a ze. @slddlZddlZddlZddlmZddlmZddlZddlZddl Z ddl Z ddl Z ddl Z ddl Z ddlZddlZddlZddlZddlZddlZddlZddlZddlZz ddlZWneydZYn0edZddlmZmZmZeedZ e o ejdkZ!e"ej#Z$ej%Z%ej&'dZ(e( o8ej)d kZ*e( oJej)d kZ+e( o\ej)d kZ,e-d Z.iZ/d D]H\Z0Z1ze2ee0Z0e2eje1Z1Wne3yYqpYn0e1e/e0<qpddZ4e4dZ5e 6e5Z7e4dZ8e4dZ9e 6e8Z:e 6e9Z;e4dZe4dZ?e 6e?Z@e4ddZAe4ddZBddddddddZCe4d ZDe4d!ZEd"ZFd#d$d%d&d'd(d)dddd* ZGe4d+ZHd,ZIe4d-ZJd.ZKe4dd/ZLe4d0ZMe4d1ZNe4d2ZOd"ZPd3ZQe4d4ZRe4d5ZSe4d6ZTe4d7ZUe4d8ZVe4d9ZWe4d:ZXe4d;ZYe 6eYZZe2eddZ]e2ed?dZ^e2ed@dZ_e2edAdZ`dBdCZaearbdDdEZbndFdEZbdGdHZcejddIdJZedKdLZfegeejhdMdNZidOdPZjdQdRZkdSdTZldUdVZmdWdXZnenZodYdZZpd[d\Zqegejrd]Zsejtfejuddddd^d_d`ZveEfdadbZwGdcddddejxZyGdedfdfejxZzGdgdhdhejxZ{GdidjdjejxZ|GdkdldlejxZ}GdmdndnejxZ~edoGdpdqdqejxZddrdsZdtduZddvlmZGdwdxdxejZGdydzdzejZdd~dZdddZGdddejxZegeeddGdddejxZeejhdZegedZGdddejxZddZedkrhedS)N)support) socket_helperssl) TLSVersion_TLSContentType_TLSMessageTypegettotalrefcountwin32ZLibreSSL)r r)r r r )rrPY_SSL_DEFAULT_CIPHERS))PROTOCOL_SSLv23SSLv3)PROTOCOL_TLSv1TLSv1)PROTOCOL_TLSv1_1TLSv1_1cGstjjtjtg|RSN)ospathjoindirname__file__namerA/opt/bitninja-python-dojo/embedded/lib/python3.9/test/test_ssl.py data_file9srz keycert.pemz ssl_cert.pemz ssl_key.pemzkeycert.passwd.pemzssl_key.passwd.pemZsomepasscapathz 4e1295a3.0z 5ed36f99.0)) countryNameZXY) localityNamezCastle Anthrax)organizationNamezPython Software Foundation)) commonName localhostzAug 26 14:23:15 2028 GMTzAug 29 14:23:15 2018 GMTZ98A7CF88C74A32ED))DNSr&r issuernotAfter notBefore serialNumbersubjectsubjectAltNameversionzrevocation.crlz keycert3.pemr&)z)http://testca.pythontest.net/testca/ocsp/)z0http://testca.pythontest.net/testca/pycacert.cer)z2http://testca.pythontest.net/testca/revocation.crl)r))r$Python Software Foundation CA))r%z our-ca-serverzOct 28 14:23:16 2037 GMTzAug 29 14:23:16 2018 GMTZCB2D80995A69525C) OCSP caIssuerscrlDistributionPointsr)r*r+r,r-r.r/z keycert4.pem fakehostnamezkeycertecc.pemz localhost-eccz ceff1710.0z allsans.pemz idnsans.pemz nosan.pemzself-signed.pythontest.net nullcert.pem badcert.pemzXXXnonexisting.pem badkey.pemz nokia.pemznullbytecert.pemztalos-2019-0758.pemz ffdh3072.pemOP_NO_COMPRESSIONOP_SINGLE_DH_USEOP_SINGLE_ECDH_USEOP_CIPHER_SERVER_PREFERENCEOP_ENABLE_MIDDLEBOX_COMPATOP_IGNORE_UNEXPECTED_EOFcCsXz>tddd}d|vWdWS1s20YWntyRYdS0dS)Nz/etc/os-releasezutf-8)encodingZubuntuF)openreadFileNotFoundError)frrr is_ubuntus 0 rCcGs0|D]&}t|dr|jtjjkr|dqdS)z@"Lower security level to '1' and allow all ciphers for TLS 1.0/1minimum_versionz@SECLEVEL=1:ALLN)hasattrrDrrr set_ciphers)ctxsctxrrrseclevel_workarounds  rIcGsdSrr)rGrrrrIscCsTt|tr"tt|d}|dur"dS|tjtjtjhvr:dS|j}t|t ddS)zCheck if a TLS protocol is available and enabled :param protocol: enum ssl._SSLMethod member or name :return: bool NFTZ PROTOCOL_) isinstancestrgetattrr PROTOCOL_TLSPROTOCOL_TLS_SERVERPROTOCOL_TLS_CLIENTrhas_tls_versionlen)protocolrrrrhas_tls_protocols  rScCs|dkr dSt|tr"tjj|}ttd|js8dStrL|tjjkrLdSt }t |drz|j tjj krz||j krzdSt |dr|j tjjkr||j krdSdS)z{Check if a TLS/SSL version is enabled :param version: TLS version name or ssl.TLSVersion member :return: bool SSLv2FZHAS_rDmaximum_versionT)rJrKrr __members__rLrIS_OPENSSL_3_0_0TLSv1_2 SSLContextrErDMINIMUM_SUPPORTEDrUMAXIMUM_SUPPORTED)r/rHrrrrPs0    rPcsfdd}|S)zDecorator to skip tests when a required TLS version is not available :param version: TLS version name or ssl.TLSVersion member :return: cstfdd}|S)Ncs,tstdn|i|SdS)Nz is not available.)rPunittestZSkipTest)argskw)funcr/rrwrappersz8requires_tls_version..decorator..wrapper) functoolswraps)r_r`r/)r_r decoratorsz'requires_tls_version..decoratorr)r/rdrrcrrequires_tls_versions rerDzrequired OpenSSL >= 1.1.0gcCs.dtjt}tjr*tj||dS)N ) r tracebackformat_exceptionsysexc_inforverbosestdoutwrite)prefixZ exc_formatrrr handle_errorsrocCs tjdkS)N)r  )r_OPENSSL_API_VERSIONrrrrcan_clear_options srucCs tjdkS)N)rrprqrsrOPENSSL_VERSION_INFOrrrrno_sslv2_implies_sslv3_hellosrycCs tjdkS)N)rrprqrrsrwrrrrhave_verify_flagssrzcCsBtjs dSttj}z|dWnty8YdS0dSdS)NF secp384r1T)rHAS_ECDHrYrNset_ecdh_curve ValueError)rHrrr_have_secp_curvess  rcCs$tjrtjdkrtj Stj SNr)timedaylight localtimetm_isdstaltzonetimezonerrrr utc_offset(srcCs^tjdkrZd}tj||}|jdd}||}|ddkrZ|ddd|dd}|S) N)rrprqrprsz%b %d %H:%M:%S %Y GMTr)second0rf)rrtdatetimestrptimereplacestrftime) cert_timefmtZdtrrrasn1time.s    rz SNI support needed for this test) cert_reqsca_certscipherscertfilekeyfilec Kszt|}|dur(|tjkr"d|_||_|dur:|||dusJ|durV||||durh|||j|fi|SNF) rrY CERT_NONEcheck_hostname verify_modeload_verify_locationsload_cert_chainrF wrap_socket) sock ssl_versionrrrrrkwargscontextrrrtest_wrap_socket?s     rcCsr|tkrt}n$|tkrt}n|tkr*t}nt|ttj }| t ttj }| || t |||fS)zUCreate context client_context, server_context, hostname = testing_context() )SIGNED_CERTFILESIGNED_CERTFILE_HOSTNAMESIGNED_CERTFILE2SIGNED_CERTFILE2_HOSTNAME NOSANFILENOSAN_HOSTNAMEr~rrYrOr SIGNING_CArNr)Z server_certhostnameclient_contextserver_contextrrrtesting_contextQs     rc@seZdZddZddZddZddZee j d kd d d Z d Z ddZ ddZddZddZddZddZejddZddZddZd d!Zd"d#Zd$d%Zd&d'Zd(d)Zd*d+Zd,d-Zd.d/Zed0e j!vd1d2d3Z"d4d5Z#d6d7Z$ee%j&d8kd9d:d;Z'ee%j&d8kd9dd?Z)d@dAZ*dBdCZ+dDdEZ,dFdGZ-ee.dHdIdJZ/dKdLZ0e1dMdNdOdPZ2dQdRZ3d S)SBasicSocketTestscCstjtjtjtjtjtjr*tjtjdkr:tj | tj ddh| tjddhtj tj tjtjtjdkrtjtj|tjtjdS)N)r rTFr rr )rr CERT_OPTIONAL CERT_REQUIREDr;r9r|r:rxr8assertInHAS_SNI OP_NO_SSLv2 OP_NO_SSLv3 OP_NO_TLSv1 OP_NO_TLSv1_3 OP_NO_TLSv1_1 OP_NO_TLSv1_2 assertEqualrMr selfrrrtest_constantsks&  zBasicSocketTests.test_constantsc Csb|tdBt}t|Wdn1s60YWdn1sT0YdSNzpublic constructor)assertRaisesRegex TypeErrorsocketr SSLSocketrsrrrtest_private_inits z"BasicSocketTests.test_private_initcCs2tj}|t|dt|}||j|dS)Nz_SSLMethod.PROTOCOL_TLS)rrMrrKrYassertIsrRrprotorHrrrtest_str_for_enumss z#BasicSocketTests.test_str_for_enumscCst}tjr*tjd||r dp"dftd\}}|t |d|||dk|rxt d}|t |dn| tj tj d| t tj d| t tjdttdr| ttjd| ttjddtd d td d ttd d dS) Nz RAND_status is %d (%s) zsufficient randomnesszinsufficient randomnessr RAND_egdfoozthis is a random stringgR@sthis is a random bytes objects!this is a random bytearray object)r RAND_statusrrkrirlrmRAND_pseudo_bytesrrQZ RAND_bytes assertRaisesSSLErrorr~rErrZRAND_add bytearray)rvdataZis_cryptographicrrr test_randoms,     zBasicSocketTests.test_randomposixzrequires posixcCst}|s|dt\}}t}|dkrzBt|tdd}|t |dt ||t|Wnt yt dYn 0t dnlt|| tj|tj|ddt|d}|t |dtdd}|t |d|||dS)Nz*OpenSSL's PRNG has insufficient randomnessrrr )exitcode)rrfailrpipeforkcloserrrQrm BaseException_exit addCleanuprZ wait_processr@assertNotEqual)rstatusZrfdZwfdpidZ child_randomZ parent_randomrrrtest_random_forks.        z!BasicSocketTests.test_random_forkNcCs|tjtt|tjtttjt}t j rTt j dt|d||dd||dd||dd||dd dS) N r.))r'zprojects.developer.nokia.com)r'zprojects.forum.nokia.comr1)zhttp://ocsp.verisign.comr2)z0http://SVRIntl-G3-aia.verisign.com/SVRIntlG3.cerr3)z0http://SVRIntl-G3-crl.verisign.com/SVRIntlG3.crl)rr_ssl_test_decode_certCERTFILE CERTFILE_INFOrSIGNED_CERTFILE_INFO NOKIACERTrrkrirlrmpprintpformatrprrrtest_parse_certs*      z BasicSocketTests.test_parse_certc CsLtjt}tjr,tjdt |d| |dddddddd dS) Nr))r ZUK))r%zcody-cazJun 14 18:00:58 2028 GMTzJun 18 18:00:58 2018 GMTZ02)r))r%#codenomicon-vm-2.test.lal.cisco.com))r'rr r() rrrTALOS_INVALID_CRLDPrrkrirlrmrrrrrrrtest_parse_cert_CVE_2019_5010s z.BasicSocketTests.test_parse_cert_CVE_2019_5010cCsxtjt}tjr,tjdt |dd}| |d|| |d|tj dkr`d}nd}| |d|dS) Nr))r ZUS))stateOrProvinceNameZOregon))r"Z Beavertonr#))organizationalUnitNamezPython Core Development)r%null.python.orgexample.org)) emailAddresszpython-dev@python.orgr-r))rrprq)r'zaltnull.python.orgexample.comemailz null@python.orguser@example.orgURIz)http://null.python.orghttp://example.org IP Addressz 192.0.2.1)rz2001:DB8:0:0:0:0:0:1)rrrr)rz r.) rrr NULLBYTECERTrrkrirlrmrrrrt)rrr-Zsanrrrtest_parse_cert_CVE_2013_4238s  z.BasicSocketTests.test_parse_cert_CVE_2013_4238cCs tjt}||dddS)Nr.) )r'Zallsans othername r)rzuser@example.org)r'zwww.example.org)ZDirName)rr!r#))r%zdirname example)rzhttps://www.python.org/r 127.0.0.1)rz0:0:0:0:0:0:0:1)z Registered IDz 1.2.3.4.5)rrr ALLSANFILErrrrrtest_parse_all_sanss  z$BasicSocketTests.test_parse_all_sanscCsttd}|}Wdn1s(0Yt|}t|}t|}||||tjdsz| d|| dtj ds| d|dS)Nrrz-DER-to-PEM didn't include correct header: %r z-DER-to-PEM didn't include correct footer: %r ) r? CAFILE_CACERTr@rPEM_cert_to_DER_certZDER_cert_to_PEM_certr startswithZ PEM_HEADERrendswithZ PEM_FOOTER)rrBpemd1Zp2d2rrrtest_DER_to_PEM-s &    z BasicSocketTests.test_DER_to_PEMc Cs&tj}tj}tj}||t||t||t||d| |d|\}}}}}||d| |d||d| |d||d| |d||d| |d||d| |dt r| | d |||t|fn&| | d |||||t|fdS) Nii@r rr?rsz LibreSSL {:d}zOpenSSL {:d}.