Issue #19782: imaplib now supports SSLContext.check_hostname and server name

indication for TLS/SSL connections.
2025-08-04 00:48:58 +00:00 · 2013-12-02 20:01:29 +01:00 · 2013-12-02 20:01:29 +01:00 · 48aae57996
commit 48aae57996
parent 0c924b83ee
4 changed files with 43 additions and 4 deletions
--- a/Lib/test/test_imaplib.py
+++ b/Lib/test/test_imaplib.py
@ -20,6 +20,7 @@ except ImportError:
    ssl = None

 CERTFILE = None
+CAFILE = None


 class TestImaplib(unittest.TestCase):
@ -348,6 +349,25 @@ class ThreadedNetworkedTestsSSL(BaseThreadedNetworkedTests):
    server_class = SecureTCPServer
    imap_class = IMAP4_SSL

+    @reap_threads
+    def test_ssl_verified(self):
+        ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+        ssl_context.verify_mode = ssl.CERT_REQUIRED
+        ssl_context.check_hostname = True
+        ssl_context.load_verify_locations(CAFILE)
+
+        with self.assertRaisesRegex(ssl.CertificateError,
+                                    "hostname '127.0.0.1' doesn't match 'localhost'"):
+            with self.reaped_server(SimpleIMAPHandler) as server:
+                client = self.imap_class(*server.server_address,
+                                         ssl_context=ssl_context)
+                client.shutdown()
+
+        with self.reaped_server(SimpleIMAPHandler) as server:
+            client = self.imap_class("localhost", server.server_address[1],
+                                     ssl_context=ssl_context)
+            client.shutdown()
+

 class RemoteIMAPTest(unittest.TestCase):
    host = 'cyrus.andrew.cmu.edu'
@ -460,11 +480,15 @@ def load_tests(*args):

    if support.is_resource_enabled('network'):
        if ssl:
-            global CERTFILE
+            global CERTFILE, CAFILE
            CERTFILE = os.path.join(os.path.dirname(__file__) or os.curdir,
-                                    "keycert.pem")
+                                    "keycert3.pem")
            if not os.path.exists(CERTFILE):
                raise support.TestFailed("Can't read certificate files!")
+            CAFILE = os.path.join(os.path.dirname(__file__) or os.curdir,
+                                 "pycacert.pem")
+            if not os.path.exists(CAFILE):
+                raise support.TestFailed("Can't read CA file!")
        tests.extend([
            ThreadedNetworkedTests, ThreadedNetworkedTestsSSL,
            RemoteIMAPTest, RemoteIMAP_SSLTest, RemoteIMAP_STARTTLSTest,