCs tj t¡}| |dd¡dS)Nr#) )rZallsans)Ú othernamez )rÈz )rÄzuser@example.org)rzwww.example.org)ZDirName)))rr))rzCastle Anthrax))rzPython Software Foundation))rzdirname example)rÅzhttps://www.python.org/)z IP Addressz 127.0.0.1)z IP Addressz0:0:0:0:0:0:0:1 )z Registered IDz 1.2.3.4.5)rr³r´Ú ALLSANFILErˆ)rŠr»rrrÚtest_parse_all_sans°s  z$BasicSocketTests.test_parse_all_sansc CsŒttdƒ}| ¡}WdQRXt |¡}t |¡}t |¡}| ||¡| tjd¡sf|  d|¡|  dtj d¡sˆ|  d|¡dS)NÚrr²z-DER-to-PEM didn't include correct header: %r z-DER-to-PEM didn't include correct footer: %r ) ÚopenÚ CAFILE_CACERTr¬rÚPEM_cert_to_DER_certZDER_cert_to_PEM_certrˆÚ startswithZ PEM_HEADERr¤ÚendswithZ PEM_FOOTER)rŠr^ÚpemÚd1Zp2Úd2rrrÚtest_DER_to_PEMÅs     z BasicSocketTests.test_DER_to_PEMc Cs&tj}tj}tj}| |t¡| |t¡| |t¡| |d¡|  |d¡|\}}}}}| |d¡|  |d¡| |d¡|  |d¡| |d¡|  |d¡| |d¡|  |d¡| |d¡|  |d¡t rü|  |  d |¡¡||t|ƒf¡n&|  |  d  |||¡¡||t|ƒf¡dS) Nii0rréé?r;z LibreSSL {:d}zOpenSSL {:d}.{:d}.{:d})rZOPENSSL_VERSION_NUMBERr?ÚOPENSSL_VERSIONÚassertIsInstanceÚintÚtupler’ÚassertGreaterEqualÚ assertLessZassertLessEqualÚ IS_LIBRESSLÚ assertTruerÏÚformatÚhex) rŠÚnÚtrÚmajorÚminorZfixZpatchr®rrrÚtest_openssl_versionÑs0               z%BasicSocketTests.test_openssl_versionc CsLt tj¡}t|ƒ}t |¡}t dtf¡~WdQRX| |ƒd¡dS)NrV) rŽÚAF_INETrrÚweakrefÚrefrZcheck_warningsÚResourceWarningrˆ)rŠrÚssÚwrrrrÚ test_refcycleðs    zBasicSocketTests.test_refcyclec CsÜt tj¡}t|ƒ¾}| t|jd¡| t|jtdƒ¡| t|jd¡| t|j tdƒd¡| t|j d¡| t|j dd¡| t |j ¡| t |jdgddd¡| t |jd¡| t |jtdƒg¡WdQRXdS)Nróx)z0.0.0.0rrréd)rŽrærrržÚOSErrorÚrecvÚ recv_intorŸÚrecvfromÚ recvfrom_intoÚsendÚsendtoÚNotImplementedErrorÚdupÚsendmsgÚrecvmsgÚ recvmsg_into)rŠrrêrrrÚtest_wrapped_unconnectedûs    z)BasicSocketTests.test_wrapped_unconnectedc CsLxFdD]>}t tj¡}| |¡t|ƒ}| || ¡¡WdQRXqWdS)N)Ngg@)rŽræÚ settimeoutrrrˆZ gettimeout)rŠÚtimeoutrrêrrrÚ test_timeout s     zBasicSocketTests.test_timeoutc Csdt ¡}|jtdtj|td|jtdtj|dd|jtdtj|dddtj|dtd}| td|jtd f¡WdQRX| t ¡(}t ¡}tj|t d WdQRXWdQRX|  |j j t j¡| t ¡*}t ¡}tj|tt d WdQRXWdQRX|  |j j t j¡| t ¡*}t ¡}tj|t t d WdQRXWdQRX|  |j j t j¡dS) Nzcertfile must be specified)rgz5certfile must be specified for server-side operationsT)Ú server_siderV)rÿrfz!can't connect in server-side modei)rf)rfrg)rŽrŒrGrrnrµÚconnectÚHOSTržrïÚNONEXISTINGCERTrˆÚ exceptionÚerrnoÚENOENT)rŠrorÚcmrrrÚtest_errors_sslwraps6  "    z$BasicSocketTests.test_errors_sslwrapc CsXtj tj t¡ptj|¡}t ¡}| |j¡|  t j ¡t ||dWdQRXdS)z;Check that trying to use the given client certificate fails)rfN) r r rrrÚcurdirrŽrªr§ržrrWrr)rŠrfrorrrÚ bad_cert_test3s zBasicSocketTests.bad_cert_testcCs| d¡dS)z Wrapping with an empty cert filez nullcert.pemN)r )rŠrrrÚtest_empty_cert=sz BasicSocketTests.test_empty_certcCs| d¡dS)z:Wrapping with a badly formatted certificate (syntax error)z badcert.pemN)r )rŠrrrÚtest_malformed_certAsz$BasicSocketTests.test_malformed_certcCs| d¡dS)z2Wrapping with a badly formatted key (syntax error)z badkey.pemN)r )rŠrrrÚtest_malformed_keyEsz#BasicSocketTests.test_malformed_keyc sÖdd„}‡fdd„}ddi}||dƒ||dƒ||d ƒ||d ƒ||d ƒ||d ƒdd i}||dƒ||dƒ||dƒ||dƒ||dƒddi}||dƒ||dƒ||dƒ||dƒ||dƒddi}||dƒ||d ƒ||dƒddi}||dƒ||dƒ||dƒ||dƒddi}||dƒ||dƒ||dƒd d ¡ d!¡}dd"|fffi}|||ƒdd#i}|||ƒdd$i}|||ƒd% d ¡ d!¡}dd"|fffi}||d& d ¡ d!¡ƒ||d' d ¡ d!¡ƒ||d( d ¡ d!¡ƒ||d) d ¡ d!¡ƒd*d+d,d-œ}||d.ƒ||d/ƒ||d0ƒ||d1ƒd2d3d4œ}||d5ƒ||d6ƒ||d7ƒdd8d9œ}||d:ƒ||d;ƒ||d<ƒ||d=ƒ||d>ƒ||d?ƒ||d@ƒttdAƒr ddBd9œ}||dCƒ||dDƒ||dEƒ||dFƒ||dGƒ||d@ƒd2dHd4œ}||d5ƒdIdJdKd-œ}||d5ƒdIdHdKd-œ}||dLƒˆ ttjdd¡ˆ ttjid¡ddMi}ˆ tj dN¡t |dO¡WdQRXddPi}ˆ tj dQ¡t |dR¡WdQRXddSi}ˆ tj dT¡t |dU¡WdQRXddVi}ˆ tj dW¡t |dX¡WdQRXddYi}ˆ tj dZ¡t |d[¡WdQRXx.d\D]&}ˆ t¡t  |¡WdQRXq\Wxd]D]}ˆ  t  |¡¡qŒWttdAƒrÒxd^D]}ˆ  t  |¡¡q¸WdS)_NcSst ||¡dS)N)rÚmatch_hostname)ÚcertryrrrÚokJsz0BasicSocketTests.test_match_hostname..okcsˆ tjtj||¡dS)N)ržrÚCertificateErrorr )rry)rŠrrr¤Lsz2BasicSocketTests.test_match_hostname..failr")))rz example.comz example.comz ExAmple.cOmzwww.example.comz .example.comz example.orgZ exampleXcom)))rz*.a.comz foo.a.comz bar.foo.a.comza.comzXa.comz.a.com)))rzf*.comzfoo.comzf.comzbar.comz bar.foo.com)))rznull.python.orgexample.orgznull.python.orgexample.orgznull.python.org)))rz *.*.a.com)))rza.*.comz a.foo.comza..comupüthon.python.orgÚidnaÚasciir)))rz x*.python.org)))rzxn--p*.python.orguwww*.pythön.orguwww.pythön.orguwww1.pythön.orguftp.pythön.orgu pythön.orgzJun 26 21:41:46 2011 GMT)))rz linuxfrz.org))rz linuxfr.org)rz linuxfr.com)rÈz )rr"r#z linuxfr.orgz linuxfr.comz z linuxfrz.orgzDec 18 23:59:59 2011 GMT)))rrÀ))rÁÚ California))rz Mountain View))rz Google Inc))rzmail.google.com)rr"zmail.google.comz gmail.comr))rz example.com)z IP Addressz 10.11.12.13)z IP Addressz 14.15.16.17)z IP Addressz 127.0.0.1)r"r#z 10.11.12.13z 14.15.16.17z127.1z 14.15.16.17 z14.15.16.17 extra dataz 14.15.16.18z example.netZAF_INET6))rz example.com)z IP Addressz2001:0:0:0:0:0:0:CAFE )z IP Addressz2003:0:0:0:0:0:0:BABA z 2001::cafez 2003::babaz 2003::baba z2003::baba extra dataz 2003::bebe)))rrÀ))rÁr))rz Mountain View))rz Google InczDec 18 23:59:59 2099 GMT)))rrÀ))rÁr))rz Mountain View))rzmail.google.com))rÈZblablaz google.com)))rza*b.example.comz5partial wildcards in leftmost label are not supportedzaxxb.example.com)))rzwww.*.example.comz2wildcard can only be present in the leftmost labelzwww.sub.example.com)))rza*b*.example.comztoo many wildcardszaxxbxxc.example.com)))rÚ*z7sole wildcard without additional labels are not supportÚhost)))rz*.comz%hostname 'com' doesn't match '\*.com'Zcom)Ú1rVz1.2.3z 256.0.0.1z 127.0.0.1/24)z 127.0.0.1z 192.168.0.1)z::1z2001:db8:85a3::8a2e:370:7334) ÚencodeÚdecoder_rŽržrGrr rŒrZ _inet_patonrÞ)rŠrr¤rrÚinvalidZipaddrr)rŠrÚtest_match_hostnameIsö                                                           z$BasicSocketTests.test_match_hostnamec Cs:t tj¡}t ¡}|jt|j|dddWdQRXdS)NTz some.hostname)Úserver_hostname)rrDrErŽržrGrn)rŠrHrorrrÚtest_server_sides  z!BasicSocketTests.test_server_sidec Cs|t tj¡}| d¡| ¡t tj¡}| | ¡¡t|dd&}| t¡|  d¡WdQRXWdQRX|  ¡dS)N)z 127.0.0.1rF)Údo_handshake_on_connectz unknown-type) rŽræÚbindÚlistenrÚ getsocknamerrržrGÚget_channel_bindingr§)rŠrÚcrêrrrÚtest_unknown_channel_bindings    z-BasicSocketTests.test_unknown_channel_bindingz tls-uniquez*'tls-unique' channel binding not availablec Csjt tj¡}t|ƒ}| | d¡¡WdQRXt tj¡}t|dtd}| | d¡¡WdQRXdS)Nz tls-uniqueT)rÿrf)rŽrærrÚ assertIsNoner!rµ)rŠrrêrrrÚtest_tls_unique_channel_binding"s    z0BasicSocketTests.test_tls_unique_channel_bindingc CsVtt tj¡ƒ}t|ƒ}| t¡}d}t ¡WdQRX| |t |j j dƒ¡dS)Nr) rrrŽræÚreprZ assertWarnsrérZ gc_collectr€r’Zwarningr[)rŠrêrËrrrrÚtest_dealloc_warn.s  z"BasicSocketTests.test_dealloc_warnc Csrt ¡}| t|ƒd¡| |tj¡t ¡:}t|d<t |d<t ¡}| |j t ¡| |j t¡WdQRXdS)NéÚ SSL_CERT_DIRÚ SSL_CERT_FILE) rZget_default_verify_pathsrˆrrØZDefaultVerifyPathsrÚEnvironmentVarGuardÚCAPATHrµÚcafiler)rŠÚpathsÚenvrrrÚtest_get_default_verify_paths6s z.BasicSocketTests.test_get_default_verify_pathsÚwin32zWindows specificc Csð| t d¡¡| t d¡¡| ttj¡| ttjd¡tƒ}x–dD]Ž}t |¡}| |t¡xr|D]j}| |t ¡|  t |ƒd¡|\}}}| |t ¡|  |ddh¡| |ttf¡t|tƒrj| |¡qjWqJWd}|  ||¡dS) NÚCAÚROOTrV)r2r3rÚx509_asnÚ pkcs_7_asnz1.3.6.1.5.5.7.3.1)rÞrZenum_certificatesržrÚ WindowsErrorÚsetrØÚlistrÚrˆrÚbytesr€ÚboolÚ isinstanceÚupdate) rŠZ trust_oidsZ storenameÚstoreÚelementrÚencZtrustÚ serverAuthrrrÚtest_enum_certificatesBs&        z'BasicSocketTests.test_enum_certificatescCs–| t d¡¡| ttj¡| ttjd¡t d¡}| |t¡xL|D]D}| |t¡|  t |ƒd¡| |dt ¡|  |dddh¡qJWdS)Nr2rVérrr4r5) rÞrZ enum_crlsržrr6rØr8rÚrˆrr9r€)rŠZcrlsr>rrrÚtest_enum_crls[s    zBasicSocketTests.test_enum_crlsc Csºd}t d¡}| ||¡| |jd¡| |jd¡| |jd¡| |jd¡| |tj¡| t tjd¡tj  d¡}| ||¡| |tj¡| t tjj d¡|  t d¡tj  d¡WdQRXxvt d ƒD]j}ytj  |¡}Wnt k rþYqÖX| |jt ¡| |jt¡| |jt¡| |jttdƒf¡qÖWtj d¡}| ||¡| |tj¡| tj d¡|¡| tj d¡|¡|  t d ¡tj d ¡WdQRXdS) N)ér@zTLS Web Server Authenticationz1.3.6.1.5.5.7.3.1z1.3.6.1.5.5.7.3.1rDr@zTLS Web Server Authenticationéÿÿÿÿzunknown NID 100000i †ièzunknown object 'serverauth'Z serverauth)rÚ _ASN1ObjectrˆÚnidÚ shortnameZlongnameÚoidrØržrGZfromnidrŒÚrangerÙr’ÚtypeZfromname)rŠÚexpectedÚvalÚiÚobjrrrÚtest_asn1objectjs@      z BasicSocketTests.test_asn1objectcCsÈt d¡}| tjjtj¡| tjj|¡| tjjjd¡| tjjjd¡| tjjjd¡t d¡}| tjj tj¡| tjj |¡| tjj jd¡| tjj jd¡| tjj jd¡dS)Nz1.3.6.1.5.5.7.3.1rDr@z1.3.6.1.5.5.7.3.2é‚Z clientAuth) rrFrØÚPurposeÚ SERVER_AUTHrˆrGrHrIÚ CLIENT_AUTH)rŠrMrrrÚtest_purpose_enum‘s    z"BasicSocketTests.test_purpose_enumc Cs”t tjtj¡}| |j¡| t¡}t|tj dWdQRX|  t |j ƒd¡t  tj¡}| t¡}| |¡WdQRX|  t |j ƒd¡dS)N)rcz!only stream sockets are supported)rŽræZ SOCK_DGRAMrªr§ržrörrrrhrˆr’rrDrwrn)rŠrZcxrHrrrÚtest_unsupported_dtls¢s    z&BasicSocketTests.test_unsupported_dtlscCs| t |¡|¡dS)N)rˆrÚcert_time_to_seconds)rŠÚ timestringZ timestamprrrÚ cert_time_ok­szBasicSocketTests.cert_time_okc Cs$| t¡t |¡WdQRXdS)N)ržrGrrW)rŠrXrrrÚcert_time_fail°s zBasicSocketTests.cert_time_failz)local time needs to be different from UTCcCs| dd¡| dd¡dS)NzMay 9 00:00:00 2007 GMTgÀCÑAzJan 5 09:34:43 2018 GMTgÀ¬Ñ“ÖA)rY)rŠrrrÚ"test_cert_time_to_seconds_timezone´s z3BasicSocketTests.test_cert_time_to_seconds_timezonecCsàd}d}| ||¡| tj|d|¡| d|¡| d|¡| d¡| d¡| d¡| d ¡| d ¡| d ¡| d ¡d }| d|¡| d|¡| dd¡| dd¡| dd¡| d¡| dd¡dS)NzJan 5 09:34:43 2018 GMTgÀ¬Ñ“ÖA)rSzJan 05 09:34:43 2018 GMTzJaN 5 09:34:43 2018 GmTzJan 5 09:34 2018 GMTzJan 5 09:34:43 2018zJan 5 09:34:43 2018 UTCzJan 35 09:34:43 2018 GMTzJon 5 09:34:43 2018 GMTzJan 5 24:00:00 2018 GMTzJan 5 09:60:43 2018 GMTgàWÒAzDec 31 23:59:60 2008 GMTzJan 1 00:00:00 2009 GMTzJan 5 09:34:59 2018 GMTiÃFOZzJan 5 09:34:60 2018 GMTiÄFOZzJan 5 09:34:61 2018 GMTiÅFOZzJan 5 09:34:62 2018 GMTzDec 31 23:59:59 9999 GMTg€¿ úMB)rYrˆrrWrZ)rŠrXÚtsZ newyear_tsrrrÚtest_cert_time_to_seconds¼s*                z*BasicSocketTests.test_cert_time_to_secondsÚLC_ALLrVcCs@dd„}|ƒ ¡dkr | d¡| dd¡| |ƒd¡dS)NcSs t dd¡S)Nz%b) rrBrrMrOr(rrr)rJrRrrrrÚlocal_february_nameãszNBasicSocketTests.test_cert_time_to_seconds_locale..local_february_nameZfebz>locale-specific month name needs to be different from C localezFeb 9 00:00:00 2007 GMTg`îrÑAz 9 00:00:00 2007 GMT)ÚlowerÚskipTestrYrZ)rŠr_rrrÚ test_cert_time_to_seconds_localeßs   z1BasicSocketTests.test_cert_time_to_seconds_localecCsvt tj¡}| |j¡t |¡}tt tj¡tjd}| |j¡|  t |f¡}t j t j t jt jf}| ||¡dS)N)rc)rŽrærªr§rÚ bind_portrrrrÚ connect_exrrZ ECONNREFUSEDZ EHOSTUNREACHZ ETIMEDOUTÚ EWOULDBLOCKr€)rŠÚserverÚportrÚrcÚerrorsrrrÚtest_connect_ex_errorîs       z&BasicSocketTests.test_connect_ex_error)4Ú__name__Ú __module__Ú __qualname__r‹r‘r–r¢rZÚ skipUnlessr rr±ZmaxDiffr¼r¿rÇrÊrÔrårZ cpython_onlyrìrûrþrr r r r rrr#rÚCHANNEL_BINDING_TYPESr%r'r0r1rXrArCrPrUrVrYrZrKr[r]Zrun_with_localerbrjrrrrr}sP     G   ' #r}c@s¨eZdZedd„ƒZedd„ƒZdd„Ze e dkd¡d d „ƒZ e  e j d kd ¡d d„ƒZedd„ƒZdd„Zdd„Ze ee jdƒd¡dd„ƒZe eƒd¡dd„ƒZdd„Zdd„Zd d!„Zd"d#„Zed$d%„ƒZd&d'„Ze e jd(¡d)d*„ƒZed+d,„ƒZ ed-d.„ƒZ!d/d0„Z"d1d2„Z#d3d4„Z$e  e%j&d5kd6¡e  e'd7¡d8d9„ƒƒZ(e e%j&d5kd:¡e  ee%d;ƒd<¡d=d>„ƒƒZ)d?d@„Z*dAdB„Z+dCdD„Z,dEdF„Z-dGdH„Z.dIdJ„Z/dKS)LÚ ContextTestscCsTxtD]}t |¡qWt ¡}| |jtj¡| ttjd¡| ttjd¡dS)NrEé*)Ú PROTOCOLSrrDrˆr”r‰ržrG)rŠr”rHrrrÚtest_constructors  zContextTests.test_constructorcCs*x$tD]}t |¡}| |j|¡qWdS)N)rrrrDrˆr”)rŠr•rHrrrÚ test_protocol s  zContextTests.test_protocolc CsHt tj¡}| d¡| d¡| tjd¡| d¡WdQRXdS)NÚALLÚDEFAULTzNo cipher can be selectedz^$:,;?*'dorothyx)rrDrwrmrŒrW)rŠrHrrrÚ test_cipherss    zContextTests.test_ciphersrz+Test applies only to Python default cipherscCsjt tj¡}| ¡}xP|D]H}|d}| d|¡| d|¡| d|¡| d|¡| d|¡qWdS)NrZPSKZSRPZMD5ZRC4Z3DES)rrDrwÚ get_ciphersZ assertNotIn)rŠrHreZsuiterrrrÚtest_python_cipherss      z ContextTests.test_python_ciphers)rrrBrrzOpenSSL too oldcCsHt tj¡}| d¡tdd„| ¡Dƒƒ}| d|¡| d|¡dS)NZAESGCMcss|]}|dVqdS)rNr)Ú.0Údrrrú (sz0ContextTests.test_get_ciphers..zAES256-GCM-SHA384zAES128-GCM-SHA256)rrDrwrmr7rxr€)rŠrHÚnamesrrrÚtest_get_ciphers$s    zContextTests.test_get_ciphersc CsÊt tj¡}tjtjBtjB}|ttBtBt Bt BO}|  ||j ¡|j tj O_ |  |tj B|j ¡tƒrª|j tj @|_ |  ||j ¡d|_ |  d|j tj@¡n| t¡ d|_ WdQRXdS)Nr)rrDrwÚOP_ALLr‚rƒr)r,r*r+r-rˆÚoptionsr„r=ržrG)rŠrHÚdefaultrrrÚ test_options,s  zContextTests.test_optionsc Csðt tj¡}| |jtj¡tj|_| |jtj¡tj|_| |jtj¡tj|_| |jtj¡| t ¡ d|_WdQRX| t ¡ d|_WdQRXt tj ¡}| |jtj¡|  |j ¡t tj¡}| |jtj¡| |j ¡dS)Nrq)rrDr‰rˆrjrhr~rržrrGrEÚ assertFalserirwrÞ)rŠrHrrrÚtest_verify_mode_protocolBs$      z&ContextTests.test_verify_mode_protocolc Csvt tj¡}| |j¡tjrVd|_| |j¡d|_| |j¡d|_| |j¡n| t¡ d|_WdQRXdS)NTF) rrDrwrÞZhostname_checks_common_nameZHAS_NEVER_CHECK_COMMON_NAMErƒržÚAttributeError)rŠrHrrrÚ test_hostname_checks_common_nameYs     z-ContextTests.test_hostname_checks_common_nameÚminimum_versionzrequired OpenSSL 1.1.0gc Cs¢t tj¡}| |jtjjtjjtjjh¡|  |j tjj ¡tjj |_tjj|_ |  |jtjj ¡|  |j tjj¡tjj|_tjj|_ |  |jtjj¡|  |j tjj¡tjj |_ |  |j tjj ¡tjj|_ | |j tjjtjj h¡tjj |_| |jtjjtjjh¡| t¡ d|_WdQRXt tj¡}|  |jtjj¡|  |j tjj ¡| t¡tjj|_WdQRX| t¡tjj|_ WdQRXdS)Nrq)rrDrEr€r‡Ú TLSVersionZMINIMUM_SUPPORTEDr ÚTLSv1_2rˆÚmaximum_versionZMAXIMUM_SUPPORTEDr rÚTLSv1_3ržrGr )rŠrHrrrÚtest_min_max_versiongsT             z!ContextTests.test_min_max_versionz!verify_flags need OpenSSL > 0.9.8c Cs¸t tj¡}ttddƒ}| |jtj|B¡tj|_| |jtj¡tj|_| |jtj¡tj|_| |jtj¡tjtj B|_| |jtjtj B¡|  t ¡ d|_WdQRXdS)NÚVERIFY_X509_TRUSTED_FIRSTr) rrDrEÚgetattrrˆÚ verify_flagsÚVERIFY_DEFAULTÚVERIFY_CRL_CHECK_LEAFZVERIFY_CRL_CHECK_CHAINZVERIFY_X509_STRICTržr)rŠrHÚtfrrrÚtest_verify_flags­s   zContextTests.test_verify_flagsc Cs¨t tj¡}|jtdd|jttd|jt|jtd| t¡}| t¡WdQRX|  |j j t j ¡|  tjd¡| t¡WdQRX|  tjd¡| t¡WdQRXt tj¡}| tt¡|jttd|jttd|  tjd¡| t¡WdQRX|  tjd¡| t¡WdQRX|  tjd¡|jttdWdQRXt tj¡}|  tjd¡| tt¡WdQRX|jttd|jtt ¡d|jttt ¡ƒd| ttt¡| ttt ¡¡| tttt ¡ƒ¡|  td¡|jtddWdQRX| tj¡|jtddWdQRX|  td ¡|jtd d dWdQRXd d „}dd„}dd„}dd„}dd„}dd„}dd„} Gdd„dƒ} |jt|d|jt|d|jt|d|jt| ƒd|jt| ƒjd| tj¡|jt|dWdQRX|  td ¡|jt|dWdQRX|  td¡|jt|dWdQRX|  td¡|jt| dWdQRX|jt| ddS)N)rgzPEM lib)rfrgzkey values mismatch)Zpasswordzshould be a stringTÚbadpasszcannot be longeróaicSstS)N)Ú KEY_PASSWORDrrrrÚgetpass_unicodeðsz:ContextTests.test_load_cert_chain..getpass_unicodecSst ¡S)N)r–rrrrrÚ getpass_bytesòsz8ContextTests.test_load_cert_chain..getpass_bytescSs tt ¡ƒS)N)rŸr–rrrrrÚgetpass_bytearrayôsz.getpass_bytearraycSsdS)Nr”rrrrrÚgetpass_badpassösz:ContextTests.test_load_cert_chain..getpass_badpasscSsddS)Nr•irrrrrÚ getpass_hugeøsz7ContextTests.test_load_cert_chain..getpass_hugecSsdS)Nr8rrrrrÚgetpass_bad_typeúsz;ContextTests.test_load_cert_chain..getpass_bad_typecSs tdƒ‚dS)Nz getpass error)Ú ExceptionrrrrÚgetpass_exceptionüsz.getpass_exceptionc@seZdZdd„Zdd„ZdS)z:ContextTests.test_load_cert_chain..GetPassCallablecSstS)N)r–)rŠrrrÚ__call__ÿszCContextTests.test_load_cert_chain..GetPassCallable.