Lines Matching refs:ssl
27 ssl = support.import_module("ssl") variable
30 PROTOCOLS = sorted(ssl._PROTOCOL_NAMES)
32 IS_LIBRESSL = ssl.OPENSSL_VERSION.startswith('LibreSSL')
33 IS_OPENSSL_1_1_0 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 0)
34 IS_OPENSSL_1_1_1 = not IS_LIBRESSL and ssl.OPENSSL_VERSION_INFO >= (1, 1, 1)
44 proto = getattr(ssl, proto)
45 ver = getattr(ssl.TLSVersion, ver)
138 OP_NO_COMPRESSION = getattr(ssl, "OP_NO_COMPRESSION", 0)
139 OP_SINGLE_DH_USE = getattr(ssl, "OP_SINGLE_DH_USE", 0)
140 OP_SINGLE_ECDH_USE = getattr(ssl, "OP_SINGLE_ECDH_USE", 0)
141 OP_CIPHER_SERVER_PREFERENCE = getattr(ssl, "OP_CIPHER_SERVER_PREFERENCE", 0)
142 OP_ENABLE_MIDDLEBOX_COMPAT = getattr(ssl, "OP_ENABLE_MIDDLEBOX_COMPAT", 0)
152 return ssl._OPENSSL_API_VERSION >= (0, 9, 8, 13, 15)
156 return ssl.OPENSSL_VERSION_INFO >= (0, 9, 7, 8, 15)
160 return ssl.OPENSSL_VERSION_INFO >= (0, 9, 8, 0, 15)
163 if not ssl.HAS_ECDH:
165 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
186 if ssl._OPENSSL_API_VERSION == (0, 9, 8, 9, 15):
199 if hasattr(ssl, 'PROTOCOL_SSLv2'):
203 ssl.SSLContext(ssl.PROTOCOL_SSLv2)
204 except ssl.SSLError:
205 if (ssl.OPENSSL_VERSION_INFO == (0, 9, 8, 15, 15) and
213 needs_sni = unittest.skipUnless(ssl.HAS_SNI, "SNI support needed for this test")
216 def test_wrap_socket(sock, ssl_version=ssl.PROTOCOL_TLS, *,
217 cert_reqs=ssl.CERT_NONE, ca_certs=None,
220 context = ssl.SSLContext(ssl_version)
222 if cert_reqs == ssl.CERT_NONE:
246 client_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
249 server_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
259 ssl.CERT_NONE
260 ssl.CERT_OPTIONAL
261 ssl.CERT_REQUIRED
262 ssl.OP_CIPHER_SERVER_PREFERENCE
263 ssl.OP_SINGLE_DH_USE
264 if ssl.HAS_ECDH:
265 ssl.OP_SINGLE_ECDH_USE
266 if ssl.OPENSSL_VERSION_INFO >= (1, 0):
267 ssl.OP_NO_COMPRESSION
268 self.assertIn(ssl.HAS_SNI, {True, False})
269 self.assertIn(ssl.HAS_ECDH, {True, False})
270 ssl.OP_NO_SSLv2
271 ssl.OP_NO_SSLv3
272 ssl.OP_NO_TLSv1
273 ssl.OP_NO_TLSv1_3
274 if ssl.OPENSSL_VERSION_INFO >= (1, 0, 1):
275 ssl.OP_NO_TLSv1_1
276 ssl.OP_NO_TLSv1_2
277 self.assertEqual(ssl.PROTOCOL_TLS, ssl.PROTOCOL_SSLv23)
282 ssl.SSLSocket(s)
287 proto = ssl.PROTOCOL_TLS
289 ctx = ssl.SSLContext(proto)
293 v = ssl.RAND_status()
299 data, is_cryptographic = ssl.RAND_pseudo_bytes(16)
303 data = ssl.RAND_bytes(16)
306 self.assertRaises(ssl.SSLError, ssl.RAND_bytes, 16)
309 self.assertRaises(ValueError, ssl.RAND_bytes, -5)
310 self.assertRaises(ValueError, ssl.RAND_pseudo_bytes, -5)
312 if hasattr(ssl, 'RAND_egd'):
313 self.assertRaises(TypeError, ssl.RAND_egd, 1)
314 self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1)
315 ssl.RAND_add("this is a random string", 75.0)
316 ssl.RAND_add(b"this is a random bytes object", 75.0)
317 ssl.RAND_add(bytearray(b"this is a random bytearray object"), 75.0)
321 status = ssl.RAND_status()
330 child_random = ssl.RAND_pseudo_bytes(16)[0]
346 parent_random = ssl.RAND_pseudo_bytes(16)[0]
358 ssl._ssl._test_decode_cert(CERTFILE),
362 ssl._ssl._test_decode_cert(SIGNED_CERTFILE),
368 p = ssl._ssl._test_decode_cert(NOKIACERT)
383 p = ssl._ssl._test_decode_cert(TALOS_INVALID_CRLDP)
404 p = ssl._ssl._test_decode_cert(NULLBYTECERT)
416 if ssl._OPENSSL_API_VERSION >= (0, 9, 8):
433 p = ssl._ssl._test_decode_cert(ALLSANFILE)
456 d1 = ssl.PEM_cert_to_DER_cert(pem)
457 p2 = ssl.DER_cert_to_PEM_cert(d1)
458 d2 = ssl.PEM_cert_to_DER_cert(p2)
460 if not p2.startswith(ssl.PEM_HEADER + '\n'):
462 if not p2.endswith('\n' + ssl.PEM_FOOTER + '\n'):
466 n = ssl.OPENSSL_VERSION_NUMBER
467 t = ssl.OPENSSL_VERSION_INFO
468 s = ssl.OPENSSL_VERSION
538 ssl.wrap_socket, sock, keyfile=CERTFILE)
541 ssl.wrap_socket, sock, server_side=True)
544 ssl.wrap_socket, sock, server_side=True, certfile="")
545 with ssl.wrap_socket(sock, server_side=True, certfile=CERTFILE) as s:
550 ssl.wrap_socket(sock, certfile=NONEXISTINGCERT)
554 ssl.wrap_socket(sock,
559 ssl.wrap_socket(sock,
569 with self.assertRaises(ssl.SSLError):
587 ssl.match_hostname(cert, hostname)
589 self.assertRaises(ssl.CertificateError,
590 ssl.match_hostname, cert, hostname)
