B 2*™\tã @s‚ddlZddlZddlmZddlZddlZddlZddlZddlZddl Z ddl Z ddl Z ddl Z ddlZddlZddlZddlZddlZddlZddlZy ddlZWnek rÀdZYnXe d¡ZeejƒZejZej d¡Ze oöej dkZ!e oej dkZ"e #d¡Z$iZ%xPdD]H\Z&Z'ye(ee&ƒZ&e(ej)e'ƒZ'Wne*k rZwYnXe'e%e&<qWd d „Z+e+d ƒZ,e  -e,¡Z.e+d ƒZ/e+d ƒZ0e  -e/¡Z1e  -e0¡Z2e+dƒZ3e+dƒZ4dZ5e+dƒZ6e  -e6¡Z7e+ddƒZ8e+ddƒZ9ddddddddœZ:e+dƒZ;e+dƒZe+d&ƒZ?d'Z@e+d(ƒZAd)ZBe+dd*ƒZCe+d+ƒZDe+d,ƒZEd-ZFe+d.ƒZGe+d/ƒZHe+d0ƒZIe+d1ƒZJe+d2ƒZKe+d3ƒZLe+d4ƒZMe+d5ƒZNe  -eN¡ZOe(ed6dƒZPe(ed7dƒZQe(ed8dƒZRe(ed9dƒZSe(ed:dƒZTd;d<„ZUd=d>„ZVd?d@„ZWdAdB„ZXdCdD„ZYeYƒZZdEdF„Z[dGdH„Z\dIdJ„Z]e ^ej_dK¡Z`ejafejbdddddLœdMdN„Zce.f)ÚhasattrrÚ functoolsÚwraps)r]r^r)r]rÚskip_if_broken_ubuntu_sslÆs  rbz SNI support needed for this test)Ú cert_reqsÚca_certsÚciphersÚcertfileÚkeyfilec Ksvt |¡}|dk r(|tjkr"d|_||_|dk r:| |¡|dk sJ|dk rV| ||¡|dk rh| |¡|j|f|ŽS)NF) rrDÚ CERT_NONEÚcheck_hostnameÚ verify_modeÚload_verify_locationsÚload_cert_chainÚ set_ciphersÚ wrap_socket) ÚsockÚ ssl_versionrcrdrerfrgr\ÚcontextrrrÚtest_wrap_socketØs     rrcCsd|tkrt}n|tkrt}nt|ƒ‚t tj¡}| t ¡t tj ¡}|  |¡| t ¡|||fS)N) ÚSIGNED_CERTFILEÚSIGNED_CERTFILE_HOSTNAMEÚSIGNED_CERTFILE2ÚSIGNED_CERTFILE2_HOSTNAMErGrrDÚPROTOCOL_TLS_CLIENTrkÚ SIGNING_CArErl)Z server_certÚhostnameÚclient_contextÚserver_contextrrrÚtesting_contextês     r|c@s˜eZdZdd„Zdd„Zdd„Zdd„Ze e j d kd ¡d d „ƒZ d Z dd„Z dd„Zdd„Zdd„Zdd„Zdd„Zejdd„ƒZdd„Zdd„Zd d!„Zd"d#„Zd$d%„Zd&d'„Zd(d)„Zd*d+„Zd,d-„Zd.d/„Ze d0e j!kd1¡d2d3„ƒZ"d4d5„Z#d6d7„Z$e e%j&d8kd9¡d:d;„ƒZ'e e%j&d8kd9¡dd?„Z)d@dA„Z*dBdC„Z+dDdE„Z,dFdG„Z-e e.ƒdH¡dIdJ„ƒZ/dKdL„Z0e 1dMdN¡dOdP„ƒZ2dQdR„Z3d S)SÚBasicSocketTestscCs tjtjtjtjtjtjr*tjtjdkr:tj |  tj ddh¡|  tjddh¡tj tj tjtjtjdkrŒtjtj| tjtj¡dS)N)rrTF)rrr)rrhÚ CERT_OPTIONALÚ CERT_REQUIREDr,r*rCr+r?r)ÚassertInÚHAS_SNIÚ OP_NO_SSLv2Ú OP_NO_SSLv3Ú OP_NO_TLSv1Ú OP_NO_TLSv1_3Ú OP_NO_TLSv1_1Ú OP_NO_TLSv1_2Ú assertEqualÚ PROTOCOL_TLSr)ÚselfrrrÚtest_constantss&  zBasicSocketTests.test_constantsc Cs:| td¡$t ¡}t |¡WdQRXWdQRXdS)Nzpublic constructor)ÚassertRaisesRegexÚ TypeErrorÚsocketrÚ SSLSocket)rŠÚsrrrÚtest_private_inits z"BasicSocketTests.test_private_initcCs2tj}| t|ƒd¡t |¡}| |j|¡dS)Nz_SSLMethod.PROTOCOL_TLS)rr‰rˆÚstrrDÚassertIsÚprotocol)rŠÚprotorHrrrÚtest_str_for_enumss z#BasicSocketTests.test_str_for_enumscCst ¡}tjr*tj d||r dp"df¡t d¡\}}| t |ƒd¡| ||dk¡|rxt  d¡}| t |ƒd¡n|  tj tj d¡|  t tj d¡|  t tjd¡ttdƒrÖ|  ttjd¡|  ttjdd¡t d d ¡t d d ¡t td ƒd ¡dS) Nz RAND_status is %d (%s) zsufficient randomnesszinsufficient randomnesséréûÿÿÿÚRAND_egdÚfoozthis is a random stringgÀR@sthis is a random bytes objects!this is a random bytearray object)rÚ RAND_statusrr3r1r4r5ÚRAND_pseudo_bytesrˆÚlenZ RAND_bytesÚ assertRaisesrWrGr_rr™ZRAND_addÚ bytearray)rŠÚvÚdataZis_cryptographicrrrÚ test_random$s(      zBasicSocketTests.test_randomÚposixzrequires posixcCst ¡}|s| d¡t ¡\}}t ¡}|dkr yBt |¡t d¡d}| t |ƒd¡t  ||¡t |¡Wnt k r’t  d¡Yn Xt  d¡nzt |¡|  tj|¡t |d¡\}}| |d¡t |d¡}| t |ƒd¡t d¡d}| t |ƒd¡| ||¡dS)Nz*OpenSSL's PRNG has insufficient randomnessrr—r)rr›Úfailr ÚpipeZforkÚcloserœrˆrr5Ú BaseExceptionÚ_exitÚ addCleanupÚwaitpidÚreadÚassertNotEqual)rŠÚstatusZrfdZwfdZpidZ child_randomÚ_Z parent_randomrrrÚtest_random_fork?s0        z!BasicSocketTests.test_random_forkNcCs˜| tj t¡t¡| tj t¡t¡tj t¡}t j rTt j   dt |¡d¡| |dd¡| |dd¡| |dd¡| |dd ¡dS) NÚ r#))rzprojects.developer.nokia.com)rzprojects.forum.nokia.comr%)zhttp://ocsp.verisign.comr&)z0http://SVRIntl-G3-aia.verisign.com/SVRIntlG3.cerr')z0http://SVRIntl-G3-crl.verisign.com/SVRIntlG3.crl)rˆrÚ_sslÚ_test_decode_certÚCERTFILEÚ CERTFILE_INFOrsÚSIGNED_CERTFILE_INFOÚ NOKIACERTrr3r1r4r5ÚpprintÚpformat)rŠÚprrrÚtest_parse_certas       z BasicSocketTests.test_parse_certc CsLtj t¡}tjr,tj dt   |¡d¡|  |dddddddd œ¡dS) Nr°)))rÚUK))rzcody-cazJun 14 18:00:58 2028 GMTzJun 18 18:00:58 2018 GMTZ02)))rr»))rz#codenomicon-vm-2.test.lal.cisco.com))rz#codenomicon-vm-2.test.lal.cisco.comr)rrr r!r"r#r$) rr±r²ÚTALOS_INVALID_CRLDPrr3r1r4r5r·r¸rˆ)rŠr¹rrrÚtest_parse_cert_CVE_2019_5010~s z.BasicSocketTests.test_parse_cert_CVE_2019_5010cCsxtj t¡}tjr,tj dt   |¡d¡d}|  |d|¡|  |d|¡tj dkr`d}nd}|  |d|¡dS) Nr°)))rÚUS))ÚstateOrProvinceNameZOregon))rZ Beaverton))rzPython Software Foundation))ÚorganizationalUnitNamezPython Core Development))rznull.python.orgexample.org))Ú emailAddresszpython-dev@python.orgr"r)rr8r9))rzaltnull.python.orgexample.com)Úemailz null@python.orguser@example.org)ÚURIz)http://null.python.orghttp://example.org)z IP Addressz 192.0.2.1)z IP Addressz2001:DB8:0:0:0:0:0:1 ))rzaltnull.python.orgexample.com)rÂz null@python.orguser@example.org)rÃz)http://null.python.orghttp://example.org)z IP Addressz 192.0.2.1)z IP Addressz r#) rr±r²Ú NULLBYTECERTrr3r1r4r5r·r¸rˆr<)rŠr¹r"ZsanrrrÚtest_parse_cert_CVE_2013_4238“s  z.BasicSocketTests.test_parse_cert_CVE_2013_4238cCs tj t¡}| |dd¡dS)Nr#) )rZallsans)Ú othernamez )rÆz )rÂzuser@example.org)rzwww.example.org)ZDirName)))rr))rzCastle Anthrax))rzPython Software Foundation))rzdirname example)rÃzhttps://www.python.org/)z IP Addressz 127.0.0.1)z IP Addressz0:0:0:0:0:0:0:1 )z Registered IDz 1.2.3.4.5)rr±r²Ú ALLSANFILErˆ)rŠr¹rrrÚtest_parse_all_sans°s  z$BasicSocketTests.test_parse_all_sansc CsŒttdƒ}| ¡}WdQRXt |¡}t |¡}t |¡}| ||¡| tjd¡sf|  d|¡|  dtj d¡sˆ|  d|¡dS)NÚrr°z-DER-to-PEM didn't include correct header: %r z-DER-to-PEM didn't include correct footer: %r ) ÚopenÚ CAFILE_CACERTr«rÚPEM_cert_to_DER_certZDER_cert_to_PEM_certrˆÚ startswithZ PEM_HEADERr¤ÚendswithZ PEM_FOOTER)rŠr^ÚpemÚd1Zp2Úd2rrrÚtest_DER_to_PEMÅs     z BasicSocketTests.test_DER_to_PEMc Cs&tj}tj}tj}| |t¡| |t¡| |t¡| |d¡|  |d¡|\}}}}}| |d¡|  |d¡| |d¡|  |d¡| |d¡|  |d¡| |d¡|  |d¡| |d¡|  |d¡t rü|  |  d |¡¡||t|ƒf¡n&|  |  d  |||¡¡||t|ƒf¡dS) Nii0rréé?r;z LibreSSL {:d}zOpenSSL {:d}.{:d}.{:d})rZOPENSSL_VERSION_NUMBERr?ÚOPENSSL_VERSIONÚassertIsInstanceÚintÚtupler’ÚassertGreaterEqualÚ assertLessZassertLessEqualÚ IS_LIBRESSLÚ assertTruerÍÚformatÚhex) rŠÚnÚtrÚmajorÚminorZfixZpatchr­rrrÚtest_openssl_versionÑs0               z%BasicSocketTests.test_openssl_versionc CsLt tj¡}t|ƒ}t |¡}t dtf¡~WdQRX| |ƒd¡dS)NrV) rŽÚAF_INETrrÚweakrefÚrefrZcheck_warningsÚResourceWarningrˆ)rŠrÚssÚwrrrrÚ test_refcycleðs    zBasicSocketTests.test_refcyclec CsÜt tj¡}t|ƒ¾}| t|jd¡| t|jtdƒ¡| t|jd¡| t|j tdƒd¡| t|j d¡| t|j dd¡| t |j ¡| t |jdgddd¡| t |jd¡| t |jtdƒg¡WdQRXdS)Nróx)z0.0.0.0rrréd)rŽrärrržÚOSErrorÚrecvÚ recv_intorŸÚrecvfromÚ recvfrom_intoÚsendÚsendtoÚNotImplementedErrorÚdupÚsendmsgÚrecvmsgÚ recvmsg_into)rŠrrèrrrÚtest_wrapped_unconnectedûs    z)BasicSocketTests.test_wrapped_unconnectedc CsLxFdD]>}t tj¡}| |¡t|ƒ}| || ¡¡WdQRXqWdS)N)Ngg@)rŽräÚ settimeoutrrrˆZ gettimeout)rŠÚtimeoutrrèrrrÚ test_timeout s     zBasicSocketTests.test_timeoutc Csdt ¡}|jtdtj|td|jtdtj|dd|jtdtj|dddtj|dtd}| td|jtd f¡WdQRX| t ¡(}t ¡}tj|t d WdQRXWdQRX|  |j j t j¡| t ¡*}t ¡}tj|tt d WdQRXWdQRX|  |j j t j¡| t ¡*}t ¡}tj|t t d WdQRXWdQRX|  |j j t j¡dS) Nzcertfile must be specified)rgz5certfile must be specified for server-side operationsT)Ú server_siderV)rýrfz!can't connect in server-side modei)rf)rfrg)rŽrŒrGrrnr³ÚconnectÚHOSTržríÚNONEXISTINGCERTrˆÚ exceptionÚerrnoÚENOENT)rŠrorÚcmrrrÚtest_errors_sslwraps6  "    z$BasicSocketTests.test_errors_sslwrapc CsXtj tj t¡ptj|¡}t ¡}| |j¡|  t j ¡t ||dWdQRXdS)N)rf) r r rrrÚcurdirrŽr©r¦ržrrWrr)rŠrfrorrrÚ bad_cert_test3s zBasicSocketTests.bad_cert_testcCs| d¡dS)Nz nullcert.pem)r)rŠrrrÚtest_empty_cert=sz BasicSocketTests.test_empty_certcCs| d¡dS)Nz badcert.pem)r)rŠrrrÚtest_malformed_certAsz$BasicSocketTests.test_malformed_certcCs| d¡dS)Nz badkey.pem)r)rŠrrrÚtest_malformed_keyEsz#BasicSocketTests.test_malformed_keyc s¤dd„}‡fdd„}ddi}||dƒ||dƒ||d ƒ||d ƒ||d ƒ||d ƒdd i}||dƒ||dƒ||dƒ||dƒ||dƒddi}||dƒ||dƒ||dƒ||dƒ||dƒddi}||dƒ||d ƒ||dƒddi}||dƒ||dƒ||dƒ||dƒddi}||dƒ||dƒ||dƒd d ¡ d!