a 5êdgí/ã @sbddlZddlZddlZddlmZddlmZddlZddlZddl Z ddl Z ddl Z ddl Z ddl Z ddlZddlZddlZddlZddlZddlZddlZddlZddlZz ddlZWneyÒdZYn0e d¡ZddlmZmZmZeedƒZ e o ejdkZ!e"ej#ƒZ$ej%Z%ej& 'd¡Z(e( o8ej)d kZ*e( oJej)d kZ+e( o\ej)d kZ,e -d ¡Z.iZ/d D]H\Z0Z1ze2ee0ƒZ0e2eje1ƒZ1Wne3y¬YqpYn0e1e/e0<qpdd„Z4e4dƒZ5e  6e5¡Z7e4dƒZ8e4dƒZ9e  6e8¡Z:e  6e9¡Z;e4dƒZe4dƒZ?e  6e?¡Z@e4ddƒZAe4ddƒZBddddddddœZCe4d ƒZDe4d!ƒZEd"ZFd#d$d%d&d'd(d)dddd*œ ZGe4d+ƒZHd,ZIe4d-ƒZJd.ZKe4dd/ƒZLe4d0ƒZMe4d1ƒZNe4d2ƒZOd"ZPd3ZQe4d4ƒZRe4d5ƒZSe4d6ƒZTe4d7ƒZUe4d8ƒZVe4d9ƒZWe4d:ƒZXe4d;ƒZYe  6eY¡ZZe2eddƒZ]e2ed?dƒZ^e2ed@dƒZ_e2edAdƒZ`dBdC„ZaeaƒrbdDdE„ZbndFdE„ZbdGdH„ZcejddIdJ„ƒZedKdL„Zfe geejhdMƒdN¡ZidOdP„ZjdQdR„ZkdSdT„ZldUdV„ZmdWdX„ZnenƒZodYdZ„Zpd[d\„Zqe gejrd]¡Zsejtfejuddddd^œd_d`„ZveEfdadb„ZwGdcdd„ddejxƒZyGdedf„dfejxƒZzGdgdh„dhejxƒZ{Gdidj„djejxƒZ|Gdkdl„dlejxƒZ}Gdmdn„dnejxƒZ~Gdodp„dpejxƒZdŽdqdr„Z€dsdt„Zddul‚mƒZƒGdvdw„dwej„ƒZ…Gdxdy„dyej„ƒZ†dd}d~„Z‡ddd€„ZˆGdd‚„d‚ejxƒZ‰e geedƒƒd„¡Gd…d†„d†ejxƒƒZŠeejhd‡ƒZ‹e ge‹dˆ¡ZŒGd‰dŠ„dŠejxƒZd‘d‹dŒ„ZŽedkr^eŽƒdS)’éN)Úsupport)Ú socket_helperÚssl)Ú TLSVersionÚ_TLSContentTypeÚ_TLSMessageTypeÚgettotalrefcountÚwin32ZLibreSSL)ér r)r r r )érrÚPY_SSL_DEFAULT_CIPHERS))ÚPROTOCOL_SSLv23ÚSSLv3)ÚPROTOCOL_TLSv1ÚTLSv1)ÚPROTOCOL_TLSv1_1ÚTLSv1_1cGstjjtj t¡g|¢RŽS©N)ÚosÚpathÚjoinÚdirnameÚ__file__©Úname©rú)/usr/local/lib/python3.9/test/test_ssl.pyÚ data_file9srz keycert.pemz ssl_cert.pemz ssl_key.pemzkeycert.passwd.pemzssl_key.passwd.pemZsomepassÚcapathz 4e1295a3.0z 5ed36f99.0)©)Ú countryNameZXY©)Ú localityNamezCastle Anthrax©)ÚorganizationNamezPython Software Foundation))Ú commonNameÚ localhostzAug 26 14:23:15 2028 GMTzAug 29 14:23:15 2018 GMTZ98A7CF88C74A32ED))ÚDNSr&r ©ÚissuerÚnotAfterÚ notBeforeÚ serialNumberÚsubjectÚsubjectAltNameÚversionzrevocation.crlz keycert3.pemr&)z)http://testca.pythontest.net/testca/ocsp/)z0http://testca.pythontest.net/testca/pycacert.cer)z2http://testca.pythontest.net/testca/revocation.crl)r))r$úPython Software Foundation CA))r%z our-ca-serverzOct 28 14:23:16 2037 GMTzAug 29 14:23:16 2018 GMTZCB2D80995A69525C) ÚOCSPÚ caIssuersÚcrlDistributionPointsr)r*r+r,r-r.r/z keycert4.pemÚ fakehostnamezkeycertecc.pemz localhost-eccz ceff1710.0z allsans.pemz idnsans.pemz nosan.pemzself-signed.pythontest.netú nullcert.pemú badcert.pemzXXXnonexisting.pemú badkey.pemz nokia.pemznullbytecert.pemztalos-2019-0758.pemz ffdh3072.pemÚOP_NO_COMPRESSIONÚOP_SINGLE_DH_USEÚOP_SINGLE_ECDH_USEÚOP_CIPHER_SERVER_PREFERENCEÚOP_ENABLE_MIDDLEBOX_COMPATÚOP_IGNORE_UNEXPECTED_EOFcCsXz>tddd}d| ¡vWdƒWS1s20YWntyRYdS0dS)Nz/etc/os-releasezutf-8)ÚencodingZubuntuF)ÚopenÚreadÚFileNotFoundError)ÚfrrrÚ is_ubuntuœs 0 rCcGs0|D]&}t|dƒr|jtjjkr| d¡qdS)z@"Lower security level to '1' and allow all ciphers for TLS 1.0/1Úminimum_versionz@SECLEVEL=1:ALLN)ÚhasattrrDrrrÚ set_ciphers)ÚctxsÚctxrrrÚseclevel_workaround¦s ÿ þrIcGsdSrr)rGrrrrI¯scCsbt|tƒr0| d¡sJ‚tt|dƒ}|dur0dS|tjtjtjhvrHdS|j}t |t dƒd…ƒS)z€Check if a TLS protocol is available and enabled :param protocol: enum ssl._SSLMethod member or name :return: bool Z PROTOCOL_NFT) Ú isinstanceÚstrÚ startswithÚgetattrrÚ PROTOCOL_TLSÚPROTOCOL_TLS_SERVERÚPROTOCOL_TLS_CLIENTrÚhas_tls_versionÚlen)ÚprotocolrrrrÚhas_tls_protocol³s  þrTcCs¤|dkr dSt|tƒr"tjj|}ttd|j›ƒs8dStrL|tjjkrLdSt  ¡}t |dƒrz|j tjj krz||j krzdSt |dƒr |j tjjkr ||j kr dSdS)z{Check if a TLS/SSL version is enabled :param version: TLS version name or ssl.TLSVersion member :return: bool ÚSSLv2FZHAS_rDÚmaximum_versionT)rJrKrrÚ __members__rMrÚIS_OPENSSL_3_0_0ÚTLSv1_2Ú SSLContextrErDÚMINIMUM_SUPPORTEDrVÚMAXIMUM_SUPPORTED)r/rHrrrrQÈs0  ÿ þýÿ þýrQcs‡fdd„}|S)z•Decorator to skip tests when a required TLS version is not available :param version: TLS version name or ssl.TLSVersion member :return: cst ˆ¡‡‡fdd„ƒ}|S)Ncs,tˆƒst ˆ›d¡‚nˆ|i|¤ŽSdS)Nz is not available.)rQÚunittestZSkipTest)ÚargsÚkw)Úfuncr/rrÚwrapperøsz8requires_tls_version..decorator..wrapper)Ú functoolsÚwraps)r`ra©r/)r`rÚ decorator÷sz'requires_tls_version..decoratorr)r/rerrdrÚrequires_tls_versionñs rfrDzrequired OpenSSL >= 1.1.0gcCs.d tjt ¡Ž¡}tjr*tj ||¡dS)Nú ) rÚ tracebackÚformat_exceptionÚsysÚexc_inforÚverboseÚstdoutÚwrite)ÚprefixZ exc_formatrrrÚ handle_errorsrpcCs tjdkS)N)ré éé é)rÚ_OPENSSL_API_VERSIONrrrrÚcan_clear_options srvcCs tjdkS)N)rrqérrrt©rÚOPENSSL_VERSION_INFOrrrrÚno_sslv2_implies_sslv3_hellosrzcCs tjdkS)N)rrqrrrrtrxrrrrÚhave_verify_flagssr{cCsBtjs dSt tj¡}z| d¡Wnty8YdS0dSdS)NFÚ secp384r1T)rÚHAS_ECDHrZrOÚset_ecdh_curveÚ ValueError)rHrrrÚ_have_secp_curvess  r€cCs$tjrt ¡jdkrtj Stj S©Nr)ÚtimeÚdaylightÚ localtimeÚtm_isdstÚaltzoneÚtimezonerrrrÚ utc_offset(srˆcCs^tjdkrZd}tj ||¡}|jdd}| |¡}|ddkrZ|dd…d|dd…}|S) N)rrqrrrqrtz%b %d %H:%M:%S %Y GMTr)ÚsecondéÚ0rgé)rruÚdatetimeÚstrptimeÚreplaceÚstrftime)Ú cert_timeÚfmtZdtrrrÚasn1time.s    r“z SNI support needed for this test)Ú cert_reqsÚca_certsÚciphersÚcertfileÚkeyfilec Kszt |¡}|dur(|tjkr"d|_||_|dur:| |¡|dusJ|durV| ||¡|durh| |¡|j|fi|¤ŽS©NF) rrZÚ CERT_NONEÚcheck_hostnameÚ verify_modeÚload_verify_locationsÚload_cert_chainrFÚ wrap_socket) ÚsockÚ ssl_versionr”r•r–r—r˜ÚkwargsÚcontextrrrÚtest_wrap_socket?s     r¤cCsr|tkrt}n$|tkrt}n|tkr*t}nt|ƒ‚t tj ¡}|  t ¡t tj ¡}|  |¡|  t ¡|||fS)zUCreate context client_context, server_context, hostname = testing_context() )ÚSIGNED_CERTFILEÚSIGNED_CERTFILE_HOSTNAMEÚSIGNED_CERTFILE2ÚSIGNED_CERTFILE2_HOSTNAMEÚ NOSANFILEÚNOSAN_HOSTNAMErrrZrPrÚ SIGNING_CArOrž)Z server_certÚhostnameÚclient_contextÚserver_contextrrrÚtesting_contextQs     r¯c@s˜eZdZdd„Zdd„Zdd„Zdd„Ze e j d kd ¡d d „ƒZ d Z dd„Z dd„Zdd„Zdd„Zdd„Zdd„Zejdd„ƒZdd„Zdd„Zd d!„Zd"d#„Zd$d%„Zd&d'„Zd(d)„Zd*d+„Zd,d-„Zd.d/„Ze d0e j!vd1¡d2d3„ƒZ"d4d5„Z#d6d7„Z$e e%j&d8kd9¡d:d;„ƒZ'e e%j&d8kd9¡dd?„Z)d@dA„Z*dBdC„Z+dDdE„Z,dFdG„Z-e e.ƒdH¡dIdJ„ƒZ/dKdL„Z0e 1dMdN¡dOdP„ƒZ2dQdR„Z3d S)SÚBasicSocketTestscCs tjtjtjtjtjtjr*tjtjdkr:tj |  tj ddh¡|  tjddh¡tj tj tjtjtjdkrŒtjtj| tjtj¡dS)N)r rTF©r rr )rršÚ CERT_OPTIONALÚ CERT_REQUIREDr;r9r}r:ryr8ÚassertInÚHAS_SNIÚ OP_NO_SSLv2Ú OP_NO_SSLv3Ú OP_NO_TLSv1Ú OP_NO_TLSv1_3Ú OP_NO_TLSv1_1Ú OP_NO_TLSv1_2Ú assertEqualrNr ©ÚselfrrrÚtest_constantsks&  zBasicSocketTests.test_constantsc Csb| td¡Bt ¡}t |¡Wdƒn1s60YWdƒn1sT0YdS©Nzpublic constructor)ÚassertRaisesRegexÚ TypeErrorÚsocketrÚ SSLSocket©r¾ÚsrrrÚtest_private_init€s z"BasicSocketTests.test_private_initcCs2tj}| t|ƒd¡t |¡}| |j|¡dS)Nz_SSLMethod.PROTOCOL_TLS)rrNr¼rKrZÚassertIsrS©r¾ÚprotorHrrrÚtest_str_for_enums…s z#BasicSocketTests.test_str_for_enumscCst ¡}tjr*tj d||r dp"df¡t d¡\}}| t |ƒd¡| ||dk¡|rxt  d¡}| t |ƒd¡n|  tj tj d¡|  t tj d¡|  t tjd¡ttdƒrÖ|  ttjd¡|  ttjdd¡t d d ¡t d d ¡t td ƒd ¡dS) Nz RAND_status is %d (%s) zsufficient randomnesszinsufficient randomnessér éûÿÿÿÚRAND_egdÚfoozthis is a random stringgÀR@sthis is a random bytes objects!this is a random bytearray object)rÚ RAND_statusrrlrjrmrnÚRAND_pseudo_bytesr¼rRZ RAND_bytesÚ assertRaisesÚSSLErrorrrErÂrÎZRAND_addÚ bytearray)r¾ÚvÚdataZis_cryptographicrrrÚ test_randoms, ÿÿ    zBasicSocketTests.test_randomÚposixzrequires posixcCst ¡}|s| d¡t ¡\}}t ¡}|dkržzBt |¡t d¡d}| t |ƒd¡t  ||¡t |¡Wnt yt  d¡Yn 0t  d¡nlt |¡|  tj|¡tj|ddt |d¡}| t |ƒd¡t d¡d}| t |ƒd¡| ||¡dS)Nz*OpenSSL's PRNG has insufficient randomnessrrÌr )Úexitcode)rrÐÚfailrÚpipeÚforkÚcloserÑr¼rRrnÚ BaseExceptionÚ_exitÚ addCleanuprZ wait_processr@ÚassertNotEqual)r¾ÚstatusZrfdZwfdÚpidZ child_randomZ parent_randomrrrÚtest_random_fork¨s.        z!BasicSocketTests.test_random_forkNcCs˜| tj t¡t¡| tj t¡t¡tj t¡}t j rTt j   dt |¡d¡| |dd¡| |dd¡| |dd¡| |dd ¡dS) NÚ r.))r'zprojects.developer.nokia.com)r'zprojects.forum.nokia.comr1)zhttp://ocsp.verisign.comr2)z0http://SVRIntl-G3-aia.verisign.com/SVRIntlG3.cerr3)z0http://SVRIntl-G3-crl.verisign.com/SVRIntlG3.crl)r¼rÚ_sslÚ_test_decode_certÚCERTFILEÚ CERTFILE_INFOr¥ÚSIGNED_CERTFILE_INFOÚ NOKIACERTrrlrjrmrnÚpprintÚpformat©r¾ÚprrrÚtest_parse_certÉs* þ þ  ÿ ÿ ÿz BasicSocketTests.test_parse_certc CsLtj t¡}tjr,tj dt   |¡d¡|  |dddddddd œ¡dS) Nrå)©)r ZUK))r%zcody-cazJun 14 18:00:58 2028 GMTzJun 18 18:00:58 2018 GMTZ02)rñ))r%ú#codenomicon-vm-2.test.lal.cisco.com))r'ròr r() rrærçÚTALOS_INVALID_CRLDPrrlrjrmrnrìrír¼rîrrrÚtest_parse_cert_CVE_2019_5010æs õþz.BasicSocketTests.test_parse_cert_CVE_2019_5010cCsxtj t¡}tjr,tj dt   |¡d¡d}|  |d|¡|  |d|¡tj dkr`d}nd}|  |d|¡dS) Nrå)©)r ZUS))ÚstateOrProvinceNameZOregon))r"Z Beavertonr#))ÚorganizationalUnitNamezPython Core Development©)r%únull.python.orgexample.org))Ú emailAddresszpython-dev@python.orgr-r))rrqrr)©r'zaltnull.python.orgexample.com©Úemailz null@python.orguser@example.org©ÚURIz)http://null.python.orghttp://example.org©ú IP Addressz 192.0.2.1)rz2001:DB8:0:0:0:0:0:1)rûrürþr)rz r.) rrærçÚ NULLBYTECERTrrlrjrmrnrìrír¼ru)r¾rïr-ZsanrrrÚtest_parse_cert_CVE_2013_4238ûs  z.BasicSocketTests.test_parse_cert_CVE_2013_4238cCs tj t¡}| |dd¡dS)Nr.) )r'Zallsans©Ú othernameú r)rýzuser@example.org)r'zwww.example.org)ZDirName)rr!r#))r%zdirname example)rÿzhttps://www.python.org/©rú 127.0.0.1)rz0:0:0:0:0:0:0:1)z Registered IDz 1.2.3.4.5)rrærçÚ ALLSANFILEr¼rîrrrÚtest_parse_all_sanss  ÿz$BasicSocketTests.test_parse_all_sanscCs ttdƒ}| ¡}Wdƒn1s(0Yt |¡}t |¡}t |¡}| ||¡| tjd¡sz|  d|¡|  dtj d¡sœ|  d|¡dS)NÚrråz-DER-to-PEM didn't include correct header: %r z-DER-to-PEM didn't include correct footer: %r ) r?