{:d}.{:d})rZOPENSSL_VERSION_NUMBERrxOPENSSL_VERSIONassertIsInstanceinttuplerKassertGreaterEqual assertLessZassertLessEqual IS_LIBRESSL assertTruer formathex) rntrmajorminorZfixpatchrrrrtest_openssl_version9s4                 z%BasicSocketTests.test_openssl_versioncCs`ttj}t|}t|}tdtf~Wdn1sD0Y||ddS)N) rAF_INETrweakrefrefrZcheck_warningsResourceWarningr)rrsswrrrr test_refcycleXs    zBasicSocketTests.test_refcyclec Csttj}t|}|t|jd|t|jtd|t|jd|t|j tdd|t|j d|t|j dd|t |j |t |jdgddd|t |jd|t |jtdgWdn1s0YdS)Nr x)z0.0.0.0rrrd)rr&rrOSErrorrecv recv_intorrecvfrom recvfrom_intosendsendtoNotImplementedErrordupsendmsgrecvmsg recvmsg_intorrr*rrrtest_wrapped_unconnectedcs      z)BasicSocketTests.test_wrapped_unconnectedc Cs\dD]R}ttj}||t| }|||Wdq1sL0YqdS)N)Ng@)rr& settimeoutrr gettimeout)rtimeoutrr*rrr test_timeoutus    zBasicSocketTests.test_timeoutc Cst}|jtdtj|td|jtdtj|dd|jtdtj|dddtj|dtd&}|td|jtd fWdn1s0Y|t F}t}tj|t d Wdn1s0YWdn1s0Y| |j j t j|t J}t }tj|tt d Wdn1s@0YWdn1s`0Y| |j j t j|t J}t }tj|t t d Wdn1s0YWdn1s0Y| |j j t jdS) Nzcertfile must be specifiedrz5certfile must be specified for server-side operationsT server_sider%rDrz!can't connect in server-side modeirrr)rrr~rrrconnectHOSTrr/NONEXISTINGCERTr exceptionerrnoENOENT)rrrcmrrrtest_errors_sslwrap~sB  "  J  F  Fz$BasicSocketTests.test_errors_sslwrapcCsltjtjtptj|}t}||j| t j t ||dWdn1s^0YdS)z;Check that trying to use the given client certificate failsrFN) rrrrrcurdirrrrrrrrrrrrrr bad_cert_tests zBasicSocketTests.bad_cert_testcCs|ddS)z Wrapping with an empty cert filer5NrRrrrrtest_empty_certsz BasicSocketTests.test_empty_certcCs|ddS)z:Wrapping with a badly formatted certificate (syntax error)r6NrSrrrrtest_malformed_certsz$BasicSocketTests.test_malformed_certcCs|ddS)z2Wrapping with a badly formatted key (syntax error)r7NrSrrrrtest_malformed_keysz#BasicSocketTests.test_malformed_keyc sFdd}fdd}ddi}||d||d||d ||d ||d ||d dd i}||d||d||d||d||dddi}||d||d||d||d||dddi}||d||d ||dddi}||d||d||d||dddi}||d||d||ddd d!}dd"|fffi}|||dd#i}|||dd$i}|||d%d d!}dd"|fffi}||d&d d!||d'd d!||d(d d!||d)d d!d*d+d,d-}||d.||d/||d0||d1d2d3d4}||d5||d6||d7dd8d9}||d:||d;||d<||d=||d>||d?||d@tjrddAd9}||dB||dC||dD||dE||dF||d@d2dGd4}||d5dHdIdJd-}||d5dHdGdJd-}||dKttjddttjidddLi}tj dMt|dNWdn1s0YddOi}tj dPt|dQWdn1s0YddRi}tj dSt|dTWdn1s.0YddUi}tj dVt|dWWdn1sr0YddXi}tj dYt|dZWdn1s0Yd[D]<}tt |Wdn1s0Yqd\D]} t |qtjrBd]D]} t |q*dS)^NcSst||dSr)rmatch_hostnamecertrrrroksz0BasicSocketTests.test_match_hostname..okcstjtj||dSr)rrCertificateErrorrWrXrrrrsz2BasicSocketTests.test_match_hostname..failr-)))r% example.comr\z ExAmple.cOmzwww.example.comz .example.comz example.orgZ exampleXcom)))r%z*.a.comz foo.a.comz bar.foo.a.comza.comzXa.comz.a.com)))r%zf*.comzfoo.comzf.comzbar.comz bar.foo.com)rrznull.python.org)))r%z *.*.a.com)))r%za.*.comz a.foo.comza..comupüthon.python.orgidnaasciir%)))r%z x*.python.org)))r%zxn--p*.python.orguwww*.pythön.orguwww.pythön.orguwww1.pythön.orguftp.pythön.orgu pythön.orgzJun 26 21:41:46 2011 GMT)))r% linuxfrz.org))r' linuxfr.org)r' linuxfr.comr)r*r-r.r`rarr_zDec 18 23:59:59 2011 GMT)r)r California)r"z Mountain View)r$z Google Inc)r%mail.google.com)r*r-rgz gmail.comrc)r'r\)r 10.11.12.13)r 14.15.16.17r)r-r.rirjz127.1z 14.15.16.17 z14.15.16.17 extra dataz 14.15.16.18z example.net)rh)rz2001:0:0:0:0:0:0:CAFE )rz2003:0:0:0:0:0:0:BABA z 2001::cafez 2003::babaz 2003::baba z2003::baba extra dataz 2003::bebe)rrbrdrezDec 18 23:59:59 2099 GMT)rrbrdrf))rZblablaz google.com)))r%za*b.example.comz5partial wildcards in leftmost label are not supportedzaxxb.example.com)))r%zwww.*.example.comz2wildcard can only be present in the leftmost labelzwww.sub.example.com)))r%za*b*.example.comztoo many wildcardszaxxbxxc.example.com)))r%*z7sole wildcard without additional labels are not supporthost)))r%z*.comz%hostname 'com' doesn't match '\*.com'Zcom)1r%z1.2.3z 256.0.0.1z 127.0.0.1/24)rz 192.168.0.1)z::1z2001:db8:85a3::8a2e:370:7334) encodedecoder IPV6_ENABLEDrr~rrWrr[Z _inet_patonr)rrZrrYr]invalidZipaddrrrrtest_match_hostnames                                                     ,,,,, .z$BasicSocketTests.test_match_hostnamecCsNttj}t&}|jt|j|dddWdn1s@0YdS)NTz some.hostnameserver_hostname)rrYrNrrr~r)rrHrrrrtest_server_sidews   z!BasicSocketTests.test_server_sidec Cstd}ttj}||t|ddD}|t|dWdn1s\0YWdn1sz0Y| dS)NrrFdo_handshake_on_connectz unknown-type) r create_serverr&rH getsocknamerrr~get_channel_bindingr)rrcr*rrrtest_unknown_channel_binding~s   Fz-BasicSocketTests.test_unknown_channel_binding tls-unique*'tls-unique' channel binding not availablecCsttj}t| }||dWdn1s:0Yttj}t|dtd }||dWdn1s0YdS)Nr~TrE)rr&r assertIsNoner{rr;rrrtest_tls_unique_channel_bindings   . z0BasicSocketTests.test_tls_unique_channel_bindingcCsjtttj}t|}|t}d}tWdn1sD0Y||t |j j ddSr) rrr&reprZ assertWarnsr)r gc_collectrrKwarningr])rr*r rNrrrtest_dealloc_warns  &z"BasicSocketTests.test_dealloc_warncCst}|t|d||tjtD}t|d<t |d<t}||j t ||j tWdn1sx0YdS)N SSL_CERT_DIR SSL_CERT_FILE) rZget_default_verify_pathsrrQrZDefaultVerifyPathsrEnvironmentVarGuardCAPATHrcafiler)rpathsenvrrrtest_get_default_verify_pathss z.BasicSocketTests.test_get_default_verify_pathsr Windows specificc Cs|td|td|ttj|ttjdt}dD]}t|}||t|D]p}||t | t |d|\}}}||t | |ddh||tttft|ttfrf||qfqHd}| ||dS) NCAROOTr%)rrr x509_asn pkcs_7_asn1.3.6.1.5.5.7.3.1)rrZenum_certificatesrr WindowsErrorsetrlistrrrQbytesr frozensetboolrJupdate) rZ trust_oidsZ storenamestoreelementrYencZtrust serverAuthrrrtest_enum_certificatess&     z'BasicSocketTests.test_enum_certificatescCs|td|ttj|ttjdtd}||t|D]D}||t| t |d||dt | |dddhqHdS)Nrr%rr rr) rrZ enum_crlsrrrrrrrrQrr)rZcrlsrrrrtest_enum_crlss   zBasicSocketTests.test_enum_crlsc Csd}td}|||||jd||jd||jd||jd||tj|t tjdtj d}|||||tj|t tjj d| t dtj dWdn1s0Yt d D]j}ztj |}Wnt yYq0||jt ||jt||jt||jttdfqtjd}|||||tj|tjd||tjd|| t d tjd Wdn1s0YdS) N)rTLS Web Server Authenticationrrrrrzunknown NID 100000iizunknown object 'serverauth'Z serverauth)r _ASN1Objectrnid shortnameZlongnameoidrrr~ZfromnidrrangerrKtypeZfromname)rexpectedvaliobjrrrtest_asn1objectsB    *   z BasicSocketTests.test_asn1objectcCstd}|tjjtj|tjj||tjjjd|tjjjd|tjjjdtd}|tjj tj|tjj ||tjj jd|tjj jd|tjj jddS)Nrrrz1.3.6.1.5.5.7.3.2Z clientAuth) rrrPurpose SERVER_AUTHrrrr CLIENT_AUTH)rrrrrtest_purpose_enums     z"BasicSocketTests.test_purpose_enumcCsttjtj}||j|t}t|tj dWdn1sJ0Y| t |j dt tj}|t}||Wdn1s0Y| t |j ddS)Nrz!only stream sockets are supported)rr& SOCK_DGRAMrrrr6rrrrrKrKrYrOr)rrZcxrHrrrtest_unsupported_dtlss  ,  (z&BasicSocketTests.test_unsupported_dtlscCs|t||dSr)rrcert_time_to_seconds)r timestringZ timestamprrr cert_time_okszBasicSocketTests.cert_time_okcCs8|tt|Wdn1s*0YdSr)rr~rr)rrrrrcert_time_fails zBasicSocketTests.cert_time_failz)local time needs to be different from UTCcCs|dd|dddS)NzMay 9 00:00:00 2007 GMTgCAJan 5 09:34:43 2018 GMTѓA)rrrrr"test_cert_time_to_seconds_timezones z3BasicSocketTests.test_cert_time_to_seconds_timezonecCsd}d}||||tj|d||d||d||d|d|d|d |d |d |d d }|d||d||dd|dd|dd|d|dddS)Nrr)rzJan 05 09:34:43 2018 GMTzJaN 5 09:34:43 2018 GmTzJan 5 09:34 2018 GMTzJan 