o HXîh2fã @sŽddlZddlZddlZddlmZddlmZddlmZddlmZddlm Z ddlm Z ddl Z ddl Z ddl Z ddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZddlZzddlZWn e y‰dZYnwddl!Z!e! "¡e! #de$¡ddl%Z%Wdƒn1s§wYe &d ¡Z'ddl(Z(dd l'm)Z)m*Z*m+Z+m,Z,e-ed ƒZ.e.oÌejd kZ/e0e'j1ƒZ2ej3Z3e'j4d kZ5e 6d¡Z7iZ8dD]\Z9Z:z e;e'e9ƒZ9e;e'j)e:ƒZ:Wn ee ?e>¡Z@e=dƒZAe=dƒZBe ?eA¡ZCe ?eB¡ZDe=dƒZEe=dƒZFdZGe=dƒZHe ?eH¡ZIe=ddƒZJe=ddƒZKddddddd d!œZLe=d"ƒZMe=d#ƒZNd$ZOd%d&d'd(d)d*d+ddd d,œ ZPe=d-ƒZQd.ZRe=d/ƒZSd0ZTe=dd1ƒZUe=d2ƒZVe=d3ƒZWe=d4ƒZXd$ZYd5ZZe=d6ƒZ[e=d7ƒZ\e=d8ƒZ]e=d9ƒZ^e=d:ƒZ_e=d;ƒZ`e=d<ƒZae=d=ƒZbe ?eb¡Zce;e'd>dƒZde;e'd?dƒZee;e'd@dƒZfe;e'dAdƒZge;e'dBdƒZhdCdD„ZieiƒrÑdEdF„ZjndGdF„ZjdHdI„ZkejldJdK„ƒZmdLdM„ZndNdO„ZodPdQ„Zpe jqe$dRZre'jsdddddSœdTdU„ZteNfdVdWœdXdY„ZuGdZd[„d[ejvƒZwGd\d]„d]ejvƒZxGd^d_„d_ejvƒZyGd`da„daejvƒZzGdbdc„dcejvƒZ{Gddde„deejvƒZ|e }df¡Gdgdh„dhejvƒƒZ~d‰didj„Zdkdl„Z€ddmlm‚Z‚Gdndo„doejƒƒZ„Gdpdq„dqejƒƒZ… r  dŠdtdu„Z† d‹dvdw„Z‡Gdxdy„dyejvƒZˆe ‰emdzƒd{¡Gd|d}„d}ejvƒƒZŠe-e'j‹d~ƒZŒe ‰eŒd¡ZGd€d„dejvƒZŽd‚dƒ„ZGd„d…„d…ejvƒZd†d‡„Z‘e’dˆkrÅe “¡dSdS)ŒéN)Úsupport)Ú import_helper)Ú os_helper)Ú socket_helper)Úthreading_helper)Úwarnings_helperÚignoreÚssl)Ú TLSVersionÚ_TLSContentTypeÚ_TLSMessageTypeÚ _TLSAlertTypeÚgettotalrefcountÚwin32)érrÚPY_SSL_DEFAULT_CIPHERS))ÚPROTOCOL_SSLv23ÚSSLv3)ÚPROTOCOL_TLSv1ÚTLSv1)ÚPROTOCOL_TLSv1_1ÚTLSv1_1cGstjjtj t¡g|¢RŽS©N)ÚosÚpathÚjoinÚdirnameÚ__file__©Úname©r ú7/opt/python-3.10.19/usr/lib/python3.10/test/test_ssl.pyÚ data_fileBór"z keycert.pemz ssl_cert.pemz ssl_key.pemzkeycert.passwd.pemzssl_key.passwd.pemZsomepassÚcapathz 4e1295a3.0z 5ed36f99.0)©)Ú countryNameZXY©)Ú localityNamezCastle Anthrax©)ÚorganizationNamezPython Software Foundation))Ú commonNameÚ localhostzAug 26 14:23:15 2028 GMTzAug 29 14:23:15 2018 GMTZ98A7CF88C74A32ED))ÚDNSr,r©ÚissuerÚnotAfterÚ notBeforeÚ serialNumberÚsubjectÚsubjectAltNameÚversionzrevocation.crlz keycert3.pemr,)z)http://testca.pythontest.net/testca/ocsp/)z0http://testca.pythontest.net/testca/pycacert.cer)z2http://testca.pythontest.net/testca/revocation.crl)r%))r*úPython Software Foundation CA))r+z our-ca-serverzOct 28 14:23:16 2037 GMTzAug 29 14:23:16 2018 GMTZCB2D80995A69525C) ÚOCSPÚ caIssuersÚcrlDistributionPointsr/r0r1r2r3r4r5z keycert4.pemÚ fakehostnamezkeycertecc.pemz localhost-eccz ceff1710.0z allsans.pemz idnsans.pemz nosan.pemzself-signed.pythontest.netú nullcert.pemú badcert.pemzXXXnonexisting.pemú badkey.pemz nokia.pemznullbytecert.pemztalos-2019-0758.pemz ffdh3072.pemÚOP_NO_COMPRESSIONÚOP_SINGLE_DH_USEÚOP_SINGLE_ECDH_USEÚOP_CIPHER_SERVER_PREFERENCEÚOP_ENABLE_MIDDLEBOX_COMPATcCsVz tddd}d| ¡vWdƒWS1swYWdSty*YdSw)Nz/etc/os-releasezutf-8)ÚencodingZubuntuF)ÚopenÚreadÚFileNotFoundError)Úfr r r!Ú is_ubuntu¤s (ÿ ÿrHcGs0|D]}t|dƒr|jtjjkr| d¡qdS)z@"Lower security level to '1' and allow all ciphers for TLS 1.0/1Úminimum_versionz@SECLEVEL=1:ALLN)ÚhasattrrIr r rÚ set_ciphers)ÚctxsÚctxr r r!Úseclevel_workaround®sÿ €ûrNcGódSrr )rLr r r!rN·ócCsbt|tƒr| d¡s J‚tt|dƒ}|durdS|tjtjtjhvr$dS|j}t |t dƒd…ƒS)z€Check if a TLS protocol is available and enabled :param protocol: enum ssl._SSLMethod member or name :return: bool Z PROTOCOL_NFT) Ú isinstanceÚstrÚ startswithÚgetattrr Ú PROTOCOL_TLSÚPROTOCOL_TLS_SERVERÚPROTOCOL_TLS_CLIENTrÚhas_tls_versionÚlen)Úprotocolrr r r!Úhas_tls_protocol»s  þr[cCs¨|dkrdSt|tƒrtjj|}ttd|j›ƒsdStr&|tjjkr&dSt  tj ¡}t |dƒr?|j tjj kr?||j kr?dSt |dƒrR|jtjjkrR||jkrRdSdS)z{Check if a TLS/SSL version is enabled :param version: TLS version name or ssl.TLSVersion member :return: bool ÚSSLv2FZHAS_rIÚmaximum_versionT)rQrRr r Ú __members__rTrÚIS_OPENSSL_3_0_0ÚTLSv1_2Ú SSLContextrWrJrIÚMINIMUM_SUPPORTEDr]ÚMAXIMUM_SUPPORTED)r5rMr r r!rXÐs(   ÿ ÿ rXcs‡fdd„}|S)z•Decorator to skip tests when a required TLS version is not available :param version: TLS version name or ssl.TLSVersion member :return: cst ˆ¡‡‡fdd„ƒ}|S)Ncs&tˆƒs t ˆ›d¡‚ˆ|i|¤ŽS)Nz is not available.)rXÚunittestZSkipTest)ÚargsÚkw)Úfuncr5r r!Úwrappersz8requires_tls_version..decorator..wrapper)Ú functoolsÚwraps)rgrh©r5)rgr!Ú decoratorÿsz'requires_tls_version..decoratorr )r5rlr rkr!Úrequires_tls_versionùs rmcCs2d tjt ¡Ž¡}tjrtj ||¡dSdS)Nú ) rÚ tracebackÚformat_exceptionÚsysÚexc_inforÚverboseÚstdoutÚwrite)ÚprefixZ exc_formatr r r!Ú handle_error sÿrwcCs$tjrt ¡jdkrtj Stj S©Nr)ÚtimeÚdaylightÚ localtimeÚtm_isdstÚaltzoneÚtimezoner r r r!Ú utc_offsetsr)Úcategory)Ú cert_reqsÚca_certsÚciphersÚcertfileÚkeyfilecKsœ| d¡st|d<t tj¡}nt tj¡}|dur%|tjkr"d|_||_|dur.|  |¡|dus6|dur<|  ||¡|durE|  |¡|j |fi|¤ŽS)NÚ server_sideÚserver_hostnameF) ÚgetÚSIGNED_CERTFILE_HOSTNAMEr rarWrVÚ CERT_NONEÚcheck_hostnameÚ verify_modeÚload_verify_locationsÚload_cert_chainrKÚ wrap_socket)Úsockrr‚rƒr„r…ÚkwargsÚcontextr r r!Útest_wrap_sockets      r“T©Ú server_chaincCsv|tkrt}n|tkrt}n |tkrt}nt|ƒ‚t tj ¡}|  t ¡t tj ¡}|  |¡|r6|  t ¡|||fS)zUCreate context client_context, server_context, hostname = testing_context() )ÚSIGNED_CERTFILEr‰ÚSIGNED_CERTFILE2ÚSIGNED_CERTFILE2_HOSTNAMEÚ NOSANFILEÚNOSAN_HOSTNAMEÚ ValueErrorr rarWrÚ SIGNING_CArVrŽ)Z server_certr•ÚhostnameÚclient_contextÚserver_contextr r r!Útesting_context2s      r c@sšeZdZdd„Zdd„Zdd„Zdd„Zd d „Zd d „Zd d„Z dd„Z dd„Z dd„Z dd„Z ejdd„ƒZdd„Zdd„Zdd„Zedd „ƒZd!d"„Zd#d$„Zd%d&„Zd'd(„Zed)d*„ƒZd+d,„Zd-d.„Ze d/ej vd0¡d1d2„ƒZ!d3d4„Z"d5d6„Z#e e$j%d7kd8¡d9d:„ƒZ&e e$j%d7kd8¡d;d<„ƒZ'd=d>„Z(d?d@„Z)dAdB„Z*dCdD„Z+dEdF„Z,e e-ƒdG¡dHdI„ƒZ.dJdK„Z/e 0dLdM¡dNdO„ƒZ1dPdQ„Z2dRdS„Z3dTS)UÚBasicSocketTestscCsštjtjtjtjtjtjtj| tj d¡| tj d¡| tj d¡| tj d¡tj tjtjtjtjtj| tjtj¡dS)NT)r rŠÚ CERT_OPTIONALÚ CERT_REQUIREDrAr?r@r>Ú assertEqualÚHAS_SNIÚHAS_ECDHZ HAS_TLSv1_2Z HAS_TLSv1_3Ú OP_NO_SSLv2Ú OP_NO_SSLv3Ú OP_NO_TLSv1Ú OP_NO_TLSv1_3Ú OP_NO_TLSv1_1Ú OP_NO_TLSv1_2rUr©Úselfr r r!Útest_constantsMs$zBasicSocketTests.test_constantsc Cs–tjtjtjtjtjtjg}|D]1}|j|d!| t d¡ d|_ Wdƒn1s-wYWdƒn1sr4) r r±rÍÚ NULLBYTECERTrrsrqrtrurÒrÓr¤Z_OPENSSL_API_VERSION)r®rÕr3Zsanr r r!Útest_parse_cert_CVE_2013_4238És  z.BasicSocketTests.test_parse_cert_CVE_2013_4238cCs tj t¡}| |dd¡dS)Nr4) )r-Zallsans©Ú othernameú rì)råzuser@example.org)r-zwww.example.org)ZDirName)r%r'r)))r+zdirname example)rçzhttps://www.python.org/©réú 127.0.0.1)réz0:0:0:0:0:0:0:1)z Registered IDz 1.2.3.4.5)r r±rÍÚ ALLSANFILEr¤rÔr r r!Útest_parse_all_sansæs  ÿz$BasicSocketTests.test_parse_all_sanscCs¤ttdƒ }| ¡}Wdƒn1swYt |¡}t |¡}t |¡}| ||¡| tjd¡s=|  d|¡|  dtj d¡sP|  d|¡dSdS)NÚrrÌz-DER-to-PEM didn't include correct header: %r z-DER-to-PEM didn't include correct footer: %r ) rDÚ CAFILE_CACERTrEr ÚPEM_cert_to_DER_certZDER_cert_to_PEM_certr¤rSZ PEM_HEADERÚfailÚendswithZ PEM_FOOTER)r®rGÚpemÚd1Zp2Úd2r r r!Útest_DER_to_PEMûs  ÿ    ÿz BasicSocketTests.test_DER_to_PEMc CsFtj}tj}tj}| |t¡| |t¡| |t¡| |d¡|  |d¡|\}}}}}| |d¡|  |d¡| |d¡|  |d¡| |d¡|  |d¡| |d¡|  |d¡| |d¡|  |d¡d |d ›} |d krƒd |d ›d |d ›d |d ›} nd |d ›d |d ›d |d ›} |  |  | | f¡||t |ƒf¡dS)Nii@rÄéréé?éz LibreSSL ÚdrzOpenSSL Ú.)r ZOPENSSL_VERSION_NUMBERÚOPENSSL_VERSION_INFOÚOPENSSL_VERSIONÚassertIsInstanceÚintÚtuplerRÚassertGreaterEqualÚ assertLessZassertLessEqualÚ assertTruerSÚhex) r®ÚnÚtr½ÚmajorÚminorZfixÚpatchÚstatusZ libressl_verZ openssl_verr r r!Útest_openssl_versions6                  þz%BasicSocketTests.test_openssl_versioncCs`t tj¡}t|ƒ}t |¡}t dtf¡ ~Wdƒn1s"wY| |ƒd¡dS)NÚ) rºÚAF_INETr“ÚweakrefÚrefrrÆÚResourceWarningr¤)r®r½ÚssÚwrr r r!Ú test_refcycle*s  ÿzBasicSocketTests.test_refcyclec Csòt tj¡}t|ƒe}| t|jd¡| t|jtdƒ¡| t|jd¡| t|j tdƒd¡| t|j d¡| t|j dd¡| t |j ¡| t |jdgddd¡| t |jd¡| t |jtdƒg¡WdƒdS1srwYdS)NrÄóx)z0.0.0.0rr réd)rºrr“rÇÚOSErrorÚrecvÚ recv_intorÈÚrecvfromÚ recvfrom_intoÚsendÚsendtoÚNotImplementedErrorÚdupÚsendmsgÚrecvmsgÚ recvmsg_into©r®r½rr r r!Útest_wrapped_unconnected5s"    ÿ ÿ"õz)BasicSocketTests.test_wrapped_unconnectedc Cs\dD])}t tj¡}| |¡t|ƒ}| || ¡¡Wdƒn1s&wYqdS)N)Ngç@)rºrÚ settimeoutr“r¤Ú gettimeout)r®Útimeoutr½rr r r!Ú test_timeoutGs   ÿ€ýzBasicSocketTests.test_timeoutc Csôtjtjtjtjg}tjtjtjtjg}tj j tj j tj j g}|D]C}|j |d3t tj¡}| t¡}|j|O_Wdƒn1sGwY| dt|jƒ¡Wdƒn1s_wYq!|D]E}t|ƒsnqg|j |d0| t¡ }t |¡Wdƒn1sŠwY| d|j›dt|jƒ¡Wdƒn1s§wYqg|D]H}t|ƒs¶q¯|j |d3t tj¡}| t¡ }||_Wdƒn1sÖwY| d|›dt|jƒ¡Wdƒn1sòwYq¯dS)N)Úoptionz4ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated)rZzssl.z is deprecatedrk)r r©r«r¬rªrrÚPROTOCOL_TLSv1_2rUr rrrr´rarWÚ assertWarnsÚDeprecationWarningÚoptionsr¤rRÚwarningr[rrXrI) r®r3Ú protocolsZversionsr/rMÚcmrZr5r r r!Útest_openssl111_deprecationsPslüüý  ÿþü€   ÿ þý€  ÿ þü€ýz-BasicSocketTests.test_openssl111_deprecationsc Csðt ¡}|jtdtj|td|jtdtj|dd|jtdtj|dddtj|dtd}| td|jtd f¡Wdƒn1sDwY| t ¡#}t ¡}tj|t d Wdƒn1sewYWdƒn1stwY|  |j j t j¡| t ¡$}t ¡}tj|tt d Wdƒn1sŸwYWdƒn1s®wY|  |j j t j¡| t ¡$}t ¡}tj|t t d Wdƒn1sÙwYWdƒn1sèwY|  |j j t j¡dS) Nzcertfile must be specified©r…z5certfile must be specified for server-side operationsT©r†r©r†r„z!can't connect in server-side modei©r„©r„r…)rºrµr›r rrÎÚconnectÚHOSTrÇrÚNONEXISTINGCERTr¤Ú exceptionÚerrnoÚENOENT)r®rr½r6r r r!Útest_errors_sslwrap„sVþþ þ ÿÿ  ÿ€ÿ  ÿÿ€ÿ  ÿÿ€ÿz$BasicSocketTests.test_errors_sslwrapcCsntj tj t¡p tj|¡}t ¡}| |j¡|  t j ¡t ||dWdƒdS1s0wYdS)z;Check that trying to use the given client certificate failsr;N) rrrrrÚcurdirrºÚ addCleanupÚcloserÇr r³r“©r®r„rr r r!