Lines Matching refs:cert
135 # cert with all kinds of subject alt names
686 """Wrapping with an empty cert file"""
699 def ok(cert, hostname):
700 ssl.match_hostname(cert, hostname)
701 def fail(cert, hostname):
703 ssl.match_hostname, cert, hostname)
707 cert = {'subject': ((('commonName', 'example.com'),),)}
708 ok(cert, 'example.com')
709 ok(cert, 'ExAmple.cOm')
710 fail(cert, 'www.example.com')
711 fail(cert, '.example.com')
712 fail(cert, 'example.org')
713 fail(cert, 'exampleXcom')
715 cert = {'subject': ((('commonName', '*.a.com'),),)}
716 ok(cert, 'foo.a.com')
717 fail(cert, 'bar.foo.a.com')
718 fail(cert, 'a.com')
719 fail(cert, 'Xa.com')
720 fail(cert, '.a.com')
724 cert = {'subject': ((('commonName', 'f*.com'),),)}
725 fail(cert, 'foo.com')
726 fail(cert, 'f.com')
727 fail(cert, 'bar.com')
728 fail(cert, 'foo.a.com')
729 fail(cert, 'bar.foo.com')
732 cert = {'subject': ((('commonName',
734 ok(cert, 'null.python.org\x00example.org') # or raise an error?
735 fail(cert, 'example.org')
736 fail(cert, 'null.python.org')
739 cert = {'subject': ((('commonName', '*.*.a.com'),),)}
740 fail(cert, 'bar.foo.a.com')
741 fail(cert, 'a.com')
742 fail(cert, 'Xa.com')
743 fail(cert, '.a.com')
745 cert = {'subject': ((('commonName', 'a.*.com'),),)}
746 fail(cert, 'a.foo.com')
747 fail(cert, 'a..com')
748 fail(cert, 'a.com')
752 cert = {'subject': ((('commonName', idna),),)}
753 ok(cert, idna)
754 cert = {'subject': ((('commonName', 'x*.python.org'),),)}
755 fail(cert, idna)
756 cert = {'subject': ((('commonName', 'xn--p*.python.org'),),)}
757 fail(cert, idna)
762 cert = {'subject': ((('commonName', idna),),)}
763 fail(cert, 'www.pythön.org'.encode("idna").decode("ascii"))
764 fail(cert, 'www1.pythön.org'.encode("idna").decode("ascii"))
765 fail(cert, 'ftp.pythön.org'.encode("idna").decode("ascii"))
766 fail(cert, 'pythön.org'.encode("idna").decode("ascii"))
769 cert = {'notAfter': 'Jun 26 21:41:46 2011 GMT',
774 ok(cert, 'linuxfr.org')
775 ok(cert, 'linuxfr.com')
777 fail(cert, '<unsupported>')
779 fail(cert, 'linuxfrz.org')
782 cert = {'notAfter': 'Dec 18 23:59:59 2011 GMT',
788 ok(cert, 'mail.google.com')
789 fail(cert, 'gmail.com')
791 fail(cert, 'California')
794 cert = {'subject': ((('commonName', 'example.com'),),),
799 ok(cert, '10.11.12.13')
800 ok(cert, '14.15.16.17')
802 fail(cert, '127.1')
803 fail(cert, '14.15.16.17 ')
804 fail(cert, '14.15.16.17 extra data')
805 fail(cert, '14.15.16.18')
806 fail(cert, 'example.net')
810 cert = {'subject': ((('commonName', 'example.com'),),),
815 ok(cert, '2001::cafe')
816 ok(cert, '2003::baba')
817 fail(cert, '2003::baba ')
818 fail(cert, '2003::baba extra data')
819 fail(cert, '2003::bebe')
820 fail(cert, 'example.net')
825 cert = {'notAfter': 'Dec 18 23:59:59 2011 GMT',
830 fail(cert, 'mail.google.com')
833 cert = {'notAfter': 'Dec 18 23:59:59 2099 GMT',
839 ok(cert, 'mail.google.com')
842 cert = {'notAfter': 'Dec 18 23:59:59 2099 GMT',
848 fail(cert, 'google.com')
850 # Empty cert / no cert
856 cert = {'subject': ((('commonName', 'a*b.example.com'),),)}
860 ssl.match_hostname(cert, 'axxb.example.com')
862 cert = {'subject': ((('commonName', 'www.*.example.com'),),)}
866 ssl.match_hostname(cert, 'www.sub.example.com')
868 cert = {'subject': ((('commonName', 'a*b*.example.com'),),)}
