twisted.test.test_sslverify.ServiceIdentityTests(unittest.SynchronousTestCase)
class documentationtwisted.test.test_sslverify
(View In Hierarchy)
Tests for the verification of the peer's service's identity via the
hostname
argument to sslverify.OpenSSLCertificateOptions
.
Method | serviceIdentitySetup | Connect a server and a client. |
Method | test_invalidHostname | When a certificate containing an invalid hostname is received from the server, the connection is immediately dropped. |
Method | test_validHostname | Whenever a valid certificate containing a valid hostname is received, connection proceeds normally. |
Method | test_validHostnameInvalidCertificate | When an invalid certificate containing a perfectly valid hostname is received, the connection is aborted with an OpenSSL error. |
Method | test_realCAsBetterNotSignOurBogusTestCerts | If we use the default trust from the platform, our dinky certificate should really fail. |
Method | test_butIfTheyDidItWouldWork | ssl.optionsForClientTLS
should be using ssl.platformTrust
by default, so if we fake that out then it should trust ourselves
again. |
Method | test_clientPresentsCertificate | When the server verifies and the client presents a valid certificate for
that verification by passing it to sslverify.optionsForClientTLS ,
communication proceeds. |
Method | test_clientPresentsBadCertificate | No summary |
Method | test_hostnameIsIndicated | No summary |
Method | test_hostnameEncoding | Hostnames are encoded as IDNA. |
Method | test_fallback | sslverify.simpleVerifyHostname
checks string equality on the commonName of a connection's certificate's
subject, doing nothing if it matches and raising
VerificationError if it doesn't. |
Method | test_surpriseFromInfoCallback | No summary |
Inherited from SynchronousTestCase:
Instance Variable | failureException | An exception class, defaulting to FailTest . If the test method
raises this exception, it will be reported as a failure, rather than an
exception. All of the assertion methods raise this if the assertion fails. |
Instance Variable | skip | None
or a string explaining why this test is to be skipped. If defined, the test
will not be run. Instead, it will be reported to the result object as
'skipped' (if the TestResult supports skipping). |
Instance Variable | todo | None ,
a string or a tuple of (errors, reason) where
errors is either an exception class or an iterable of
exception classes, and reason is a string. See Todo or makeTodo for
more information. |
Instance Variable | suppress | None
or a list of tuples of (args, kwargs) to be passed to
warnings.filterwarnings . Use these to suppress warnings raised
in a test. Useful for testing deprecated code. See also util.suppress . |
Method | __init__ | Undocumented |
Method | __eq__ | No summary |
Method | __ne__ | Undocumented |
Method | __hash__ | Undocumented |
Method | shortDescription | Undocumented |
Method | getSkip | No summary |
Method | getTodo | No summary |
Method | runTest | If no methodName argument is passed to the constructor, run
will treat this method as the thing with the actual test inside. |
Method | run | Run the test case, storing the results in result . |
Method | addCleanup | Add the given function to a list of functions to be called after the
test has run, but before tearDown . |
Method | patch | Monkey patch an object for the duration of the test. |
Method | flushLoggedErrors | Remove stored errors received from the log. |
Method | flushWarnings | Remove stored warnings from the list of captured warnings and return them. |
Method | callDeprecated | Call a function that should have been deprecated at a specific version and in favor of a specific alternative, and assert that it was thusly deprecated. |
Method | mktemp | Create a new path name which can be used for a new file or directory. |
Method | _getSuppress | No summary |
Method | _getSkipReason | Return the reason to use for skipping a test method. |
Method | _run | Run a single method, either a test method or fixture. |
Method | _runFixturesAndTest | Run setUp , a test method, test cleanups, and
tearDown . |
Method | _runCleanups | Synchronously run any cleanups which have been added. |
Method | _installObserver | Undocumented |
Method | _removeObserver | Undocumented |
Inherited from _Assertions (via SynchronousTestCase):
Method | fail | Absolutely fail the test. Do not pass go, do not collect $200. |
Method | assertFalse | Fail the test if condition evaluates to True. |
Method | assertTrue | Fail the test if condition evaluates to False. |
Method | assertRaises | Fail the test unless calling the function f with the given
args and kwargs raises exception .
The failure will report the traceback and call stack of the unexpected
exception. |
Method | assertEqual | Fail the test if first and second are not
equal. |
Method | assertIs | Fail the test if first is not second . This is
an obect-identity-equality test, not an object equality (i.e.