731 self.assertRaises(ValueError, ssl.match_hostname, None, 'example.com')
732 self.assertRaises(ValueError, ssl.match_hostname, {}, 'example.com')
738 ssl.CertificateError,
740 ssl.match_hostname(cert, 'axxb.example.com')
744 ssl.CertificateError,
746 ssl.match_hostname(cert, 'www.sub.example.com')
750 ssl.CertificateError,
752 ssl.match_hostname(cert, 'axxbxxc.example.com')
756 ssl.CertificateError,
758 ssl.match_hostname(cert, 'host')
762 ssl.CertificateError,
764 ssl.match_hostname(cert, 'com')
769 ssl._inet_paton(invalid)
771 self.assertTrue(ssl._inet_paton(ipaddr))
774 self.assertTrue(ssl._inet_paton(ipaddr))
778 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
795 @unittest.skipUnless("tls-unique" in ssl.CHANNEL_BINDING_TYPES,
816 paths = ssl.get_default_verify_paths()
818 self.assertIsInstance(paths, ssl.DefaultVerifyPaths)
823 paths = ssl.get_default_verify_paths()
829 self.assertTrue(ssl.enum_certificates("CA"))
830 self.assertTrue(ssl.enum_certificates("ROOT"))
832 self.assertRaises(TypeError, ssl.enum_certificates)
833 self.assertRaises(WindowsError, ssl.enum_certificates, "")
837 store = ssl.enum_certificates(storename)
854 self.assertTrue(ssl.enum_crls("CA"))
855 self.assertRaises(TypeError, ssl.enum_crls)
856 self.assertRaises(WindowsError, ssl.enum_crls, "")
858 crls = ssl.enum_crls("CA")
871 val = ssl._ASN1Object('1.3.6.1.5.5.7.3.1')
877 self.assertIsInstance(val, ssl._ASN1Object)
878 self.assertRaises(ValueError, ssl._ASN1Object, 'serverAuth')
880 val = ssl._ASN1Object.fromnid(129)
882 self.assertIsInstance(val, ssl._ASN1Object)
883 self.assertRaises(ValueError, ssl._ASN1Object.fromnid, -1)
885 ssl._ASN1Object.fromnid(100000)
888 obj = ssl._ASN1Object.fromnid(i)
897 val = ssl._ASN1Object.fromname('TLS Web Server Authentication')
899 self.assertIsInstance(val, ssl._ASN1Object)
900 self.assertEqual(ssl._ASN1Object.fromname('serverAuth'), expected)
901 self.assertEqual(ssl._ASN1Object.fromname('1.3.6.1.5.5.7.3.1'),
904 ssl._ASN1Object.fromname('serverauth')
907 val = ssl._ASN1Object('1.3.6.1.5.5.7.3.1')
908 self.assertIsInstance(ssl.Purpose.SERVER_AUTH, ssl._ASN1Object)
909 self.assertEqual(ssl.Purpose.SERVER_AUTH, val)
910 self.assertEqual(ssl.Purpose.SERVER_AUTH.nid, 129)
911 self.assertEqual(ssl.Purpose.SERVER_AUTH.shortname, 'serverAuth')
912 self.assertEqual(ssl.Purpose.SERVER_AUTH.oid,
915 val = ssl._ASN1Object('1.3.6.1.5.5.7.3.2')
916 self.assertIsInstance(ssl.Purpose.CLIENT_AUTH, ssl._ASN1Object)
917 self.assertEqual(ssl.Purpose.CLIENT_AUTH, val)
918 self.assertEqual(ssl.Purpose.CLIENT_AUTH.nid, 130)
919 self.assertEqual(ssl.Purpose.CLIENT_AUTH.shortname, 'clientAuth')
920 self.assertEqual(ssl.Purpose.CLIENT_AUTH.oid,
927 test_wrap_socket(s, cert_reqs=ssl.CERT_NONE)
929 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
935 self.assertEqual(ssl.cert_time_to_seconds(timestring), timestamp)
939 ssl.cert_time_to_seconds(timestring)
954 self.assertEqual(ssl.cert_time_to_seconds(cert_time=timestring), ts)
1004 cert_reqs=ssl.CERT_REQUIRED)
1021 ssl.SSLContext(protocol)
1022 ctx = ssl.SSLContext()
1023 self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLS)
1024 self.assertRaises(ValueError, ssl.SSLContext, -1)
1025 self.assertRaises(ValueError, ssl.SSLContext, 42)
1030 ctx = ssl.SSLContext(proto)
1034 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1037 with self.assertRaisesRegex(ssl.SSLError, "No cipher can be selected"):
1043 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1053 @unittest.skipIf(ssl.OPENSSL_VERSION_INFO < (1, 0, 2, 0, 0), 'OpenSSL too old')
1055 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1063 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1065 default = (ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3)
1071 ctx.options |= ssl.OP_NO_TLSv1
1072 self.assertEqual(default | ssl.OP_NO_TLSv1, ctx.options)
1074 ctx.options = (ctx.options & ~ssl.OP_NO_TLSv1)
1078 self.assertEqual(0, ctx.options & ~ssl.OP_NO_SSLv3)
1084 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS)
1086 self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
1087 ctx.verify_mode = ssl.CERT_OPTIONAL