__call__cSstS)N)r–)rŠrrrÚgetpassszBContextTests.test_load_cert_chain..GetPassCallable.getpassN)rkrlrmrŸr rrrrÚGetPassCallableþsr¡zmust return a stringz getpass error)rrDrErlrµržrrïrrˆrrrrŒrWÚBADCERTÚ EMPTYCERTÚONLYCERTÚONLYKEYÚBYTES_ONLYCERTÚ BYTES_ONLYKEYrÍÚCERTFILE_PROTECTEDr–rrŸÚONLYKEY_PROTECTEDrGr r) rŠrHrr—r˜r™ršr›rœržr¡rrrÚtest_load_cert_chainÁsz      z!ContextTests.test_load_cert_chainc Csät tj¡}| t¡|jtdd| t¡|jtdd| t|j¡| t|jddd¡| t¡}| t ¡WdQRX|  |j j t j ¡| tjd¡| t¡WdQRX| tt¡|jttd| t|jdd¡dS)N)r-rzPEM lib)rT)rrDrErkrµÚBYTES_CERTFILEržrrïrrˆrrrrŒrWr¢r,Ú BYTES_CAPATH)rŠrHrrrrÚtest_load_verify_locationss     z'ContextTests.test_load_verify_locationsc CsJttƒ}| ¡}WdQRXt |¡}ttƒ}| ¡}WdQRXt |¡}t tj¡}| |  ¡dd¡|j |d| |  ¡dd¡|j |d| |  ¡dd¡|j |d| |  ¡dd¡t tj¡}d  ||f¡}|j |d| |  ¡dd¡t tj¡}d|d|d |d g}|j d  |¡d| |  ¡dd¡t tj¡}|j |d|j |d| |  ¡dd¡|j |d| |  ¡dd¡t tj¡}d   ||f¡}|j |d| |  ¡dd¡t tj¡}|j t |j td| tjd ¡|j d dWdQRX| tjd¡|j ddWdQRXdS)NÚx509_car)ÚcadatarrBr²ÚheadÚotherZagainÚtailóz no start lineZbrokenznot enough datasbroken)rÌrÍr¬rrÎÚCAFILE_NEURONIOrDrwrˆÚcert_store_statsrkrržrÚobjectrŒrW)rŠr^Z cacert_pemZ cacert_derZ neuronio_pemZ neuronio_derrHZcombinedrrrÚtest_load_verify_cadata'sN                   z$ContextTests.test_load_verify_cadatac Cs t tj¡}| t¡tjdkr*| t¡| t |j¡| t |jd¡| t ¡}| t ¡WdQRX|  |j jtj¡| tj¡}| t¡WdQRXdS)NÚnt)rrDrEÚload_dh_paramsÚDHFILEr rÚ BYTES_DHFILEržrÚFileNotFoundErrorrrˆrrrrWrµ)rŠrHrrrrÚtest_load_dh_paramsas     z ContextTests.test_load_dh_paramscCsDx>tD]6}t |¡}| | ¡ddddddddddddœ ¡qWdS)Nr) ZnumberrZ connect_goodZconnect_renegotiateÚacceptZ accept_goodZaccept_renegotiateÚhitsÚmissesZtimeoutsZ cache_full)rrrrDrˆÚ session_stats)rŠr•rHrrrÚtest_session_statsns   zContextTests.test_session_statscCst tj¡}| ¡dS)N)rrDrwZset_default_verify_paths)rŠrHrrrÚtest_set_default_verify_paths€s z*ContextTests.test_set_default_verify_pathsz#ECDH disabled on this OpenSSL buildcCsbt tj¡}| d¡| d¡| t|j¡| t|jd¡| t|jd¡| t|jd¡dS)NÚ prime256v1s prime256v1ršsfoo)rrDrErFržrrG)rŠrHrrrÚtest_set_ecdh_curve†s   z ContextTests.test_set_ecdh_curvecCsjt tj¡}| t|j¡| t|jd¡| t|jd¡| t|j|¡dd„}| d¡| |¡dS)NrMrVcSsdS)Nr)roÚ servernamerHrrrÚ dummycallbackšsz5ContextTests.test_sni_callback..dummycallback)rrDrEržrÚset_servername_callback)rŠrHrÇrrrÚtest_sni_callbacks  zContextTests.test_sni_callbackcCsJt tj¡}|fdd„}| |¡t |¡}~~t ¡| |ƒd¡dS)NcSsdS)Nr)rorÆrHÚcyclerrrrǤsz>ContextTests.test_sni_callback_refcycle..dummycallback) rrDrErÈrçrèÚgcÚcollectr“)rŠrHrÇrërrrÚtest_sni_callback_refcycleŸs    z'ContextTests.test_sni_callback_refcyclecCsŽt tj¡}| | ¡ddddœ¡| t¡| | ¡ddddœ¡| t¡| | ¡ddddœ¡| t¡| | ¡ddddœ¡dS)Nr)r®ÚcrlÚx509rrB) rrDrwrˆrµrlrµrkrÍ)rŠrHrrrÚtest_cert_store_stats¬s        z"ContextTests.test_cert_store_statsc Cs¨t tj¡}| | ¡g¡| t¡| | ¡g¡| t¡| | ¡dtdƒtdƒdddddœg¡t tƒ}|  ¡}WdQRXt  |¡}| | d¡|g¡dS) N)))rzRoot CA))rÂzhttp://www.cacert.org))rzCA Cert Signing Authority))rÃzsupport@cacert.orgzMar 29 12:29:49 2033 GMTzMar 30 12:29:49 2003 GMTZ00)z!https://www.cacert.org/revoke.crlr)rrr r!r'r"r$T) rrDrwrˆÚ get_ca_certsrkrµrÍrTrÌr¬rÎ)rŠrHr^rÑÚderrrrÚtest_get_ca_certsºs"       zContextTests.test_get_ca_certscCs€t tj¡}| ¡t tj¡}| tjj¡| ¡t tj¡}| tjj¡t tj¡}| t|jd¡| t|jd¡dS)NrS) rrDrwÚload_default_certsrRrSrTržr)rŠrHrrrÚtest_load_default_certsÖs    z$ContextTests.test_load_default_certsr1znot-Windows specificz!LibreSSL doesn't support env varsc CsTt tj¡}t ¡6}t|d<t|d<| ¡| |  ¡ddddœ¡WdQRXdS)Nr)r*rr)rÎrÏr®) rrDrwrr+r,rµrÔrˆrµ)rŠrHr/rrrÚtest_load_default_certs_envås   z(ContextTests.test_load_default_certs_envzWindows specificZgettotalrefcountz3Debug build does not share environment between CRTsc Csxt tj¡}| ¡| ¡}t tj¡}t ¡>}t|d<t|d<| ¡|dd7<|  | ¡|¡WdQRXdS)Nr)r*rÏr) rrDrwrÔrµrr+r,rµrˆ)rŠrHÚstatsr/rrrÚ#test_load_default_certs_env_windowsïs   z0ContextTests.test_load_default_certs_env_windowscCs‚| |jtj@tj¡tdkr0| |jt@t¡tdkrJ| |jt@t¡tdkrd| |jt@t¡tdkr~| |jt@t¡dS)Nr)rˆr€rr‚r)r*r+r,)rŠrHrrrÚ_assert_context_optionsþs    z$ContextTests._assert_context_optionsc CsÐt ¡}| |jtj¡| |jtj¡| |j¡|  |¡t t ƒ}|  ¡}WdQRXtjt t |d}| |jtj¡| |jtj¡|  |¡t tjj¡}| |jtj¡| |jtj¡|  |¡dS)N)r-rr¯)rÚcreate_default_contextrˆr”r‰rjrrÞrirÙrÌrxr¬r,rRrTrh)rŠrHr^r¯rrrÚtest_create_default_context s     z(ContextTests.test_create_default_contextcCsüt ¡}| |jtj¡| |jtj¡| |j¡|  |¡t tj ¡}| |jtj ¡| |jtj¡|  |¡tjtj tj dd}| |jtj ¡| |jtj ¡|  |j¡|  |¡tjtj jd}| |jtj¡| |jtj¡|  |¡dS)NT)rcri)Zpurpose)rZ_create_stdlib_contextrˆr”r‰rjrhrƒrirÙrrrÞrRrT)rŠrHrrrÚtest__create_stdlib_context"s(      z(ContextTests.test__create_stdlib_contextc Csdt tj¡}| |j¡| |jtj¡d|_| |j¡| |jtj ¡d|_tj |_| |j¡| |jtj ¡d|_tj|_d|_| |j¡| |jtj¡d|_| |j¡| |jtj ¡d|_tj |_d|_| |j¡| |jtj ¡d|_| |j¡| |jtj ¡|  t ¡tj|_WdQRXd|_| |j¡tj|_| |jtj¡dS)NTF) rrDr‰rƒrirˆrjrhrÞrr~ržrG)rŠrHrrrÚtest_check_hostname;s@          z ContextTests.test_check_hostnamecCsTt tj¡}| |j¡| |jtj¡t tj¡}|  |j¡| |jtj ¡dS)N) rrDrwrÞrirˆrjrrErƒrh)rŠrHrrrÚtest_context_client_serverfs     z'ContextTests.test_context_client_serverc CsŠGdd„dtjƒ}Gdd„dtjƒ}t tj¡}||_||_|jt ¡dd}|  ||¡WdQRX|  t  ¡t  ¡¡}|  ||¡dS)Nc@s eZdZdS)z;ContextTests.test_context_custom_class..MySSLSocketN)rkrlrmrrrrÚ MySSLSocketrsrßc@s eZdZdS)z;ContextTests.test_context_custom_class..MySSLObjectN)rkrlrmrrrrÚ MySSLObjectusràT)rÿ) rrÚ SSLObjectrDrEZsslsocket_classZsslobject_classrnrŽrØÚwrap_bioÚ MemoryBIO)rŠrßràrHrorOrrrÚtest_context_custom_classqs z&ContextTests.test_context_custom_classN)0rkrlrmrbrsrtrwrZrnrryÚskipIfrr?r~r‚r„r†r_rDrŒrAr“rªr­r·r½rÂrÃrCrÅÚ needs_snirÉrÍrÐrÓrÕr1rXrÝrÖrØrÙrÛrÜrÝrÞrärrrrrpÿsF    ES:    + rpc@s,eZdZdd„Zdd„Zdd„Zdd„Zd S) Ú SSLErrorTestscCsXt dd¡}| t|ƒd¡| |jd¡t dd¡}| t|ƒd¡| |jd¡dS)Nrrš)rrWrˆr’rZSSLZeroReturnError)rŠÚerrrÚtest_str„s   zSSLErrorTests.test_strc Csnt tj¡}| tj¡}| t¡WdQRX| |jj d¡| |jj d¡t |jƒ}|  |  d¡|¡dS)NZPEMZ NO_START_LINEz"[PEM: NO_START_LINE] no start line)rrDrwržrWr¹rµrˆrZlibraryÚreasonr’rÞrÏ)rŠrHrrrrrÚtest_lib_reasonŽs  zSSLErrorTests.test_lib_reasonc CsÎt tj¡}d|_tj|_t ¡¢}| d¡| ¡t ¡}|  |  ¡¡|  d¡|j |dddT}|  tj¡}| ¡WdQRXt|jƒ}| | d¡|¡| |jjtj¡WdQRXWdQRXdS)NF)z 127.0.0.1r)rz%The operation did not complete (read))rrDrwrirhrjrŽrrrr Ú setblockingrnržÚSSLWantReadErrorÚ do_handshaker’rrÞrÏrˆrÚSSL_ERROR_WANT_READ)rŠrHrr"rrrrÚ test_subclass˜s     zSSLErrorTests.test_subclassc Cs–t ¡}| t¡|jt ¡t ¡ddWdQRX| t¡|jt ¡t ¡ddWdQRX| t¡|jt ¡t ¡ddWdQRXdS)NrV)rz .example.orgzexample.orgevil.com)rrÚržrGrârãr)rŠrHrrrÚtest_bad_server_hostname­s   z&SSLErrorTests.test_bad_server_hostnameN)rkrlrmrérërðrñrrrrrç‚s  rçc@s4eZdZdd„Zdd„Zdd„Zdd„Zd d „Zd S) ÚMemoryBIOTestscCsªt ¡}| d¡| | ¡d¡| | ¡d¡| d¡| d¡| | ¡d¡| | ¡d¡| d¡| | d¡d¡| | d¡d ¡| | d¡d¡dS) Nsfoor³sbarsfoobarsbazrBsbaróz)rrãr5rˆr¬)rŠÚbiorrrÚtest_read_write¼s    zMemoryBIOTests.test_read_writecCs¶t ¡}| |j¡| | ¡d¡| |j¡| d¡| |j¡| ¡| |j¡| | d¡d¡| |j¡| | d¡d¡| |j¡| | ¡d¡| |j¡dS)Nr³sfoorBsforóo) rrãrƒÚeofrˆr¬r5Ú write_eofrÞ)rŠrôrrrÚtest_eofÊs       zMemoryBIOTests.test_eofcCs¨t ¡}| |jd¡| d¡| |jd¡x0tdƒD]$}| d¡| |jd|d¡q8Wx,tdƒD] }| d¡| |j|d¡qjW| ¡| |jd¡dS)Nrsfoorrrí)rrãrˆÚpendingr5rJr¬)rŠrôrNrrrÚ test_pendingÚs   zMemoryBIOTests.test_pendingcCsbt ¡}| d¡| | ¡d¡| tdƒ¡| | ¡d¡| tdƒ¡| | ¡d¡dS)Nsfoosbarsbaz)rrãr5rˆr¬rŸÚ memoryview)rŠrôrrrÚtest_buffer_typesès z MemoryBIOTests.test_buffer_typescCsLt ¡}| t|jd¡| t|jd¡| t|jd¡| t|jd¡dS)NršTr)rrãržrr5)rŠrôrrrÚtest_error_typesñs zMemoryBIOTests.test_error_typesN)rkrlrmrõrùrûrýrþrrrrròºs  ròc@seZdZdd„Zdd„ZdS)ÚSSLObjectTestsc Cs0t ¡}| td¡t ||¡WdQRXdS)Nzpublic constructor)rrãrŒrrá)rŠrôrrrr‘úsz SSLObjectTests.test_private_initc Cs.tƒ\}}}t ¡}t ¡}t ¡}t ¡}|j|||d}|j||dd} x€tdƒD]t} y | ¡Wntjk r|YnX|jr’| |  ¡¡y |  ¡Wntjk r´YnX|jrV| |  ¡¡qVW| ¡|  ¡|  tj¡|  ¡WdQRX| |  ¡¡|   ¡| |  ¡¡|  ¡dS)N)rT)rÿrO) r|rrãrârJrîrírúr5r¬ržÚunwrap) rŠZ client_ctxZ server_ctxryZc_inZc_outZs_inZs_outÚclientrfr°rrrÚ test_unwrapÿs8   zSSLObjectTests.test_unwrapN)rkrlrmr‘rrrrrrÿùsrÿc@s¾eZdZdZdd„Zdd„Zdd„Zdd „Zd d „Zd d „Z dd„Z dd„Z dd„Z e  ejdkd¡dd„ƒZdd„Zdd„Zdd„Zdd„Zd d!