Ú CAFILE_CACERTr@rÚPEM_cert_to_DER_certZDER_cert_to_PEM_certr¼rLZ PEM_HEADERrÚÚendswithZ PEM_FOOTER)r¾rBÚpemÚd1Zp2Úd2rrrÚtest_DER_to_PEM-s &    z BasicSocketTests.test_DER_to_PEMc Cs&tj}tj}tj}| |t¡| |t¡| |t¡| |d¡|  |d¡|\}}}}}| |d¡|  |d¡| |d¡|  |d¡| |d¡|  |d¡| |d¡|  |d¡| |d¡|  |d¡t rü|  |  d  |¡¡||t|ƒf¡n&|  |  d  |||¡¡||t|ƒf¡dS) Nii@r rŠréé?rtz LibreSSL {:d}zOpenSSL {:d}.{:d}.{:d})rZOPENSSL_VERSION_NUMBERryÚOPENSSL_VERSIONÚassertIsInstanceÚintÚtuplerKÚassertGreaterEqualÚ assertLessZassertLessEqualÚ IS_LIBRESSLÚ assertTruerLÚformatÚhex) r¾ÚnÚtrÆÚmajorÚminorZfixÚpatchrârrrÚtest_openssl_version9s4                ÿ ÿz%BasicSocketTests.test_openssl_versioncCs`t tj¡}t|ƒ}t |¡}t dtf¡~Wdƒn1sD0Y| |ƒd¡dS)NÚ) rÃÚAF_INETr¤ÚweakrefÚrefrZcheck_warningsÚResourceWarningr¼)r¾rÆÚssÚwrrrrÚ test_refcycleXs    zBasicSocketTests.test_refcyclec Csðt tj¡}t|ƒÈ}| t|jd¡| t|jtdƒ¡| t|jd¡| t|j tdƒd¡| t|j d¡| t|j dd¡| t |j ¡| t |jdgddd¡| t |jd¡| t |jtdƒg¡Wdƒn1sâ0YdS)Nr óx)z0.0.0.0rrréd)rÃr&r¤rÒÚOSErrorÚrecvÚ recv_intorÔÚrecvfromÚ recvfrom_intoÚsendÚsendtoÚNotImplementedErrorÚdupÚsendmsgÚrecvmsgÚ recvmsg_into©r¾rÆr*rrrÚtest_wrapped_unconnectedcs     ÿ ÿz)BasicSocketTests.test_wrapped_unconnectedc Cs\dD]R}t tj¡}| |¡t|ƒ }| || ¡¡Wdƒq1sL0YqdS)N)Ngç@)rÃr&Ú settimeoutr¤r¼Ú gettimeout)r¾ÚtimeoutrÆr*rrrÚ test_timeoutus    zBasicSocketTests.test_timeoutc Csøt ¡}|jtdtj|td|jtdtj|dd|jtdtj|dddtj|dtd&}| td|jtd f¡Wdƒn1sˆ0Y| t ¡F}t ¡}tj|t d Wdƒn1sÊ0YWdƒn1sè0Y|  |j j t j¡| t ¡J}t ¡ }tj|tt d Wdƒn1s@0YWdƒn1s`0Y|  |j j t j¡| t ¡J}t ¡ }tj|t t d Wdƒn1s¸0YWdƒn1sØ0Y|  |j j t j¡dS) Nzcertfile must be specified©r˜z5certfile must be specified for server-side operationsT©Ú server_sider%©rDr—z!can't connect in server-side modei©r—©r—r˜)rÃrÁrrrŸrèÚconnectÚHOSTrÒr/ÚNONEXISTINGCERTr¼Ú exceptionÚerrnoÚENOENT)r¾r rÆÚcmrrrÚtest_errors_sslwrap~sBþþ þ ÿ"  J  ÿF  ÿFz$BasicSocketTests.test_errors_sslwrapcCsltj tj t¡ptj|¡}t ¡}| |j¡|  t j ¡t ||dWdƒn1s^0YdS)z;Check that trying to use the given client certificate failsrFN) rrrrrÚcurdirrÃràrÝrÒrrÓr¤©r¾r—r rrrÚ bad_cert_test›sÿ ÿzBasicSocketTests.bad_cert_testcCs| d¡dS)z Wrapping with an empty cert filer5N©rRr½rrrÚtest_empty_cert¥sz BasicSocketTests.test_empty_certcCs| d¡dS)z:Wrapping with a badly formatted certificate (syntax error)r6NrSr½rrrÚtest_malformed_cert©sz$BasicSocketTests.test_malformed_certcCs| d¡dS)z2Wrapping with a badly formatted key (syntax error)r7NrSr½rrrÚtest_malformed_key­sz#BasicSocketTests.test_malformed_keyc sFdd„}‡fdd„}ddi}||dƒ||dƒ||d ƒ||d ƒ||d ƒ||d ƒdd i}||dƒ||dƒ||dƒ||dƒ||dƒddi}||dƒ||dƒ||dƒ||dƒ||dƒddi}||dƒ||d ƒ||dƒddi}||dƒ||dƒ||dƒ||dƒddi}||dƒ||dƒ||dƒd d ¡ d!¡}dd"|fffi}|||ƒdd#i}|||ƒdd$i}|||ƒd% d ¡ d!¡}dd"|fffi}||d& d ¡ d!¡ƒ||d' d ¡ d!¡ƒ||d( d ¡ d!¡ƒ||d) d ¡ d!¡ƒd*d+d,d-œ}||d.ƒ||d/ƒ||d0ƒ||d1ƒd2d3d4œ}||d5ƒ||d6ƒ||d7ƒdd8d9œ}||d:ƒ||d;ƒ||d<ƒ||d=ƒ||d>ƒ||d?ƒ||d@ƒtjrddAd9œ}||dBƒ||dCƒ||dDƒ||dEƒ||dFƒ||d@ƒd2dGd4œ}||d5ƒdHdIdJd-œ}||d5ƒdHdGdJd-œ}||dKƒˆ ttjdd¡ˆ ttjid¡ddLi}ˆ tj dM¡t |dN¡Wdƒn1s¦0YddOi}ˆ tj dP¡t |dQ¡Wdƒn1sê0YddRi}ˆ tj dS¡t |dT¡Wdƒn1s.0YddUi}ˆ tj dV¡t |dW¡Wdƒn1sr0YddXi}ˆ tj dY¡t |dZ¡Wdƒn1s¶0Yd[D]<}ˆ t¡t  |¡Wdƒn1sô0YqÄd\D]}ˆ  t  |¡¡qtjrBd]D]}ˆ  t  |¡¡q*dS)^NcSst ||¡dSr)rÚmatch_hostname©Úcertr¬rrrÚok²sz0BasicSocketTests.test_match_hostname..okcsˆ tjtj||¡dSr)rÒrÚCertificateErrorrWrXr½rrrÚ´sÿz2BasicSocketTests.test_match_hostname..failr-)))r%ú example.comr\z ExAmple.cOmzwww.example.comz .example.comz example.orgZ exampleXcom)))r%z*.a.comz foo.a.comz bar.foo.a.comza.comzXa.comz.a.com)))r%zf*.comzfoo.comzf.comzbar.comz bar.foo.com)rørùznull.python.org)))r%z *.*.a.com)))r%za.*.comz a.foo.comza..comupüthon.python.orgÚidnaÚasciir%)))r%z x*.python.org)))r%zxn--p*.python.orguwww*.pythön.orguwww.pythön.orguwww1.pythön.orguftp.pythön.orgu pythön.orgzJun 26 21:41:46 2011 GMT)))r%ú linuxfrz.org))r'ú linuxfr.org)r'ú linuxfr.comr)r*r-r.r`rarr_zDec 18 23:59:59 2011 GMT)rõ©)röÚ California©)r"z Mountain View©)r$z Google Inc©)r%úmail.google.com)r*r-rgz gmail.comrc)©r'r\)rú 10.11.12.13)rú 14.15.16.17r)r-r.rirjz127.1z 14.15.16.17 z14.15.16.17 extra dataz 14.15.16.18z example.net)rh)rz2001:0:0:0:0:0:0:CAFE )rz2003:0:0:0:0:0:0:BABA z 2001::cafez 2003::babaz 2003::baba z2003::baba extra dataz 2003::bebe)rõrbrdrezDec 18 23:59:59 2099 GMT)rõrbrdrf))rZblablaz google.com)))r%za*b.example.comz5partial wildcards in leftmost label are not supportedzaxxb.example.com)))r%zwww.*.example.comz2wildcard can only be present in the leftmost labelzwww.sub.example.com)))r%za*b*.example.comztoo many wildcardszaxxbxxc.example.com)))r%Ú*z7sole wildcard without additional labels are not supportÚhost)))r%z*.comz%hostname 'com' doesn't match '\*.com'Zcom)Ú1r%z1.2.3z 256.0.0.1z 127.0.0.1/24)rz 192.168.0.1)z::1z2001:db8:85a3::8a2e:370:7334) ÚencodeÚdecoderÚ IPV6_ENABLEDrÒrrrWrÁr[Z _inet_patonr)r¾rZrÚrYr]ÚinvalidZipaddrrr½rÚtest_match_hostname±s                              þ    ÿ   ÿ       ÿ      ÿ û û þ,þ,þ,þ,þ, .z$BasicSocketTests.test_match_hostnamecCsNt tj¡}t ¡&}|jt|j|dddWdƒn1s@0YdS)NTz some.hostname©Úserver_hostname)rrZrOrÃrÒrrŸ)r¾rHr rrrÚtest_server_sidews   ÿz!BasicSocketTests.test_server_sidec Cst d¡}t tj¡}| | ¡¡t|ddD}| t¡| d¡Wdƒn1s\0YWdƒn1sz0Y|  ¡dS)N©rrF©Údo_handshake_on_connectz unknown-type) rÃÚ create_serverr&rHÚ getsocknamer¤rÒrÚget_channel_bindingrÝ)r¾rÆÚcr*rrrÚtest_unknown_channel_binding~s   Fz-BasicSocketTests.test_unknown_channel_bindingú tls-uniqueú*'tls-unique' channel binding not availablecCs’t tj¡}t|ƒ }| | d¡¡Wdƒn1s:0Yt tj¡}t|dtd }| | d¡¡Wdƒn1s„0YdS)Nr~TrE)rÃr&r¤Ú assertIsNoner{rèr;rrrÚtest_tls_unique_channel_bindingˆs   . z0BasicSocketTests.test_tls_unique_channel_bindingcCsjtt tj¡ƒ}t|ƒ}| t¡}d}t ¡Wdƒn1sD0Y| |t |j j dƒ¡dSr) r¤rÃr&ÚreprZ assertWarnsr)rÚ gc_collectr´rKÚwarningr^)r¾r*r rNrrrÚtest_dealloc_warn”s  &z"BasicSocketTests.test_dealloc_warncCs†t ¡}| t|ƒd¡| |tj¡t ¡D}t|d<t |d<t ¡}| |j t ¡| |j t¡Wdƒn1sx0YdS)NéÚ SSL_CERT_DIRÚ SSL_CERT_FILE) rZget_default_verify_pathsr¼rRrZDefaultVerifyPathsrÚEnvironmentVarGuardÚCAPATHrèÚcafiler)r¾ÚpathsÚenvrrrÚtest_get_default_verify_pathsœs z.BasicSocketTests.test_get_default_verify_pathsr úWindows specificc Csî| t d¡¡| t d¡¡| ttj¡| ttjd¡tƒ}dD]}t |¡}| |t¡|D]p}| |t ¡|  t |ƒd¡|\}}}| |t ¡|  |ddh¡| |tttf¡t|ttfƒrf| |¡qfqHd}|  ||¡dS) NÚCAÚROOTr%)rr‘r Úx509_asnÚ pkcs_7_asnú1.3.6.1.5.5.7.3.1)rrZenum_certificatesrÒrÂÚ WindowsErrorÚsetrÚlistrr¼rRÚbytesr´Ú frozensetÚboolrJÚupdate) r¾Z trust_oidsZ storenameÚstoreÚelementrYÚencZtrustÚ serverAuthrrrÚtest_enum_certificates¨s&     z'BasicSocketTests.test_enum_certificatescCs’| t d¡¡| ttj¡| ttjd¡t d¡}| |t¡|D]D}| |t¡|  t |ƒd¡| |dt ¡|  |dddh¡qHdS)Nrr%érr r’r“) rrZ enum_crlsrÒrÂr•rr—rr¼rRr˜r´)r¾ZcrlsrrrrÚtest_enum_crlsÁs   zBasicSocketTests.test_enum_crlsc Csàd}t d¡}| ||¡| |jd¡| |jd¡| |jd¡| |jd¡| |tj¡| t tjd¡tj  d¡}| ||¡| |tj¡| t tjj d¡|  t d¡tj  d¡Wdƒn1sÖ0Yt d ƒD]j}ztj  |¡}Wnt yYqè0| |jt ¡| |jt¡| |jt¡| |jttdƒf¡qètj d¡}| ||¡| |tj¡| tj d¡|¡| tj d¡|¡|  t d ¡tj d ¡Wdƒn1sÒ0YdS) N)érŸúTLS Web Server Authenticationr”r”r£rŸr¤éÿÿÿÿzunknown NID 100000i †ièzunknown object 'serverauth'Z serverauth)rÚ _ASN1Objectr¼ÚnidÚ shortnameZlongnameÚoidrrÒrZfromnidrÁÚrangerrKÚtypeZfromname)r¾ÚexpectedÚvalÚiÚobjrrrÚtest_asn1objectÐsB    *   ÿz BasicSocketTests.test_asn1objectcCsÈt d¡}| tjjtj¡| tjj|¡| tjjjd¡| tjjjd¡| tjjjd¡t d¡}| tjj tj¡| tjj |¡| tjj jd¡| tjj jd¡| tjj jd¡dS)Nr”r£rŸz1.3.6.1.5.5.7.3.2é‚Z clientAuth) rr¦rÚPurposeÚ SERVER_AUTHr¼r§r¨r©Ú CLIENT_AUTH)r¾r­rrrÚtest_purpose_enum÷s   ÿ  ÿz"BasicSocketTests.test_purpose_enumcCs¼t tjtj¡}| |j¡| t¡}t|tj dWdƒn1sJ0Y|  t |j ƒd¡t  tj¡}| t¡}| |¡Wdƒn1sœ0Y|  t |j ƒd¡dS)N©r”z!only stream sockets are supported)rÃr&Ú SOCK_DGRAMràrÝrÒr6r¤rršr¼rKrKrZrPrŸ)r¾rÆZcxrHrrrÚtest_unsupported_dtlss  ,  (z&BasicSocketTests.test_unsupported_dtlscCs| t |¡|¡dSr)r¼rÚcert_time_to_seconds)r¾Ú timestringZ timestamprrrÚ cert_time_okszBasicSocketTests.cert_time_okcCs8| t¡t |¡Wdƒn1s*0YdSr)rÒrrr¹)r¾rºrrrÚcert_time_fails zBasicSocketTests.cert_time_failz)local time needs to be different from UTCcCs| dd¡| dd¡dS)NzMay 9 00:00:00 2007 GMTgÀCÑAúJan 5 09:34:43 2018 GMTçÀ¬Ñ“ÖA)r»r½rrrÚ"test_cert_time_to_seconds_timezones z3BasicSocketTests.test_cert_time_to_seconds_timezonecCsàd}d}| ||¡| tj|d|¡| d|¡| d|¡| d¡| d¡| d¡| d ¡| d ¡| d ¡| d ¡d }| d|¡| d|¡| dd¡| dd¡| dd¡| d¡| dd¡dS)Nr½r¾)r‘zJan 05 09:34:43 2018 GMTzJaN 5 09:34:43 2018 GmTzJan 5 09:34 2018 GMTzJan 5 09:34:43 2018zJan 5 09:34:43 2018 UTCzJan 35 09:34:43 2018 GMTzJon 5 09:34:43 2018 GMTzJan 5 24:00:00 2018 GMTzJan 5 09:60:43 2018 GMTgàWÒAzDec 31 23:59:60 2008 GMTzJan 1 00:00:00 2009 GMTzJan 5 09:34:59 2018 GMTiÃFOZzJan 5 09:34:60 2018 GMTiÄFOZzJan 5 09:34:61 2018 GMTiÅFOZzJan 5 09:34:62 2018 GMTzDec 31 23:59:59 9999 GMTg€¿ úMB)r»r¼rr¹r¼)r¾rºÚtsZ newyear_tsrrrÚtest_cert_time_to_seconds"s*                z*BasicSocketTests.test_cert_time_to_secondsÚLC_ALLr%cCs@dd„}|ƒ ¡dkr | d¡| dd¡| |ƒd¡dS)NcSs t dd¡S)Nz%b) r r¡r rŠrŒr†rrr)r‚rrrrrÚlocal_february_nameIszNBasicSocketTests.test_cert_time_to_seconds_locale..local_february_nameZfebz>locale-specific month name needs to be different from C localezFeb 9 00:00:00 2007 GMTg`îrÑAz 9 00:00:00 2007 GMT)ÚlowerÚskipTestr»r¼)r¾rÃrrrÚ test_cert_time_to_seconds_localeEs   z1BasicSocketTests.test_cert_time_to_seconds_localecCsvt tj¡}| |j¡t |¡}tt tj¡tjd}| |j¡|  t |f¡}t j t j t jt jf}| ||¡dS)Nr¶)rÃr&ràrÝrÚ bind_portr¤rr³Ú connect_exrIrLZ ECONNREFUSEDZ EHOSTUNREACHZ ETIMEDOUTÚ EWOULDBLOCKr´)r¾ÚserverÚportrÆÚrcÚerrorsrrrÚtest_connect_ex_errorTs    ÿ  þz&BasicSocketTests.test_connect_ex_error)4Ú__name__Ú __module__Ú __qualname__r¿rÇrËr×r]Ú skipUnlessrrräZmaxDiffrðrôrr rr$rZ cpython_onlyr,r<rArOrRrTrUrVrrrur}rÚCHANNEL_BINDING_TYPESrr…rŽrjÚplatformr r¢r°rµr¸r»r¼rˆr¿rÁZrun_with_localerÆrÎrrrrr°isb     G ÿ    ' ÿ #  r°c@s´eZdZdd„Zdd„Zdd„Ze edkd¡d d „ƒZ e  e j d kd ¡d d„ƒZ dd„Zdd„Zdd„Zee  ed¡dd„ƒƒZe eƒd¡dd„ƒZdd„Zdd„Zdd „Ze  ed!