1088 self.assertEqual(ctx.verify_mode, ssl.CERT_OPTIONAL)
1089 ctx.verify_mode = ssl.CERT_REQUIRED
1090 self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
1091 ctx.verify_mode = ssl.CERT_NONE
1092 self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
1098 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
1099 self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
1102 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1103 self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
1107 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1109 if ssl.HAS_NEVER_CHECK_COMMON_NAME:
1120 @unittest.skipUnless(hasattr(ssl.SSLContext, 'minimum_version'),
1123 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
1128 {ssl.TLSVersion.MINIMUM_SUPPORTED,
1130 ssl.TLSVersion.TLSv1,
1132 ssl.TLSVersion.TLSv1_2}
1135 ctx.maximum_version, ssl.TLSVersion.MAXIMUM_SUPPORTED
1138 ctx.minimum_version = ssl.TLSVersion.TLSv1_1
1139 ctx.maximum_version = ssl.TLSVersion.TLSv1_2
1141 ctx.minimum_version, ssl.TLSVersion.TLSv1_1
1144 ctx.maximum_version, ssl.TLSVersion.TLSv1_2
1147 ctx.minimum_version = ssl.TLSVersion.MINIMUM_SUPPORTED
1148 ctx.maximum_version = ssl.TLSVersion.TLSv1
1150 ctx.minimum_version, ssl.TLSVersion.MINIMUM_SUPPORTED
1153 ctx.maximum_version, ssl.TLSVersion.TLSv1
1156 ctx.maximum_version = ssl.TLSVersion.MAXIMUM_SUPPORTED
1158 ctx.maximum_version, ssl.TLSVersion.MAXIMUM_SUPPORTED
1161 ctx.maximum_version = ssl.TLSVersion.MINIMUM_SUPPORTED
1164 {ssl.TLSVersion.TLSv1, ssl.TLSVersion.SSLv3}
1167 ctx.minimum_version = ssl.TLSVersion.MAXIMUM_SUPPORTED
1170 {ssl.TLSVersion.TLSv1_2, ssl.TLSVersion.TLSv1_3}
1176 ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_1)
1179 ctx.minimum_version, ssl.TLSVersion.MINIMUM_SUPPORTED
1182 ctx.maximum_version, ssl.TLSVersion.MAXIMUM_SUPPORTED
1185 ctx.minimum_version = ssl.TLSVersion.MINIMUM_SUPPORTED
1187 ctx.maximum_version = ssl.TLSVersion.TLSv1
1193 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
1195 tf = getattr(ssl, "VERIFY_X509_TRUSTED_FIRST", 0)
1196 self.assertEqual(ctx.verify_flags, ssl.VERIFY_DEFAULT | tf)
1197 ctx.verify_flags = ssl.VERIFY_CRL_CHECK_LEAF
1198 self.assertEqual(ctx.verify_flags, ssl.VERIFY_CRL_CHECK_LEAF)
1199 ctx.verify_flags = ssl.VERIFY_CRL_CHECK_CHAIN
1200 self.assertEqual(ctx.verify_flags, ssl.VERIFY_CRL_CHECK_CHAIN)
1201 ctx.verify_flags = ssl.VERIFY_DEFAULT
1202 self.assertEqual(ctx.verify_flags, ssl.VERIFY_DEFAULT)
1204 ctx.verify_flags = ssl.VERIFY_CRL_CHECK_LEAF | ssl.VERIFY_X509_STRICT
1206 ssl.VERIFY_CRL_CHECK_LEAF | ssl.VERIFY_X509_STRICT)
1211 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
1219 with self.assertRaisesRegex(ssl.SSLError, "PEM lib"):
1221 with self.assertRaisesRegex(ssl.SSLError, "PEM lib"):
1224 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
1228 with self.assertRaisesRegex(ssl.SSLError, "PEM lib"):
1230 with self.assertRaisesRegex(ssl.SSLError, "PEM lib"):
1232 with self.assertRaisesRegex(ssl.SSLError, "PEM lib"):
1235 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
1236 with self.assertRaisesRegex(ssl.SSLError, "key values mismatch"):
1249 with self.assertRaises(ssl.SSLError):
1282 with self.assertRaises(ssl.SSLError):
1294 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
1304 with self.assertRaisesRegex(ssl.SSLError, "PEM lib"):
1316 cacert_der = ssl.PEM_cert_to_DER_cert(cacert_pem)
1319 neuronio_der = ssl.PEM_cert_to_DER_cert(neuronio_pem)
1322 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1333 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1339 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1346 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1355 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1361 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1364 with self.assertRaisesRegex(ssl.SSLError, "no start line"):
1366 with self.assertRaisesRegex(ssl.SSLError, "not enough data"):
1371 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
1380 with self.assertRaises(ssl.SSLError) as cm:
1386 ctx = ssl.SSLContext(proto)
