Lines Matching defs:ssl
39 ssl = import_helper.import_module("ssl")
42 from ssl import TLSVersion, _TLSContentType, _TLSMessageType, _TLSAlertType
47 PROTOCOLS = sorted(ssl._PROTOCOL_NAMES)
49 IS_OPENSSL_3_0_0 = ssl.OPENSSL_VERSION_INFO >= (3, 0, 0)
59 proto = getattr(ssl, proto)
60 ver = getattr(ssl.TLSVersion, ver)
155 OP_NO_COMPRESSION = getattr(ssl, "OP_NO_COMPRESSION", 0)
156 OP_SINGLE_DH_USE = getattr(ssl, "OP_SINGLE_DH_USE", 0)
157 OP_SINGLE_ECDH_USE = getattr(ssl, "OP_SINGLE_ECDH_USE", 0)
158 OP_CIPHER_SERVER_PREFERENCE = getattr(ssl, "OP_CIPHER_SERVER_PREFERENCE", 0)
159 OP_ENABLE_MIDDLEBOX_COMPAT = getattr(ssl, "OP_ENABLE_MIDDLEBOX_COMPAT", 0)
178 ctx.minimum_version <= ssl.TLSVersion.TLSv1_1
189 :param protocol: enum ssl._SSLMethod member or name
194 protocol = getattr(ssl, protocol, None)
198 ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLS_SERVER,
199 ssl.PROTOCOL_TLS_CLIENT
211 :param version: TLS version name or ssl.TLSVersion member
219 version = ssl.TLSVersion.__members__[version]
221 # check compile time flags like ssl.HAS_TLSv1_2
222 if not getattr(ssl, f'HAS_{version.name}'):
225 if IS_OPENSSL_3_0_0 and version < ssl.TLSVersion.TLSv1_2:
231 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
234 ctx.minimum_version != ssl.TLSVersion.MINIMUM_SUPPORTED and
240 ctx.maximum_version != ssl.TLSVersion.MAXIMUM_SUPPORTED and
251 :param version: TLS version name or ssl.TLSVersion member
284 cert_reqs=ssl.CERT_NONE, ca_certs=None,
289 context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
291 context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
293 if cert_reqs == ssl.CERT_NONE:
319 client_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
322 server_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
333 ssl.CERT_NONE
334 ssl.CERT_OPTIONAL
335 ssl.CERT_REQUIRED
336 ssl.OP_CIPHER_SERVER_PREFERENCE
337 ssl.OP_SINGLE_DH_USE
338 ssl.OP_SINGLE_ECDH_USE
339 ssl.OP_NO_COMPRESSION
340 self.assertEqual(ssl.HAS_SNI, True)
341 self.assertEqual(ssl.HAS_ECDH, True)
342 self.assertEqual(ssl.HAS_TLSv1_2, True)
343 self.assertEqual(ssl.HAS_TLSv1_3, True)
344 ssl.OP_NO_SSLv2
345 ssl.OP_NO_SSLv3
346 ssl.OP_NO_TLSv1
347 ssl.OP_NO_TLSv1_3
348 ssl.OP_NO_TLSv1_1
349 ssl.OP_NO_TLSv1_2
350 self.assertEqual(ssl.PROTOCOL_TLS, ssl.PROTOCOL_SSLv23)
370 ssl.SSLSocket(s)
375 proto = ssl.PROTOCOL_TLS_CLIENT
378 ctx = ssl.SSLContext(proto)
382 v = ssl.RAND_status()
389 data, is_cryptographic = ssl.RAND_pseudo_bytes(16)
393 data = ssl.RAND_bytes(16)
396 self.assertRaises(ssl.SSLError, ssl.RAND_bytes, 16)
399 self.assertRaises(ValueError, ssl.RAND_bytes, -5)
401 self.assertRaises(ValueError, ssl.RAND_pseudo_bytes, -5)
403 ssl.RAND_add("this is a random string", 75.0)
404 ssl.RAND_add(b"this is a random bytes object", 75.0)
405 ssl.RAND_add(bytearray(b"this is a random bytearray object"), 75.0)
412 ssl._ssl._test_decode_cert(CERTFILE),
416 ssl._ssl._test_decode_cert(SIGNED_CERTFILE),
422 p = ssl._ssl._test_decode_cert(NOKIACERT)
437 p = ssl._ssl._test_decode_cert(TALOS_INVALID_CRLDP)
458 p = ssl._ssl._test_decode_cert(NULLBYTECERT)
470 if ssl._OPENSSL_API_VERSION >= (0, 9, 8):
487 p = ssl._ssl._test_decode_cert(ALLSANFILE)
510 d1 = ssl.PEM_cert_to_DER_cert(pem)
511 p2 = ssl.DER_cert_to_PEM_cert(d1)
512 d2 = ssl.PEM_cert_to_DER_cert(p2)
514 if not p2.startswith(ssl.PEM_HEADER + '\n'):
516 if not p2.endswith('\n' + ssl.PEM_FOOTER + '\n'):
520 n = ssl.OPENSSL_VERSION_NUMBER
521 t = ssl.OPENSSL_VERSION_INFO
522 s = ssl.OPENSSL_VERSION
594 ssl.OP_NO_TLSv1,
595 ssl.OP_NO_TLSv1_1,
596 ssl.OP_NO_TLSv1_2,
597 ssl.OP_NO_TLSv1_3
600 ssl.PROTOCOL_TLSv1,
601 ssl.PROTOCOL_TLSv1_1,
602 ssl.PROTOCOL_TLSv1_2,
603 ssl.PROTOCOL_TLS
606 ssl.TLSVersion.SSLv3,
607 ssl.TLSVersion.TLSv1,
608 ssl.TLSVersion.TLSv1_1,
613 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
617 'ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated',
626 ssl.SSLContext(protocol)
628 f'ssl.{protocol.name} is deprecated',
636 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
641 f'ssl.{version_text} is deprecated',
650 ssl.wrap_socket, sock, keyfile=CERTFILE)
653 ssl.wrap_socket, sock, server_side=True)
656 ssl.wrap_socket, sock, server_side=True, certfile="")
657 with ssl.wrap_socket(sock, server_side=True, certfile=CERTFILE) as s:
662 ssl.wrap_socket(sock, certfile=NONEXISTINGCERT)
666 ssl.wrap_socket(sock,
671 ssl.wrap_socket(sock,
681 with self.assertRaises(ssl.SSLError):
700 ssl.match_hostname(cert, hostname)
702 self.assertRaises(ssl.CertificateError,
703 ssl.match_hostname, cert, hostname)
851 self.assertRaises(ValueError, ssl.match_hostname, None, 'example.com')
852 self.assertRaises(ValueError, ssl.match_hostname, {}, 'example.com')
858 ssl.CertificateError,
860 ssl.match_hostname(cert, 'axxb.example.com')
864 ssl.CertificateError,
866 ssl.match_hostname(cert, 'www.sub.example.com')
870 ssl.CertificateError,
872 ssl.match_hostname(cert, 'axxbxxc.example.com')
876 ssl.CertificateError,
878 ssl.match_hostname(cert, 'host')
882 ssl.CertificateError,
884 ssl.match_hostname(cert, 'com')
889 ssl._inet_paton(invalid)
891 self.assertTrue(ssl._inet_paton(ipaddr))
894 self.assertTrue(ssl._inet_paton(ipaddr))
898 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
913 @unittest.skipUnless("tls-unique" in ssl.CHANNEL_BINDING_TYPES,
934 paths = ssl.get_default_verify_paths()
936 self.assertIsInstance(paths, ssl.DefaultVerifyPaths)
941 paths = ssl.get_default_verify_paths()
947 self.assertTrue(ssl.enum_certificates("CA"))
948 self.assertTrue(ssl.enum_certificates("ROOT"))
950 self.assertRaises(TypeError, ssl.enum_certificates)
951 self.assertRaises(WindowsError, ssl.enum_certificates, "")
955 store = ssl.enum_certificates(storename)
972 self.assertTrue(ssl.enum_crls("CA"))
973 self.assertRaises(TypeError, ssl.enum_crls)
974 self.assertRaises(WindowsError, ssl.enum_crls, "")
976 crls = ssl.enum_crls("CA")
989 val = ssl._ASN1Object('1.3.6.1.5.5.7.3.1')
995 self.assertIsInstance(val, ssl._ASN1Object)
996 self.assertRaises(ValueError, ssl._ASN1Object, 'serverAuth')
998 val = ssl._ASN1Object.fromnid(129)
1000 self.assertIsInstance(val, ssl._ASN1Object)
1001 self.assertRaises(ValueError, ssl._ASN1Object.fromnid, -1)
1003 ssl._ASN1Object.fromnid(100000)
1006 obj = ssl._ASN1Object.fromnid(i)
1015 val = ssl._ASN1Object.fromname('TLS Web Server Authentication')
1017 self.assertIsInstance(val, ssl._ASN1Object)
1018 self.assertEqual(ssl._ASN1Object.fromname('serverAuth'), expected)
1019 self.assertEqual(ssl._ASN1Object.fromname('1.3.6.1.5.5.7.3.1'),
1022 ssl._ASN1Object.fromname('serverauth')
1025 val = ssl._ASN1Object('1.3.6.1.5.5.7.3.1')
1026 self.assertIsInstance(ssl.Purpose.SERVER_AUTH, ssl._ASN1Object)
1027 self.assertEqual(ssl.Purpose.SERVER_AUTH, val)
1028 self.assertEqual(ssl.Purpose.SERVER_AUTH.nid, 129)
1029 self.assertEqual(ssl.Purpose.SERVER_AUTH.shortname, 'serverAuth')
1030 self.assertEqual(ssl.Purpose.SERVER_AUTH.oid,
1033 val = ssl._ASN1Object('1.3.6.1.5.5.7.3.2')
1034 self.assertIsInstance(ssl.Purpose.CLIENT_AUTH, ssl._ASN1Object)
1035 self.assertEqual(ssl.Purpose.CLIENT_AUTH, val)
1036 self.assertEqual(ssl.Purpose.CLIENT_AUTH.nid, 130)
1037 self.assertEqual(ssl.Purpose.CLIENT_AUTH.shortname, 'clientAuth')
1038 self.assertEqual(ssl.Purpose.CLIENT_AUTH.oid,
1045 test_wrap_socket(s, cert_reqs=ssl.CERT_NONE)
1047 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1053 self.assertEqual(ssl.cert_time_to_seconds(timestring), timestamp)
1057 ssl.cert_time_to_seconds(timestring)
1062 # Issue #19940: ssl.cert_time_to_seconds() returns wrong
1072 self.assertEqual(ssl.cert_time_to_seconds(cert_time=timestring), ts)
1122 cert_reqs=ssl.CERT_REQUIRED)
1151 ctx = ssl.SSLContext(protocol)
1154 ctx = ssl.SSLContext()
1155 self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLS)
1156 self.assertRaises(ValueError, ssl.SSLContext, -1)
1157 self.assertRaises(ValueError, ssl.SSLContext, 42)
1160 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1163 with self.assertRaisesRegex(ssl.SSLError, "No cipher can be selected"):
1169 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1180 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1199 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1201 default = (ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3)
1208 ctx.options |= ssl.OP_NO_TLSv1
1209 self.assertEqual(default | ssl.OP_NO_TLSv1, ctx.options)
1211 ctx.options = (ctx.options & ~ssl.OP_NO_TLSv1)
1215 self.assertEqual(0, ctx.options & ~ssl.OP_NO_SSLv3)