Ú bad_cert_test¢sÿ ÿ"ÿzBasicSocketTests.bad_cert_testcCó| d¡dS)z Wrapping with an empty cert filer;N©rHr­r r r!Útest_empty_cert¬óz BasicSocketTests.test_empty_certcCrI)z:Wrapping with a badly formatted certificate (syntax error)r<NrJr­r r r!Útest_malformed_cert°rLz$BasicSocketTests.test_malformed_certcCrI)z2Wrapping with a badly formatted key (syntax error)r=NrJr­r r r!Útest_malformed_key´rLz#BasicSocketTests.test_malformed_keyc sJdd„}‡fdd„}ddi}||dƒ||dƒ||d ƒ||d ƒ||d ƒ||d ƒdd i}||dƒ||dƒ||dƒ||dƒ||dƒddi}||dƒ||dƒ||dƒ||dƒ||dƒddi}||dƒ||d ƒ||dƒddi}||dƒ||dƒ||dƒ||dƒddi}||dƒ||dƒ||dƒd d ¡ d!¡}dd"|fffi}|||ƒdd#i}|||ƒdd$i}|||ƒd% d ¡ d!¡}dd"|fffi}||d& d ¡ d!¡ƒ||d' d ¡ d!¡ƒ||d( d ¡ d!¡ƒ||d) d ¡ d!¡ƒd*d+d,d-œ}||d.ƒ||d/ƒ||d0ƒ||d1ƒd2d3d4œ}||d5ƒ||d6ƒ||d7ƒdd8d9œ}||d:ƒ||d;ƒ||d<ƒ||d=ƒ||d>ƒ||d?ƒ||d@ƒtjr„ddAd9œ}||dBƒ||dCƒ||dDƒ||dEƒ||dFƒ||d@ƒd2dGd4œ}||d5ƒdHdIdJd-œ}||d5ƒdHdGdJd-œ}||dKƒˆ ttjdd¡ˆ ttjid¡ddLi}ˆ tj dM¡t |dN¡Wdƒn 1sÓwYddOi}ˆ tj dP¡t |dQ¡Wdƒn 1sõwYddRi}ˆ tj dS¡t |dT¡Wdƒn 1swYddUi}ˆ tj dV¡t |dW¡Wdƒn 1s9wYddXi}ˆ tj dY¡t |dZ¡Wdƒn 1s[wYd[D]}ˆ t¡ t  |¡Wdƒn 1szwYqbd\D] }ˆ  t  |¡¡qƒtjr¡d]D] }ˆ  t  |¡¡q•dSdS)^NcSst ||¡dSr)r Úmatch_hostname©Úcertrr r r!Úokºsz0BasicSocketTests.test_match_hostname..okcsˆ tjtj||¡dSr)rÇr ÚCertificateErrorrOrPr­r r!rö¼sÿz2BasicSocketTests.test_match_hostname..failr3)))r+ú example.comrTz ExAmple.cOmzwww.example.comz .example.comz example.orgZ exampleXcom)))r+z*.a.comz foo.a.comz bar.foo.a.comza.comzXa.comz.a.com)))r+zf*.comzfoo.comzf.comzbar.comz bar.foo.com)rÞrßznull.python.org)))r+z *.*.a.com)))r+za.*.comz a.foo.comza..comupüthon.python.orgÚidnaÚasciir+)))r+z x*.python.org)))r+zxn--p*.python.orguwww*.pythön.orguwww.pythön.orguwww1.pythön.orguftp.pythön.orgu pythön.orgzJun 26 21:41:46 2011 GMT)))r+ú linuxfrz.org))r-ú linuxfr.org)r-ú linuxfr.comrì)r0r3r4rXrYrîrWzDec 18 23:59:59 2011 GMT)rÛ©)rÜÚ California©)r(z Mountain View©)r*z Google Inc©)r+úmail.google.com)r0r3r_z gmail.comr[)©r-rT)réú 10.11.12.13)réú 14.15.16.17rï)r3r4rarbz127.1z 14.15.16.17 z14.15.16.17 extra dataz 14.15.16.18z example.net)r`)réz2001:0:0:0:0:0:0:CAFE )réz2003:0:0:0:0:0:0:BABA z 2001::cafez 2003::babaz 2003::baba z2003::baba extra dataz 2003::bebe)rÛrZr\r]zDec 18 23:59:59 2099 GMT)rÛrZr\r^))ríZblablaz google.com)))r+za*b.example.comz5partial wildcards in leftmost label are not supportedzaxxb.example.com)))r+zwww.*.example.comz2wildcard can only be present in the leftmost labelzwww.sub.example.com)))r+za*b*.example.comztoo many wildcardszaxxbxxc.example.com)))r+Ú*z7sole wildcard without additional labels are not supportÚhost)))r+z*.comz%hostname 'com' doesn't match '\*.com'Zcom)Ú1rz1.2.3z 256.0.0.1z 127.0.0.1/24)rðz 192.168.0.1)z::1z2001:db8:85a3::8a2e:370:7334) ÚencodeÚdecoderÚ IPV6_ENABLEDrÇr›r rOrµrSZ _inet_patonr )r®rRrörQrUÚinvalidZipaddrr r­r!Útest_match_hostname¸s                               þ    ÿ   ÿ       ÿ      ÿ û û þýþýþýþýþý  ÿ€þz$BasicSocketTests.test_match_hostnamecCsPt tj¡}t ¡}|jt|j|dddWdƒdS1s!wYdS)NTz some.hostname©r‡)r rarVrºrÇr›r)r®rMrr r r!Útest_server_sides  ÿ"ÿz!BasicSocketTests.test_server_sidec Cst d¡}t tj¡}| | ¡¡t|dd"}| t¡ | d¡Wdƒn1s.wYWdƒn1s=wY|  ¡dS)N©rðrF©Údo_handshake_on_connectz unknown-type) rºÚ create_serverrr=Ú getsocknamer“rÇr›Úget_channel_bindingrF)r®r½Úcrr r r!Útest_unknown_channel_binding†s    ÿ€ÿ z-BasicSocketTests.test_unknown_channel_bindingú tls-uniqueú*'tls-unique' channel binding not availablecCs”t tj¡}t|ƒ}| | d¡¡Wdƒn1swYt tj¡}t|dtd}| | d¡¡WdƒdS1sCwYdS)NruTr:)rºrr“Ú assertIsNonerrrÎr(r r r!Útest_tls_unique_channel_bindings  ÿ "ÿz0BasicSocketTests.test_tls_unique_channel_bindingcCsjtt tj¡ƒ}t|ƒ}| t¡}d}t ¡Wdƒn1s"wY| |t |j j dƒ¡dSrx) r“rºrÚreprr1rrÚ gc_collectÚassertInrRr4re)r®rrór6r r r!Útest_dealloc_warnœs  þz"BasicSocketTests.test_dealloc_warncCsˆt ¡}| t|ƒd¡| |tj¡t ¡#}t|d<t |d<t ¡}| |j t ¡| |j t¡WdƒdS1s=wYdS)NéÚ SSL_CERT_DIRÚ SSL_CERT_FILE) r Zget_default_verify_pathsr¤rYrZDefaultVerifyPathsrÚEnvironmentVarGuardÚCAPATHrÎÚcafiler$)r®ÚpathsÚenvr r r!Útest_get_default_verify_paths¤s "ûz.BasicSocketTests.test_get_default_verify_pathsrúWindows specificc Csî| t d¡¡| t d¡¡| ttj¡| ttjd¡tƒ}dD]H}t |¡}| |t¡|D]8}| |t ¡|  t |ƒd¡|\}}}| |t ¡|  |ddh¡| |tttf¡t|ttfƒrk| |¡q3q$d}|  ||¡dS) NÚCAÚROOTr)r‡rˆrÚx509_asnÚ pkcs_7_asnú1.3.6.1.5.5.7.3.1)r r Zenum_certificatesrÇr¶Ú WindowsErrorÚsetrÚlistrr¤rYÚbytesr{Ú frozensetÚboolrQÚupdate) r®Z trust_oidsZ storenameÚstoreÚelementrQÚencZtrustÚ serverAuthr r r!Útest_enum_certificates°s*      €ø z'BasicSocketTests.test_enum_certificatescCs’| t d¡¡| ttj¡| ttjd¡t d¡}| |t¡|D]"}| |t¡|  t |ƒd¡| |dt ¡|  |dddh¡q$dS)Nr‡rérrÄr‰rŠ) r r Z enum_crlsrÇr¶rŒrrŽrr¤rYrr{)r®Zcrlsr”r r r!Útest_enum_crlsÉs   üzBasicSocketTests.test_enum_crlsc CsÞd}t d¡}| ||¡| |jd¡| |jd¡| |jd¡| |jd¡| |tj¡| t tjd¡tj  d¡}| ||¡| |tj¡| t tjj d¡|  t d¡tj  d¡Wdƒn1skwYt d ƒD]4}ztj  |¡}Wn t y‡Yqtw| |jt ¡| |jt¡| |jt¡| |jttdƒf¡qttj d¡}| ||¡| |tj¡| tj d¡|¡| tj d¡|¡|  t d ¡tj d ¡WdƒdS1sèwYdS) N)ér–úTLS Web Server Authenticationr‹r‹ršr–r›éÿÿÿÿzunknown NID 100000i †éèzunknown object 'serverauth'Z serverauth)r Ú _ASN1Objectr¤ÚnidÚ shortnameZlongnameÚoidrrÇr›ZfromnidrµÚrangerrRÚtypeZfromname)r®ÚexpectedÚvalÚiÚobjr r r!Útest_asn1objectØsH    ÿ  ÿ  ÿ"ÿz BasicSocketTests.test_asn1objectcCsÈt d¡}| tjjtj¡| tjj|¡| tjjjd¡| tjjjd¡| tjjjd¡t d¡}| tjj tj¡| tjj |¡| tjj jd¡| tjj jd¡| tjj jd¡dS)Nr‹ršr–z1.3.6.1.5.5.7.3.2é‚Z clientAuth) r ržrÚPurposeÚ SERVER_AUTHr¤rŸr r¡Ú CLIENT_AUTH)r®r¥r r r!Útest_purpose_enumÿs  ÿ  ÿz"BasicSocketTests.test_purpose_enumcCs¼t tjtj¡}| |j¡| t¡}t|tj dWdƒn1s%wY|  t |j ƒd¡t  tj¡}| t¡ }| |¡Wdƒn1sNwY|  t |j ƒd¡dS)N©rz!only stream sockets are supported)rºrÚ SOCK_DGRAMrErFrÇr#r“r rŠr¤rRr@rarWr)r®r½ZcxrMr r r!Útest_unsupported_dtlss  ÿ   ÿz&BasicSocketTests.test_unsupported_dtlscCs| t |¡|¡dSr)r¤r Úcert_time_to_seconds)r®Ú timestringZ timestampr r r!Ú cert_time_okszBasicSocketTests.cert_time_okcCs:| t¡t |¡WdƒdS1swYdSr)rÇr›r r±)r®r²r r r!Úcert_time_fails  "ÿzBasicSocketTests.cert_time_failz)local time needs to be different from UTCcCs| dd¡| dd¡dS)NzMay 9 00:00:00 2007 GMTgÀCÑAúJan 5 09:34:43 2018 GMTçÀ¬Ñ“ÖA)r³r­r r r!Ú"test_cert_time_to_seconds_timezone"s z3BasicSocketTests.test_cert_time_to_seconds_timezonecCsàd}d}| ||¡| tj|d|¡| d|¡| d|¡| d¡| d¡| d¡| d ¡| d ¡| d ¡| d ¡d }| d|¡| d|¡| dd¡| dd¡| dd¡| d¡| dd¡dS)Nrµr¶)Z cert_timezJan 05 09:34:43 2018 GMTzJaN 5 09:34:43 2018 GmTzJan 5 09:34 2018 GMTzJan 5 09:34:43 2018zJan 5 09:34:43 2018 UTCzJan 35 09:34:43 2018 GMTzJon 5 09:34:43 2018 GMTzJan 5 24:00:00 2018 GMTzJan 5 09:60:43 2018 GMTgàWÒAzDec 31 23:59:60 2008 GMTzJan 1 00:00:00 2009 GMTzJan 5 09:34:59 2018 GMTiÃFOZzJan 5 09:34:60 2018 GMTiÄFOZzJan 5 09:34:61 2018 GMTiÅFOZzJan 5 09:34:62 2018 GMTzDec 31 23:59:59 9999 GMTg€¿ úMB)r³r¤r r±r´)r®r²ÚtsZ newyear_tsr r r!Útest_cert_time_to_seconds*s*                z*BasicSocketTests.test_cert_time_to_secondsÚLC_ALLrcCs@dd„}|ƒ ¡dkr| d¡| dd¡| |ƒd¡dS)NcSs t dd¡S)Nz%b) rÄr˜rrüér}rrr)ryÚstrftimer r r r!Úlocal_february_nameQó zNBasicSocketTests.test_cert_time_to_seconds_locale..local_february_nameZfebz>locale-specific month name needs to be different from C localezFeb 9 00:00:00 2007 GMTg`îrÑAz 9 00:00:00 2007 GMT)ÚlowerÚskipTestr³r´)r®r½r r r!Ú test_cert_time_to_seconds_localeMs   z1BasicSocketTests.test_cert_time_to_seconds_localecCsvt tj¡}| |j¡t |¡}tt tj¡tjd}| |j¡|  t |f¡}t j t j t jt jf}| ||¡dS)Nr®)rºrrErFrÚ bind_portr“r r£Ú connect_exr>rAZ ECONNREFUSEDZ EHOSTUNREACHZ ETIMEDOUTÚ EWOULDBLOCKr{)r®ÚserverÚportr½ÚrcÚerrorsr r r!Útest_connect_ex_error\s    ÿ  þz&BasicSocketTests.test_connect_ex_errorc Cs¶tƒ\}}}t|d}|D|jt ¡|d"}| t|jf¡| | d¡d¡| |  d¡d¡Wdƒn1srÆr¤rr!©r®ržrŸrrÅr½r r r!Útest_read_write_zerols   ÿüÿ"ÿz%BasicSocketTests.test_read_write_zeroN)4Ú__name__Ú __module__Ú __qualname__r¯r¸r¾rÂrËrÖrÚrëròrûrrZ cpython_onlyrr)r.r7Úignore_deprecationrCrHrKrMrNrjrlrtrdÚ skipUnlessr ÚCHANNEL_BINDING_TYPESrxr|r…rqÚplatformr—r™r¨r­r°r³r´rr·r¹Zrun_with_localerÁrÉrÎr r r r!r¡Ksh #   4   G ÿ    ' ÿ  #  r¡c@s|eZdZdd„Zdd„Ze edkd¡dd„ƒZd d „Z d d „Z d d„Z dd„Z e dd„ƒZe eejdƒd¡dd„ƒZdd„Zdd„Zdd„Zdd„Ze ed¡d d!„ƒZd"d#„Zd$d%„Ze ejd&¡d'd(„ƒZd)d*„Zd+d,„Zd-d.„Z d/d0„Z!d1d2„Z"e e#j$d3kd4¡d5d6„ƒZ%e e#j$d3kd7¡e ee#d8ƒd9¡d:d;„ƒƒZ&dd?„Z(d@dA„Z)dBdC„Z*dDdE„Z+dFdG„Z,dHdI„Z-dJS)KÚ ContextTestsc Cs¶tD]&}t|ƒr(t ¡ t |¡}Wdƒn1swY| |j|¡qt ¡ t ¡}Wdƒn1só€z0ContextTests.test_get_ciphers..>zDHE-RSA-AES128-GCM-SHA256zECDHE-ECDSA-AES256-GCM-SHA384zAES256-GCM-SHA384zECDHE-RSA-AES256-GCM-SHA384zDHE-RSA-AES256-GCM-SHA384zECDHE-ECDSA-AES128-GCM-SHA256zAES128-GCM-SHA256zECDHE-RSA-AES128-GCM-SHA256r˜z got: z expected: ) r rarWrKrràÚ intersectionrrYÚsorted)r®rMÚnamesr¤rår r r!Útest_get_ciphersšs   ÿzContextTests.test_get_cipherscCsöt tj¡}tjtjBtjB}|ttBtBt Bt BO}|  ||j ¡t  ¡|j tjO_ Wdƒn1s9wY|  |tjB|j ¡t  ¡|j tj@|_ Wdƒn1s_wY|  ||j ¡d|_ |  d|j tj@¡dSrx)r rarWÚOP_ALLr§r¨r>rAr?r@rBr¤r3rrÆr©)r®rMÚdefaultr r r!Ú test_options­s( ÿÿþ ÿ ÿzContextTests.test_optionscCs@t ¡t tj¡}Wdƒn1swY| |jtj¡tj|_| |jtj¡tj |_| |jtj ¡tj|_| |jtj¡|  t ¡ d|_Wdƒn1sYwY|  t ¡ d|_Wdƒn1sqwYt tj ¡}| |jtj¡| |j¡t tj¡}| |jtj ¡| |j¡dS©Nr×)rrÆr rarUr¤rŒrŠr¢r£rÇr¶r›rVÚ assertFalser‹rWr rÞr r r!