¡d"d#„ƒZd$d%„Zd&d'„Ze e jd(¡d)d*„ƒZed+d,„ƒZ ed-d.„ƒZ!d/d0„Z"d1d2„Z#d3d4„Z$e  e%j&d5kd6¡e  ed7¡d8d9„ƒƒZ'e e%j&d5kd:¡e  e(e%d;ƒd<¡d=d>„ƒƒZ)d?d@„Z*dAdB„Z+dCdD„Z,dEdF„Z-dGdH„Z.dIdJ„Z/e e0dK¡dLdM„ƒZ1dNS)OÚ ContextTestscCsPtD]}t |¡qt ¡}| |jtj¡| ttjd¡| ttjd¡dS)Nr¥é*)Ú PROTOCOLSrrZr¼rSrNrÒr)r¾rSrHrrrÚtest_constructorgs  zContextTests.test_constructorcCs&tD]}t |¡}| |j|¡qdSr)r×rrZr¼rSrÉrrrÚ test_protocolos zContextTests.test_protocolcCs\t tj¡}| d¡| d¡| tjd¡| d¡Wdƒn1sN0YdS)NÚALLÚDEFAULTúNo cipher can be selectedú^$:,;?*'dorothyx)rrZrPrFrÁrÓ©r¾rHrrrÚ test_ciphersts    zContextTests.test_ciphersr z+Test applies only to Python default cipherscCsft tj¡}| ¡}|D]H}|d}| d|¡| d|¡| d|¡| d|¡| d|¡qdS)NrZPSKZSRPZMD5ZRC4Z3DES)rrZrPÚ get_ciphersZ assertNotIn)r¾rHr–ZsuiterrrrÚtest_python_ciphers{s     z ContextTests.test_python_ciphers)r rr¡rrzOpenSSL too oldcCsHt tj¡}| d¡tdd„| ¡Dƒƒ}| d|¡| d|¡dS)NZAESGCMcss|]}|dVqdS)rNr)Ú.0ÚdrrrÚ Œóz0ContextTests.test_get_ciphers..zAES256-GCM-SHA384zAES128-GCM-SHA256)rrZrPrFr–ràr´)r¾rHÚnamesrrrÚtest_get_ciphersˆs    zContextTests.test_get_cipherscCsât tj¡}tjtjBtjB}|ttBtBt Bt Bt BO}|  ||j ¡|j tjO_ |  |tjB|j ¡tƒr®|j tj@|_ |  ||j ¡d|_ |  d|j tj@¡n0| t¡d|_ Wdƒn1sÔ0YdSr)rrZrPÚOP_ALLr¶r·r8r;r9r:r<r=r¼Úoptionsr¸rvrÒr)r¾rHÚdefaultrrrÚ test_optionss* ÿÿþý zContextTests.test_optionscCst tj¡}| |jtj¡tj|_| |jtj¡tj|_| |jtj¡tj|_| |jtj¡| t ¡d|_Wdƒn1sŠ0Y| t ¡d|_Wdƒn1sº0Yt tj ¡}| |jtj¡|  |j ¡t tj¡}| |jtj¡| |j ¡dS©NrÖ)rrZrNr¼rœršr²r³rÒrÂrrOÚ assertFalser›rPrrÞrrrÚtest_verify_mode_protocol¦s$  $ $   z&ContextTests.test_verify_mode_protocolcCsŠt tj¡}| |j¡tjrVd|_| |j¡d|_| |j¡d|_| |j¡n0| t¡d|_Wdƒn1s|0YdS©NTF) rrZrPrÚhostname_checks_common_nameÚHAS_NEVER_CHECK_COMMON_NAMErírÒÚAttributeErrorrÞrrrÚ test_hostname_checks_common_name½s     z-ContextTests.test_hostname_checks_common_namez see bpo-34001cCsðt tj¡}tjjtjjtjjh}tjjtjjh}|  |j |¡|  |j |¡tjj |_ tjj|_ |  |j tjj ¡|  |j tjj¡tjj|_ tjj|_ |  |j tjj¡|  |j tjj¡tjj|_ |  |j tjj¡tjj|_ |  |j tjjtjjh¡tjj|_ |  |j tjjtjjh¡| t¡d|_ Wdƒn1sJ0Yt tj¡}|  |j |¡|  |j tjj¡| t¡tjj|_ Wdƒn1s¬0Y| t¡tjj|_ Wdƒn1sâ0YdSrì)rrZrOrr[rrYr\ÚTLSv1_3r´rDrVrr¼rrÒrr)r¾rHZ minimum_rangeZ maximum_rangerrrÚtest_min_max_versionËsr ú üÿÿ   ÿ ÿ   ÿ ÿ  ÿ þ þ & ÿ ÿ * z!ContextTests.test_min_max_versionú!verify_flags need OpenSSL > 0.9.8cCsÌt tj¡}ttddƒ}| |jtj|B¡tj|_| |jtj¡tj|_| |jtj¡tj|_| |jtj¡tjtj B|_| |jtjtj B¡|  t ¡d|_Wdƒn1s¾0YdS)NÚVERIFY_X509_TRUSTED_FIRSTr) rrZrOrMr¼Ú verify_flagsÚVERIFY_DEFAULTÚVERIFY_CRL_CHECK_LEAFZVERIFY_CRL_CHECK_CHAINZVERIFY_X509_STRICTrÒrÂ)r¾rHÚtfrrrÚtest_verify_flagss   ÿ zContextTests.test_verify_flagsc CsÖt tj¡}|jtdd|jttd|jt|jtd| t¡}| t¡Wdƒn1sd0Y|  |j j t j ¡|  tjd¡| t¡Wdƒn1s®0Y|  tjd¡| t¡Wdƒn1sæ0Yt tj¡}| tt¡|jttd|jttd|  tjd¡| t¡Wdƒn1sT0Y|  tjd¡| t¡Wdƒn1sŽ0Y|  tjd¡|jttdWdƒn1sÌ0Yt tj¡}|  tjd¡| tt¡Wdƒn1s0Y|jttd|jtt ¡d|jttt ¡ƒd| ttt¡| ttt ¡¡| tttt ¡ƒ¡|  td¡|jtddWdƒn1s¼0Y| tj¡|jtddWdƒn1sø0Y|  td ¡"|jtd d dWdƒn1s80Yd d „}dd„}dd„}dd„}dd„}dd„}dd„} Gdd„dƒ} |jt|d|jt|d|jt|d|jt| ƒd|jt| ƒjd| tj¡|jt|dWdƒn1s0Y|  td ¡|jt|dWdƒn1sB0Y|  td¡|jt|dWdƒn1s~0Y|  td¡|jt| dWdƒn1sº0Y|jt| ddS)NrBúPEM librGzkey values mismatch)Úpasswordzshould be a stringTÚbadpasszcannot be longeróaicSstSr©Ú KEY_PASSWORDrrrrÚgetpass_unicode^sz:ContextTests.test_load_cert_chain..getpass_unicodecSst ¡Sr)rrnrrrrÚ getpass_bytes`sz8ContextTests.test_load_cert_chain..getpass_bytescSs tt ¡ƒSr)rÔrrnrrrrÚgetpass_bytearraybsz.getpass_bytearraycSsdS)NrÿrrrrrÚgetpass_badpassdsz:ContextTests.test_load_cert_chain..getpass_badpasscSsddS)NrirrrrrÚ getpass_hugefsz7ContextTests.test_load_cert_chain..getpass_hugecSsdS)NrqrrrrrÚgetpass_bad_typehsz;ContextTests.test_load_cert_chain..getpass_bad_typecSs tdƒ‚dS)Nú getpass error)Ú ExceptionrrrrÚgetpass_exceptionjsz.getpass_exceptionc@seZdZdd„Zdd„ZdS)z:ContextTests.test_load_cert_chain..GetPassCallablecSstSrrr½rrrÚ__call__mszCContextTests.test_load_cert_chain..GetPassCallable.__call__cSstSrrr½rrrÚgetpassoszBContextTests.test_load_cert_chain..GetPassCallable.getpassN)rÏrÐrÑr r rrrrÚGetPassCallablelsrzmust return a stringr )rrZrOržrèrÒrÂr/rJr¼rKrLrMrÁrÓÚBADCERTÚ EMPTYCERTÚONLYCERTÚONLYKEYÚBYTES_ONLYCERTÚ BYTES_ONLYKEYr ÚCERTFILE_PROTECTEDrrnrÔÚONLYKEY_PROTECTEDrr r ) r¾rHrNrrrrrrr rrrrÚtest_load_cert_chain/s€  (((  **. , ÿ ÿ..2ÿ....z!ContextTests.test_load_cert_chaincCs t tj¡}| t¡|jtdd| t¡|jtdd| t|j¡| t|jddd¡| t¡}| t ¡Wdƒn1sˆ0Y|  |j j t j ¡| tjd¡| t¡Wdƒn1sÒ0Y| tt¡|jttd| t|jdd¡dS)N)r‹rrý©rT)rrZrOrrèÚBYTES_CERTFILErÒrÂr/rJr¼rKrLrMrÁrÓrrŠÚ BYTES_CAPATH©r¾rHrNrrrÚtest_load_verify_locations‚s    (( z'ContextTests.test_load_verify_locationscCsžttƒ}| ¡}Wdƒn1s&0Yt |¡}ttƒ}| ¡}Wdƒn1s`0Yt |¡}t tj¡}| |  ¡dd¡|j |d| |  ¡dd¡|j |d| |  ¡dd¡|j |d| |  ¡dd¡t tj¡}d  ||f¡}|j |d| |  ¡dd¡t tj¡}d|d|d |d g}|j d  |¡d| |  ¡dd¡t tj¡}|j |d|j |d| |  ¡dd¡|j |d| |  ¡dd¡t tj¡}d   ||f¡}|j |d| |  ¡dd¡t tj¡}|j t |j td| tjd ¡|j d dWdƒn1sT0Y| tjd¡|j ddWdƒn1s0YdS)NÚx509_car©Úcadatar r¡råÚheadÚotherZagainÚtailråz4no start line: cadata does not contain a certificateÚbrokenz6not enough data: cadata does not contain a certificatesbroken)r?r r@rr ÚCAFILE_NEURONIOrZrPr¼Úcert_store_statsrrrÒrÂÚobjectrÁrÓ)r¾rBZ cacert_pemZ cacert_derZ neuronio_pemZ neuronio_derrHZcombinedrrrÚtest_load_verify_cadata•s\ &  &         ÿ       þ,þz$ContextTests.test_load_verify_cadataú)Avoid mixing debug/release CRT on WindowscCsÈt tj¡}| t¡tjdkr*| t¡| t |j¡| t |jd¡| t ¡}| t ¡Wdƒn1sr0Y|  |j jtj¡| tj¡}| t¡Wdƒn1sº0YdS)NÚnt)rrZrOÚload_dh_paramsÚDHFILErrÚ BYTES_DHFILErÒrÂrArJr¼rKrLrMrÓrèrrrrÚtest_load_dh_paramsÔs     (z ContextTests.test_load_dh_paramscCs@tD]6}t |¡}| | ¡ddddddddddddœ ¡qdS)Nr) ZnumberrHZ connect_goodZconnect_renegotiateÚacceptZ accept_goodZaccept_renegotiateÚhitsÚmissesZtimeoutsZ cache_full)r×rrZr¼Ú session_statsrÉrrrÚtest_session_statsâs  õzContextTests.test_session_statscCst tj¡}| ¡dSr)rrZrPZset_default_verify_pathsrÞrrrÚtest_set_default_verify_pathsós z*ContextTests.test_set_default_verify_pathsz#ECDH disabled on this OpenSSL buildcCsbt tj¡}| d¡| d¡| t|j¡| t|jd¡| t|jd¡| t|jd¡dS)NÚ prime256v1s prime256v1rÏófoo)rrZrOr~rÒrÂrrÞrrrÚtest_set_ecdh_curveùs   z ContextTests.test_set_ecdh_curvecCsjt tj¡}| t|j¡| t|jd¡| t|jd¡| t|j|¡dd„}| d¡| |¡dS)NrŠr%cSsdSrr©r Ú servernamerHrrrÚ dummycallback sz5ContextTests.test_sni_callback..dummycallback)rrZrOrÒrÂÚset_servername_callback)r¾rHr9rrrÚtest_sni_callbacks  zContextTests.test_sni_callbackcCsJt tj¡}|fdd„}| |¡t |¡}~~t ¡| |ƒd¡dS)NcSsdSrr)r r8rHÚcyclerrrr9sz>ContextTests.test_sni_callback_refcycle..dummycallback) rrZrOr:r'r(ÚgcÚcollectrÈ)r¾rHr9r+rrrÚtest_sni_callback_refcycles    z'ContextTests.test_sni_callback_refcyclecCsŽt tj¡}| | ¡ddddœ¡| t¡| | ¡ddddœ¡| t¡| | ¡ddddœ¡| t¡| | ¡ddddœ¡dS)Nr)rÚcrlÚx509r r¡) rrZrPr¼r%ržrèrr rÞrrrÚtest_cert_store_statss    ÿ   ÿ   ÿ   ÿz"ContextTests.test_cert_store_statsc Cs¼t tj¡}| | ¡g¡| t¡| | ¡g¡| t¡| | ¡dtdƒtdƒdddddœg¡t tƒ}|  ¡}Wdƒn1s0Yt  |¡}| | d¡|g¡dS) N)))r$zRoot CA))r÷zhttp://www.cacert.org))r%zCA Cert Signing Authority))rúzsupport@cacert.orgzMar 29 12:29:49 2033 GMTzMar 30 12:29:49 2003 GMTZ00)z!https://www.cacert.org/revoke.crlr )r)r*r+r,r3r-r/T) rrZrPr¼Ú get_ca_certsrrèr r“r?r@r )r¾rHrBrÚderrrrÚtest_get_ca_certs-s&    ôÿ & zContextTests.test_get_ca_certscCs€t tj¡}| ¡t tj¡}| tjj¡| ¡t tj¡}| tjj¡t tj¡}| t|jd¡| t|jd¡dS)Nr³) rrZrPÚload_default_certsr²r³r´rÒrÂrÞrrrÚtest_load_default_certsIs    z$ContextTests.test_load_default_certsr znot-Windows specificz!LibreSSL doesn't support env varscCsht tj¡}t ¡@}t|d<t|d<| ¡| |  ¡ddddœ¡Wdƒn1sZ0YdS)Nr‡rˆrr )r@rAr) rrZrPrr‰rŠrèrFr¼r%)r¾rHrrrrÚtest_load_default_certs_envXs   z(ContextTests.test_load_default_certs_envrrz3Debug build does not share environment between CRTscCsŒt tj¡}| ¡| ¡}t tj¡}t ¡H}t|d<t|d<| ¡|dd7<|  | ¡|¡Wdƒn1s~0YdS)Nr‡rˆrAr ) rrZrPrFr%rr‰rŠrèr¼)r¾rHÚstatsrrrrÚ#test_load_default_certs_env_windowsbs   