5 09:34:43 2018zJan 5 09:34:43 2018 UTCzJan 35 09:34:43 2018 GMTzJon 5 09:34:43 2018 GMTzJan 5 24:00:00 2018 GMTzJan 5 09:60:43 2018 GMTgWAzDec 31 23:59:60 2008 GMTzJan 1 00:00:00 2009 GMTzJan 5 09:34:59 2018 GMTiFOZzJan 5 09:34:60 2018 GMTiFOZzJan 5 09:34:61 2018 GMTiFOZzJan 5 09:34:62 2018 GMTzDec 31 23:59:59 9999 GMTg MB)rrrrr)rrtsZ newyear_tsrrrtest_cert_time_to_seconds"s*                z*BasicSocketTests.test_cert_time_to_secondsLC_ALLr%cCs@dd}|dkr |d|dd||ddS)NcSs tddS)Nz%b) r rr rrrrrr)rrrrrrlocal_february_nameIszNBasicSocketTests.test_cert_time_to_seconds_locale..local_february_nameZfebz>locale-specific month name needs to be different from C localezFeb 9 00:00:00 2007 GMTg`rAz 9 00:00:00 2007 GMT)lowerskipTestrr)rrrrr test_cert_time_to_seconds_localeEs   z1BasicSocketTests.test_cert_time_to_seconds_localecCsvttj}||jt|}tttjtjd}||j| t |f}t j t j t jt jf}|||dS)Nr)rr&rrr bind_portrrr connect_exrIrLZ ECONNREFUSEDZ EHOSTUNREACHZ ETIMEDOUT EWOULDBLOCKr)rserverportrrcerrorsrrrtest_connect_ex_errorTs      z&BasicSocketTests.test_connect_ex_error)4__name__ __module__ __qualname__rrrrr\ skipUnlessrrrZmaxDiffrrrr rr$rZ cpython_onlyr,r<rArOrRrTrUrVrrrur}rCHANNEL_BINDING_TYPESrrrriplatformrrrrrrrrrrZrun_with_localerrrrrrrisb     G     '  #  rc@seZdZddZddZddZeedkdd d Z e e j d kd d dZ ddZddZddZee edddZeedddZddZddZdd Ze ed!d"d#Zd$d%Zd&d'Zee jd(d)d*Zed+d,Z ed-d.Z!d/d0Z"d1d2Z#d3d4Z$e e%j&d5kd6e ed7d8d9Z'ee%j&d5kd:e e(e%d;d<d=d>Z)d?d@Z*dAdBZ+dCdDZ,dEdFZ-dGdHZ.dIdJZ/ee0dKdLdMZ1dNS)O ContextTestscCsPtD]}t|qt}||jtj|ttjd|ttjddS)Nr*) PROTOCOLSrrYrrRrMrr~)rrRrHrrrtest_constructorgs  zContextTests.test_constructorcCs&tD]}t|}||j|qdSr)rrrYrrRrrrr test_protocolos zContextTests.test_protocolcCs\ttj}|d|d|tjd|dWdn1sN0YdS)NALLDEFAULTNo cipher can be selected^$:,;?*'dorothyx)rrYrOrFrrrrHrrr test_ciphersts    zContextTests.test_ciphersr z+Test applies only to Python default cipherscCsfttj}|}|D]H}|d}|d||d||d||d||d|qdS)NrZPSKZSRPZMD5ZRC4Z3DES)rrYrO get_ciphersZ assertNotIn)rrHrZsuiterrrrtest_python_ciphers{s     z ContextTests.test_python_ciphers)r rrrrzOpenSSL too oldcCsHttj}|dtdd|D}|d||d|dS)NZAESGCMcss|]}|dVqdS)rNr).0drrr z0ContextTests.test_get_ciphers..zAES256-GCM-SHA384zAES128-GCM-SHA256)rrYrOrFrrr)rrHnamesrrrtest_get_cipherss    zContextTests.test_get_cipherscCsttj}tjtjBtjB}|ttBtBt Bt Bt BO}| ||j |j tjO_ | |tjB|j tr|j tj@|_ | ||j d|_ | d|j tj@n0|td|_ Wdn1s0YdSr)rrYrOOP_ALLrrr8r;r9r:r<r=roptionsrrurr~)rrHdefaultrrr test_optionss*  zContextTests.test_optionscCsttj}||jtjtj|_||jtjtj|_||jtjtj|_||jtj|t d|_Wdn1s0Y|t d|_Wdn1s0Yttj }||jtj| |j ttj}||jtj||j dSNr)rrYrMrrrrrrrr~rN assertFalserrOrrrrrtest_verify_mode_protocols$  $ $   z&ContextTests.test_verify_mode_protocolcCsttj}||jtjrVd|_||jd|_||jd|_||jn0|td|_Wdn1s|0YdSNTF) rrYrOrhostname_checks_common_nameHAS_NEVER_CHECK_COMMON_NAMErrAttributeErrorrrrr test_hostname_checks_common_names     z-ContextTests.test_hostname_checks_common_namez see bpo-34001cCsttj}tjjtjjtjjh}tjjtjjh}| |j || |j |tjj |_ tjj|_ | |j tjj | |j tjjtjj|_ tjj|_ | |j tjj| |j tjjtjj|_ | |j tjjtjj|_ | |j tjjtjjhtjj|_ | |j tjjtjjh|td|_ Wdn1sJ0Yttj}| |j || |j tjj|ttjj|_ Wdn1s0Y|ttjj|_ Wdn1s0YdSr)rrYrNrrZrrXr[TLSv1_3rrDrUrrrrr~r)rrHZ minimum_rangeZ maximum_rangerrrtest_min_max_versionsr               &   * z!ContextTests.test_min_max_version!verify_flags need OpenSSL > 0.9.8cCsttj}ttdd}||jtj|Btj|_||jtjtj|_||jtjtj|_||jtjtjtj B|_||jtjtj B| t d|_Wdn1s0YdS)NVERIFY_X509_TRUSTED_FIRSTr) rrYrNrLr verify_flagsVERIFY_DEFAULTVERIFY_CRL_CHECK_LEAFZVERIFY_CRL_CHECK_CHAINZVERIFY_X509_STRICTrr)rrHtfrrrtest_verify_flagss    zContextTests.test_verify_flagsc Csttj}|jtdd|jttd|jt|jtd|t}|tWdn1sd0Y| |j j t j | tjd|tWdn1s0Y| tjd|tWdn1s0Yttj}|tt|jttd|jttd| tjd|tWdn1sT0Y| tjd|tWdn1s0Y| tjd|jttdWdn1s0Yttj}| tjd|ttWdn1s0Y|jttd|jttd|jtttd|ttt|ttt|tttt| td|jtddWdn1s0Y|tj|jtddWdn1s0Y| td "|jtd d dWdn1s80Yd d }dd}dd}dd}dd}dd}dd} Gddd} |jt|d|jt|d|jt|d|jt| d|jt| jd|tj|jt|dWdn1s0Y| td |jt|dWdn1sB0Y| td|jt|dWdn1s~0Y| td|jt| dWdn1s0Y|jt| ddS)NrBPEM librGzkey values mismatch)passwordzshould be a stringTbadpasszcannot be longeraicSstSr KEY_PASSWORDrrrrgetpass_unicode^sz:ContextTests.test_load_cert_chain..getpass_unicodecSstSr)rrnrrrr getpass_bytes`sz8ContextTests.test_load_cert_chain..getpass_bytescSs ttSr)rrrnrrrrgetpass_bytearraybsz.getpass_bytearraycSsdS)Nrrrrrrgetpass_badpassdsz:ContextTests.test_load_cert_chain..getpass_badpasscSsddS)Nrirrrrr getpass_hugefsz7ContextTests.test_load_cert_chain..getpass_hugecSsdS)Nrprrrrrgetpass_bad_typehsz;ContextTests.test_load_cert_chain..getpass_bad_typecSs tddS)N getpass error) Exceptionrrrrgetpass_exceptionjsz.getpass_exceptionc@seZdZddZddZdS)z:ContextTests.test_load_cert_chain..GetPassCallablecSstSrrrrrr__call__mszCContextTests.test_load_cert_chain..GetPassCallable.__call__cSstSrrrrrrgetpassoszBContextTests.test_load_cert_chain..GetPassCallable.getpassN)rrrr r rrrrGetPassCallablelsrzmust return a stringr )rrYrNrrrrr/rJrrKrLrMrrBADCERT EMPTYCERTONLYCERTONLYKEYBYTES_ONLYCERT BYTES_ONLYKEYr CERTFILE_PROTECTEDrrnrONLYKEY_PROTECTEDr~r r ) rrHrNrrrrrrr rrrrtest_load_cert_chain/s  (((  **. ,  ..2....z!ContextTests.test_load_cert_chaincCs ttj}|t|jtdd|t|jtdd|t|j|t|jddd|t}|t Wdn1s0Y| |j j t j |tjd|tWdn1s0Y|tt|jttd|t|jdddS)N)rrrrT)rrYrNrrBYTES_CERTFILErrr/rJrrKrLrMrrrr BYTES_CAPATHrrHrNrrrtest_load_verify_locationss    (( z'ContextTests.test_load_verify_locationscCstt}|}Wdn1s&0Yt|}tt}|}Wdn1s`0Yt|}ttj}|| dd|j |d|| dd|j |d|| dd|j |d|| ddttj}d ||f}|j |d|| ddttj}d|d|d |d g}|j d |d|| ddttj}|j |d|j |d|| dd|j |d|| ddttj}d ||f}|j |d|| ddttj}|j t |j td|tjd |j d dWdn1sT0Y|tjd|j ddWdn1s0YdS)Nx509_carcadatar rrheadotherZagaintailrz4no start line: cadata does not contain a certificatebrokenz6not enough data: cadata does not contain a certificatesbroken)r?r r@rr CAFILE_NEURONIOrYrOrcert_store_statsrrrrobjectrr)rrBZ cacert_pemZ cacert_derZ neuronio_pemZ neuronio_derrHZcombinedrrrtest_load_verify_cadatas\ &  &                ,z$ContextTests.test_load_verify_cadata)Avoid mixing debug/release CRT on WindowscCsttj}|ttjdkr*|t|t |j|t |jd|t }|t Wdn1sr0Y| |j jtj|tj}|tWdn1s0YdS)Nnt)rrYrNload_dh_paramsDHFILErr BYTES_DHFILErrrArJrrKrLrMrrrrrrtest_load_dh_paramss     (z ContextTests.test_load_dh_paramscCs@tD]6}t|}||dddddddddddd qdS)Nr) ZnumberrHZ connect_goodZconnect_renegotiateacceptZ accept_goodZaccept_renegotiatehitsmissesZtimeoutsZ cache_full)rrrYr session_statsrrrrtest_session_statss  zContextTests.test_session_statscCsttj}|dSr)rrYrOZset_default_verify_pathsrrrrtest_set_default_verify_pathss z*ContextTests.test_set_default_verify_pathsz#ECDH disabled on this OpenSSL buildcCsbttj}|d|d|t|j|t|jd|t|jd|t|jddS)N prime256v1s prime256v1rfoo)rrYrNr}rrr~rrrrtest_set_ecdh_curves   z ContextTests.test_set_ecdh_curvecCsjttj}|t|j|t|jd|t|jd|t|j|dd}|d||dS)Nrr%cSsdSrrr servernamerHrrr dummycallback sz5ContextTests.test_sni_callback..dummycallback)rrYrNrrset_servername_callback)rrHr9rrrtest_sni_callbacks  zContextTests.test_sni_callbackcCsJttj}|fdd}||t|}~~t||ddS)NcSsdSrr)rr8rHcyclerrrr9sz>ContextTests.test_sni_callback_refcycle..dummycallback) rrYrNr:r'r(gccollectr)rrHr9r+rrrtest_sni_callback_refcycles    z'ContextTests.test_sni_callback_refcyclecCsttj}||dddd|t||dddd|t||dddd|t||dddddS)Nr)rcrlx509r r) rrYrOrr%rrrr rrrrtest_cert_store_statss             z"ContextTests.test_cert_store_statsc Csttj}||g|t||g|t||dtdtddddddgt t}| }Wdn1s0Yt |}||d|gdS) N)))r$zRoot CA))rzhttp://www.cacert.org))r%zCA Cert Signing Authority))rzsupport@cacert.orgzMar 29 12:29:49 2033 GMTzMar 30 12:29:49 2003 GMTZ00)z!https://www.cacert.org/revoke.crlr )r)r*r+r,r3r-r/T) rrYrOr get_ca_certsrrr rr?r@r )rrHrBrderrrrtest_get_ca_certs-s&     & zContextTests.test_get_ca_certscCsttj}|ttj}|tjj|ttj}|tjjttj}|t|jd|t|jddS)Nr) rrYrOload_default_certsrrrrrrrrrtest_load_default_certsIs    z$ContextTests.test_load_default_certsr