1404 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1407 @unittest.skipUnless(ssl.HAS_ECDH, "ECDH disabled on this OpenSSL build")
1409 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
1419 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
1436 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
1446 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1460 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1484 der = ssl.PEM_cert_to_DER_cert(pem)
1488 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1491 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1492 ctx.load_default_certs(ssl.Purpose.SERVER_AUTH)
1495 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1496 ctx.load_default_certs(ssl.Purpose.CLIENT_AUTH)
1498 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1505 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1515 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1519 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1528 self.assertEqual(ctx.options & ssl.OP_NO_SSLv2, ssl.OP_NO_SSLv2)
1543 ctx = ssl.create_default_context()
1545 self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLS)
1546 self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
1552 ctx = ssl.create_default_context(cafile=SIGNING_CA, capath=CAPATH,
1554 self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLS)
1555 self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
1558 ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
1559 self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLS)
1560 self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
1564 ctx = ssl._create_stdlib_context()
1565 self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLS)
1566 self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
1570 ctx = ssl._create_stdlib_context(ssl.PROTOCOL_TLSv1)
1571 self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLSv1)
1572 self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
1575 ctx = ssl._create_stdlib_context(ssl.PROTOCOL_TLSv1,
1576 cert_reqs=ssl.CERT_REQUIRED,
1578 self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLSv1)
1579 self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
1583 ctx = ssl._create_stdlib_context(purpose=ssl.Purpose.CLIENT_AUTH)
1584 self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLS)
1585 self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
1589 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS)
1591 self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
1596 self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
1598 ctx.verify_mode = ssl.CERT_REQUIRED
1600 self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
1604 ctx.verify_mode = ssl.CERT_NONE
1607 self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
1611 self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
1614 ctx.verify_mode = ssl.CERT_OPTIONAL
1617 self.assertEqual(ctx.verify_mode, ssl.CERT_OPTIONAL)
1621 self.assertEqual(ctx.verify_mode, ssl.CERT_OPTIONAL)
1625 ctx.verify_mode = ssl.CERT_NONE
1628 ctx.verify_mode = ssl.CERT_NONE
1629 self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
1633 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1635 self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
1638 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
1640 self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
1643 class MySSLSocket(ssl.SSLSocket):
1646 class MySSLObject(ssl.SSLObject):
1649 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
1655 obj = ctx.wrap_bio(ssl.MemoryBIO(), ssl.MemoryBIO())
1663 e = ssl.SSLError(1, "foo")
1667 e = ssl.SSLZeroReturnError(1, "foo")
1673 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1674 with self.assertRaises(ssl.SSLError) as cm:
1684 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1686 ctx.verify_mode = ssl.CERT_NONE
1694 with self.assertRaises(ssl.SSLWantReadError) as cm:
1699 self.assertEqual(cm.exception.errno, ssl.SSL_ERROR_WANT_READ)
1703 ctx = ssl.create_default_context()
1705 ctx.wrap_bio(ssl.MemoryBIO(), ssl.MemoryBIO(),
1708 ctx.wrap_bio(ssl.MemoryBIO(), ssl.MemoryBIO(),
1711 ctx.wrap_bio(ssl.MemoryBIO(), ssl.MemoryBIO(),