z0ContextTests.test_load_default_certs_env_windowscCs‚| |jtj@tj¡tdkr0| |jt@t¡tdkrJ| |jt@t¡tdkrd| |jt@t¡tdkr~| |jt@t¡dSr)r¼rérr¶r8r9r:r;rÞrrrÚ_assert_context_optionsqs" ÿ ÿ ÿ ÿz$ContextTests._assert_context_optionscCsät ¡}| |jtj¡| |jtj¡| |j¡|  |¡t t ƒ}|  ¡}Wdƒn1sd0Ytjt t |d}| |jtj¡| |jtj¡|  |¡t tjj¡}| |jtj¡| |jtj¡|  |¡dS)N)r‹rr)rÚcreate_default_contextr¼rSrNrœr³rr›rKr?r«r@rŠr²r´rš)r¾rHrBrrrrÚtest_create_default_context€s"   &ÿ z(ContextTests.test_create_default_contextcCsüt ¡}| |jtj¡| |jtj¡| |j¡|  |¡t tj ¡}| |jtj ¡| |jtj¡|  |¡tjtj tj dd}| |jtj ¡| |jtj ¡|  |j¡|  |¡tjtj jd}| |jtj¡| |jtj¡|  |¡dS)NT)r”r›)Zpurpose)rÚ_create_stdlib_contextr¼rSrNrœršrír›rKrr³rr²r´rÞrrrÚtest__create_stdlib_context•s*    þ  z(ContextTests.test__create_stdlib_contextcCszt tj¡}| |j¡| |jtj¡d|_| |j¡| |jtj ¡d|_tj |_| |j¡| |jtj ¡d|_tj|_d|_| |j¡| |jtj¡d|_| |j¡| |jtj ¡d|_tj |_d|_| |j¡| |jtj ¡d|_| |j¡| |jtj ¡|  t ¡tj|_Wdƒn1sB0Yd|_| |j¡tj|_| |jtj¡dSrï) rrZrNrír›r¼rœršrr³r²rÒrrÞrrrÚtest_check_hostname®s@         ( z ContextTests.test_check_hostnamecCsTt tj¡}| |j¡| |jtj¡t tj¡}|  |j¡| |jtj ¡dSr) rrZrPrr›r¼rœr³rOríršrÞrrrÚtest_context_client_serverÙs     z'ContextTests.test_context_client_servercCsžGdd„dtjƒ}Gdd„dtjƒ}t tj¡}||_||_|jt ¡dd}|  ||¡Wdƒn1sp0Y|  t  ¡t  ¡¡}|  ||¡dS)Nc@s eZdZdS)z;ContextTests.test_context_custom_class..MySSLSocketN©rÏrÐrÑrrrrÚ MySSLSocketåsrSc@s eZdZdS)z;ContextTests.test_context_custom_class..MySSLObjectNrRrrrrÚ MySSLObjectèsrTTrC) rrÄÚ SSLObjectrZrOZsslsocket_classZsslobject_classrŸrÃrÚwrap_bioÚ MemoryBIO)r¾rSrTrHr r¯rrrÚtest_context_custom_classäs *z&ContextTests.test_context_custom_classzTest requires OpenSSL 1.1.1cCsðt tj¡}| |jd¡d|_| |jd¡d|_| |jd¡| t¡d|_Wdƒn1sh0Y| t¡d|_Wdƒn1s˜0Yt tj¡}| |jd¡| t¡d|_Wdƒn1sâ0YdS)Nr¡r rr¥) rrZrOr¼Z num_ticketsrÒrrÂrPrÞrrrÚtest_num_tickestôs  $ $  zContextTests.test_num_tickestN)2rÏrÐrÑrØrÙrßr]rÒr ráÚskipIfrryrçrërîróÚrequires_minimum_versionrrõr{rürrr'ÚPy_DEBUG_WIN32r-r2r3r}r6Ú needs_snir;r?rBrErGrjrÔrHrErJrKrMrOrPrQrXÚIS_OPENSSL_1_1_1rYrrrrrÕesb ÿ    Nÿ S?         +  rÕc@s8eZdZdd„Ze ed¡dd„ƒZdd„Zdd „Z d S) Ú SSLErrorTestscCsXt dd¡}| t|ƒd¡| |jd¡t dd¡}| t|ƒd¡| |jd¡dS)Nr rÏ)rrÓr¼rKrLZSSLZeroReturnError)r¾ÚerrrÚtest_str s   zSSLErrorTests.test_strr(cCs‚t tj¡}| tj¡}| t¡Wdƒn1s80Y| |jj d¡| |jj d¡t |jƒ}|  |  d¡|¡dS)NZPEMZ NO_START_LINEz"[PEM: NO_START_LINE] no start line)rrZrPrÒrÓr*rèr¼rKZlibraryÚreasonrKrrL)r¾rHrNrÆrrrÚtest_lib_reasons ( zSSLErrorTests.test_lib_reasonc Csòt tj¡}d|_tj|_t d¡º}t |  ¡¡}|  d¡|j |dddr}|  tj ¡}| ¡Wdƒn1sz0Yt|jƒ}| | d¡|¡| |jjtj¡Wdƒn1sÆ0YWdƒn1sä0YdS)NFrvrwz%The operation did not complete (read))rrZrPr›ršrœrÃryÚcreate_connectionrzÚ setblockingrŸrÒÚSSLWantReadErrorÚ do_handshakerKrKrrLr¼rLÚSSL_ERROR_WANT_READ)r¾rHrÆr|rNrrrÚ test_subclasss   & zSSLErrorTests.test_subclasscCsÒt ¡}| t¡(|jt ¡t ¡ddWdƒn1s@0Y| t¡(|jt ¡t ¡ddWdƒn1s‚0Y| t¡(|jt ¡t ¡ddWdƒn1sÄ0YdS)Nr%rsz .example.orgzexample.orgevil.com)rrLrÒrrVrWrÂrÞrrrÚtest_bad_server_hostname0s ÿ$ ÿ$ ÿz&SSLErrorTests.test_bad_server_hostnameN) rÏrÐrÑrar]rZr\rcrirjrrrrr_s   r_c@s4eZdZdd„Zdd„Zdd„Zdd„Zd d „Zd S) ÚMemoryBIOTestscCsªt ¡}| d¡| | ¡d¡| | ¡d¡| d¡| d¡| | ¡d¡| | ¡d¡| d¡| | d¡d¡| | d¡d ¡| | d¡d¡dS) Nr5råóbarsfoobaróbazr¡sbar óz)rrWrnr¼r@©r¾ÚbiorrrÚtest_read_write?s    zMemoryBIOTests.test_read_writecCs¶t ¡}| |j¡| | ¡d¡| |j¡| d¡| |j¡| ¡| |j¡| | d¡d¡| |j¡| | d¡d¡| |j¡| | ¡d¡| |j¡dS)Nrår5r¡sfor óo) rrWríÚeofr¼r@rnÚ write_eofrrorrrÚtest_eofMs       zMemoryBIOTests.test_eofcCs t ¡}| |jd¡| d¡| |jd¡tdƒD]$}| d¡| |jd|d¡q6tdƒD] }| d¡| |j|d¡qd| ¡| |jd¡dS)Nrr5r r r-)rrWr¼Úpendingrnrªr@)r¾rpr®rrrÚ test_pending]s     zMemoryBIOTests.test_pendingcCsbt ¡}| d¡| | ¡d¡| tdƒ¡| | ¡d¡| tdƒ¡| | ¡d¡dS)Nr5rlrm)rrWrnr¼r@rÔÚ memoryviewrorrrÚtest_buffer_typesks z MemoryBIOTests.test_buffer_typescCsLt ¡}| t|jd¡| t|jd¡| t|jd¡| t|jd¡dS)NrÏTr )rrWrÒrÂrnrorrrÚtest_error_typests zMemoryBIOTests.test_error_typesN)rÏrÐrÑrqrurwryrzrrrrrk=s  rkc@seZdZdd„Zdd„ZdS)ÚSSLObjectTestscCsDt ¡}| td¡t ||¡Wdƒn1s60YdSrÀ)rrWrÁrÂrUrorrrrÇ}sz SSLObjectTests.test_private_initc Cs<tƒ\}}}t ¡}t ¡}t ¡}t ¡}|j|||d}|j||dd} tdƒD]p} z | ¡WntjyxYn0|jrŽ| |  ¡¡z |  ¡Wntjy®Yn0|jrT| |  ¡¡qT| ¡|  ¡|  tj¡|  ¡Wdƒn1s0Y| |  ¡¡|   ¡| |  ¡¡|  ¡dS)NrsTrCrŒ) r¯rrWrVrªrgrfrvrnr@rÒÚunwrap) r¾Z client_ctxZ server_ctxr¬Zc_inZc_outZs_inZs_outÚclientrÊÚ_rrrÚ test_unwrap‚s8    (zSSLObjectTests.test_unwrapN)rÏrÐrÑrÇrrrrrr{|sr{c@s¾eZdZdZdd„Zdd„Zdd„Zdd „Zd d „Zd d „Z dd„Z dd„Z dd„Z e  ejdkd¡dd„ƒZdd„Zdd„Zdd„Zdd„Zd d!„Zed"d#„ƒZd$d%„Zd&d'„Zd(d)„Zd*S)+ÚSimpleBackgroundTestsz?Tests that connect to a simple server running in the backgroundcCs2ttƒ}t|jf|_| ¡| |jddd¡dSr)ÚThreadedEchoServerr¥rIrËÚ server_addrÚ __enter__ràÚ__exit__)r¾rÊrrrÚsetUp¯s zSimpleBackgroundTests.setUpcCsÀtt tj¡tjd8}| |j¡| i| ¡¡|  |j ¡Wdƒn1sT0Ytt tj¡tj t d6}| |j¡|  | ¡¡|  |j ¡Wdƒn1s²0YdS)Nr¶©r”r•)r¤rÃr&rršrHr‚r¼Ú getpeercertrírDr³r«rrÅrrrÚ test_connectµs ÿ * þ z"SimpleBackgroundTests.test_connectcCs<tt tj¡tjd}| |j¡| tjd|j |j ¡dS)Nr¶úcertificate verify failed) r¤rÃr&rr³ràrÝrÁrÓrHr‚rÅrrrÚtest_connect_failÄs ÿ  ÿz'SimpleBackgroundTests.test_connect_failcCsJtt tj¡tjtd}| |j¡| d|  |j ¡¡|  |  ¡¡dS)Nr†r) r¤rÃr&rr³r«ràrÝr¼rÈr‚rr‡rÅrrrÚtest_connect_exÎs þ z%SimpleBackgroundTests.test_connect_exc CsÔtt tj¡tjtdd}| |j¡| d¡|  |j ¡}|  |dt j t jf¡t g|ggd¡z| ¡WqÂWqdtjyšt |gggd¡Yqdtjy¾t g|ggd¡Yqd0qd| | ¡¡dS)NF)r”r•rxrr=)r¤rÃr&rr³r«ràrÝrerÈr‚r´rLZ EINPROGRESSrÉÚselectrgrfÚSSLWantWriteErrorrr‡©r¾rÆrÌrrrÚtest_non_blocking_connect_ex×s$ ý   z2SimpleBackgroundTests.test_non_blocking_connect_excCst tj¡}| t tj¡¡,}| |j¡| i|  ¡¡Wdƒn1sP0Y|jt tj¡dd}| |j¡Wdƒn1s’0Ytj |_ |  t ¡| t tj¡¡.}| |j¡|  ¡}| |¡Wdƒn1sô0YdS)NÚdummyrs)rrZrNrŸrÃr&rHr‚r¼r‡r³rœrr«r©r¾rHrÆrYrrrÚtest_connect_with_contextñs  .ÿ*  z/SimpleBackgroundTests.test_connect_with_contextcCsLt tj¡}tj|_| t tj¡¡}| |j ¡|  tj d|j |j ¡dS)Nr‰)rrZrNr³rœrŸrÃr&ràrÝrÁrÓrHr‚)r¾rHrÆrrrÚtest_connect_with_context_fails   ÿz4SimpleBackgroundTests.test_connect_with_context_failcCsät tj¡}tj|_|jtd| t tj ¡¡.}|  |j ¡|  ¡}|  |¡Wdƒn1sf0Yt tj¡}tj|_|jtd| t tj ¡¡.}|  |j ¡|  ¡}|  |¡Wdƒn1sÖ0YdS)Nr)rrZrNr³rœrrŠrŸrÃr&rHr‚r‡rrr‘rrrÚtest_connect_capaths   (   z)SimpleBackgroundTests.test_connect_capathcCs ttƒ}| ¡}Wdƒn1s&0Yt |¡}t tj¡}tj|_|j |d|  t   t j ¡¡.}|  |j¡| ¡}| |¡Wdƒn1s 0Yt tj¡}tj|_|j |d|  t   t j ¡¡.}|  |j¡| ¡}| |¡Wdƒn1s0YdS)Nr)r?r«r@rr rZrNr³rœrrŸrÃr&rHr‚r‡r)r¾rBrrDrHrÆrYrrrÚtest_connect_cadata%s" &    (   z)SimpleBackgroundTests.test_connect_cadatar)z*Can't use a socket as a file under WindowscCsœtt tj¡ƒ}| |j¡| ¡}| ¡}| ¡t  |d¡| ¡t   ¡|  t ¡}t  |d¡Wdƒn1s|0Y| |jjtj¡dSr)r¤rÃr&rHr‚ÚfilenoÚmakefilerÝrr@r=r>rÒr/r¼rKrLÚEBADF)r¾r*ÚfdrBr`rrrÚtest_makefile_close:s   *z)SimpleBackgroundTests.test_makefile_closecCs¾t tj¡}| |j¡| d¡t|tjdd}| |j ¡d}z|d7}|  ¡Wq¤WqBtj y~t   |ggg¡YqBtj y t   g|gg¡YqB0qBtjrºtj d|¡dS)NF©r”rxrr z9 Needed %d calls to do_handshake() to establish session. )rÃr&rHr‚rer¤rršràrÝrgrfrŒrrrlrjrmrn)r¾rÆÚcountrrrÚtest_non_blocking_handshakeMs&   þ z1SimpleBackgroundTests.test_non_blocking_handshakecCst|g|j¢RdtiŽdS)NrY)Ú_test_get_server_certificater‚r«r½rrrÚtest_get_server_certificatebsz1SimpleBackgroundTests.test_get_server_certificatecCst|g|j¢RŽdSr)Ú!_test_get_server_certificate_failr‚r½rrrÚ test_get_server_certificate_failesz6SimpleBackgroundTests.test_get_server_certificate_failc Cstt tj¡tjdd}| |j¡Wdƒn1s:0Ytt tj¡tjdd}| |j¡Wdƒn1s~0Y| tjd¡Xt tj¡,}t|tjdd}| |j¡Wdƒn1sÖ0YWdƒn1sô0YdS)NrÚ)r”r–rÛrÜrÝ) r¤rÃr&rršrHr‚rÁrÓ)r¾rÆr rrrrßjs  ÿ* ÿ*ÿz"SimpleBackgroundTests.test_cipherscCs”t tj¡}|jtd| | ¡g¡|jt tj ¡dd.}|  |j ¡|  ¡}|  |¡Wdƒn1sr0Y| t| ¡ƒd¡dS)Nrr&rsr )rrZrPrrŠr¼rCrŸrÃr&rHr‚r‡rrRr‘rrrÚtest_get_ca_certs_capathxs  ÿ (z.SimpleBackgroundTests.test_get_ca_certs_capathcCs¼t tj¡}|jtdt tj¡}|jtdt tj¡}|j|dd^}| |j ¡|  |j |¡|  |j j |¡||_ |  |j |¡|  |j j |¡Wdƒn1s®0YdS)Nrr&rs) rrZrPrrŠrÃr&rŸrHr‚rÈr£Ú_sslobj)r¾Zctx1Zctx2rÆr*rrrÚtest_context_setget„s      z)SimpleBackgroundTests.test_context_setgetc Osú| dtj¡}t ¡|}d} t ¡|kr4| d¡d} | d7} z ||Ž} Wn@tjyŒ} z&| jtj tj fvrr‚| j} WYd} ~ n d} ~ 00|  ¡} |  | ¡| dur¬qÚq| tj kr|  d¡} | rÐ| | ¡q| ¡qtjrötj d| |jf¡| S)Nr@rr i€z"Needed %d calls to complete %s(). )ÚgetrZ SHORT_TIMEOUTr‚Ú monotonicrÚrrÓrLrhZSSL_ERROR_WANT_WRITEr@Úsendallr0rnrtrlrjrmrÏ)r¾r ÚincomingÚoutgoingr`r^r¢r@ÚdeadlinerœrLÚretr`ÚbufrrrÚ ssl_io_loop”s:    ÿ     ÿz!SimpleBackgroundTests.ssl_io_loopcCs‚t tj¡}| |j¡| |j¡t ¡}t ¡}t tj ¡}|  |j ¡|  |j tj¡| t¡| ||dt¡}| |jj|¡| | ¡¡| | ¡¡| | ¡¡| t|j¡dtjvrØ| | d¡¡|  ||||j!