„Zed"d#„ƒZd$d%„Zd&d'„Zd(d)„Zd*S)+ÚSimpleBackgroundTestsz?Tests that connect to a simple server running in the backgroundcCs2ttƒ}t|jf|_| ¡| |jddd¡dS)N)ÚThreadedEchoServerrsrrgÚ server_addrÚ __enter__rªÚ__exit__)rŠrfrrrÚsetUp,s zSimpleBackgroundTests.setUpc Cs˜tt tj¡tjd.}| |j¡| i| ¡¡|  |j ¡WdQRXtt tj¡tj t d,}| |j¡|  | ¡¡|  |j ¡WdQRXdS)N)rc)rcrd)rrrŽrærrhrrrˆÚ getpeercertrƒrÿrrxrÞ)rŠrrrrÚ test_connect2s      z"SimpleBackgroundTests.test_connectcCs<tt tj¡tjd}| |j¡| tjd|j |j ¡dS)N)rczcertificate verify failed) rrrŽrærrrªr§rŒrWrr)rŠrrrrÚtest_connect_failAs     z'SimpleBackgroundTests.test_connect_failcCsJtt tj¡tjtd}| |j¡| d|  |j ¡¡|  |  ¡¡dS)N)rcrdr) rrrŽrærrrxrªr§rˆrdrrÞr )rŠrrrrÚtest_connect_exKs   z%SimpleBackgroundTests.test_connect_exc CsÚtt tj¡tjtdd}| |j¡| d¡|  |j ¡}|  |dt j t jf¡t g|ggd¡xby| ¡PWqftjk rœt |gggd¡Yqftjk rÂt g|ggd¡YqfXqfW| | ¡¡dS)NF)rcrdrrg@)rrrŽrærrrxrªr§rìrdrr€rZ EINPROGRESSreÚselectrîríÚSSLWantWriteErrorrÞr )rŠrrhrrrÚtest_non_blocking_connect_exTs$    z2SimpleBackgroundTests.test_non_blocking_connect_exc CsÆt tj¡}| t tj¡¡"}| |j¡| i|  ¡¡WdQRX|jt tj¡dd}| |j¡WdQRXtj |_ |  t ¡| t tj¡¡$}| |j¡|  ¡}| |¡WdQRXdS)NZdummy)r)rrDr‰rnrŽrærrrˆr rrjrkrxrÞ)rŠrHrrrrrÚtest_connect_with_contextns     z/SimpleBackgroundTests.test_connect_with_contextcCsLt tj¡}tj|_| t tj¡¡}| |j ¡|  tj d|j |j ¡dS)Nzcertificate verify failed)rrDr‰rrjrnrŽrærªr§rŒrWrr)rŠrHrrrrÚtest_connect_with_context_fail€s    z4SimpleBackgroundTests.test_connect_with_context_failc Cs¼t tj¡}tj|_|jtd| t tj ¡¡$}|  |j ¡|  ¡}|  |¡WdQRXt tj¡}tj|_|jtd| t tj ¡¡$}|  |j ¡|  ¡}|  |¡WdQRXdS)N)r)rrDr‰rrjrkr,rnrŽrærrr rÞr¬)rŠrHrrrrrÚtest_connect_capath‹s      z)SimpleBackgroundTests.test_connect_capathc Csâttƒ}| ¡}WdQRXt |¡}t tj¡}tj|_|j |d|  t   t j ¡¡$}|  |j¡| ¡}| |¡WdQRXt tj¡}tj|_|j |d|  t   t j ¡¡$}|  |j¡| ¡}| |¡WdQRXdS)N)r¯)rÌrxr¬rrÎrDr‰rrjrkrnrŽrærrr rÞ)rŠr^rÑrÒrHrrrrrÚtest_connect_cadata¢s"        z)SimpleBackgroundTests.test_connect_cadatar¸z*Can't use a socket as a file under Windowsc Csˆtt tj¡ƒ}| |j¡| ¡}| ¡}| ¡t  |d¡| ¡t   ¡|  t ¡}t  |d¡WdQRX| |jjtj¡dS)Nr)rrrŽrærrÚfilenoZmakefiler§r r¬rËrÌržrïrˆrrZEBADF)rŠrêÚfdr^rèrrrÚtest_makefile_close·s   z)SimpleBackgroundTests.test_makefile_closecCsÄt tj¡}| |j¡| d¡t|tjdd}| |j ¡d}xfy|d7}|  ¡PWqDtj k r€t   |ggg¡YqDtj k r¤t   g|gg¡YqDXqDWtjrÀtj d|¡dS)NF)rcrrrz9 Needed %d calls to do_handshake() to establish session. )rŽrærrrìrrrrhrªr§rîrír rrr3r1r4r5)rŠrÚcountrrrÚtest_non_blocking_handshakeÊs&    z1SimpleBackgroundTests.test_non_blocking_handshakecCst|f|jždtiŽdS)Nr)Ú_test_get_server_certificaterrx)rŠrrrÚtest_get_server_certificateßsz1SimpleBackgroundTests.test_get_server_certificatecCst|f|jžŽdS)N)Ú!_test_get_server_certificate_failr)rŠrrrÚ test_get_server_certificate_failâsz6SimpleBackgroundTests.test_get_server_certificate_failc Cs²tt tj¡tjdd}| |j¡WdQRXtt tj¡tjdd}| |j¡WdQRX| tjd¡:t tj¡"}t|tjdd}| |j¡WdQRXWdQRXdS)Nru)rcrervzNo cipher can be selectedz^$:,;?*'dorothyx) rrrŽrærrhrrrŒrW)rŠrrorrrrwçs   z"SimpleBackgroundTests.test_ciphersc Cs€t tj¡}|jtd| | ¡g¡|jt tj ¡dd$}|  |j ¡|  ¡}|  |¡WdQRX| t| ¡ƒd¡dS)N)rr)rr)rrDrwrkr,rˆrÑrnrŽrærrr rÞr)rŠrHrrrrrÚtest_get_ca_certs_capathõs    z.SimpleBackgroundTests.test_get_ca_certs_capathc Cs¨t tj¡}|jtdt tj¡}|jtdt tj¡}|j|ddT}| |j ¡|  |j |¡|  |j j |¡||_ |  |j |¡|  |j j |¡WdQRXdS)N)rr)r) rrDrwrkr,rŽrærnrrr“rqÚ_sslobj)rŠZctx1Zctx2rrêrrrÚtest_context_setgets      z)SimpleBackgroundTests.test_context_setgetc Osú| dd¡}t ¡|}d} x¼t ¡|kr4| d¡d} | d7} y ||Ž} Wn>tjk rŠ} z| jtjtjfkrt‚| j} Wdd} ~ XYnX|  ¡} |  | ¡| dkrªPq| tjkr|  d¡} | rÎ|  | ¡q|  ¡qWtjrötj  d| |jf¡| S)Nrýé rri€z"Needed %d calls to complete %s(). )ÚgetrJZ monotonicr¤rrWrrïZSSL_ERROR_WANT_WRITEr¬Úsendallrðr5rørr3r1r4rk)rŠroÚincomingÚoutgoingr]r[r\rýZdeadlinerrÚretrèÚbufrrrÚ ssl_io_loops8           z!SimpleBackgroundTests.ssl_io_loopcCs„t tj¡}| |j¡| |j¡t ¡}t ¡}t tj ¡}|  |j ¡|  |j tj¡| t¡| ||dt¡}| |jj|¡| | ¡¡| | ¡¡| | ¡¡| t|j¡dtjkrØ| | d¡¡|  ||||j!¡|  | ¡¡| | ¡¡| | ¡¡|  | ¡¡dtjkr>|  | d¡¡y|  ||||j"¡Wntj#k rlYnX| tj$|j%d¡dS)NFz tls-uniquesfoo)&rŽrærªr§rrrrãrDrwrÞrirˆrjrrkrxrârtr“rÚownerr$Úcipherr$ÚassertIsNotNoneÚshared_ciphersržrGr ror!r'rîrZSSLSyscallErrorrWr5)rŠror#r$rHÚsslobjrrrÚtest_bio_handshake6s<         z(SimpleBackgroundTests.test_bio_handshakecCs¶t tj¡}| |j¡| |j¡t ¡}t ¡}t tj ¡}tj |_ |  ||d¡}|  ||||j¡d}|  ||||j|¡|  ||||jd¡}| |d¡|  ||||j¡dS)NFsFOO isfoo )rŽrærªr§rrrrãrDr‰rhrjrâr'rîr5r¬rˆr)rŠror#r$rHr,Zreqr&rrrÚtest_bio_read_write_dataXs     z.SimpleBackgroundTests.test_bio_read_write_dataN)rkrlrmÚ__doc__rr r r rrrrrrZrår rrrrrrwrrærr'r-r.rrrrr)s(    %"rc@s*eZdZdd„Ze ejd¡dd„ƒZdS)ÚNetworkedTestsc Cs|t t¡htt tj¡tjdd}| |j ¡|  d¡|  tdf¡}|dkrZ|  d¡|  |tjtjf¡WdQRXdS)NF)rcrgH¯¼šò×z>i»rz!REMOTE_HOST responded too quickly)rÚtransient_internetÚ REMOTE_HOSTrrrŽrærrrªr§rürdrar€rZEAGAINre)rŠrrhrrrÚtest_timeout_connect_exks     z&NetworkedTests.test_timeout_connect_exz Needs IPv6c Cs2t d¡t|ddƒt|ddƒWdQRXdS)Nzipv6.google.comi»)rr1rr)rŠrrrÚ test_get_server_certificate_ipv6ys  z/NetworkedTests.test_get_server_certificate_ipv6N) rkrlrmr3rZrnrZ IPV6_ENABLEDr4rrrrr0isr0cCslt ||f¡}|s$| d||f¡tj||f|d}|sL| d||f¡tjrhtj d|||f¡dS)NzNo server certificate on %s:%s!)rdz& Verified certificate for %s:%s is %s )rÚget_server_certificater¤rr3r1r4r5)ÚtestrrgrrÑrrrr€src Csjytj||ftd}Wn:tjk rP}ztjr@tj d|¡Wdd}~XYnX|  d|||f¡dS)N)rdz%s z$Got server certificate %s for %s:%s!) rr5rµrWrr3r1r4r5r¤)r6rrgrÑÚxrrrr‹s "r)Úmake_https_serverc @sReZdZGdd„dejƒZddd„Zdd „Zd d „Zdd d „Z dd„Z dd„Z dS)rc@s@eZdZdZdd„Zdd„Zdd„Zdd „Zd d „Zd d „Z dS)z$ThreadedEchoServer.ConnectionHandlerzºA mildly complicated class, because we want it to work both with and without the SSL wrapper around the socket connection, so that we can test the STARTTLS functionality.cCs@||_d|_||_||_|j d¡d|_tj |¡d|_ dS)NFrT) rfÚrunningroÚaddrrìÚsslconnÚ threadingÚThreadÚ__init__Údaemon)rŠrfZconnsockr:rrrr> s  z-ThreadedEchoServer.ConnectionHandler.