183 lines
8.7 KiB
Diff
183 lines
8.7 KiB
Diff
|
diff --git a/Lib/test/dh1024.pem b/Lib/test/dh1024.pem
|
||
|
|
deleted file mode 100644
|
||
|
|
index a391176..0000000
|
||
|
|
--- a/Lib/test/dh1024.pem
|
||
|
|
+++ /dev/null
|
||
|
|
@@ -1,7 +0,0 @@
|
||
|
|
------BEGIN DH PARAMETERS-----
|
||
|
|
-MIGHAoGBAIbzw1s9CT8SV5yv6L7esdAdZYZjPi3qWFs61CYTFFQnf2s/d09NYaJt
|
||
|
|
-rrvJhIzWavqnue71qXCf83/J3nz3FEwUU/L0mGyheVbsSHiI64wUo3u50wK5Igo0
|
||
|
|
-RNs/LD0irs7m0icZ//hijafTU+JOBiuA8zMI+oZfU7BGuc9XrUprAgEC
|
||
|
|
------END DH PARAMETERS-----
|
||
|
|
-
|
||
|
|
-Generated with: openssl dhparam -out dh1024.pem 1024
|
||
|
|
diff --git a/Lib/test/ffdh3072.pem b/Lib/test/ffdh3072.pem
|
||
|
|
new file mode 100644
|
||
|
|
index 0000000..ad69bac
|
||
|
|
--- /dev/null
|
||
|
|
+++ b/Lib/test/ffdh3072.pem
|
||
|
|
@@ -0,0 +1,41 @@
|
||
|
|
+ DH Parameters: (3072 bit)
|
||
|
|
+ prime:
|
||
|
|
+ 00:ff:ff:ff:ff:ff:ff:ff:ff:ad:f8:54:58:a2:bb:
|
||
|
|
+ 4a:9a:af:dc:56:20:27:3d:3c:f1:d8:b9:c5:83:ce:
|
||
|
|
+ 2d:36:95:a9:e1:36:41:14:64:33:fb:cc:93:9d:ce:
|
||
|
|
+ 24:9b:3e:f9:7d:2f:e3:63:63:0c:75:d8:f6:81:b2:
|
||
|
|
+ 02:ae:c4:61:7a:d3:df:1e:d5:d5:fd:65:61:24:33:
|
||
|
|
+ f5:1f:5f:06:6e:d0:85:63:65:55:3d:ed:1a:f3:b5:
|
||
|
|
+ 57:13:5e:7f:57:c9:35:98:4f:0c:70:e0:e6:8b:77:
|
||
|
|
+ e2:a6:89:da:f3:ef:e8:72:1d:f1:58:a1:36:ad:e7:
|
||
|
|
+ 35:30:ac:ca:4f:48:3a:79:7a:bc:0a:b1:82:b3:24:
|
||
|
|
+ fb:61:d1:08:a9:4b:b2:c8:e3:fb:b9:6a:da:b7:60:
|
||
|
|
+ d7:f4:68:1d:4f:42:a3:de:39:4d:f4:ae:56:ed:e7:
|
||
|
|
+ 63:72:bb:19:0b:07:a7:c8:ee:0a:6d:70:9e:02:fc:
|
||
|
|
+ e1:cd:f7:e2:ec:c0:34:04:cd:28:34:2f:61:91:72:
|
||
|
|
+ fe:9c:e9:85:83:ff:8e:4f:12:32:ee:f2:81:83:c3:
|
||
|
|
+ fe:3b:1b:4c:6f:ad:73:3b:b5:fc:bc:2e:c2:20:05:
|
||
|
|
+ c5:8e:f1:83:7d:16:83:b2:c6:f3:4a:26:c1:b2:ef:
|
||
|
|
+ fa:88:6b:42:38:61:1f:cf:dc:de:35:5b:3b:65:19:
|
||
|
|
+ 03:5b:bc:34:f4:de:f9:9c:02:38:61:b4:6f:c9:d6:
|
||
|
|
+ e6:c9:07:7a:d9:1d:26:91:f7:f7:ee:59:8c:b0:fa:
|
||
|
|
+ c1:86:d9:1c:ae:fe:13:09:85:13:92:70:b4:13:0c:
|
||
|
|
+ 93:bc:43:79:44:f4:fd:44:52:e2:d7:4d:d3:64:f2:
|
||
|
|
+ e2:1e:71:f5:4b:ff:5c:ae:82:ab:9c:9d:f6:9e:e8:
|
||
|
|
+ 6d:2b:c5:22:36:3a:0d:ab:c5:21:97:9b:0d:ea:da:
|
||
|
|
+ 1d:bf:9a:42:d5:c4:48:4e:0a:bc:d0:6b:fa:53:dd:
|
||
|
|
+ ef:3c:1b:20:ee:3f:d5:9d:7c:25:e4:1d:2b:66:c6:
|
||
|
|
+ 2e:37:ff:ff:ff:ff:ff:ff:ff:ff
|
||
|
|
+ generator: 2 (0x2)
|
||
|
|
+ recommended-private-length: 276 bits
|
||
|
|
+-----BEGIN DH PARAMETERS-----
|
||
|
|
+MIIBjAKCAYEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
|
||
|
|
++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
|
||
|
|
+87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
|
||
|
|
+YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