¡|  | ¡¡| | ¡¡| | ¡¡|  | ¡¡dtjvr>|  | d¡¡z|  ||||j"¡Wntj#yjYn0| tj$|j%d¡dS)NFr~r5)&rÃr&ràrÝrHr‚rrWrZrPrr›r¼rœr³rr«rVr¦rÈr£Úownerr€Úcipherr/ÚassertIsNotNoneÚshared_ciphersrÒrr‡rÓr{r­rgr|ZSSLSyscallErrorrÓrn)r¾r r¨r©rHÚsslobjrrrÚtest_bio_handshake¹s>       ÿ  z(SimpleBackgroundTests.test_bio_handshakecCs¶t tj¡}| |j¡| |j¡t ¡}t ¡}t tj ¡}tj |_ |  ||d¡}|  ||||j¡d}|  ||||j|¡|  ||||jd¡}| |d¡|  ||||j¡dS)NFóFOO ésfoo )rÃr&ràrÝrHr‚rrWrZrNršrœrVr­rgrnr@r¼r|)r¾r r¨r©rHr²Zreqr¬rrrÚtest_bio_read_write_dataÛs     z.SimpleBackgroundTests.test_bio_read_write_dataN)rÏrÐrÑÚ__doc__r…rˆrŠr‹rr’r“r”r•r]rZrrršrrŸr¡rßr¢r]r¤r­r³r¶rrrrr€¬s,      %"r€c@s*eZdZdd„Ze ejd¡dd„ƒZdS)ÚNetworkedTestscCs¦t t¡ˆtt tj¡tjdd}| |j ¡|  d¡|  tdf¡}|dkr\|  d¡n|t jkrp|  d¡| |t jt jf¡Wdƒn1s˜0YdS)NFr›gH¯¼šò×z>é»rz!REMOTE_HOST responded too quicklyzNetwork unreachable.)rÚtransient_internetÚ REMOTE_HOSTr¤rÃr&rr³ràrÝr>rÈrÅrLZ ENETUNREACHr´ÚEAGAINrÉrŽrrrÚtest_timeout_connect_exîs  þ     z&NetworkedTests.test_timeout_connect_exz Needs IPv6cCsFt d¡(t|ddƒt|ddƒWdƒn1s80YdS)Nzipv6.google.comr¹)rrºržr r½rrrÚ test_get_server_certificate_ipv6þs  z/NetworkedTests.test_get_server_certificate_ipv6N) rÏrÐrÑr½r]rÒrrpr¾rrrrr¸ìs r¸cCslt ||f¡}|s$| d||f¡tj||f|d}|sL| d||f¡tjrhtj d|||f¡dS)NzNo server certificate on %s:%s!©r•z& Verified certificate for %s:%s is %s )rÚget_server_certificaterÚrrlrjrmrn)ÚtestrlrËrYrrrrrž sržc Cslztj||ftd}Wn<tjyR}z"tjr>tj d|¡WYd}~nd}~00|  d|||f¡dS)Nr¿z%s z$Got server certificate %s for %s:%s!) rrÀrèrÓrrlrjrmrnrÚ)rÁrlrËrÚxrrrr  s &r )Úmake_https_serverc @sReZdZGdd„dejƒZddd„Zdd „Zd d „Zdd d „Z dd„Z dd„Z dS)rc@s@eZdZdZdd„Zdd„Zdd„Zdd „Zd d „Zd d „Z dS)z$ThreadedEchoServer.ConnectionHandlerzºA mildly complicated class, because we want it to work both with and without the SSL wrapper around the socket connection, so that we can test the STARTTLS functionality.cCs@||_d|_||_||_|j d¡d|_tj |¡d|_ dS©NFT) rÊÚrunningr ÚaddrreÚsslconnÚ threadingÚThreadÚ__init__Údaemon)r¾rÊZconnsockrÆrrrrÊ% s  z-ThreadedEchoServer.ConnectionHandler.__init__c Cs0zD|jjj|jdd|_|jj |j ¡¡|jj |j  ¡¡Wnút t t fy®}zL|jj  t|ƒ¡|jjrŠtdt|jƒdƒd|_| ¡WYd}~dSd}~0tjtfy>}zr|jj  t|ƒ¡|jjrötdt|jƒdƒ|jtjkr(tjdkr(d|_|j ¡| ¡WYd}~dSd}~00|jj |j ¡¡|jjjtjkrÖ|j  ¡}t!j"rœ|jjrœtj# $dt% &|¡d¡|j  d¡}t!j"rÖ|jjrÖtj# $d tt'|ƒƒd ¡|j (¡}t!j"r(|jjr(tj# $d t|ƒd¡tj# $d t|j ¡ƒd¡dSdS) NTrCz' server: bad connection attempt from z: FÚdarwinz client cert is råz cert binary is z bytes z" server: connection cipher is now z" server: selected protocol is now ))rÊr£rŸr rÇÚselected_npn_protocolsÚappendÚselected_npn_protocolÚselected_alpn_protocolsÚselected_alpn_protocolÚConnectionResetErrorÚBrokenPipeErrorÚConnectionAbortedErrorÚ conn_errorsrKÚchattyrpr‚rÆrÅrÝrrÓr/rLZ EPROTOTYPErjrÔÚstopr±rœr³r‡rrlrmrnrìrírRr¯)r¾r`rYZ cert_binaryr¯rrrÚ wrap_conn/ sNÿ        ÿÿz.ThreadedEchoServer.ConnectionHandler.wrap_conncCs |jr|j ¡S|j d¡SdS)Nrµ)rÇr@r r0r½rrrr@m s z)ThreadedEchoServer.ConnectionHandler.readcCs"|jr|j |¡S|j |¡SdSr)rÇrnr r4)r¾r˜rrrrns s z*ThreadedEchoServer.ConnectionHandler.writecCs |jr|j ¡n |j ¡dSr)rÇrÝr r½rrrrÝy s z*ThreadedEchoServer.ConnectionHandler.closec CsØd|_|jjs| ¡sdS|jrÔzÄ| ¡}| ¡}|svd|_z|j ¡|_Wnt ybYn0d|_|  ¡np|dkr¦t j r˜|jj r˜tj d¡|  ¡WdS|jjrì|dkrìt j rÐ|jj rÐtj d¡| d¡| ¡sèWdSnú|jjrd|jrd|dkrdt j r&|jj r&tj d ¡| d¡|j ¡|_d|_t j ræ|jj rætj d ¡n‚|d kr´t j rŒ|jj rŒtj d ¡|j d ¡}| t|ƒ d¡d¡n2|dkr8t j rÜ|jj rÜtj d¡z|j ¡Wn@tjy*}z$| t|ƒ d¡d¡WYd}~nd}~00| d¡n®|dkrj|j ¡dur^| d¡n | d¡n||dkr˜|j ¡}| t|ƒ d¡d¡nNt j rØ|jj rØ|jr¸dpºd}tj d||| ¡|f¡| | ¡¡Wqttfy4|jjr"t j r"tj d |j¡¡|  ¡d|_Yqtjy”}zFd|jkr€|jjrvt j rvtj |jd¡t d¡‚WYd}~qd}~0t yÐ|jjr´t dƒ|  ¡d|_|j !¡Yq0qdS)NTFsoverz" server: client closed connection óSTARTTLSz2 server: read STARTTLS from client, sending OK... óOK óENDTLSz0 server: read ENDTLS from client, sending OK... z* server: connection is now unencrypted... s CB tls-uniquez@ server: read CB tls-unique from client, sending our CB data... r~úus-asciió óPHAz( server: initiating post handshake auth óHASCERTóTRUE óFALSE óGETCERTZ encryptedZ unencryptedz/ server: read %r (%s), sending back %r (%s)... z Connection reset by peer: {} Z!PEER_DID_NOT_RETURN_A_CERTIFICATEr ú!tlsv13 alert certificate requiredzTest server failure: )"rÅrÊÚstarttls_serverrØr@ÚstriprÇr|r r/rÝrrlÚconnectionchattyrjrmrnr{r‚rnÚverify_client_post_handshakerrÓr‡rÄrÒrÔrÖrrÆrbr^rpr×)r¾ÚmsgÚstrippedrÖr`rYZctypeÚerrrrrÚrun s®   ÿ   ÿ        .      ÿÿÿÿ   z(ThreadedEchoServer.ConnectionHandler.runN) rÏrÐrÑr·rÊrØr@rnrÝrërrrrÚConnectionHandler s >rìNTFc Csð| r | |_n€t |dur|ntj¡|_|dur2|ntj|j_|rL|j |¡|r\|j |¡|rl|j |¡| r||j  | ¡| rŒ|j  | ¡||_ ||_ ||_ t ¡|_t |j¡|_d|_d|_g|_g|_g|_g|_tj |¡d|_dSrÄ)r£rrZrOršrœrržÚset_npn_protocolsÚset_alpn_protocolsrFrÖrærärÃr rrÇrËÚflagÚactiverÍrÐr±rÕrÈrÉrÊrË) r¾Z certificater¡ÚcertreqsÚcacertsrÖræräZ npn_protocolsZalpn_protocolsr–r£rrrrÊç sBÿþ ÿ       zThreadedEchoServer.__init__cCs| t ¡¡|j ¡|Sr©ÚstartrÈÚEventrïÚwaitr½rrrrƒ s zThreadedEchoServer.__enter__cGs| ¡| ¡dSr)r×r©r¾r^rrrr„ szThreadedEchoServer.__exit__cCs||_tj |¡dSr©rïrÈrÉrô©r¾rïrrrrô szThreadedEchoServer.startc Cs |j d¡|j ¡d|_|jr,|j ¡|jrüzT|j ¡\}}tjrf|j rft j   dt |ƒd¡| |||¡}| ¡| ¡Wq,tjyšYq,ty²| ¡Yq,tyø}z0tjrä|j rät j   dt |ƒd¡WYd}~q,d}~00q,|j ¡dS)Ngš™™™™™©?Tz server: new connection from råz connection handling failed: )r r>Úlistenrðrïr–r.rrlrÖrjrmrnr‚rìrôrrÃr@ÚKeyboardInterruptr×rÞrÝ)r¾ZnewconnZconnaddrÚhandlerr`rrrrë s6    ÿÿ    ÿzThreadedEchoServer.runcCs d|_dSr™)rðr½rrrr×4 szThreadedEchoServer.stop) NNNNTFFNNNN)N) rÏrÐrÑrÈrÉrìrÊrƒr„rôrër×rrrrr sIü % rc@sXeZdZGdd„dejƒZdd„Zdd„Zdd„Zd d „Z dd d „Z dd„Z dd„Z d S)ÚAsyncoreEchoServerc@s6eZdZGdd„dejƒZdd„Zdd„Zdd„Zd S) zAsyncoreEchoServer.EchoServerc@s<eZdZdd„Zdd„Zdd„Zdd„Zd d „Zd d „Zd S)z/AsyncoreEchoServer.EchoServer.ConnectionHandlercCs4t|d|dd|_tj ||j¡d|_| ¡dS)NTF)rDr—rx)r¤rÃÚasyncoreÚdispatcher_with_sendrÊÚ_ssl_acceptingÚ_do_ssl_handshake)r¾Úconnr—rrrrÊ? sþz8AsyncoreEchoServer.EchoServer.ConnectionHandler.__init__cCs*t|jtjƒr&|j ¡dkr&| ¡qdS)NrT)rJrÃrrÄrvZhandle_read_eventr½rrrÚreadableG s z8AsyncoreEchoServer.EchoServer.ConnectionHandler.readablec Csªz|j ¡Wntjtjfy*YdStjyD| ¡YStjyX‚YnNtyž}z0|j dt j krŠ| ¡WYd}~SWYd}~nd}~00d|_ dS)NrF) rÃrgrrfrZ SSLEOFErrorÚ handle_closerÓr/r^rLZ ECONNABORTEDr)r¾rêrrrrM s *zAAsyncoreEchoServer.EchoServer.ConnectionHandler._do_ssl_handshakecCsT|jr| ¡n@| d¡}tjr4tj dt|ƒ¡|sB|  ¡n|  |  ¡¡dS)Nrµz server: read %s from client ) rrr0rrlrjrmrnr‚rÝr4rÄ)r¾rÖrrrÚ handle_read\ s   z;AsyncoreEchoServer.EchoServer.ConnectionHandler.handle_readcCs$| ¡tjr tj d|j¡dS)Nz server: closed connection %s )rÝrrlrjrmrnrÃr½rrrrh sz)Ú __class__rÏrÊr½rrrÚ__str__‡ szAsyncoreEchoServer.__str__cCs| t ¡¡|j ¡|Srrór½rrrrƒŠ s zAsyncoreEchoServer.__enter__cGsVtjrtj d¡| ¡tjr,tj d¡| ¡tjrFtj d¡tjdddS)Nz cleanup: stopping server. z! cleanup: joining server thread. z cleanup: successfully joined. T)Z ignore_all) rrlrjrmrnr×rrþZ close_allr÷rrrr„ s   zAsyncoreEchoServer.__exit__NcCs||_tj |¡dSrrørùrrrrô› szAsyncoreEchoServer.startcCs>d|_|jr|j ¡|jr:zt d¡WqYq0qdS)NTr )rðrïr–rþZloopr½rrrrëŸ s zAsyncoreEchoServer.runcCsd|_|j ¡dSr™)rðrÊrÝr½rrrrש szAsyncoreEchoServer.stop)N) rÏrÐrÑrþrr rÊr rƒr„rôrër×rrrrrý7 sD  rýr´TFc Csži}t||dd}|p|jt ¡||d} |  t|jf¡|t|ƒt|ƒfD]†} |rrtj rrt j   d|¡|   | ¡|   ¡} |ržtj ržt j   d| ¡| | ¡krTtd| dd…t| ƒ|dd… ¡t|ƒfƒ‚qT|   d ¡|rütj rüt j   d ¡| |  ¡|  ¡|  ¡|  ¡|  ¡|  ¡| j| jd œ¡|  ¡Wdƒn1sR0Y|j|d <|j|d <|j|d<Wdƒn1s0Y|S)zW Launch a server, connect a client to it and try various reads and writes. F©r£rÖræ)rtÚsessionú client: sending %r... ú client: read %r ú4bad data <<%r>> (%d) received; expected <<%r>> (%d) Néóover ú client: closing connection. )Ú compressionr¯ÚpeercertÚclient_alpn_protocolÚclient_npn_protocolr/Úsession_reusedr Úserver_alpn_protocolsÚserver_npn_protocolsÚserver_shared_ciphers)rrŸrÃrHrIrËrÔrxrrlrjrmrnr@rÄÚAssertionErrorrRr›rr¯r‡rÑrÏr/rr rÝrÐrÍr±) r­r®ÚindatarÖræÚsni_namer rIrÊrÆÚargÚoutdatarrrÚserver_params_test­ sbþ ÿÿ  ÿÿÿ  ø (  *r!c CsÎ|durtj}tjdtjdtjdi|}tjr\|r6dp8d}tj |t  |¡t  |¡|f¡t  |¡}|j |O_ t  |¡} | j |O_ t   |d¡} | durÄt| dƒrÄ|tjkrÄ| j| krÄ| | _|jtjkrÚ| d¡t| |ƒ|| fD]} || _|  t¡|  t¡qìzt|| d d d } WnXtjy>|r:‚YnŒtyx} z"|sb| jtjkrd‚WYd} ~ nZd} ~ 00|sžtd t  |¡t  |¡fƒ‚n,|d urÊ|| d krÊtd|| d fƒ‚dS)a< Try to SSL-connect using *client_protocol* to *server_protocol*. If *expect_success* is true, assert that the connection succeeds, if it's false, assert that the connection fails. Also, if *expect_success* is a string, assert that it is the protocol version actually used by the connection. Nršr²r³z %s->%s %s z {%s->%s} %s rDrÚF©rÖræz5Client protocol %s succeeded with server protocol %s!Tr/z%version mismatch: expected %r, got %r)rršr²r³rrlrjrmrnZget_protocol_namerZréÚPROTOCOL_TO_TLS_VERSIONr¥rErNrDrSrFrIrœržr¥rr«r!rÓr/rLÚ ECONNRESETr)Zserver_protocolZclient_protocolÚexpect_successZ certsreqsÚserver_optionsÚclient_optionsZcerttypeZ formatstrr­r®Z min_versionrHrIr`rrrÚtry_protocol_comboß sx ýü þÿ   ýüû      ÿ ÿÿÿ  ÿ ÿr(c@sðeZdZdd„Zdd„Ze eƒd¡dd„ƒZdd „Z e e j d ¡d d „ƒZ d d„Z dd„Zdd„Zdd„Zedƒdd„ƒZdd„Zdd„Zedƒdd„ƒZdd „Zed!ƒd"d#„ƒZed$ƒd%d&„ƒZed'ƒd(d)„ƒZed*ƒd+d,„ƒZd-d.„Zd/d0„Zd1d2„Zd3d4„Zd5d6„Zd7d8„Z d9d:„Z!d;d<„Z"d=d>„Z#d?d@„Z$dAdB„Z%dCdD„Z&edƒdEdF„ƒZ'e(ed*ƒdGdH„ƒƒZ)e(ed'ƒdIdJ„ƒƒZ*e(ed*ƒed$ƒdKdL„ƒƒƒZ+e(ed!