__init__c Cs yB|jjj|jdd|_|jj |j ¡¡|jj |j  ¡¡WnØt t t fk rª}zB|jj  t|ƒ¡|jjrŠtdt|jƒdƒd|_| ¡dSd}~XYn^tjtfk r}zL|jj  t|ƒ¡|jjròtdt|jƒdƒd|_|j ¡| ¡dSd}~XYnîX|jj |j ¡¡|jjjtjkr²|j ¡}tjrx|jjrxtj  !dt" #|¡d¡|j d¡}tjr²|jjr²tj  !dtt$|ƒƒd ¡|j %¡}tjr|jjrtj  !d t|ƒd¡tj  !d t|j ¡ƒd¡dSdS) NT)rÿz' server: bad connection attempt from z: Fz client cert is r²z cert binary is z bytes z" server: connection cipher is now z" server: selected protocol is now )&rfrqrnror;Úselected_npn_protocolsÚappendÚselected_npn_protocolÚselected_alpn_protocolsÚselected_alpn_protocolÚConnectionResetErrorÚBrokenPipeErrorÚConnectionAbortedErrorÚ conn_errorsr’Úchattyr7r&r:r9r§rrWrïÚstopr+rjrr rr3r1r4r5r¹rºrr))rŠrèrZ cert_binaryr)rrrÚ wrap_connªsD      z.ThreadedEchoServer.ConnectionHandler.wrap_conncCs |jr|j ¡S|j d¡SdS)Ni)r;r¬rorð)rŠrrrr¬ãs z)ThreadedEchoServer.ConnectionHandler.readcCs"|jr|j |¡S|j |¡SdS)N)r;r5rorô)rŠr9rrrr5és z*ThreadedEchoServer.ConnectionHandler.writecCs |jr|j ¡n |j ¡dS)N)r;r§ro)rŠrrrr§ïs z*ThreadedEchoServer.ConnectionHandler.closec CsÜd|_|jjs| ¡sdSxº|jrÖyÀ| ¡}| ¡}|s|d|_y|j ¡|_Wnt k rhYnXd|_|  ¡nj|dkrªt j rž|jj ržtj d¡|  ¡dS|jjrî|dkrît j rÔ|jj rÔtj d¡| d¡| ¡sêdSnø|jjrf|jrf|dkrft j r(|jj r(tj d ¡| d¡|j ¡|_d|_t j ræ|jj rætj d ¡n€|d kr¶t j rŽ|jj rŽtj d ¡|j d ¡}| t|ƒ d¡d¡n0|dkr8t j rÞ|jj rÞtj d¡y|j ¡Wn>tjk r*}z| t|ƒ d¡d¡Wdd}~XYn X| d¡n®|dkrj|j ¡dk r^| d¡n | d¡n||dkr˜|j ¡}| t|ƒ d¡d¡nNt j rØ|jj rØ|jr¸dpºd}tj d||| ¡|f¡| | ¡¡Wqttfk r6|jjr$t j r$tj d |j¡¡|  ¡d|_Yqtjk r”}z>d|jkr„|jjrzt j rztj |jd¡t d¡‚Wdd}~XYqt k rÒ|jjr¶t dƒ|  ¡d|_|j !¡YqXqWdS)NTFsoverz" server: client closed connection sSTARTTLSz2 server: read STARTTLS from client, sending OK... sOK sENDTLSz0 server: read ENDTLS from client, sending OK... z* server: connection is now unencrypted... s CB tls-uniquez@ server: read CB tls-unique from client, sending our CB data... z tls-uniquezus-asciió sPHAz( server: initiating post handshake auth sHASCERTsTRUE sFALSE sGETCERTZ encryptedZ unencryptedz/ server: read %r (%s), sending back %r (%s)... z Connection reset by peer: {} Z!PEER_DID_NOT_RETURN_A_CERTIFICATErz!tlsv13 alert certificate requiredzTest server failure: )"r9rfÚstarttls_serverrKr¬Ústripr;rrorïr§rr3Úconnectionchattyr1r4r5r!r&rÚverify_client_post_handshakerrWr r`rErGrIrßr:rêr[r7rJ)rŠÚmsgÚstrippedr¡rèrZctypeÚerrrrrÚrunõs¢              *           z(ThreadedEchoServer.ConnectionHandler.runN) rkrlrmr/r>rKr¬r5r§rTrrrrÚConnectionHandleršs 9rUNTFc Csð| r | |_n€t |dk r|ntj¡|_|dk r2|ntj|j_|rL|j |¡|r\|j |¡|rl|j |¡| r||j  | ¡| rŒ|j  | ¡||_ ||_ ||_ t ¡|_t |j¡|_d|_d|_g|_g|_g|_g|_tj |¡d|_dS)NFT)rqrrDrErhrjrkrlÚset_npn_protocolsÚset_alpn_protocolsrmrIrOrMrŽrorrcrgÚflagÚactiver@rCr+rHr<r=r>r?) rŠZ certificaterpÚcertreqsÚcacertsrIrOrMZ npn_protocolsZalpn_protocolsrerqrrrr>] s<           zThreadedEchoServer.__init__cCs| t ¡¡|j ¡|S)N)Ústartr<ÚEventrXÚwait)rŠrrrr‚ s zThreadedEchoServer.__enter__cGs| ¡| ¡dS)N)rJr)rŠr[rrrr‡ szThreadedEchoServer.__exit__cCs||_tj |¡dS)N)rXr<r=r\)rŠrXrrrr\‹ szThreadedEchoServer.startc Cs|j d¡|j ¡d|_|jr,|j ¡xÖ|jryT|j ¡\}}tjrj|j rjt j   dt |ƒd¡| |||¡}| ¡| ¡Wq.tjk r Yq.tk rº| ¡Yq.tk rþ}z(tjrî|j rît j   dt |ƒd¡Wdd}~XYq.Xq.W|j ¡dS)Ngš™™™™™©?Tz server: new connection from r²z connection handling failed: )rorürrYrXr7r¾rr3rIr1r4r5r&rUr\rrŽrýÚKeyboardInterruptrJr¨r§)rŠZnewconnZconnaddrZhandlerrèrrrrT s.        (zThreadedEchoServer.runcCs d|_dS)NF)rY)rŠrrrrJª szThreadedEchoServer.stop) NNNNTFFNNNN)N) rkrlrmr<r=rUr>rrr\rTrJrrrrr˜sD ! rc@sXeZdZGdd„dejƒZdd„Zdd„Zdd„Zd d „Z dd d „Z dd„Z dd„Z d S)ÚAsyncoreEchoServerc@s6eZdZGdd„dejƒZdd„Zdd„Zdd„Zd S) zAsyncoreEchoServer.EchoServerc@s<eZdZdd„Zdd„Zdd„Zdd„Zd d „Zd d „Zd S)z/AsyncoreEchoServer.EchoServer.ConnectionHandlercCs4t|d|dd|_tj ||j¡d|_| ¡dS)NTF)rÿrfr)rrrŽÚasyncoreÚdispatcher_with_sendr>Ú_ssl_acceptingÚ_do_ssl_handshake)rŠÚconnrfrrrr>µ s  z8AsyncoreEchoServer.EchoServer.ConnectionHandler.__init__cCs.t|jtjƒr*x|j ¡dkr(| ¡qWdS)NrT)r;rŽrrrúZhandle_read_event)rŠrrrÚreadable½ s z8AsyncoreEchoServer.EchoServer.ConnectionHandler.readablec Csœy|j ¡Wn‚tjtjfk r*dStjk rB| ¡Stjk rX‚Yn@tk r}z|j dt j kr€| ¡SWdd}~XYnXd|_ dS)NrF) rŽrîrrírZ SSLEOFErrorÚ handle_closerWrïr[rZ ECONNABORTEDrc)rŠrSrrrrdà szAAsyncoreEchoServer.EchoServer.ConnectionHandler._do_ssl_handshakecCsT|jr| ¡n@| d¡}tjr4tj dt|ƒ¡|sB|  ¡n|  |  ¡¡dS)Niz server: read %s from client ) rcrdrðrr3r1r4r5r&r§rôr`)rŠr¡rrrÚ handle_readÒ s   z;AsyncoreEchoServer.EchoServer.ConnectionHandler.handle_readcCs$| ¡tjr tj d|j¡dS)Nz server: closed connection %s )r§rr3r1r4r5rŽ)rŠrrrrgÞ szrfrdrhrgr7rrrrrU³ s  rUcCs@||_t tjtj¡}t |d¡|_tj  ||¡|  d¡dS)NrVrO) rfrŽræZ SOCK_STREAMrrcrgraÚ dispatcherr>r)rŠrfrorrrr>æ s z&AsyncoreEchoServer.EchoServer.__init__cCs(tjrtj d|¡| ||j¡dS)Nz$ server: new connection from %s:%s )rr3r1r4r5rUrf)rŠZsock_objr:rrrÚhandle_acceptedí sz-AsyncoreEchoServer.EchoServer.handle_acceptedcCs‚dS)Nr)rŠrrrr7ò sz*AsyncoreEchoServer.EchoServer.handle_errorN) rkrlrmrarbrUr>rjr7rrrrÚ EchoServer± s3rkcCs8d|_d|_| |¡|_|jj|_tj |¡d|_dS)NFT) rXrYrkrfrgr<r=r>r?)rŠrfrrrr>õ s    zAsyncoreEchoServer.__init__cCsd|jj|jfS)Nz<%s %s>)Ú __class__rkrf)rŠrrrÚ__str__ý szAsyncoreEchoServer.__str__cCs| t ¡¡|j ¡|S)N)r\r<r]rXr^)rŠrrrr s zAsyncoreEchoServer.__enter__cGsVtjrtj d¡| ¡tjr,tj d¡| ¡tjrFtj d¡tjdddS)Nz cleanup: stopping server. z! cleanup: joining server thread. z cleanup: successfully joined. T)Z ignore_all) rr3r1r4r5rJrraZ close_all)rŠr[rrrr s   zAsyncoreEchoServer.__exit__NcCs||_tj |¡dS)N)rXr<r=r\)rŠrXrrrr\ szAsyncoreEchoServer.startcCsBd|_|jr|j ¡x&|jrrmrrr\rTrJrrrrr`­ sD  r`óFOO TFc Cszi}t||dd}|X|jt ¡||d} |  t|jf¡xœ|t|ƒt|ƒgD]†} |rttj rtt j   d|¡|   | ¡|   ¡} |r tj r t j   d| ¡| | ¡krVtd| dd…t| ƒ|dd… ¡t|ƒfƒ‚qVW|   d ¡|rtj rt j   d ¡| |  ¡|  ¡|  ¡|  ¡|  ¡|  ¡| j| jd œ¡|  ¡WdQRX|j|d <|j|d <|j|d<WdQRX|S)zW Launch a server, connect a client to it and try various reads and writes. F)rqrIrO)rÚsessionz client: sending %r... z client: read %r z4bad data <<%r>> (%d) received; expected <<%r>> (%d) Nésover z client: closing connection. )Ú compressionr)ÚpeercertÚclient_alpn_protocolÚclient_npn_protocolr$Úsession_reusedroÚserver_alpn_protocolsÚserver_npn_protocolsÚserver_shared_ciphers)rrnrŽrrrgrŸrürr3r1r4r5r¬r`ÚAssertionErrorrr<rqr)r rDrBr$ruror§rCr@r+) rzr{ÚindatarIrOÚsni_nameror×rfrÚargÚoutdatarrrÚserver_params_test# sR          r~c CsÈ|dkrtj}tjdtjdtjdi|}tjr\|r6dp8d}tj |t  |¡t  |¡|f¡t  |¡}|j |O_ t  |¡} | j |O_ t   |d¡} | dk rÄt| dƒrÄ|tjkrÄ| j| krÄ| | _|jtjkrÚ| d¡x*|| fD]} || _|  t¡|  t¡qäWyt|| d d d } WnXtjk r:|r6‚YnŠtk rr} z|s`| jtjkrb‚Wdd} ~ XYnRX|s˜td t  |¡t  |¡fƒ‚n,|d k rÄ|| d krÄtd|| d fƒ‚dS)a< Try to SSL-connect using *client_protocol* to *server_protocol*. If *expect_success* is true, assert that the connection succeeds, if it's false, assert that the connection fails. Also, if *expect_success* is a string, assert that it is the protocol version actually used by the connection. Nrhr~rz %s->%s %s z {%s->%s} %s r‡ruF)rIrOz5Client protocol %s succeeded with server protocol %s!Tr$z%version mismatch: expected %r, got %r)rrhr~rrr3r1r4r5Zget_protocol_namerDr€ÚPROTOCOL_TO_TLS_VERSIONr!r_r‰r‡r”rmrjrlrsrkrxr~rWrïrÚ ECONNRESETry)Zserver_protocolZclient_protocolÚexpect_successZ certsreqsÚserver_optionsÚclient_optionsZcerttypeZ formatstrrzr{Z min_versionrHr×rèrrrÚtry_protocol_comboU s\             r„c@seZdZedd„ƒZdd„Ze eƒd¡dd„ƒZ dd „Z d d „Z d d „Z dd„Z dd„Ze ejd¡dd„ƒZdd„Zdd„Zee eedƒd¡dd„ƒƒZedd„ƒZee eedƒd ¡d!d"„ƒƒZed#d$„ƒZee eed%ƒd&¡d'd(„ƒƒZee eed)ƒd*¡d+d,„ƒƒZd-d.