1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
import json
import ssl
import pytest
import urllib3
from urllib3.exceptions import InsecureRequestWarning, SSLError
import truststore
@pytest.mark.internet
def test_minimum_maximum_version():
ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
ctx.maximum_version = ssl.TLSVersion.TLSv1_2
with urllib3.PoolManager(ssl_context=ctx) as http:
resp = http.request("GET", "https://howsmyssl.com/a/check")
data = json.loads(resp.data)
assert data["tls_version"] == "TLS 1.2"
assert ctx.minimum_version in (
ssl.TLSVersion.TLSv1_2,
ssl.TLSVersion.MINIMUM_SUPPORTED,
)
assert ctx.maximum_version == ssl.TLSVersion.TLSv1_2
@pytest.mark.internet
def test_check_hostname_false():
ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
assert ctx.check_hostname is True
assert ctx.verify_mode == ssl.CERT_REQUIRED
with urllib3.PoolManager(ssl_context=ctx, retries=False) as http:
with pytest.raises(SSLError) as e:
http.request("GET", "https://wrong.host.badssl.com/")
assert "match" in str(e.value)
@pytest.mark.internet
def test_verify_mode_cert_none():
ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
assert ctx.check_hostname is True
assert ctx.verify_mode == ssl.CERT_REQUIRED
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
assert ctx.check_hostname is False
assert ctx.verify_mode == ssl.CERT_NONE
with (
urllib3.PoolManager(ssl_context=ctx) as http,
pytest.warns(InsecureRequestWarning) as w,
):
http.request("GET", "https://expired.badssl.com/")
assert len(w) == 1
|