¡}dd"|fffi}|||ƒdd#i}|||ƒdd$i}|||ƒd% d ¡ d!¡}dd"|fffi}||d& d ¡ d!¡ƒ||d' d ¡ d!¡ƒ||d( d ¡ d!¡ƒ||d) d ¡ d!¡ƒd*d+d,d-œ}||d.ƒ||d/ƒ||d0ƒ||d1ƒd2d3d4œ}||d5ƒ||d6ƒ||d7ƒdd8d9œ}||d:ƒ||d;ƒ||d<ƒ||d=ƒttd>ƒrÚdd?d9œ}||d@ƒ||dAƒ||dBƒ||d=ƒd2dCd4œ}||d5ƒdDdEdFd-œ}||d5ƒdDdCdFd-œ}||dGƒˆ ttjdd¡ˆ ttjid¡ddHi}ˆ tj dI¡t |dJ¡WdQRXddKi}ˆ tj dL¡t |dM¡WdQRXddNi}ˆ tj dO¡t |dP¡WdQRXddQi}ˆ tj dR¡t |dS¡WdQRXddTi}ˆ tj dU¡t |dV¡WdQRXx.dWD]&}ˆ t¡t  |¡WdQRXq*WxdXD]}ˆ  t  |¡¡qZWttd>ƒr xdYD]}ˆ  t  |¡¡q†WdS)ZNcSst ||¡dS)N)rÚmatch_hostname)ÚcertryrrrÚokJsz0BasicSocketTests.test_match_hostname..okcsˆ tjtj||¡dS)N)ržrÚCertificateErrorr )r ry)rŠrrr¤Lsz2BasicSocketTests.test_match_hostname..failr")))rz example.comz example.comz ExAmple.cOmzwww.example.comz .example.comz example.orgZ exampleXcom)))rz*.a.comz foo.a.comz bar.foo.a.comza.comzXa.comz.a.com)))rzf*.comzfoo.comzf.comzbar.comz bar.foo.com)))rznull.python.orgexample.orgznull.python.orgexample.orgznull.python.org)))rz *.*.a.com)))rza.*.comz a.foo.comza..comupüthon.python.orgÚidnaÚasciir)))rz x*.python.org)))rzxn--p*.python.orguwww*.pythön.orguwww.pythön.orguwww1.pythön.orguftp.pythön.orgu pythön.orgzJun 26 21:41:46 2011 GMT)))rz linuxfrz.org))rz linuxfr.org)rz linuxfr.com)rÆz )rr"r#z linuxfr.orgz linuxfr.comz z linuxfrz.orgzDec 18 23:59:59 2011 GMT)))rr¾))r¿Ú California))rz Mountain View))rz Google Inc))rzmail.google.com)rr"zmail.google.comz gmail.comr))rz example.com)z IP Addressz 10.11.12.13)z IP Addressz 14.15.16.17)r"r#z 10.11.12.13z 14.15.16.17z 14.15.16.18z example.netZAF_INET6))rz example.com)z IP Addressz2001:0:0:0:0:0:0:CAFE )z IP Addressz2003:0:0:0:0:0:0:BABA z 2001::cafez 2003::babaz 2003::bebe)))rr¾))r¿r))rz Mountain View))rz Google InczDec 18 23:59:59 2099 GMT)))rr¾))r¿r))rz Mountain View))rzmail.google.com))rÆZblablaz google.com)))rza*b.example.comz5partial wildcards in leftmost label are not supportedzaxxb.example.com)))rzwww.*.example.comz2wildcard can only be present in the leftmost labelzwww.sub.example.com)))rza*b*.example.comztoo many wildcardszaxxbxxc.example.com)))rÚ*z7sole wildcard without additional labels are not supportÚhost)))rz*.comz%hostname 'com' doesn't match '\*.com'Zcom)Ú1rVz1.2.3z 256.0.0.1z 127.0.0.1/24)z 127.0.0.1z 192.168.0.1)z::1z2001:db8:85a3::8a2e:370:7334) ÚencodeÚdecoder_rŽržrGrr rŒrZ _inet_patonrÜ)rŠr r¤r rÚinvalidZipaddrr)rŠrÚtest_match_hostnameIsì                                                      z$BasicSocketTests.test_match_hostnamec Cs:t tj¡}t ¡}|jt|j|dddWdQRXdS)NTz some.hostname)Úserver_hostname)rrDrErŽržrGrn)rŠrHrorrrÚtest_server_sides  z!BasicSocketTests.test_server_sidec Cs|t tj¡}| d¡| ¡t tj¡}| | ¡¡t|dd&}| t¡|  d¡WdQRXWdQRX|  ¡dS)N)z 127.0.0.1rF)Údo_handshake_on_connectz unknown-type) rŽräÚbindÚlistenrþÚ getsocknamerrržrGÚget_channel_bindingr¦)rŠrÚcrèrrrÚtest_unknown_channel_bindings    z-BasicSocketTests.test_unknown_channel_bindingz tls-uniquez*'tls-unique' channel binding not availablec Csjt tj¡}t|ƒ}| | d¡¡WdQRXt tj¡}t|dtd}| | d¡¡WdQRXdS)Nz tls-uniqueT)rýrf)rŽrärrÚ assertIsNonerr³)rŠrrèrrrÚtest_tls_unique_channel_bindings    z0BasicSocketTests.test_tls_unique_channel_bindingc CsVtt tj¡ƒ}t|ƒ}| t¡}d}t ¡WdQRX| |t |j j dƒ¡dS)Nr) rrrŽräÚreprZ assertWarnsrçrZ gc_collectr€r’Zwarningr[)rŠrèrÉrrrrÚtest_dealloc_warn's  z"BasicSocketTests.test_dealloc_warnc Csrt ¡}| t|ƒd¡| |tj¡t ¡:}t|d<t |d<t ¡}| |j t ¡| |j t¡WdQRXdS)NéÚ SSL_CERT_DIRÚ SSL_CERT_FILE) rZget_default_verify_pathsrˆrrÖZDefaultVerifyPathsrÚEnvironmentVarGuardÚCAPATHr³Úcafiler)rŠÚpathsÚenvrrrÚtest_get_default_verify_paths/s z.BasicSocketTests.test_get_default_verify_pathsÚwin32zWindows specificc Csð| t d¡¡| t d¡¡| ttj¡| ttjd¡tƒ}x–dD]Ž}t |¡}| |t¡xr|D]j}| |t ¡|  t |ƒd¡|\}}}| |t ¡|  |ddh¡| |ttf¡t|tƒrj| |¡qjWqJWd}|  ||¡dS) NÚCAÚROOTrV)r0r1rÚx509_asnÚ pkcs_7_asnz1.3.6.1.5.5.7.3.1)rÜrZenum_certificatesržrÚ WindowsErrorÚsetrÖÚlistrØrˆrÚbytesr€ÚboolÚ isinstanceÚupdate) rŠZ trust_oidsZ storenameÚstoreÚelementr ÚencZtrustÚ serverAuthrrrÚtest_enum_certificates;s&        z'BasicSocketTests.test_enum_certificatescCs–| t d¡¡| ttj¡| ttjd¡t d¡}| |t¡xL|D]D}| |t¡|  t |ƒd¡| |dt ¡|  |dddh¡qJWdS)Nr0rVérrr2r3) rÜrZ enum_crlsržrr4rÖr6rØrˆrr7r€)rŠZcrlsr<rrrÚtest_enum_crlsTs    zBasicSocketTests.test_enum_crlsc Csºd}t d¡}| ||¡| |jd¡| |jd¡| |jd¡| |jd¡| |tj¡| t tjd¡tj  d¡}| ||¡| |tj¡| t tjj d¡|  t d¡tj  d¡WdQRXxvt d ƒD]j}ytj  |¡}Wnt k rþYqÖX| |jt ¡| |jt¡| |jt¡| |jttdƒf¡qÖWtj d¡}| ||¡| |tj¡| tj d¡|¡| tj d¡|¡|  t d ¡tj d ¡WdQRXdS) N)ér>zTLS Web Server Authenticationz1.3.6.1.5.5.7.3.1z1.3.6.1.5.5.7.3.1rBr>zTLS Web Server Authenticationéÿÿÿÿzunknown NID 100000i †ièzunknown object 'serverauth'Z serverauth)rÚ _ASN1ObjectrˆÚnidÚ shortnameZlongnameÚoidrÖržrGZfromnidrŒÚranger×r’ÚtypeZfromname)rŠÚexpectedÚvalÚiÚobjrrrÚtest_asn1objectcs@      z BasicSocketTests.test_asn1objectcCsÈt d¡}| tjjtj¡| tjj|¡| tjjjd¡| tjjjd¡| tjjjd¡t d¡}| tjj tj¡| tjj |¡| tjj jd¡| tjj jd¡| tjj jd¡dS)Nz1.3.6.1.5.5.7.3.1rBr>z1.3.6.1.5.5.7.3.2é‚Z clientAuth) rrDrÖÚPurposeÚ SERVER_AUTHrˆrErFrGÚ CLIENT_AUTH)rŠrKrrrÚtest_purpose_enumŠs    z"BasicSocketTests.test_purpose_enumc Cs”t tjtj¡}| |j¡| t¡}t|tj dWdQRX|  t |j ƒd¡t  tj¡}| t¡}| |¡WdQRX|  t |j ƒd¡dS)N)rcz!only stream sockets are supported)rŽräZ SOCK_DGRAMr©r¦ržrôrrrrhrˆr’rrDrwrn)rŠrZcxrHrrrÚtest_unsupported_dtls›s    z&BasicSocketTests.test_unsupported_dtlscCs| t |¡|¡dS)N)rˆrÚcert_time_to_seconds)rŠÚ timestringZ timestamprrrÚ cert_time_ok¦szBasicSocketTests.cert_time_okc Cs$| t¡t |¡WdQRXdS)N)ržrGrrU)rŠrVrrrÚcert_time_fail©s zBasicSocketTests.cert_time_failz)local time needs to be different from UTCcCs| dd¡| dd¡dS)NzMay 9 00:00:00 2007 GMTgÀCÑAzJan 5 09:34:43 2018 GMTgÀ¬Ñ“ÖA)rW)rŠrrrÚ"test_cert_time_to_seconds_timezone­s z3BasicSocketTests.test_cert_time_to_seconds_timezonecCsàd}d}| ||¡| tj|d|¡| d|¡| d|¡| d¡| d¡| d¡| d ¡| d ¡| d ¡| d ¡d }| d|¡| d|¡| dd¡| dd¡| dd¡| d¡| dd¡dS)NzJan 5 09:34:43 2018 GMTgÀ¬Ñ“ÖA)rSzJan 05 09:34:43 2018 GMTzJaN 5 09:34:43 2018 GmTzJan 5 09:34 2018 GMTzJan 5 09:34:43 2018zJan 5 09:34:43 2018 UTCzJan 35 09:34:43 2018 GMTzJon 5 09:34:43 2018 GMTzJan 5 24:00:00 2018 GMTzJan 5 09:60:43 2018 GMTgàWÒAzDec 31 23:59:60 2008 GMTzJan 1 00:00:00 2009 GMTzJan 5 09:34:59 2018 GMTiÃFOZzJan 5 09:34:60 2018 GMTiÄFOZzJan 5 09:34:61 2018 GMTiÅFOZzJan 5 09:34:62 2018 GMTzDec 31 23:59:59 9999 GMTg€¿ úMB)rWrˆrrUrX)rŠrVÚtsZ newyear_tsrrrÚtest_cert_time_to_secondsµs*                z*BasicSocketTests.test_cert_time_to_secondsÚLC_ALLrVcCs@dd„}|ƒ ¡dkr | d¡| dd¡| |ƒd¡dS)NcSs t dd¡S)Nz%b) rr@rrMrOr&rrr)rJrRrrrrÚlocal_february_nameÜszNBasicSocketTests.test_cert_time_to_seconds_locale..local_february_nameZfebz>locale-specific month name needs to be different from C localezFeb 9 00:00:00 2007 GMTg`îrÑAz 9 00:00:00 2007 GMT)ÚlowerÚskipTestrWrX)rŠr]rrrÚ test_cert_time_to_seconds_localeØs   z1BasicSocketTests.test_cert_time_to_seconds_localecCsvt tj¡}| |j¡t |¡}tt tj¡tjd}| |j¡|  t |f¡}t j t j t jt jf}| ||¡dS)N)rc)rŽrär©r¦rÚ bind_portrrrrÚ connect_exrÿrZ ECONNREFUSEDZ EHOSTUNREACHZ ETIMEDOUTÚ EWOULDBLOCKr€)rŠÚserverÚportrÚrcÚerrorsrrrÚtest_connect_ex_errorçs       z&BasicSocketTests.test_connect_ex_error)4Ú__name__Ú __module__Ú __qualname__r‹r‘r–r¢rZÚ skipUnlessr rr¯ZmaxDiffrºr½rÅrÈrÒrãrZ cpython_onlyrêrùrürrrr r rrr!rÚCHANNEL_BINDING_TYPESr#r%r.r1rXr?rArNrSrTrWrXrKrYr[Zrun_with_localer`rhrrrrr}sP     @   ' #r}c@s¨eZdZedd„ƒZedd„ƒZdd„Ze e dkd¡d d „ƒZ e  e j d kd ¡d d„ƒZedd„ƒZdd„Zdd„Ze ee jdƒd¡dd„ƒZe eƒd¡dd„ƒZdd„Zdd„Zd d!