„Zd/d0„Zd1d2„Zd3d4„Zd5d6„Zd7d8„Z d9d:„Z!d;d<„Z"d=d>„Z#d?d@„Z$dAdB„Z%dCdD„Z&e ejdE¡dFdG„ƒZ'e eej(dHƒdI¡dJdK„ƒZ)e eej(dHƒdI¡e ej*dL¡dMdN„ƒƒZ+e ej,dO¡dPdQ„ƒZ-e dRej.kdS¡dTdU„ƒZ/dVdW„Z0e eedXƒdY¡dZd[„ƒZ1d\d]„Z2e e3d^¡e 4e5d_¡d`da„ƒƒZ6dbdc„Z7e ej8dd¡dedf„ƒZ9e ej8dg¡dhdi„ƒZ:djdk„Z;e ejdqdr„Z?e@dsdt„ƒZAe@dudv„ƒZBe@dwdx„ƒZCe@dydz„ƒZDd{d|„ZEd}d~„ZFdd€„ZGdd‚„ZHdƒd„„ZId…S)†Ú ThreadedTestsc CsÄtjrtj d¡x`tD]X}|tjtjhkr.q|j tj |d*t  |¡}|  t ¡t||dddWdQRXqWtƒ\}}}|j tjtjdt||dd|dWdQRXd|_|j tjtjdB| tj¡}t||dd|dWdQRX| d t|jƒ¡WdQRX|j tjtjd@| tj¡}t||ddd WdQRX| d t|jƒ¡WdQRX|j tjtjd@| tj¡}t||ddd WdQRX| d t|jƒ¡WdQRXdS) z2Basic test of an SSL client connecting to a serverr²)r”T)rIrON)rrf)rzr{rIrOr{Fz%called a function you should not call)rzr{rIrO)rr3r1r4r5rrrrwrEZsubTestÚ_PROTOCOL_NAMESrDrlrµr~r|riržrWr€r’r)rŠr”rqrzr{ryrèrrrÚ test_echož sN     zThreadedTests.test_echoc Cs\tjrtj d¡tƒ\}}}t|dd}|"|jt ¡d|d}|  t |j f¡|  t ¡| ¡WdQRX| ¡| ¡}| |d¡| ¡}tjrÐtj t |¡d¡tj dt|ƒd¡d|krì| d t |¡¡d |dkr| d ¡| d |¡| d |¡t |d ¡}t |d ¡} | || ¡WdQRXWdQRXdS)Nr²F)rqrI)rrzCan't get peer certificate.zConnection cipher is z. r"z$No subject field in certificate: %s.))rzPython Software FoundationzkMissing or invalid 'organizationName' field in certificate subject; should be 'Python Software Foundation'.r r)rr3r1r4r5r|rrnrŽrrrgržrGr rîrÞr)r¹rºr’r¤r€rrWrÜ) rŠrzr{ryrfrrr)ZbeforeZafterrrrÚtest_getpeercertÎ s<          zThreadedTests.test_getpeercertz!verify_flags need OpenSSL > 0.9.8c Cs|tjrtj d¡tƒ\}}}ttddƒ}| |j tj |B¡t |dd}|H|j t   ¡|d*}| t|jf¡| ¡}| |d¡WdQRXWdQRX|j tjO_ t |dd}|N|j t   ¡|d0}| tjd¡| t|jf¡WdQRXWdQRXWdQRX| t¡t |dd}|H|j t   ¡|d*}| t|jf¡| ¡}| |d¡WdQRXWdQRXdS) Nr²rrT)rqrI)rzCan't get peer certificate.zcertificate verify failed)rr3r1r4r5r|rŽrrˆrrrrnrŽrrrgr rÞr‘rŒrWrkÚCRLFILE)rŠrzr{ryr’rfrrrrrÚtest_crl_checkò s8          .    zThreadedTests.test_crl_checkc Cs6tjrtj d¡tƒ\}}}t|dd}|H|jt ¡|d*}|  t |j f¡|  ¡}|  |d¡WdQRXWdQRXt|dd}|N|jt ¡dd0}| tjd¡|  t |j f¡WdQRXWdQRXWdQRXt|dd}|<t ¡(}| td¡| |¡WdQRXWdQRXWdQRXdS) Nr²T)rqrI)rzCan't get peer certificate.rz:Hostname mismatch, certificate is not valid for 'invalid'.z'check_hostname requires server_hostname)rr3r1r4r5r|rrnrŽrrrgr rÞrŒrrrG)rŠrzr{ryrfrrrrrrÝ s0         .  z!ThreadedTests.test_check_hostnamec CsÂt tj¡}| t¡| d¡t}t tj¡}| t ¡t |dd}|n|j t   ¡|dP}|  t|jf¡| ¡}| |d¡| ¡d d¡}| |dd…d ¡WdQRXWdQRXdS) NzECDHE:ECDSA:!NULL:!aRSAT)rqrI)rzCan't get peer certificate.rú-rB)ÚECDHEÚECDSA)rrDrwrkrxrmÚSIGNED_CERTFILE_ECC_HOSTNAMErErlÚSIGNED_CERTFILE_ECCrrnrŽrrrgr rÞr)Úsplit)rŠrzryr{rfrrr)rrrÚ test_ecc_cert= s         zThreadedTests.test_ecc_certc CsÜt tj¡}| t¡|jtjO_| d¡t}t tj ¡}|  t ¡|  t ¡t |dd}|n|jt ¡|dP}| t|jf¡| ¡}| |d¡| ¡d d¡}| |dd…d ¡WdQRXWdQRXdS) NzECDHE:ECDSA:!NULL:!aRSAT)rqrI)rzCan't get peer certificate.rr‹rB)rŒr)rrDrwrkrxr€r…rmrŽrErlrrsrrnrŽrrrgr rÞr)r)rŠrzryr{rfrrr)rrrÚtest_dual_rsa_eccR s"          zThreadedTests.test_dual_rsa_eccc CsRtjrtj d¡t tj¡}| t ¡t tj ¡}tj |_ d|_ | t¡ddddddd d g}xŠ|D]‚\}}t|dd }|d|jt ¡|d F}| |j|¡| t|jf¡| ¡}| |j|¡| |d ¡WdQRXWdQRXqfWt|dd }|L|jt ¡dd .}| tj¡| t|jf¡WdQRXWdQRXWdQRXdS)Nr²T)ukönig.idn.pythontest.netzxn--knig-5qa.idn.pythontest.net)zxn--knig-5qa.idn.pythontest.netzxn--knig-5qa.idn.pythontest.net)sxn--knig-5qa.idn.pythontest.netzxn--knig-5qa.idn.pythontest.net)u(königsgäßchen.idna2003.pythontest.netz.xn--knigsgsschen-lcb0w.idna2003.pythontest.net)z.xn--knigsgsschen-lcb0w.idna2003.pythontest.netz.xn--knigsgsschen-lcb0w.idna2003.pythontest.net)s.xn--knigsgsschen-lcb0w.idna2003.pythontest.netz.xn--knigsgsschen-lcb0w.idna2003.pythontest.net)z.xn--knigsgchen-b4a3dun.idna2008.pythontest.netz.xn--knigsgchen-b4a3dun.idna2008.pythontest.net)s.xn--knigsgchen-b4a3dun.idna2008.pythontest.netz.xn--knigsgchen-b4a3dun.idna2008.pythontest.net)rqrI)rzCan't get peer certificate.zpython.example.org)rr3r1r4r5rrDrErlÚ IDNSANSFILErwrrjrirkrxrrnrŽrˆrrrrgr rÞržr) rŠr{rqZ idn_hostnamesrZexpected_hostnamerfrrrrrÚtest_check_hostname_idnl s@        $   z%ThreadedTests.test_check_hostname_idnc Cstƒ\}}}| t¡tj|_tjj|_t |ddd}|Â|j t   ¡|d¤}y|  t |jf¡Wn~tjk rž}ztjrŽtj d|¡Wdd}~XYnPtk râ}z(|jtjkr¼‚tjrÒtj d|¡Wdd}~XYn X| d¡WdQRXWdQRXdS)zÇConnecting when the server rejects the client's certificate Launch a server with CERT_REQUIRED, and check that trying to connect to it with a wrong client certificate fails. T)rqrIrO)rz SSLError is %r Nz socket.error is %r z'Use of invalid cert should have failed!)r|rlrµrrrjrˆr‰rŠrrnrŽrrrgrWrr3r1r4r5rïrr€r¤)rŠrzr{ryrfrrèrrrÚtest_wrong_cert_tls12¤ s(        "z#ThreadedTests.test_wrong_cert_tls12zTest needs TLS 1.3c Cs&tƒ\}}}| t¡tj|_tjj|_tjj|_t |ddd}|Ø|j t   ¡|dº}|  t |jf¡y| d¡| d¡Wn€tjk r¼}ztjr¬tj d|¡Wdd}~XYnRtk r}z(|jtjkrÜ‚tjròtj d|¡Wdd}~XYn X| d¡WdQRXWdQRXdS) NT)rqrIrO)rsdatarMz SSLError is %r z socket.error is %r z'Use of invalid cert should have failed!)r|rlrµrrrjrˆr‹r‡rrnrŽrrrgr5r¬rWrr3r1r4rïrr€r¤)rŠrzr{ryrfrrèrrrÚtest_wrong_cert_tls13É s.          "z#ThreadedTests.test_wrong_cert_tls13cstt ¡‰t ¡‰t ¡‰t ˆt¡‰‡‡‡fdd„}‡‡‡‡fdd„}tj|d}| ¡z |ƒWd| ¡XdS)ztA brutal shutdown of an SSL server should raise an OSError in the client when attempting handshake. cs8ˆ ¡ˆ ¡ˆ ¡\}}| ¡ˆ ¡ˆ ¡dS)N)rr7r¾r§)Znewsockr:)Ú listener_goneÚlistener_readyrrrÚlistenerö s  z2ThreadedTests.test_rude_shutdown..listenerc sbˆ ¡t ¡H}| tˆf¡ˆ ¡y t|ƒ}Wntk rHYn Xˆ d¡WdQRXdS)Nz2connecting to closed SSL socket should have failed)r^rŽrrrrrïr¤)r"Ússl_sock)r—r˜rgrŠrrÚ connectorþ s  z3ThreadedTests.test_rude_shutdown..connector)ÚtargetN) r<r]rŽrrcrr=r\r)rŠr™r›râr)r—r˜rgrrŠrÚtest_rude_shutdownè s   z ThreadedTests.test_rude_shutdownc Csútjrtj d¡t tj¡}| t ¡t tj ¡}t |dd}|¬|j t   ¡tdŽ}y| t|jf¡Wnrtjk rà}zRd}| |tj¡| |jd¡| |j|¡| |t|ƒ¡| dt|ƒ¡Wdd}~XYnXWdQRXWdQRXdS)Nr²T)rqrI)rz&unable to get local issuer certificaterpzcertificate verify failed)rr3r1r4r5rrDrErlrsrwrrnrŽrtrrrgrWrØZSSLCertVerificationErrorrˆZ verify_codeZverify_messager€r&)rŠr{rqrfrrèrQrrrÚtest_ssl_cert_verify_error s$       z(ThreadedTests.test_ssl_cert_verify_errorrUz)OpenSSL is compiled without SSLv2 supportcCsÐtjrtj d¡ttjtjdƒttjtjdtjƒttjtjdtj ƒttjtj dƒt tdƒrtttjtj dƒttjtj dƒtƒr ttjtj dtjdttjtj dtjdttjtj dtjddS)z9Connecting to an SSLv2 server with various client optionsr²TFÚPROTOCOL_SSLv3)rƒN)rr3r1r4r5r„rrUr~rr‰r_rŸrr@r‚rƒr„)rŠrrrÚtest_protocol_sslv2( s        z!ThreadedTests.test_protocol_sslv2c CsŽtjrtj d¡ttdƒrnyttjtj dƒWn<t k rl}ztjr\tj dt |ƒ¡Wdd}~XYnXttdƒrˆttjtj dƒttjtjdƒttjtj dƒttdƒrÆttjtj dtjƒttjtjdtjƒttjtj dtjƒttdƒrttjtj dtjƒttjtjdtjƒttjtj dtjƒttdƒrXttjtj dtjd ttjtjdtjtjBd ttjtj dtjd dS) z:Connecting to an SSLv23 server with various client optionsr²rUTz; SSL2 client to SSL23 server test unexpectedly failed: %s NrŸFr )r‚)rr3r1r4r5r_rr„r‰rUrïr’rŸrr~rrƒr‚r„)rŠr7rrrÚtest_PROTOCOL_TLS@ s:          zThreadedTests.test_PROTOCOL_TLSrŸz)OpenSSL is compiled without SSLv3 supportcCsªtjrtj d¡ttjtjdƒttjtjdtjƒttjtjdtj ƒt tdƒrdttjtj dƒttjtj dtj dttjtjdƒtƒr¦ttjtj dtjddS)z9Connecting to an SSLv3 server with various client optionsr²rrUF)rƒN)rr3r1r4r5r„rrŸr~rr_rUr‰rƒrr@r‚)rŠrrrÚtest_protocol_sslv3h s     z!ThreadedTests.test_protocol_sslv3cCs˜tjrtj d¡ttjtjdƒttjtjdtjƒttjtjdtj ƒt tdƒrdttjtj dƒt tdƒr~ttjtj dƒttjtj dtjddS)z8Connecting to a TLSv1 server with various client optionsr²r rUFrŸ)rƒN)rr3r1r4r5r„rrr~rr_rUrŸr‰r„)rŠrrrÚtest_protocol_tlsv1| s    z!ThreadedTests.test_protocol_tlsv1r zTLS version 1.1 not supported.cCs tjrtj d¡ttjtjdƒttdƒr> (%d) received; expected <<%r>> (%d) Nrpsover z client: closing connection. z client: connection closed. )rr3r1r4r5r`rµrrrŽrrgr¬r`r¤rr§)rŠrzrfrr}rrrÚtest_asyncore_server s2       z"ThreadedTests.test_asyncore_serverc