znot-Windows specificz!LibreSSL doesn't support env varscCshttj}t@}t|d<t|d<||| ddddWdn1sZ0YdS)Nrrrr )r@rAr) rrYrOrrrrrFrr%)rrHrrrrtest_load_default_certs_envXs   z(ContextTests.test_load_default_certs_envrrz3Debug build does not share environment between CRTscCsttj}||}ttj}tH}t|d<t|d<||dd7<| ||Wdn1s~0YdS)NrrrAr ) rrYrOrFr%rrrrr)rrHstatsrrrr#test_load_default_certs_env_windowsbs   z0ContextTests.test_load_default_certs_env_windowscCs||jtj@tjtdkr0||jt@ttdkrJ||jt@ttdkrd||jt@ttdkr~||jt@tdSr)rrrrr8r9r:r;rrrr_assert_context_optionsqs"    z$ContextTests._assert_context_optionscCst}||jtj||jtj||j| |t t }| }Wdn1sd0Ytjt t |d}||jtj||jtj| |ttjj}||jtj||jtj| |dS)N)rrr)rcreate_default_contextrrRrMrrrrrKr?rr@rrrr)rrHrBrrrrtest_create_default_contexts"   & z(ContextTests.test_create_default_contextcCst}||jtj||jtj||j| |ttj }||jtj ||jtj| |tjtj tj dd}||jtj ||jtj | |j| |tjtj jd}||jtj||jtj| |dS)NT)rr)Zpurpose)r_create_stdlib_contextrrRrMrrrrrKrrrrrrrrrtest__create_stdlib_contexts*      z(ContextTests.test__create_stdlib_contextcCszttj}||j||jtjd|_||j||jtj d|_tj |_||j||jtj d|_tj|_d|_||j||jtjd|_||j||jtj d|_tj |_d|_||j||jtj d|_||j||jtj | t tj|_Wdn1sB0Yd|_||jtj|_||jtjdSr) rrYrMrrrrrrrrrr~rrrrtest_check_hostnames@         ( z ContextTests.test_check_hostnamecCsTttj}||j||jtjttj}| |j||jtj dSr) rrYrOrrrrrrNrrrrrrtest_context_client_servers     z'ContextTests.test_context_client_servercCsGdddtj}Gdddtj}ttj}||_||_|jtdd}| ||Wdn1sp0Y| t t }| ||dS)Nc@s eZdZdS)z;ContextTests.test_context_custom_class..MySSLSocketNrrrrrrr MySSLSocketsrSc@s eZdZdS)z;ContextTests.test_context_custom_class..MySSLObjectNrRrrrr MySSLObjectsrTTrC) rr SSLObjectrYrNZsslsocket_classZsslobject_classrrrwrap_bio MemoryBIO)rrSrTrHrrrrrtest_context_custom_classs *z&ContextTests.test_context_custom_classzTest requires OpenSSL 1.1.1cCsttj}||jdd|_||jdd|_||jd|td|_Wdn1sh0Y|td|_Wdn1s0Yttj}||jd|td|_Wdn1s0YdS)Nrr rr) rrYrNrZ num_ticketsrr~rrOrrrrtest_num_tickests  $ $  zContextTests.test_num_tickestN)2rrrrrrr\rr rskipIfrrxrrrrrequires_minimum_versionrrrzrrrr'Py_DEBUG_WIN32r-r2r3r|r6 needs_snir;r?rBrErGrirrHrErJrKrMrOrPrQrXIS_OPENSSL_1_1_1rYrrrrresb     N S?         +  rc@s8eZdZddZeedddZddZdd Z d S) SSLErrorTestscCsXtdd}|t|d||jdtdd}|t|d||jddS)Nr r)rrrrKrLZSSLZeroReturnError)rerrrtest_str s   zSSLErrorTests.test_strr(cCsttj}|tj}|tWdn1s80Y||jj d||jj dt |j}| | d|dS)NZPEMZ NO_START_LINEz"[PEM: NO_START_LINE] no start line)rrYrOrrr*rrrKZlibraryreasonrKrr )rrHrNrrrrtest_lib_reasons ( zSSLErrorTests.test_lib_reasonc Csttj}d|_tj|_td}t| }| d|j |dddr}| tj }|Wdn1sz0Yt|j}||d|||jjtjWdn1s0YWdn1s0YdS)NFrvrwz%The operation did not complete (read))rrYrOrrrrrycreate_connectionrz setblockingrrSSLWantReadError do_handshakerKrKrr rrLSSL_ERROR_WANT_READ)rrHrr|rNrrr test_subclasss   & zSSLErrorTests.test_subclasscCst}|t(|jttddWdn1s@0Y|t(|jttddWdn1s0Y|t(|jttddWdn1s0YdS)Nr%rsz .example.orgzexample.orgevil.com)rrLrr~rVrWrrrrrtest_bad_server_hostname0s $ $ z&SSLErrorTests.test_bad_server_hostnameN) rrrrar\rZr\rcrirjrrrrr_s   r_c@s4eZdZddZddZddZddZd d Zd S) MemoryBIOTestscCst}|d||d||d|d|d||d||d|d||dd||dd ||dddS) Nr5rbarsfoobarbazrsbar z)rrWrmrr@rbiorrrtest_read_write?s    zMemoryBIOTests.test_read_writecCst}||j||d||j|d||j|||j||dd||j||dd||j||d||jdS)Nrr5rsfor o) rrWreofrr@rm write_eofrrorrrtest_eofMs       zMemoryBIOTests.test_eofcCst}||jd|d||jdtdD]$}|d||jd|dq6tdD] }|d||j|dqd|||jddS)Nrr5r r r-)rrWrpendingrmrr@)rrprrrr test_pending]s     zMemoryBIOTests.test_pendingcCsbt}|d||d|td||d|td||ddS)Nr5rlrm)rrWrmrr@r memoryviewrorrrtest_buffer_typesks z MemoryBIOTests.test_buffer_typescCsLt}|t|jd|t|jd|t|jd|t|jddS)NrTr )rrWrrrmrorrrtest_error_typests zMemoryBIOTests.test_error_typesN)rrrrqrurwryrzrrrrrk=s  rkc@seZdZddZddZdS)SSLObjectTestscCsDt}|tdt||Wdn1s60YdSr)rrWrrrUrorrrr}sz SSLObjectTests.test_private_initc Cs<t\}}}t}t}t}t}|j|||d}|j||dd} tdD]p} z |WntjyxYn0|jr|| z | WntjyYn0|jrT|| qT|| | tj| Wdn1s0Y|| | || | dS)NrsTrCr) rrrWrVrrgrfrvrmr@runwrap) rZ client_ctxZ server_ctxrZc_inZc_outZs_inZs_outclientr_rrr test_unwraps8    (zSSLObjectTests.test_unwrapN)rrrrrrrrrr{|sr{c@seZdZdZddZddZddZdd Zd d Zd d Z ddZ ddZ ddZ e ejdkdddZddZddZddZddZd d!Zed"d#Zd$d%Zd&d'Zd(d)Zd*S)+SimpleBackgroundTestsz?Tests that connect to a simple server running in the backgroundcCs2tt}t|jf|_|||jddddSr)ThreadedEchoServerrrIr server_addr __enter__r__exit__)rrrrrsetUps zSimpleBackgroundTests.setUpcCstttjtjd8}||j|i|| |j Wdn1sT0Ytttjtj t d6}||j| || |j Wdn1s0YdS)Nrrr)rrr&rrrHrr getpeercertrrDrrrrrrr test_connects  *  z"SimpleBackgroundTests.test_connectcCs<tttjtjd}||j|tjd|j |j dS)Nrcertificate verify failed) rrr&rrrrrrrHrrrrrtest_connect_fails   z'SimpleBackgroundTests.test_connect_failcCsJtttjtjtd}||j|d| |j | | dS)Nrr) rrr&rrrrrrrrrrrrrrtest_connect_exs  z%SimpleBackgroundTests.test_connect_exc Cstttjtjtdd}||j|d| |j }| |dt j t jftg|ggdz|WqWqdtjyt|gggdYqdtjytg|ggdYqd0qd||dS)NF)rrrxrr=)rrr&rrrrrrerrrrLZ EINPROGRESSrselectrgrfSSLWantWriteErrorrrrrrrrrtest_non_blocking_connect_exs$    z2SimpleBackgroundTests.test_non_blocking_connect_excCsttj}|ttj,}||j|i| Wdn1sP0Y|jttjdd}||jWdn1s0Ytj |_ | t |ttj.}||j| }||Wdn1s0YdS)Ndummyrs)rrYrMrrr&rHrrrrrrrrrrHrrYrrrtest_connect_with_contexts  .*  z/SimpleBackgroundTests.test_connect_with_contextcCsLttj}tj|_|ttj}||j | tj d|j |j dS)Nr)rrYrMrrrrr&rrrrrHr)rrHrrrrtest_connect_with_context_fails   z4SimpleBackgroundTests.test_connect_with_context_failcCsttj}tj|_|jtd|ttj .}| |j | }| |Wdn1sf0Yttj}tj|_|jtd|ttj .}| |j | }| |Wdn1s0YdS)Nr)rrYrMrrrrrrr&rHrrrrrrrrtest_connect_capaths   (   z)SimpleBackgroundTests.test_connect_capathcCs tt}|}Wdn1s&0Yt|}ttj}tj|_|j |d| t t j .}| |j|}||Wdn1s0Yttj}tj|_|j |d| t t j .}| |j|}||Wdn1s0YdS)Nr)r?rr@rr rYrMrrrrrr&rHrrr)rrBrrDrHrrYrrrtest_connect_cadata%s" &    (   z)SimpleBackgroundTests.test_connect_cadatar)z*Can't use a socket as a file under WindowscCstttj}||j|}|}|t |d|t | t }t |dWdn1s|0Y||jjtjdSr)rrr&rHrfilenomakefilerrr@r=r>rr/rrKrLEBADF)rr*fdrBr`rrrtest_makefile_close:s   *z)SimpleBackgroundTests.test_makefile_closecCsttj}||j|dt|tjdd}||j d}z|d7}| WqWqBtj y~t |gggYqBtj yt g|ggYqB0qBtjrtjd|dS)NFrrxrr z9 Needed %d calls to do_handshake() to establish session. )rr&rHrrerrrrrrgrfrrrrkrirlrm)rrcountrrrtest_non_blocking_handshakeMs&    z1SimpleBackgroundTests.test_non_blocking_handshakecCst|g|jRdtidS)NrY)_test_get_server_certificaterrrrrrtest_get_server_certificatebsz1SimpleBackgroundTests.test_get_server_certificatecCst|g|jRdSr)!_test_get_server_certificate_failrrrrr test_get_server_certificate_failesz6SimpleBackgroundTests.test_get_server_certificate_failc Cstttjtjdd}||jWdn1s:0Ytttjtjdd}||jWdn1s~0Y|tjdXttj,}t|tjdd}||jWdn1s0YWdn1s0YdS)Nr)rrrrr) rrr&rrrHrrr)rrrrrrrjs  * *z"SimpleBackgroundTests.test_cipherscCsttj}|jtd||g|jttj dd.}| |j | }| |Wdn1sr0Y|t|ddS)Nrr&rsr )rrYrOrrrrCrrr&rHrrrrQrrrrtest_get_ca_certs_capathxs   (z.SimpleBackgroundTests.test_get_ca_certs_capathcCsttj}|jtdttj}|jtdttj}|j|dd^}||j | |j || |j j |||_ | |j || |j j |Wdn1s0YdS)Nrr&rs) rrYrOrrrr&rrHrrr_sslobj)rZctx1Zctx2rr*rrrtest_context_setgets      z)SimpleBackgroundTests.test_context_setgetc Os|dtj}t|}d} t|kr4|dd} | d7} z ||} Wn@tjy} z&| jtj tj fvrr| j} WYd} ~ n d} ~ 00| } | | | durqq| tj kr| d} | r|| q|qtjrtjd| |jf| S)Nr@rr iz"Needed %d calls to complete %s(). )getrZ SHORT_TIMEOUTr monotonicrrrrLrhZSSL_ERROR_WANT_WRITEr@sendallr0rmrtrkrirlr)rrincomingoutgoingr_r]rr@deadlinerrLretr`bufrrr ssl_io_loops:         z!SimpleBackgroundTests.ssl_io_loopcCsttj}||j||jt}t}ttj }| |j | |j tj|t|||dt}||jj||||||||t|jdtjvr||d| ||||j!