Útest_verify_mode_protocolÀs, ÿ ÿ ÿ   z&ContextTests.test_verify_mode_protocolcCsŽt tj¡}| |j¡tjr,d|_| |j¡d|_| |j¡d|_| |j¡dS| t¡ d|_WdƒdS1s@wYdS©NTF) r rarWr Úhostname_checks_common_nameÚHAS_NEVER_CHECK_COMMON_NAMErírÇÚAttributeErrorrÞr r r!Ú test_hostname_checks_common_nameØs     "ÿz-ContextTests.test_hostname_checks_common_namecCst tj¡}tjjtjjtjjh}tjjtjjh}|  |j |¡|  |j |¡tjj |_ tjj|_ |  |j tjj ¡|  |j tjj¡tjj|_ tjj|_ |  |j tjj¡|  |j tjj¡tjj|_ |  |j tjj¡tjj|_ |  |j tjjtjj tjjh¡tjj|_ |  |j tjjtjjh¡| t¡ d|_ Wdƒn1s§wYttjƒrþt tj¡}|  |j |¡|  |j tjj¡| t¡ tjj|_ Wdƒn1sÜwY| t¡tjj|_ WdƒdS1s÷wYdSdSrì)r rarVr rbrr`rcÚTLSv1_3r{rIr]rr¤rrÇr›r[r)r®rMZ minimum_rangeZ maximum_ranger r r!Útest_min_max_versionæs| ú üÿÿ   ÿ ÿ   ÿ ÿ  ÿ þ þ ÿ  ÿ ÿ  ÿ  "ÿõz!ContextTests.test_min_max_versionÚsecurity_levelzrequires OpenSSL >= 1.1.0cCs&t tj¡}hd£}| |j|¡dS)N>rrÄr˜rrür»)r rarWr{rö)r®rMZsecurity_level_ranger r r!Útest_security_level5s z ContextTests.test_security_levelcCsæt tj¡}ttddƒ}| |jtj|B¡tj|_| |jtj¡tj|_| |jtj¡tj|_| |jtj¡tj |_| |jtj ¡tjtj B|_| |jtjtj B¡|  t ¡ d|_WdƒdS1slwYdS)NÚVERIFY_X509_TRUSTED_FIRSTr) r rarVrTr¤Ú verify_flagsÚVERIFY_DEFAULTÚVERIFY_CRL_CHECK_LEAFZVERIFY_CRL_CHECK_CHAINZVERIFY_ALLOW_PROXY_CERTSZVERIFY_X509_STRICTrÇr¶)r®rMÚtfr r r!Útest_verify_flagsHs$   ÿ "ÿzContextTests.test_verify_flagsc CsÐt tj¡}|jtdd|jttd|jt|jtd| t¡ }| t¡Wdƒn1s2wY|  |j j t j ¡|  tjd¡ | t¡Wdƒn1sWwY|  tjd¡ | t¡Wdƒn1sswYt tj¡}| tt¡|jttd|jttd|  tjd¡ | t¡Wdƒn1s©wY|  tjd¡ | t¡Wdƒn1sÅwY|  tjd¡|jttdWdƒn1sãwYt tj¡}|  tjd¡| tt¡Wdƒn 1swY|jttd|jtt ¡d|jttt ¡ƒd| ttt¡| ttt ¡¡| tttt ¡ƒ¡|  td¡|jtddWdƒn 1s[wY| tj¡|jtddWdƒn 1sywY|  td ¡|jtd d dWdƒn 1s™wYd d „}dd„}dd„}dd„}dd„}dd„}dd„} Gdd„dƒ} |jt|d|jt|d|jt|d|jt| ƒd|jt| ƒjd| tj¡|jt|dWdƒn 1swY|  td ¡|jt|dWdƒn 1swY|  td¡|jt|dWdƒn 1s.getpass_unicodecSst ¡Sr)rrfr r r r!Ú getpass_bytesóz8ContextTests.test_load_cert_chain..getpass_bytescSs tt ¡ƒSr)rÈrrfr r r r!Úgetpass_bytearrayr¾z.getpass_bytearraycSódS)Nrr r r r r!Úgetpass_badpass‘rPz:ContextTests.test_load_cert_chain..getpass_badpasscSsddS)Nrir r r r r!Ú getpass_huge“rz7ContextTests.test_load_cert_chain..getpass_hugecSr )Nrár r r r r!Úgetpass_bad_type•rPz;ContextTests.test_load_cert_chain..getpass_bad_typecSstdƒ‚)Nú getpass error)Ú Exceptionr r r r!Úgetpass_exception—rz.getpass_exceptionc@óeZdZdd„Zdd„ZdS)z:ContextTests.test_load_cert_chain..GetPassCallablecSrrrr­r r r!Ú__call__šrPzCContextTests.test_load_cert_chain..GetPassCallable.__call__cSrrrr­r r r!ÚgetpassœrPzBContextTests.test_load_cert_chain..GetPassCallable.getpassN)rÏrÐrÑrrr r r r!ÚGetPassCallable™s rzmust return a stringr )r rarVrŽrÎrÇr¶rr?r¤r@rArBrµr³ÚBADCERTÚ EMPTYCERTÚONLYCERTÚONLYKEYÚBYTES_ONLYCERTÚ BYTES_ONLYKEYrôÚCERTFILE_PROTECTEDrrfrÈÚONLYKEY_PROTECTEDr›rr) r®rMr6rrrr r r rrr r r!Útest_load_cert_chain\sœ   ÿ ÿ ÿ   ÿ ÿÿ ÿ ÿ ÿÿÿüÿÿÿÿÿz!ContextTests.test_load_cert_chaincCs t tj¡}| t¡|jtdd| t¡|jtdd| t|j¡| t|jddd¡| t¡ }| t ¡Wdƒn1sDwY|  |j j t j ¡| tjd¡ | t¡Wdƒn1siwY| tt¡|jttd| t|jdd¡dS)N)r‚r$rþ©r$T)r rarVrrÎÚBYTES_CERTFILErÇr¶rr?r¤r@rArBrµr³rrÚ BYTES_CAPATH©r®rMr6r r r!Útest_load_verify_locations¯s"     ÿ ÿ z'ContextTests.test_load_verify_locationscCs ttƒ }| ¡}Wdƒn1swYt |¡}ttƒ }| ¡}Wdƒn1s0wYt |¡}t tj¡}| |  ¡dd¡|j |d| |  ¡dd¡|j |d| |  ¡dd¡|j |d| |  ¡dd¡t tj¡}d  ||f¡}|j |d| |  ¡dd¡t tj¡}d|d|d |d g}|j d  |¡d| |  ¡dd¡t tj¡}|j |d|j |d| |  ¡dd¡|j |d| |  ¡dd¡t tj¡}d   ||f¡}|j |d| |  ¡dd¡t tj¡}|j t |j td| tjd ¡|j d dWdƒn 1s*wY| tjd¡|j ddWdƒdS1sIwYdS)NÚx509_car©ÚcadatarÄr˜rÌÚheadÚotherZagainÚtailrËz4no start line: cadata does not contain a certificateÚbrokenz6not enough data: cadata does not contain a certificatesbroken)rDrôrEr rõÚCAFILE_NEURONIOrarWr¤Úcert_store_statsrrrÇr¶Úobjectrµr³)r®rGZ cacert_pemZ cacert_derZ neuronio_pemZ neuronio_derrMZcombinedr r r!Útest_load_verify_cadataÂsd  ÿ   ÿ         ÿ       þüþ$üz$ContextTests.test_load_verify_cadataú)Avoid mixing debug/release CRT on WindowscCsÊt tj¡}| t¡tjdkr| t¡| t |j¡| t |jd¡| t ¡ }| t ¡Wdƒn1s9wY|  |j jtj¡| tj¡}| t¡WdƒdS1s^wYdS)NÚnt)r rarVÚload_dh_paramsÚDHFILErrÚ BYTES_DHFILErÇr¶rFr?r¤r@rArBr³rÎr r r r!Útest_load_dh_paramss      ÿ "ÿz ContextTests.test_load_dh_paramscCsHtjtjhD]}t |¡}| | ¡ddddddddddddœ ¡qdS)Nr) Únumberr=Z connect_goodZconnect_renegotiateÚacceptZ accept_goodZaccept_renegotiateÚhitsÚmissesZtimeoutsZ cache_full)r rWrVrar¤Ú session_statsrÀr r r!Útest_session_statss    õþzContextTests.test_session_statscCst tj¡}| ¡dSr)r rarWZset_default_verify_pathsrÞr r r!Útest_set_default_verify_paths s  z*ContextTests.test_set_default_verify_pathsz#ECDH disabled on this OpenSSL buildcCsbt tj¡}| d¡| d¡| t|j¡| t|jd¡| t|jd¡| t|jd¡dS)NÚ prime256v1s prime256v1Úfooófoo)r rarVÚset_ecdh_curverÇr¶r›rÞr r r!Útest_set_ecdh_curve&s   z ContextTests.test_set_ecdh_curvecCsjt tj¡}| t|j¡| t|jd¡| t|jd¡| t|j|¡dd„}| d¡| |¡dS)NrürcSrOrr ©rÚ servernamerMr r r!Ú dummycallback9rPz5ContextTests.test_sni_callback..dummycallback)r rarVrÇr¶Úset_servername_callback)r®rMrAr r r!Útest_sni_callback0s  zContextTests.test_sni_callbackcCsJt tj¡}|fdd„}| |¡t |¡}~~t ¡| |ƒd¡dS)NcSrOrr )rr@rMÚcycler r r!rABrPz>ContextTests.test_sni_callback_refcycle..dummycallback) r rarVrBrrÚgcÚcollectr¿)r®rMrArr r r!Útest_sni_callback_refcycle>s    z'ContextTests.test_sni_callback_refcyclecCsŽt tj¡}| | ¡ddddœ¡| t¡| | ¡ddddœ¡| t¡| | ¡ddddœ¡| t¡| | ¡ddddœ¡dS)Nr)r"ÚcrlÚx509rÄr˜) r rarWr¤r*rŽrÎrrôrÞr r r!Útest_cert_store_statsJs   ÿ   ÿ   ÿ   ÿz"ContextTests.test_cert_store_statsc Cs´t tj¡}| | ¡g¡| t¡| | ¡g¡| t¡| | ¡ddddddddœg¡ttƒ }|  ¡}Wdƒn1sDwYt  |¡}| | d¡|g¡dS) N)))r*zRoot CA))rÝzhttp://www.cacert.org))r+zCA Cert Signing Authority))ràzsupport@cacert.orgzMar 29 12:29:49 2033 GMTzMar 30 12:29:49 2003 GMTZ00)z!https://www.cacert.org/revoke.crlr)r/r0r1r2r9r3r5T) r rarWr¤Ú get_ca_certsrrÎrôrDrErõ)r®rMrGrøÚderr r r!Útest_get_ca_certsXs(    ôÿ  ÿ zContextTests.test_get_ca_certscCs€t tj¡}| ¡t tj¡}| tjj¡| ¡t tj¡}| tjj¡t tj¡}| t|jd¡| t|jd¡dS)Nr«) r rarWÚload_default_certsrªr«r¬rÇr¶rÞr r r!Útest_load_default_certsts    z$ContextTests.test_load_default_certsrznot-Windows specificcCsjt tj¡}t ¡!}t|d<t|d<| ¡| |  ¡ddddœ¡WdƒdS1s.wYdS)Nr~rrrÄ)rHrIr") r rarWrr€rrÎrNr¤r*)r®rMr„r r r!Útest_load_default_certs_envƒs  "üz(ContextTests.test_load_default_certs_envr†rz3Debug build does not share environment between CRTscCsŽt tj¡}| ¡| ¡}t tj¡}t ¡%}t|d<t|d<| ¡|dd7<|  | ¡|¡WdƒdS1s@wYdS)Nr~rrIrÄ) r rarWrNr*rr€rrÎr¤)r®rMÚstatsr„r r r!Ú#test_load_default_certs_env_windowsŒs   "ûz0ContextTests.test_load_default_certs_env_windowscCs†| |jtj@tj¡tdkr| |jt@t¡tdkr%| |jt@t¡tdkr2| |jt@t¡tdkrA| |jt@t¡dSdSrx)r¤r3r r§r>r?r@rArÞr r r!Ú_assert_context_options›s$ ÿ ÿ ÿ ÿÿz$ContextTests._assert_context_optionscCsät ¡}| |jtj¡| |jtj¡| |j¡|  |¡t t ƒ }|  ¡}Wdƒn1s2wYtjt t |d}| |jtj¡| |jtj¡|  |¡t tjj¡}| |jtj¡| |jtj¡|  |¡dS)N)r‚r$r$)r Úcreate_default_contextr¤rZrWrŒr£r r‹rSrDrœrErrªr¬rVrŠ)r®rMrGr$r r r!Útest_create_default_contextªs$    ÿÿ z(ContextTests.test_create_default_contextcCsVt ¡}| |jtj¡| |jtj¡| |j¡|  |¡t tj ƒrSt   ¡t tj ¡}Wdƒn1s9wY| |jtj ¡| |jtj¡|  |¡t   ¡tjtjtjdd}Wdƒn1slwY| |jtj¡| |jtj¡| |j¡|  |¡tjtjjd}| |jtj¡| |jtj¡|  |¡dS)NT)rr‹)Zpurpose)r Ú_create_stdlib_contextr¤rZrWrŒrŠrír‹rSr[rrrÆr0r£r rªr¬rVrÞr r r!Útest__create_stdlib_context¿s6    ÿ  ýÿ  z(ContextTests.test__create_stdlib_contextcCs t ¡t tj¡}Wdƒn1swY| |j¡| |jtj ¡d|_|  |j¡| |jtj ¡d|_tj |_| |j¡| |jtj ¡d|_tj |_d|_| |j¡| |jtj ¡d|_|  |j¡| |jtj ¡d|_tj |_d|_| |j¡| |jtj ¡d|_|  |j¡| |jtj ¡|  t¡ tj |_Wdƒn1s´wYd|_| |j¡tj |_| |jtj ¡dSrï)rrÆr rarUrír‹r¤rŒrŠr r£r¢rÇr›rÞr r r!Útest_check_hostnameÝsF ÿ         ÿ z ContextTests.test_check_hostnamecCsTt tj¡}| |j¡| |jtj¡t tj¡}|  |j¡| |jtj ¡dSr) r rarWr r‹r¤rŒr£rVrírŠrÞr r r!Útest_context_client_server s    z'ContextTests.test_context_client_servercCs¢Gdd„dtjƒ}Gdd„dtjƒ}t tj¡}||_||_|jt ¡dd}|  ||¡Wdƒn1s8wY|j t  ¡t  ¡dd}|  ||¡dS)Nc@ó eZdZdS)z;ContextTests.test_context_custom_class..MySSLSocketN©rÏrÐrÑr r r r!Ú MySSLSocketór\c@rZ)z;ContextTests.test_context_custom_class..MySSLObjectNr[r r r r!Ú MySSLObjectr]r^Tr9) r r»Ú SSLObjectrarVZsslsocket_classZsslobject_classrrºrÚwrap_bior²)r®r\r^rMrr§r r r!Útest_context_custom_classs ÿz&ContextTests.test_context_custom_classcCsòt tj¡}| |jd¡d|_| |jd¡d|_| |jd¡| t¡ d|_Wdƒn1s4wY| t¡ d|_Wdƒn1sLwYt tj¡}| |jd¡| t¡ d|_WdƒdS1srwYdS)Nr˜rÄrrœ) r rarVr¤Z num_ticketsrÇr›r¶rWrÞr r r!Útest_num_tickest$s"  ÿ ÿ  "ÿzContextTests.test_num_tickestN).rÏrÐrÑrÙrßrdrÓrrárèrërîrórÒrõrJr rar÷rýrr!r,ÚskipIfÚPy_DEBUG_WIN32r2r8r9r¦r>rCrGrJrMrOrqrÕrPrRrSrUrWrXrYrarbr r r r!rÖxsZ ÿ   N þ S ?         , rÖc@s8eZdZdd„Ze ed¡dd„ƒZdd„Zdd „Z d S) Ú SSLErrorTestscCsXt dd¡}| t|ƒd¡| |jd¡t dd¡}| t|ƒd¡| |jd¡dS)NrÄr;)r r³r¤rRrAZSSLZeroReturnError)r®Úer r r!Útest_str8s  zSSLErrorTests.test_strr-cCs‚t tj¡}| tj¡ }| t¡Wdƒn1swY| |jj d¡| |jj d¡t |jƒ}|  |  d¡|¡dS)NZPEMZ NO_START_LINEz"[PEM: NO_START_LINE] no start line)r rarWrÇr³r/rÎr¤r@ÚlibraryÚreasonrRr rS)r®rMr6r½r r r!Útest_lib_reasonBs  ÿ zSSLErrorTests.test_lib_reasonc Cst tj¡}d|_tj|_t d¡f}t |  ¡¡}|  d¡|j |ddd9}|  tj ¡ }| ¡Wdƒn1s=wYt|jƒ}| | d¡|¡| |jjtj¡Wdƒn1scwYWdƒdSWdƒdS1s{wYdS)NFrmrnz%The operation did not complete (read))r rarWr‹rŠrŒrºrpÚcreate_connectionrqÚ setblockingrrÇÚSSLWantReadErrorÚ do_handshakerRr@r rSr¤rAÚSSL_ERROR_WANT_READ)r®rMr½rsr6r r r!