sÆtjrtj d¡tttjtj tddd}|Œt t   ¡dtttjtj d‰ˆ  t|jf¡‡fdd„}‡fdd „}d ˆjdgtfd ˆjdd gtfd ˆjdgdd„fg}dˆjdgfdˆjdd gfd|dgfd|dgfg}d}xþ|D]ö\}}} } } || d¡} yx|| f| žŽ} d |¡}|j| | | ƒ|dˆ ¡}||  ¡krx| dj||dd…t|ƒ| dd…t| ƒd¡Wqætk rÚ}z@| r¦| dj|d¡t|ƒ |¡sÊ| dj||d¡Wdd}~XYqæXqæWxä|D]Ü\}}} } || d¡} yVˆ | ¡|| Ž}||  ¡krT| d j||dd…t|ƒ| dd…t| ƒd¡Wnhtk r¾}zH| r‚| d!j|d¡t|ƒ |¡s¦| dj||d¡ˆ ¡Wdd}~XYnXqæWd"}ˆ |¡tt|ƒƒ}| ˆ d#|¡t|ƒ¡| ||¡t dk r@t j!t|ƒ}| "|¡}ˆ |¡| ˆ ¡|¡| #t$ˆj%¡| #t$ˆj&d"g¡| #t$ˆj'd$¡| #t$ˆj(td$ƒg¡ˆ d%¡| #tˆjd#¡| #tˆjd#¡ˆ )¡WdQRXdS)&z Test recv(), send() and friends.r²TF)rZrpr[rIrO)rÿrfrdrcrpcstdƒ}ˆ |¡}|d|…S)Nsd)rŸrñ)Úbr)rrrÚ _recv_into; s z0ThreadedTests.test_recv_send.._recv_intocs"tdƒ}ˆ |¡\}}|d|…S)Nsd)rŸró)r®rr:)rrrÚ_recvfrom_into@ sz4ThreadedTests.test_recv_send.._recvfrom_intorôrõz some.addressr"cSsdS)Nr)r7rrrÚI r³z.ThreadedTests.test_recv_send..rðròrñróZPREFIX_rzsending with {})rQzpWhile sending with <<{name:s}>> bad data <<{outdata:r}>> ({nout:d}) received; expected <<{indata:r}>> ({nin:d}) Nrp)rr}ZnoutrzZninz>Failed to send with method <<{name:s}>>; expected to succeed. )rzFMethod <<{name:s}>> failed with unexpected exception message: {exp:s} )rZexpzrWhile receiving with <<{name:s}>> bad data <<{outdata:r}>> ({nout:d}) received; expected <<{indata:r}>> ({nin:d}) zAFailed to receive with method <<{name:s}>>; expected to succeed. sdatarErîsover )*rr3r1r4r5rrµrrhrErrrŽrwrrrgrôrrõr"rðròrrßrˆr¬r`r¤rGr’rÏrŸÚctypesZc_ubyteZfrom_buffer_copyržrör÷rørùrúr§)rŠrfr¯r°Z send_methodsZ recv_methodsZ data_prefixZ meth_nameZ send_methrr[Z ret_val_methrzr%rQr}rèZ recv_methr¡ÚbufferZubyteZ bytesliker)rrÚtest_recv_send' s²         "            zThreadedTests.test_recv_sendcCsÆttƒ}| ¡| |jdd¡t t|jf¡}| |j ¡t |dd}| |j ¡|  d¡|  |  d¡d¡|  | d¡d¡|  | ¡d¡| d¡|  |  d¡d¡|  | tƒ¡d¡dS)NF)Zsuppress_ragged_eofssdatarr³)rrµrrªrrŽZcreate_connectionrrgr§rrrôrˆrðr¬rìrñrŸ)rŠrfrrrrÚtest_recv_zero° s     zThreadedTests.test_recv_zeroc sžtttjtjtddd}|xtt ¡dtttjtjd‰ˆ t |j f¡ˆ  d¡t dƒ‰‡‡fdd„}|  tjtjf|¡ˆ  d¡ˆ ¡WdQRXdS)NTF)rZrpr[rIrO)rÿrfrdrcrpi csxˆ ˆ¡qWdS)N)rôr)r&rrrÚ fill_bufferØ sz8ThreadedTests.test_nonblocking_send..fill_buffer)rrµrrhrErrrŽrwrrrgrìrŸržrrír§)rŠrfr¶r)r&rrÚtest_nonblocking_sendÄ s*    z#ThreadedTests.test_nonblocking_sendcsþt tj¡‰d}t ˆ¡}t ¡‰d‰‡‡‡fdd„}tj|d}| ¡ˆ ¡zz:t tj¡}|  d¡|  ||f¡|  tj dt |¡Wd| ¡Xz:t tj¡}t |ƒ}|  d¡|  tj d|j ||f¡Wd| ¡XWdd‰| ¡ˆ ¡XdS) Nz 127.0.0.1Fcsjˆ ¡ˆ ¡g}x:ˆsNt ˆgggd¡\}}}ˆ|kr| ˆ ¡d¡qWx|D] }| ¡qVWdS)Ngš™™™™™¹?r)rr7r rAr¾r§)ZconnsrËÚwrèro)ÚfinishrfÚstartedrrÚserveê s z3ThreadedTests.test_handshake_timeout..serve)rœgš™™™™™É?z timed outT)rŽrærrcr<r]r=r\r^rürrŒrýrrr§r)rŠrrgr»râr"r)r¹rfrºrÚtest_handshake_timeoutâ s6           z$ThreadedTests.test_handshake_timeoutcst tj¡}tj|_| t¡| t¡t   t j ¡‰d}t   ˆ¡}|j ˆdd‰| ˆj¡t ¡‰d‰d‰‡‡‡‡fdd„}tj|d}| ¡ˆ ¡|  t   ¡¡}| ||f¡| d¡| ¡| ¡}| ¡| ¡ˆ ¡ˆ ¡| ˆtj¡| ˆ|¡dS)Nz 127.0.0.1T)rÿcs0ˆ ¡ˆ ¡ˆ ¡\‰‰ˆ ˆ d¡¡dS)NrM)rr7r¾rôrðr)ÚevtÚpeerÚremoterfrrr»#s z/ThreadedTests.test_server_accept..serve)rœsdata)rrDr‰rrjrkrxrlrsrŽrærrcrnrÞrÿr<r]r=r\r^rrôrðr r§rrØrrˆ)rŠrqrrgr»rârZ client_addrr)r½r¾r¿rfrÚtest_server_accepts6        z ThreadedTests.test_server_acceptc CsZt tj¡}| t ¡¡6}| t¡}| ¡WdQRX| |j j t j ¡WdQRXdS)N) rrDr‰rnrŽržrïr rˆrrÚENOTCONN)rŠrqrorrrrÚtest_getpeercert_enotconn<s   z'ThreadedTests.test_getpeercert_enotconnc CsZt tj¡}| t ¡¡6}| t¡}| ¡WdQRX| |j j t j ¡WdQRXdS)N) rrDr‰rnrŽržrïrîrˆrrrÁ)rŠrqrorrrrÚtest_do_handshake_enotconnCs   z(ThreadedTests.test_do_handshake_enotconnc Cs tƒ\}}}|jtjO_| d¡| d¡t|dJ}|jt ¡|d,}| t ¡|  t |j f¡WdQRXWdQRXWdQRX|  d|jd¡dS)NZAES128ÚAES256)rq)rzno shared cipherr)r|r€rr…rmrrnrŽržrïrrrgr€rH)rŠrzr{ryrfrrrrÚtest_no_shared_ciphersJs       .z$ThreadedTests.test_no_shared_ciphersc Csèt tj¡}d|_tj|_tttjdd´}|  t   ¡¡|}|  |  ¡d¡|  |j d¡| t|jf¡tr†tjr†| |  ¡d¡n,tjdkr¢| |  ¡d¡n| |  ¡d¡WdQRX|  |j d¡|  |  ¡d¡WdQRXdS)zt Basic tests for SSLSocket.version(). More tests are done in the test_protocol_*() methods. F)rprINzTLSv1.3)rrrBzTLSv1.2)r zTLSv1.2)rrDrwrirhrjrrµrErnrŽr“r$rrrrgÚIS_OPENSSL_1_1_1Ú HAS_TLSv1_3rˆr?r€)rŠrqrfrrrrÚtest_version_basicXs"    z ThreadedTests.test_version_basicz%test requires TLSv1.3 enabled OpenSSLc Cs t tj¡}| t¡|jtjtjBtjBO_t |dZ}|  t   ¡¡@}|  t |jf¡| | ¡ddddh¡| | ¡d¡WdQRXWdQRXdS)N)rqrZTLS_AES_256_GCM_SHA384ZTLS_CHACHA20_POLY1305_SHA256ZTLS_AES_128_GCM_SHA256zTLSv1.3)rrDr‰rlrµr€r„r†r‡rrnrŽrrrgr€r)rˆr$)rŠrqrfrrrrÚ test_tls1_3ps   zThreadedTests.test_tls1_3r‡zrequired OpenSSL 1.1.0gc CsŠtƒ\}}}tjj|_tjj|_tjj|_tjj|_t|dD}|jt   ¡|d&}|  t |j f¡|  | ¡d¡WdQRXWdQRXtjj|_tjj|_t|dD}|jt   ¡|d&}|  t |j f¡|  | ¡d¡WdQRXWdQRXtjj|_tjj|_tjj|_tjj|_t|d^}|jt   ¡|d@}| tj¡}|  t |j f¡WdQRX| dt|jƒ¡WdQRXWdQRXdS)N)rq)rzTLSv1.2zTLSv1.1Zalert)r|rrˆr r‡r‰rŠrrnrŽrrrgrˆr$r ržrWr€r’r)rŠrzr{ryrfrrèrrrrŒ‚s6        $     $       z"ThreadedTests.test_min_max_versionzrequires SSLv3 supportc Cs‚tƒ\}}}tjj|_tjj|_tjj|_t|dD}|jt ¡|d&}|  t |j f¡|  |  ¡d¡WdQRXWdQRXdS)N)rq)rr)r|rrˆrr‡rŠrrnrŽrrrgrˆr$)rŠrzr{ryrfrrrrÚtest_min_max_version_sslv3ªs       z(ThreadedTests.test_min_max_version_sslv3z"test requires ECDH-enabled OpenSSLc Cs’t tj¡}| t¡|jtjO_tjdkr:| d¡t |dD}|  t   ¡¡*}|  t |jf¡| d| ¡d¡WdQRXWdQRXdS)N)rrrz ECCdraft:ECDH)rqZECDHr)rrDr‰rlrµr€r…r?rmrrnrŽrrrgr€r))rŠrqrfrrrrÚtest_default_ecdh_curve¸s     z%ThreadedTests.test_default_ecdh_curvez tls-uniquez*'tls-unique' channel binding not availablec Csºtjrtj d¡tƒ\}}}t|ddd}|~|jt ¡|dœ}|  t |j f¡|  d¡}tjrztj d  |¡¡| |¡| ¡dkr¢| t|ƒd ¡n| t|ƒd ¡| d ¡| ¡ ¡}| |t|ƒ d ¡¡Wd QRX|jt ¡|d¬}|  t |j f¡|  d¡}tjr0tj d  |¡¡| ||¡| |¡| ¡dkrf| t|ƒd ¡n| t|ƒd ¡| d ¡| ¡ ¡}| |t|ƒ d ¡¡Wd QRXWd QRXd S)z Test tls-unique channel binding.r²TF)rqrIrO)rz tls-uniquez! got channel binding data: {0!r} zTLSv1.3é0é sCB tls-unique zus-asciiNz(got another channel binding data: {0!r} )rr3r1r4r5r|rrnrŽrrrgr!rßr*r$rˆrr¬rNr&rr­) rŠrzr{ryrfrZcb_dataZpeer_data_reprZ new_cb_datarrrr%ÌsR               z-ThreadedTests.test_tls_unique_channel_bindingcCsTtƒ\}}}t||dd|d}tjr:tj d |d¡¡| |ddddh¡dS)NT)rIrOr{z got compression: {!r} rqZZLIBZRLE) r|r~rr3r1r4r5rßr€)rŠrzr{ryr×rrrÚtest_compressions zThreadedTests.test_compressionr)z*ssl.OP_NO_COMPRESSION needed for this testcCsRtƒ\}}}|jtjO_|jtjO_t||dd|d}| |dd¡dS)NT)rIrOr{rq)r|r€rr)r~r“)rŠrzr{ryr×rrrÚtest_compression_disableds z'ThreadedTests.test_compression_disabledcCs–tƒ\}}}|jtjO_| t¡| d¡|jtjO_t||dd|d}|dd}| d¡}d|kr’d|kr’d |kr’|  d |d¡dS) NZkEDHT)rIrOr{r)rr‹ZADHZEDHZDHEzNon-DH cipher: ) r|r€rr…r¹rºrmr~rr¤)rŠrzr{ryr×r)ÚpartsrrrÚtest_dh_paramss     zThreadedTests.test_dh_paramszneeds secp384r1 curve supportz TODO: Test doesn't work on 1.1.1cCstƒ\}}}| d¡| d¡|jtjtjBO_t||dd|d}tƒ\}}}| d¡| d¡|jtjtjBO_t||dd|d}tƒ\}}}| d¡| d¡| d¡|jtjtjBO_yt||dd|d}Wntjk rüYnXt r|  d¡dS)NrBzECDHE:!eNULL:!aNULLT)rIrOr{rÄzmismatch curve did not fail) r|rFrmr€rr„r†r~rWÚIS_OPENSSL_1_1_0r¤)rŠrzr{ryr×rrrÚtest_ecdh_curve,s6           zThreadedTests.test_ecdh_curvecCs2tƒ\}}}t||dd|d}| |dd¡dS)NT)rIrOr{rs)r|r~r“)rŠrzr{ryr×rrrÚtest_selected_alpn_protocolSs  z)ThreadedTests.test_selected_alpn_protocolzALPN support requiredcCs@tƒ\}}}| ddg¡t||dd|d}| |dd¡dS)NršÚbarT)rIrOr{rs)r|rWr~r“)rŠrzr{ryr×rrrÚ/test_selected_alpn_protocol_if_server_uses_alpn[s  z=ThreadedTests.test_selected_alpn_protocol_if_server_uses_alpnz!ALPN support needed for this testc Cs>dddg}ddgdfddgdfdgdfddgdfg}x|D]ú\}}tƒ\}}}| |¡| |¡yt||dd|d}Wn(tjk r¢} z| }Wdd} ~ XYnX|dkrÊtrÊtjdkrÊ| |tj¡q.servername_cbTÚ supermessage)rIr{r(Znotfunny)rãrirÈr~rˆrärt)rŠr{rzrèr×r)rçrârrɼs.     