| |||||| |dtjvr>| |dz| ||||j"Wntj#yjYn0|tj$|j%ddS)NFr~r5)&rr&rrrHrrrWrYrOrrrrrrrrVrrrownerrcipherr/assertIsNotNoneshared_ciphersrr~rrr{rrgr|ZSSLSyscallErrorrrm)rrrrrHsslobjrrrtest_bio_handshakes>         z(SimpleBackgroundTests.test_bio_handshakecCsttj}||j||jt}t}ttj }tj |_ | ||d}| ||||jd}| ||||j|| ||||jd}||d| ||||jdS)NFFOO sfoo )rr&rrrHrrrWrYrMrrrVrrgrmr@rr|)rrrrrHrZreqrrrrtest_bio_read_write_datas     z.SimpleBackgroundTests.test_bio_read_write_dataN)rrr__doc__rrrrrrrrrr\rZrrrrrrrrr]rrrrrrrrrs,      %"rZnetworkc@s*eZdZddZeejdddZdS)NetworkedTestscCstttttjtjdd}||j | d| tdf}|dkr\| dn|t jkrp| d||t jt jfWdn1s0YdS)NFrgHz>rz!REMOTE_HOST responded too quicklyzNetwork unreachable.)rtransient_internet REMOTE_HOSTrrr&rrrrr>rrrLZ ENETUNREACHrEAGAINrrrrrtest_timeout_connect_exs       z&NetworkedTests.test_timeout_connect_exz Needs IPv6cCsFtd(t|ddt|ddWdn1s80YdS)Nzipv6.google.comr)rrrrrrrr test_get_server_certificate_ipv6s  z/NetworkedTests.test_get_server_certificate_ipv6N) rrrrr\rrrprrrrrrs rcCslt||f}|s$|d||ftj||f|d}|sL|d||ftjrhtjd|||fdS)NzNo server certificate on %s:%s!rz& Verified certificate for %s:%s is %s )rget_server_certificaterrrkrirlrm)testrlrrYrrrrr src Cslztj||ftd}Wn<tjyR}z"tjr>tjd|WYd}~nd}~00| d|||fdS)Nrz%s z$Got server certificate %s for %s:%s!) rrrrrrkrirlrmr)rrlrrxrrrr s &r)make_https_serverc @sReZdZGdddejZdddZdd Zd d Zdd d Z ddZ ddZ dS)rc@s@eZdZdZddZddZddZdd Zd d Zd d Z dS)z$ThreadedEchoServer.ConnectionHandlerzA mildly complicated class, because we want it to work both with and without the SSL wrapper around the socket connection, so that we can test the STARTTLS functionality.cCs@||_d|_||_||_|jdd|_tj|d|_ dSNFT) rrunningraddrresslconn threadingThread__init__daemon)rrZconnsockrrrrr& s  z-ThreadedEchoServer.ConnectionHandler.__init__c Cs0zD|jjj|jdd|_|jj|j|jj|j Wnt t t fy}zL|jj t||jjrtdt|jdd|_|WYd}~dSd}~0tjtfy>}zr|jj t||jjrtdt|jd|jtjkr(tjdkr(d|_|j|WYd}~dSd}~00|jj|j|jjjtjkr|j }t!j"r|jjrtj#$dt%&|d|j d}t!j"r|jjrtj#$d tt'|d |j(}t!j"r(|jjr(tj#$d t|dtj#$d t|jddSdS) NTrCz' server: bad connection attempt from z: Fdarwinz client cert is rz cert binary is z bytes z" server: connection cipher is now z" server: selected protocol is now ))rrrrrselected_npn_protocolsappendselected_npn_protocolselected_alpn_protocolsselected_alpn_protocolConnectionResetErrorBrokenPipeErrorConnectionAbortedError conn_errorsrKchattyrorrrrrrr/rLZ EPROTOTYPErirstoprrrrrrkrlrmrrrQr)rr`rYZ cert_binaryrrrr wrap_conn0 sN        z.ThreadedEchoServer.ConnectionHandler.wrap_conncCs |jr|jS|jdSdS)Nr)rr@rr0rrrrr@n s z)ThreadedEchoServer.ConnectionHandler.readcCs"|jr|j|S|j|SdSr)rrmrr4)rrrrrrmt s z*ThreadedEchoServer.ConnectionHandler.writecCs |jr|jn |jdSr)rrrrrrrrz s z*ThreadedEchoServer.ConnectionHandler.closec Csd|_|jjs|sdS|jrԐz|}|}|svd|_z|j|_Wnt ybYn0d|_| np|dkrt j r|jj rtjd| WdS|jjr|dkrt j r|jj rtjd|d|sWdSn|jjrd|jrd|dkrdt j r&|jj r&tjd |d|j|_d|_t j r|jj rtjd n|d krt j r|jj rtjd |jd }|t|ddn2|dkr8t j r|jj rtjdz|jWn@tjy*}z$|t|ddWYd}~nd}~00|dn|dkrj|jdur^|dn |dn||dkr|j}|t|ddnNt j r|jj r|jrdpd}tjd||||f||Wqttfy4|jjr"t j r"tjd|j| d|_Yqtjy}zFd|jkr|jjrvt j rvtj|jdtdWYd}~qd}~0t y|jjrt d| d|_|j!Yq0qdS)NTFsoverz" server: client closed connection STARTTLSz2 server: read STARTTLS from client, sending OK... OK ENDTLSz0 server: read ENDTLS from client, sending OK... z* server: connection is now unencrypted... s CB tls-uniquez@ server: read CB tls-unique from client, sending our CB data... r~us-ascii PHAz( server: initiating post handshake auth HASCERTTRUE FALSE GETCERTZ encryptedZ unencryptedz/ server: read %r (%s), sending back %r (%s)... z Connection reset by peer: {} Z!PEER_DID_NOT_RETURN_A_CERTIFICATEr !tlsv13 alert certificate requiredzTest server failure: )"rrstarttls_serverrr@striprr|rr/rrrkconnectionchattyrirlrmr{rrnverify_client_post_handshakerrrrrrrrrrbr]ror)rmsgstrippedrr`rYZctypeerrrrrrun s              .         z(ThreadedEchoServer.ConnectionHandler.runN) rrrrrrr@rmrrrrrrConnectionHandler s >rNTFc Cs| r | |_nt|dur|ntj|_|dur2|ntj|j_|rL|j||r\|j||rl|j|| r||j | | r|j | ||_ ||_ ||_ t|_t|j|_d|_d|_g|_g|_g|_g|_tj|d|_dSr)rrrYrNrrrrset_npn_protocolsset_alpn_protocolsrFrrrrrrrrflagactiverrrrrrrr) rZ certificatercertreqscacertsrrrZ npn_protocolsZalpn_protocolsrrrrrr sB        zThreadedEchoServer.__init__cCs|t|j|SrstartrEventrwaitrrrrr s zThreadedEchoServer.__enter__cGs||dSr)rrrr]rrrr szThreadedEchoServer.__exit__cCs||_tj|dSrrrrrrrrrrr szThreadedEchoServer.startc Cs |jd|jd|_|jr,|j|jrzT|j\}}tjrf|j rft j dt |d||||}||Wq,tjyYq,ty|Yq,ty}z0tjr|j rt j dt |dWYd}~q,d}~00q,|jdS)Ng?Tz server: new connection from rz connection handling failed: )rr>listenrrrr.rrkrrirlrmrrrrrr@KeyboardInterruptrrr)rZnewconnZconnaddrhandlerr`rrrr s6        zThreadedEchoServer.runcCs d|_dSr)rrrrrr5 szThreadedEchoServer.stop) NNNNTFFNNNN)N) rrrrrrrrrrrrrrrrr sI % rc@sXeZdZGdddejZddZddZddZd d Z dd d Z ddZ ddZ d S)AsyncoreEchoServerc@s6eZdZGdddejZddZddZddZd S) zAsyncoreEchoServer.EchoServerc@s<eZdZddZddZddZddZd d Zd d Zd S)z/AsyncoreEchoServer.EchoServer.ConnectionHandlercCs4t|d|dd|_tj||jd|_|dS)NTF)rDrrx)rrasyncoredispatcher_with_sendr_ssl_accepting_do_ssl_handshake)rconnrrrrr@ sz8AsyncoreEchoServer.EchoServer.ConnectionHandler.__init__cCs*t|jtjr&|jdkr&|qdS)NrT)rJrrrrvZhandle_read_eventrrrrreadableH s z8AsyncoreEchoServer.EchoServer.ConnectionHandler.readablec Csz|jWntjtjfy*YdStjyD|YStjyXYnNty}z0|j dt j kr|WYd}~SWYd}~nd}~00d|_ dS)NrF) rrgrrfrZ SSLEOFError handle_closerr/r]rLZ ECONNABORTEDr)rrrrrrN s *zAAsyncoreEchoServer.EchoServer.ConnectionHandler._do_ssl_handshakecCsT|jr|n@|d}tjr4tjdt||sB| n| | dS)Nrz server: read %s from client ) rrr0rrkrirlrmrrr4r)rrrrr handle_read] s   z;AsyncoreEchoServer.EchoServer.ConnectionHandler.handle_readcCs$|tjr tjd|jdS)Nz server: closed connection %s )rrrkrirlrmrrrrrri sz s  rcCs@||_ttjtj}t|d|_tj ||| ddS)Nr%r) rrr& SOCK_STREAMrrrr dispatcherrrrQrrrrq s z&AsyncoreEchoServer.EchoServer.__init__cCs(tjrtjd||||jdS)Nz$ server: new connection from %s:%s )rrkrirlrmrr)rZsock_objrrrrhandle_acceptedx sz-AsyncoreEchoServer.EchoServer.handle_acceptedcCsdSrrrrrrro} sz*AsyncoreEchoServer.EchoServer.handle_errorN) rrrrrrrrrorrrr EchoServer< s3r cCs8d|_d|_|||_|jj|_tj|d|_dSr) rrr rrrrrr)rrrrrr s    zAsyncoreEchoServer.__init__cCsd|jj|jfS)Nz<%s %s>) __class__rrrrrr__str__ szAsyncoreEchoServer.__str__cCs|t|j|Srrrrrrr s zAsyncoreEchoServer.__enter__cGsVtjrtjd|tjr,tjd|tjrFtjdtjdddS)Nz cleanup: stopping server. z! cleanup: joining server thread. z cleanup: successfully joined. T)Z ignore_all) rrkrirlrmrrrZ close_allrrrrr s   zAsyncoreEchoServer.__exit__NcCs||_tj|dSrrrrrrr szAsyncoreEchoServer.startcCs>d|_|jr|j|jr:ztdWqYq0qdS)NTr )rrrrZlooprrrrr s zAsyncoreEchoServer.runcCsd|_|jdSr)rrrrrrrr szAsyncoreEchoServer.stop)N) rrrrrr rr rrrrrrrrrr8 sD  rrTFc Csi}t||dd}|p|jt||d} | t|jf|t|t|fD]} |rrtj rrt j d|| | | } |rtj rt j d| | |krTtd| ddt| |ddt|fqT| d |rtj rt j d || | | | | | | j| jd | Wdn1sR0Y|j|d <|j|d <|j|d<Wdn1s0Y|S)zW Launch a server, connect a client to it and try various reads and writes. Frrr)rtsession client: sending %r...  client: read %r 4bad data <<%r>> (%d) received; expected <<%r>> (%d) Nover  client: closing connection. ) compressionrpeercertclient_alpn_protocolclient_npn_protocolr/session_reusedr server_alpn_protocolsserver_npn_protocolsserver_shared_ciphers)rrrrHrIrrrxrrkrirlrmr@rAssertionErrorrQrrrrrrr/rr rrrr) rrindatarrsni_namer rIrrargoutdatarrrserver_params_test sb      (  *r!c Cs|durtj}tjdtjdtjdi|}tjr\|r6dp8d}tj|t |t ||ft |}|j |O_ t |} | j |O_ t |d} | durt| dr|tjkr| j| kr| | _|jtjkr|dt| ||| fD]} || _| t| tqzt|| d d d } WnXtjy>|r:Yntyx} z"|sb| jtjkrdWYd} ~ nZd} ~ 00|std t |t |fn,|d ur|| d krtd|| d fdS)a< Try to SSL-connect using *client_protocol* to *server_protocol*. If *expect_success* is true, assert that the connection succeeds, if it's false, assert that the connection fails. Also, if *expect_success* is a string, assert that it is the protocol version actually used by the connection. Nrrrz %s->%s %s z {%s->%s} %s rDrFrrz5Client protocol %s succeeded with server protocol %s!Tr/z%version mismatch: expected %r, got %r)rrrrrrkrirlrmZget_protocol_namerYrPROTOCOL_TO_TLS_VERSIONrrErMrDrRrFrIrrrrrr!rr/rL