Ú test_subclassMs"    ÿ úý"ýzSSLErrorTests.test_subclasscCsÔt ¡}| t¡|jt ¡t ¡ddWdƒn1s wY| t¡|jt ¡t ¡ddWdƒn1sAwY| t¡|jt ¡t ¡ddWdƒdS1scwYdS)Nrrkz .example.orgzexample.orgevil.com)r rTrÇr›r`r²r¶rÞr r r!Útest_bad_server_hostname_s  ÿÿ ÿÿ ÿ"ÿz&SSLErrorTests.test_bad_server_hostnameN) rÏrÐrÑrgrdrcrdrjrprqr r r r!re6s   rec@s4eZdZdd„Zdd„Zdd„Zdd„Zd d „Zd S) ÚMemoryBIOTestscCsªt ¡}| d¡| | ¡d¡| | ¡d¡| d¡| d¡| | ¡d¡| | ¡d¡| d¡| | d¡d¡| | d¡d ¡| | d¡d¡dS) Nr<rËóbarsfoobaróbazr˜sbarÄóz)r r²rur¤rE©r®Úbior r r!Útest_read_writens    zMemoryBIOTests.test_read_writecCs¶t ¡}| |j¡| | ¡d¡| |j¡| d¡| |j¡| ¡| |j¡| | d¡d¡| |j¡| | d¡d¡| |j¡| | ¡d¡| |j¡dS)NrËr<r˜sforÄóo) r r²ríÚeofr¤rEruÚ write_eofr rvr r r!Útest_eof|s       zMemoryBIOTests.test_eofcCs t ¡}| |jd¡| d¡| |jd¡tdƒD]}| d¡| |jd|d¡qtdƒD]}| d¡| |j|d¡q2| ¡| |jd¡dS)Nrr<rrÄr)r r²r¤Úpendingrur¢rE)r®rwr¦r r r!Ú test_pendingŒs     zMemoryBIOTests.test_pendingcCsbt ¡}| d¡| | ¡d¡| tdƒ¡| | ¡d¡| tdƒ¡| | ¡d¡dS)Nr<rsrt)r r²rur¤rErÈÚ memoryviewrvr r r!Útest_buffer_typesšs z MemoryBIOTests.test_buffer_typescCsLt ¡}| t|jd¡| t|jd¡| t|jd¡| t|jd¡dS)Nr;TrÄ)r r²rÇr¶rurvr r r!Útest_error_types£s zMemoryBIOTests.test_error_typesN)rÏrÐrÑrxr|r~r€rr r r r!rrls  rrc@r)ÚSSLObjectTestscCsFt ¡}| td¡t ||¡WdƒdS1swYdSr¹)r r²rµr¶r_rvr r r!r¾¬s"ÿz SSLObjectTests.test_private_initc Cs:tƒ\}}}t ¡}t ¡}t ¡}t ¡}|j|||d}|j||dd} tdƒD]8} z| ¡Wn tjy<Ynw|jrG| |  ¡¡z|  ¡Wn tjyWYnw|jrb| |  ¡¡q*| ¡|  ¡|  tj¡ |  ¡Wdƒn1s€wY| |  ¡¡|   ¡| |  ¡¡|  ¡dS)NrkTr9r») r r r²r`r¢rnrmr}rurErÇÚunwrap) r®Ú client_ctxÚ server_ctxrZc_inZc_outZs_inZs_outÚclientrÅÚ_r r r!Ú test_unwrap±s@   ÿ ÿ€ ÿ zSSLObjectTests.test_unwrapN)rÏrÐrÑr¾rˆr r r r!r‚«s r‚c@sÒeZdZdZdd„Zdd„Zdd„Zdd „Zd d „Zd d „Z dd„Z dd„Z dd„Z e  ejdkd¡dd„ƒZdd„Zdd„Zdd„Zdd„Zd d!„Zd"d#„Zd$d%„Zd&d'„Zd(d)„Zd*d+„Zd,d-„Zd.d/„Zd0S)1ÚSimpleBackgroundTestsz?Tests that connect to a simple server running in the backgroundcCsPt tj¡|_|j t¡t|jd}t|jf|_ |  ¡|  |j ddd¡dS)NrÊ) r rarVrŸrŽr–rÌr>rÆÚ server_addrÚ __enter__rEÚ__exit__)r®rÅr r r!ÚsetUpÞs    zSimpleBackgroundTests.setUpcCsÂtt tj¡tjd}| |j¡| i| ¡¡|  |j ¡Wdƒn1s*wYtt tj¡tj t d}| |j¡|  | ¡¡|  |j ¡WdƒdS1sZwYdS)Nr®©rr‚)r“rºrr rŠr=rŠr¤Ú getpeercertrír†r£rœr r¼r r r!Ú test_connectæs" ÿ ü þ "ûz"SimpleBackgroundTests.test_connectcCs<tt tj¡tjd}| |j¡| tjd|j |j ¡dS)Nr®úcertificate verify failed) r“rºrr r£rErFrµr³r=rŠr¼r r r!Útest_connect_failõs ÿ  ÿz'SimpleBackgroundTests.test_connect_failcCsJtt tj¡tjtd}| |j¡| d|  |j ¡¡|  |  ¡¡dS)NrŽr) r“rºrr r£rœrErFr¤rÃrŠr rr¼r r r!Útest_connect_exÿs þ z%SimpleBackgroundTests.test_connect_exc CsÒtt tj¡tjtdd}| |j¡| d¡|  |j ¡}|  |dt j t jf¡t g|ggd¡ z| ¡Wn&tjyLt |gggd¡Yntjy^t g|ggd¡Ynwq3| | ¡¡dS)NF)rr‚rorr*)r“rºrr r£rœrErFrlrÃrŠr{rAZ EINPROGRESSrÄÚselectrnrmÚSSLWantWriteErrorr r©r®r½rÇr r r!Útest_non_blocking_connect_exs* ý   ÿú z2SimpleBackgroundTests.test_non_blocking_connect_excCst tj¡}d|_tj|_| t tj¡¡}|  |j ¡|  i|  ¡¡Wdƒn1s/wY|jt tj¡dd}|  |j ¡Wdƒn1sPwYtj |_| t¡| t tj¡¡}|  |j ¡|  ¡}| |¡WdƒdS1s‚wYdS)NFZdummyrk)r rarWr‹rŠrŒrrºrr=rŠr¤rr£rrœr ©r®rMr½rQr r r!Útest_connect_with_context"s(  þÿþ   "ýz/SimpleBackgroundTests.test_connect_with_contextcCsHt tj¡}|jt tj¡td}| |j¡|  tj d|j |j ¡dS)Nrkr‘) r rarWrrºrr‰rErFrµr³r=rŠ)r®rMr½r r r!Útest_connect_with_context_fail6s  þ  ÿz4SimpleBackgroundTests.test_connect_with_context_failcCsÞt tj¡}|jtd|jt tj¡td}|  |j ¡|  ¡}|  |¡Wdƒn1s1wYt tj¡}|jt d|jt tj¡td}|  |j ¡|  ¡}|  |¡WdƒdS1shwYdS)Nrrk)r rarWrrrrºrr‰r=rŠrr rr˜r r r!Útest_connect_capathCs(  ÿ  ü  ÿ  "üz)SimpleBackgroundTests.test_connect_capathcCsttƒ }| ¡}Wdƒn1swYt |¡}t tj¡}|j|d|jt   t j ¡t d}|  |j ¡| ¡}| |¡Wdƒn1sNwYt tj¡}|j|d|jt   t j ¡t d}|  |j ¡| ¡}| |¡WdƒdS1s…wYdS)Nr#rk)rDrœrEr rõrarWrrrºrr‰r=rŠrr )r®rGrørLrMr½rQr r r!Útest_connect_cadataZs0  ÿ   ÿ  ü  ÿ  "üz)SimpleBackgroundTests.test_connect_cadatar.z*Can't use a socket as a file under WindowscCsœtt tj¡ƒ}| |j¡| ¡}| ¡}| ¡t  |d¡| ¡t   ¡|  t ¡}t  |d¡Wdƒn1s>wY| |jjtj¡dSrx)r“rºrr=rŠÚfilenoÚmakefilerFrrErErFrÇrr¤r@rAÚEBADF)r®rÚfdrGrfr r r!Útest_makefile_closeos   ÿz)SimpleBackgroundTests.test_makefile_closecCsÀt tj¡}| |j¡| d¡t|tjdd}| |j ¡d} z |d7}|  ¡Wn$tj y>t   |ggg¡Yntj yOt   g|gg¡Ynwq"tjr^tj d|¡dSdS)NF©rrorTrÄz9 Needed %d calls to do_handshake() to establish session. )rºrr=rŠrlr“r rŠrErFrnrmr”r•rrsrqrtru)r®r½Úcountr r r!Útest_non_blocking_handshake‚s.   þ ÿù ÿz1SimpleBackgroundTests.test_non_blocking_handshakecCst|g|j¢RdtiŽdS)NrQ)Ú_test_get_server_certificaterŠrœr­r r r!Útest_get_server_certificate—r#z1SimpleBackgroundTests.test_get_server_certificatecs¢|j\}}g‰‡fdd„}|j |¡t ||f¡}|s%| d||f¡tj||ftd}|s9| d||f¡tjrGt j   d|||f¡|  ˆ||g¡dS)Ncsˆ |¡dSr)Úappend©Ússl_sockZ server_nameZinitial_context©Z server_namesr r!Ú servername_cbŸózLSimpleBackgroundTests.test_get_server_certificate_sni..servername_cbúNo server certificate on %s:%s!©r‚ú& Verified certificate for %s:%s is %s ) rŠrŸrBr Úget_server_certificaterörœrrsrqrtrur¤)r®rdrÆr«rør rªr!Útest_get_server_certificate_snišs   z5SimpleBackgroundTests.test_get_server_certificate_snicCst|g|j¢RŽdSr)Ú!_test_get_server_certificate_failrŠr­r r r!Ú test_get_server_certificate_fail¯sz6SimpleBackgroundTests.test_get_server_certificate_failcCsXdd„}|j |¡| tj¡tj|jtddWdƒdS1s%wYdS)NcSst d¡dS)Nçš™™™™™É?)ryÚsleepr¨r r r!r«µr¬zPSimpleBackgroundTests.test_get_server_certificate_timeout..servername_cbçš™™™™™¹?)r‚r-) rŸrBrÇrºr-r r°rŠrœ)r®r«r r r!Ú#test_get_server_certificate_timeout´s  ÿ"ÿz9SimpleBackgroundTests.test_get_server_certificate_timeoutc Cstt tj¡tjdd}| |j¡Wdƒn1swYtt tj¡tjdd}| |j¡Wdƒn1s?wY| tjd¡5t tj¡}t|tjdd}| |j¡Wdƒn1skwYWdƒdSWdƒdS1sƒwYdS)NrÚ)rrƒrÛrÜrÝ) r“rºrr rŠr=rŠrµr³)r®r½rr r r!rß½s, ÿþ ÿþÿýÿ"ÿz"SimpleBackgroundTests.test_cipherscCs”t tj¡}|jtd| | ¡g¡|jt tj ¡dd}|  |j ¡|  ¡}|  |¡Wdƒn1s9wY| t| ¡ƒd¡dS)Nrr,rkrÄ)r rarWrrr¤rKrrºrr=rŠrr rYr˜r r r!Útest_get_ca_certs_capathËs  ÿ  üz.SimpleBackgroundTests.test_get_ca_certs_capathcCs¾t tj¡}|jtdt tj¡}|jtdt tj¡}|j|dd0}| |j ¡|  |j |¡|  |j j |¡||_ |  |j |¡|  |j j |¡WdƒdS1sXwYdS)Nrr,rk) r rarWrrrºrrr=rŠr¿r’Ú_sslobj)r®Zctx1Zctx2r½rr r r!Útest_context_setget×s      "úz)SimpleBackgroundTests.test_context_setgetc Osú| dtj¡}t ¡|}d} t ¡|kr| d¡d} | d7} z||Ž} Wn tjyG} z| jtj tj fvr:‚| j} WYd} ~ nd} ~ ww|  ¡} |  | ¡| durVn| tj krl|  d¡} | rh| | ¡n| ¡qtjr{tj d| |jf¡| S)Nr-rTrÄi€z"Needed %d calls to complete %s(). )rˆrÚ SHORT_TIMEOUTryÚ monotonicrör r³rAroZSSL_ERROR_WANT_WRITErEÚsendallrrur{rsrqrtrÏ)r®rÚincomingÚoutgoingrgrer‘r-Údeadliner£rAÚretrfÚbufr r r!Ú ssl_io_loopæsB    ÿ€ü    çÿz!SimpleBackgroundTests.ssl_io_loopcCs~t tj¡}| |j¡| |j¡t ¡}t ¡}t tj ¡}|  |j ¡|  |j tj¡| t¡| ||dt¡}| |jj|¡| | ¡¡| | ¡¡| | ¡¡| t|j¡dtjvrl| | d¡¡| ||||j ¡|  | ¡¡| | ¡¡| !| ¡¡|  | ¡¡dtjvrž|  | d¡¡z | ||||j"¡Wn tj#y³Ynw| tj$|j%d¡dS)NFrur<)&rºrrErFr=rŠr r²rarWr r‹r¤rŒr£rrœr`r‰r¿r¹ÚownerrwÚcipherr5Úshared_ciphersrÇr›rrÔrrrÃrnÚassertIsNotNonerƒZSSLSyscallErrorr³ru)r®rr¾r¿rMÚsslobjr r r!Útest_bio_handshake s@       ÿ  ýz(SimpleBackgroundTests.test_bio_handshakecCs¼t tj¡}| |j¡| |j¡t ¡}t ¡}t tj ¡}d|_ tj |_ |  ||d¡}| ||||j¡d}| ||||j|¡| ||||jd¡}| |d¡| ||||j¡dS)NFóFOO ésfoo )rºrrErFr=rŠr r²rarWr‹rŠrŒr`rÃrnrurEr¤rƒ)r®rr¾r¿rMrÈZreqrÂr r r!Útest_bio_read_write_data- s     z.SimpleBackgroundTests.test_bio_read_write_datacCs”tƒ\}}}t tj¡4}| |j¡t ¡}t ¡}|j|||d}| ||||j ¡|  ¡|  tj |j ¡WdƒdS1sCwYdS)Nrk)r rºrr=rŠr r²r`rÃrnr{rÇÚ SSLEOFErrorrE)r®ržrŸrrr¾r¿rÈr r r!Útest_transport_eof> s  ÿ"öz(SimpleBackgroundTests.test_transport_eofN)rÏrÐrÑÚ__doc__rrr’r“r—r™ršr›rœrdrcrrr¡r¤r¦r±r³r·rßr¸rºrÃrÉrÌrÎr r r r!r‰Ûs2      %" r‰Únetworkc@s*eZdZdd„Ze ejd¡dd„ƒZdS)ÚNetworkedTestscCs¨t t¡Ett tj¡tjdd}| |j ¡|  d¡|  tdf¡}|dkr.|  d¡n |t jkr8|  d¡| |t jt jf¡WdƒdS1sMwYdS)NFr¢gH¯¼šò×z>é»rz!REMOTE_HOST responded too quicklyzNetwork unreachable.)rÚtransient_internetÚ REMOTE_HOSTr“rºrr r£rErFr+rÃrÀrAZ ENETUNREACHr{ÚEAGAINrÄr–r r r!Útest_timeout_connect_exP s  þ     "õz&NetworkedTests.test_timeout_connect_exz Needs IPv6cCsHt d¡t|ddƒt|ddƒWdƒdS1swYdS)Nzipv6.google.comrÒ)rrÓr¥r²r­r r r!Ú test_get_server_certificate_ipv6` s  "þz/NetworkedTests.test_get_server_certificate_ipv6N) rÏrÐrÑrÖrdrÓrrhr×r r r r!rÑM s rÑcCspt ||f¡}|s| d||f¡tj||f|d}|s&| d||f¡tjr6tj d|||f¡dSdS)Nr­r®r¯)r r°rörrsrqrtru)ÚtestrdrÆrQrør r r!r¥g sÿr¥c Cs|z tj||ftd}Wn&tjy1}ztjr&tj d|¡WYd}~dSWYd}~dSd}~ww|  d|||f¡dS)Nr®z%s z$Got server certificate %s for %s:%s!) r r°rÎr³rrsrqrtrurö)rØrdrÆrøÚxr r r!r²r sÿ€þr²)Úmake_https_serverc@sdeZdZGdd„dejƒZ     ddd„Zdd „Zd d „Zdd d „Z dd„Z dd„Z dd„Z dS)rÌc@s@eZdZdZdd„Zdd„Zdd„Zdd „Zd d „Zd d „Z dS)z$ThreadedEchoServer.ConnectionHandlerzºA mildly complicated class, because we want it to work both with and without the SSL wrapper around the socket connection, so that we can test the STARTTLS functionality.cCs@||_d|_||_||_|j d¡d|_tj |¡d|_ dS©NFT) rÅÚrunningrÚaddrrlÚsslconnÚ threadingÚThreadÚ__init__Údaemon)r®rÅZconnsockrÝr r r!rᇠs   z-ThreadedEchoServer.ConnectionHandler.