„Zd"d#„Zed$d%„ƒZd&d'„Ze e jd(¡d)d*„ƒZed+d,„ƒZ ed-d.„ƒZ!d/d0„Z"d1d2„Z#d3d4„Z$e  e%j&d5kd6¡e  e'd7¡d8d9„ƒƒZ(e e%j&d5kd:¡e  ee%d;ƒd<¡d=d>„ƒƒZ)d?d@„Z*dAdB„Z+dCdD„Z,dEdF„Z-dGdH„Z.dIdJ„Z/dKS)LÚ ContextTestscCsTxtD]}t |¡qWt ¡}| |jtj¡| ttjd¡| ttjd¡dS)NrCé*)Ú PROTOCOLSrrDrˆr”r‰ržrG)rŠr”rHrrrÚtest_constructorús  zContextTests.test_constructorcCs*x$tD]}t |¡}| |j|¡qWdS)N)rprrDrˆr”)rŠr•rHrrrÚ test_protocols  zContextTests.test_protocolc CsHt tj¡}| d¡| d¡| tjd¡| d¡WdQRXdS)NÚALLÚDEFAULTzNo cipher can be selectedz^$:,;?*'dorothyx)rrDrwrmrŒrW)rŠrHrrrÚ test_ciphers s    zContextTests.test_ciphersrz+Test applies only to Python default cipherscCsjt tj¡}| ¡}xP|D]H}|d}| d|¡| d|¡| d|¡| d|¡| d|¡qWdS)NrZPSKZSRPZMD5ZRC4Z3DES)rrDrwÚ get_ciphersZ assertNotIn)rŠrHreZsuiterrrrÚtest_python_cipherss      z ContextTests.test_python_ciphers)rrr@rrzOpenSSL too oldcCsHt tj¡}| d¡tdd„| ¡Dƒƒ}| d|¡| d|¡dS)NZAESGCMcss|]}|dVqdS)rNr)Ú.0Údrrrú !sz0ContextTests.test_get_ciphers..zAES256-GCM-SHA384zAES128-GCM-SHA256)rrDrwrmr5rvr€)rŠrHÚnamesrrrÚtest_get_cipherss    zContextTests.test_get_ciphersc CsÊt tj¡}tjtjBtjB}|ttBtBt Bt BO}|  ||j ¡|j tj O_ |  |tj B|j ¡tƒrª|j tj @|_ |  ||j ¡d|_ |  d|j tj@¡n| t¡ d|_ WdQRXdS)Nr)rrDrwÚOP_ALLr‚rƒr)r,r*r+r-rˆÚoptionsr„r=ržrG)rŠrHÚdefaultrrrÚ test_options%s  zContextTests.test_optionsc Csðt tj¡}| |jtj¡tj|_| |jtj¡tj|_| |jtj¡tj|_| |jtj¡| t ¡ d|_WdQRX| t ¡ d|_WdQRXt tj ¡}| |jtj¡|  |j ¡t tj¡}| |jtj¡| |j ¡dS)Nro)rrDr‰rˆrjrhr~rržrrGrEÚ assertFalserirwrÜ)rŠrHrrrÚtest_verify_mode_protocol;s$      z&ContextTests.test_verify_mode_protocolc Csvt tj¡}| |j¡tjrVd|_| |j¡d|_| |j¡d|_| |j¡n| t¡ d|_WdQRXdS)NTF) rrDrwrÜZhostname_checks_common_nameZHAS_NEVER_CHECK_COMMON_NAMErržÚAttributeError)rŠrHrrrÚ test_hostname_checks_common_nameRs     z-ContextTests.test_hostname_checks_common_nameÚminimum_versionzrequired OpenSSL 1.1.0gc Cs¢t tj¡}| |jtjjtjjtjjh¡|  |j tjj ¡tjj |_tjj|_ |  |jtjj ¡|  |j tjj¡tjj|_tjj|_ |  |jtjj¡|  |j tjj¡tjj |_ |  |j tjj ¡tjj|_ | |j tjjtjj h¡tjj |_| |jtjjtjjh¡| t¡ d|_WdQRXt tj¡}|  |jtjj¡|  |j tjj ¡| t¡tjj|_WdQRX| t¡tjj|_ WdQRXdS)Nro)rrDrEr€r…Ú TLSVersionZMINIMUM_SUPPORTEDr ÚTLSv1_2rˆÚmaximum_versionZMAXIMUM_SUPPORTEDr rÚTLSv1_3ržrGr )rŠrHrrrÚtest_min_max_version`sT             z!ContextTests.test_min_max_versionz!verify_flags need OpenSSL > 0.9.8c Cs¸t tj¡}ttddƒ}| |jtj|B¡tj|_| |jtj¡tj|_| |jtj¡tj|_| |jtj¡tjtj B|_| |jtjtj B¡|  t ¡ d|_WdQRXdS)NÚVERIFY_X509_TRUSTED_FIRSTr) rrDrEÚgetattrrˆÚ verify_flagsÚVERIFY_DEFAULTÚVERIFY_CRL_CHECK_LEAFZVERIFY_CRL_CHECK_CHAINZVERIFY_X509_STRICTržr)rŠrHÚtfrrrÚtest_verify_flags¦s   zContextTests.test_verify_flagsc Cs¨t tj¡}|jtdd|jttd|jt|jtd| t¡}| t¡WdQRX|  |j j t j ¡|  tjd¡| t¡WdQRX|  tjd¡| t¡WdQRXt tj¡}| tt¡|jttd|jttd|  tjd¡| t¡WdQRX|  tjd¡| t¡WdQRX|  tjd¡|jttdWdQRXt tj¡}|  tjd¡| tt¡WdQRX|jttd|jtt ¡d|jttt ¡ƒd| ttt¡| ttt ¡¡| tttt ¡ƒ¡|  td¡|jtddWdQRX| tj¡|jtddWdQRX|  td ¡|jtd d dWdQRXd d „}dd„}dd„}dd„}dd„}dd„}dd„} Gdd„dƒ} |jt|d|jt|d|jt|d|jt| ƒd|jt| ƒjd| tj¡|jt|dWdQRX|  td ¡|jt|dWdQRX|  td¡|jt|dWdQRX|  td¡|jt| dWdQRX|jt| ddS)N)rgzPEM lib)rfrgzkey values mismatch)Zpasswordzshould be a stringTÚbadpasszcannot be longeróaicSstS)N)Ú KEY_PASSWORDrrrrÚgetpass_unicodeész:ContextTests.test_load_cert_chain..getpass_unicodecSst ¡S)N)r”rrrrrÚ getpass_bytesësz8ContextTests.test_load_cert_chain..getpass_bytescSs tt ¡ƒS)N)rŸr”rrrrrÚgetpass_bytearrayísz.getpass_bytearraycSsdS)Nr’rrrrrÚgetpass_badpassïsz:ContextTests.test_load_cert_chain..getpass_badpasscSsddS)Nr“irrrrrÚ getpass_hugeñsz7ContextTests.test_load_cert_chain..getpass_hugecSsdS)Nr8rrrrrÚgetpass_bad_typeósz;ContextTests.test_load_cert_chain..getpass_bad_typecSs tdƒ‚dS)Nz getpass error)Ú ExceptionrrrrÚgetpass_exceptionõsz.getpass_exceptionc@seZdZdd„Zdd„ZdS)z:ContextTests.test_load_cert_chain..GetPassCallablecSstS)N)r”)rŠrrrÚ__call__øszCContextTests.test_load_cert_chain..GetPassCallable.__call__cSstS)N)r”)rŠrrrÚgetpassúszBContextTests.test_load_cert_chain..GetPassCallable.getpassN)rirjrkrržrrrrÚGetPassCallable÷srŸzmust return a stringz getpass error)rrDrErlr³ržrrírrˆrrrrŒrWÚBADCERTÚ EMPTYCERTÚONLYCERTÚONLYKEYÚBYTES_ONLYCERTÚ BYTES_ONLYKEYrËÚCERTFILE_PROTECTEDr”rrŸÚONLYKEY_PROTECTEDrGržr›) rŠrHrr•r–r—r˜r™ršrœrŸrrrÚtest_load_cert_chainºsz      z!ContextTests.test_load_cert_chainc Csät tj¡}| t¡|jtdd| t¡|jtdd| t|j¡| t|jddd¡| t¡}| t ¡WdQRX|  |j j t j ¡| tjd¡| t¡WdQRX| tt¡|jttd| t|jdd¡dS)N)r+rzPEM lib)rT)rrDrErkr³ÚBYTES_CERTFILEržrrírrˆrrrrŒrWr r*Ú BYTES_CAPATH)rŠrHrrrrÚtest_load_verify_locations s     z'ContextTests.test_load_verify_locationsc CsJttƒ}| ¡}WdQRXt |¡}ttƒ}| ¡}WdQRXt |¡}t tj¡}| |  ¡dd¡|j |d| |  ¡dd¡|j |d| |  ¡dd¡|j |d| |  ¡dd¡t tj¡}d  ||f¡}|j |d| |  ¡dd¡t tj¡}d|d|d |d g}|j d  |¡d| |  ¡dd¡t tj¡}|j |d|j |d| |  ¡dd¡|j |d| |  ¡dd¡t tj¡}d   ||f¡}|j |d| |  ¡dd¡t tj¡}|j t |j td| tjd ¡|j d dWdQRX| tjd¡|j ddWdQRXdS)NÚx509_car)Úcadatarr@r°ÚheadÚotherZagainÚtailóz no start lineZbrokenznot enough datasbroken)rÊrËr«rrÌÚCAFILE_NEURONIOrDrwrˆÚcert_store_statsrkrržrÚobjectrŒrW)rŠr^Z cacert_pemZ cacert_derZ neuronio_pemZ neuronio_derrHZcombinedrrrÚtest_load_verify_cadata sN                   z$ContextTests.test_load_verify_cadatac Cs t tj¡}| t¡tjdkr*| t¡| t |j¡| t |jd¡| t ¡}| t ¡WdQRX|  |j jtj¡| tj¡}| t¡WdQRXdS)NÚnt)rrDrEÚload_dh_paramsÚDHFILEr rÚ BYTES_DHFILEržrÚFileNotFoundErrorrrˆrrrrWr³)rŠrHrrrrÚtest_load_dh_paramsZs     z ContextTests.test_load_dh_paramscCsDx>tD]6}t |¡}| | ¡ddddddddddddœ ¡qWdS)Nr) ZnumberrþZ connect_goodZconnect_renegotiateÚacceptZ accept_goodZaccept_renegotiateÚhitsÚmissesZtimeoutsZ cache_full)rprrDrˆÚ session_stats)rŠr•rHrrrÚtest_session_statsgs   zContextTests.test_session_statscCst tj¡}| ¡dS)N)rrDrwZset_default_verify_paths)rŠrHrrrÚtest_set_default_verify_pathsys z*ContextTests.test_set_default_verify_pathsz#ECDH disabled on this OpenSSL buildcCsbt tj¡}| d¡| d¡| t|j¡| t|jd¡| t|jd¡| t|jd¡dS)NÚ prime256v1s prime256v1ršsfoo)rrDrErFržrrG)rŠrHrrrÚtest_set_ecdh_curves   z ContextTests.test_set_ecdh_curvecCsjt tj¡}| t|j¡| t|jd¡| t|jd¡| t|j|¡dd„}| d¡| |¡dS)NrMrVcSsdS)Nr)roÚ servernamerHrrrÚ dummycallback“sz5ContextTests.test_sni_callback..dummycallback)rrDrEržrÚset_servername_callback)rŠrHrÅrrrÚtest_sni_callback‰s  zContextTests.test_sni_callbackcCsJt tj¡}|fdd„}| |¡t |¡}~~t ¡| |ƒd¡dS)NcSsdS)Nr)rorÄrHÚcyclerrrrÅsz>ContextTests.test_sni_callback_refcycle..dummycallback) rrDrErÆråræÚgcÚcollectr“)rŠrHrÅrérrrÚtest_sni_callback_refcycle˜s    z'ContextTests.test_sni_callback_refcyclecCsŽt tj¡}| | ¡ddddœ¡| t¡| | ¡ddddœ¡| t¡| | ¡ddddœ¡| t¡| | ¡ddddœ¡dS)Nr)r¬ÚcrlÚx509rr@) rrDrwrˆr³rlr³rkrË)rŠrHrrrÚtest_cert_store_stats¥s        z"ContextTests.test_cert_store_statsc Cs¨t tj¡}| | ¡g¡| t¡| | ¡g¡| t¡| | ¡dtdƒtdƒdddddœg¡t tƒ}|  ¡}WdQRXt  |¡}| | d¡|g¡dS) N)))rzRoot CA))rÀzhttp://www.cacert.org))rzCA Cert Signing Authority))rÁzsupport@cacert.orgzMar 29 12:29:49 2033 GMTzMar 30 12:29:49 2003 GMTZ00)z!https://www.cacert.org/revoke.crlr)rrr r!r'r"r$T) rrDrwrˆÚ get_ca_certsrkr³rËrTrÊr«rÌ)rŠrHr^rÏÚderrrrÚtest_get_ca_certs³s"       zContextTests.test_get_ca_certscCs€t tj¡}| ¡t tj¡}| tjj¡| ¡t tj¡}| tjj¡t tj¡}| t|jd¡| t|jd¡dS)NrQ) rrDrwÚload_default_certsrPrQrRržr)rŠrHrrrÚtest_load_default_certsÏs    z$ContextTests.test_load_default_certsr/znot-Windows specificz!LibreSSL doesn't support env varsc CsTt tj¡}t ¡6}t|d<t|d<| ¡| |  ¡ddddœ¡WdQRXdS)Nr'r(rr)rÌrÍr¬) rrDrwrr)r*r³rÒrˆr³)rŠrHr-rrrÚtest_load_default_certs_envÞs   z(ContextTests.test_load_default_certs_envzWindows specificZgettotalrefcountz3Debug build does not share environment between CRTsc Csxt tj¡}| ¡| ¡}t tj¡}t ¡>}t|d<t|d<| ¡|dd7<|  | ¡|¡WdQRXdS)Nr'r(rÍr) rrDrwrÒr³rr)r*r³rˆ)rŠrHÚstatsr-rrrÚ#test_load_default_certs_env_windowsès   z0ContextTests.test_load_default_certs_env_windowscCs‚| |jtj@tj¡tdkr0| |jt@t¡tdkrJ| |jt@t¡tdkrd| |jt@t¡tdkr~| |jt@t¡dS)Nr)rˆr~rr‚r)r*r+r,)rŠrHrrrÚ_assert_context_options÷s    z$ContextTests._assert_context_optionsc CsÐt ¡}| |jtj¡| |jtj¡| |j¡|  |¡t t ƒ}|  ¡}WdQRXtjt t |d}| |jtj¡| |jtj¡|  |¡t tjj¡}| |jtj¡| |jtj¡|  |¡dS)N)r+rr­)rÚcreate_default_contextrˆr”r‰rjrrÜrir×rÊrxr«r*rPrRrh)rŠrHr^r­rrrÚtest_create_default_contexts     z(ContextTests.test_create_default_contextcCsüt ¡}| |jtj¡| |jtj¡| |j¡|  |¡t tj ¡}| |jtj ¡| |jtj¡|  |¡tjtj tj dd}| |jtj ¡| |jtj ¡|  |j¡|  |¡tjtj jd}| |jtj¡| |jtj¡|  |¡dS)NT)rcri)Zpurpose)rZ_create_stdlib_contextrˆr”r‰rjrhrrir×rrrÜrPrR)rŠrHrrrÚtest__create_stdlib_contexts(      z(ContextTests.test__create_stdlib_contextc Csdt tj¡}| |j¡| |jtj¡d|_| |j¡| |jtj ¡d|_tj |_| |j¡| |jtj ¡d|_tj|_d|_| |j¡| |jtj¡d|_| |j¡| |jtj ¡d|_tj |_d|_| |j¡| |jtj ¡d|_| |j¡| |jtj ¡|  t ¡tj|_WdQRXd|_| |j¡tj|_| |jtj¡dS)NTF) rrDr‰rrirˆrjrhrÜrr~ržrG)rŠrHrrrÚtest_check_hostname4s@          z ContextTests.test_check_hostnamecCsTt tj¡}| |j¡| |jtj¡t tj¡}|  |j¡| |jtj ¡dS)N) rrDrwrÜrirˆrjrrErrh)rŠrHrrrÚtest_context_client_server_s     z'ContextTests.test_context_client_serverc CsŠGdd„dtjƒ}Gdd„dtjƒ}t tj¡}||_||_|jt ¡dd}|  ||¡WdQRX|  t  ¡t  ¡¡}|  ||¡dS)Nc@s eZdZdS)z;ContextTests.test_context_custom_class..MySSLSocketN)rirjrkrrrrÚ MySSLSocketksrÝc@s eZdZdS)z;ContextTests.test_context_custom_class..MySSLObjectN)rirjrkrrrrÚ MySSLObjectnsrÞT)rý) rrÚ SSLObjectrDrEZsslsocket_classZsslobject_classrnrŽrÖÚwrap_bioÚ MemoryBIO)rŠrÝrÞrHrorMrrrÚtest_context_custom_classjs z&ContextTests.test_context_custom_classN)0rirjrkrbrqrrrurZrlrrwÚskipIfrr?r|r€r‚r„r_rDrŠrAr‘r¨r«rµr»rÀrÁrCrÃÚ needs_snirÇrËrÎrÑrÓr1rXrÛrÔrÖr×rÙrÚrÛrÜrârrrrrnøsF    ES:    + rnc@s,eZdZdd„Zdd„Zdd„Zdd„Zd S) Ú SSLErrorTestscCsXt dd¡}| t|ƒd¡| |jd¡t dd¡}| t|ƒd¡| |jd¡dS)Nrrš)rrWrˆr’rZSSLZeroReturnError)rŠÚerrrÚtest_str}s   zSSLErrorTests.test_strc Csnt tj¡}| tj¡}| t¡WdQRX| |jj d¡| |jj d¡t |jƒ}|  |  d¡|¡dS)NZPEMZ NO_START_LINEz"[PEM: NO_START_LINE] no start line)rrDrwržrWr·r³rˆrZlibraryÚreasonr’rÜrÍ)rŠrHrrrrrÚtest_lib_reason‡s  zSSLErrorTests.test_lib_reasonc CsÎt tj¡}d|_tj|_t ¡¢}| d¡| ¡t ¡}|  |  ¡¡|  d¡|j |dddT}|  tj¡}| ¡WdQRXt|jƒ}| | d¡|¡| |jjtj¡WdQRXWdQRXdS)NF)z 127.0.0.1r)rz%The operation did not complete (read))rrDrwrirhrjrŽrrrþrÚ setblockingrnržÚSSLWantReadErrorÚ do_handshaker’rrÜrÍrˆrÚSSL_ERROR_WANT_READ)rŠrHrr rrrrÚ test_subclass‘s     zSSLErrorTests.test_subclassc Cs–t ¡}| t¡|jt ¡t ¡ddWdQRX| t¡|jt ¡t ¡ddWdQRX| t¡|jt ¡t ¡ddWdQRXdS)NrV)rz .example.orgzexample.orgevil.com)rrØržrGràrár)rŠrHrrrÚtest_bad_server_hostname¦s   z&SSLErrorTests.test_bad_server_hostnameN)rirjrkrçrérîrïrrrrrå{s  råc@s4eZdZdd„Zdd„Zdd„Zdd„Zd d „Zd S) ÚMemoryBIOTestscCsªt ¡}| d¡| | ¡d¡| | ¡d¡| d¡| d¡| | ¡d¡| | ¡d¡| d¡| | d¡d¡| | d¡d ¡| | d¡d¡dS) Nsfoor±sbarsfoobarsbazr@sbaróz)rrár5rˆr«)rŠÚbiorrrÚtest_read_writeµs    zMemoryBIOTests.test_read_writecCs¶t ¡}| |j¡| | ¡d¡| |j¡| d¡| |j¡| ¡| |j¡| | d¡d¡| |j¡| | d¡d¡| |j¡| | ¡d¡| |j¡dS)Nr±sfoor@sforóo) rrárÚeofrˆr«r5Ú write_eofrÜ)rŠròrrrÚtest_eofÃs       zMemoryBIOTests.test_eofcCs¨t ¡}| |jd¡| d¡| |jd¡x0tdƒD]$}| d¡| |jd|d¡q8Wx,tdƒD] }| d¡| |j|d¡qjW| ¡| |jd¡dS)Nrsfoorrrë)rrárˆÚpendingr5rHr«)rŠròrLrrrÚ test_pendingÓs   zMemoryBIOTests.test_pendingcCsbt ¡}| d¡| | ¡d¡| tdƒ¡| | ¡d¡| tdƒ¡| | ¡d¡dS)Nsfoosbarsbaz)rrár5rˆr«rŸÚ memoryview)rŠròrrrÚtest_buffer_typesás z MemoryBIOTests.test_buffer_typescCsLt ¡}| t|jd¡| t|jd¡| t|jd¡| t|jd¡dS)NršTr)rráržrr5)rŠròrrrÚtest_error_typesês zMemoryBIOTests.test_error_typesN)rirjrkrór÷rùrûrürrrrrð³s  rðc@seZdZdd„Zdd„ZdS)ÚSSLObjectTestsc Cs0t ¡}| td¡t ||¡WdQRXdS)Nzpublic constructor)rrárŒrrß)rŠròrrrr‘ósz SSLObjectTests.test_private_initc Cs.tƒ\}}}t ¡}t ¡}t ¡}t ¡}|j|||d}|j||dd} x€tdƒD]t} y | ¡Wntjk r|YnX|jr’| |  ¡¡y |  ¡Wntjk r´YnX|jrV| |  ¡¡qVW| ¡|  ¡|  tj¡|  ¡WdQRX| |  ¡¡|   ¡| |  ¡¡|  ¡dS)N)rT)rýrO) r|rráràrHrìrërør5r«ržÚunwrap) rŠZ client_ctxZ server_ctxryZc_inZc_outZs_inZs_outÚclientrdr®rrrÚ test_unwrapøs8   zSSLObjectTests.test_unwrapN)rirjrkr‘rrrrrrýòsrýc@sºeZdZdd„Zdd„Zdd„Zdd„Zd d „Zd d „Zd d„Z dd„Z dd„Z e   ejdkd¡dd„ƒZdd„Zdd„Zdd„Zdd„Zdd „Zed!d"„ƒZd#d$„Zd%d&„Zd'd(„Zd)S)*ÚSimpleBackgroundTestscCs2ttƒ}t|jf|_| ¡| |jddd¡dS)N)ÚThreadedEchoServerrsrÿreÚ server_addrÚ __enter__r©Ú__exit__)rŠrdrrrÚsetUp%s zSimpleBackgroundTests.setUpc Cs˜tt tj¡tjd.}| |j¡| i| ¡¡|  |j ¡WdQRXtt tj¡tj t d,}| |j¡|  | ¡¡|  |j ¡WdQRXdS)N)rc)rcrd)rrrŽrärrhrþrrˆÚ getpeercertrrýrrxrÜ)rŠrrrrÚ test_connect+s      z"SimpleBackgroundTests.test_connectcCs<tt tj¡tjd}| |j¡| tjd|j |j ¡dS)N)rczcertificate verify failed) rrrŽrärrr©r¦rŒrWrþr)rŠrrrrÚtest_connect_fail:s     z'SimpleBackgroundTests.test_connect_failcCsJtt tj¡tjtd}| |j¡| d|  |j ¡¡|  |  ¡¡dS)N)rcrdr) rrrŽrärrrxr©r¦rˆrbrrÜr)rŠrrrrÚtest_connect_exDs   z%SimpleBackgroundTests.test_connect_exc CsÚtt tj¡tjtdd}| |j¡| d¡|  |j ¡}|  |dt j t jf¡t g|ggd¡xby| ¡PWqftjk rœt |gggd¡Yqftjk rÂt g|ggd¡YqfXqfW| | ¡¡dS)NF)rcrdrrg@)rrrŽrärrrxr©r¦rêrbrr€rZ EINPROGRESSrcÚselectrìrëÚSSLWantWriteErrorrÜr)rŠrrfrrrÚtest_non_blocking_connect_exMs$    z2SimpleBackgroundTests.test_non_blocking_connect_exc CsÆt tj¡}| t tj¡¡"}| |j¡| i|  ¡¡WdQRX|jt tj¡dd}| |j¡WdQRXtj |_ |  t ¡| t tj¡¡$}| |j¡|  ¡}| |¡WdQRXdS)NZdummy)r)rrDr‰rnrŽrärþrrˆrrrjrkrxrÜ)rŠrHrr rrrÚtest_connect_with_contextgs     z/SimpleBackgroundTests.test_connect_with_contextcCsLt tj¡}tj|_| t tj¡¡}| |j ¡|  tj d|j |j ¡dS)Nzcertificate verify failed)rrDr‰rrjrnrŽrär©r¦rŒrWrþr)rŠrHrrrrÚtest_connect_with_context_failys    z4SimpleBackgroundTests.test_connect_with_context_failc Cs¼t tj¡}tj|_|jtd| t tj ¡¡$}|  |j ¡|  ¡}|  |¡WdQRXt tj¡}tj|_|jtd| t tj ¡¡$}|  |j ¡|  ¡}|  |¡WdQRXdS)N)r)rrDr‰rrjrkr*rnrŽrärþrrrÜrª)rŠrHrr rrrÚtest_connect_capath„s      z)SimpleBackgroundTests.test_connect_capathc Csâttƒ}| ¡}WdQRXt |¡}t tj¡}tj|_|j |d|  t   t j ¡¡$}|  |j¡| ¡}| |¡WdQRXt tj¡}tj|_|j |d|  t   t j ¡¡$}|  |j¡| ¡}| |¡WdQRXdS)N)r­)rÊrxr«rrÌrDr‰rrjrkrnrŽrärþrrrÜ)rŠr^rÏrÐrHrr rrrÚtest_connect_cadata›s"        z)SimpleBackgroundTests.test_connect_cadatar¶z*Can't use a socket as a file under Windowsc Csˆtt tj¡ƒ}| |j¡| ¡}| ¡}| ¡t  |d¡| ¡t   ¡|  t ¡}t  |d¡WdQRX| |jjtj¡dS)Nr)rrrŽrärþrÚfilenoZmakefiler¦r r«rÉrÊržrírˆrrZEBADF)rŠrèÚfdr^rærrrÚtest_makefile_close°s   z)SimpleBackgroundTests.test_makefile_closecCsÄt tj¡}| |j¡| d¡t|tjdd}| |j ¡d}xfy|d7}|  ¡PWqDtj k r€t   |ggg¡YqDtj k r¤t   g|gg¡YqDXqDWtjrÀtj d|¡dS)NF)rcrrrz9 Needed %d calls to do_handshake() to establish session. )rŽrärþrrêrrrrhr©r¦rìrër r rr3r1r4r5)rŠrÚcountrrrÚtest_non_blocking_handshakeÃs&    z1SimpleBackgroundTests.test_non_blocking_handshakecCst|f|jždtiŽdS)Nr )Ú_test_get_server_certificaterrx)rŠrrrÚtest_get_server_certificateØsz1SimpleBackgroundTests.test_get_server_certificatecCst|f|jžŽdS)N)Ú!_test_get_server_certificate_failr)rŠrrrÚ test_get_server_certificate_failÛsz6SimpleBackgroundTests.test_get_server_certificate_failc Cs²tt tj¡tjdd}| |j¡WdQRXtt tj¡tjdd}| |j¡WdQRX| tjd¡:t tj¡"}t|tjdd}| |j¡WdQRXWdQRXdS)Nrs)rcrertzNo cipher can be selectedz^$:,;?