ECONNRESETr)Zserver_protocolZclient_protocolexpect_successZ certsreqsserver_optionsclient_optionsZcerttypeZ formatstrrrZ min_versionrHrIr`rrrtry_protocol_combo sx               r(c@seZdZddZddZeedddZdd Z ee j d d d Z d dZ ddZddZddZedddZddZddZedddZdd Zed!d"d#Zed$d%d&Zed'd(d)Zed*d+d,Zd-d.Zd/d0Zd1d2Zd3d4Zd5d6Zd7d8Z d9d:Z!d;d<Z"d=d>Z#d?d@Z$dAdBZ%dCdDZ&eddEdFZ'e(ed*dGdHZ)e(ed'dIdJZ*e(ed*ed$dKdLZ+e(ed!dMdNZ,ee j-dOdPdQZ.edRe j/vdSdTdUZ0dVdWZ1ee2e dXdYdZd[Z3e4e5d\d]d^Z6ee7d_e4e8d`dadbZ9dcddZ:ee j;dedfdgZee j?dmdndoZ@dpdqZAdrdsZBeCdtduZDeCdvdwZEeCdxdyZFeCdzd{ZGd|d}ZHd~dZIddZJddZKddZLdS) ThreadedTestsc Cs~tjrtjdtD]~}|tjtjhvr,qt |s6q|j tj |d<t |}| tt|t||dddWdq1s0Yqt\}}}|j tjtjd"t||dd|dWdn1s0Yd|_|j tjtjdb|tj"}t||dd|dWdn1s60Y|d t|jWdn1sh0Y|j tjtjd`|tj }t||ddd Wdn1s0Y|d t|jWdn1s0Y|j tjtjd`|tj }t||ddd Wdn1s>0Y|d t|jWdn1sp0YdS) z2Basic test of an SSL client connecting to a serverr)rRTr"N)r}r)rrrrrFz%called a function you should not call)rrrr)rrkrirlrmrrrOrNrSZsubTest_PROTOCOL_NAMESrYrrrIr!rrrrrrKrK)rrRrrrrr`rrr test_echo+ sd   & $&$&$&zThreadedTests.test_echoc Cstjrtjdt\}}}t|dd}|X|jtd|d }| t |j f| t |Wdn1s0Y||}||d|}tjrtjt|dtjdt|dd|vr|d t|d |dvr|d |d ||d |t|d }t|d } ||| Wdn1sp0YWdn1s0YdS)NrFrr)rxrtCan't get peer certificate.zConnection cipher is z. r-z$No subject field in certificate: %s.r#zkMissing or invalid 'organizationName' field in certificate subject; should be 'Python Software Foundation'.r+r*)rrkrirlrmrrrrrHrIrrr~rrgrrrrrKrrrrr) rrrrrrrYrbeforeZafterrrrtest_getpeercert] sF     &    zThreadedTests.test_getpeercertrc Cstjrtjdt\}}}ttdd}||j tj |Bt |dd}|f|j t |d4}|t|jf|}||dWdn1s0YWdn1s0Y|j tjO_ t |dd}||j t |dP}|tjd |t|jfWdn1s00YWdn1sP0YWdn1sp0Y|tt |dd}|h|j t |d4}|t|jf|}||dWdn1s0YWdn1s0YdS) NrrrTr,rsr-r)rrkrirlrmrrLrrrrrrrrHrIrrrrrrrCRLFILE)rrrrrrrrYrrrtest_crl_check sF     H  p   zThreadedTests.test_crl_checkc Cstjrtjdt\}}}t|dd}|f|jt|d4}| t |j f| }| |dWdn1s|0YWdn1s0Yt|dd}||jtddN}|tjd | t |j fWdn1s0YWdn1s0YWdn1s>0Yt|dd}|rtH}|td||Wdn1s0YWdn1s0YWdn1s0YdS) NrTr,rsr-rqz:Hostname mismatch, certificate is not valid for 'invalid'.z'check_hostname requires server_hostname)rrkrirlrmrrrrrHrIrrrrrr[r~)rrrrrrrYrrrrP s<    H  n  z!ThreadedTests.test_check_hostnamez)test requires hostname_checks_common_namec Cs>t\}}}d|_t|dd}|R|jt|d }|t|jfWdn1s\0YWdn1sz0Ytt\}}}d|_t|dd}||jt|dL}| t j  |t|jfWdn1s0YWdn1s0YWdn1s00YdS)NFTr,rs) rrrrrrHrIrrrrSSLCertVerificationErrorrrrrrrrrrr s&   L  z.ThreadedTests.test_hostname_checks_common_namec Csttj}|t|dt}ttj}|t t |dd}||j t |dZ}| t|jf|}||d|dd}||ddd Wdn1s0YWdn1s0YdS NzECDHE:ECDSA:!NULL:!aRSATr,rsr-r-r)ZECDHEZECDSA)rrYrOrrrFSIGNED_CERTFILE_ECC_HOSTNAMErNrSIGNED_CERTFILE_ECCrrrrHrIrrrrsplitrrrrrrrYrrrr test_ecc_cert s"        zThreadedTests.test_ecc_certc Csttj}|t|jtjO_|dt}ttj }| t | t t |dd}||jt|dZ}|t|jf|}||d|dd}||ddd Wdn1s0YWdn1s0YdSr4)rrYrOrrrrrFr6rNrr7rrrrrHrIrrrrr8r9rrrtest_dual_rsa_ecc s&         zThreadedTests.test_dual_rsa_eccc Cstjrtjdttj}|t ttj }tj |_ d|_ |tgd}|D]\}}t|dd}||jt|dP}||j||t|jf|}||j|||dWdn1s0YWdqX1s0YqXt|dd}||jtddN}|tj |t|jfWdn1s^0YWdn1s~0YWdn1s0YdS)NrT))ukönig.idn.pythontest.netxn--knig-5qa.idn.pythontest.net)r<r<)sxn--knig-5qa.idn.pythontest.netr<)u(königsgäßchen.idna2003.pythontest.net.xn--knigsgsschen-lcb0w.idna2003.pythontest.net)r=r=)s.xn--knigsgsschen-lcb0w.idna2003.pythontest.netr=).xn--knigsgchen-b4a3dun.idna2008.pythontest.netr>)s.xn--knigsgchen-b4a3dun.idna2008.pythontest.netr>r,rsr-zpython.example.org)rrkrirlrmrrYrNr IDNSANSFILErOrrrrrrrrrrtrHrIrrrrr[) rrrZ idn_hostnamesrtZexpected_hostnamerrrYrrrtest_check_hostname_idn s:        J  z%ThreadedTests.test_check_hostname_idnc Cs6t\}}}|ttj|_tjj|_t |ddd}||j t |d}z| t |jfWntjy}z"tjrtjd|WYd}~nZd}~0ty}z0|jtjkrtjrtjd|WYd}~nd}~00|dWdn1s0YWdn1s(0YdS)zConnecting when the server rejects the client's certificate Launch a server with CERT_REQUIRED, and check that trying to connect to it with a wrong client certificate fails. Tr rs SSLError is %r N socket.error is %r 'Use of invalid cert should have failed!)rrrrrrrrXrUrrrrHrIrrrrkrirlrmr/rLr$rrrrrrrr`rrrtest_wrong_cert_tls12K s0    $ &z#ThreadedTests.test_wrong_cert_tls12rc CsVt\}}}|ttj|_tjj|_tjj|_t |ddd}||j t |d}| t |jfz|d|dWntjy}z"tjrtjd|WYd}~n\d}~0ty}z0|jtjkr܂tjrtjd|WYd}~nd}~00|dWdn1s(0YWdn1sH0YdS) NTr rsdatarrArBrC)rrrrrrrrrDrrrrHrIrrmr@rrrkrirlr/rLr$rrDrrrtest_wrong_cert_tls13p s6      $ &z#ThreadedTests.test_wrong_cert_tls13cs|tttttfdd}fdd}tj|d}|z|W|n |0dS)ztA brutal shutdown of an SSL server should raise an OSError in the client when attempting handshake. cs8\}}|dSr)rrr.r)Znewsockr) listener_gonelistener_readyrrrlistener s  z2ThreadedTests.test_rude_shutdown..listenerc sttP}|tfz t|}WntyFYn 0dWdn1sf0YdS)Nz2connecting to closed SSL socket should have failed)rrrHrIrr/r)r|ssl_sock)rHrIrrrr connector s   z3ThreadedTests.test_rude_shutdown..connectortargetN) rrrrrrIrrr)rrJrLr r)rHrIrrrrtest_rude_shutdown s  z ThreadedTests.test_rude_shutdownc Cs&tjrtjdttj}|t ttj }t |dd}||j t td}z|t|jfWnttjy}zZd}||tj||jd||j|||t||dt|WYd}~n d}~00Wdn1s0YWdn1s0YdS)NrTr,rsz&unable to get local issuer certificaterr)rrkrirlrmrrYrNrrrOrrrrrHrIrrrr2rZ verify_codeZverify_messagerr)rrrrrr`rrrrtest_ssl_cert_verify_error s(      z(ThreadedTests.test_ssl_cert_verify_errorrTcCstjrtjdttjtjdttjtjdtjttjtjdtj ttjtj dt drrttjtj dttjtj dtrttjtj dtjdttjtj dtjdttjtj dtjddS)z9Connecting to an SSLv2 server with various client optionsrTFrr'N)rrkrirlrmr(rPROTOCOL_SSLv2rrrMrPPROTOCOL_SSLv3rryrrrrrrrtest_protocol_sslv2 s&    z!ThreadedTests.test_protocol_sslv2c Cstjrtjdtdrnzttjtj dWn>t yl}z&tjrXtjdt |WYd}~n d}~00tdrttjtj dttjtjdtdrttjtj dtdrttjtj dtjttjtjdtjtdrttjtj dtjtdrttjtj dtjttjtjdtjtdrJttjtj dtjtdrjttjtj dtjd ttjtjdtjtjBd tdrttjtj dtjd dS) z:Connecting to an SSLv23 server with various client optionsrrTTz; SSL2 client to SSL23 server test unexpectedly failed: %s NrFr)r&)rrkrirlrmrPr(rrMrRr/rKrSrrrrrr)rrrrrtest_PROTOCOL_TLS sL         zThreadedTests.test_PROTOCOL_TLSrcCstjrtjdttjtjdttjtjdtjttjtjdtj t drbttjtj dttjtj dtj dttjtjdtrttjtj dtjddS)z9Connecting to an SSLv3 server with various client optionsrrrTFrQN)rrkrirlrmr(rrSrrrPrRrMrrryrrrrrtest_protocol_sslv3 s   z!ThreadedTests.test_protocol_sslv3rcCstjrtjdttjtjdttjtjdtjttjtjdtj t drbttjtj dt drzttjtj dttjtj dtjddS)z8Connecting to a TLSv1 server with various client optionsrrrTFrrQN)rrkrirlrmr(rrrrrPrRrSrMrrrrrtest_protocol_tlsv1! s  z!ThreadedTests.test_protocol_tlsv1rcCstjrtjdttjtjdtdr:ttjtj dtdrRttjtj dttjtj dtj dttj tjdttjtj dttj tjddS)zjConnecting to a TLSv1.1 server with various client options. Testing against older TLS versions.rTLSv1.1rTFrrQN)rrkrirlrmr(rrrPrRrSrMrPROTOCOL_TLSv1_2rrrrtest_protocol_tlsv1_10 s  z#ThreadedTests.test_protocol_tlsv1_1rXcCstjrtjdttjtjdtjtj Btjtj Bdt drPttjtj dt drhttjtj dttjtj dtjdttj tjdttjtjdttjtjdttjtjdttjtjddS) zjConnecting to a TLSv1.2 server with various client options. Testing against older TLS versions.rTLSv1.2)r&r'rTFrrQN)rrkrirlrmr(rrYrrrPrRrSrMrrrrrrrtest_protocol_tlsv1_2B s$     z#ThreadedTests.test_protocol_tlsv1_2c Csd}ttdddd}d}|lt}|d|t|jftjrTt j d|D]}tjrrt j d||r| || }n| ||d}|}|dkr|d rtjrt j d |t|}d}qX|d kr|d rtjrt j d ||}d}qXtjrXt j d |qXtjrHt j d|rZ| dn | d|rt|n|Wdn1s0YdS)z6Switching from clear text to encrypted and back again.)smsg 1sMSG 2rsMSG 3smsg 4rsmsg 5smsg 6T)rrrFrrrrsokz/ client: read %r from server, starting TLS... rz- client: read %r from server, ending TLS... z client: read %r from server rrN)rrrrerHrIrrrkrirlrmr@r4r0rrr rr|r) rZmsgsrwrappedrrrr rrrr test_starttlsX sl           zThreadedTests.test_starttlscCst|td}tjrtjdttd}| }Wdn1sF0Yd}d|j t j tdf}tjtd}tjj||d }zV|d }|rt|d kr| t|}tjrtjd t||fW|n |0|||dS) z8Using socketserver to create and manage SSL connections.rFrrbNr%zhttps://localhost:%d/%sr )rrzcontent-lengthrz/ client: read %d bytes from remote server '%s' )rrrrkrirlrmr?rr@rrrr8rrLrurllibZrequesturlopeninforrrQrr)rrrBrrurlrZdlenrrrtest_socketserver s.   &  zThreadedTests.test_socketserverc Cstjrtjdd}tt}|tt}| d|j ftjrVtjd|||| }tjr~tjd||| kr| d|ddt||dd t|f|d tjrtjd |tjrtjd Wdn1s0YdS) z'Check the example asyncore integration.rrrrrrNrrrz client: connection closed. )rrkrirlrmrrrrrHrr@rrrQr)rrrrr rrrtest_asyncore_server s:      z"ThreadedTests.test_asyncore_serverc stjrtjdtttjtj tddd}|t t dtttjtj d t|jffdd}fdd }d jdgtfd jdd gtfd jdgddfg}djdgfdjdd gfd|dgfd|dgfg}d}|D]\}}} } } ||d} zz|| g| R} d|}|j| | | |d}|| krx|dj||ddt|| ddt| dWqty}zH| r|dj|dt||s|dj||dWYd}~qd}~00q|D]\}}} } ||d} zV| || }|| krR|d j||ddt|| ddt| dWnjty}zP| r~|d!j|dt||s|dj||dWYd}~n d}~00qd"}|tt|}|d#|t||||t dur>t j!t|}|"|}||||#t$j%|#t$j&d"g|#t$j'd$|#t$j(td$gd%|#tjd#|#tjd#)Wdn1s0YdS)&z Test recv(), send() and friends.rTFrrrrrrDrrrrcstd}|}|d|SNsd)rr1)brrrr _recv_into s z0ThreadedTests.test_recv_send.._recv_intocs"td}|\}}|d|Sri)rr3)rjrrrkrr_recvfrom_into sz4ThreadedTests.test_recv_send.._recvfrom_intor4r5z some.addressrcSsdSrr)rrrr rz.ThreadedTests.test_recv_send..r0r2r1r3ZPREFIX_r^zsending with {})rzpWhile sending with <<{name:s}>> bad data <<{outdata:r}>> ({nout:d}) received; expected <<{indata:r}>> ({nin:d}) Nr)rr ZnoutrZninz>Failed to send with method <<{name:s}>>; expected to succeed. rzFMethod <<{name:s}>> failed with unexpected exception message: {exp:s} )rexpzrWhile receiving with <<{name:s}>> bad data <<{outdata:r}>> ({nout:d}) received; expected <<{indata:r}>> ({nin:d}) zAFailed to receive with method <<{name:s}>>; expected to succeed. rFrr.r)*rrkrirlrmrrrrrNrrrOrHrIrr4rQr5rr0r2rnrrr@rrr~rKr rctypesZc_ubyteZfrom_buffer_copyrr6r7r8r9r:r)rrrlrmZ send_methodsZ recv_methodsZ data_prefixZ meth_nameZ send_methr%r]Z ret_val_methrrrr r`Z recv_methrbufferZubyteZ byteslikerrkrtest_recv_send s            "        zThreadedTests.test_recv_sendcCstt}|||jddtt|jf}||j t |dd}||j | d| | dd| |dd| |d|d| | dd| |tddS)NF)Zsuppress_ragged_eofsrFrr)rrrrrrrdrIrrrr4rr0r@rer1r)rrrrrrtest_recv_zeroQs     zThreadedTests.test_recv_zeroc stttjtjtddd}|ttdtttjtjdt |j f dt dfdd}| tjtjf| dWdn1s0YdS)NTFrgrhi csqdSr)r4rrrrr fill_bufferysz8ThreadedTests.test_nonblocking_send..fill_buffer)rrrrrNrrrOrHrIrrerrrrfr)rrrurrtrtest_nonblocking_sendes4  z#ThreadedTests.test_nonblocking_sendcs"ttjd}t}tdfdd}tj|d}|zzBttj}| d| ||f| tj dt |W|n |0zBttj}t |}| d| tj d|j ||fW|n |0Wd|nd|0dS) NrFcsbg}sLtgggd\}}}|vr|dq|D] }|qPdS)Ng?r)rrrrr.r)Zconnsr wr`rZfinishrstartedrrservesz3ThreadedTests.test_handshake_timeout..serverMg?z timed outT)rr&rrrrrrrr>rHrr@rrr)rrlrrzr r|rrxrtest_handshake_timeouts@           z$ThreadedTests.test_handshake_timeoutcsttj}tj|_|t|tt t j d}t }|j dd|jtddfdd}tj|d}|| t }|||f|d||}|||tj||dS)NrTrCcs0\ddS)Nr)rrr.r4r0rZevtZpeerZremoterrrrzs z/ThreadedTests.test_server_accept..serverMrF)rrYrMrrrrrrrr&rrrrrDrrrrrrHr4r0rzrrrrr)rrrlrrzr r}Z client_addrrr|rtest_server_accepts6        z ThreadedTests.test_server_acceptc Csttj}|tT}|t}|Wdn1sD0Y||j j t j Wdn1st0YdSr) rrYrMrrrr/rrrKrLENOTCONNrrrrNrrrtest_getpeercert_enotconns   &z'ThreadedTests.test_getpeercert_enotconnc Csttj}|tT}|t}|Wdn1sD0Y||j j t j Wdn1st0YdSr) rrYrMrrrr/rgrrKrLr~rrrrtest_do_handshake_enotconns   &z(ThreadedTests.test_do_handshake_enotconnc Cst\}}}|jtjO_|d|dt|d|}|jt|dJ}|t  | t |j fWdn1s0YWdn1s0YWdn1s0Y| d|jddS)NZAES128AES256r`rszno shared cipherr)rrrrrFrrrrr/rHrIrrrr3rrrtest_no_shared_cipherss      jz$ThreadedTests.test_no_shared_ciphersc Csttj}d|_tj|_tttjdd}| t }| | d| |j d|t|jftrtdr|| dn,tjdkr|| dn|| dWdn1s0Y| |j d| | dWdn1s0YdS) zt Basic tests for SSLSocket.version(). More tests are done in the test_protocol_*() methods. F)rrNrTLSv1.3)r rrr[)rr[)rrYrOrrrrrrNrrrr/rrHrIrr^rPrrxrrrrrrrrtest_version_basics&   .z ThreadedTests.test_version_basicc Csttj}|t|jtjtjBtjBO_t |dv}| t H}| t |jf||dhd||dWdn1s0YWdn1s0YdS)Nr`r>ZTLS_AES_256_GCM_SHA384ZTLS_CHACHA20_POLY1305_SHA256ZTLS_AES_128_GCM_SHA256r)rrYrMrrrrrrrrrrHrIrrrrr/rrrr test_tls1_3s   zThreadedTests.test_tls1_3c Cst\}}}tjj|_tjj|_tjj|_tjj|_t|db}|jt |d0}| t |j f| |dWdn1s0YWdn1s0YdS)Nr`rsr[)rrrrrDrXrUrrrrHrIrrr/r3rrrtest_min_max_version_tlsv1_2"s       z*ThreadedTests.test_min_max_version_tlsv1_2c Cst\}}}tjj|_tjj|_tjj|_tjj|_t||t |db}|j t |d0}| t |jf||dWdn1s0YWdn1s0YdS)Nr`rsrX)rrrrrDrXrUrrIrrrrHrIrrr/r3rrrtest_min_max_version_tlsv1_13s        z*ThreadedTests.test_min_max_version_tlsv1_1c Cst\}}}tjj|_tjj|_tjj|_tjj|_t||t|d}|j t |d^}| tj  }| t|jfWdn1s0Y|dt|jWdn1s0YWdn1s0YdS)Nr`rsZalert)rrrrXrUrDrrIrrrrrrHrIrrrKrKrDrrrtest_min_max_version_mismatchDs        .z+ThreadedTests.test_min_max_version_mismatchc Cst\}}}tjj|_tjj|_tjj|_t||t|db}|jt |d0}| t |j f| |dWdn1s0YWdn1s0YdS)Nr`rsr)rrrrrDrUrIrrrrHrIrrr/r3rrrtest_min_max_version_sslv3Ws       z(ThreadedTests.test_min_max_version_sslv3z"test requires ECDH-enabled OpenSSLc Csttj}|t|jtjO_tjdkr:|dt |db}| t 4}| t |jf|d|dWdn1s0YWdn1s0YdS)N)r rrz ECCdraft:ECDHr`ZECDHr)rrYrMrrrrrxrFrrrrHrIrrrrrrrtest_default_ecdh_curvefs     z%ThreadedTests.test_default_ecdh_curver~rc Cstjrtjdt\}}}t|ddd}||jt|d}| t |j f| d}tjrztjd ||||dkr|t|d n|t|d |d |}||t|d Wd n1s0Y|jt|d}| t |j f| d}tjrDtjd |||||||dkrz|t|d n|t|d |d |}||t|d Wd n1s0YWd n1s0Yd S)z Test tls-unique channel binding.rTFr rsr~z! got channel binding data: {0!r} r0 sCB tls-unique rNz(got another channel binding data: {0!r} )rrkrirlrmrrrrrHrIrr{rrr/rrQr@rrrnr) rrrrrrZcb_dataZpeer_data_reprZ new_cb_datarrrrzsf        "      z-ThreadedTests.test_tls_unique_channel_bindingcCsRt\}}}t||dd|d}tjr:tjd|d||dhddS)NTrrrz got compression: {!r} r>NZZLIBZRLE) rr!rrkrirlrmrrrrrrrIrrrtest_compressions zThreadedTests.test_compressionr8z*ssl.OP_NO_COMPRESSION needed for this testcCsRt\}}}|jtjO_|jtjO_t||dd|d}||dddS)NTrr)rrrr8r!rrrrrtest_compression_disableds z'ThreadedTests.test_compression_disabledr(cCst\}}}|jtjO_|t|d|jtjO_t||dd|d}|dd}|d}d|vrd|vrd |vr| d |ddS) NZkEDHTrrrr5ZADHZEDHZDHEzNon-DH cipher: ) rrrrr*r+rFr!r8r)rrrrrIrpartsrrrtest_dh_paramss     zThreadedTests.test_dh_paramszneeds secp384r1 curve supportz TODO: Test doesn't work on 1.1.1cCst\}}}|d|d|jtjtjBO_t||dd|d}t\}}}|d|d|jtjtjBO_t||dd|d}t\}}}|d|d|d|jtjtjBO_zt||dd|d}WntjyYn0t r | ddS)Nr{zECDHE:!eNULL:!aNULLTrr4zmismatch curve did not fail) rr}rFrrrrr!rIS_OPENSSL_1_1_0rrrrrtest_ecdh_curves<           zThreadedTests.test_ecdh_curvecCs2t\}}}t||dd|d}||dddS)NTrrrr!rrrrrtest_selected_alpn_protocols  z)ThreadedTests.test_selected_alpn_protocolzALPN support requiredcCs@t\}}}|ddgt||dd|d}||dddS)NrbarTrr)rrr!rrrrr/test_selected_alpn_protocol_if_server_uses_alpn s z=ThreadedTests.test_selected_alpn_protocol_if_server_uses_alpnz!ALPN support needed for this testc Cs8gd}ddgdfddgdfdgdfddgdfg}|D]\}}t\}}}||||zt||dd|d}Wn*tjy} z| }WYd} ~ n d} ~ 00|durtrtjd kr||tjq6d t|t|t|f} |d } | | || | d ft |d r|d dnd} | | || | dfq6dS)N)rr milkshakerrrzhttp/3.0zhttp/4.0Tr)r r rrKfailed trying %s (s) and %s (c). was expecting %s, but got %%s from the %%srr}rrnothingr) rrr!rrrrxrrKrrQ) rserver_protocolsprotocol_testsclient_protocolsrrrrrIr`r client_result server_resultrrrtest_alpn_protocolssN             z!ThreadedTests.test_alpn_protocolscCs2t\}}}t||dd|d}||dddS)NTrrrrrrrtest_selected_npn_protocol<s  z(ThreadedTests.test_selected_npn_protocolz NPN support needed for this testc Csddg}ddgdfddgdfddgdfddgdfg}|D]\}}t\}}}||||t||dd|d}dt|t|t|f} |d } || || | d ft|d r|d d nd } || || | dfq8dS)Nzhttp/1.1zspdy/2rabcdefTrrrr}rrrr)rrr!rKrrQ) rrrrrrrrrIrrrrrrtest_npn_protocolsDs4          z ThreadedTests.test_npn_protocolscCsLttj}|tttj}|tttj}|t|||fSr) rrYrNrrrrOrr)rr other_contextrrrr sni_contexts^s      zThreadedTests.sni_contextscCs"|d}|d|ff|ddS)Nrr%r-)r)rrIrrYrrrcheck_common_namegszThreadedTests.check_common_namecsg|\}}d|_fdd}||t||ddd}|d|fg||dgt||ddd}|d|fg||tg|dt||ddd}||t|gdS) NFcs ||f|dur|_dSr)rrrKZ server_nameZinitial_contextZcallsrrr servername_cbrsz6ThreadedTests.test_sni_callback..servername_cbT supermessagerrr4Znotfunny)rrr:r!rrr)rrrrrIrrrr;ks4     