872 ssl.match_hostname(cert, 'axxbxxc.example.com')
874 cert = {'subject': ((('commonName', '*'),),)}
878 ssl.match_hostname(cert, 'host')
880 cert = {'subject': ((('commonName', '*.com'),),)}
884 ssl.match_hostname(cert, 'com')
960 cert, enc, trust = element
961 self.assertIsInstance(cert, bytes)
1375 # Combined key and cert in a single file
1386 # Separate key and cert
1397 # Mismatching key and cert
1401 # Password protected key and cert
1491 # cert already in hash table
1513 # cert already in hash table
1631 # but CAFILE_CACERT is a CA cert
2029 # this should succeed because we specify the root cert
2095 # This should succeed because we specify the root cert
2099 cert = s.getpeercert()
2100 self.assertTrue(cert)
2126 cert = s.getpeercert()
2127 self.assertTrue(cert)
2135 cert = s.getpeercert()
2136 self.assertTrue(cert)
2147 cert = s.getpeercert()
2148 self.assertTrue(cert)
2156 cert = s.getpeercert()
2157 self.assertTrue(cert)
2200 _test_get_server_certificate(self, *self.server_addr, cert=SIGNING_CA)
2259 cert = s.getpeercert()
2260 self.assertTrue(cert)
2407 def _test_get_server_certificate(test, host, port, cert=None):
2412 pem = ssl.get_server_certificate((host, port), ca_certs=cert)
2497 cert = self.sslconn.getpeercert()
2499 sys.stdout.write(" client cert is " + pprint.pformat(cert) + "\n")
2503 sys.stdout.write(" client did not provide a cert\n")
2505 sys.stdout.write(f" cert binary is {len(cert_binary)}b\n")
2592 cert = self.sslconn.getpeercert()
2593 self.write(repr(cert).encode("us-ascii") + b"\n")
3019 cert = s.getpeercert()
3020 self.assertTrue(cert, "Can't get peer certificate.")
3023 sys.stdout.write(pprint.pformat(cert) + '\n')
3025 if 'subject' not in cert:
3027 pprint.pformat(cert))
3029 not in cert['subject']):
3033 self.assertIn('notBefore', cert)
3034 self.assertIn('notAfter', cert)
3035 before = ssl.cert_time_to_seconds(cert['notBefore'])
3036 after = ssl.cert_time_to_seconds(cert['notAfter'])
3054 cert = s.getpeercert()
3055 self.assertTrue(cert, "Can't get peer certificate.")
3076 cert = s.getpeercert()
3077 self.assertTrue(cert, "Can't get peer certificate.")
3091 cert = s.getpeercert()
3092 self.assertTrue(cert, "Can't get peer certificate.")
3120 # default cert has a SAN
3143 # load ECC cert
3152 cert = s.getpeercert()
3153 self.assertTrue(cert, "Can't get peer certificate.")
3168 # load ECC and RSA key/cert pairs
3178 cert = s.getpeercert()
3179 self.assertTrue(cert, "Can't get peer certificate.")
3227 cert = s.getpeercert()
3229 self.assertTrue(cert, "Can't get peer certificate.")
3246 # load client cert that is not signed by trusted CA
3274 self.fail("Use of invalid cert should have failed!")
3279 # load client cert that is not signed by trusted CA
3297 # TLS 1.3 perform client cert exchange after handshake
4224 cert = stats['peercert']
4225 self.assertIn((('commonName', name),), cert['subject'])
4515 # PHA method just returns true when cert is already available
4601 # optional doesn't fail when client does not have a cert
4622 # server doesn't have PHA enabled, cert is requested in handshake
4635 # PHA doesn't fail if there is already a cert
4659 # verify that post_handshake_auth does not implicitly enable cert
4665 # no cert validation and CA on client side
4686 # server cert has not been validated