*'dorothyx) rrrŽrärrhrþrrŒrW)rŠrrorrrruàs   z"SimpleBackgroundTests.test_ciphersc Cs€t tj¡}|jtd| | ¡g¡|jt tj ¡dd$}|  |j ¡|  ¡}|  |¡WdQRX| t| ¡ƒd¡dS)N)rr)rr)rrDrwrkr*rˆrÏrnrŽrärþrrrÜr)rŠrHrr rrrÚtest_get_ca_certs_capathîs    z.SimpleBackgroundTests.test_get_ca_certs_capathc Cs¨t tj¡}|jtdt tj¡}|jtdt tj¡}|j|ddT}| |j ¡|  |j |¡|  |j j |¡||_ |  |j |¡|  |j j |¡WdQRXdS)N)rr)r) rrDrwrkr*rŽrärnrþrr“rqÚ_sslobj)rŠZctx1Zctx2rrèrrrÚtest_context_setgetús      z)SimpleBackgroundTests.test_context_setgetc Osú| dd¡}t ¡|}d} x¼t ¡|kr4| d¡d} | d7} y ||Ž} Wn>tjk rŠ} z| jtjtjfkrt‚| j} Wdd} ~ XYnX|  ¡} |  | ¡| dkrªPq| tjkr|  d¡} | rÎ|  | ¡q|  ¡qWtjrötj  d| |jf¡| S)Nrûé rri€z"Needed %d calls to complete %s(). )ÚgetrJZ monotonicr¤rrWrríZSSL_ERROR_WANT_WRITEr«Úsendallrîr5rörr3r1r4ri)rŠroÚincomingÚoutgoingr]r[r\rûZdeadlinerrÚretræÚbufrrrÚ ssl_io_loop s8           z!SimpleBackgroundTests.ssl_io_loopcCs„t tj¡}| |j¡| |j¡t ¡}t ¡}t tj ¡}|  |j ¡|  |j tj¡| t¡| ||dt¡}| |jj|¡| | ¡¡| | ¡¡| | ¡¡| t|j¡dtjkrØ| | d¡¡|  ||||j!¡|  | ¡¡| | ¡¡| | ¡¡|  | ¡¡dtjkr>|  | d¡¡y|  ||||j"¡Wntj#k rlYnX| tj$|j%d¡dS)NFz tls-uniquesfoo)&rŽrär©r¦rþrrrárDrwrÜrirˆrjrrkrxràrtr“rÚownerr"Úcipherr$ÚassertIsNotNoneÚshared_ciphersržrGrrmrr%rìrþZSSLSyscallErrorrWr5)rŠror!r"rHÚsslobjrrrÚtest_bio_handshake/s<         z(SimpleBackgroundTests.test_bio_handshakecCs¶t tj¡}| |j¡| |j¡t ¡}t ¡}t tj ¡}tj |_ |  ||d¡}|  ||||j¡d}|  ||||j|¡|  ||||jd¡}| |d¡|  ||||j¡dS)NFsFOO isfoo )rŽrär©r¦rþrrrárDr‰rhrjràr%rìr5r«rˆrþ)rŠror!r"rHr*Zreqr$rrrÚtest_bio_read_write_dataQs     z.SimpleBackgroundTests.test_bio_read_write_dataN)rirjrkrrr r r rrrrrZrãr rrrrrrurrärr%r+r,rrrrr"s&    %"rc@s*eZdZdd„Ze ejd¡dd„ƒZdS)ÚNetworkedTestsc Cs|t t¡htt tj¡tjdd}| |j ¡|  d¡|  tdf¡}|dkrZ|  d¡|  |tjtjf¡WdQRXdS)NF)rcrgH¯¼šò×z>i»rz!REMOTE_HOST responded too quickly)rÚtransient_internetÚ REMOTE_HOSTrrrŽrärrr©r¦rúrbr_r€rZEAGAINrc)rŠrrfrrrÚtest_timeout_connect_exds     z&NetworkedTests.test_timeout_connect_exz Needs IPv6c Cs2t d¡t|ddƒt|ddƒWdQRXdS)Nzipv6.google.comi»)rr.rr)rŠrrrÚ test_get_server_certificate_ipv6rs  z/NetworkedTests.test_get_server_certificate_ipv6N) rirjrkr0rZrlrZ IPV6_ENABLEDr1rrrrr-bsr-cCslt ||f¡}|s$| d||f¡tj||f|d}|sL| d||f¡tjrhtj d|||f¡dS)NzNo server certificate on %s:%s!)rdz& Verified certificate for %s:%s is %s )rÚget_server_certificater¤rr3r1r4r5)Útestrrer rÏrrrrysrc Csjytj||ftd}Wn:tjk rP}ztjr@tj d|¡Wdd}~XYnX|  d|||f¡dS)N)rdz%s z$Got server certificate %s for %s:%s!) rr2r³rWrr3r1r4r5r¤)r3rrerÏÚxrrrr„s "r)Úmake_https_serverc @sReZdZGdd„dejƒZddd„Zdd „Zd d „Zdd d „Z dd„Z dd„Z dS)rc@s<eZdZdd„Zdd„Zdd„Zdd„Zd d „Zd d „Zd S)z$ThreadedEchoServer.ConnectionHandlercCs@||_d|_||_||_|j d¡d|_tj |¡d|_ dS)NFrT) rdÚrunningroÚaddrrêÚsslconnÚ threadingÚThreadÚ__init__Údaemon)rŠrdZconnsockr7rrrr;™s  z-ThreadedEchoServer.ConnectionHandler.__init__c Cs yB|jjj|jdd|_|jj |j ¡¡|jj |j  ¡¡WnÖt t fk r¨}zB|jj  t |ƒ¡|jjrˆtdt|jƒdƒd|_| ¡dSd}~XYn^tjtfk r}zL|jj  t |ƒ¡|jjrðtdt|jƒdƒd|_|j ¡| ¡dSd}~XYnîX|jj |j ¡¡|jjjtjkr°|j ¡}tjrv|jjrvtj  dt! "|¡d¡|j d¡}tjr°|jjr°tj  dt t#|ƒƒd ¡|j $¡}tjr|jjrtj  d t |ƒd¡tj  d t |j ¡ƒd¡dSdS) NT)rýz' server: bad connection attempt from z: Fz client cert is r°z cert binary is z bytes z" server: connection cipher is now z" server: selected protocol is now )%rdrqrnror8Úselected_npn_protocolsÚappendÚselected_npn_protocolÚselected_alpn_protocolsÚselected_alpn_protocolÚConnectionResetErrorÚBrokenPipeErrorÚ conn_errorsr’Úchattyr7r$r7r6r¦rrWríÚstopr)rjrrrr3r1r4r5r·r¸rr')rŠrær Z cert_binaryr'rrrÚ wrap_conn£sD     z.ThreadedEchoServer.ConnectionHandler.wrap_conncCs |jr|j ¡S|j d¡SdS)Ni)r8r«rorî)rŠrrrr«Ùs z)ThreadedEchoServer.ConnectionHandler.readcCs"|jr|j |¡S|j |¡SdS)N)r8r5rorò)rŠr7rrrr5ßs z*ThreadedEchoServer.ConnectionHandler.writecCs |jr|j ¡n |j ¡dS)N)r8r¦ro)rŠrrrr¦ås z*ThreadedEchoServer.ConnectionHandler.closec Cszd|_|jjs| ¡sdSxX|jrtyÀ| ¡}| ¡}|s|d|_y|j ¡|_Wnt k rhYnXd|_|  ¡nj|dkrªt j rž|jj ržtj d¡|  ¡dS|jjrî|dkrît j rÔ|jj rÔtj d¡| d¡| ¡sêdSnø|jjrf|jrf|dkrft j r(|jj r(tj d ¡| d¡|j ¡|_d|_t j ræ|jj rætj d ¡n€|d kr¶t j rŽ|jj rŽtj d ¡|j d ¡}| t|ƒ d¡d¡n0|dkr8t j rÞ|jj rÞtj d¡y|j ¡Wn>tjk r*}z| t|ƒ d¡d¡Wdd}~XYn X| d¡n®|dkrj|j ¡dk r^| d¡n | d¡n||dkr˜|j ¡}| t|ƒ d¡d¡nNt j rØ|jj rØ|jr¸dpºd}tj d||| ¡|f¡| | ¡¡Wqtk r2|jjr t j r tj d |j¡¡|  ¡d|_Yqt k rp|jjrTtdƒ|  ¡d|_|j ¡YqXqWdS)NTFsoverz" server: client closed connection sSTARTTLSz2 server: read STARTTLS from client, sending OK... sOK sENDTLSz0 server: read ENDTLS from client, sending OK... z* server: connection is now unencrypted... s CB tls-uniquez@ server: read CB tls-unique from client, sending our CB data... z tls-uniquezus-asciió sPHAz( server: initiating post handshake auth sHASCERTsTRUE sFALSE sGETCERTZ encryptedZ unencryptedz/ server: read %r (%s), sending back %r (%s)... z Connection reset by peer: {} zTest server failure: )r6rdÚstarttls_serverrGr«Ústripr8rþrorír¦rr3Úconnectionchattyr1r4r5rr$rÚverify_client_post_handshakerrWrr^rBrErÝr7r7rF)rŠÚmsgÚstrippedr¡rær ZctyperrrÚrunës˜              *          z(ThreadedEchoServer.ConnectionHandler.runN) rirjrkr;rGr«r5r¦rOrrrrÚConnectionHandler“s  6rPNTFc Csð| r | |_n€t |dk r|ntj¡|_|dk r2|ntj|j_|rL|j |¡|r\|j |¡|rl|j |¡| r||j  | ¡| rŒ|j  | ¡||_ ||_ ||_ t ¡|_t |j¡|_d|_d|_g|_g|_g|_g|_tj |¡d|_dS)NFT)rqrrDrErhrjrkrlÚset_npn_protocolsÚset_alpn_protocolsrmrErKrIrŽrorrareÚflagÚactiver=r@r)rDr9r:r;r<) rŠZ certificaterpÚcertreqsÚcacertsrErKrIZ npn_protocolsZalpn_protocolsrerqrrrr;G s<           zThreadedEchoServer.__init__cCs| t ¡¡|j ¡|S)N)Ústartr9ÚEventrSÚwait)rŠrrrrl s zThreadedEchoServer.__enter__cGs| ¡| ¡dS)N)rFr)rŠr[rrrrq szThreadedEchoServer.__exit__cCs||_tj |¡dS)N)rSr9r:rW)rŠrSrrrrWu szThreadedEchoServer.startc Cs|j d¡|j ¡d|_|jr,|j ¡xÖ|jryT|j ¡\}}tjrj|j rjt j   dt |ƒd¡| |||¡}| ¡| ¡Wq.tjk r Yq.tk rº| ¡Yq.tk rþ}z(tjrî|j rît j   dt |ƒd¡Wdd}~XYq.Xq.W|j ¡dS)Ngš™™™™™©?Tz server: new connection from r°z connection handling failed: )rorúrrTrSr5r¼rr3rEr1r4r5r$rPrWrrŽrûÚKeyboardInterruptrFr§r¦)rŠZnewconnZconnaddrZhandlerrærrrrOy s.        (zThreadedEchoServer.runcCs d|_dS)NF)rT)rŠrrrrF” szThreadedEchoServer.stop) NNNNTFFNNNN)N) rirjrkr9r:rPr;rrrWrOrFrrrrr‘s5 ! rc@sXeZdZGdd„dejƒZdd„Zdd„Zdd„Zd d „Z dd d „Z dd„Z dd„Z d S)ÚAsyncoreEchoServerc@s6eZdZGdd„dejƒZdd„Zdd„Zdd„Zd S) zAsyncoreEchoServer.EchoServerc@s<eZdZdd„Zdd„Zdd„Zdd„Zd d „Zd d „Zd S)z/AsyncoreEchoServer.EchoServer.ConnectionHandlercCs4t|d|dd|_tj ||j¡d|_| ¡dS)NTF)rýrfr)rrrŽÚasyncoreÚdispatcher_with_sendr;Ú_ssl_acceptingÚ_do_ssl_handshake)rŠÚconnrfrrrr;Ÿ s  z8AsyncoreEchoServer.EchoServer.ConnectionHandler.__init__cCs.t|jtjƒr*x|j ¡dkr(| ¡qWdS)NrT)r9rŽrrrøZhandle_read_event)rŠrrrÚreadable§ s z8AsyncoreEchoServer.EchoServer.ConnectionHandler.readablec Csœy|j ¡Wn‚tjtjfk r*dStjk rB| ¡Stjk rX‚Yn@tk r}z|j dt j kr€| ¡SWdd}~XYnXd|_ dS)NrF) rŽrìrrër Z SSLEOFErrorÚ handle_closerWrír[rZ ECONNABORTEDr^)rŠÚerrrrrr_­ szAAsyncoreEchoServer.EchoServer.ConnectionHandler._do_ssl_handshakecCsT|jr| ¡n@| d¡}tjr4tj dt|ƒ¡|sB|  ¡n|  |  ¡¡dS)Niz server: read %s from client ) r^r_rîrr3r1r4r5r$r¦ròr^)rŠr¡rrrÚ handle_read¼ s   z;AsyncoreEchoServer.EchoServer.ConnectionHandler.handle_readcCs$| ¡tjr tj d|j¡dS)Nz server: closed connection %s )r¦rr3r1r4r5rŽ)rŠrrrrbÈ sz)Ú __class__rird)rŠrrrÚ__str__ç szAsyncoreEchoServer.__str__cCs| t ¡¡|j ¡|S)N)rWr9rXrSrY)rŠrrrrê s zAsyncoreEchoServer.__enter__cGsVtjrtj d¡| ¡tjr,tj d¡| ¡tjrFtj d¡tjdddS)Nz cleanup: stopping server. z! cleanup: joining server thread. z cleanup: successfully joined. T)Z ignore_all) rr3r1r4r5rFrr\Z close_all)rŠr[rrrrï s   zAsyncoreEchoServer.