zThreadedTests.test_sni_callbackcCsp|\}}}dd}|||tj }t||ddd}Wdn1sR0Y||jjddS)NcSstjSr)rZALERT_DESCRIPTION_ACCESS_DENIEDrrrrcb_returning_alertszAThreadedTests.test_sni_callback_alert..cb_returning_alertFrrZTLSV1_ALERT_ACCESS_DENIED) rr:rrrr!rrKrb)rrrrrrNrIrrrtest_sni_callback_alerts $z%ThreadedTests.test_sni_callback_alertc Cs|\}}}dd}||tl}|tj }t||ddd}Wdn1s\0Y||j j d||j j t Wdn1s0YdS)NcSs dddS)Nr rrrrrr cb_raisingsz;ThreadedTests.test_sni_callback_raising..cb_raisingFrrZSSLV3_ALERT_HANDSHAKE_FAILURE)rr:rcatch_unraisable_exceptionrrrr!rrKrb unraisableexc_typeZeroDivisionError)rrrrrcatchrNrIrrrtest_sni_callback_raisings  $ z'ThreadedTests.test_sni_callback_raisingc Cs|\}}}dd}||tl}|tj }t||ddd}Wdn1s\0Y||j j d||j j t Wdn1s0YdS)NcSsdS)Nrrrrrrcb_wrong_return_typeszOThreadedTests.test_sni_callback_wrong_return_type..cb_wrong_return_typeFrrZTLSV1_ALERT_INTERNAL_ERROR)rr:rrrrrr!rrKrbrrr)rrrrrrrNrIrrr#test_sni_callback_wrong_return_types  $z1ThreadedTests.test_sni_callback_wrong_return_typec st\}}}|d|dgd}t|||d}|dd}|t|d|D]*\}}tfdd|DsV|qVdS) Nz AES128:AES256r)rzAES-256Z TLS_CHACHA20ZTLS_AESrrrc3s|]}|vVqdSrr)rZalgrrrrrz4ThreadedTests.test_shared_ciphers..)rrFr! assertGreaterrQanyr) rrrrZ expected_algsrIrZ tls_versionbitsrrrtest_shared_cipherss    z!ThreadedTests.test_shared_cipherscCst\}}}t|dd}|Z|jt|d}|t|jf||t |j d|t |j dWdn1s|0YdS)NFr,rsrshello) rrrrrHrIrrrr~r@rmr3rrr,test_read_write_after_close_raises_valuerrors   z:ThreadedTests.test_read_write_after_close_raises_valuerrorc Cs0d}ttjd}||Wdn1s00Y|tjtjttj}tj |_ | t | tt|dd}||th}|t|jfttjd,}||||d|Wdn1s0YWdn1s0YWdn1s"0YdS)NsxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxwbFr,r_r)r?rTESTFNrmrunlinkrrYrMrrrrrrrrrrHrIrsendfilerr0)rZ TEST_DATArBrrrfilerrr test_sendfiles(     zThreadedTests.test_sendfilec Cs@t\}}}|jtjO_t|||d}|d}||j||jd||j d||j tj dkr~||j d| |d|}||dd||ddt||||d }|}||dd ||dd||d|d}||j|j||||||||j|j||j |j t|||d}| |d|d}||j|j||||}||dd ||ddt||||d }||d|d} || j|j|| ||| j|j|| j |j |}||dd ||dd dS) Nrr rrrr.r r/)r rrr r)rrrrr!ridrrr@Z has_ticketrxZticket_lifetime_hintrr1rZ assertIsNotrr) rrrrrIr Z sess_statZsession2Zsession3Zsession4rrr test_sessionsf        zThreadedTests.test_sessionc Cst\}}}t\}}}|jtjO_|jtjO_t|dd}|H|jt|d}||jd||j d| t |j f|j}| ||t} t|_Wdn1s0Y|t| jdWdn1s0Y|jt|dd}| t |j f|t} ||_Wdn1sH0Y|t| jdWdn1sz0Y|jt|dT}||_| t |j f||jj|j||j|||j dWdn1s0Y|jt|dd}|t&} ||_| t |j fWdn1sH0Y|t| jdWdn1sz0YWdn1s0YdS)NFr,rszValue is not a SSLSession.z#Cannot set session after handshake.Tz)Session refers to a different SSLContext.)rrrrrrrrr rrHrIrrrrr&rKrKr~r) rrrrZclient_context2r~rrr r`rrrtest_session_handling3s^      $0  & $ .  0 z#ThreadedTests.test_session_handlingN)Mrrrr+r/r\rrzr1rPrrrr:r;r@rErerGrOrPrTrUrVrWrZr\r^rerfrrrsrvr{r}rrrrrr[rrrrr|rrrrrErrZr\rHAVE_SECP_CURVESr^rrZHAS_ALPNrrrZHAS_NPNrrrr]r;rrrrrrrrrrrrr)) s2$ (! 8% ) *    9 1)       :      %   '    (    :r)rzTest needs TLS 1.3c@sTeZdZddZddZddZddZd d Zd d Zd dZ ddZ ddZ dS)TestPostHandshakeAuthcCstjtjtjg}|D]}t|}||jdd|_||jdtj|_||jtj||jdd|_||jtj||jdtj |_d|_||jtj ||jdqdSr) rrMrNrOrYrpost_handshake_authrrr)rZ protocolsrRrHrrrtest_pha_setterhs"  z%TestPostHandshakeAuth.test_pha_setterc Cs:t\}}}d|_tj|_d|_|tt|dd}||jt |d}| t |j f| d||dd| d||dd | d||dd | d||dd | d |d d }|d|Wdn1s 0YWdn1s,0YdS)NTFr,rsrrrrrrrirr0)rrrrrrrrrrrHrIrrmrr0ror)rrrrrrZ cert_textrrrtest_pha_requireds.         z'TestPostHandshakeAuth.test_pha_requiredc Cst\}}}d|_tj|_d|_t}t|dd}||jt |d~}| t |j f| d||dd| d|tjd |dWdn1s0YWdn1s0YWdn1s0YWdn1s0YdS) NTFr,rsrrrrr)rrrrrrZcatch_threading_exceptionrrrrHrIrrmrr0rr)rrrrrNrrrrrtest_pha_required_nocerts(      z.TestPostHandshakeAuth.test_pha_required_nocertc Cstjrtjdt\}}}d|_tj|_ d|_| t tj |_ t |dd}||jt|dt}|t|jf|d||dd|d ||dd |d||dd Wdn1s0YWdn1s0YdS) NrTFr,rsrrrrrr)rrkrirlrmrrrrrrrrrrrrHrIrrr0r3rrrtest_pha_optionals*        z'TestPostHandshakeAuth.test_pha_optionalc Cstjrtjdt\}}}d|_tj|_ d|_t |dd}||j t |dt}| t|jf|d||dd|d ||dd |d||ddWdn1s0YWdn1s0YdS) NrTFr,rsrrrrr)rrkrirlrmrrrrrrrrrHrIrrr0r3rrrtest_pha_optional_nocerts&       z.TestPostHandshakeAuth.test_pha_optional_nocertc Cst\}}}d|_tj|_|tt|dd}||jt |dr}| t |j f| tjd|Wdn1s0Y|d|d|dWdn1s0YWdn1s0YdS) NTFr,rsz not serverrsextension not receivedr)rrrrrrrrrrrHrIrrrrrmrr0r3rrrtest_pha_no_pha_clients    & z,TestPostHandshakeAuth.test_pha_no_pha_clientc Cst\}}}tj|_d|_|tt|dd}||jt |dt}| t |j f| d||dd| d||dd | d||ddWdn1s0YWdn1s0YdS) NTFr,rsrrrrr)rrrrrrrrrrrHrIrrmrr0r3rrrtest_pha_no_pha_servers"       z,TestPostHandshakeAuth.test_pha_no_pha_serverc Cst\}}}tj|_tjj|_d|_|t t |dd}|n|j t |d<}| t|jf|d|d|dWdn1s0YWdn1s0YdS)NTFr,rsrsWRONG_SSL_VERSIONr)rrrrrrXrUrrrrrrrHrIrrmrr0r3rrrtest_pha_not_tls13s      z(TestPostHandshakeAuth.test_pha_not_tls13c Cs:t}ttj}d|_|td|_tj|_ ttj }|t| t d|_tj |_ t|dd}||jt|d}|t|jf|d||dd|d||dd |d||dd ||iWdn1s 0YWdn1s,0YdS) NTFr,rsrrrrrr)rrrYrOrrrrrrrNrrrrrrrHrIrrmrr0r)rrrrrrrrrtest_bpo37428_pha_cert_nones2          z1TestPostHandshakeAuth.test_bpo37428_pha_cert_noneN) rrrrrrrrrrrrrrrrrfsrkeylog_filenamez0test requires OpenSSL 1.1.1 with keylog callbackc@seZdZejfddZeee dddZ eee dddZ eee j jdee dd d Zd d Zd dZddZdS) TestSSLDebugcCs8t|}tt|WdS1s*0YdSr)r?rQr)rZfnamerBrrr keylog_lines;s zTestSSLDebug.keylog_linesr(cCs|tjtjttj}||jd| t j tjtj|_||jtj| t j tj||dd|_||jd|ttf(t j t j tj|_Wdn1s0Y|td|_Wdn1s0YdS)Nr )rrrrrrYrOrrrrrisfilerrrIsADirectoryErrorPermissionErrorrabspathrrrrrtest_keylog_defaults?s   $ z!TestSSLDebug.test_keylog_defaultsc Cs|tjtjt\}}}tj|_t|dd}|R|jt|d }| t |j fWdn1sn0YWdn1s0Y| | dd|_tj|_t|dd}|R|jt|d }| t |j fWdn1s0YWdn1s0Y|| dtj|_tj|_t|dd}|T|jt|d }| t |j fWdn1s0YWdn1s0Y|| dd|_d|_dS)NFr,rsr )rrrrrrrrrrHrIrrrrr3rrrtest_keylog_filenameWsB   L  N  Pz!TestSSLDebug.test_keylog_filenamez.test is not compatible with ignore_environmentcCs|tjtjtjjtj ztjtj d<| tj dtjt t j }| |jdt }| |jtjt }| |jtjWdn1s0YdS)NZ SSLKEYLOGFILE)rrrrr\Zmockr#dictrenvironrrrYrOrrLrNrrrrtest_keylog_env{s  zTestSSLDebug.test_keylog_envcCslt\}}}dd}||jd||_||j||tt|_Wdn1s^0YdS)NcSsdSrrr directionr/Z content_typeZmsg_typerrrrmsg_cbsz.TestSSLDebug.test_msg_callback..msg_cb)rr _msg_callbackrrr&)rrrrrrrrtest_msg_callbacks  zTestSSLDebug.test_msg_callbackc st\}}}|jtjO_gfdd}||_t|dd}|R|jt|d }|t |j fWdn1s~0YWdn1s0Y dt j tjtjf dt j tjtjfdS)Ncs@|tj|t|ddh||||fdS)Nr@rm)rrrrrrrrrrrrs z4TestSSLDebug.test_msg_callback_tls12..msg_cbFr,rsr@rm)rrrrrrrrrHrIrrrrXrZ HANDSHAKErZSERVER_KEY_EXCHANGEZCHANGE_CIPHER_SPEC)rrrrrrrrrrtest_msg_callback_tls12s0   L  z$TestSSLDebug.test_msg_callback_tls12c st\}}}tddd}fdd}||_||_t|dd}||jt|d }|t|jfWdn1s0Y|jt|d }|t|jfWdn1s0YWdn1s0YdS) Nr cSsdSrrrrrrrsz@TestSSLDebug.test_msg_callback_deadlock_bpo43577..msg_cbcs |_dSrr`r7Zserver_context2rrsni_cbsz@TestSSLDebug.test_msg_callback_deadlock_bpo43577..sni_cbFr,rs) rrZ sni_callbackrrrrHrIr)rrrrrrrrrrr#test_msg_callback_deadlock_bpo43577s$     . z0TestSSLDebug.test_msg_callback_deadlock_bpo43577N)rrrrrrrequires_keylogr\rZr\rrriflagsignore_environmentrrrrrrrrr9s     "   rc Cstjrtjtjd}|D]*\}}|}|r|drd||f}qTqtt}tdtj tj ftd|tdtj tdtj ztdtj WntyYn0ttttttttttttf D]}tj|std |qt}t j!tj"g|RdS) N)ZMacZWindowsrz%s %rztest_ssl: testing with %r %rz under %sz HAS_SNI = %rz OP_ALL = 0x%8xz OP_NO_TLSv1_1 = 0x%8xzCan't read certificate file %r)#rrkrZmac_verZ win32_veritemsrprintrrrxrrrrrrrrrrrrrrBADKEYrrrexistsZ TestFailedZthreading_setupr\ZaddModuleCleanupZthreading_cleanup)Zplatsrr_Zplatfilename thread_inforrr setUpModules:       r__main__)N)rTFNN)Nrr)rir\Z unittest.mockrrZ test.supportrrrrrr=rrLrZurllib.requestrarrgrr'rZ sysconfigrarp ImportError import_modulerrrrrEZPy_DEBUGr\sortedr*rrIrr rrxrr^rWZget_config_varr r#rverrLrrrfsencoderrrrrrrrrrr$r rr0rrrrrr7r6rrr?rrrrrrJrrrrr+r,r8r9r:r;r<r=rCrIrS lru_cacherPrerrYr[roruryrzrrrrrr]rMrrrZTestCaserrr_rkr{rZrequires_resourcerrrZtest.ssl_serversrrrrr!r(r)rZ HAS_KEYLOGrrrrmainrrrrsz                               (    '6?0B  v 3 IIO #