__init__c Csêz|jjj|jdd|_|jj |j ¡¡Wnttt t fyL}z&|jj  t |ƒ¡|jj r:tdt|jƒdƒd|_| ¡WYd}~dSd}~wtjtfy‹}z1|jj  t |ƒ¡|jj rntdt|jƒdƒ|jtjkr€tjdkr€d|_| ¡WYd}~dSd}~ww|jj |j ¡¡|jjjtjkrÛ|j ¡}tjr·|jj r·tj  !dt" #|¡d¡|j d¡}tjrÛ|jj rÛ|durÏtj  !d ¡n tj  !d t$|ƒ›d ¡|j %¡}tjró|jj rótj  !d t |ƒd¡dS) NTr9z' server: bad connection attempt from z: FÚdarwinz client cert is rÌz client did not provide a cert z cert binary is zb z" server: connection cipher is now )&rÅr’rrrÞÚselected_alpn_protocolsr§Úselected_alpn_protocolÚConnectionResetErrorÚBrokenPipeErrorÚConnectionAbortedErrorÚ conn_errorsrRÚchattyrwryrÝrÜrFr r³rrAZ EPROTOTYPErqrÕrÆrŒr£rrrsrtrurÒrÓrYrÅ)r®rfrQZ cert_binaryrÅr r r!Ú wrap_conn‘ sJÿ € €ë   z.ThreadedEchoServer.ConnectionHandler.wrap_conncCs|jr|j ¡S|j d¡S)NrË)rÞrErrr­r r r!rEÎ s  z)ThreadedEchoServer.ConnectionHandler.readcCs|jr |j |¡S|j |¡Sr)rÞrurr!)r®rr r r!ruÔ s  z*ThreadedEchoServer.ConnectionHandler.writecCs"|jr |j ¡dS|j ¡dSr)rÞrFrr­r r r!rFÚ sz*ThreadedEchoServer.ConnectionHandler.closec CsÐd|_|jjs | ¡s dS|jræz†| ¡}| ¡}|s;d|_z|j ¡|_Wn t y1Ynwd|_|  ¡n\|dkrSt j rL|jj rLtj d¡|  ¡WdS|jjrv|dkrvt j rh|jj rhtj d¡| d¡| ¡stWdSn!|jjrª|jrª|dkrªt j rŽ|jj rŽtj d ¡| d¡|j ¡|_d|_t j r©|jj r©tj d ¡ní|d krÎt j r»|jj r»tj d ¡|j d ¡}| t|ƒ d¡d¡nÉ|dkrt j rà|jj ràtj d¡z|j ¡Wn tjy}z| t|ƒ d¡d¡WYd}~n”d}~ww| d¡n‰|dkr'|j ¡dur!| d¡nv| d¡np|dkr>|j ¡}| t|ƒ d¡d¡nY|dkrW|jj ¡}| t|ƒ dd¡d¡n@|dkrp|jj ¡}| t|ƒ dd¡d¡n't j r|jj r|jr€dpd}tj d||| ¡|f¡| | ¡¡WnHt yà}z;|jjr½t j r½t|t ƒr¹t!d|j"›ƒnt#dƒz| d¡Wn t yÎYnw|  ¡d|_WYd}~nd}~ww|jsdSdS) NTFsoverz" server: client closed connection óSTARTTLSz2 server: read STARTTLS from client, sending OK... óOK óENDTLSz0 server: read ENDTLS from client, sending OK... z* server: connection is now unencrypted... s CB tls-uniquez@ server: read CB tls-unique from client, sending our CB data... ruúus-asciió óPHAz( server: initiating post handshake auth óHASCERTóTRUE óFALSE óGETCERTs VERIFIEDCHAINrÄÚbigsUNVERIFIEDCHAINZ encryptedZ unencryptedz/ server: read %r (%s), sending back %r (%s)... z Connection reset by peer: zTest server failure: sERROR )$rÜrÅÚstarttls_serverrërEÚstriprÞrƒrrrFrrsÚconnectionchattyrqrtrurrryrfÚverify_client_post_handshaker r³rr¹Úget_verified_chainrYÚto_bytesÚget_unverified_chainr¿rêrQÚConnectionErrorÚprintrÝrw)r®ÚmsgÚstrippedrÊrfrQZcertsZctyper r r!Úrunà s¼ ü    ÿ    €    $€ÿ          ÿÿ€  ÿÿ€ï·z(ThreadedEchoServer.ConnectionHandler.runN) rÏrÐrÑrÏrárërErurFrr r r r!ÚConnectionHandler s = rNTFc Csà| r| |_n8t |dur|ntj¡|_|dur|ntj|j_|r&|j |¡|r.|j |¡|r6|j |¡| r>|j  | ¡||_ ||_ ||_ t   ¡|_t |j¡|_d|_d|_g|_g|_g|_tj |¡d|_d|_dSrÛ)r’r rarVrŠrŒrrŽÚset_alpn_protocolsrKrêrùr÷rºrrrÂrÆÚflagÚactiverärÆrérßràrárâÚ _in_context) r®Z certificateÚ ssl_versionÚcertreqsÚcacertsrêrùr÷Zalpn_protocolsrƒr’r r r!ráA s>ÿþ ÿ       zThreadedEchoServer.__init__cCs0|jrtdƒ‚d|_| t ¡¡|j ¡|S)Nz&Re-entering ThreadedEchoServer contextT)rr›ÚstartrßÚEventrÚwaitr­r r r!r‹d s  zThreadedEchoServer.__enter__cGs$|jsJ‚d|_| ¡| ¡dS©NF)rÚstopr©r®rer r r!rŒl s  zThreadedEchoServer.__exit__cCs$|jstdƒ‚||_tj |¡dS)Nú4ThreadedEchoServer must be used as a context manager)rr›rrßràr ©r®rr r r!r r s ÿzThreadedEchoServer.startc CsF|jstdƒ‚|j d¡|j d¡d|_|jr|j ¡|jrz*|j ¡\}}t j r;|j r;t j  dt|ƒd¡| |||¡}| ¡| ¡WnNtyj}zt j r`t j  d|›d¡WYd}~n4d}~wtyv| ¡Yn$ty™}zt j r|j rt j  dt|ƒd¡WYd}~nd}~ww|js!| ¡dS) Nrgð?r»Tz server: new connection from rÌz connection timeout z connection handling failed: )rr›rr+Úlistenrrrr4rrsrêrqrtruryrr rÚ TimeoutErrorÚKeyboardInterruptrÚ BaseExceptionrF)r®ZnewconnZconnaddrÚhandlerrfr r r!ry sHÿ    ÿÿ €   ÿ€þò zThreadedEchoServer.runcCs"|jdur|j ¡d|_dSdSr)rrFr­r r r!rF˜ s   þzThreadedEchoServer.closecCs d|_dSr)rr­r r r!r ó zThreadedEchoServer.stop) NNNNTFFNNNr) rÏrÐrÑrßràrrár‹rŒr rrFrr r r r!rÌ sA ü#  rÌc@sXeZdZGdd„dejƒZdd„Zdd„Zdd„Zd d „Z dd d „Z dd„Z dd„Z d S)ÚAsyncoreEchoServerc@s6eZdZGdd„dejƒZdd„Zdd„Zdd„Zd S) zAsyncoreEchoServer.EchoServerc@s<eZdZdd„Zdd„Zdd„Zdd„Zd d „Zd d „Zd S)z/AsyncoreEchoServer.EchoServer.ConnectionHandlercCs4t|d|dd|_tj ||j¡d|_| ¡dS)NTF)r†r„ro)r“rºÚasyncoreÚdispatcher_with_sendráÚ_ssl_acceptingÚ_do_ssl_handshake)r®Úconnr„r r r!rᨠsþ z8AsyncoreEchoServer.EchoServer.ConnectionHandler.__init__cCs6t|jtjƒr|j ¡dkr| ¡|j ¡dksdS)NrT)rQrºr r»r}Zhandle_read_eventr­r r r!Úreadable° s ÿz8AsyncoreEchoServer.EchoServer.ConnectionHandler.readablec Cs¨z|j ¡WnGtjtjfyYdStjy"| ¡YStjy*‚tyN}z|j dt j krC| ¡WYd}~SWYd}~dSd}~wwd|_ dS)NrF) rºrnr rmr•rÍÚ handle_closer³rrerAZ ECONNABORTEDr©r®Úerrr r r!r¶ s ÿ€ÿ zAAsyncoreEchoServer.EchoServer.ConnectionHandler._do_ssl_handshakecCsX|jr | ¡dS| d¡}tjrtj dt|ƒ¡|s#|  ¡dS|  |  ¡¡dS)NrËz server: read %s from client ) rrrrrsrqrtruryrFr!r¿)r®rÊr r r!Ú handle_readÅ s   z;AsyncoreEchoServer.EchoServer.ConnectionHandler.handle_readcCs(| ¡tjrtj d|j¡dSdS)Nz server: closed connection %s )rFrrsrqrtrurºr­r r r!r Ñ sÿz)Ú __class__rÏrÅr­r r r!Ú__str__ð szAsyncoreEchoServer.__str__cCs| t ¡¡|j ¡|Sr)r rßr rr r­r r r!r‹ó s zAsyncoreEchoServer.__enter__cGsVtjr tj d¡| ¡tjrtj d¡| ¡tjr#tj d¡tjdddS)Nz cleanup: stopping server. z! cleanup: joining server thread. z cleanup: successfully joined. T)Z ignore_all) rrsrqrtrurrrZ close_allrr r r!rŒø s   zAsyncoreEchoServer.__exit__NcCs||_tj |¡dSr)rrßràr rr r r!r  szAsyncoreEchoServer.startcCsBd|_|jr |j ¡|jrzt d¡WnY|jsdSdS)NTrÄ)rrrrZloopr­r r r!r s üzAsyncoreEchoServer.runcCsd|_|j ¡dSr)rrÅrFr­r r r!r szAsyncoreEchoServer.stopr) rÏrÐrÑrr'r)rár+r‹rŒr rrr r r r!r  sD  rrÊFc Csˆi}t||dd}|¯|jt ¡||dŠ} |  t|jf¡|t|ƒt|ƒfD]C} |r7tj r7t j   d|¡|   | ¡|   ¡} |rMtj rMt j   d| ¡| | ¡krktd| dd…t| ƒ|dd… ¡t|ƒfƒ‚q(|   d ¡|r|tj r|t j   d ¡| |  ¡|  ¡|  ¡|  ¡|  ¡| j| jd œ¡|  ¡Wdƒn1s£wY|j|d <|j|d <Wdƒ|S1s½wY|S)zW Launch a server, connect a client to it and try various reads and writes. F©r’rêrù)r‡Úsessionú client: sending %r... ú client: read %r ú4bad data <<%r>> (%d) received; expected <<%r>> (%d) Néóover ú client: closing connection. )Ú compressionrÅÚpeercertÚclient_alpn_protocolr5Úsession_reusedr-Úserver_alpn_protocolsÚserver_shared_ciphers)rÌrrºr=r>rÆrÈrrrsrqrtrurEr¿ÚAssertionErrorrYr’r4rÅrrår5r7r-rFrärÆ) ržrŸÚindatarêrùÚsni_namer-rQrÅr½ÚargÚoutdatar r r!Úserver_params_test shþ ÿÿ  ÿÿÿÿ  ù á  Þ#Ý#r?c Cs|durtj}tjdtjdtjdi|}tjr.|rdpd}tj |t  |¡t  |¡|f¡t   ¡ t  |¡}|j |O_ t  |¡} | j |O_ Wdƒn1sUwYt |d¡} | durŠt| dƒrŠ|tjkrŠ| j| krŠt   ¡ | | _Wdƒn1s…wY|jtjkr•| d¡t| |ƒ|| fD]} || _|  t¡|  t¡qžz t|| d d d } Wn)tjyÆ|rÂYdStyá} z|sÕ| jtjkrÖ‚WYd} ~ dSd} ~ ww|sòt d t  |¡t  |¡fƒ‚|d ur|| d kr t d|| d fƒ‚dSdS)a< Try to SSL-connect using *client_protocol* to *server_protocol*. If *expect_success* is true, assert that the connection succeeds, if it's false, assert that the connection fails. Also, if *expect_success* is a string, assert that it is the protocol version actually used by the connection. NrŠr¢r£z %s->%s %s z {%s->%s} %s rIrÚF)rêrùz5Client protocol %s succeeded with server protocol %s!Tr5z%version mismatch: expected %r, got %r)!r rŠr¢r£rrsrqrtruZget_protocol_namerrÆrar3ÚPROTOCOL_TO_TLS_VERSIONrˆrJrUrIrZrKrNrŒrŽr–rrœr?r³rrAÚ ECONNRESETr:)Zserver_protocolZclient_protocolÚexpect_successZ certsreqsÚserver_optionsÚclient_optionsZcerttypeZ formatstrržrŸZ min_versionrMrQrfr r r!Útry_protocol_comboF s† ýü þÿ   û ý   ÿ       ÿÿÿ€ÿÿÿÿ  ÿþrEc@s~eZdZdd„Zdd„Zdd„Zdd„Ze e j d ¡d d „ƒZ d d „Z dd„Z dd„Zdd„Zedƒdd„ƒZdd„Zdd„Zedƒdd„ƒZdd„Zed ƒd!d"„ƒZed#ƒd$d%„ƒZed&ƒd'd(„ƒZed)ƒd*d+„ƒZd,d-„Zd.d/„Zd0d1„Zd2d3„Zd4d5„Zd6d7„Zd8d9„Z d:d;„Z!dd?„Z#d@dA„Z$dBdC„Z%edƒdDdE„ƒZ&ed)ƒed#ƒe'dFdG„ƒƒƒZ(ed&ƒe'dHdI„ƒƒZ)ed)ƒed#ƒe'dJdK„ƒƒƒZ*ed ƒdLdM„ƒZ+dNdO„Z,e dPe j-vdQ¡dRdS„ƒZ.dTdU„Z/e e0e dVƒdW¡dXdY„ƒZ1e 2e3dZ¡d[d\„ƒZ4d]d^„Z5d_d`„Z6dadb„Z7dcdd„Z8dedf„Z9dgdh„Z:didj„Z;dkdl„Zdqdr„Z?dsdt„Z@dudv„ZAdwdx„ZBdydz„ZCd{d|„ZDd}S)~Ú ThreadedTestsc Csðtjr tj d¡tƒ\}}}|jtjtj dt ||dd|dWdƒn1s,wYd|_ |jtj tjd0|  tj ¡}t ||dd|dWdƒn1sXwY| dt|jƒ¡Wdƒn1spwY|jtj tj d/|  tj ¡}t ||dddWdƒn1s˜wY| dt|jƒ¡Wdƒn1s°wY|jtjtjd0|  tj ¡}t ||dddWdƒn1sØwY| dt|jƒ¡WdƒdS1sñwYdS) z2Basic test of an SSL client connecting to a serverrÌ)r†rÅT)ržrŸrêrùr<NFz@Cannot create a client socket with a PROTOCOL_TLS_SERVER context)ržrŸrêrù)rrsrqrtrur r´r rWrVr?r‹rÇr³r{rRr@)r®ržrŸrrfr r r!Ú test_echo– s`  ýÿýÿþú þÿþû þÿþ"ûzThreadedTests.test_echoc Cs¤tjr tj d¡tƒ\}}}t|dd}|±|jt ¡d|dŽ}|  t |j f¡|  t ¡ | ¡Wdƒn1s?wY| ¡| ¡}| |d¡| ¡}tjrptj t |¡d¡tj dt|ƒd¡d|vr~| d t |¡¡d |dvr‰| d ¡| d |¡| d |¡t |d ¡}t |d ¡} | || ¡Wdƒn1s³wYWdƒdSWdƒdS1sËwYdS)NrÌF©r’rê)ror‡úCan't get peer certificate.zConnection cipher is z. r3z$No subject field in certificate: %s.r)zkMissing or invalid 'organizationName' field in certificate subject; should be 'Python Software Foundation'.r1r0)rrsrqrtrur rÌrrºr=r>rÆrÇr›rrnr rÅrÒrÓrRrör{r r±r) r®ržrŸrrÅr½rQrÅÚbeforeZafterr r r!Útest_getpeercert sP    þ  ÿ ÿÿÿ  åÿ"ÿzThreadedTests.test_getpeercertc Cstjr tj d¡tƒ\}}}ttddƒ}| |j tj |B¡t |dd}|3|j t   ¡|d}| t|jf¡| ¡}| |d¡Wdƒn1sNwYWdƒn1s]wY|j tjO_ t |dd}|@|j t   ¡|d'}| tjd¡| t|jf¡Wdƒn1s—wYWdƒn1s¦wYWdƒn1sµwY| t¡t |dd}|<|j t   ¡|d}| t|jf¡| ¡}| |d¡Wdƒn1sîwYWdƒdSWdƒdS1swYdS) NrÌrørTrHrkrIr‘)rrsrqrtrur rTr r¤rùrúrÌrrºr=r>rÆrr rûrµr³rÚCRLFILE)r®ržrŸrrürÅr½rQr r r!