1219 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS)
1221 self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
1222 ctx.verify_mode = ssl.CERT_OPTIONAL
1223 self.assertEqual(ctx.verify_mode, ssl.CERT_OPTIONAL)
1224 ctx.verify_mode = ssl.CERT_REQUIRED
1225 self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
1226 ctx.verify_mode = ssl.CERT_NONE
1227 self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
1233 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
1234 self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
1237 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1238 self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
1242 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1244 if ssl.HAS_NEVER_CHECK_COMMON_NAME:
1257 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
1262 ssl.TLSVersion.MINIMUM_SUPPORTED,
1264 ssl.TLSVersion.TLSv1,
1266 ssl.TLSVersion.TLSv1_2
1270 ssl.TLSVersion.MAXIMUM_SUPPORTED,
1272 ssl.TLSVersion.TLSv1_3
1282 ctx.minimum_version = ssl.TLSVersion.TLSv1_1
1283 ctx.maximum_version = ssl.TLSVersion.TLSv1_2
1285 ctx.minimum_version, ssl.TLSVersion.TLSv1_1
1288 ctx.maximum_version, ssl.TLSVersion.TLSv1_2
1291 ctx.minimum_version = ssl.TLSVersion.MINIMUM_SUPPORTED
1292 ctx.maximum_version = ssl.TLSVersion.TLSv1
1294 ctx.minimum_version, ssl.TLSVersion.MINIMUM_SUPPORTED
1297 ctx.maximum_version, ssl.TLSVersion.TLSv1
1300 ctx.maximum_version = ssl.TLSVersion.MAXIMUM_SUPPORTED
1302 ctx.maximum_version, ssl.TLSVersion.MAXIMUM_SUPPORTED
1305 ctx.maximum_version = ssl.TLSVersion.MINIMUM_SUPPORTED
1308 {ssl.TLSVersion.TLSv1, ssl.TLSVersion.TLSv1_1, ssl.TLSVersion.SSLv3}
1311 ctx.minimum_version = ssl.TLSVersion.MAXIMUM_SUPPORTED
1314 {ssl.TLSVersion.TLSv1_2, ssl.TLSVersion.TLSv1_3}
1320 if has_tls_protocol(ssl.PROTOCOL_TLSv1_1):
1321 ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1_1)
1327 ctx.maximum_version, ssl.TLSVersion.MAXIMUM_SUPPORTED
1330 ctx.minimum_version = ssl.TLSVersion.MINIMUM_SUPPORTED
1332 ctx.maximum_version = ssl.TLSVersion.TLSv1
1335 hasattr(ssl.SSLContext, 'security_level'),
1339 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1354 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
1356 tf = getattr(ssl, "VERIFY_X509_TRUSTED_FIRST", 0)
1357 self.assertEqual(ctx.verify_flags, ssl.VERIFY_DEFAULT | tf)
1358 ctx.verify_flags = ssl.VERIFY_CRL_CHECK_LEAF
1359 self.assertEqual(ctx.verify_flags, ssl.VERIFY_CRL_CHECK_LEAF)
1360 ctx.verify_flags = ssl.VERIFY_CRL_CHECK_CHAIN
1361 self.assertEqual(ctx.verify_flags, ssl.VERIFY_CRL_CHECK_CHAIN)
1362 ctx.verify_flags = ssl.VERIFY_DEFAULT
1363 self.assertEqual(ctx.verify_flags, ssl.VERIFY_DEFAULT)
1364 ctx.verify_flags = ssl.VERIFY_ALLOW_PROXY_CERTS
1365 self.assertEqual(ctx.verify_flags, ssl.VERIFY_ALLOW_PROXY_CERTS)
1367 ctx.verify_flags = ssl.VERIFY_CRL_CHECK_LEAF | ssl.VERIFY_X509_STRICT
1369 ssl.VERIFY_CRL_CHECK_LEAF | ssl.VERIFY_X509_STRICT)
1374 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
1382 with self.assertRaisesRegex(ssl.SSLError, "PEM lib"):
1384 with self.assertRaisesRegex(ssl.SSLError, "PEM lib"):
1387 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
1391 with self.assertRaisesRegex(ssl.SSLError, "PEM lib"):
1393 with self.assertRaisesRegex(ssl.SSLError, "PEM lib"):
1395 with self.assertRaisesRegex(ssl.SSLError, "PEM lib"):
1398 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
1399 with self.assertRaisesRegex(ssl.SSLError, "key values mismatch"):
1412 with self.assertRaises(ssl.SSLError):
1445 with self.assertRaises(ssl.SSLError):
1457 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
1467 with self.assertRaisesRegex(ssl.SSLError, "PEM lib"):
1479 cacert_der = ssl.PEM_cert_to_DER_cert(cacert_pem)
1482 neuronio_der = ssl.PEM_cert_to_DER_cert(neuronio_pem)
1485 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1496 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1502 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1509 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1518 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1524 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1528 ssl.SSLError,
1533 ssl.SSLError,
1540 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
1549 with self.assertRaises(ssl.SSLError) as cm:
1553 for proto in {ssl.PROTOCOL_TLS_CLIENT, ssl.PROTOCOL_TLS_SERVER}:
1554 ctx = ssl.SSLContext(proto)
1572 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1575 @unittest.skipUnless(ssl.HAS_ECDH, "ECDH disabled on this OpenSSL build")
1577 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
1586 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
1602 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
1612 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1626 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1650 der = ssl.PEM_cert_to_DER_cert(pem)
1654 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1657 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1658 ctx.load_default_certs(ssl.Purpose.SERVER_AUTH)
1661 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1662 ctx.load_default_certs(ssl.Purpose.CLIENT_AUTH)
1664 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1670 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1680 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1684 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1693 self.assertEqual(ctx.options & ssl.OP_NO_SSLv2, ssl.OP_NO_SSLv2)
1708 ctx = ssl.create_default_context()
1710 self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLS_CLIENT)
1711 self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
1717 ctx = ssl.create_default_context(cafile=SIGNING_CA, capath=CAPATH,
1719 self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLS_CLIENT)
1720 self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
1723 ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
1724 self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLS_SERVER)
1725 self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
1729 ctx = ssl._create_stdlib_context()
1730 self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLS_CLIENT)
1731 self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
1735 if has_tls_protocol(ssl.PROTOCOL_TLSv1):
1737 ctx = ssl._create_stdlib_context(ssl.PROTOCOL_TLSv1)
1738 self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLSv1)
1739 self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
1743 ctx = ssl._create_stdlib_context(
1744 ssl.PROTOCOL_TLSv1_2,
1745 cert_reqs=ssl.CERT_REQUIRED,
1748 self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLSv1_2)
1749 self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
1753 ctx = ssl._create_stdlib_context(purpose=ssl.Purpose.CLIENT_AUTH)
1754 self.assertEqual(ctx.protocol, ssl.PROTOCOL_TLS_SERVER)
1755 self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
1760 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS)
1762 self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
1767 self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
1769 ctx.verify_mode = ssl.CERT_REQUIRED
1771 self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
1775 ctx.verify_mode = ssl.CERT_NONE
1778 self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
1782 self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
1785 ctx.verify_mode = ssl.CERT_OPTIONAL
1788 self.assertEqual(ctx.verify_mode, ssl.CERT_OPTIONAL)
1792 self.assertEqual(ctx.verify_mode, ssl.CERT_OPTIONAL)
1796 ctx.verify_mode = ssl.CERT_NONE
1799 ctx.verify_mode = ssl.CERT_NONE
1800 self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
1804 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1806 self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
1809 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
1811 self.assertEqual(ctx.verify_mode, ssl.CERT_NONE)
1814 class MySSLSocket(ssl.SSLSocket):
1817 class MySSLObject(ssl.SSLObject):
1820 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
1826 obj = ctx.wrap_bio(ssl.MemoryBIO(), ssl.MemoryBIO(), server_side=True)
1830 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
1841 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1851 e = ssl.SSLError(1, "foo")
1855 e = ssl.SSLZeroReturnError(1, "foo")
1862 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1863 with self.assertRaises(ssl.SSLError) as cm:
1873 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
1875 ctx.verify_mode = ssl.CERT_NONE
1880 with self.assertRaises(ssl.SSLWantReadError) as cm:
1885 self.assertEqual(cm.exception.errno, ssl.SSL_ERROR_WANT_READ)
1889 ctx = ssl.create_default_context()
1891 ctx.wrap_bio(ssl.MemoryBIO(), ssl.MemoryBIO(),
1894 ctx.wrap_bio(ssl.MemoryBIO(), ssl.MemoryBIO(),
1897 ctx.wrap_bio(ssl.MemoryBIO(), ssl.MemoryBIO(),
1904 bio = ssl.MemoryBIO()
1918 bio = ssl.MemoryBIO()
1934 bio = ssl.MemoryBIO()
1948 bio = ssl.MemoryBIO()
1957 bio = ssl.MemoryBIO()
1966 bio = ssl.MemoryBIO()
1968 ssl.SSLObject(bio, bio)
1972 c_in = ssl.MemoryBIO()
1973 c_out = ssl.MemoryBIO()
1974 s_in = ssl.MemoryBIO()
1975 s_out = ssl.MemoryBIO()
1983 except ssl.SSLWantReadError:
1989 except ssl.SSLWantReadError:
1999 with self.assertRaises(ssl.SSLWantReadError):
2016 self.server_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
2024 cert_reqs=ssl.CERT_NONE) as s:
2031 cert_reqs=ssl.CERT_REQUIRED,
2042 cert_reqs=ssl.CERT_REQUIRED)
2044 self.assertRaisesRegex(ssl.SSLError, "certificate verify failed",
2050 cert_reqs=ssl.CERT_REQUIRED,
2060 cert_reqs=ssl.CERT_REQUIRED,
2075 except ssl.SSLWantReadError:
2077 except ssl.SSLWantWriteError:
2084 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
2086 ctx.verify_mode = ssl.CERT_NONE
2094 ctx.verify_mode = ssl.CERT_REQUIRED
2106 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
2112 self.assertRaisesRegex(ssl.SSLError, "certificate verify failed",
2121 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
2130 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
2141 der = ssl.PEM_cert_to_DER_cert(pem)
2142 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
2151 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
2183 cert_reqs=ssl.CERT_NONE,
2192 except ssl.SSLWantReadError:
2194 except ssl.SSLWantWriteError:
2211 pem = ssl.get_server_certificate((host, port))
2215 pem = ssl.get_server_certificate((host, port), ca_certs=SIGNING_CA)
2234 ssl.get_server_certificate(self.server_addr, ca_certs=SIGNING_CA,
2239 cert_reqs=ssl.CERT_NONE, ciphers="ALL") as s:
2242 cert_reqs=ssl.CERT_NONE, ciphers="DEFAULT") as s:
2245 with self.assertRaisesRegex(ssl.SSLError, "No cipher can be selected"):
2248 cert_reqs=ssl.CERT_NONE, ciphers="^$:,;?*'dorothyx")
2253 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
2265 ctx1 = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
2267 ctx2 = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
2291 except ssl.SSLError as e:
2292 if e.errno not in (ssl.SSL_ERROR_WANT_READ,
2293 ssl.SSL_ERROR_WANT_WRITE):
2304 elif errno == ssl.SSL_ERROR_WANT_READ:
2319 incoming = ssl.MemoryBIO()
2320 outgoing = ssl.MemoryBIO()
2321 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
2323 self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
2332 if 'tls-unique' in ssl.CHANNEL_BINDING_TYPES:
2339 if 'tls-unique' in ssl.CHANNEL_BINDING_TYPES:
2343 except ssl.SSLSyscallError:
2347 self.assertRaises(ssl.SSLError, sslobj.write, b'foo')
2353 incoming = ssl.MemoryBIO()
2354 outgoing = ssl.MemoryBIO()
2355 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
2357 ctx.verify_mode = ssl.CERT_NONE
2370 incoming = ssl.MemoryBIO()
2371 outgoing = ssl.MemoryBIO()
2378 self.assertRaises(ssl.SSLEOFError, sslobj.read)
2389 cert_reqs=ssl.CERT_REQUIRED,
2408 pem = ssl.get_server_certificate((host, port))
2412 pem = ssl.get_server_certificate((host, port), ca_certs=cert)
2420 pem = ssl.get_server_certificate((host, port), ca_certs=CERTFILE)
2421 except ssl.SSLError as x:
2471 except (ssl.SSLError, OSError) as e:
2496 if self.server.context.verify_mode == ssl.CERT_REQUIRED:
2582 except ssl.SSLError as e:
2638 self.context = ssl.SSLContext(ssl_version
2640 else ssl.PROTOCOL_TLS_SERVER)
2642 else ssl.CERT_NONE)
2730 if isinstance(self.socket, ssl.SSLSocket):
2738 except (ssl.SSLWantReadError, ssl.SSLWantWriteError):
2740 except ssl.SSLEOFError:
2742 except ssl.SSLError:
2889 certsreqs = ssl.CERT_NONE
2891 ssl.CERT_NONE: "CERT_NONE",
2892 ssl.CERT_OPTIONAL: "CERT_OPTIONAL",
2893 ssl.CERT_REQUIRED: "CERT_REQUIRED",
2898 (ssl.get_protocol_name(client_protocol),
2899 ssl.get_protocol_name(server_protocol),
2904 client_context = ssl.SSLContext(client_protocol)
2906 server_context = ssl.SSLContext(server_protocol)
2914 and server_protocol == ssl.PROTOCOL_TLS
2925 if client_context.protocol == ssl.PROTOCOL_TLS:
2939 except ssl.SSLError:
2949 % (ssl.get_protocol_name(client_protocol),
2950 ssl.get_protocol_name(server_protocol)))
2966 with self.subTest(client=ssl.PROTOCOL_TLS_CLIENT, server=ssl.PROTOCOL_TLS_SERVER):
2973 with self.subTest(client=ssl.PROTOCOL_TLS_SERVER, server=ssl.PROTOCOL_TLS_CLIENT):
2974 with self.assertRaises(ssl.SSLError) as e:
2984 with self.subTest(client=ssl.PROTOCOL_TLS_SERVER, server=ssl.PROTOCOL_TLS_SERVER):
2985 with self.assertRaises(ssl.SSLError) as e:
2994 with self.subTest(client=ssl.PROTOCOL_TLS_CLIENT, server=ssl.PROTOCOL_TLS_CLIENT):
2995 with self.assertRaises(ssl.SSLError) as e:
3035 before = ssl.cert_time_to_seconds(cert['notBefore'])
3036 after = ssl.cert_time_to_seconds(cert['notAfter'])
3045 tf = getattr(ssl, "VERIFY_X509_TRUSTED_FIRST", 0)
3046 self.assertEqual(client_context.verify_flags, ssl.VERIFY_DEFAULT | tf)
3058 client_context.verify_flags |= ssl.VERIFY_CRL_CHECK_LEAF
3064 with self.assertRaisesRegex(ssl.SSLError,
3100 ssl.CertificateError,
3113 ssl.HAS_NEVER_CHECK_COMMON_NAME, "test requires hostname_checks_common_name"
3133 with self.assertRaises(ssl.SSLCertVerificationError):
3137 client_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
3142 server_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
3158 client_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
3162 client_context.maximum_version = ssl.TLSVersion.TLSv1_2
3167 server_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
3187 server_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
3190 context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
3191 context.verify_mode = ssl.CERT_REQUIRED
3236 with self.assertRaises(ssl.CertificateError):
3249 server_context.verify_mode = ssl.CERT_REQUIRED
3251 client_context.maximum_version = ssl.TLSVersion.TLSv1_2
3265 except ssl.SSLError as e:
3281 server_context.verify_mode = ssl.CERT_REQUIRED
3282 server_context.minimum_version = ssl.TLSVersion.TLSv1_3
3283 client_context.minimum_version = ssl.TLSVersion.TLSv1_3
3294 ssl.SSLError,
3348 server_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
3351 context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
3359 except ssl.SSLError as e:
3361 self.assertIsInstance(e, ssl.SSLCertVerificationError)
3372 try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True)
3373 try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_OPTIONAL)
3374 try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv2, True, ssl.CERT_REQUIRED)
3375 try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLS, False)
3377 try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_SSLv3, False)
3378 try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLSv1, False)
3380 try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLS, False,
3381 client_options=ssl.OP_NO_SSLv3)
3382 try_protocol_combo(ssl.PROTOCOL_SSLv2, ssl.PROTOCOL_TLS, False,
3383 client_options=ssl.OP_NO_TLSv1)
3391 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_SSLv2, True)
3399 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_SSLv3, False)
3400 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLS, True)
3402 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLSv1, 'TLSv1')
3405 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_SSLv3, False, ssl.CERT_OPTIONAL)
3406 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLS, True, ssl.CERT_OPTIONAL)
3408 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLSv1, 'TLSv1', ssl.CERT_OPTIONAL)
3411 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_SSLv3, False, ssl.CERT_REQUIRED)
3412 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLS, True, ssl.CERT_REQUIRED)
3414 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLSv1, 'TLSv1', ssl.CERT_REQUIRED)
3418 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_SSLv3, False,
3419 server_options=ssl.OP_NO_SSLv3)
3421 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLS, True,
3422 server_options=ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3)
3424 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLSv1, False,
3425 server_options=ssl.OP_NO_TLSv1)
3432 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, 'SSLv3')
3433 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, 'SSLv3', ssl.CERT_OPTIONAL)