__exit__NcCs||_tj |¡dS)N)rSr9r:rW)rŠrSrrrrWû szAsyncoreEchoServer.startcCsBd|_|jr|j ¡x&|jr> (%d) received; expected <<%r>> (%d) ésover z client: closing connection. )Ú compressionr'ÚpeercertÚclient_alpn_protocolÚclient_npn_protocolr$Úsession_reusedrkÚserver_alpn_protocolsÚserver_npn_protocolsÚserver_shared_ciphers)rrnrŽrþrÿrerŸrúrr3r1r4r5r«r^ÚAssertionErrorrr:rmr'rrAr?r$rqrkr¦r@r=r)) rzr{ÚindatarErKÚsni_namerkrÕrdrÚargÚoutdatarrrÚserver_params_test sR          rzc CsÈ|dkrtj}tjdtjdtjdi|}tjr\|r6dp8d}tj |t  |¡t  |¡|f¡t  |¡}|j |O_ t  |¡} | j |O_ t   |d¡} | dk rÄt| dƒrÄ|tjkrÄ| j| krÄ| | _|jtjkrÚ| d¡x*|| fD]} || _|  t¡|  t¡qäWyt|| ddd } WnXtjk r:|r6‚YnŠtk rr} z|s`| jtjkrb‚Wdd} ~ XYnRX|s˜td t  |¡t  |¡fƒ‚n,|d k rÄ|| d krÄtd || d fƒ‚dS)Nrhr~rz %s->%s %s z {%s->%s} %s r…rsF)rErKz5Client protocol %s succeeded with server protocol %s!Tr$z%version mismatch: expected %r, got %r)rrhr~rrr3r1r4r5Zget_protocol_namerDr~ÚPROTOCOL_TO_TLS_VERSIONrr_r‰r…r”rmrjrlrsrkrxrzrWrírÚ ECONNRESETru)Zserver_protocolZclient_protocolÚexpect_successZ certsreqsÚserver_optionsÚclient_optionsZcerttypeZ formatstrrzr{Z min_versionrHrÕrærrrÚtry_protocol_combo? s\             r€c@seZdZedd„ƒZdd„Ze eƒd¡dd„ƒZ dd „Z d d „Z d d „Z dd„Z dd„Ze ejd¡dd„ƒZdd„Zdd„Zee eedƒd¡dd„ƒƒZedd„ƒZee eedƒd ¡d!d"„ƒƒZed#d$„ƒZee eed%ƒd&¡d'd(„ƒƒZee eed)ƒd*¡d+d,„ƒƒZd-d.„Zd/d0„Zd1d2„Zd3d4„Zd5d6„Zd7d8„Z d9d:„Z!d;d<„Z"d=d>„Z#d?d@„Z$dAdB„Z%dCdD„Z&e ejdE¡dFdG„ƒZ'e eej(dHƒdI¡dJdK„ƒZ)e eej(dHƒdI¡e ej*dL¡dMdN„ƒƒZ+e ej,dO¡dPdQ„ƒZ-e dRej.kdS¡dTdU„ƒZ/dVdW„Z0e eedXƒdY¡dZd[„ƒZ1d\d]„Z2e e3d^¡e 4e5d_¡d`da„ƒƒZ6dbdc„Z7e ej8dd¡dedf„ƒZ9e ej8dg¡dhdi„ƒZ:djdk„Z;e ejdqdr„Z?e@dsdt„ƒZAe@dudv„ƒZBe@dwdx„ƒZCe@dydz„ƒZDd{d|„ZEd}d~„ZFdd€„ZGdd‚„ZHdƒd„„ZId…S)†Ú ThreadedTestsc CsÄtjrtj d¡x`tD]X}|tjtjhkr.q|j tj |d*t  |¡}|  t ¡t||dddWdQRXqWtƒ\}}}|j tjtjdt||dd|dWdQRXd|_|j tjtjdB| tj¡}t||dd|dWdQRX| dt|jƒ¡WdQRX|j tjtjd@| tj¡}t||ddd WdQRX| dt|jƒ¡WdQRX|j tjtjd@| tj¡}t||ddd WdQRX| dt|jƒ¡WdQRXdS) Nr°)r”T)rErK)rÿrd)rzr{rErKrwFz%called a function you should not call)rzr{rErK)rr3r1r4r5rprrwrEZsubTestÚ_PROTOCOL_NAMESrDrlr³rzr|riržrWr€r’r)rŠr”rqrzr{ryrærrrÚ test_echoˆ sN     zThreadedTests.test_echoc Cs\tjrtj d¡tƒ\}}}t|dd}|"|jt ¡d|d}|  t |j f¡|  t ¡| ¡WdQRX| ¡| ¡}| |d¡| ¡}tjrÐtj t |¡d¡tj dt|ƒd¡d|krì| d t |¡¡d |dkr| d ¡| d |¡| d |¡t |d ¡}t |d ¡} | || ¡WdQRXWdQRXdS)Nr°F)rqrE)rrzCan't get peer certificate.zConnection cipher is z. r"z$No subject field in certificate: %s.))rzPython Software FoundationzkMissing or invalid 'organizationName' field in certificate subject; should be 'Python Software Foundation'.r r)rr3r1r4r5r|rrnrŽrþrÿreržrGrrìrÜr'r·r¸r’r¤r€rrUrÚ) rŠrzr{ryrdrr r'ZbeforeZafterrrrÚtest_getpeercert¸ s<          zThreadedTests.test_getpeercertz!verify_flags need OpenSSL > 0.9.8c Cs|tjrtj d¡tƒ\}}}ttddƒ}| |j tj |B¡t |dd}|H|j t   ¡|d*}| t|jf¡| ¡}| |d¡WdQRXWdQRX|j tjO_ t |dd}|N|j t   ¡|d0}| tjd¡| t|jf¡WdQRXWdQRXWdQRX| t¡t |dd}|H|j t   ¡|d*}| t|jf¡| ¡}| |d¡WdQRXWdQRXdS) Nr°r‹rT)rqrE)rzCan't get peer certificate.zcertificate verify failed)rr3r1r4r5r|rŒrrˆrrŽrrnrŽrþrÿrerrÜrrŒrWrkÚCRLFILE)rŠrzr{ryrrdrr rrrÚtest_crl_checkÜ s8          .    zThreadedTests.test_crl_checkc Cs6tjrtj d¡tƒ\}}}t|dd}|H|jt ¡|d*}|  t |j f¡|  ¡}|  |d¡WdQRXWdQRXt|dd}|N|jt ¡dd0}| tjd¡|  t |j f¡WdQRXWdQRXWdQRXt|dd}|<t ¡(}| td¡| |¡WdQRXWdQRXWdQRXdS) Nr°T)rqrE)rzCan't get peer certificate.rz:Hostname mismatch, certificate is not valid for 'invalid'.z'check_hostname requires server_hostname)rr3r1r4r5r|rrnrŽrþrÿrerrÜrŒrrrG)rŠrzr{ryrdrr rrrrÛ s0         .  z!ThreadedTests.test_check_hostnamec CsÂt tj¡}| t¡| d¡t}t tj¡}| t ¡t |dd}|n|j t   ¡|dP}|  t|jf¡| ¡}| |d¡| ¡d d¡}| |dd…d ¡WdQRXWdQRXdS) NzECDHE:ECDSA:!NULL:!aRSAT)rqrE)rzCan't get peer certificate.rú-r@)ÚECDHEÚECDSA)rrDrwrkrxrmÚSIGNED_CERTFILE_ECC_HOSTNAMErErlÚSIGNED_CERTFILE_ECCrrnrŽrþrÿrerrÜr'Úsplit)rŠrzryr{rdrr r'rrrÚ test_ecc_cert' s         zThreadedTests.test_ecc_certc CsÜt tj¡}| t¡|jtjO_| d¡t}t tj ¡}|  t ¡|  t ¡t |dd}|n|jt ¡|dP}| t|jf¡| ¡}| |d¡| ¡d d¡}| |dd…d ¡WdQRXWdQRXdS) NzECDHE:ECDSA:!NULL:!aRSAT)rqrE)rzCan't get peer certificate.rr‡r@)rˆr‰)rrDrwrkrxr~r…rmrŠrErlr‹rsrrnrŽrþrÿrerrÜr'rŒ)rŠrzryr{rdrr r'rrrÚtest_dual_rsa_ecc< s"          zThreadedTests.test_dual_rsa_eccc CsRtjrtj d¡t tj¡}| t ¡t tj ¡}tj |_ d|_ | t¡ddddddd d g}xŠ|D]‚\}}t|dd }|d|jt ¡|d F}| |j|¡| t|jf¡| ¡}| |j|¡| |d ¡WdQRXWdQRXqfWt|dd }|L|jt ¡dd .}| tj¡| t|jf¡WdQRXWdQRXWdQRXdS)Nr°T)ukönig.idn.pythontest.netzxn--knig-5qa.idn.pythontest.net)zxn--knig-5qa.idn.pythontest.netzxn--knig-5qa.idn.pythontest.net)sxn--knig-5qa.idn.pythontest.netzxn--knig-5qa.idn.pythontest.net)u(königsgäßchen.idna2003.pythontest.netz.xn--knigsgsschen-lcb0w.idna2003.pythontest.net)z.xn--knigsgsschen-lcb0w.idna2003.pythontest.netz.xn--knigsgsschen-lcb0w.idna2003.pythontest.net)s.xn--knigsgsschen-lcb0w.idna2003.pythontest.netz.xn--knigsgsschen-lcb0w.idna2003.pythontest.net)z.xn--knigsgchen-b4a3dun.idna2008.pythontest.netz.xn--knigsgchen-b4a3dun.idna2008.pythontest.net)s.xn--knigsgchen-b4a3dun.idna2008.pythontest.netz.xn--knigsgchen-b4a3dun.idna2008.pythontest.net)rqrE)rzCan't get peer certificate.zpython.example.org)rr3r1r4r5rrDrErlÚ IDNSANSFILErwrrjrirkrxrrnrŽrˆrrþrÿrerrÜržr) rŠr{rqZ idn_hostnamesrZexpected_hostnamerdrr rrrÚtest_check_hostname_idnV s@        $   z%ThreadedTests.test_check_hostname_idnc Cstƒ\}}}| t¡tj|_tjj|_t |ddd}|Â|j t   ¡|d¤}y|  t |jf¡Wn~tjk rž}ztjrŽtj d|¡Wdd}~XYnPtk râ}z(|jtjkr¼‚tjrÒtj d|¡Wdd}~XYn X| d¡WdQRXWdQRXdS)NT)rqrErK)rz SSLError is %r z socket.error is %r z'Use of invalid cert should have failed!)r|rlr³rrrjr†r‡rˆrrnrŽrþrÿrerWrr3r1r4r5rírr|r¤)rŠrzr{ryrdrrærrrÚtest_wrong_cert_tls12Ž s(        "z#ThreadedTests.test_wrong_cert_tls12zTest needs TLS 1.3c Cs&tƒ\}}}| t¡tj|_tjj|_tjj|_t |ddd}|Ø|j t   ¡|dº}|  t |jf¡y| d¡| d¡Wn€tjk r¼}ztjr¬tj d|¡Wdd}~XYnRtk r}z(|jtjkrÜ‚tjròtj d|¡Wdd}~XYn X| d¡WdQRXWdQRXdS) NT)rqrErK)rsdatarMz SSLError is %r z socket.error is %r z'Use of invalid cert should have failed!)r|rlr³rrrjr†r‰r…rrnrŽrþrÿrer5r«rWrr3r1r4rírr|r¤)rŠrzr{ryrdrrærrrÚtest_wrong_cert_tls13³ s.          "z#ThreadedTests.test_wrong_cert_tls13cstt ¡‰t ¡‰t ¡‰t ˆt¡‰‡‡‡fdd„}‡‡‡‡fdd„}tj|d}| ¡z |ƒWd| ¡XdS)Ncs8ˆ ¡ˆ ¡ˆ ¡\}}| ¡ˆ ¡ˆ ¡dS)N)rr5r¼r¦)Znewsockr7)Ú listener_goneÚlistener_readyrrrÚlistenerà s  z2ThreadedTests.test_rude_shutdown..listenerc sbˆ ¡t ¡H}| tˆf¡ˆ ¡y t|ƒ}Wntk rHYn Xˆ d¡WdQRXdS)Nz2connecting to closed SSL socket should have failed)rYrŽrþrÿrrrír¤)r Ússl_sock)r“r”rerŠrrÚ connectorè s  z3ThreadedTests.test_rude_shutdown..connector)Útarget) r9rXrŽrrarÿr:rWr)rŠr•r—ràr)r“r”rerrŠrÚtest_rude_shutdownÒ s   z ThreadedTests.test_rude_shutdownc Csútjrtj d¡t tj¡}| t ¡t tj ¡}t |dd}|¬|j t   ¡tdŽ}y| t|jf¡Wnrtjk rà}zRd}| |tj¡| |jd¡| |j|¡| |t|ƒ¡| dt|ƒ¡Wdd}~XYnXWdQRXWdQRXdS)Nr°T)rqrE)rz&unable to get local issuer certificaterlzcertificate verify failed)rr3r1r4r5rrDrErlrsrwrrnrŽrtrþrÿrerWrÖZSSLCertVerificationErrorrˆZ verify_codeZverify_messager€r$)rŠr{rqrdrrærMrrrÚtest_ssl_cert_verify_errorû s$       z(ThreadedTests.test_ssl_cert_verify_errorrUz)OpenSSL is compiled without SSLv2 supportcCsÐtjrtj d¡ttjtjdƒttjtjdtjƒttjtjdtj ƒttjtj dƒt tdƒrtttjtj dƒttjtj dƒtƒr ttjtj dtjdttjtj dtjdttjtj dtjddS)Nr°TFÚPROTOCOL_SSLv3)r)rr3r1r4r5r€rrUr~rr‰r_r›rr@r‚rƒr„)rŠrrrÚtest_protocol_sslv2 s        z!ThreadedTests.test_protocol_sslv2c CsŽtjrtj d¡ttdƒrnyttjtj dƒWn<t k rl}ztjr\tj dt |ƒ¡Wdd}~XYnXttdƒrˆttjtj dƒttjtjdƒttjtj dƒttdƒrÆttjtj dtjƒttjtjdtjƒttjtj dtjƒttdƒrttjtj dtjƒttjtjdtjƒttjtj dtjƒttdƒrXttjtj dtjdttjtjdtjtjBdttjtj dtjddS) Nr°rUTz; SSL2 client to SSL23 server test unexpectedly failed: %s r›Fr )r~)rr3r1r4r5r_rr€r‰rUrír’r›rr~rrƒr‚r„)rŠr4rrrÚtest_PROTOCOL_TLS* s:          zThreadedTests.test_PROTOCOL_TLSr›z)OpenSSL is compiled without SSLv3 supportcCsªtjrtj d¡ttjtjdƒttjtjdtjƒttjtjdtj ƒt tdƒrdttjtj dƒttjtj dtj dttjtjdƒtƒr¦ttjtj dtjddS)Nr°rrUF)r)rr3r1r4r5r€rr›r~rr_rUr‰rƒrr@r‚)rŠrrrÚtest_protocol_sslv3R s     z!ThreadedTests.test_protocol_sslv3cCs˜tjrtj d¡ttjtjdƒttjtjdtjƒttjtjdtj ƒt tdƒrdttjtj dƒt tdƒr~ttjtj dƒttjtj dtjddS)Nr°r rUFr›)r)rr3r1r4r5r€rrr~rr_rUr›r‰r„)rŠrrrÚtest_protocol_tlsv1f s    z!ThreadedTests.test_protocol_tlsv1r zTLS version 1.1 not supported.cCs tjrtj d¡ttjtjdƒttdƒr> (%d) received; expected <<%r>> (%d) rlsover z client: closing connection. z client: connection closed. )rr3r1r4r5r[r³rrrŽrþrer«r^r¤rr¦)rŠrvrdrryrrrÚtest_asyncore_serverô s2       z"ThreadedTests.test_asyncore_serverc sÆtjrtj d¡tttjtj tddd}|Œt t   ¡dtttjtj d‰ˆ  t|jf¡‡fdd„}‡fdd „}d ˆjdgtfd ˆjdd gtfd ˆjdgdd„fg}dˆjdgfdˆjdd gfd|dgfd|dgfg}d}xþ|D]ö\}}} } } || d¡} yx|| f| žŽ} d |¡}|j| | | ƒ|dˆ ¡}||  ¡krx| dj||dd…t|ƒ| dd…t| ƒd¡Wqætk rÚ}z@| r¦| dj|d¡t|ƒ |¡sÊ| dj||d¡Wdd}~XYqæXqæWxä|D]Ü\}}} } || d¡} yVˆ | ¡|| Ž}||  ¡krT| dj||dd…t|ƒ| dd…t| ƒd¡Wnhtk r¾}zH| r‚| d j|d¡t|ƒ |¡s¦| dj||d¡ˆ ¡Wdd}~XYnXqæWd!}ˆ |¡tt|ƒƒ}| ˆ d"|¡t|ƒ¡| ||¡t dk r@t j!t|ƒ}| "|¡}ˆ |¡| ˆ ¡|¡| #t$ˆj%¡| #t$ˆj&d!g¡| #t$ˆj'd#¡| #t$ˆj(td#ƒg¡ˆ d$¡| #tˆjd"¡| #tˆjd"¡ˆ )¡WdQRXdS)%Nr°TF)rUrprVrErK)rýrfrdrcrpcstdƒ}ˆ |¡}|d|…S)Nsd)rŸrï)Úbr)rrrÚ _recv_into% s z0ThreadedTests.test_recv_send.._recv_intocs"tdƒ}ˆ |¡\}}|d|…S)Nsd)rŸrñ)rªrr7)rrrÚ_recvfrom_into* sz4ThreadedTests.test_recv_send.._recvfrom_intoròróz some.addressr cSsdS)Nr)r4rrrÚ3 r±z.ThreadedTests.test_recv_send..rîrðrïrñZPREFIX_rzsending with {})rMzpWhile sending with <<{name:s}>> bad data <<{outdata:r}>> ({nout:d}) received; expected <<{indata:r}>> ({nin:d}) rl)rryZnoutrvZninz>Failed to send with method <<{name:s}>>; expected to succeed. )rzFMethod <<{name:s}>> failed with unexpected exception message: {exp:s} )rZexpzrWhile receiving with <<{name:s}>> bad data <<{outdata:r}>> ({nout:d}) received; expected <<{indata:r}>> ({nin:d}) zAFailed to receive with method <<{name:s}>>; expected to succeed. sdatarCrìsover )*rr3r1r4r5rr³rrhrErrrŽrwrþrÿreròrrór rîrðrrÝrˆr«r^r¤rGr’rÍrŸÚctypesZc_ubyteZfrom_buffer_copyržrôrõrör÷rør¦)rŠrdr«r¬Z send_methodsZ recv_methodsZ data_prefixZ meth_nameZ send_methr}r[Z ret_val_methrvr#rMryræZ recv_methr¡ÚbufferZubyteZ bytesliker)rrÚtest_recv_send s²         "            zThreadedTests.test_recv_sendcCsÆttƒ}| ¡| |jdd¡t t|jf¡}| |j ¡t |dd}| |j ¡|  d¡|  |  d¡d¡|  | d¡d¡|  | ¡d¡| d¡|  |  d¡d¡|  | tƒ¡d¡dS)NF)Zsuppress_ragged_eofssdatarr±)rr³rr©rrŽZcreate_connectionrÿrer¦rrròrˆrîr«rêrïrŸ)rŠrdrrrrÚtest_recv_zeroš s     zThreadedTests.test_recv_zeroc sžtttjtjtddd}|xtt ¡dtttjtjd‰ˆ t |j f¡ˆ  d¡t dƒ‰‡‡fdd„}|  tjtjf|¡ˆ  d¡ˆ ¡WdQRXdS)NTF)rUrprVrErK)rýrfrdrcrpi csxˆ ˆ¡qWdS)N)ròr)r$rrrÚ fill_buffer sz8ThreadedTests.test_nonblocking_send..fill_buffer)rr³rrhrErrrŽrwrþrÿrerêrŸržr rër¦)rŠrdr²r)r$rrÚtest_nonblocking_send® s*    z#ThreadedTests.test_nonblocking_sendcsþt tj¡‰d}t ˆ¡}t ¡‰d‰‡‡‡fdd„}tj|d}| ¡ˆ ¡zz:t tj¡}|  d¡|  ||f¡|  tj dt |¡Wd| ¡Xz:t tj¡}t |ƒ}|  d¡|  tj d|j ||f¡Wd| ¡XWdd‰| ¡ˆ ¡XdS) Nz 127.0.0.1Fcsjˆ ¡ˆ ¡g}x:ˆsNt ˆgggd¡\}}}ˆ|kr| ˆ ¡d¡qWx|D] }| ¡qVWdS)Ngš™™™™™¹?r)rr5r r>r¼r¦)ZconnsrÉÚwræro)ÚfinishrdÚstartedrrÚserveÔ s z3ThreadedTests.test_handshake_timeout..serve)r˜gš™™™™™É?z timed outT)rŽrärrar9rXr:rWrYrúrþrŒrûrrr¦r)rŠrrer·ràr r)rµrdr¶rÚtest_handshake_timeoutÌ s6           z$ThreadedTests.test_handshake_timeoutcst tj¡}tj|_| t¡| t¡t   t j ¡‰d}t   ˆ¡}|j ˆdd‰| ˆj¡t ¡‰d‰d‰‡‡‡‡fdd„}tj|d}| ¡ˆ ¡|  t   ¡¡}| ||f¡| d¡| ¡| ¡}| ¡| ¡ˆ ¡ˆ ¡| ˆtj¡| ˆ|¡dS)Nz 127.0.0.1T)rýcs0ˆ ¡ˆ ¡ˆ ¡\‰‰ˆ ˆ d¡¡dS)NrM)rr5r¼ròrîr)ÚevtÚpeerÚremoterdrrr· s z/ThreadedTests.test_server_accept..serve)r˜sdata)rrDr‰rrjrkrxrlrsrŽrärrarnrÜrýr9rXr:rWrYrþròrîrr¦rrÖrrˆ)rŠrqrrer·ràrÿZ client_addrr)r¹rºr»rdrÚtest_server_acceptý s6        z ThreadedTests.test_server_acceptc CsZt tj¡}| t ¡¡6}| t¡}| ¡WdQRX| |j j t j ¡WdQRXdS)N) rrDr‰rnrŽržrírrˆrrÚENOTCONN)rŠrqrorrrrÚtest_getpeercert_enotconn&s   z'ThreadedTests.test_getpeercert_enotconnc CsZt tj¡}| t ¡¡6}| t¡}| ¡WdQRX| |j j t j ¡WdQRXdS)N) rrDr‰rnrŽržrírìrˆrrr½)rŠrqrorrrrÚtest_do_handshake_enotconn-s   z(ThreadedTests.test_do_handshake_enotconnc Cs tƒ\}}}|jtjO_| d¡| d¡t|dJ}|jt ¡|d,}| t ¡|  t |j f¡WdQRXWdQRXWdQRX|  d|jd¡dS)NZAES128ÚAES256)rq)rzno shared cipherr)r|r~rr…rmrrnrŽržrírþrÿrer€rD)rŠrzr{ryrdrrrrÚtest_no_shared_ciphers4s       .z$ThreadedTests.test_no_shared_ciphersc Csèt tj¡}d|_tj|_tttjdd´}|  t   ¡¡|}|  |  ¡d¡|  |j d¡| t|jf¡tr†tjr†| |  ¡d¡n,tjdkr¢| |  ¡d¡n| |  ¡d¡WdQRX|  |j d¡|  |  ¡d¡WdQRXdS)NF)rprEzTLSv1.3)rrr@zTLSv1.2)r zTLSv1.2)rrDrwrirhrjrr³rErnrŽr“r$rrþrÿreÚIS_OPENSSL_1_1_1Ú HAS_TLSv1_3rˆr?r€)rŠrqrdrrrrÚtest_version_basicBs"    z ThreadedTests.test_version_basicz%test requires TLSv1.3 enabled OpenSSLc Cs t tj¡}| t¡|jtjtjBtjBO_t |dZ}|  t   ¡¡@}|  t |jf¡| | ¡ddddh¡| | ¡d¡WdQRXWdQRXdS)N)rqrZTLS_AES_256_GCM_SHA384ZTLS_CHACHA20_POLY1305_SHA256ZTLS_AES_128_GCM_SHA256zTLSv1.3)rrDr‰rlr³r~r„r†r‡rrnrŽrþrÿrer€r'rˆr$)rŠrqrdrrrrÚ test_tls1_3Zs   zThreadedTests.test_tls1_3r…zrequired OpenSSL 1.1.0gc CsŠtƒ\}}}tjj|_tjj|_tjj|_tjj|_t|dD}|jt   ¡|d&}|  t |j f¡|  | ¡d¡WdQRXWdQRXtjj|_tjj|_t|dD}|jt   ¡|d&}|  t |j f¡|  | ¡d¡WdQRXWdQRXtjj|_tjj|_tjj|_tjj|_t|d^}|jt   ¡|d@}| tj¡}|  t |j f¡WdQRX| dt|jƒ¡WdQRXWdQRXdS)N)rq)rzTLSv1.2zTLSv1.1Zalert)r|rr†r r…r‡rˆrrnrŽrþrÿrerˆr$r ržrWr€r’r)rŠrzr{ryrdrrærrrrŠls6        $     $       z"ThreadedTests.test_min_max_versionzrequires SSLv3 supportc Cs‚tƒ\}}}tjj|_tjj|_tjj|_t|dD}|jt ¡|d&}|  t |j f¡|  |  ¡d¡WdQRXWdQRXdS)N)rq)rr)r|rr†rr…rˆrrnrŽrþrÿrerˆr$)rŠrzr{ryrdrrrrÚtest_min_max_version_sslv3”s       z(ThreadedTests.test_min_max_version_sslv3z"test requires ECDH-enabled OpenSSLc Cs’t tj¡}| t¡|jtjO_tjdkr:| d¡t |dD}|  t   ¡¡*}|  t |jf¡| d| ¡d¡WdQRXWdQRXdS)N)rrrz ECCdraft:ECDH)rqZECDHr)rrDr‰rlr³r~r…r?rmrrnrŽrþrÿrer€r')rŠrqrdrrrrÚtest_default_ecdh_curve¢s     z%ThreadedTests.test_default_ecdh_curvez tls-uniquez*'tls-unique' channel binding not availablec Csºtjrtj d¡tƒ\}}}t|ddd}|~|jt ¡|dœ}|  t |j f¡|  d¡}tjrztj d  |¡¡| |¡| ¡dkr¢| t|ƒd ¡n| t|ƒd ¡| d ¡| ¡ ¡}| |t|ƒ d ¡¡WdQRX|jt ¡|d¬}|  t |j f¡|  d¡}tjr0tj d   |¡¡| ||¡| |¡| ¡dkrf| t|ƒd ¡n| t|ƒd ¡| d ¡| ¡ ¡}| |t|ƒ d ¡¡WdQRXWdQRXdS)Nr°TF)rqrErK)rz tls-uniquez! got channel binding data: {0!r} zTLSv1.3é0é sCB tls-unique zus-asciiz(got another channel binding data: {0!r} )rr3r1r4r5r|rrnrŽrþrÿrerrÝr(r$rˆrr«rJr$rr¬) rŠrzr{ryrdrZcb_dataZpeer_data_reprZ new_cb_datarrrr#¶sR               z-ThreadedTests.test_tls_unique_channel_bindingcCsTtƒ\}}}t||dd|d}tjr:tj d |d¡¡| |ddddh¡dS)NT)rErKrwz got compression: {!r} rmZZLIBZRLE) r|rzrr3r1r4r5rÝr€)rŠrzr{ryrÕrrrÚtest_compressionòs zThreadedTests.test_compressionr)z*ssl.OP_NO_COMPRESSION needed for this testcCsRtƒ\}}}|jtjO_|jtjO_t||dd|d}| |dd¡dS)NT)rErKrwrm)r|r~rr)rzr“)rŠrzr{ryrÕrrrÚtest_compression_disabledûs z'ThreadedTests.test_compression_disabledcCs–tƒ\}}}|jtjO_| t¡| d¡|jtjO_t||dd|d}|dd}| d¡}d|kr’d|kr’d |kr’|  d |d¡dS) NZkEDHT)rErKrwr'rr‡ZADHZEDHZDHEzNon-DH cipher: ) r|r~rr…r·r¸rmrzrŒr¤)rŠrzr{ryrÕr'ÚpartsrrrÚtest_dh_paramss     zThreadedTests.test_dh_paramszneeds secp384r1 curve supportz TODO: Test doesn't work on 1.1.1cCstƒ\}}}| d¡| d¡|jtjtjBO_t||dd|d}tƒ\}}}| d¡| d¡|jtjtjBO_t||dd|d}tƒ\}}}| d¡| d¡| d¡|jtjtjBO_yt||dd|d}Wntjk rüYnXt r|  d¡dS)NrBzECDHE:!eNULL:!aNULLT)rErKrwrÂzmismatch curve did not fail) r|rFrmr~rr„r†rzrWÚIS_OPENSSL_1_1_0r¤)rŠrzr{ryrÕrrrÚtest_ecdh_curves6           zThreadedTests.test_ecdh_curvecCs2tƒ\}}}t||dd|d}| |dd¡dS)NT)rErKrwro)r|rzr“)rŠrzr{ryrÕrrrÚtest_selected_alpn_protocol=s  z)ThreadedTests.test_selected_alpn_protocolzALPN support requiredcCs@tƒ\}}}| ddg¡t||dd|d}| |dd¡dS)NršÚbarT)rErKrwro)r|rRrzr“)rŠrzr{ryrÕrrrÚ/test_selected_alpn_protocol_if_server_uses_alpnEs  z=ThreadedTests.test_selected_alpn_protocol_if_server_uses_alpnz!ALPN support needed for this testc Cs>dddg}ddgdfddgdfdgdfddgdfg}x|D]ú\}}tƒ\}}}| |¡| |¡yt||dd|d}Wn(tjk r¢} z| }Wdd} ~ XYnX|dkrÊtrÊtjdkrÊ| |tj¡qrq)r–Ú server_nameÚinitial_context)ÚcallsrÞrrÚ servername_cb­sz6ThreadedTests.test_sni_callback..servername_cbTÚ supermessage)rErwr(Znotfunny)rßrirÆrzrˆràrt)rŠr{rzrärÕr)rãrÞrrǦs.     