Útest_crl_checkæ s^     ÿü€ÿ  ÿÿþ€þ€ÿ   ÿüÿ$ÿzThreadedTests.test_crl_checkc Csètjr tj d¡tƒ\}}}t|dd}|3|jt ¡|d}|  t |j f¡|  ¡}|  |d¡Wdƒn1s>wYWdƒn1sMwYt|dd}|@|jt ¡dd'}| tjd¡|  t |j f¡Wdƒn1swYWdƒn1sŽwYWdƒn1swYt|dd}|@t ¡#}| td¡ | |¡Wdƒn1sÆwYWdƒn1sÕwYWdƒdSWdƒdS1síwYdS) NrÌTrHrkrIriz:Hostname mismatch, certificate is not valid for 'invalid'.z'check_hostname requires server_hostname)rrsrqrtrur rÌrrºr=r>rÆrr rµr rSr›)r®ržrŸrrÅr½rQr r r!rX sX    ÿü€ÿ  ÿþý€þ€ÿ  ÿ þ€ÿÿ"ÿz!ThreadedTests.test_check_hostnamez)test requires hostname_checks_common_namec CsVtƒ\}}}|js J‚d|_t|dd}|)|jt ¡|d}| t|jf¡Wdƒn1s3wYWdƒn1sBwYttƒ\}}}d|_t|dd}|H|jt ¡|d&}|  t j ¡| t|jf¡Wdƒn1s}wYWdƒn1sŒwYWdƒdSWdƒdS1s¤wYdS)NFTrHrk) r rðrÌrrºr=r>rÆr™rÇr ÚSSLCertVerificationErrorrÍr r r!ró/ s:    ÿþ€ÿ  ÿÿ€þÿ"ÿz.ThreadedTests.test_hostname_checks_common_namec Csüt tj¡}| t¡| d¡t}t tj¡}| t ¡t |dd}|O|j t   ¡|d-}|  t|jf¡| ¡}| |d¡| ¡d d¡}| |dd…d ¡Wdƒn1s_wYWdƒdSWdƒdS1swwYdS© NzECDHE:ECDSA:!NULL:!aRSATrHrkrIrú-r˜)ZECDHEZECDSA)r rarWrrœrKÚSIGNED_CERTFILE_ECC_HOSTNAMErVrŽÚSIGNED_CERTFILE_ECCrÌrrºr=r>rÆrr rÅÚsplit©r®ržrrŸrÅr½rQrÅr r r!Ú test_ecc_certG s*       ÿ úÿ"ÿzThreadedTests.test_ecc_certc Cst tj¡}| t¡tjj|_| d¡t }t tj ¡}|  t ¡|  t ¡t|dd}|O|jt ¡|d-}| t|jf¡| ¡}| |d¡| ¡d d¡}| |dd…d ¡Wdƒn1siwYWdƒdSWdƒdS1swYdSrO)r rarWrrœr r`r]rKrQrVrŽrRr–rÌrrºr=r>rÆrr rÅrSrTr r r!Útest_dual_rsa_ecc\ s.         ÿ úÿ"ÿzThreadedTests.test_dual_rsa_eccc Cs¸tjr tj d¡t tj¡}| t ¡t tj ¡}tj |_ d|_ | t¡gd¢}|D]U\}}t|dd}|A|jt ¡|d(}| |j|¡| t|jf¡| ¡}| |j|¡| |d¡Wdƒn1smwYWdƒn1s|wYq,t|dd}|H|jt ¡dd&}| tj¡| t|jf¡Wdƒn1s®wYWdƒn1s½wYWdƒdSWdƒdS1sÕwYdS)NrÌT))ukönig.idn.pythontest.netúxn--knig-5qa.idn.pythontest.net)rWrW)sxn--knig-5qa.idn.pythontest.netrW)u(königsgäßchen.idna2003.pythontest.netú.xn--knigsgsschen-lcb0w.idna2003.pythontest.net)rXrX)s.xn--knigsgsschen-lcb0w.idna2003.pythontest.netrX)ú.xn--knigsgchen-b4a3dun.idna2008.pythontest.netrY)s.xn--knigsgchen-b4a3dun.idna2008.pythontest.netrYrHrkrIzpython.example.org)rrsrqrtrur rarVrŽÚ IDNSANSFILErWr£rŒr‹rrœrÌrrºr¤r‡r=r>rÆrr rÇrS) r®rŸr’Z idn_hostnamesr‡Zexpected_hostnamerÅr½rQr r r!Útest_check_hostname_idnv sN        ÿú€ÿ€  ÿÿ€þÿ"ÿz%ThreadedTests.test_check_hostname_idnc CsDtƒ\}}}| t¡tj|_tjj|_t |ddd}|{|j t   ¡|dY}z |  t |jf¡WnAtjyP}ztjrFtj d|¡WYd}~n-d}~wtys}z|jtjkr^‚tjritj d|¡WYd}~n d}~ww| d¡Wdƒn1sƒwYWdƒdSWdƒdS1s›wYdS)zÇConnecting when the server rejects the client's certificate Launch a server with CERT_REQUIRED, and check that trying to connect to it with a wrong client certificate fails. Tr,rkú SSLError is %r Nú socket.error is %r ú'Use of invalid cert should have failed!)r rŽrÎr r£rŒr r`r]rÌrrºr=r>rÆr³rrsrqrtrurrArArö©r®ržrŸrrÅr½rfr r r!Útest_wrong_cert_tls12® s:   ÿ ÿÿ€ €ü €Pïz#ThreadedTests.test_wrong_cert_tls12rôc Csxtƒ\}}}| t¡tj|_tjj|_tjj|_t |ddd}||j t   ¡|ddm}|  t |jf¡z| d¡| d¡| d¡| d¡WnAtjyj}ztjr`tj d|¡WYd}~n-d}~wty}z|jtjkrx‚tjrƒtj d |¡WYd}~n d}~ww| d ¡Wdƒn1swYWdƒdSWdƒdS1sµwYdS) NTr,F©r‡Úsuppress_ragged_eofsódatarsshould have failed alreadyr\r]r^)r rŽrÎr r£rŒr rôrIrÌrrºr=r>rÆrurEr³rrsrqrtrrArArör_r r r!Útest_wrong_cert_tls13Ó sF    ÿ þÿ   € €ü €Pìz#ThreadedTests.test_wrong_cert_tls13cszt ¡‰t ¡‰t ¡‰t ˆt¡‰‡‡‡fdd„}‡‡‡‡fdd„}tj|d}| ¡z |ƒW| ¡dS| ¡w)ztA brutal shutdown of an SSL server should raise an OSError in the client when attempting handshake. cs8ˆ ¡ˆ ¡ˆ ¡\}}| ¡ˆ ¡ˆ ¡dSr)rrr4rF)ZnewsockrÝ)Ú listener_goneÚlistener_readyr½r r!Úlistener s   z2ThreadedTests.test_rude_shutdown..listenerc s†ˆ ¡t ¡1}| tˆf¡ˆ ¡zt|ƒ}Wn ty#Ynwˆ d¡WdƒdSWdƒdS1sr“rrö)rsr©)rerfrÆr®r r!Ú connector s   ÿ ø"úz3ThreadedTests.test_rude_shutdown..connector©ÚtargetN) rßr rºrrÂr>ràr r)r®rgrhr r )rerfrÆr½r®r!Útest_rude_shutdownõ s  z ThreadedTests.test_rude_shutdownc Cs6tjr tj d¡t tj¡}| t ¡t tj ¡}t |dd}|o|j t   ¡tdM}z | t|jf¡Wn:tjyq}z-d}| |tj¡| |jd¡| |j|¡| |t|ƒ¡| dt|ƒ¡WYd}~nd}~wwWdƒn1s|wYWdƒdSWdƒdS1s”wYdS)NrÌTrHrkz&unable to get local issuer certificater1r‘)rrsrqrtrur rarVrŽr–rWrÌrrºr‰r=r>rÆr³rrNr¤Z verify_codeZverify_messager{ry)r®rŸr’rÅr½rfrr r r!Útest_ssl_cert_verify_error s6      ÿ€ú€üÿ"ÿz(ThreadedTests.test_ssl_cert_verify_errorr\cCs²tjr tj d¡ttjtjdƒttjtjdtjƒttjtjdtj ƒttjtj dƒt dƒr9ttjtj dƒttjtj dƒttjtj dtjdttjtj dtjddS)z9Connecting to an SSLv2 server with various client optionsrÌTFr©rDN)rrsrqrtrurEr ÚPROTOCOL_SSLv2r¢r£rUrXÚPROTOCOL_SSLv3rr¨r©r­r r r!Útest_protocol_sslv25 s  ÿ  ÿz!ThreadedTests.test_protocol_sslv2c Cs¦tjr tj d¡tdƒr7z ttjtj dƒWnt y6}ztjr,tj dt |ƒ¡WYd}~nd}~wwtdƒrCttjtj dƒttjtjdƒtdƒrWttjtj dƒtdƒrettjtj dtjƒttjtjdtjƒtdƒr}ttjtj dtjƒtdƒr‹ttjtj dtjƒttjtjdtjƒtdƒr£ttjtj dtjƒtdƒr²ttjtj dtjd ttjtjdtjtjBd tdƒrÑttjtj dtjd dSdS) z:Connecting to an SSLv23 server with various client optionsrÌr\Tz; SSL2 client to SSL23 server test unexpectedly failed: %s NrFr)rC)rrsrqrtrurXrEr rUrnrrRrorr¢r£r¨r§r©)r®rÙr r r!Útest_PROTOCOL_TLSG sR ÿÿ€ý ÿ  ÿ  ÿÿzThreadedTests.test_PROTOCOL_TLSrcCsŒtjr tj d¡ttjtjdƒttjtjdtjƒttjtjdtj ƒt dƒr1ttjtj dƒttjtj dtj dttjtjdƒdS)z9Connecting to an SSLv3 server with various client optionsrÌrr\FrmN)rrsrqrtrurEr ror¢r£rXrnrUr¨rr­r r r!Útest_protocol_sslv3q s  ÿz!ThreadedTests.test_protocol_sslv3rcCs”tjr tj d¡ttjtjdƒttjtjdtjƒttjtjdtj ƒt dƒr1ttjtj dƒt dƒr=ttjtj dƒttjtj dtjddS)z8Connecting to a TLSv1 server with various client optionsrÌrr\FrrmN)rrsrqrtrurEr rr¢r£rXrnrorUr©r­r r r!Útest_protocol_tlsv1 s   ÿz!ThreadedTests.test_protocol_tlsv1rcCsœtjr tj d¡ttjtjdƒtdƒrttjtj dƒtdƒr)ttjtj dƒttjtj dtj dttj tjdƒttjtj dƒttj tjdƒdS)zjConnecting to a TLSv1.1 server with various client options. Testing against older TLS versions.rÌúTLSv1.1r\FrrmN)rrsrqrtrurEr rrXrnrorUr«r0r­r r r!Útest_protocol_tlsv1_1Ž s  ÿz#ThreadedTests.test_protocol_tlsv1_1r`cCsêtjr tj d¡ttjtjdtjtj Btjtj Bdt dƒr(ttjtj dƒt dƒr4ttjtj dƒttjtj dtjdttj tjdƒttjƒr\ttjtjdƒttjtjdƒttjƒrsttjtjdƒttjtjdƒdSdS) zjConnecting to a TLSv1.2 server with various client options. Testing against older TLS versions.rÌúTLSv1.2)rCrDr\FrrmN)rrsrqrtrurEr r0r¨r§rXrnrorUr¬r[rrr­r r r!Útest_protocol_tlsv1_2  s*    þ ÿ  þz#ThreadedTests.test_protocol_tlsv1_2c Cs¢d}ttdddd}d}|¹t ¡}| d¡| t|jf¡tjr)t j   d¡|D]j}tjr8t j   d|¡|rD|  |¡|  ¡}n |  |¡| d¡}| ¡ ¡}|dkro| d ¡rotjrht j   d |¡t|ƒ}d}q+|d krŠ| d ¡rŠtjrƒt j   d |¡| ¡}d}q+tjr•t j   d |¡q+tjrŸt j   d¡|r§|  d¡n|  d¡|r³| ¡n | ¡WdƒdSWdƒdS1sÊwYdS)z6Switching from clear text to encrypted and back again.)smsg 1sMSG 2rìsMSG 3smsg 4rîsmsg 5smsg 6T)r÷rêrùFrÌr.rËrìsokz/ client: read %r from server, starting TLS... rîz- client: read %r from server, ending TLS... z client: read %r from server r3r2N)rÌrÎrºrlr=r>rÆrrsrqrtrurEr!rrør¿rSr“rƒrF) r®ZmsgsrÅÚwrappedr½r;rr>rr r r!Ú test_starttls¸ stý  ÿ     ÿÿÿÿÿ€     Ò,"ÔzThreadedTests.test_starttlscCsüt|td}tjrtj d¡ttdƒ }|  ¡}Wdƒn1s#wYd}d|j t j   t¡df}tjtd}tjj||d }z+| ¡ d ¡}|rkt|ƒd krk|  t|ƒ¡}tjrktj d t|ƒ|f¡W| ¡n| ¡w| ||¡dS) z8Using socketserver to create and manage SSL connections.r;rÌÚrbNrzhttps://localhost:%d/%srÄ©r‚rÊzcontent-lengthrz/ client: read %d bytes from remote server '%s' )rÚr–rrsrqrtrurDrÎrErÆrrrSr rTrœÚurllibÚrequestÚurlopenÚinforˆrrYrFr¤)r®rÅrGrùrúÚurlr’Zdlenr r r!Útest_socketserverñ s2    ÿÿ  ÿÿ€zThreadedTests.test_socketserverc Cs&tjr tj d¡d}ttƒ}|xtt ¡ƒ}|  d|j f¡tjr+tj d|¡| |¡|  ¡}tjr?tj d|¡||  ¡kr^|  d|dd…t|ƒ|dd…  ¡t|ƒf¡| d ¡tjrltj d ¡| ¡tjrtj d ¡WdƒdSWdƒdS1sŒwYdS) z'Check the example asyncore integration.rÌrÊrðr.r/r0Nr1r2r3z client: connection closed. )rrsrqrtrurrÎr“rºr=rÆrEr¿rörYrF)r®r;rÅr½r>r r r!Útest_asyncore_server s@  ÿ  ÿÿÿ  ì"íz"ThreadedTests.test_asyncore_serverc sÊtjr tj d¡tttjtj tddd}|Ât t   ¡dtttjd‰ˆ  t |jf¡‡fdd„}‡fdd „}d ˆjdgtfd ˆjdd gtfd ˆjdgdd„fg}dˆjdgfdˆjdd gfd|dgfd|dgfg}d}|D]x\}}} } } || d¡} z<|| g| ¢RŽ} d |¡}|j| | | ƒ|dˆ ¡}||  ¡kr¹| dj||dd…t|ƒ| dd…t| ƒd¡Wqptyè}z"| rÍ| dj|d¡t|ƒ |¡sÞ| dj||d¡WYd}~qpd}~ww|D]m\}}} } || d¡} z+ˆ | ¡|| Ž}||  ¡kr"| d j||dd…t|ƒ| dd…t| ƒd¡WqëtyX}z(| r8| d!j|d¡t|ƒ |¡sJ| dj||d¡ˆ ¡WYd}~qëd}~wwd"}ˆ |¡tt|ƒƒ}| ˆ d#|¡t|ƒ¡| ||¡tdur–tj t|ƒ}| !|¡}ˆ |¡| ˆ ¡|¡| "t#ˆj$¡| "t#ˆj%d"g¡| "t#ˆj&d$¡| "t#ˆj'td$ƒg¡ˆ d%¡| "tˆjd#¡| "tˆjd#¡ˆ (¡WdƒdS1sÞwYdS)&z Test recv(), send() and friends.rÌTF©r rr rêrù©r†r„r‚rcstdƒ}ˆ |¡}|d|…S©Nsd)rÈr)Úbr£©r½r r!Ú _recv_into;s  z0ThreadedTests.test_recv_send.._recv_intocs"tdƒ}ˆ |¡\}}|d|…Sr…)rÈr )r†r£rÝr‡r r!Ú_recvfrom_into@s z4ThreadedTests.test_recv_send.._recvfrom_intor!r"z some.addressr½cSrOrr )rÙr r r!ÚIsz.ThreadedTests.test_recv_send..rrrr ZPREFIX_rVzsending with {}©rzpWhile sending with <<{name:s}>> bad data <<{outdata:r}>> ({nout:d}) received; expected <<{indata:r}>> ({nin:d}) Nr1)rr>Znoutr;Zninz>Failed to send with method <<{name:s}>>; expected to succeed. rzFMethod <<{name:s}>> failed with unexpected exception message: {exp:s} )rÚexpzrWhile receiving with <<{name:s}>> bad data <<{outdata:r}>> ({nout:d}) received; expected <<{indata:r}>> ({nin:d}) zAFailed to receive with method <<{name:s}>>; expected to succeed. rcrœrr2))rrsrqrtrurÌrÎr rŠrVr“rºr=r>rÆr!rYr"r½rrrfÚformatr¤rEr¿rör›rRrSrÈÚctypesZc_ubyteZfrom_buffer_copyrÇr#r$r%r&r'rF)r®rÅrˆr‰Z send_methodsZ recv_methodsZ data_prefixZ meth_nameZ send_methrBreZ ret_val_methr;rÁrr>rfZ recv_methrÊÚbufferZubyteZ bytesliker r‡r!Útest_recv_send(sê ûü  ý   üÿ   ûÿ€ ÿÿþÿ€ù  ûÿ€ ÿÿþÿ€ò       ÿ  $…zThreadedTests.test_recv_sendcCsÆttƒ}| ¡| |jdd¡t t|jf¡}| |j ¡t |dd}| |j ¡|  d¡|  |  d¡d¡|  | d¡d¡|  | ¡d¡| d¡|  |  d¡d¡|  | tƒ¡d¡dS)NF)rbrcrrË)rÌrÎr‹rErŒrºrkr>rÆrFr“r!r¤rrErlrrÈ)r®rÅr½r r r!Útest_recv_zero°s     zThreadedTests.test_recv_zerocs°tttjtjtddd}|@tt ¡dtttjd‰ˆ t|j f¡ˆ  d¡t dƒ‰‡‡fdd„}|  tj tjf|¡ˆ  d¡ˆ ¡WdƒdS1sQwYdS)NTFrƒr„i cs ˆ ˆ¡qr)r!r ©rÂr½r r!