3434 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv3, 'SSLv3', ssl.CERT_REQUIRED)
3436 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv2, False)
3437 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_TLS, False,
3438 client_options=ssl.OP_NO_SSLv3)
3439 try_protocol_combo(ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_TLSv1, False)
3446 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, 'TLSv1')
3447 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, 'TLSv1', ssl.CERT_OPTIONAL)
3448 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1, 'TLSv1', ssl.CERT_REQUIRED)
3450 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv2, False)
3452 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_SSLv3, False)
3453 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLS, False,
3454 client_options=ssl.OP_NO_TLSv1)
3462 try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLSv1_1, 'TLSv1.1')
3464 try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_SSLv2, False)
3466 try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_SSLv3, False)
3467 try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLS, False,
3468 client_options=ssl.OP_NO_TLSv1_1)
3470 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLSv1_1, 'TLSv1.1')
3471 try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLSv1_2, False)
3472 try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1_1, False)
3480 try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1_2, 'TLSv1.2',
3481 server_options=ssl.OP_NO_SSLv3|ssl.OP_NO_SSLv2,
3482 client_options=ssl.OP_NO_SSLv3|ssl.OP_NO_SSLv2,)
3484 try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_SSLv2, False)
3486 try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_SSLv3, False)
3487 try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLS, False,
3488 client_options=ssl.OP_NO_TLSv1_2)
3490 try_protocol_combo(ssl.PROTOCOL_TLS, ssl.PROTOCOL_TLSv1_2, 'TLSv1.2')
3491 if has_tls_protocol(ssl.PROTOCOL_TLSv1):
3492 try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1, False)
3493 try_protocol_combo(ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1_2, False)
3494 if has_tls_protocol(ssl.PROTOCOL_TLSv1_1):
3495 try_protocol_combo(ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1_1, False)
3496 try_protocol_combo(ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLSv1_2, False)
3567 context = ssl.create_default_context(cafile=SIGNING_CA)
3616 certreqs=ssl.CERT_NONE,
3617 ssl_version=ssl.PROTOCOL_TLS_SERVER,
3626 cert_reqs=ssl.CERT_NONE)
3767 certreqs=ssl.CERT_NONE,
3768 ssl_version=ssl.PROTOCOL_TLS_SERVER,
3777 cert_reqs=ssl.CERT_NONE)
3787 self.assertRaises((ssl.SSLWantWriteError,
3788 ssl.SSLWantReadError), fill_buffer)
3880 self.assertIsInstance(remote, ssl.SSLSocket)
3884 context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
3892 context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
3902 client_context.maximum_version = ssl.TLSVersion.TLSv1_2
3918 context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
3920 context.verify_mode = ssl.CERT_NONE
3922 ssl_version=ssl.PROTOCOL_TLS_SERVER,
3935 client_context.minimum_version = ssl.TLSVersion.TLSv1_3
3953 client_context.minimum_version = ssl.TLSVersion.TLSv1
3954 client_context.maximum_version = ssl.TLSVersion.TLSv1_2
3956 server_context.minimum_version = ssl.TLSVersion.TLSv1_2
3957 server_context.maximum_version = ssl.TLSVersion.TLSv1_2
3970 client_context.minimum_version = ssl.TLSVersion.TLSv1
3971 client_context.maximum_version = ssl.TLSVersion.TLSv1_2
3972 server_context.minimum_version = ssl.TLSVersion.TLSv1
3973 server_context.maximum_version = ssl.TLSVersion.TLSv1_1
3988 server_context.maximum_version = ssl.TLSVersion.TLSv1_2
3989 server_context.minimum_version = ssl.TLSVersion.TLSv1_2
3990 client_context.maximum_version = ssl.TLSVersion.TLSv1
3991 client_context.minimum_version = ssl.TLSVersion.TLSv1
3997 with self.assertRaises(ssl.SSLError) as e:
4004 server_context.minimum_version = ssl.TLSVersion.SSLv3
4005 client_context.minimum_version = ssl.TLSVersion.SSLv3
4006 client_context.maximum_version = ssl.TLSVersion.SSLv3
4021 client_context.maximum_version = ssl.TLSVersion.TLSv1_2
4032 @unittest.skipUnless("tls-unique" in ssl.CHANNEL_BINDING_TYPES,