zThreadedTests.test_sni_callbackc Cs\| ¡\}}}dd„}| |¡| tj¡}t||ddd}WdQRX| |jjd¡dS)NcSstjS)N)rZALERT_DESCRIPTION_ACCESS_DENIED)ršrårærrrÚcb_returning_alertêszAThreadedTests.test_sni_callback_alert..cb_returning_alertFré)rIr{ZTLSV1_ALERT_ACCESS_DENIED) rãrÈržrrWr~rˆrrê)rŠr{rârzrêrr×rrrÚtest_sni_callback_alertås z%ThreadedTests.test_sni_callback_alertc Cs€| ¡\}}}dd„}| |¡| tj¡*}t ¡}t||ddd}WdQRXWdQRX| |j j d¡|  d|  ¡¡dS)NcSs dddS)Nrrr)ršrårærrrÚ cb_raisingøsz;ThreadedTests.test_sni_callback_raising..cb_raisingFré)rIr{ZSSLV3_ALERT_HANDSHAKE_FAILUREÚZeroDivisionError) rãrÈržrrWrÚcaptured_stderrr~rˆrrêr€Úgetvalue)rŠr{rârzrìrÚstderrr×rrrÚtest_sni_callback_raisingós  z'ThreadedTests.test_sni_callback_raisingc Cs€| ¡\}}}dd„}| |¡| tj¡*}t ¡}t||ddd}WdQRXWdQRX| |j j d¡|  d|  ¡¡dS)NcSsdS)Nršr)ršrårærrrÚcb_wrong_return_type szOThreadedTests.test_sni_callback_wrong_return_type..cb_wrong_return_typeFré)rIr{ZTLSV1_ALERT_INTERNAL_ERRORr) rãrÈržrrWrrîr~rˆrrêr€rï)rŠr{rârzròrrðr×rrrÚ#test_sni_callback_wrong_return_types  z1ThreadedTests.test_sni_callback_wrong_return_typec sŽtƒ\}}}| d¡| d¡ddddg}t|||d}|dd}| t|ƒd¡x2|D]*\‰}}t‡fd d „|Dƒƒs\| ˆ¡q\WdS) Nz AES128:AES256rÄzAES-256Z TLS_CHACHA20ZTLS_AES)r{rxrc3s|]}|ˆkVqdS)Nr)rzZalg)rrrr|%sz4ThreadedTests.test_shared_ciphers..)r|rmr~Ú assertGreaterrÚanyr¤) rŠrzr{ryZ expected_algsr×reZ tls_versionÚbitsr)rrÚtest_shared_cipherss    z!ThreadedTests.test_shared_ciphersc Csvtƒ\}}}t|dd}|P|jt ¡|d}| t|jf¡| ¡| t |j d¡| t |j d¡WdQRXdS)NF)rqrI)rishello) r|rrnrŽrrrgr§ržrGr¬r5)rŠrzr{ryrfrrrrÚ,test_read_write_after_close_raises_valuerror(s   z:ThreadedTests.test_read_write_after_close_raises_valuerrorc CsÜd}ttjdƒ}| |¡WdQRX| tjtj¡t tj¡}tj |_ |  t ¡|  t¡t|dd}|d| t ¡¡J}| t|jf¡ttjdƒ"}| |¡| | d¡|¡WdQRXWdQRXWdQRXdS)NsxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxÚwbF)rqrIr©i)rÌrZTESTFNr5rªÚunlinkrrDr‰rrjrkrxrlrsrrnrŽrrrgÚsendfilerˆrð)rŠZ TEST_DATAr^rqrfrÚfilerrrÚ test_sendfile5s     zThreadedTests.test_sendfilec Cs@tƒ\}}}|jtjO_t|||d}|d}| |j¡| |jd¡| |j d¡| |j ¡tj dkr~| |j d¡|  |d¡| ¡}| |dd¡| |dd¡t||||d }| ¡}| |dd ¡| |dd¡| |d¡|d}| |j|j¡| ||¡| ||¡| |j|j¡| |j |j ¡t|||d}|  |d¡|d}| |j|j¡| ||¡| ¡}| |dd ¡| |dd¡t||||d }| |d¡|d} | | j|j¡| | |¡| | j|j¡| | j |j ¡| ¡}| |dd ¡| |dd ¡dS) N)r{ror)rrrrur¾rr¿)ror{rBrrM)r|r€rr…r~rÞÚidrôrJrýZ has_ticketr?Zticket_lifetime_hintrƒrÁrˆZ assertIsNotrÛr­) rŠrzr{ryr×roZ sess_statZsession2Zsession3Zsession4rrrÚ test_sessionFs^          zThreadedTests.test_sessionc Csütƒ\}}}tƒ\}}}|jtjO_|jtjO_t|dd}|¨|jt ¡|dp}| |jd¡| |j d¡|  t |j f¡|j}|  |¡| t¡ } t|_WdQRX| t| jƒd¡WdQRX|jt ¡|dD}|  t |j f¡| t¡ } ||_WdQRX| t| jƒd¡WdQRX|jt ¡|dJ}||_|  t |j f¡| |jj|j¡| |j|¡| |j d¡WdQRX|jt ¡|dD}| t¡} ||_|  t |j f¡WdQRX| t| jƒd¡WdQRXWdQRXdS)NF)rqrI)rzValue is not a SSLSession.z#Cannot set session after handshake.Tz)Session refers to a different SSLContext.)r|r€rr…rrnrŽrˆrorurrrgrÞržrr¶r’rrGrþ) rŠrzr{ryZclient_context2r°rfrrorèrrrÚtest_session_handling€sJ                 z#ThreadedTests.test_session_handlingN)Jrkrlrmrbr‡rˆrZrnrArŠrÝr‘r’r”r•rrÇr–rržr_r r¡r¢r£r¤r¦r¨r¬r­r´rµr·r¼rÀrÂrÃrÅrÈrÉrDrŒZ HAS_SSLv3rÊrCrËror%rÎrÏrÑÚHAVE_SECP_CURVESrårÆrÓrÔZHAS_ALPNrÖrÝrÞZHAS_NPNrárãrärærÉrërñrór÷rørýrÿrrrrrr…œ sŽ 0$)!8%)  (    9 1)'  ;   & (  )    :r…zTest needs TLS 1.3c@sTeZdZdd„Zdd„Zdd„Zdd„Zd d „Zd d „Zd d„Z dd„Z dd„Z dS)ÚTestPostHandshakeAuthcCsÄtjtjtjg}x®|D]¦}t |¡}| |jd¡d|_| |jd¡tj|_| |jtj¡| |jd¡d|_| |jtj¡| |jd¡tj |_d|_| |jtj ¡| |jd¡qWdS)NFT) rr‰rErwrDrˆÚpost_handshake_authrrjr~)rŠZ protocolsr”rHrrrÚtest_pha_setterµs   z%TestPostHandshakeAuth.test_pha_setterc Cstƒ\}}}d|_tj|_d|_| t¡t|dd}|Ê|jt   ¡|d¬}|  t |j f¡|  d¡| | d¡d¡|  d¡| | d¡d ¡|  d¡| | d¡d ¡|  d¡| | d¡d ¡|  d ¡| d ¡ d ¡}| d|¡WdQRXWdQRXdS)NTF)rqrI)rsHASCERTisFALSE sPHAsOK sTRUE sGETCERTizus-asciizPython Software Foundation CA)r|rrrrjrlrsrrnrŽrrrgr5rˆrðrr€)rŠrzr{ryrfrZ cert_textrrrÚtest_pha_requiredÍs*          z'TestPostHandshakeAuth.test_pha_requiredc Cs¸tƒ\}}}d|_tj|_d|_t|dd}|~|jt ¡|d`}| t |j f¡|  d¡|  |  d¡d¡|  d¡| tjd ¡|  d¡WdQRXWdQRXWdQRXdS) NTF)rqrI)rsPHAisOK sHASCERTz!tlsv13 alert certificate required)r|rrrrjrrnrŽrrrgr5rˆrðrŒrW)rŠrzr{ryrfrrrrÚtest_pha_required_nocertæs       z.TestPostHandshakeAuth.test_pha_required_nocertc Csætjrtj d¡tƒ\}}}d|_tj|_ d|_|  t ¡tj |_ t |dd}|ˆ|jt ¡|dj}| t|jf¡| d¡| | d¡d¡| d ¡| | d¡d ¡| d¡| | d¡d ¡WdQRXWdQRXdS) Nr²TF)rqrI)rsHASCERTisFALSE sPHAsOK sTRUE )rr3r1r4r5r|rrrrjrlrsr~rrnrŽrrrgrˆrð)rŠrzr{ryrfrrrrÚtest_pha_optionalüs&         z'TestPostHandshakeAuth.test_pha_optionalc CsÔtjrtj d¡tƒ\}}}d|_tj|_ d|_t |dd}|ˆ|j t   ¡|dj}|  t|jf¡| d¡| | d¡d¡| d ¡| | d¡d ¡| d¡| | d¡d¡WdQRXWdQRXdS) Nr²TF)rqrI)rsHASCERTisFALSE sPHAsOK )rr3r1r4r5r|rrr~rjrrnrŽrrrgrˆrð)rŠrzr{ryrfrrrrÚtest_pha_optional_nocerts"        z.TestPostHandshakeAuth.test_pha_optional_nocertc Cs°tƒ\}}}d|_tj|_| t¡t|dd}|r|jt   ¡|dT}|  t |j f¡|  tjd¡| ¡WdQRX| d¡| d| d¡¡WdQRXWdQRXdS) NTF)rqrI)rz not serversPHAsextension not receivedi)r|rrrrjrlrsrrnrŽrrrgrŒrWrPr5r€rð)rŠrzr{ryrfrrrrÚtest_pha_no_pha_client*s      z,TestPostHandshakeAuth.test_pha_no_pha_clientc CsÆtƒ\}}}tj|_d|_| t¡t|dd}|ˆ|jt   ¡|dj}|  t |j f¡|  d¡| | d¡d¡|  d¡| | d¡d ¡|  d¡| | d¡d¡WdQRXWdQRXdS) NTF)rqrI)rsHASCERTisTRUE sPHAsOK )r|rrrjrrlrsrrnrŽrrrgr5rˆrð)rŠrzr{ryrfrrrrÚtest_pha_no_pha_server:s        z,TestPostHandshakeAuth.test_pha_no_pha_serverc Cs˜tƒ\}}}tj|_tjj|_d|_| t ¡t |dd}|P|j t   ¡|d2}|  t|jf¡| d¡| d| d¡¡WdQRXWdQRXdS)NTF)rqrI)rsPHAsWRONG_SSL_VERSIONi)r|rrrjrˆr‰rŠrrlrsrrnrŽrrrgr5r€rð)rŠrzr{ryrfrrrrÚtest_pha_not_tls13Ns       z(TestPostHandshakeAuth.test_pha_not_tls13c Cst}t tj¡}d|_| t¡d|_tj|_ t tj ¡}| t¡|  t ¡d|_tj |_ t|dd}|˜|jt ¡|dz}| t|jf¡| d¡| | d¡d¡| d¡| | d¡d ¡| d¡| | d¡d ¡| | ¡i¡WdQRXWdQRXdS) NTF)rqrI)rsHASCERTisFALSE sPHAsOK sTRUE )rtrrDrwrrlrsrirhrjrErkrxrrrnrŽrrrgr5rˆrðr )rŠryrzr{rfrrrrÚtest_bpo37428_pha_cert_none_s.           z1TestPostHandshakeAuth.test_bpo37428_pha_cert_noneN) rkrlrmrrrrrr r r r rrrrr³src Cs~tjrèddl}tjtjtjdœ}| ¡V| ddt ¡x@|  ¡D](\}}|ƒ}|rB|drBd||f}PqBWt t ¡ƒ}WdQRXt dt jt jfƒt d|ƒt dt jƒt d t jƒyt d t jƒWntk ræYnXxBttttttttttttg D]"}t j! "|¡st #d |¡‚qWt$t%t&t't(t)t*t+g}t ,d ¡rV| -t.¡t /¡}ztj0|ŽWdtj1|ŽXdS) Nr)ZLinuxZMacZWindowsÚignorez?dist\(\) and linux_distribution\(\) functions are deprecated .*z%s %rztest_ssl: testing with %r %rz under %sz HAS_SNI = %rz OP_ALL = 0x%8xz OP_NO_TLSv1_1 = 0x%8xzCan't read certificate file %rZnetwork)2rr3ÚwarningsrXrYZmac_verZ win32_verÚcatch_warningsÚfilterwarningsÚDeprecationWarningÚitemsr&Úprintrr×r?rrr†r…rµr«r¤r¥r¦r§rsrurxr¢ÚBADKEYr£r r ÚexistsZ TestFailedrpr}rçròrÿrr…rZis_resource_enabledrAr0Zthreading_setupZ run_unittestZthreading_cleanup) r3rZplatsrr]ZplatÚfilenameZtestsÚ thread_inforrrÚ test_mainsR       rÚ__main__)N)rnTFNN)Nrr)F){r1rZr6rrŽr rJrPrËr rr¹Zurllib.requestrªr<r/rarçrXr`Z sysconfigr²Ú ImportErrorÚ import_modulerÚsortedr†rrrr×rÏrÝr?rÒrÆZget_config_varrrr•ZverrŽrˆr…rrµÚfsencoder«r¤r¥r¦r§r¨r©r–r,r¬r´rÍr¶r‰rsrtr·rurvrrŽrxrÉr“r2r£r¢rrr¸rÆr¾rºr»r)r*r+r,r-r7r=r@rArIrrKrTrbrnrrær‰rhrrr|ZTestCaser}rprçròrÿrr0rrZtest.ssl_serversr8r=rr`r~r„r…rÇrrrkrrrrÚs<                         8?0B  v 1 F# L 7