1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
# -*- coding: utf-8 -*-
import base64
import contextlib
import socket
import ssl
import pytest
try:
from urllib3.contrib.securetransport import WrappedSocket
except ImportError:
pass
def setup_module():
try:
from urllib3.contrib.securetransport import inject_into_urllib3
inject_into_urllib3()
except ImportError as e:
pytest.skip("Could not import SecureTransport: %r" % e)
def teardown_module():
try:
from urllib3.contrib.securetransport import extract_from_urllib3
extract_from_urllib3()
except ImportError:
pass
from ..test_util import TestUtilSSL # noqa: E402, F401
# SecureTransport does not support TLSv1.3
# https://github.com/urllib3/urllib3/issues/1674
from ..with_dummyserver.test_https import ( # noqa: E402, F401
TestHTTPS,
TestHTTPS_TLSv1,
TestHTTPS_TLSv1_1,
TestHTTPS_TLSv1_2,
)
from ..with_dummyserver.test_socketlevel import ( # noqa: E402, F401
TestClientCerts,
TestSNI,
TestSocketClosing,
TestSSL,
)
def test_no_crash_with_empty_trust_bundle():
with contextlib.closing(socket.socket()) as s:
ws = WrappedSocket(s)
with pytest.raises(ssl.SSLError):
ws._custom_validate(True, b"")
def test_no_crash_with_invalid_trust_bundle():
invalid_cert = base64.b64encode(b"invalid-cert")
cert_bundle = (
b"-----BEGIN CERTIFICATE-----\n" + invalid_cert + b"\n-----END CERTIFICATE-----"
)
with contextlib.closing(socket.socket()) as s:
ws = WrappedSocket(s)
with pytest.raises(ssl.SSLError):
ws._custom_validate(True, cert_bundle)
|