Ú fill_buffer×s ÿz8ThreadedTests.test_nonblocking_send..fill_buffer)rÌrÎr rŠrVr“rºr=r>rÆrlrÈrÇr•rmrF)r®rÅr“r r’r!Útest_nonblocking_sendÄs4ûü ÿÿ  "ìz#ThreadedTests.test_nonblocking_sendcst tj¡‰d}t ˆ¡}t ¡‰d‰‡‡‡fdd„}tj|d}| ¡ˆ ¡zYz t tj¡}|  d¡|  ||f¡|  t dt |¡W| ¡n| ¡wz t tj¡}t |ƒ}|  d¡|  t d|j ||f¡W| ¡n| ¡wWd‰| ¡ˆ ¡dSd‰| ¡ˆ ¡w) NrðFcsdˆ ¡ˆ ¡g}ˆs't ˆgggd¡\}}}ˆ|vr%| ˆ ¡d¡ˆr |D]}| ¡q)dS)Nr¶r)rrr”r§r4rF)ZconnsróÚwrfr©ZfinishrÅÚstartedr r!Úserveésû ÿz3ThreadedTests.test_handshake_timeout..serverir´z timed outT)rºrrrÂrßr ràr r r+r=rµrr“rFr)r®rdrÆr˜r rsr r–r!Útest_handshake_timeoutás@     ÿ   ÿ þ z$ThreadedTests.test_handshake_timeoutc sötƒ\}}}t tj¡‰d}t ˆ¡}|jˆdd‰| ˆj¡t  ¡‰d‰d‰‡‡‡‡fdd„}tj |d}|  ¡ˆ  ¡|jt ¡|d}|  ||f¡| d¡| ¡| ¡} | ¡| ¡ˆ ¡ˆ ¡| ˆtj¡| ˆ| ¡dS) NrðTr9cs0ˆ ¡ˆ ¡ˆ ¡\‰‰ˆ ˆ d¡¡dS)Nrü)rrr4r!rr ©ZevtZpeerZremoterÅr r!r˜s z/ThreadedTests.test_server_accept..serverirkrc)r rºrrrÂrr r†rßr ràr r r=r!rrqrFrrr r»r¤) r®r„r…rrdrÆr˜r r†Z client_addrr ršr!Útest_server_accepts4     ÿ z ThreadedTests.test_server_acceptc CóŠt tj¡}d|_| t ¡¡+}| t¡ }| ¡Wdƒn1s%wY|  |j j t j ¡WdƒdS1s>wYdSr) r rarWr‹rrºrÇrrr¤r@rAÚENOTCONN©r®r’rr6r r r!Útest_getpeercert_enotconn:ó   ÿ"ýz'ThreadedTests.test_getpeercert_enotconnc Crœr) r rarWr‹rrºrÇrrnr¤r@rArržr r r!Útest_do_handshake_enotconnBr z(ThreadedTests.test_do_handshake_enotconnc CsÖtƒ\}}}tjj|_| d¡| d¡t|d>}|jt ¡|d%}|  t ¡|  t |j f¡Wdƒn1s=wYWdƒn1sLwYWdƒn1s[wY| d|jd¡dS)NZAES128ÚAES256rÊrkzno shared cipherr)r r r r`r]rKrÌrrºrÇrr=r>rÆr{rérÍr r r!Útest_no_shared_ciphersJs"      ÿ ÿ€þ€ÿz$ThreadedTests.test_no_shared_ciphersc CsÚt tj¡}d|_tj|_tttjddN}|  t   ¡¡'}|  |  ¡d¡|  |j d¡| t|jf¡| |  ¡d¡Wdƒn1sGwY|  |j d¡|  |  ¡d¡WdƒdS1sfwYdS)zt Basic tests for SSLSocket.version(). More tests are done in the test_protocol_*() methods. F)rrêNúTLSv1.3)r rarWr‹rŠrŒrÌrÎrVrrºr¿r5r¹r=r>rÆr¤)r®r’rÅr½r r r!Útest_version_basicXs" þü"÷z ThreadedTests.test_version_basicc CsÀtƒ\}}}tjj|_t|dF}|jt ¡|d$}| t |j f¡|  |  ¡dhd£¡|  | ¡d¡Wdƒn1sAwYWdƒdSWdƒdS1sYwYdS)NrÊrkr>ZTLS_AES_256_GCM_SHA384ZTLS_AES_128_GCM_SHA256ZTLS_CHACHA20_POLY1305_SHA256r¤)r r r rôrIrÌrrºr=r>rÆr{rÅr¤r5rÍr r r!Ú test_tls1_3ks    ÿøÿ"ÿzThreadedTests.test_tls1_3c CsÆtƒ\}}}tjj|_tjj|_tjj|_tjj|_t|d:}|jt   ¡|d}|  t |j f¡|  | ¡d¡Wdƒn1sDwYWdƒdSWdƒdS1s\wYdS)NrÊrkrv)r r r rrIr`r]rÌrrºr=r>rÆr¤r5rÍr r r!Útest_min_max_version_tlsv1_2zs       ÿýÿ"ÿz*ThreadedTests.test_min_max_version_tlsv1_2c CsÐtƒ\}}}tjj|_tjj|_tjj|_tjj|_t||ƒt |d:}|j t   ¡|d}|  t |jf¡| | ¡d¡Wdƒn1sIwYWdƒdSWdƒdS1sawYdS)NrÊrkrt)r r r rrIr`r]rrNrÌrrºr=r>rÆr¤r5rÍr r r!Útest_min_max_version_tlsv1_1Œs"        ÿýÿ"ÿz*ThreadedTests.test_min_max_version_tlsv1_1c Csþtƒ\}}}tjj|_tjj|_tjj|_tjj|_t||ƒt|dQ}|j t   ¡|d/}|  tj ¡}|  t|jf¡Wdƒn1sHwY| dt|jƒ¡Wdƒn1s`wYWdƒdSWdƒdS1sxwYdS)NrÊrkZalert)r r r r`r]rIrrNrÌrrºrÇr³r=r>rÆr{rRr@r_r r r!Útest_min_max_version_mismatchs&        ÿÿüÿ"ÿz+ThreadedTests.test_min_max_version_mismatchc CsÆtƒ\}}}tjj|_tjj|_tjj|_t||ƒt|d:}|jt   ¡|d}|  t |j f¡|  | ¡d¡Wdƒn1sDwYWdƒdSWdƒdS1s\wYdS)NrÊrkr)r r r rrIr]rNrÌrrºr=r>rÆr¤r5rÍr r r!Útest_min_max_version_sslv3°s       ÿýÿ"ÿz(ThreadedTests.test_min_max_version_sslv3c Cs¬tƒ\}}}tjj|_t|d<}|jt ¡|d}| t |j f¡|  d|  ¡d¡Wdƒn1s7wYWdƒdSWdƒdS1sOwYdS)NrÊrkZECDHr) r r r r`r]rÌrrºr=r>rÆr{rÅrÍr r r!Útest_default_ecdh_curve¾s    ÿýÿ"ÿz%ThreadedTests.test_default_ecdh_curverurvc Cstjr tj d¡tƒ\}}}t|ddd}|ß|jt ¡|dS}|  t |j f¡|  d¡}tjrrÆrrrrÇr5r¤rYrErøryrfÚassertNotEqual) r®ržrŸrrÅr½Zcb_dataZpeer_data_reprZ new_cb_datar r r!rxÏsp  þþ ÿ     ÿìþ ÿÿ      ÿíç"çz-ThreadedTests.test_tls_unique_channel_bindingcCsRtƒ\}}}t||dd|d}tjrtj d |d¡¡| |dhd£¡dS)NT©rêrùr<z got compression: {!r} r4>NZZLIBZRLE) r r?rrsrqrtrurr{©r®ržrŸrrQr r r!Útest_compression s þzThreadedTests.test_compressionr>z*ssl.OP_NO_COMPRESSION needed for this testcCsRtƒ\}}}|jtjO_|jtjO_t||dd|d}| |dd¡dS)NTr¯r4)r r3r r>r?r¿r°r r r!Útest_compression_disableds þz'ThreadedTests.test_compression_disabledr-cCs–tƒ\}}}tjj|_| t¡| d¡tjj|_t||dd|d}|dd}|  d¡}d|vrEd|vrGd |vrI|  d |d¡dSdSdSdS) NZkEDHTr¯rÅrrPZADHZEDHZDHEzNon-DH cipher: ) r r r r`r]r/r0rKr?rSrö)r®ržrŸrrQrÅÚpartsr r r!Útest_dh_paramss     þ   ÿzThreadedTests.test_dh_paramscCsðtƒ\}}}| d¡| d¡tjj|_t||dd|d}tƒ\}}}| d¡| d¡tjj|_t||dd|d}tƒ\}}}| d¡| d¡| d¡tjj|_| tj ¡t||dd|dWdƒdS1sqwYdS)NZ secp384r1zECDHE:!eNULL:!aNULLTr¯r:) r r=rKr r r`rIr?rÇr³r°r r r!Útest_ecdh_curve0s6    þ    þ     þ"ÿzThreadedTests.test_ecdh_curvecCs2tƒ\}}}t||dd|d}| |dd¡dS)NTr¯r6)r r?r¿r°r r r!Útest_selected_alpn_protocolOs þz)ThreadedTests.test_selected_alpn_protocolcCs@tƒ\}}}| ddg¡t||dd|d}| |dd¡dS)Nr;ÚbarTr¯r6)r rr?r¿r°r r r!Ú/test_selected_alpn_protocol_if_server_uses_alpnWs þz=ThreadedTests.test_selected_alpn_protocol_if_server_uses_alpnc Csgd¢}ddgdfddgdfdgdfddgdfg}|D]j\}}tƒ\}}}| |¡| |¡z t||dd|d}WntjyO} z| }WYd} ~ nd} ~ wwd t|ƒt|ƒt|ƒf} |d } | | || | d f¡t|d ƒrx|d d nd} | | || | df¡qdS)N)r;r·Ú milkshaker;r·r¹zhttp/3.0zhttp/4.0Tr¯zKfailed trying %s (s) and %s (c). was expecting %s, but got %%s from the %%sr6r†r8rœZnothingrÅ)r rr?r r³rRr¤rY) r®Zserver_protocolsZprotocol_testsZclient_protocolsr¤ržrŸrrQrfrZ client_resultZ server_resultr r r!Útest_alpn_protocols`sL   ü     ü€ÿ ÿþ ÿ ÿÿ ÿéz!ThreadedTests.test_alpn_protocolscCstjrJ‚dSr)r ZHAS_NPNr­r r r!Útest_npn_protocols‚r¬z ThreadedTests.test_npn_protocolscCsLt tj¡}| t¡t tj¡}| t¡t tj¡}| t¡|||fSr) r rarVrŽr–r—rWrrœ)r®rŸÚ other_contextržr r r!Ú sni_contexts…s       zThreadedTests.sni_contextscCs"|d}| d|ff|d¡dS)Nr5r+r3)r{)r®rQrrQr r r!Úcheck_common_nameŽszThreadedTests.check_common_namecsÊg‰| ¡\}‰}d|_‡‡fdd„}| |¡t||ddd}| ˆd|fg¡| |d¡g‰t||ddd}| ˆd|fg¡| |t¡g‰| d¡t||ddd}| |t¡| ˆg¡dS) NFcs$ˆ ||f¡|durˆ|_dSdSr)r§r’r¨©Zcallsr¼r r!r«˜s ÿz6ThreadedTests.test_sni_callback..servername_cbTÚ supermessage©rêr<r:Znotfunny)r½r‹rBr?r¤r¾r‰)r®rŸržr«rQr r¿r!rC’s4 þ þ  þ zThreadedTests.test_sni_callbackcCsp| ¡\}}}dd„}| |¡| tj¡}t||ddd}Wdƒn1s)wY| |jjd¡dS)NcSstjSr)r ZALERT_DESCRIPTION_ACCESS_DENIEDr¨r r r!Úcb_returning_alert¾szAThreadedTests.test_sni_callback_alert..cb_returning_alertFrÀrÁZTLSV1_ALERT_ACCESS_DENIED) r½rBrÇr r³r?r¤r@ri)r®rŸr¼ržrÂr6rQr r r!Útest_sni_callback_alertºs þÿz%ThreadedTests.test_sni_callback_alertc Cóª| ¡\}}}dd„}| |¡t ¡7}| tj¡}t||ddd}Wdƒn1s.wY| |j j d¡| |j j t ¡WdƒdS1sNwYdS)NcSs dddS)NrÄrr r¨r r r!Ú cb_raisingËr¾z;ThreadedTests.test_sni_callback_raising..cb_raisingFrÀrÁZSSLV3_ALERT_HANDSHAKE_FAILURE)r½rBrÚcatch_unraisable_exceptionrÇr r³r?r¤r@riÚ unraisableÚexc_typeÚZeroDivisionError)r®rŸr¼ržrÅÚcatchr6rQr r r!Útest_sni_callback_raisingÇs  þÿ ÿ"øz'ThreadedTests.test_sni_callback_raisingc CrÄ)NcSr )Nr;r r¨r r r!Úcb_wrong_return_typeÞrPzOThreadedTests.test_sni_callback_wrong_return_type..cb_wrong_return_typeFrÀrÁZTLSV1_ALERT_INTERNAL_ERROR)r½rBrrÆrÇr r³r?r¤r@rirÇrÈr¶)r®rŸr¼ržrÌrÊr6rQr r r!Ú#test_sni_callback_wrong_return_typeÙs  þÿ"øz1ThreadedTests.test_sni_callback_wrong_return_typec s†tƒ\}}}| d¡| d¡gd¢}t|||d}|dd}| t|ƒd¡|D]\‰}}t‡fdd„|Dƒƒs@| ˆ¡q+dS) Nz AES128:AES256z AES256:eNULL)r¢zAES-256Z TLS_CHACHA20ZTLS_AES©r<r9rc3s|]}|ˆvVqdSrr )râZalgrr r!rãûräz4ThreadedTests.test_shared_ciphers..)r rKr?Ú assertGreaterrYÚanyrö) r®ržrŸrZ expected_algsrQrƒZ tls_versionÚbitsr rr!Útest_shared_ciphersìs   ÿ  €þz!ThreadedTests.test_shared_cipherscCsŒtƒ\}}}t|dd}|.|jt ¡|d}| t|jf¡| ¡| t |j d¡| t |j d¡WdƒdS1s?wYdS)NFrHrkrËshello) r rÌrrºr=r>rÆrFrÇr›rErurÍr r r!Ú,test_read_write_after_close_raises_valuerrorþs   ÿ"ùz:ThreadedTests.test_read_write_after_close_raises_valuerrorc Cs&d}ttjdƒ }| |¡Wdƒn1swY| tjtj¡tƒ\}}}t|dd}|V|jt   ¡|d4}|  t |j f¡ttjdƒ}|  |¡| | d¡|¡Wdƒn1sewYWdƒn1stwYWdƒdSWdƒdS1sŒwYdS)NsxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxÚwbFrHrkrzrË)rDrÚTESTFNrurEÚunlinkr rÌrrºr=r>rÆÚsendfiler¤r) r®Z TEST_DATArGržrŸrrÅr½Úfiler r r!Ú test_sendfile s, ÿ   ÿ þ€ýÿ"ÿzThreadedTests.test_sendfilec Cs0tƒ\}}}tjj|_t|||d}|d}| |j¡| |j d¡| |j d¡| |j ¡| |j d¡|  |d¡| ¡}| |dd¡| |dd¡t||||d}| ¡}| |dd ¡| |dd¡| |d¡|d}| |j|j¡| ||¡| ||¡| |j |j ¡| |j |j ¡t|||d}|  |d¡|d}| |j|j¡| ||¡| ¡}| |dd ¡| |dd¡t||||d}| |d¡|d} | | j|j¡| | |¡| | j |j ¡| | j |j ¡| ¡}| |dd ¡| |dd ¡dS) NrÎr-rr7r4rÄr5)r-r<r˜rrü)r r r r`r]r?r ÚidrÏryr-Z has_ticketZticket_lifetime_hintrír7r¤Z assertIsNotrr®) r®ržrŸrrQr-Z sess_statZsession2Zsession3Zsession4r r r!Ú test_sessionsd  ÿ  ÿ  ÿ ÿ zThreadedTests.test_sessionc Cs¨tƒ\}}}tƒ\}}}tjj|_tjj|_t|dd}|*|jt ¡|dG}| |j d¡| |j d¡|  t |j f¡|j }| |¡| t¡ } t|_ Wdƒn1s[wY| t| jƒd¡Wdƒn1sswY|jt ¡|d1}|  t |j f¡| t¡ } ||_ Wdƒn1swY| t| jƒd¡Wdƒn1sµwY|jt ¡|d*}||_ |  t |j f¡| |j j|j¡| |j |¡| |j d¡Wdƒn1sðwY|jt ¡|d2}| t¡} ||_ |  t |j f¡Wdƒn 1swY| t| jƒd¡Wdƒn1s4wYWdƒdSWdƒdS1sMwYdS)NFrHrkzValue is not a SSLSession.z#Cannot set session after handshake.Tz)Session refers to a different SSLContext.)r r r r`r]rÌrrºr¤r-r7r=r>rÆr rÇr¶r+rRr@r›rÚ) r®ržrŸrZclient_context2r‡rÅr½r-rfr r r!Útest_session_handlingSsr      ÿ  ÿö ÿ ÿ ÿú ÿø ÿ þ ÿ úà $àz#ThreadedTests.test_session_handlingN)ErÏrÐrÑrGrKrMrXrdrÓr rñrórUrVr[r`rmrdrkrlrprqrrrsrurwryrr‚rr‘r”r™r›rŸr¡r£r¥r¦rÒr§r¨r©rªr«rÔrxr±rJr²rcrdr´rµr¶r¸rºr»r½r¾rCrÃrËrÍrÒrÓrÙrÛrÜr r r r!rF” s¨,$(!ÿ 8% !) *    9 1(    ÿ : ÿ   " (   9rFrôzTest needs TLS 1.3c@sdeZdZdd„Zdd„Zdd„Zdd„Zd d „Zd d „Zd d„Z dd„Z dd„Z dd„Z dd„Z dS)ÚTestPostHandshakeAuthcCs¼tjtjg}|D]S}t |¡}| |jd¡d|_| |jd¡tj|_| |jtj¡| |jd¡d|_| |jtj¡| |jd¡tj|_d|_| |jtj¡| |jd¡qdSrÛ) r rVrWrar¤Úpost_handshake_authr£rŒr¢)r®r5rZrMr r r!