zThreadedTests.test_sni_callbackc Cs\| ¡\}}}dd„}| |¡| tj¡}t||ddd}WdQRX| |jjd¡dS)NcSstjS)N)rZALERT_DESCRIPTION_ACCESS_DENIED)r–rárârrrÚcb_returning_alertÔszAThreadedTests.test_sni_callback_alert..cb_returning_alertFrå)rErwZTLSV1_ALERT_ACCESS_DENIED) rßrÆržrrWrzrˆrrè)rŠr{rÞrzrærrÕrrrÚtest_sni_callback_alertÏs z%ThreadedTests.test_sni_callback_alertc Cs€| ¡\}}}dd„}| |¡| tj¡*}t ¡}t||ddd}WdQRXWdQRX| |j j d¡|  d|  ¡¡dS)NcSs dddS)Nrrr)r–rárârrrÚ cb_raisingâsz;ThreadedTests.test_sni_callback_raising..cb_raisingFrå)rErwZSSLV3_ALERT_HANDSHAKE_FAILUREÚZeroDivisionError) rßrÆržrrWrÚcaptured_stderrrzrˆrrèr€Úgetvalue)rŠr{rÞrzrèrÚstderrrÕrrrÚtest_sni_callback_raisingÝs  z'ThreadedTests.test_sni_callback_raisingc Cs€| ¡\}}}dd„}| |¡| tj¡*}t ¡}t||ddd}WdQRXWdQRX| |j j d¡|  d|  ¡¡dS)NcSsdS)Nršr)r–rárârrrÚcb_wrong_return_typeôszOThreadedTests.test_sni_callback_wrong_return_type..cb_wrong_return_typeFrå)rErwZTLSV1_ALERT_INTERNAL_ERRORr) rßrÆržrrWrrêrzrˆrrèr€rë)rŠr{rÞrzrîrrìrÕrrrÚ#test_sni_callback_wrong_return_typeîs  z1ThreadedTests.test_sni_callback_wrong_return_typec sŽtƒ\}}}| d¡| d¡ddddg}t|||d}|dd}| t|ƒd¡x2|D]*\‰}}t‡fd d „|Dƒƒs\| ˆ¡q\WdS) Nz AES128:AES256rÀzAES-256Z TLS_CHACHA20ZTLS_AES)rwrtrc3s|]}|ˆkVqdS)Nr)rxZalg)rrrrzsz4ThreadedTests.test_shared_ciphers..)r|rmrzÚ assertGreaterrÚanyr¤) rŠrzr{ryZ expected_algsrÕreZ tls_versionÚbitsr)rrÚtest_shared_cipherss    z!ThreadedTests.test_shared_ciphersc Csvtƒ\}}}t|dd}|P|jt ¡|d}| t|jf¡| ¡| t |j d¡| t |j d¡WdQRXdS)NF)rqrE)rishello) r|rrnrŽrþrÿrer¦ržrGr«r5)rŠrzr{ryrdrrrrÚ,test_read_write_after_close_raises_valuerrors   z:ThreadedTests.test_read_write_after_close_raises_valuerrorc CsÜd}ttjdƒ}| |¡WdQRX| tjtj¡t tj¡}tj |_ |  t ¡|  t¡t|dd}|d| t ¡¡J}| t|jf¡ttjdƒ"}| |¡| | d¡|¡WdQRXWdQRXWdQRXdS)NsxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxÚwbF)rqrEr¥i)rÊrZTESTFNr5r©ÚunlinkrrDr‰rrjrkrxrlrsrrnrŽrþrÿreZsendfilerˆrî)rŠZ TEST_DATAr^rqrdrÚfilerrrÚ test_sendfiles     zThreadedTests.test_sendfilec Cs@tƒ\}}}|jtjO_t|||d}|d}| |j¡| |jd¡| |j d¡| |j ¡tj dkr~| |j d¡|  |d¡| ¡}| |dd¡| |dd¡t||||d }| ¡}| |dd ¡| |dd¡| |d¡|d}| |j|j¡| ||¡| ||¡| |j|j¡| |j |j ¡t|||d}|  |d¡|d}| |j|j¡| ||¡| ¡}| |dd ¡| |dd¡t||||d }| |d¡|d} | | j|j¡| | |¡| | j|j¡| | j |j ¡| ¡}| |dd ¡| |dd ¡dS) N)rwrkr)rrrrqr¼rr½)rkrwr@rrM)r|r~rr…rzrÜÚidrðrJrûZ has_ticketr?Zticket_lifetime_hintrr¿rˆZ assertIsNotrÙr¬) rŠrzr{ryrÕrkZ sess_statZsession2Zsession3Zsession4rrrÚ test_session0s^          zThreadedTests.test_sessionc Csütƒ\}}}tƒ\}}}|jtjO_|jtjO_t|dd}|¨|jt ¡|dp}| |jd¡| |j d¡|  t |j f¡|j}|  |¡| t¡ } t|_WdQRX| t| jƒd¡WdQRX|jt ¡|dD}|  t |j f¡| t¡ } ||_WdQRX| t| jƒd¡WdQRX|jt ¡|dJ}||_|  t |j f¡| |jj|j¡| |j|¡| |j d¡WdQRX|jt ¡|dD}| t¡} ||_|  t |j f¡WdQRX| t| jƒd¡WdQRXWdQRXdS)NF)rqrE)rzValue is not a SSLSession.z#Cannot set session after handshake.Tz)Session refers to a different SSLContext.)r|r~rr…rrnrŽrˆrkrqrþrÿrerÜržrr´r’rrGrù) rŠrzr{ryZclient_context2r®rdrrkrærrrÚtest_session_handlingjsJ                 z#ThreadedTests.test_session_handlingN)Jrirjrkrbrƒr„rZrlrAr†rÛrrŽrr‘rrÃr’r™ršr_rœrržrŸr r¢r¤r¨r©r°r±r³r¸r¼r¾r¿rÁrÄrÅrDrŠZ HAS_SSLv3rÆrCrÇrmr#rÊrËrÍÚHAVE_SECP_CURVESrãrÂrÏrÐZHAS_ALPNrÒrÙrÚZHAS_NPNrÝrßràrärÇrçrírïrórôrørúrûrrrrr† sŽ 0$)!8%)  (    9 1)'  ;   & (  )    :rzTest needs TLS 1.3c@sLeZdZdd„Zdd„Zdd„Zdd„Zd d „Zd d „Zd d„Z dd„Z dS)ÚTestPostHandshakeAuthcCsÄtjtjtjg}x®|D]¦}t |¡}| |jd¡d|_| |jd¡tj|_| |jtj¡| |jd¡d|_| |jtj¡| |jd¡tj |_d|_| |jtj ¡| |jd¡qWdS)NFT) rr‰rErwrDrˆÚpost_handshake_authrrjr~)rŠZ protocolsr”rHrrrÚtest_pha_setterŸs   z%TestPostHandshakeAuth.test_pha_setterc Cstƒ\}}}d|_tj|_d|_| t¡t|dd}|Ê|jt   ¡|d¬}|  t |j f¡|  d¡| | d¡d¡|  d¡| | d¡d ¡|  d¡| | d¡d ¡|  d¡| | d¡d ¡|  d ¡| d ¡ d ¡}| d|¡WdQRXWdQRXdS)NTF)rqrE)rsHASCERTisFALSE sPHAsOK sTRUE sGETCERTizus-asciizPython Software Foundation CA)r|rþrrrjrlrsrrnrŽrþrÿrer5rˆrîrr€)rŠrzr{ryrdrZ cert_textrrrÚtest_pha_required·s*          z'TestPostHandshakeAuth.test_pha_requiredc Cs¸tƒ\}}}d|_tj|_d|_t|dd}|~|jt ¡|d`}| t |j f¡|  d¡|  |  d¡d¡|  d¡| tjd ¡|  d¡WdQRXWdQRXWdQRXdS) NTF)rqrE)rsPHAisOK sHASCERTz!tlsv13 alert certificate required)r|rþrrrjrrnrŽrþrÿrer5rˆrîrŒrW)rŠrzr{ryrdrrrrÚtest_pha_required_nocertÐs       z.TestPostHandshakeAuth.test_pha_required_nocertc Csætjrtj d¡tƒ\}}}d|_tj|_ d|_|  t ¡tj |_ t |dd}|ˆ|jt ¡|dj}| t|jf¡| d¡| | d¡d¡| d ¡| | d¡d ¡| d¡| | d¡d ¡WdQRXWdQRXdS) Nr°TF)rqrE)rsHASCERTisFALSE sPHAsOK sTRUE )rr3r1r4r5r|rþrrrjrlrsr~rrnrŽrþrÿrerˆrî)rŠrzr{ryrdrrrrÚtest_pha_optionalæs&         z'TestPostHandshakeAuth.test_pha_optionalc CsÔtjrtj d¡tƒ\}}}d|_tj|_ d|_t |dd}|ˆ|j t   ¡|dj}|  t|jf¡| d¡| | d¡d¡| d ¡| | d¡d ¡| d¡| | d¡d¡WdQRXWdQRXdS) Nr°TF)rqrE)rsHASCERTisFALSE sPHAsOK )rr3r1r4r5r|rþrr~rjrrnrŽrþrÿrerˆrî)rŠrzr{ryrdrrrrÚtest_pha_optional_nocertþs"        z.TestPostHandshakeAuth.test_pha_optional_nocertc Cs°tƒ\}}}d|_tj|_| t¡t|dd}|r|jt   ¡|dT}|  t |j f¡|  tjd¡| ¡WdQRX| d¡| d| d¡¡WdQRXWdQRXdS) NTF)rqrE)rz not serversPHAsextension not receivedi)r|rþrrrjrlrsrrnrŽrþrÿrerŒrWrLr5r€rî)rŠrzr{ryrdrrrrÚtest_pha_no_pha_clients      z,TestPostHandshakeAuth.test_pha_no_pha_clientc CsÆtƒ\}}}tj|_d|_| t¡t|dd}|ˆ|jt   ¡|dj}|  t |j f¡|  d¡| | d¡d¡|  d¡| | d¡d ¡|  d¡| | d¡d¡WdQRXWdQRXdS) NTF)rqrE)rsHASCERTisTRUE sPHAsOK )r|rrrjrþrlrsrrnrŽrþrÿrer5rˆrî)rŠrzr{ryrdrrrrÚtest_pha_no_pha_server$s        z,TestPostHandshakeAuth.test_pha_no_pha_serverc Cs˜tƒ\}}}tj|_tjj|_d|_| t ¡t |dd}|P|j t   ¡|d2}|  t|jf¡| d¡| d| d¡¡WdQRXWdQRXdS)NTF)rqrE)rsPHAsWRONG_SSL_VERSIONi)r|rrrjr†r‡rˆrþrlrsrrnrŽrþrÿrer5r€rî)rŠrzr{ryrdrrrrÚtest_pha_not_tls138s       z(TestPostHandshakeAuth.test_pha_not_tls13N) rirjrkrÿrrrrrrrrrrrrýsrýc Cs~tjrèddl}tjtjtjdœ}| ¡V| ddt ¡x@|  ¡D](\}}|ƒ}|rB|drBd||f}PqBWt t ¡ƒ}WdQRXt dt jt jfƒt d|ƒt dt jƒt d t jƒyt d t jƒWntk ræYnXxBttttttttttttg D]"}t j! "|¡st #d |¡‚qWt$t%t&t't(t)t*t+g}t ,d ¡rV| -t.¡t /¡}ztj0|ŽWdtj1|ŽXdS) Nr)ZLinuxZMacZWindowsÚignorez?dist\(\) and linux_distribution\(\) functions are deprecated .*z%s %rztest_ssl: testing with %r %rz under %sz HAS_SNI = %rz OP_ALL = 0x%8xz OP_NO_TLSv1_1 = 0x%8xzCan't read certificate file %rZnetwork)2rr3ÚwarningsrXrYZmac_verZ win32_verÚcatch_warningsÚfilterwarningsÚDeprecationWarningÚitemsr$ÚprintrrÕr?rr}r†rƒr³r©r¢r£r¤r¥rsrurxr ÚBADKEYr¡r r ÚexistsZ TestFailedrnr}rårðrýrrrýZis_resource_enabledr>r-Zthreading_setupZ run_unittestZthreading_cleanup) r3rZplatsrr]ZplatÚfilenameZtestsÚ thread_inforrrÚ test_mainJsR       rÚ__main__)N)rjTFNN)Nrr)F){r1rZr3rrŽr rJrPrÉr rr·Zurllib.requestr¦r9r/r\rårXr`Z sysconfigr®Ú ImportErrorÚ import_modulerÚsortedr‚rprÿrÕrÍrÛr?rÎrÂZget_config_varrr{r•ZverrŒr†rƒrr³Úfsencoder©r¢r£r¤r¥r¦r§r”r*rªr²rËr´r…rsrtrµrurvr‹rŠrxrÇrr/r¡r rrr¶rÄr¼r¸r¹r)r*r+r,r-r7r=r@rArIrürKrTrbrlrrär‰rhrrr|ZTestCaser}rnrårðrýrr-rrZtest.ssl_serversr5r:rr[rzr€rrÃrýrrirrrrÚs:                         }8?0B  v 1 F# - 7