|
||
|
|
+7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
|
||
|
|
+ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
|
||
|
|
+7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32
|
||
|
|
+nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZsYu
|
||
|
|
+N///////////AgECAgIBFA==
|
||
|
|
+-----END DH PARAMETERS-----
|
||
|
|
diff --git a/Lib/test/test_ftplib.py b/Lib/test/test_ftplib.py
|
||
|
|
index f9488a9..da8ba32 100644
|
||
|
|
--- a/Lib/test/test_ftplib.py
|
||
|
|
+++ b/Lib/test/test_ftplib.py
|
||
|
|
@@ -880,18 +880,23 @@ class TestTLS_FTPClass(TestCase):
|
||
|
|
# clear text
|
||
|
|
with self.client.transfercmd('list') as sock:
|
||
|
|
self.assertNotIsInstance(sock, ssl.SSLSocket)
|
||
|
|
+ self.assertEqual(sock.recv(1024), LIST_DATA.encode('ascii'))
|
||
|
|
self.assertEqual(self.client.voidresp(), "226 transfer complete")
|
||
|
|
|
||
|
|
# secured, after PROT P
|
||
|
|
self.client.prot_p()
|
||
|
|
with self.client.transfercmd('list') as sock:
|
||
|
|
self.assertIsInstance(sock, ssl.SSLSocket)
|
||
|
|
+ # consume from SSL socket to finalize handshake and avoid
|
||
|
|
+ # "SSLError [SSL] shutdown while in init"
|
||
|
|
+ self.assertEqual(sock.recv(1024), LIST_DATA.encode('ascii'))
|
||
|
|
self.assertEqual(self.client.voidresp(), "226 transfer complete")
|
||
|
|
|
||
|
|
# PROT C is issued, the connection must be in cleartext again
|
||
|
|
self.client.prot_c()
|
||
|
|
with self.client.transfercmd('list') as sock:
|
||
|
|
self.assertNotIsInstance(sock, ssl.SSLSocket)
|
||
|
|
+ self.assertEqual(sock.recv(1024), LIST_DATA.encode('ascii'))
|
||
|
|
self.assertEqual(self.client.voidresp(), "226 transfer complete")
|
||
|
|
|
||
|
|
def test_login(self):
|
||
|
|
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
|
||
|
|
index 7bbaa9f..ea528b5 100644
|
||
|
|
--- a/Lib/test/test_ssl.py
|
||
|
|
+++ b/Lib/test/test_ssl.py
|
||
|
|
@@ -55,7 +55,6 @@ CAPATH = data_file("capath")
|
||
|
|
BYTES_CAPATH = os.fsencode(CAPATH)
|
||
|
|
CAFILE_NEURONIO = data_file("capath", "4e1295a3.0")
|
||
|
|
CAFILE_CACERT = data_file("capath", "5ed36f99.0")
|
||
|
|
-WRONG_CERT = data_file("wrongcert.pem")
|
||
|
|
|
||
|
|
CERTFILE_INFO = {
|
||
|
|
'issuer': ((('countryName', 'XY'),),
|
||
|
|
@@ -118,7 +117,7 @@ BADKEY = data_file("badkey.pem")
|
||
|
|
NOKIACERT = data_file("nokia.pem")
|
||
|
|
NULLBYTECERT = data_file("nullbytecert.pem")
|
||
|
|
|
||
|
|
-DHFILE = data_file("dh1024.pem")
|
||
|
|
+DHFILE = data_file("ffdh3072.pem")
|
||
|
|
BYTES_DHFILE = os.fsencode(DHFILE)
|
||
|
|
|
||
|
|
# Not defined in all versions of OpenSSL
|
||
|
|
@@ -2846,8 +2845,8 @@ class ThreadedTests(unittest.TestCase):
|
||
|
|
connect to it with a wrong client certificate fails.
