mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-02 08:02:56 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

Issue #25940: Backport self-signed.pythontest.net testing for test_httplib

Browse source 
The svn.python.org server recently changed root certificate, causing the test
to fail. This backports revision 4985375db40f.
This commit is contained in:
Georg Brandl 2014-11-05 20:37:40 +01:00
parent 5e621176c4
commit 89644d080b
2 changed files with 24 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

16
Lib/test/selfsigned_pythontestdotnet.pem Normal file
View file

@ -0,0 +1,16 @@
-----BEGIN CERTIFICATE-----
MIIChzCCAfCgAwIBAgIJAKGU95wKR8pSMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
BAYTAlhZMRcwFQYDVQQHDA5DYXN0bGUgQW50aHJheDEjMCEGA1UECgwaUHl0aG9u
IFNvZnR3YXJlIEZvdW5kYXRpb24xIzAhBgNVBAMMGnNlbGYtc2lnbmVkLnB5dGhv
bnRlc3QubmV0MB4XDTE0MTEwMjE4MDkyOVoXDTI0MTAzMDE4MDkyOVowcDELMAkG
A1UEBhMCWFkxFzAVBgNVBAcMDkNhc3RsZSBBbnRocmF4MSMwIQYDVQQKDBpQeXRo
b24gU29mdHdhcmUgRm91bmRhdGlvbjEjMCEGA1UEAwwac2VsZi1zaWduZWQucHl0
aG9udGVzdC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANDXQXW9tjyZ
Xt0Iv2tLL1+jinr4wGg36ioLDLFkMf+2Y1GL0v0BnKYG4N1OKlAU15LXGeGer8vm
Sv/yIvmdrELvhAbbo3w4a9TMYQA4XkIVLdvu3mvNOAet+8PMJxn26dbDhG809ALv
EHY57lQsBS3G59RZyBPVqAqmImWNJnVzAgMBAAGjKTAnMCUGA1UdEQQeMByCGnNl
bGYtc2lnbmVkLnB5dGhvbnRlc3QubmV0MA0GCSqGSIb3DQEBBQUAA4GBAIOXmdtM
eG9qzP9TiXW/Gc/zI4cBfdCpC+Y4gOfC9bQUC7hefix4iO3+iZjgy3X/FaRxUUoV
HKiXcXIaWqTSUWp45cSh0MbwZXudp6JIAptzdAhvvCrPKeC9i9GvxsPD4LtDAL97
vSaxQBezA7hdxZd90/EeyMgVZgAnTCnvAWX9
-----END CERTIFICATE-----

15
Lib/test/test_httplib.py
View file

@ -15,8 +15,8 @@ here = os.path.dirname(__file__)
CERT_localhost = os.path.join(here, 'keycert.pem') CERT_localhost = os.path.join(here, 'keycert.pem')
# Self-signed cert file for 'fakehostname' # Self-signed cert file for 'fakehostname'
CERT_fakehostname = os.path.join(here, 'keycert2.pem') CERT_fakehostname = os.path.join(here, 'keycert2.pem')
# Root cert file (CA) for svn.python.org's cert # Self-signed cert file for self-signed.pythontest.net
CACERT_svn_python_org = os.path.join(here, 'https_svn_python_org_root.pem') CERT_selfsigned_pythontestdotnet = os.path.join(here, 'selfsigned_pythontestdotnet.pem')
HOST = support.HOST HOST = support.HOST
@ -570,17 +570,18 @@ class HTTPSTest(TestCase):
self._check_svn_python_org(resp) self._check_svn_python_org(resp)
def test_networked_good_cert(self): def test_networked_good_cert(self):
# We feed a CA cert that validates the server's cert # We feed the server's cert as a validating cert
import ssl import ssl
support.requires('network') support.requires('network')
with support.transient_internet('svn.python.org'): with support.transient_internet('self-signed.pythontest.net'):
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
context.verify_mode = ssl.CERT_REQUIRED context.verify_mode = ssl.CERT_REQUIRED
context.load_verify_locations(CACERT_svn_python_org) context.load_verify_locations(CERT_selfsigned_pythontestdotnet)
h = client.HTTPSConnection('svn.python.org', 443, context=context) h = client.HTTPSConnection('self-signed.pythontest.net', 443, context=context)
h.request('GET', '/') h.request('GET', '/')
resp = h.getresponse() resp = h.getresponse()
self._check_svn_python_org(resp) server_string = resp.getheader('server')
self.assertIn('nginx', server_string)
def test_networked_bad_cert(self): def test_networked_bad_cert(self):
# We feed a "CA" cert that is unrelated to the server's cert # We feed a "CA" cert that is unrelated to the server's cert