1718 bio = ssl.MemoryBIO()
1732 bio = ssl.MemoryBIO()
1748 bio = ssl.MemoryBIO()
1762 bio = ssl.MemoryBIO()
1771 bio = ssl.MemoryBIO()
1780 bio = ssl.MemoryBIO()
1782 ssl.SSLObject(bio, bio)
1786 c_in = ssl.MemoryBIO()
1787 c_out = ssl.MemoryBIO()
1788 s_in = ssl.MemoryBIO()
1789 s_out = ssl.MemoryBIO()
1797 except ssl.SSLWantReadError:
1803 except ssl.SSLWantReadError:
1813 with self.assertRaises(ssl.SSLWantReadError):
1837 cert_reqs=ssl.CERT_NONE) as s:
1844 cert_reqs=ssl.CERT_REQUIRED,
1855 cert_reqs=ssl.CERT_REQUIRED)
1857 self.assertRaisesRegex(ssl.SSLError, "certificate verify failed",
1863 cert_reqs=ssl.CERT_REQUIRED,
1873 cert_reqs=ssl.CERT_REQUIRED,
1888 except ssl.SSLWantReadError:
1890 except ssl.SSLWantWriteError:
1897 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS)
1905 ctx.verify_mode = ssl.CERT_REQUIRED
1917 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS)
1918 ctx.verify_mode = ssl.CERT_REQUIRED
1921 self.assertRaisesRegex(ssl.SSLError, "certificate verify failed",
1930 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS)
1931 ctx.verify_mode = ssl.CERT_REQUIRED
1939 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS)
1940 ctx.verify_mode = ssl.CERT_REQUIRED
1950 der = ssl.PEM_cert_to_DER_cert(pem)
1951 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS)
1952 ctx.verify_mode = ssl.CERT_REQUIRED
1960 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS)
1961 ctx.verify_mode = ssl.CERT_REQUIRED
1992 cert_reqs=ssl.CERT_NONE,
2001 except ssl.SSLWantReadError:
2003 except ssl.SSLWantWriteError:
2018 cert_reqs=ssl.CERT_NONE, ciphers="ALL") as s:
2021 cert_reqs=ssl.CERT_NONE, ciphers="DEFAULT") as s:
2024 with self.assertRaisesRegex(ssl.SSLError, "No cipher can be selected"):
2027 cert_reqs=ssl.CERT_NONE, ciphers="^$:,;?*'dorothyx")
2032 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
2045 ctx1 = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
2047 ctx2 = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
2071 except ssl.SSLError as e:
2072 if e.errno not in (ssl.SSL_ERROR_WANT_READ,
2073 ssl.SSL_ERROR_WANT_WRITE):
2084 elif errno == ssl.SSL_ERROR_WANT_READ:
2099 incoming = ssl.MemoryBIO()
2100 outgoing = ssl.MemoryBIO()
2101 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
2103 self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
2112 if 'tls-unique' in ssl.CHANNEL_BINDING_TYPES:
2119 if 'tls-unique' in ssl.CHANNEL_BINDING_TYPES:
2123 except ssl.SSLSyscallError:
2127 self.assertRaises(ssl.SSLError, sslobj.write, b'foo')
2133 incoming = ssl.MemoryBIO()
2134 outgoing = ssl.MemoryBIO()
2135 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS)
2136 ctx.verify_mode = ssl.CERT_NONE
2153 cert_reqs=ssl.CERT_REQUIRED,
2170 pem = ssl.get_server_certificate((host, port))
2174 pem = ssl.get_server_certificate((host, port), ca_certs=cert)
2182 pem = ssl.get_server_certificate((host, port), ca_certs=CERTFILE)
2183 except ssl.SSLError as x:
2231 except (ssl.SSLError, OSError) as e:
2251 if self.server.context.verify_mode == ssl.CERT_REQUIRED:
2336 except ssl.SSLError as e:
2383 self.context = ssl.SSLContext(ssl_version
2385 else ssl.PROTOCOL_TLS_SERVER)
2387 else ssl.CERT_NONE)
2472 if isinstance(self.socket, ssl.SSLSocket):
2480 except (ssl.SSLWantReadError, ssl.SSLWantWriteError):
2482 except ssl.SSLEOFError:
2484 except ssl.SSLError:
2633 certsreqs = ssl.CERT_NONE
2635 ssl.CERT_NONE: "CERT_NONE",
2636 ssl.CERT_OPTIONAL: "CERT_OPTIONAL",
2637 ssl.CERT_REQUIRED: "CERT_REQUIRED",
2642 (ssl.get_protocol_name(client_protocol),
2643 ssl.get_protocol_name(server_protocol),
2645 client_context = ssl.SSLContext(client_protocol)
2647 server_context = ssl.SSLContext(server_protocol)
2655 and server_protocol == ssl.PROTOCOL_TLS
2664 if client_context.protocol == ssl.PROTOCOL_TLS:
2676 except ssl.SSLError:
2686 % (ssl.get_protocol_name(client_protocol),
2687 ssl.get_protocol_name(server_protocol)))
2702 if protocol in {ssl.PROTOCOL_TLS_CLIENT, ssl.PROTOCOL_TLS_SERVER}:
2704 with self.subTest(protocol=ssl._PROTOCOL_NAMES[protocol]):
2705 context = ssl.SSLContext(protocol)
2712 with self.subTest(client=ssl.PROTOCOL_TLS_CLIENT, server=ssl.PROTOCOL_TLS_SERVER):