|
||
|
|
"""
|
||
|
|
client_context, server_context, hostname = testing_context()
|
||
|
|
- # load client cert
|
||
|
|
- client_context.load_cert_chain(WRONG_CERT)
|
||
|
|
+ # load client cert that is not signed by trusted CA
|
||
|
|
+ client_context.load_cert_chain(CERTFILE)
|
||
|
|
# require TLS client authentication
|
||
|
|
server_context.verify_mode = ssl.CERT_REQUIRED
|
||
|
|
# TLS 1.3 has different handshake
|
||
|
|
@@ -2879,7 +2878,8 @@ class ThreadedTests(unittest.TestCase):
|
||
|
|
@unittest.skipUnless(ssl.HAS_TLSv1_3, "Test needs TLS 1.3")
|
||
|
|
def test_wrong_cert_tls13(self):
|
||
|
|
client_context, server_context, hostname = testing_context()
|
||
|
|
- client_context.load_cert_chain(WRONG_CERT)
|
||
|
|
+ # load client cert that is not signed by trusted CA
|
||
|
|
+ client_context.load_cert_chain(CERTFILE)
|
||
|
|
server_context.verify_mode = ssl.CERT_REQUIRED
|
||
|
|
server_context.minimum_version = ssl.TLSVersion.TLSv1_3
|
||
|
|
client_context.minimum_version = ssl.TLSVersion.TLSv1_3
|
||
|
|
diff --git a/Lib/test/wrongcert.pem b/Lib/test/wrongcert.pem
|
||
|
|
deleted file mode 100644
|
||
|
|
index 5f92f9b..0000000
|
||
|
|
--- a/Lib/test/wrongcert.pem
|
||
|
|
+++ /dev/null
|
||
|
|
@@ -1,32 +0,0 @@
|
||
|
|
------BEGIN RSA PRIVATE KEY-----
|
||
|
|
-MIICXAIBAAKBgQC89ZNxjTgWgq7Z1g0tJ65w+k7lNAj5IgjLb155UkUrz0XsHDnH
|
||
|
|
-FlbsVUg2Xtk6+bo2UEYIzN7cIm5ImpmyW/2z0J1IDVDlvR2xJ659xrE0v5c2cB6T
|
||
|
|
-f9lnNTwpSoeK24Nd7Jwq4j9vk95fLrdqsBq0/KVlsCXeixS/CaqqduXfvwIDAQAB
|
||
|
|
-AoGAQFko4uyCgzfxr4Ezb4Mp5pN3Npqny5+Jey3r8EjSAX9Ogn+CNYgoBcdtFgbq
|
||
|
|
-1yif/0sK7ohGBJU9FUCAwrqNBI9ZHB6rcy7dx+gULOmRBGckln1o5S1+smVdmOsW
|
||
|
|
-7zUVLBVByKuNWqTYFlzfVd6s4iiXtAE2iHn3GCyYdlICwrECQQDhMQVxHd3EFbzg
|
||
|
|
-SFmJBTARlZ2GKA3c1g/h9/XbkEPQ9/RwI3vnjJ2RaSnjlfoLl8TOcf0uOGbOEyFe
|
||
|
|
-19RvCLXjAkEA1s+UE5ziF+YVkW3WolDCQ2kQ5WG9+ccfNebfh6b67B7Ln5iG0Sbg
|
||
|
|
-ky9cjsO3jbMJQtlzAQnH1850oRD5Gi51dQJAIbHCDLDZU9Ok1TI+I2BhVuA6F666
|
||
|
|
-lEZ7TeZaJSYq34OaUYUdrwG9OdqwZ9sy9LUav4ESzu2lhEQchCJrKMn23QJAReqs
|
||
|
|