ƒdMdN„ƒƒZ,e e j-dO¡dPdQ„ƒZ.e dRe j/vdS¡dTdU„ƒZ0dVdW„Z1e e2e dXƒdY¡dZd[„ƒZ3e 4e5d\¡d]d^„ƒZ6e e7d_¡e 4e8d`¡dadb„ƒƒZ9dcdd„Z:e e j;de¡dfdg„ƒZe e j?dm¡dndo„ƒZ@dpdq„ZAdrds„ZBeCdtdu„ƒZDeCdvdw„ƒZEeCdxdy„ƒZFeCdzd{„ƒZGd|d}„ZHd~d„ZId€d„ZJd‚dƒ„ZKd„d…„ZLd†S)‡Ú ThreadedTestsc Cs~tjrtj d¡tD]~}|tjtjhvr,qt |ƒs6q|j tj |d<t  |¡}|  t¡t|ƒt||dddWdƒq1sŠ0Yqtƒ\}}}|j tjtjd"t||dd|dWdƒn1sÜ0Yd|_|j tjtjdb| tj¡"}t||dd|dWdƒn1s60Y| d t|jƒ¡Wdƒn1sh0Y|j tjtjd`| tj¡ }t||ddd Wdƒn1sº0Y| d t|jƒ¡Wdƒn1sì0Y|j tjtjd`| tj¡ }t||ddd Wdƒn1s>0Y| d t|jƒ¡Wdƒn1sp0YdS) z2Basic test of an SSL client connecting to a serverrå)rSTr"N)r}rÊ)r­r®rÖrærFz%called a function you should not call)r­r®rÖræ)rrlrjrmrnr×rrPrOrTZsubTestÚ_PROTOCOL_NAMESrZržrèrIr!r¯r›rÒrÓr´rKrK)r¾rSr£r­r®r¬r`rrrÚ test_echo* sd   ÿ& ý$ý&ÿ$þ&ÿ$þ&ÿzThreadedTests.test_echoc Csžtjrtj d¡tƒ\}}}t|dd}|X|jt ¡d|d }|  t |j f¡|  t ¡| ¡Wdƒn1s‚0Y| ¡| ¡}| |d¡| ¡}tjrätj t |¡d¡tj dt|ƒd¡d|vr| d t |¡¡d |dvr| d ¡| d |¡| d |¡t |d ¡}t |d ¡} | || ¡Wdƒn1sp0YWdƒn1s0YdS)NråF©r£rÖ)rxrtúCan't get peer certificate.zConnection cipher is z. r-z$No subject field in certificate: %s.r#zkMissing or invalid 'organizationName' field in certificate subject; should be 'Python Software Foundation'.r+r*)rrlrjrmrnr¯rrŸrÃrHrIrËrÒrr‡rgrr¯rìrírKrÚr´rr¹r) r¾r­r®r¬rÊrÆrYr¯ÚbeforeZafterrrrÚtest_getpeercert\ sF    þ &  ÿÿÿ  zThreadedTests.test_getpeercertröc Cstjrtj d¡tƒ\}}}ttddƒ}| |j tj |B¡t |dd}|f|j t   ¡|d4}| t|jf¡| ¡}| |d¡Wdƒn1sœ0YWdƒn1sº0Y|j tjO_ t |dd}|„|j t   ¡|dP}| tjd¡ | t|jf¡Wdƒn1s00YWdƒn1sP0YWdƒn1sp0Y| t¡t |dd}|h|j t   ¡|d4}| t|jf¡| ¡}| |d¡Wdƒn1sä0YWdƒn1s0YdS) Nrår÷rTr,rsr-r‰)rrlrjrmrnr¯rMrr¼rørùrrŸrÃrHrIrËr‡rrúrÁrÓrÚCRLFILE)r¾r­r®r¬rûrÊrÆrYrrrÚtest_crl_check€ sF     ÿH  ÿÿp   ÿzThreadedTests.test_crl_checkc Csàtjrtj d¡tƒ\}}}t|dd}|f|jt ¡|d4}|  t |j f¡|  ¡}|  |d¡Wdƒn1s|0YWdƒn1sš0Yt|dd}|‚|jt ¡ddN}| tjd¡ |  t |j f¡Wdƒn1sþ0YWdƒn1s0YWdƒn1s>0Yt|dd}|rt ¡H}| td¡| |¡Wdƒn1s’0YWdƒn1s²0YWdƒn1sÒ0YdS) NråTr,rsr-rqz:Hostname mismatch, certificate is not valid for 'invalid'.z'check_hostname requires server_hostname)rrlrjrmrnr¯rrŸrÃrHrIrËr‡rrÁrr[r)r¾r­r®r¬rÊrÆrYrrrrPª s<    ÿH  ÿþn  ÿz!ThreadedTests.test_check_hostnamez)test requires hostname_checks_common_namec CsHtƒ\}}}|jsJ‚d|_t|dd}|R|jt ¡|d }| t|jf¡Wdƒn1sf0YWdƒn1s„0Yttƒ\}}}d|_t|dd}|€|jt ¡|dL}|  t j ¡ | t|jf¡Wdƒn1sú0YWdƒn1s0YWdƒn1s:0YdS)NFTr,rs) r¯rðrrŸrÃrHrIrËr©rÒrÚSSLCertVerificationError©r¾r­r®r¬rÊrÆrrrróË s(    ÿL  ÿz.ThreadedTests.test_hostname_checks_common_namec Csêt tj¡}| t¡| d¡t}t tj¡}| t ¡t |dd}|Œ|j t   ¡|dZ}|  t|jf¡| ¡}| |d¡| ¡d d¡}| |dd…d ¡Wdƒn1s¾0YWdƒn1sÜ0YdS© NzECDHE:ECDSA:!NULL:!aRSATr,rsr-rú-r¡)ZECDHEZECDSA)rrZrPrr«rFÚSIGNED_CERTFILE_ECC_HOSTNAMErOržÚSIGNED_CERTFILE_ECCrrŸrÃrHrIrËr‡rr¯Úsplit©r¾r­r¬r®rÊrÆrYr¯rrrÚ test_ecc_certã s"       ÿ zThreadedTests.test_ecc_certc Cst tj¡}| t¡|jtjO_| d¡t}t tj ¡}|  t ¡|  t ¡t |dd}|Œ|jt ¡|dZ}| t|jf¡| ¡}| |d¡| ¡d d¡}| |dd…d ¡Wdƒn1sØ0YWdƒn1sö0YdSr4)rrZrPrr«rér¹rFr6rOržr7r¥rrŸrÃrHrIrËr‡rr¯r8r9rrrÚtest_dual_rsa_eccø s&        ÿ zThreadedTests.test_dual_rsa_eccc Cs¬tjrtj d¡t tj¡}| t ¡t tj ¡}tj |_ d|_ | t¡gd¢}|D]ª\}}t|dd}|‚|jt ¡|dP}| |j|¡| t|jf¡| ¡}| |j|¡| |d¡Wdƒn1sÚ0YWdƒqX1sø0YqXt|dd}|‚|jt ¡ddN}| tj¡ | t|jf¡Wdƒn1s^0YWdƒn1s~0YWdƒn1sž0YdS)NråT))ukönig.idn.pythontest.netúxn--knig-5qa.idn.pythontest.net)r<r<)sxn--knig-5qa.idn.pythontest.netr<)u(königsgäßchen.idna2003.pythontest.netú.xn--knigsgsschen-lcb0w.idna2003.pythontest.net)r=r=)s.xn--knigsgsschen-lcb0w.idna2003.pythontest.netr=)ú.xn--knigsgchen-b4a3dun.idna2008.pythontest.netr>)s.xn--knigsgchen-b4a3dun.idna2008.pythontest.netr>r,rsr-zpython.example.org)rrlrjrmrnrrZrOržÚ IDNSANSFILErPr³rœr›rr«rrŸrÃr¼rtrHrIrËr‡rrÒr[) r¾r®r£Z idn_hostnamesrtZexpected_hostnamerÊrÆrYrrrÚtest_check_hostname_idn s:        ÿJ  ÿz%ThreadedTests.test_check_hostname_idnc Cs6tƒ\}}}| t¡tj|_tjj|_t |ddd}|æ|j t   ¡|d²}z|  t |jf¡Wn‚tjy }z"tjrŒtj d|¡WYd}~nZd}~0tyæ}z0|jtjkr¼‚tjrÒtj d|¡WYd}~nd}~00| d¡Wdƒn1s0YWdƒn1s(0YdS)zÇConnecting when the server rejects the client's certificate Launch a server with CERT_REQUIRED, and check that trying to connect to it with a wrong client certificate fails. Tr rsú SSLError is %r Nú socket.error is %r ú'Use of invalid cert should have failed!)r¯ržrèrr³rœrrYrVrrŸrÃrHrIrËrÓrrlrjrmrnr/rLr$rÚ©r¾r­r®r¬rÊrÆr`rrrÚtest_wrong_cert_tls12J s0   ÿ ÿÿ$ &z#ThreadedTests.test_wrong_cert_tls12rôc CsVtƒ\}}}| t¡tj|_tjj|_tjj|_t |ddd}|ü|j t   ¡|dÈ}|  t |jf¡z| d¡| d¡Wn„tjy¾}z"tjrªtj d|¡WYd}~n\d}~0ty}z0|jtjkrÜ‚tjròtj d|¡WYd}~nd}~00| d¡Wdƒn1s(0YWdƒn1sH0YdS) NTr rsódatarŠrArBrC)r¯ržrèrr³rœrrôrDrrŸrÃrHrIrËrnr@rÓrrlrjrmr/rLr$rÚrDrrrÚtest_wrong_cert_tls13o s6    ÿ ÿÿ $ &z#ThreadedTests.test_wrong_cert_tls13cs|t ¡‰t ¡‰t ¡‰t ˆt¡‰‡‡‡fdd„}‡‡‡‡fdd„}tj|d}| ¡z|ƒW| ¡n | ¡0dS)ztA brutal shutdown of an SSL server should raise an OSError in the client when attempting handshake. cs8ˆ ¡ˆ ¡ˆ ¡\}}| ¡ˆ ¡ˆ ¡dSr)rúr–r.rÝ)ZnewsockrÆ)Ú listener_goneÚlistener_readyrÆrrÚlistenerœ s  z2ThreadedTests.test_rude_shutdown..listenerc stˆ ¡t ¡P}| tˆf¡ˆ ¡z t|ƒ}WntyFYn 0ˆ d¡Wdƒn1sf0YdS)Nz2connecting to closed SSL socket should have failed)rörÃrHrIr¤r/rÚ)r|Ússl_sock)rHrIrËr¾rrÚ connector¤ s   z3ThreadedTests.test_rude_shutdown..connector©ÚtargetN) rÈrõrÃrrÇrIrÉrôr)r¾rJrLr r)rHrIrËrÆr¾rÚtest_rude_shutdownŽ s  z ThreadedTests.test_rude_shutdownc Cs&tjrtj d¡t tj¡}| t ¡t tj ¡}t |dd}|Ì|j t   ¡tdš}z| t|jf¡Wnttjyâ}zZd}| |tj¡| |jd¡| |j|¡| |t|ƒ¡| dt|ƒ¡WYd}~n d}~00Wdƒn1sø0YWdƒn1s0YdS)NråTr,rsz&unable to get local issuer certificaterr‰)rrlrjrmrnrrZrOržr¥rPrrŸrÃr¦rHrIrËrÓrr2r¼Z verify_codeZverify_messager´r‚)r¾r®r£rÊrÆr`rèrrrÚtest_ssl_cert_verify_error· s(      ÿz(ThreadedTests.test_ssl_cert_verify_errorrUcCsÎtjrtj d¡ttjtjdƒttjtjdtjƒttjtjdtj ƒttjtj dƒt dƒrrttjtj dƒttjtj dƒtƒržttjtj dtjdttjtj dtjdttjtj dtjddS)z9Connecting to an SSLv2 server with various client optionsråTFr©r'N)rrlrjrmrnr(rÚPROTOCOL_SSLv2r²r³rNrQÚPROTOCOL_SSLv3rrzr¶r·r¸r½rrrÚtest_protocol_sslv2Î s&  ÿ ÿ ÿz!ThreadedTests.test_protocol_sslv2c Csªtjrtj d¡tdƒrnzttjtj dƒWn>t yl}z&tjrXtj dt |ƒ¡WYd}~n d}~00tdƒr†ttjtj dƒttjtjdƒtdƒr®ttjtj dƒtdƒrÊttjtj dtjƒttjtjdtjƒtdƒrúttjtj dtjƒtdƒrttjtj dtjƒttjtjdtjƒtdƒrJttjtj dtjƒtdƒrjttjtj dtjd ttjtjdtjtjBd tdƒr¦ttjtj dtjd dS) z:Connecting to an SSLv23 server with various client optionsrårUTz; SSL2 client to SSL23 server test unexpectedly failed: %s NrFr)r&)rrlrjrmrnrQr(rrNrRr/rKrSrr²r³r·r¶r¸)r¾rÂrrrÚtest_PROTOCOL_TLSä sL ÿÿ    ÿ  ÿ  ÿzThreadedTests.test_PROTOCOL_TLSrcCs¨tjrtj d¡ttjtjdƒttjtjdtjƒttjtjdtj ƒt dƒrbttjtj dƒttjtj dtj dttjtjdƒtƒr¤ttjtj dtjddS)z9Connecting to an SSLv3 server with various client optionsrårrUFrQN)rrlrjrmrnr(rrSr²r³rQrRrNr·rrzr¶r½rrrÚtest_protocol_sslv3 s  ÿ ÿz!ThreadedTests.test_protocol_sslv3rcCs”tjrtj d¡ttjtjdƒttjtjdtjƒttjtjdtj ƒt dƒrbttjtj dƒt dƒrzttjtj dƒttjtj dtjddS)z8Connecting to a TLSv1 server with various client optionsrårrUFrrQN)rrlrjrmrnr(rrr²r³rQrRrSrNr¸r½rrrÚtest_protocol_tlsv1 s  ÿz!ThreadedTests.test_protocol_tlsv1rcCsœtjrtj d¡ttjtjdƒtdƒr:ttjtj dƒtdƒrRttjtj dƒttjtj dtj dttj tjdƒttjtj dƒttj tjdƒdS)zjConnecting to a TLSv1.1 server with various client options. Testing against older TLS versions.råúTLSv1.1rUFrrQN)rrlrjrmrnr(rrrQrRrSrNrºÚPROTOCOL_TLSv1_2r½rrrÚtest_protocol_tlsv1_1/ s  ÿz#ThreadedTests.test_protocol_tlsv1_1rYcCsÒtjrtj d¡ttjtjdtjtj Btjtj Bdt dƒrPttjtj dƒt dƒrhttjtj dƒttjtj dtjdttj tjdƒttjtjdƒttjtjdƒttjtjdƒttjtjdƒdS) zjConnecting to a TLSv1.2 server with various client options. Testing against older TLS versions.råúTLSv1.2)r&r'rUFrrQN)rrlrjrmrnr(rrYr·r¶rQrRrSrNr»rrr½rrrÚtest_protocol_tlsv1_2A s$    þ ÿz#ThreadedTests.test_protocol_tlsv1_2c Cs d}ttdddd}d}|lt ¡}| d¡| t|jf¡tjrTt j   d¡|D]Ú}tjrrt j   d|¡|rŠ|  |¡|  ¡}n|  |¡| d¡}| ¡ ¡}|dkrà| d ¡ràtjrÒt j   d |¡t|ƒ}d}qX|d kr| d ¡rtjrt j   d |¡| ¡}d}qXtjrXt j   d |¡qXtjrHt j   d¡|rZ|  d¡n |  d¡|rt| ¡n| ¡Wdƒn1s’0YdS)z6Switching from clear text to encrypted and back again.)smsg 1sMSG 2rÙsMSG 3smsg 4rÛsmsg 5smsg 6T)rärÖræFrårrµrÙsokz/ client: read %r from server, starting TLS... rÛz- client: read %r from server, ending TLS... z client: read %r from server rrN)rrèrÃrerHrIrËrrlrjrmrnr@r4r0rårÄrLr¤r|rÝ) r¾ZmsgsrÊÚwrappedrÆrrr rèrrrÚ test_starttlsW slý  ÿ     ÿÿÿÿÿ    zThreadedTests.test_starttlscCsüt|td}tjrtj d¡ttdƒ}|  ¡}Wdƒn1sF0Yd}d|j t j   t¡df}tjtd}tjj||d }zV| ¡ d ¡}|rÖt|ƒd krÖ|  t|ƒ¡}tjrÖtj d t|ƒ|f¡W| ¡n | ¡0| ||¡dS) z8Using socketserver to create and manage SSL connections.rFråÚrbNr%zhttps://localhost:%d/%sr )r‹©r£zcontent-lengthrz/ client: read %d bytes from remote server '%s' )rÃr¥rrlrjrmrnr?rèr@rËrrr8rrLr«ÚurllibZrequestÚurlopenÚinfor¥rrRrÝr¼)r¾rÊrBrrÚurlr£ZdlenrrrÚtest_socketserver s.   &ÿ  ÿÿzThreadedTests.test_socketserverc Cstjrtj d¡d}ttƒ}|Þtt ¡ƒ}|  d|j f¡tjrVtj d|¡| |¡|  ¡}tjr~tj d|¡||  ¡kr¼|  d|dd…t|ƒ|dd…  ¡t|ƒf¡| d ¡tjrØtj d ¡| ¡tjròtj d ¡Wdƒn1s0YdS) z'Check the example asyncore integration.rår´rrrrNrrrz client: connection closed. )rrlrjrmrnrýrèr¤rÃrHrËr@rÄrÚrRrÝ)r¾rrÊrÆr rrrÚtest_asyncore_serverª s:  ÿ  ÿÿÿ  z"ThreadedTests.test_asyncore_serverc sÚtjrtj d¡tttjtj tddd}|”t t   ¡dtttjtj d‰ˆ  t|jf¡‡fdd„}‡fdd „}d ˆjdgtfd ˆjdd gtfd ˆjdgdd„fg}dˆjdgfdˆjdd gfd|dgfd|dgfg}d}|D]ú\}}} } } || d¡} zz|| g| ¢RŽ} d |¡}|j| | | ƒ|dˆ ¡}||  ¡krx| dj||dd…t|ƒ| dd…t| ƒd¡WqätyÜ}zH| r¤| dj|d¡t|ƒ |¡sÈ| dj||d¡WYd}~qäd}~00qä|D]Þ\}}} } || d¡} zVˆ | ¡|| Ž}||  ¡krR| d j||dd…t|ƒ| dd…t| ƒd¡Wnjty¾}zP| r~| d!j|d¡t|ƒ |¡s¢| dj||d¡ˆ ¡WYd}~n d}~00qäd"}ˆ |¡tt|ƒƒ}| ˆ d#|¡t|ƒ¡| ||¡t dur>t j!t|ƒ}| "|¡}ˆ |¡| ˆ ¡|¡| #t$ˆj%¡| #t$ˆj&d"g¡| #t$ˆj'd$¡| #t$ˆj(td$ƒg¡ˆ d%¡| #tˆjd#¡| #tˆjd#¡ˆ )¡Wdƒn1sÌ0YdS)&z Test recv(), send() and friends.råTF©rñr¡ròrÖræ©rDr—r•r”r¡cstdƒ}ˆ |¡}|d|…S©Nsd)rÔr1)Úbrœ©rÆrrÚ _recv_intoÛ s z0ThreadedTests.test_recv_send.._recv_intocs"tdƒ}ˆ |¡\}}|d|…Sri)rÔr3)rjrœrÆrkrrÚ_recvfrom_intoà sz4ThreadedTests.test_recv_send.._recvfrom_intor4r5z some.addressr§cSsdSrr)rÂrrrÚé råz.ThreadedTests.test_recv_send..r0r2r1r3ZPREFIX_r^zsending with {})rèzpWhile sending with <<{name:s}>> bad data <<{outdata:r}>> ({nout:d}) received; expected <<{indata:r}>> ({nin:d}) Nr)rr ZnoutrZninz>Failed to send with method <<{name:s}>>; expected to succeed. rzFMethod <<{name:s}>> failed with unexpected exception message: {exp:s} )rÚexpzrWhile receiving with <<{name:s}>> bad data <<{outdata:r}>> ({nout:d}) received; expected <<{indata:r}>> ({nin:d}) zAFailed to receive with method <<{name:s}>>; expected to succeed. rFr¥r.r)*rrlrjrmrnrrèrršrOr¤rÃrPrHrIrËr4rRr5r§r0r2rnrr¼r@rÄrÚrrKrLrÔÚctypesZc_ubyteZfrom_buffer_copyrÒr6r7r8r9r:rÝ)r¾rÊrlrmZ send_methodsZ recv_methodsZ data_prefixZ meth_nameZ send_methr%r^Z ret_val_methrr«rèr r`Z recv_methrÖÚbufferZubyteZ byteslikerrkrÚtest_recv_sendÇ sÖ ûû  ý   üÿ  ûÿ ÿÿþÿ  ûÿ ÿÿþÿ"       ÿ zThreadedTests.test_recv_sendcCsÆttƒ}| ¡| |jdd¡t t|jf¡}| |j ¡t |dd}| |j ¡|  d¡|  |  d¡d¡|  | d¡d¡|  | ¡d¡| d¡|  |  d¡d¡|  | tƒ¡d¡dS)NF)Zsuppress_ragged_eofsrFrrå)rrèrƒràr„rÃrdrIrËrÝr¤r4r¼r0r@rer1rÔ)r¾rÊrÆrrrÚtest_recv_zeroPs     zThreadedTests.test_recv_zeroc s²tttjtjtddd}|‚tt ¡dtttjtjd‰ˆ t |j f¡ˆ  d¡t dƒ‰‡‡fdd„}|  tjtjf|¡ˆ  d¡ˆ ¡Wdƒn1s¤0YdS)NTFrgrhi csˆ ˆ¡qdSr)r4r©r¬rÆrrÚ fill_bufferxsz8ThreadedTests.test_nonblocking_send..fill_buffer)rrèrršrOr¤rÃrPrHrIrËrerÔrÒrrfrÝ)r¾rÊrurrtrÚtest_nonblocking_sendds4ûû ÿÿ z#ThreadedTests.test_nonblocking_sendcs"t tj¡‰d}t ˆ¡}t ¡‰d‰‡‡‡fdd„}tj|d}| ¡ˆ ¡z´zBt tj¡}|  d¡|  ||f¡|  tj dt |¡W| ¡n | ¡0zBt tj¡}t |ƒ}|  d¡|  tj d|j ||f¡W| ¡n | ¡0Wd‰| ¡ˆ ¡nd‰| ¡ˆ ¡0dS) NrFcsbˆ ¡ˆ ¡g}ˆsLt ˆgggd¡\}}}ˆ|vr| ˆ ¡d¡q|D] }| ¡qPdS)Ngš™™™™™¹?r)rúr–rŒrÎr.rÝ)Zconnsr Úwr`r ©ZfinishrÊÚstartedrrÚserveŠsz3ThreadedTests.test_handshake_timeout..serverMgš™™™™™É?z timed outT)rÃr&rrÇrÈrõrÉrôrör>rHrÁr@r¤rÝr)r¾rlrËrzr r|rrxrÚtest_handshake_timeout‚s@      ÿ    ÿ þz$ThreadedTests.test_handshake_timeoutcst tj¡}tj|_| t¡| t¡t   t j ¡‰d}t   ˆ¡}|j ˆdd‰| ˆj¡t ¡‰d‰d‰‡‡‡‡fdd„}tj|d}| ¡ˆ ¡|  t   ¡¡}| ||f¡| d¡| ¡| ¡}| ¡| ¡ˆ ¡ˆ ¡| ˆtj¡| ˆ|¡dS)NrTrCcs0ˆ ¡ˆ ¡ˆ ¡\‰‰ˆ ˆ d¡¡dS)NrŠ)rúr–r.r4r0r©ZevtZpeerZremoterÊrrrzÃs z/ThreadedTests.test_server_accept..serverMrF)rrZrNr³rœrr«ržr¥rÃr&rrÇrŸrrDrÈrõrÉrôrörHr4r0rzrÝrrrÄr¼)r¾r£rlrËrzr r}Z client_addrrr|rÚtest_server_accept³s6        z ThreadedTests.test_server_acceptc Cs‚t tj¡}| t ¡¡T}| t¡}| ¡Wdƒn1sD0Y| |j j t j ¡Wdƒn1st0YdSr) rrZrNrŸrÃrÒr/r‡r¼rKrLÚENOTCONN©r¾r£r rNrrrÚtest_getpeercert_enotconnÜs   &z'ThreadedTests.test_getpeercert_enotconnc Cs‚t tj¡}| t ¡¡T}| t¡}| ¡Wdƒn1sD0Y| |j j t j ¡Wdƒn1st0YdSr) rrZrNrŸrÃrÒr/rgr¼rKrLr~rrrrÚtest_do_handshake_enotconnãs   &z(ThreadedTests.test_do_handshake_enotconnc CsÜtƒ\}}}|jtjO_| d¡| d¡t|d|}|jt ¡|dJ}| t ¡ |  t |j f¡Wdƒn1s€0YWdƒn1sž0YWdƒn1s¼0Y|  d|jd¡dS)NZAES128ÚAES256r`rszno shared cipherr)r¯rérr¹rFrrŸrÃrÒr/rHrIrËr´rÕr3rrrÚtest_no_shared_ciphersês     ÿ jz$ThreadedTests.test_no_shared_ciphersc Cst tj¡}d|_tj|_tttjddÔ}|  t   ¡¡ˆ}|  |  ¡d¡|  |j d¡| t|jf¡trˆtdƒrˆ| |  ¡d¡n,tjdkr¤| |  ¡d¡n| |  ¡d¡Wdƒn1sÈ0Y|  |j d¡|  |  ¡d¡Wdƒn1s0YdS) zt Basic tests for SSLSocket.version(). More tests are done in the test_protocol_*() methods. F)r¡rÖNrôúTLSv1.3)r rr¡r[)rr[)rrZrPr›ršrœrrèrOrŸrÃrÈr/r£rHrIrËr^rQr¼ryr´©r¾r£rÊrÆrrrÚtest_version_basicøs& þ  .z ThreadedTests.test_version_basicc CsÆt tj¡}| t¡|jtjtjBtjBO_t |dv}|  t   ¡¡H}|  t |jf¡| | ¡dhd£¡| | ¡d¡Wdƒn1sš0YWdƒn1s¸0YdS)Nr`r>ZTLS_AES_256_GCM_SHA384ZTLS_CHACHA20_POLY1305_SHA256ZTLS_AES_128_GCM_SHA256r„)rrZrNržrèrér¸rºr»rrŸrÃrHrIrËr´r¯r¼r/r…rrrÚ test_tls1_3s  ÿ zThreadedTests.test_tls1_3c Cs´tƒ\}}}tjj|_tjj|_tjj|_tjj|_t|db}|jt   ¡|d0}|  t |j f¡|  | ¡d¡Wdƒn1sˆ0YWdƒn1s¦0YdS)Nr`rsr[)r¯rrrrDrYrVrrŸrÃrHrIrËr¼r/r3rrrÚtest_min_max_version_tlsv1_2!s       ÿz*ThreadedTests.test_min_max_version_tlsv1_2c Cs¾tƒ\}}}tjj|_tjj|_tjj|_tjj|_t||ƒt |db}|j t   ¡|d0}|  t |jf¡| | ¡d¡Wdƒn1s’0YWdƒn1s°0YdS)Nr`rsrX)r¯rrrrDrYrVrrIrrŸrÃrHrIrËr¼r/r3rrrÚtest_min_max_version_tlsv1_12s        ÿz*ThreadedTests.test_min_max_version_tlsv1_1c Csìtƒ\}}}tjj|_tjj|_tjj|_tjj|_t||ƒt|d}|j t   ¡|d^}|  tj ¡ }|  t|jf¡Wdƒn1s0Y| dt|jƒ¡Wdƒn1sÀ0YWdƒn1sÞ0YdS)Nr`rsZalert)r¯rrrYrVrDrrIrrŸrÃrÒrÓrHrIrËr´rKrKrDrrrÚtest_min_max_version_mismatchCs        ÿ.z+ThreadedTests.test_min_max_version_mismatchc Cs´tƒ\}}}tjj|_tjj|_tjj|_t||ƒt|db}|jt   ¡|d0}|  t |j f¡|  | ¡d¡Wdƒn1sˆ0YWdƒn1s¦0YdS)Nr`rsr)r¯rrrrDrVrIrrŸrÃrHrIrËr¼r/r3rrrÚtest_min_max_version_sslv3Vs       ÿz(ThreadedTests.test_min_max_version_sslv3z"test requires ECDH-enabled OpenSSLc Csºt tj¡}| t¡|jtjO_tjdkr:| d¡t |db}|  t   ¡¡4}|  t |jf¡| d| ¡d¡Wdƒn1sŽ0YWdƒn1s¬0YdS)N)r rrz ECCdraft:ECDHr`ZECDHr)rrZrNržrèrér¹ryrFrrŸrÃrHrIrËr´r¯r…rrrÚtest_default_ecdh_curvees     z%ThreadedTests.test_default_ecdh_curver~rc Csútjrtj d¡tƒ\}}}t|ddd}|²|jt ¡|d¦}|  t |j f¡|  d¡}tjrztj d  |¡¡| |¡| ¡dkr¢| t|ƒd ¡n| t|ƒd ¡| d ¡| ¡ ¡}| |t|ƒ d ¡¡Wd ƒn1sò0Y|jt ¡|d¶}|  t |j f¡|  d¡}tjrDtj d  |¡¡| ||¡| |¡| ¡dkrz| t|ƒd ¡n| t|ƒd ¡| d ¡| ¡ ¡}| |t|ƒ d ¡¡Wd ƒn1sÌ0YWd ƒn1sì0Yd S)z Test tls-unique channel binding.råTFr rsr~z! got channel binding data: {0!r} r„é0é sCB tls-unique rÜNz(got another channel binding data: {0!r} )rrlrjrmrnr¯rrŸrÃrHrIrËr{rr°r/r¼rRr@rår‚rnrá) r¾r­r®r¬rÊrÆZcb_dataZpeer_data_reprZ new_cb_datarrrrysf  þþ ÿ     ÿ"þ ÿÿ     ÿz-ThreadedTests.test_tls_unique_channel_bindingcCsRtƒ\}}}t||dd|d}tjr:tj d |d¡¡| |dhd£¡dS)NT©rÖrærz got compression: {!r} r>NZRLEZZLIB) r¯r!rrlrjrmrnrr´©r¾r­r®r¬rIrrrÚtest_compressionµs þzThreadedTests.test_compressionr8z*ssl.OP_NO_COMPRESSION needed for this testcCsRtƒ\}}}|jtjO_|jtjO_t||dd|d}| |dd¡dS)NTrr)r¯rérr8r!rÈrrrrÚtest_compression_disabled¾s þz'ThreadedTests.test_compression_disabledr(cCs–tƒ\}}}|jtjO_| t¡| d¡|jtjO_t||dd|d}|dd}| d¡}d|vr’d|vr’d |vr’|  d |d¡dS) NZkEDHTrr¯rr5ZADHZEDHZDHEzNon-DH cipher: ) r¯rérr¹r*r+rFr!r8rÚ)r¾r­r®r¬rIr¯ÚpartsrrrÚtest_dh_paramsÉs   þ  zThreadedTests.test_dh_paramszneeds secp384r1 curve supportz TODO: Test doesn't work on 1.1.1cCstƒ\}}}| d¡| d¡|jtjtjBO_t||dd|d}tƒ\}}}| d¡| d¡|jtjtjBO_t||dd|d}tƒ\}}}| d¡| d¡| d¡|jtjtjBO_zt||dd|d}WntjyúYn0t r |  d¡dS)Nr|zECDHE:!eNULL:!aNULLTrr4zmismatch curve did not fail) r¯r~rFrérr¸rºr!rÓÚIS_OPENSSL_1_1_0rÚrrrrÚtest_ecdh_curveÚs<   þ   þ    þ zThreadedTests.test_ecdh_curvecCs2tƒ\}}}t||dd|d}| |dd¡dS)NTrr©r¯r!rÈrrrrÚtest_selected_alpn_protocols  þz)ThreadedTests.test_selected_alpn_protocolzALPN support requiredcCs@tƒ\}}}| ddg¡t||dd|d}| |dd¡dS)NrÏÚbarTrr)r¯rîr!rÈrrrrÚ/test_selected_alpn_protocol_if_server_uses_alpn s þz=ThreadedTests.test_selected_alpn_protocol_if_server_uses_alpnz!ALPN support needed for this testc Cs8gd¢}ddgdfddgdfdgdfddgdfg}|D]ü\}}tƒ\}}}| |¡| |¡zt||dd|d}Wn*tjyž} z| }WYd} ~ n d} ~ 00|durÆtrÆtjd krÆ| |tj¡q6d t|ƒt|ƒt|ƒf} |d } |  | || | d f¡t |d ƒr|d dnd} |  | || | df¡q6dS)N)rÏr™Ú milkshakerÏr™r›zhttp/3.0zhttp/4.0Tr)r r rr†úKfailed trying %s (s) and %s (c). was expecting %s, but got %%s from the %%srr}rr¥ÚnothingrÊ) r¯rîr!rrÓr•ryrrKr¼rR) r¾Úserver_protocolsÚprotocol_testsÚclient_protocolsr¬r­r®r¬rIr`rèÚ client_resultÚ server_resultrrrÚtest_alpn_protocolssN   ü    ü  ÿ ÿþ ÿ ÿÿ ÿz!ThreadedTests.test_alpn_protocolscCs2tƒ\}}}t||dd|d}| |dd¡dS)NTrrr—rrrrÚtest_selected_npn_protocol;s  þz(ThreadedTests.test_selected_npn_protocolz NPN support needed for this testc Csâddg}ddgdfddgdfddgdfddgdfg}|D]¤\}}tƒ\}}}| |¡| |¡t||dd|d}dt|ƒt|ƒt|ƒf} |d } | | || | d f¡t|d ƒrÂ|d d nd } | | || | df¡q8dS)Nzhttp/1.1zspdy/2rÁÚabcÚdefTrrœrr}rr¥rrÊ)r¯rír!rKr¼rR) r¾ržrŸr r¬r­r®r¬rIrèr¡r¢rrrÚtest_npn_protocolsCs4    ü    þ ÿþ ÿÿz ThreadedTests.test_npn_protocolscCsLt tj¡}| t¡t tj¡}| t¡t tj¡}| t¡|||fSr) rrZrOržr¥r§rPrr«)r¾r®Ú other_contextr­rrrÚ sni_contexts]s      zThreadedTests.sni_contextscCs"|d}| d|ff|d¡dS)Nrr%r-)r´)r¾rIrrYrrrÚcheck_common_namefszThreadedTests.check_common_namecsÊg‰| ¡\}‰}d|_‡‡fdd„}| |¡t||ddd}| ˆd|fg¡| |d¡g‰t||ddd}| ˆd|fg¡| |t¡g‰| d¡t||ddd}| |t¡| ˆg¡dS) NFcs ˆ ||f¡|durˆ|_dSr)rÎr£©rKZ server_nameZinitial_context©Zcallsr¨rrÚ servername_cbqsz6ThreadedTests.test_sni_callback..servername_cbTÚ supermessage©rÖrr4Znotfunny)r©r›r:r!r¼rªr¦)r¾r®r­r­rIrr¬rr;js4 þ þ  þ zThreadedTests.test_sni_callbackcCsp| ¡\}}}dd„}| |¡| tj¡ }t||ddd}Wdƒn1sR0Y| |jjd¡dS)NcSstjSr)rZALERT_DESCRIPTION_ACCESS_DENIEDr«rrrÚcb_returning_alert˜szAThreadedTests.test_sni_callback_alert..cb_returning_alertFr®r¯ZTLSV1_ALERT_ACCESS_DENIED) r©r:rÒrrÓr!r¼rKrb)r¾r®r¨r­r°rNrIrrrÚtest_sni_callback_alert“s þ$z%ThreadedTests.test_sni_callback_alertc Cs¨| ¡\}}}dd„}| |¡t ¡l}| tj¡ }t||ddd}Wdƒn1s\0Y| |j j d¡| |j j t ¡Wdƒn1sš0YdS)NcSs dddS)Nr rrr«rrrÚ cb_raising¦sz;ThreadedTests.test_sni_callback_raising..cb_raisingFr®r¯ZSSLV3_ALERT_HANDSHAKE_FAILURE)r©r:rÚcatch_unraisable_exceptionrÒrrÓr!r¼rKrbÚ unraisableÚexc_typeÚZeroDivisionError)r¾r®r¨r­r²ÚcatchrNrIrrrÚtest_sni_callback_raising¡s  þ$ ÿz'ThreadedTests.test_sni_callback_raisingc Cs¨| ¡\}}}dd„}| |¡t ¡l}| tj¡ }t||ddd}Wdƒn1s\0Y| |j j d¡| |j j t ¡Wdƒn1sš0YdS)NcSsdS)NrÏrr«rrrÚcb_wrong_return_typeºszOThreadedTests.test_sni_callback_wrong_return_type..cb_wrong_return_typeFr®r¯ZTLSV1_ALERT_INTERNAL_ERROR)r©r:rr³rÒrrÓr!r¼rKrbr´rµrÂ)r¾r®r¨r­r¹r·rNrIrrrÚ#test_sni_callback_wrong_return_type´s  þ$z1ThreadedTests.test_sni_callback_wrong_return_typec s†tƒ\}}}| d¡| d¡gd¢}t|||d}|dd}| t|ƒd¡|D]*\‰}}t‡fdd„|DƒƒsV| ˆ¡qVdS) Nz AES128:AES256r‚)r‚zAES-256Z TLS_CHACHA20ZTLS_AES©rrrc3s|]}|ˆvVqdSrr)râZalgrrrrä×råz4ThreadedTests.test_shared_ciphers..)r¯rFr!