2719 with self.subTest(client=ssl.PROTOCOL_TLS_SERVER, server=ssl.PROTOCOL_TLS_CLIENT):
2720 with self.assertRaises(ssl.SSLError) as e:
2728 with self.subTest(client=ssl.PROTOCOL_TLS_SERVER, server=ssl.PROTOCOL_TLS_SERVER):
2729 with self.assertRaises(ssl.SSLError) as e:
2736 with self.subTest(client=ssl.PROTOCOL_TLS_CLIENT, server=ssl.PROTOCOL_TLS_CLIENT):
2737 with self.assertRaises(ssl.SSLError) as e:
2776 before = ssl.cert_time_to_seconds(cert['notBefore'])
2777 after = ssl.cert_time_to_seconds(cert['notAfter'])
2788 tf = getattr(ssl, "VERIFY_X509_TRUSTED_FIRST", 0)
2789 self.assertEqual(client_context.verify_flags, ssl.VERIFY_DEFAULT | tf)
2801 client_context.verify_flags |= ssl.VERIFY_CRL_CHECK_LEAF
2807 with self.assertRaisesRegex(ssl.SSLError,
2843 ssl.CertificateError,
2856 client_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
2861 server_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
2877 client_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
2881 client_context.options |= ssl.OP_NO_TLSv1_3
2886 server_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
2906 server_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
2909 context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
2910 context.verify_mode = ssl.CERT_REQUIRED
2955 with self.assertRaises(ssl.CertificateError):
2968 server_context.verify_mode = ssl.CERT_REQUIRED
2970 client_context.maximum_version = ssl.TLSVersion.TLSv1_2
2984 except ssl.SSLError as e:
2995 @unittest.skipUnless(ssl.HAS_TLSv1_3, "Test needs TLS 1.3")
3000 server_context.verify_mode = ssl.CERT_REQUIRED
3001 server_context.minimum_version = ssl.TLSVersion.TLSv1_3
3002 client_context.minimum_version = ssl.TLSVersion.TLSv1_3
3015 except ssl.SSLError as e:
3071 server_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
3074 context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
3082 except ssl.SSLError as e:
3084 self.assertIsInstance(e, ssl.SSLCertVerificationError)
3091 @unittest.skipUnless(hasattr(ssl, 'PROTOCOL_SSLv2'),
3097 try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True)
3098 try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_OPTIONAL)
3099 try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_REQUIRED)
3100 try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLS, False)
3101 if hasattr(ssl, 'PROTOCOL_SSLv3'):
3102 try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv3, False)
3103 try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLSv1, False)
3107 try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLS, False,
3108 client_options=ssl.OP_NO_SSLv2)
3109 try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLS, False,
3110 client_options=ssl.OP_NO_SSLv3)
3111 try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLS, False,
3112 client_options=ssl.OP_NO_TLSv1)
3119 if hasattr(ssl, 'PROTOCOL_SSLv2'):
3121 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_SSLv2, True)
3128 if hasattr(ssl, 'PROTOCOL_SSLv3'):
3129 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_SSLv3, False)
3130 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLS, True)
3131 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLSv1, 'TLSv1')
3133 if hasattr(ssl, 'PROTOCOL_SSLv3'):
3134 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_SSLv3, False, ssl.CERT_OPTIONAL)
3135 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLS, True, ssl.CERT_OPTIONAL)
3136 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLSv1, 'TLSv1', ssl.CERT_OPTIONAL)
3138 if hasattr(ssl, 'PROTOCOL_SSLv3'):
3139 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_SSLv3, False, ssl.CERT_REQUIRED)
3140 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLS, True, ssl.CERT_REQUIRED)
3141 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLSv1, 'TLSv1', ssl.CERT_REQUIRED)
3144 if hasattr(ssl, 'PROTOCOL_SSLv3'):
3145 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_SSLv3, False,
3146 server_options=ssl.OP_NO_SSLv3)
3148 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLS, True,
3149 server_options=ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3)