__eq__ ) test. |
Method | assertIsNot | Fail the test if first is second . This is an
obect-identity-equality test, not an object equality (i.e.
__eq__ ) test. |
Method | assertNotEqual | Fail the test if first == second . |
Method | assertIn | Fail the test if containee is not found in
container . |
Method | assertNotIn | Fail the test if containee is found in
container . |
Method | assertNotAlmostEqual | Fail if the two objects are equal as determined by their difference rounded to the given number of decimal places (default 7) and comparing to zero. |
Method | assertAlmostEqual | Fail if the two objects are unequal as determined by their difference rounded to the given number of decimal places (default 7) and comparing to zero. |
Method | assertApproximates | Fail if first - second >
tolerance |
Method | assertSubstring | Fail if substring does not exist within
astring . |
Method | assertNotSubstring | Fail if astring contains substring . |
Method | assertWarns | Fail if the given function doesn't generate the specified warning when called. It calls the function, checks the warning, and forwards the result of the function if everything is fine. |
Method | assertIsInstance | Fail if instance is not an instance of the given class or
of one of the given classes. |
Method | assertNotIsInstance | Fail if instance is an instance of the given class or of
one of the given classes. |
Method | successResultOf | Return the current success result of deferred or raise
self.failureException . |
Method | failureResultOf | Return the current failure result of deferred or raise
self.failureException . |
Method | assertNoResult | Assert that deferred does not have a result at this
point. |
Method | assertRegex | Fail the test if a regexp search of text
fails. |
Connect a server and a client.
Parameters | clientHostname | The client's idea of the server's hostname; passed as the
hostname to the sslverify.OpenSSLCertificateOptions
instance. (type: unicode ) |
serverHostname | The server's own idea of the server's hostname; present in the
certificate presented by the server. (type: unicode ) | |
serverContextSetup | a 1-argument callable invoked with the OpenSSL.SSL.Context
after it's produced. (type: callable
taking OpenSSL.SSL.Context returning None .) | |
validCertificate | Is the server's certificate valid? True
if so, False
otherwise. (type: bool ) | |
clientPresentsCertificate | Should the client present a certificate to the server? Defaults to 'no'. (type: bool ) | |
validClientCertificate | If the client presents a certificate, should it actually be a valid one,
i.e. signed by the same CA that the server is checking? Defaults to 'yes'. (type: bool ) | |
serverVerifies | Should the server verify the client's certificate? Defaults to 'no'. (type: bool ) | |
buggyInfoCallback | Should we patch the implementation so that the info_callback
passed to OpenSSL to have a bug and raise an exception (ZeroDivisionError )?
Defaults to 'no'. (type: bool ) | |
fakePlatformTrust | Should we fake the platformTrust to be the same as our fake server
certificate authority, so that we can test it's being used? Defaults to
'no' and we just pass platform trust. (type: bool ) | |
useDefaultTrust | Should we avoid passing the trustRoot to ssl.optionsForClientTLS ?
Defaults to 'no'. (type: bool ) | |
Returns | the client TLS protocol, the client wrapped protocol, the server TLS
protocol, the server wrapped protocol and an IOPump which,
when its pump and flush methods are called, will
move data between the created client and server protocol instances (type: 5-tuple
of 4 IProtocol s
and IOPump ) |
When a certificate containing an invalid hostname is received from the server, the connection is immediately dropped.
Whenever a valid certificate containing a valid hostname is received, connection proceeds normally.
When an invalid certificate containing a perfectly valid hostname is received, the connection is aborted with an OpenSSL error.
If we use the default trust from the platform, our dinky certificate should really fail.
ssl.optionsForClientTLS
should be using ssl.platformTrust
by default, so if we fake that out then it should trust ourselves
again.
When the server verifies and the client presents a valid certificate for
that verification by passing it to sslverify.optionsForClientTLS
,
communication proceeds.
When the server verifies and the client presents an invalid certificate
for that verification by passing it to sslverify.optionsForClientTLS
,
the connection cannot be established with an SSL error.
Specifying the hostname
argument to CertificateOptions
also sets the Server Name Extension TLS indication field to the correct
value.
sslverify.simpleVerifyHostname
checks string equality on the commonName of a connection's certificate's
subject, doing nothing if it matches and raising
VerificationError
if it doesn't.