Útest_pha_setterˆs$ÿ îz%TestPostHandshakeAuth.test_pha_setterc CsHtƒ\}}}d|_tj|_d|_| t¡t|dd}|}|jt   ¡|d[}|  t |j f¡|  d¡| | d¡d¡|  d¡| | d¡d ¡|  d¡| | d¡d ¡|  d¡| | d¡d ¡|  d ¡| d ¡ d ¡}| d|¡Wdƒn1s…wYWdƒdSWdƒdS1swYdS)NTFrHrkròrËrôrñrírórõirïr6)r rÞr r£rŒrŽr–rÌrrºr=r>rÆrur¤rrgr{)r®ržrŸrrÅr½Z cert_textr r r!Útest_pha_required s6    ÿ     òÿ"ÿz'TestPostHandshakeAuth.test_pha_requiredc Cs tƒ\}}}d|_tj|_d|_dd„}||_||_t|dd}|d|jt ¡|ddA}|  t |j f¡|  d¡|  tjd¡| d ¡}| |d ¡|  d ¡| d ¡Wdƒn1sbwYWdƒn1sqwYWdƒdSWdƒdS1s‰wYdS) NTcSs@tjr|tjkr||||||f}tj d|›d¡dSdSdS)NzTLS: rÌ)rrsr ZALERTrqrtru)rÚ directionr5Ú content_typeÚmsg_typerÊrr r r!Úmsg_cb¿sþz>TestPostHandshakeAuth.test_pha_required_nocert..msg_cbrHFrarñz#(certificate required|EOF occurred)rËrírò)r rÞr r£rŒÚ _msg_callbackrÌrrºr=r>rÆrurµr³rr¤)r®ržrŸrrärÅr½rÊr r r!Útest_pha_required_nocert¹s<   þ þ    ô€ùÿ"ÿz.TestPostHandshakeAuth.test_pha_required_nocertc Cs tjr tj d¡tƒ\}}}d|_tj|_ d|_|  t ¡tj |_ t |dd}|\|jt ¡|d:}| t|jf¡| d¡| | d¡d¡| d ¡| | d¡d ¡| d¡| | d¡d ¡Wdƒn1sqwYWdƒdSWdƒdS1s‰wYdS) NrÌTFrHrkròrËrôrñríró)rrsrqrtrur rÞr r£rŒrŽr–r¢rÌrrºr=r>rÆr¤rrÍr r r!Útest_pha_optionalÞs2     ÿ   øÿ"ÿz'TestPostHandshakeAuth.test_pha_optionalc Cstjr tj d¡tƒ\}}}d|_tj|_ d|_t |dd}|\|j t   ¡|d:}|  t|jf¡| d¡| | d¡d¡| d ¡| | d¡d ¡| d¡| | d¡d¡Wdƒn1shwYWdƒdSWdƒdS1s€wYdS) NrÌTFrHrkròrËrôrñrí)rrsrqrtrur rÞr r¢rŒrÌrrºr=r>rÆr¤rrÍr r r!Útest_pha_optional_nocertös.    ÿ   ÷ÿ"ÿz.TestPostHandshakeAuth.test_pha_optional_nocertc Csþtƒ\}}}d|_tj|_| t¡t|dd}|[|jt   ¡|d9}|  t |j f¡|  tjd¡ | ¡Wdƒn1sCwY| d¡| d| d¡¡Wdƒn1s`wYWdƒdSWdƒdS1sxwYdS) NTFrHrkz not serverrñsextension not receivedrË)r rÞr r£rŒrŽr–rÌrrºr=r>rÆrµr³rúrur{rrÍr r r!Útest_pha_no_pha_client s(    ÿ ÿ úÿ"ÿz,TestPostHandshakeAuth.test_pha_no_pha_clientc Cstƒ\}}}tj|_d|_| t¡t|dd}|\|jt   ¡|d:}|  t |j f¡|  d¡| | d¡d¡|  d¡| | d¡d ¡|  d¡| | d¡d¡Wdƒn1sawYWdƒdSWdƒdS1sywYdS) NTFrHrkròrËrórñrí)r r r£rŒrÞrŽr–rÌrrºr=r>rÆrur¤rrÍr r r!Útest_pha_no_pha_servers*    ÿ   ÷ÿ"ÿz,TestPostHandshakeAuth.test_pha_no_pha_serverc CsÒtƒ\}}}tj|_tjj|_d|_| t ¡t |dd}|@|j t   ¡|d}|  t|jf¡| d¡| d| d¡¡Wdƒn1sJwYWdƒdSWdƒdS1sbwYdS)NTFrHrkrñsWRONG_SSL_VERSIONrË)r r r£rŒr r`r]rÞrŽr–rÌrrºr=r>rÆrur{rrÍr r r!Útest_pha_not_tls130s$     ÿ ûÿ"ÿz(TestPostHandshakeAuth.test_pha_not_tls13c CsHt}t tj¡}d|_| t¡d|_tj|_ t tj ¡}| t¡|  t ¡d|_tj |_ t|dd}|d|jt ¡|dB}| t|jf¡| d¡| | d¡d¡| d¡| | d¡d ¡| d¡| | d¡d ¡| | ¡i¡Wdƒn1s…wYWdƒdSWdƒdS1swYdS) NTFrHrkròrËrôrñríró)r‰r rarWrÞrŽr–r‹rŠrŒrVrrœr£rÌrrºr=r>rÆrur¤rr)r®rržrŸrÅr½r r r!Útest_bpo37428_pha_cert_noneAs:       ÿ   öÿ"ÿz1TestPostHandshakeAuth.test_bpo37428_pha_cert_nonec CsÊtdd\}}}t|dd}|Ë|jt ¡|d©}| t|jf¡|j ¡}|  t |ƒd¡|\}}|j  ¡} |  t | ƒd¡|  || d¡|  t |ƒt | dƒ¡|  t |ƒt | dƒ¡| ||¡| t |ƒt |ƒ¡| t |ƒt |ƒ¡| | ¡| ¡¡| dt |ƒ¡| d t |ƒ¡| tj¡} | tj¡} | | t¡| d | ¡| | t¡|  t | ¡| ¡Wdƒn1sÆwYWdƒdSWdƒdS1sÞwYdS) NFr”rHrkr˜rÄrz CN=localhostzCN=our-ca-serverz-----BEGIN CERTIFICATE-----)r rÌrrºr=r>rÆr¹rûr¤rYrýÚhashryr®Zget_infor{Z public_bytesr±Z ENCODING_PEMZ ENCODING_DERrrRrr rõ) r®ržrŸrrÅr½ZvcÚeeÚcaZuvcrørLr r r!Útest_internal_chain_client`sJ ÿ þ         ÿåÿ"ÿz0TestPostHandshakeAuth.test_internal_chain_clientc Csðtƒ\}}}| t¡tj|_tjj|_t |dd}|R|j t   ¡|d0}|  t |jf¡| d¡| d¡}| |d¡| d¡| d¡}| |d¡Wdƒn1sYwYWdƒdSWdƒdS1sqwYdS)NFrHrksVERIFIEDCHAIN rËs sUNVERIFIEDCHAIN )r rŽr–r r£rŒr r`r]rÌrrºr=r>rÆrurr¤)r®ržrŸrrÅr½Úresr r r!Útest_internal_chain_server…s,    þ     öÿ"ÿz0TestPostHandshakeAuth.test_internal_chain_serverN)rÏrÐrÑrßràrærçrèrérêrërìrðròr r r r!r݆s% %rÝÚkeylog_filenamez0test requires OpenSSL 1.1.1 with keylog callbackc@sŠeZdZejfdd„Zee e d¡dd„ƒƒZ ee e d¡dd„ƒƒZ ee e j jd¡e e d¡d d „ƒƒƒZd d „Zd d„Zdd„ZdS)Ú TestSSLDebugcCs8t|ƒ}tt|ƒƒWdƒS1swYdSr)rDrYrŽ)r®ZfnamerGr r r!Ú keylog_lines s  $ÿzTestSSLDebug.keylog_linesr-cCs | tjtj¡t tj¡}| |jd¡|  t j   tj¡¡tj|_| |jtj¡|  t j   tj¡¡| | ¡d¡d|_| |jd¡| ttf¡t j  t j  tj¡¡|_Wdƒn1sewY| t¡ d|_WdƒdS1s~wYdS)NrÄ)rErrÖrÕr rarWr¤rórírrÚisfiler rõrÇÚIsADirectoryErrorÚPermissionErrorrÚabspathr¶rÞr r r!Útest_keylog_defaults¤s$  ÿþ "ÿz!TestSSLDebug.test_keylog_defaultsc CsØ| tjtj¡tƒ\}}}tj|_t|dd}|)|jt ¡|d}|  t |j f¡Wdƒn1s7wYWdƒn1sFwY|  |  ¡d¡d|_tj|_t|dd}|)|jt ¡|d}|  t |j f¡Wdƒn1swYWdƒn1sŽwY| |  ¡d¡tj|_tj|_t|dd}|)|jt ¡|d}|  t |j f¡Wdƒn1sÈwYWdƒn1s×wY| |  ¡d¡d|_d|_dS)NFrHrkr}é é)rErrÖrÕr rórÌrrºr=r>rÆr¤rõrrÍr r r!Útest_keylog_filename¼sT   ÿþ€ÿ  ÿþ€ÿ  ÿþ€ÿ z!TestSSLDebug.test_keylog_filenamez.test is not compatible with ignore_environmentcCs°| tjtj¡tjj tj ¡>tjtj d<|  tj dtj¡t   t j ¡}|  |jd¡t  ¡}|  |jtj¡t  ¡}|  |jtj¡WdƒdS1sQwYdS)NZ SSLKEYLOGFILE)rErrÖrÕrdZmockrÚdictrÚenvironr¤r rarWrórTrVrÞr r r!Útest_keylog_envàs  "õzTestSSLDebug.test_keylog_envcCsntƒ\}}}dd„}| |jd¡||_| |j|¡| t¡ tƒ|_WdƒdS1s0wYdS)NcSrOrr ©rrár5rârãrÊr r r!räörPz.TestSSLDebug.test_msg_callback..msg_cb)r r¿rårÇr¶r+)r®ržrŸrrär r r!Útest_msg_callbackós   "ÿzTestSSLDebug.test_msg_callbackc sØtƒ\}}}tjj|_g‰‡‡fdd„}||_t|dd}|)|jt ¡|d}|  t |j f¡Wdƒn1s.msg_cbFrHrkrEru)r r r r`r]rårÌrrºr=r>rÆr{r Z HANDSHAKEr ZSERVER_KEY_EXCHANGEZCHANGE_CIPHER_SPEC)r®ržrŸrrärÅr½r rr!Útest_msg_callback_tls12ÿs6    ÿþ€ÿ ÿý ÿýz$TestSSLDebug.test_msg_callback_tls12c stƒ\}}}tƒd‰dd„}‡fdd„}||_||_t|dd}|S|jt ¡|d}| t|jf¡Wdƒn1s@wY|jt ¡|d}| t|jf¡Wdƒn1sawYWdƒdSWdƒdS1sywYdS) NrÄcSrOrr rr r r!rä"rPz@TestSSLDebug.test_msg_callback_deadlock_bpo43577..msg_cbcs ˆ|_dSrrÊr?©Zserver_context2r r!Úsni_cb%rz@TestSSLDebug.test_msg_callback_deadlock_bpo43577..sni_cbFrHrk) r råZ sni_callbackrÌrrºr=r>rÆ)r®ržrŸrrärrÅr½r rr!Ú#test_msg_callback_deadlock_bpo43577s.     ÿþ ÿþü"üz0TestSSLDebug.test_msg_callback_deadlock_bpo43577N)rÏrÐrÑrrÕrõÚrequires_keylogrdrcrdrúrýrqÚflagsÚignore_environmentrrrrr r r r!rôžs"    " ÿ  rôc Cs | tjtjt ddd¡¡dS)NÚiirÄr)Ú setsockoptrºÚ SOL_SOCKETÚ SO_LINGERÚstructÚpack)rr r r!Ú)set_socket_so_linger_on_with_zero_timeout5s rc@sBeZdZdZGdd„dejƒZdd„Zdd„Zdd „Z d d „Z d S) ÚTestPreHandshakeClosezQVerify behavior of close sockets with received data before to the handshake. csFeZdZddœ‡fdd„ Zdd„Zdd„Z‡fd d „Zd d „Z‡ZS) z6TestPreHandshakeClose.SingleConnectionTestServerThreadN)r-csH||_d|_d|_d|_d|_|durtj|_n||_tƒj |ddS)NrËr) Úcall_after_acceptÚ received_dataÚ wrap_errorrgrÆrr»r-Úsuperrá)r®rrr-©r*r r!rá?s z?TestPreHandshakeClose.SingleConnectionTestServerThread.__init__cCs | ¡|Sr)r r­r r r!r‹Ksz@TestPreHandshakeClose.SingleConnectionTestServerThread.__enter__cGs:z |jr |j ¡Wn tyYnw| ¡d|_dSr)rgrFrrrrr r r!rŒOs € ÿ z?TestPreHandshakeClose.SingleConnectionTestServerThread.__exit__csxt tjj¡|_tj|j_|jjtd|jj tt dt   ¡|_ t  |j ¡|_|j  |j¡|j  d¡tƒ ¡dS)Nr{r<rÄ)r rTrªr¬Ússl_ctxr£rŒrrrŽrrºrgrrÂrÆr+r-rrr r­rr r!r Xs   z.call_after_acceptZpreauth_data_to_tls_server©rrFsDELETE /data HTTP/1.0 rËúbefore TLS handshake with datarÄrúattr must existr‹)rßr rr‹rErŒrºr=rgrqrrlr r!rFrrrr¤rrrr"r r³r{rerir®rwrh)r®rrÅr†rr r$r!Útest_preauth_data_to_tls_server’sDþ     ø   ÿz5TestPreHandshakeClose.test_preauth_data_to_tls_serverc s’t ¡‰t ¡‰‡‡fdd„}|j|dd}| ¡| |j¡t|jƒt ¡N}|  |j  ¡¡ˆ  ¡ˆ  t j¡sA| d¡t ¡}z |j|dd}Wntyd}z |}d}WYd}~nd}~wwd}| d ¡}| ¡Wdƒn1szwY| ¡z@| d|¡| |t¡| |¡| |tj¡| d |jd ¡| d |j¡| d |jd ¡|j|j d dWd}d}dSd}d}w)Ncs:ˆ tj¡s tdƒt|ƒ| d¡| ¡ˆ ¡dS)Nz ERROR: test client took too longsWHTTP/1.0 307 Temporary Redirect Location: https://example.com/someone-elses-server T)r rr»rÿrr!rFr©Zconn_to_client©Z$client_can_continue_with_wrap_socketZ$server_can_continue_with_wrap_socketr r!rÃs ÿzPTestPreHandshakeClose.test_preauth_data_to_tls_client..call_after_acceptZpreauth_data_to_tls_clientr%ztest server took too longr,rkrËrr&rÄrr'r‹)!rßr rr‹rErŒrrgrºr=rqrr rr»rör rTrrrrFrr¤rr"r³r{rerir®rwrh) r®rrÅr†rZ tls_clientr"rrr r*r!Útest_preauth_data_to_tls_client¿sXþ      ÿ€þ €ð   ÿz5TestPreHandshakeClose.test_preauth_data_to_tls_clientcsÐt ¡‰G‡fdd„dtjjƒ}‡fdd„}d}|j|d|d}| ¡| |j¡t |j ƒ||j   ¡d|j t  ¡|d }| t¡|jd d d d id| ¡}Wdƒn1s]wY| ¡dS)NcseZdZ‡fdd„ZdS)zeTestPreHandshakeClose.test_https_client_non_tls_response_ignored..SynchronizedHTTPSConnectioncsFtjj |¡ˆ tj¡stjrtj   d¡|j j |j |jd|_ dS)Nz"server_responding event never set.rk)Úhttpr†ZHTTPConnectionr=r rr»rsrqrtruZ_contextrrrdr­©Zserver_respondingr r!r=ÿs   ÿzmTestPreHandshakeClose.test_https_client_non_tls_response_ignored..SynchronizedHTTPSConnection.connectN)rÏrÐrÑr=r r-r r!ÚSynchronizedHTTPSConnectionþsr.cs&t|ƒ| d¡| ¡ˆ ¡dS)Ns!HTTP/1.0 402 Payment Required T)rr!rFrr)r-r r!r sÿz[TestPreHandshakeClose.test_https_client_non_tls_response_ignored..call_after_acceptg@Znon_tls_http_RST_responder)rrr-r)rÆr’r-ZHEADz/testZHostr,)Zheaders)rßr r,r†ZHTTPSConnectionrr‹rErŒrrgrqrÆr rTrÇrr}Z getresponser)r®r.rr-rÅÚ connectionÚresponser r-r!Ú*test_https_client_non_tls_response_ignoredûs.  ý   ü  þ z@TestPreHandshakeClose.test_https_client_non_tls_response_ignoredN) rÏrÐrÑrÏrßràrr"r(r+r1r r r r!r9s<- rr_Zget_config_varrr@rÁÚverrTròr"rÎÚfsencoderrrrrrrrrrr)rôrÏrLr–r‰rÐr—r˜rRrQrœrñrZr™ršrÔrrr?r3rÑrêrÙr0r1r>r?r@rArBrHrNr[Ú lru_cacherXrmrwrZignore_warningsrÒrŠr“r ZTestCaser¡rÖrerrr‚r‰Zrequires_resourcerÑr¥r²Ztest.ssl_serversrÚràrÌrr?rErFrÓrÝraZ HAS_KEYLOGrrôrrr7rÏÚmainr r r r!Ús†        ÿ   þ        ÿ       óñ          (ÿ þ3C6?0t  #v þ1 ÿN} ÿz # ÿ