3150 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLSv1, False,
3151 server_options=ssl.OP_NO_TLSv1)
3155 @unittest.skipUnless(hasattr(ssl, 'PROTOCOL_SSLv3'),
3161 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, 'SSLv3')
3162 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, 'SSLv3', ssl.CERT_OPTIONAL)
3163 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, 'SSLv3', ssl.CERT_REQUIRED)
3164 if hasattr(ssl, 'PROTOCOL_SSLv2'):
3165 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv2, False)
3166 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_TLS, False,
3167 client_options=ssl.OP_NO_SSLv3)
3168 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_TLSv1, False)
3171 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_TLS,
3172 False, client_options=ssl.OP_NO_SSLv2)
3179 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, 'TLSv1')
3180 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, 'TLSv1', ssl.CERT_OPTIONAL)
3181 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, 'TLSv1', ssl.CERT_REQUIRED)
3182 if hasattr(ssl, 'PROTOCOL_SSLv2'):
3183 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv2, False)
3184 if hasattr(ssl, 'PROTOCOL_SSLv3'):
3185 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv3, False)
3186 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLS, False,
3187 client_options=ssl.OP_NO_TLSv1)
3190 @unittest.skipUnless(hasattr(ssl, "PROTOCOL_TLSv1_1"),
3197 try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLSv1_1, 'TLSv1.1')
3198 if hasattr(ssl, 'PROTOCOL_SSLv2'):
3199 try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_SSLv2, False)
3200 if hasattr(ssl, 'PROTOCOL_SSLv3'):
3201 try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_SSLv3, False)
3202 try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLS, False,
3203 client_options=ssl.OP_NO_TLSv1_1)
3205 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLSv1_1, 'TLSv1.1')
3206 try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLSv1, False)
3207 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1_1, False)
3210 @unittest.skipUnless(hasattr(ssl, "PROTOCOL_TLSv1_2"),
3217 try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1_2, 'TLSv1.2',
3218 server_options=ssl.OP_NO_SSLv3|ssl.OP_NO_SSLv2,
3219 client_options=ssl.OP_NO_SSLv3|ssl.OP_NO_SSLv2,)
3220 if hasattr(ssl, 'PROTOCOL_SSLv2'):
3221 try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_SSLv2, False)
3222 if hasattr(ssl, 'PROTOCOL_SSLv3'):
3223 try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_SSLv3, False)
3224 try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLS, False,
3225 client_options=ssl.OP_NO_TLSv1_2)
3227 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLSv1_2, 'TLSv1.2')
3228 try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1, False)
3229 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1_2, False)
3230 try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1_1, False)
3231 try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLSv1_2, False)
3302 context = ssl.create_default_context(cafile=SIGNING_CA)
3351 certreqs=ssl.CERT_NONE,
3352 ssl_version=ssl.PROTOCOL_TLS_SERVER,
3361 cert_reqs=ssl.CERT_NONE,
3362 ssl_version=ssl.PROTOCOL_TLS_CLIENT)
3504 certreqs=ssl.CERT_NONE,
3505 ssl_version=ssl.PROTOCOL_TLS_SERVER,
3514 cert_reqs=ssl.CERT_NONE,
3515 ssl_version=ssl.PROTOCOL_TLS_CLIENT)
3525 self.assertRaises((ssl.SSLWantWriteError,
3526 ssl.SSLWantReadError), fill_buffer)
3584 context = ssl.SSLContext(ssl.PROTOCOL_TLS)
3585 context.verify_mode = ssl.CERT_REQUIRED
3619 self.assertIsInstance(remote, ssl.SSLSocket)
3623 context = ssl.SSLContext(ssl.PROTOCOL_TLS)
3630 context = ssl.SSLContext(ssl.PROTOCOL_TLS)
3639 client_context.options |= ssl.OP_NO_TLSv1_3
3655 context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
3657 context.verify_mode = ssl.CERT_NONE
3659 ssl_version=ssl.PROTOCOL_TLS_SERVER,
3665 if IS_OPENSSL_1_1_1 and ssl.HAS_TLSv1_3:
3667 elif ssl.OPENSSL_VERSION_INFO >= (1, 0, 2):
3674 @unittest.skipUnless(ssl.HAS_TLSv1_3,
3677 context = ssl.SSLContext(ssl.PROTOCOL_TLS)