-ZLHUeTjfXkVk7dHhWPWSlUZ6AhmIlA/AQ7Payg2/8wM/JkZEJEPvGVykms9iPUrv
|
||
|
|
-frADRr+hAGe43IewnQJBAJWKZllPgKuEBPwoEldHNS8nRu61D7HzxEzQ2xnfj+Nk
|
||
|
|
-2fgf1MAzzTRsikfGENhVsVWeqOcijWb6g5gsyCmlRpc=
|
||
|
|
------END RSA PRIVATE KEY-----
|
||
|
|
------BEGIN CERTIFICATE-----
|
||
|
|
-MIICsDCCAhmgAwIBAgIJAOqYOYFJfEEoMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
|
||
|
|
-BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
|
||
|
|
-aWRnaXRzIFB0eSBMdGQwHhcNMDgwNjI2MTgxNTUyWhcNMDkwNjI2MTgxNTUyWjBF
|
||
|
|
-MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50
|
||
|
|
-ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
|
||
|
|
-gQC89ZNxjTgWgq7Z1g0tJ65w+k7lNAj5IgjLb155UkUrz0XsHDnHFlbsVUg2Xtk6
|
||
|
|
-+bo2UEYIzN7cIm5ImpmyW/2z0J1IDVDlvR2xJ659xrE0v5c2cB6Tf9lnNTwpSoeK
|
||
|
|
-24Nd7Jwq4j9vk95fLrdqsBq0/KVlsCXeixS/CaqqduXfvwIDAQABo4GnMIGkMB0G
|
||
|
|
-A1UdDgQWBBTctMtI3EO9OjLI0x9Zo2ifkwIiNjB1BgNVHSMEbjBsgBTctMtI3EO9
|
||
|
|
-OjLI0x9Zo2ifkwIiNqFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUt
|
||
|
|
-U3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAOqYOYFJ
|
||
|
|
-fEEoMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAQwa7jya/DfhaDn7E
|
||
|
|
-usPkpgIX8WCL2B1SqnRTXEZfBPPVq/cUmFGyEVRVATySRuMwi8PXbVcOhXXuocA+
|
||
|
|
-43W+iIsD9pXapCZhhOerCq18TC1dWK98vLUsoK8PMjB6e5H/O8bqojv0EeC+fyCw
|
||
|
|
-eSHj5jpC8iZKjCHBn+mAi4cQ514=
|
||
|
|
------END CERTIFICATE-----
|
||
|
|
diff --git a/Lib/test/test_poplib.py b/Lib/test/test_poplib.py
|
||
|
|
index 20d4eeac12..a0c683bbcf 100644
|
||
|
|
--- a/Lib/test/test_poplib.py
|
||
|
|
+++ b/Lib/test/test_poplib.py
|
||
|
|
@@ -178,7 +178,8 @@ class DummyPOP3Handler(asynchat.async_chat):
|
||
|
|
return self.handle_close()
|
||
|
|
# TODO: SSLError does not expose alert information
|
||
|
|
elif ("SSLV3_ALERT_BAD_CERTIFICATE" in err.args[1] or
|
||
|
|
- "SSLV3_ALERT_CERTIFICATE_UNKNOWN" in err.args[1]):
|
||
|
|
+ "SSLV3_ALERT_CERTIFICATE_UNKNOWN" in err.args[1] or
|
||
|
|
+ "bad record type" in err.args[1]):
|
||
|
|
return self.handle_close()
|
||
|
|
raise
|
||
|
|
except OSError as err:
|