Ú assertGreaterrRÚanyrÚ) r¾r­r®r¬Z expected_algsrIr–Z tls_versionÚbitsrrrÚtest_shared_ciphersÈs   ÿ z!ThreadedTests.test_shared_cipherscCsŠtƒ\}}}t|dd}|Z|jt ¡|d}| t|jf¡| ¡| t |j d¡| t |j d¡Wdƒn1s|0YdS)NFr,rsrµshello) r¯rrŸrÃrHrIrËrÝrÒrr@rnr3rrrÚ,test_read_write_after_close_raises_valuerrorÚs   ÿz:ThreadedTests.test_read_write_after_close_raises_valuerrorc Cs0d}ttjdƒ}| |¡Wdƒn1s00Y| tjtj¡t tj¡}tj |_ |  t ¡|  t¡t|dd}|˜| t ¡¡h}| t|jf¡ttjdƒ,}| |¡| | d¡|¡Wdƒn1sâ0YWdƒn1s0YWdƒn1s"0YdS)NsxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxÚwbFr,r_rµ)r?rÚTESTFNrnràÚunlinkrrZrNr³rœrr«ržr¥rrŸrÃrHrIrËÚsendfiler¼r0)r¾Z TEST_DATArBr£rÊrÆÚfilerrrÚ test_sendfileçs(     zThreadedTests.test_sendfilec Cs@tƒ\}}}|jtjO_t|||d}|d}| |j¡| |jd¡| |j d¡| |j ¡tj dkr~| |j d¡|  |d¡| ¡}| |dd¡| |dd¡t||||d }| ¡}| |dd ¡| |dd¡| |d¡|d}| |j|j¡| ||¡| ||¡| |j|j¡| |j |j ¡t|||d}|  |d¡|d}| |j|j¡| ||¡| ¡}| |dd ¡| |dd¡t||||d }| |d¡|d} | | j|j¡| | |¡| | j|j¡| | j |j ¡| ¡}| |dd ¡| |dd ¡dS) Nr»r rr±rr.r r/)r rr¡r rŠ)r¯rérr¹r!rÚidr¼r‚r@Z has_ticketryZticket_lifetime_hintrír1r¼Z assertIsNotrrá) r¾r­r®r¬rIr Z sess_statZsession2Zsession3Zsession4rrrÚ test_sessionøsf ÿ   ÿ  ÿ ÿ zThreadedTests.test_sessionc Cs¨tƒ\}}}tƒ\}}}|jtjO_|jtjO_t|dd}|H|jt ¡|dŽ}| |jd¡| |j d¡|  t |j f¡|j}|  |¡| t¡} t|_Wdƒn1sÂ0Y| t| jƒd¡Wdƒn1sò0Y|jt ¡|dd}|  t |j f¡| t¡} ||_Wdƒn1sH0Y| t| jƒd¡Wdƒn1sz0Y|jt ¡|dT}||_|  t |j f¡| |jj|j¡| |j|¡| |j d¡Wdƒn1sò0Y|jt ¡|dd}| t¡&} ||_|  t |j f¡Wdƒn1sH0Y| t| jƒd¡Wdƒn1sz0YWdƒn1sš0YdS)NFr,rszValue is not a SSLSession.z#Cannot set session after handshake.Tz)Session refers to a different SSLContext.)r¯rérr¹rrŸrÃr¼r rrHrIrËrrÒrÂr&rKrKrrÇ) r¾r­r®r¬Zclient_context2r~rÊrÆr r`rrrÚtest_session_handling2s^    ÿ  $0 ÿ & ÿ$ ÿ. ÿ 0 ÿz#ThreadedTests.test_session_handlingN)MrÏrÐrÑr+r/r]rÒr{r1rPrrñrór:r;r@rErfrGrOrPrTrUrVrWrZr\r^rerfrrrsrvr{r}r€rrƒr†r‡r[rˆr‰rŠr‹r}rŒrÓrr‘rEr’rZr\r”ÚHAVE_SECP_CURVESr^r–r˜ZHAS_ALPNršr£r¤ZHAS_NPNr§r©rªr]r;r±r¸rºr¿rÀrÆrÈrÉrrrrr)( sÂ2$ÿ (!ÿ 8% ) *    9 1)      ÿ : ÿ     %   '    (    :r)rôzTest needs TLS 1.3c@sTeZdZdd„Zdd„Zdd„Zdd„Zd d „Zd d „Zd d„Z dd„Z dd„Z dS)ÚTestPostHandshakeAuthcCsÀtjtjtjg}|D]¦}t |¡}| |jd¡d|_| |jd¡tj|_| |jtj¡| |jd¡d|_| |jtj¡| |jd¡tj |_d|_| |jtj ¡| |jd¡qdSrÄ) rrNrOrPrZr¼Úpost_handshake_authr³rœr²)r¾Z protocolsrSrHrrrÚtest_pha_settergs" ÿ z%TestPostHandshakeAuth.test_pha_setterc Cs:tƒ\}}}d|_tj|_d|_| t¡t|dd}|ê|jt   ¡|d¶}|  t |j f¡|  d¡| | d¡d¡|  d¡| | d¡d ¡|  d¡| | d¡d ¡|  d¡| | d¡d ¡|  d ¡| d ¡ d ¡}| d|¡Wdƒn1s 0YWdƒn1s,0YdS)NTFr,rsrßrµrárÞrÚràrâirÜr0)r¯rÌrr³rœržr¥rrŸrÃrHrIrËrnr¼r0ror´)r¾r­r®r¬rÊrÆZ cert_textrrrÚtest_pha_requireds.    ÿ     z'TestPostHandshakeAuth.test_pha_requiredc Cstƒ\}}}d|_tj|_d|_t ¡à}t|dd}|°|jt   ¡|d~}|  t |j f¡|  d¡| | d¡d¡|  d¡| tjd ¡| d¡Wdƒn1s´0YWdƒn1sÒ0YWdƒn1sð0YWdƒn1s0YdS) NTFr,rsrÞrµrÚrßrã)r¯rÌrr³rœrZcatch_threading_exceptionrrŸrÃrHrIrËrnr¼r0rÁrÓ)r¾r­r®r¬rNrÊrÆrrrÚtest_pha_required_nocert˜s(    ÿ  þz.TestPostHandshakeAuth.test_pha_required_nocertc Cstjrtj d¡tƒ\}}}d|_tj|_ d|_|  t ¡tj |_ t |dd}|¦|jt ¡|dt}| t|jf¡| d¡| | d¡d¡| d ¡| | d¡d ¡| d¡| | d¡d ¡Wdƒn1sâ0YWdƒn1s0YdS) NråTFr,rsrßrµrárÞrÚrà)rrlrjrmrnr¯rÌrr³rœržr¥r²rrŸrÃrHrIrËr¼r0r3rrrÚtest_pha_optional±s*     ÿ   z'TestPostHandshakeAuth.test_pha_optionalc Csütjrtj d¡tƒ\}}}d|_tj|_ d|_t |dd}|¦|j t   ¡|dt}|  t|jf¡| d¡| | d¡d¡| d ¡| | d¡d ¡| d¡| | d¡d¡Wdƒn1sÐ0YWdƒn1sî0YdS) NråTFr,rsrßrµrárÞrÚ)rrlrjrmrnr¯rÌrr²rœrrŸrÃrHrIrËr¼r0r3rrrÚtest_pha_optional_nocertÉs&    ÿ   z.TestPostHandshakeAuth.test_pha_optional_nocertc Csìtƒ\}}}d|_tj|_| t¡t|dd}|¤|jt   ¡|dr}|  t |j f¡|  tjd¡| ¡Wdƒn1s†0Y| d¡| d| d¡¡Wdƒn1sÀ0YWdƒn1sÞ0YdS) NTFr,rsz not serverrÞsextension not receivedrµ)r¯rÌrr³rœržr¥rrŸrÃrHrIrËrÁrÓrçrnr´r0r3rrrÚtest_pha_no_pha_clientßs    ÿ& z,TestPostHandshakeAuth.test_pha_no_pha_clientc Csîtƒ\}}}tj|_d|_| t¡t|dd}|¦|jt   ¡|dt}|  t |j f¡|  d¡| | d¡d¡|  d¡| | d¡d ¡|  d¡| | d¡d¡Wdƒn1sÂ0YWdƒn1sà0YdS) NTFr,rsrßrµràrÞrÚ)r¯rr³rœrÌržr¥rrŸrÃrHrIrËrnr¼r0r3rrrÚtest_pha_no_pha_serverïs"    ÿ   z,TestPostHandshakeAuth.test_pha_no_pha_serverc CsÀtƒ\}}}tj|_tjj|_d|_| t ¡t |dd}|n|j t   ¡|d<}|  t|jf¡| d¡| d| d¡¡Wdƒn1s”0YWdƒn1s²0YdS)NTFr,rsrÞsWRONG_SSL_VERSIONrµ)r¯rr³rœrrYrVrÌržr¥rrŸrÃrHrIrËrnr´r0r3rrrÚtest_pha_not_tls13s     ÿ z(TestPostHandshakeAuth.test_pha_not_tls13c Cs:t}t tj¡}d|_| t¡d|_tj|_ t tj ¡}| t¡|  t ¡d|_tj |_ t|dd}|¸|jt ¡|d„}| t|jf¡| d¡| | d¡d¡| d¡| | d¡d ¡| d¡| | d¡d ¡| | ¡i¡Wdƒn1s 0YWdƒn1s,0YdS) NTFr,rsrßrµrárÞrÚrà)r¦rrZrPrÌržr¥r›ršrœrOrr«r³rrŸrÃrHrIrËrnr¼r0r‡)r¾r¬r­r®rÊrÆrrrÚtest_bpo37428_pha_cert_nones2       ÿ   z1TestPostHandshakeAuth.test_bpo37428_pha_cert_noneN) rÏrÐrÑrÍrÎrÏrÐrÑrÒrÓrÔrÕrrrrrËesrËÚkeylog_filenamez0test requires OpenSSL 1.1.1 with keylog callbackc@sŠeZdZejfdd„Zee e d¡dd„ƒƒZ ee e d¡dd„ƒƒZ ee e j jd¡e e d¡d d „ƒƒƒZd d „Zd d„Zdd„ZdS)Ú TestSSLDebugcCs8t|ƒ}tt|ƒƒWdƒS1s*0YdSr)r?rRr—)r¾ZfnamerBrrrÚ keylog_lines:s zTestSSLDebug.keylog_linesr(cCs| tjtj¡t tj¡}| |jd¡|  t j   tj¡¡tj|_| |jtj¡|  t j   tj¡¡| | ¡d¡d|_| |jd¡| ttf¡(t j  t j  tj¡¡|_Wdƒn1sÊ0Y| t¡d|_Wdƒn1sú0YdS)Nr )ràrrÃrÂrrZrPr¼rÖrírrÚisfilerrØrÒÚIsADirectoryErrorÚPermissionErrorrÚabspathrÂrÞrrrÚtest_keylog_defaults>s   ÿ$ z!TestSSLDebug.test_keylog_defaultsc CsÞ| tjtj¡tƒ\}}}tj|_t|dd}|R|jt ¡|d }|  t |j f¡Wdƒn1sn0YWdƒn1sŒ0Y|  |  ¡d¡d|_tj|_t|dd}|R|jt ¡|d }|  t |j f¡Wdƒn1sþ0YWdƒn1s0Y| |  ¡d¡tj|_tj|_t|dd}|T|jt ¡|d }|  t |j f¡Wdƒn1s”0YWdƒn1s´0Y| |  ¡d¡d|_d|_dS)NFr,rsr†é é)ràrrÃrÂr¯rÖrrŸrÃrHrIrËr¼rØrr3rrrÚtest_keylog_filenameVsB   ÿL  ÿN  ÿPz!TestSSLDebug.test_keylog_filenamez.test is not compatible with ignore_environmentcCs®| tjtj¡tjj tj ¡ztjtj d<|  tj dtj¡t   t j ¡}|  |jd¡t  ¡}|  |jtj¡t  ¡}|  |jtj¡Wdƒn1s 0YdS)NZ SSLKEYLOGFILE)ràrrÃrÂr]Zmockr#ÚdictrÚenvironr¼rrZrPrÖrLrNrÞrrrÚtest_keylog_envzs  zTestSSLDebug.test_keylog_envcCsltƒ\}}}dd„}| |jd¡||_| |j|¡| t¡tƒ|_Wdƒn1s^0YdS)NcSsdSrr©rÚ directionr/Z content_typeZmsg_typerÖrrrÚmsg_cbsz.TestSSLDebug.test_msg_callback..msg_cb)r¯rÈÚ _msg_callbackrÒrÂr&)r¾r­r®r¬rærrrÚtest_msg_callbacks  zTestSSLDebug.test_msg_callbackc sÞtƒ\}}}|jtjO_g‰‡‡fdd„}||_t|dd}|R|jt ¡|d }| t |j f¡Wdƒn1s~0YWdƒn1sœ0Yˆ  dt j tjtjfˆ¡ˆ  dt j tjtjfˆ¡dS)Ncs@ˆ |tj¡ˆ |t¡ˆ |ddh¡ˆ ||||f¡dS)Nr@rn)rrrÄr˜r´rÎrä©rèr¾rrræŸs z4TestSSLDebug.test_msg_callback_tls12..msg_cbFr,rsr@rn)r¯rérr¹rçrrŸrÃrHrIrËr´rrYrZ HANDSHAKErZSERVER_KEY_EXCHANGEZCHANGE_CIPHER_SPEC)r¾r­r®r¬rærÊrÆrrérÚtest_msg_callback_tls12™s0   ÿL ÿý ÿýz$TestSSLDebug.test_msg_callback_tls12c sîtƒ\}}}tƒd‰dd„}‡fdd„}||_||_t|dd}|”|jt ¡|d }| t|jf¡Wdƒn1s€0Y|jt ¡|d }| t|jf¡Wdƒn1sÂ0YWdƒn1sà0YdS) Nr cSsdSrrrärrrræ¼sz@TestSSLDebug.test_msg_callback_deadlock_bpo43577..msg_cbcs ˆ|_dSrr`r7©Zserver_context2rrÚsni_cb¿sz@TestSSLDebug.test_msg_callback_deadlock_bpo43577..sni_cbFr,rs) r¯rçZ sni_callbackrrŸrÃrHrIrË)r¾r­r®r¬rærìrÊrÆrrërÚ#test_msg_callback_deadlock_bpo43577¸s$     ÿ. ÿz0TestSSLDebug.test_msg_callback_deadlock_bpo43577N)rÏrÐrÑrrÂrØÚrequires_keylogr]rZr\rÝràrjÚflagsÚignore_environmentrãrèrêrírrrrr×8s     " ÿ  r×c CsPtjr¶tjtjdœ}| ¡D]*\}}|ƒ}|r|drd||f}qTqtt ¡ƒ}tdtj tj fƒtd|ƒtdtj ƒtdtj ƒztdtj ƒWnty´Yn0ttttttttttttf D]}tj |¡sÒt d |¡‚qÒtt t!t"t#t$t%t&t'g }t (d ¡r| )t*¡t +¡}ztj,|ŽWtj-|Žn tj-|Ž0dS) N)ZMacZWindowsrz%s %rztest_ssl: testing with %r %rz under %sz HAS_SNI = %rz OP_ALL = 0x%8xz OP_NO_TLSv1_1 = 0x%8xzCan't read certificate file %rZnetwork).rrlrÔZmac_verZ win32_verÚitemsr‚Úprintrrryrµrèrºròrèrrrrrr¥r§r«rÚBADKEYrrrÚexistsZ TestFailedrÕr°r_rkr{r€r)rËr×Zis_resource_enabledrÎr¸Zthreading_setupZ run_unittestZthreading_cleanup)rlZplatsrr`ZplatÚfilenameZtestsÚ thread_inforrrÚ test_mainÏsJþ    ÿ  ü ý   r÷Ú__main__)N)r´TFNN)Nrr)F)rjr]Z unittest.mockrÁrZ test.supportrrÃrŒr‚rr=rrLrìZurllib.requestrarÈrhrþr'rÔZ sysconfigrbrpÚ ImportErrorÚ import_modulerrrrrEZPy_DEBUGr\Úsortedr*r×rIrrLrryr•r^rXZget_config_varr r#rÊÚverrMròrrèÚfsencoderrrrrrrrrŠrr$r rér0r¥r¦rêr§r¨r7r6r«r r?r©rªr»rrrJrórërrór+r,r8r9r:r;r<r=rCrIrTÚ lru_cacherQrfrÒrZr[rprvrzr{r€rÊrˆr“rµr]rNršr¤r¯ZTestCaser°rÕr_rkr{r€r¸ržr Ztest.ssl_serversrÃrÉrrýr!r(r)rËZ HAS_KEYLOGrîr×r÷rÏrrrrÚsx                    óñ           ( þ þ  '6?0B  vþ 3ÿ IIO ÿ .