3680 ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_TLSv1_2
3692 @unittest.skipUnless(hasattr(ssl.SSLContext, 'minimum_version'),
3697 client_context.minimum_version = ssl.TLSVersion.TLSv1
3698 client_context.maximum_version = ssl.TLSVersion.TLSv1_2
3700 server_context.minimum_version = ssl.TLSVersion.TLSv1_2
3701 server_context.maximum_version = ssl.TLSVersion.TLSv1_2
3710 server_context.minimum_version = ssl.TLSVersion.TLSv1
3711 server_context.maximum_version = ssl.TLSVersion.TLSv1_1
3720 server_context.minimum_version = ssl.TLSVersion.TLSv1_2
3721 server_context.maximum_version = ssl.TLSVersion.TLSv1_2
3722 client_context.minimum_version = ssl.TLSVersion.TLSv1
3723 client_context.maximum_version = ssl.TLSVersion.TLSv1
3727 with self.assertRaises(ssl.SSLError) as e:
3732 @unittest.skipUnless(hasattr(ssl.SSLContext, 'minimum_version'),
3734 @unittest.skipUnless(ssl.HAS_SSLv3, "requires SSLv3 support")
3737 server_context.minimum_version = ssl.TLSVersion.SSLv3
3738 client_context.minimum_version = ssl.TLSVersion.SSLv3
3739 client_context.maximum_version = ssl.TLSVersion.SSLv3
3746 @unittest.skipUnless(ssl.HAS_ECDH, "test requires ECDH-enabled OpenSSL")
3750 context = ssl.SSLContext(ssl.PROTOCOL_TLS)
3754 context.options |= ssl.OP_NO_TLSv1_3
3759 if ssl.OPENSSL_VERSION_INFO < (1, 0, 0):
3766 @unittest.skipUnless("tls-unique" in ssl.CHANNEL_BINDING_TYPES,
3835 @unittest.skipUnless(hasattr(ssl, 'OP_NO_COMPRESSION'),
3839 client_context.options |= ssl.OP_NO_COMPRESSION
3840 server_context.options |= ssl.OP_NO_COMPRESSION
3850 client_context.options |= ssl.OP_NO_TLSv1_3
3853 server_context.options |= ssl.OP_NO_TLSv1_3
3870 server_context.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
3879 server_context.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
3889 server_context.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
3894 except ssl.SSLError:
3909 @unittest.skipUnless(ssl.HAS_ALPN, "ALPN support required")
3919 @unittest.skipUnless(ssl.HAS_ALPN, "ALPN support needed for this test")
3939 except ssl.SSLError as e:
3943 and ssl.OPENSSL_VERSION_INFO < (1, 1, 0, 6)):
3945 self.assertIsInstance(stats, ssl.SSLError)
3967 @unittest.skipUnless(ssl.HAS_NPN, "NPN support needed for this test")
3994 server_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
3996 other_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
3998 client_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
4053 return ssl.ALERT_DESCRIPTION_ACCESS_DENIED
4055 with self.assertRaises(ssl.SSLError) as cm:
4070 with self.assertRaises(ssl.SSLError) as cm, \
4088 with self.assertRaises(ssl.SSLError) as cm, \
4132 context = ssl.SSLContext(ssl.PROTOCOL_TLS)
4133 context.verify_mode = ssl.CERT_REQUIRED
4147 client_context.options |= ssl.OP_NO_TLSv1_3
4157 if ssl.OPENSSL_VERSION_INFO > (1, 0, 1):
4207 client_context.options |= ssl.OP_NO_TLSv1_3
4208 client_context2.options |= ssl.OP_NO_TLSv1_3
4253 @unittest.skipUnless(ssl.HAS_TLSv1_3, "Test needs TLS 1.3")
4257 ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLS_SERVER, ssl.PROTOCOL_TLS_CLIENT
4260 ctx = ssl.SSLContext(protocol)
4266 ctx.verify_mode = ssl.CERT_REQUIRED
4267 self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
4271 self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
4274 ctx.verify_mode = ssl.CERT_OPTIONAL
4276 self.assertEqual(ctx.verify_mode, ssl.CERT_OPTIONAL)
4282 server_context.verify_mode = ssl.CERT_REQUIRED
4307 server_context.verify_mode = ssl.CERT_REQUIRED
4322 ssl.SSLError,
4332 server_context.verify_mode = ssl.CERT_REQUIRED
4337 server_context.verify_mode = ssl.CERT_OPTIONAL
4356 server_context.verify_mode = ssl.CERT_OPTIONAL
4375 server_context.verify_mode = ssl.CERT_REQUIRED
4383 with self.assertRaisesRegex(ssl.SSLError, 'not server'):
4391 server_context.verify_mode = ssl.CERT_REQUIRED
4411 server_context.verify_mode = ssl.CERT_REQUIRED
4412 client_context.maximum_version = ssl.TLSVersion.TLSv1_2
4449 (ssl.OPENSSL_VERSION, ssl.OPENSSL_VERSION_INFO))
4451 print(" HAS_SNI = %r" % ssl.HAS_SNI)
4452 print(" OP_ALL = 0x%8x" % ssl.OP_ALL)
4454 print(" OP_NO_TLSv1_1 = 0x%8x" % ssl.OP_NO_TLSv1_1)