4101 @unittest.skipUnless(hasattr(ssl, 'OP_NO_COMPRESSION'),
4102 "ssl.OP_NO_COMPRESSION needed for this test")
4105 client_context.options |= ssl.OP_NO_COMPRESSION
4106 server_context.options |= ssl.OP_NO_COMPRESSION
4117 client_context.maximum_version = ssl.TLSVersion.TLSv1_2
4120 server_context.maximum_version = ssl.TLSVersion.TLSv1_2
4135 server_context.minimum_version = ssl.TLSVersion.TLSv1_2
4144 server_context.minimum_version = ssl.TLSVersion.TLSv1_2
4154 server_context.minimum_version = ssl.TLSVersion.TLSv1_2
4155 with self.assertRaises(ssl.SSLError):
4196 except ssl.SSLError as e:
4212 assert not ssl.HAS_NPN
4215 server_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
4217 other_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
4219 client_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
4272 return ssl.ALERT_DESCRIPTION_ACCESS_DENIED
4274 with self.assertRaises(ssl.SSLError) as cm:
4289 with self.assertRaises(ssl.SSLError) as cm:
4308 with self.assertRaises(ssl.SSLError) as cm:
4366 client_context.maximum_version = ssl.TLSVersion.TLSv1_2
4425 client_context.maximum_version = ssl.TLSVersion.TLSv1_2
4426 client_context2.maximum_version = ssl.TLSVersion.TLSv1_2
4475 ssl.PROTOCOL_TLS_SERVER, ssl.PROTOCOL_TLS_CLIENT
4478 ctx = ssl.SSLContext(protocol)
4484 ctx.verify_mode = ssl.CERT_REQUIRED
4485 self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
4489 self.assertEqual(ctx.verify_mode, ssl.CERT_REQUIRED)
4492 ctx.verify_mode = ssl.CERT_OPTIONAL
4494 self.assertEqual(ctx.verify_mode, ssl.CERT_OPTIONAL)
4500 server_context.verify_mode = ssl.CERT_REQUIRED
4525 server_context.verify_mode = ssl.CERT_REQUIRED
4546 ssl.SSLError,
4565 server_context.verify_mode = ssl.CERT_REQUIRED
4570 server_context.verify_mode = ssl.CERT_OPTIONAL
4589 server_context.verify_mode = ssl.CERT_OPTIONAL
4608 server_context.verify_mode = ssl.CERT_REQUIRED
4616 with self.assertRaisesRegex(ssl.SSLError, 'not server'):
4624 server_context.verify_mode = ssl.CERT_REQUIRED
4644 server_context.verify_mode = ssl.CERT_REQUIRED
4645 client_context.maximum_version = ssl.TLSVersion.TLSv1_2
4662 client_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
4667 client_context.verify_mode = ssl.CERT_NONE
4669 server_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
4673 server_context.verify_mode = ssl.CERT_REQUIRED
4723 ssl.PEM_cert_to_DER_cert(pem), der
4729 server_context.verify_mode = ssl.CERT_REQUIRED
4730 server_context.maximum_version = ssl.TLSVersion.TLSv1_2
4747 HAS_KEYLOG = hasattr(ssl.SSLContext, 'keylog_filename')
4761 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
4827 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
4830 ctx = ssl.create_default_context()
4833 ctx = ssl._create_stdlib_context()
4850 client_context.maximum_version = ssl.TLSVersion.TLSv1_2
4855 self.assertIsInstance(conn, ssl.SSLSocket)
4934 self.ssl_ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
4935 self.ssl_ctx.verify_mode = ssl.CERT_REQUIRED
4952 except OSError as err: # ssl.SSLError inherits from OSError
5011 self.assertIsInstance(wrap_error, ssl.SSLError)
5042 ssl_ctx = ssl.create_default_context()
5058 self.assertIsInstance(wrap_error, ssl.SSLError)
5097 context=ssl.create_default_context(),
5212 enum.IntEnum, '_SSLMethod', 'ssl',
5214 source=ssl._ssl,
5216 # This member is assigned dynamically in `ssl.py`:
5218 enum._test_simple_enum(Checked_SSLMethod, ssl._SSLMethod)
5222 enum.IntFlag, 'Options', 'ssl',
5224 source=ssl._ssl,
5226 enum._test_simple_enum(CheckedOptions, ssl.Options)
5230 enum.IntEnum, 'AlertDescription', 'ssl',
5232 source=ssl._ssl,
5234 enum._test_simple_enum(CheckedAlertDescription, ssl.AlertDescription)
5238 enum.IntEnum, 'SSLErrorNumber', 'ssl',
5240 source=ssl._ssl,
5242 enum._test_simple_enum(Checked_SSLErrorNumber, ssl.SSLErrorNumber)
5246 enum.IntFlag, 'VerifyFlags', 'ssl',
5248 source=ssl._ssl,
5250 enum._test_simple_enum(CheckedVerifyFlags, ssl.VerifyFlags)
5254 enum.IntEnum, 'VerifyMode', 'ssl',
5256 source=ssl._ssl,
5258 enum._test_simple_enum(CheckedVerifyMode, ssl.VerifyMode)
5275 (ssl.OPENSSL_VERSION, ssl.OPENSSL_VERSION_INFO))
5277 print(" HAS_SNI = %r" % ssl.HAS_SNI)
5278 print(" OP_ALL = 0x%8x" % ssl.OP_ALL)
5280 print(" OP_NO_TLSv1_1 = 0x%8x" % ssl.OP_NO_TLSv1_1)